summaryrefslogtreecommitdiffstats
path: root/pki/base/migrate
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/migrate')
-rw-r--r--pki/base/migrate/41ToTxt/classes/CMS41LdifParser.classbin0 -> 9562 bytes
-rw-r--r--pki/base/migrate/41ToTxt/classes/Main.classbin0 -> 1615 bytes
-rwxr-xr-xpki/base/migrate/41ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/41ToTxt/run.sh191
-rw-r--r--pki/base/migrate/41ToTxt/src/Main.java464
-rwxr-xr-xpki/base/migrate/41ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/41ToTxt/src/compile.sh150
-rw-r--r--pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.classbin0 -> 9028 bytes
-rw-r--r--pki/base/migrate/42SP2ToTxt/classes/Main.classbin0 -> 1552 bytes
-rwxr-xr-xpki/base/migrate/42SP2ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/42SP2ToTxt/run.sh205
-rw-r--r--pki/base/migrate/42SP2ToTxt/src/Main.java467
-rwxr-xr-xpki/base/migrate/42SP2ToTxt/src/compile.bat152
-rwxr-xr-xpki/base/migrate/42SP2ToTxt/src/compile.sh174
-rw-r--r--pki/base/migrate/42ToTxt/classes/CMS42LdifParser.classbin0 -> 9562 bytes
-rw-r--r--pki/base/migrate/42ToTxt/classes/Main.classbin0 -> 1615 bytes
-rwxr-xr-xpki/base/migrate/42ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/42ToTxt/run.sh205
-rw-r--r--pki/base/migrate/42ToTxt/src/Main.java467
-rwxr-xr-xpki/base/migrate/42ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/42ToTxt/src/compile.sh168
-rw-r--r--pki/base/migrate/45ToTxt/classes/CMS45LdifParser.classbin0 -> 9025 bytes
-rw-r--r--pki/base/migrate/45ToTxt/classes/Main.classbin0 -> 1518 bytes
-rwxr-xr-xpki/base/migrate/45ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/45ToTxt/run.sh196
-rw-r--r--pki/base/migrate/45ToTxt/src/Main.java469
-rwxr-xr-xpki/base/migrate/45ToTxt/src/compile.bat152
-rwxr-xr-xpki/base/migrate/45ToTxt/src/compile.sh159
-rw-r--r--pki/base/migrate/47ToTxt/classes/CMS47LdifParser.classbin0 -> 10672 bytes
-rw-r--r--pki/base/migrate/47ToTxt/classes/Main.classbin0 -> 1517 bytes
-rwxr-xr-xpki/base/migrate/47ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/47ToTxt/run.sh205
-rw-r--r--pki/base/migrate/47ToTxt/src/Main.java578
-rwxr-xr-xpki/base/migrate/47ToTxt/src/compile.bat152
-rwxr-xr-xpki/base/migrate/47ToTxt/src/compile.sh174
-rw-r--r--pki/base/migrate/60ToTxt/classes/CMS60LdifParser.classbin0 -> 9019 bytes
-rw-r--r--pki/base/migrate/60ToTxt/classes/Main.classbin0 -> 1518 bytes
-rwxr-xr-xpki/base/migrate/60ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/60ToTxt/run.sh199
-rw-r--r--pki/base/migrate/60ToTxt/src/Main.java475
-rwxr-xr-xpki/base/migrate/60ToTxt/src/compile.bat152
-rwxr-xr-xpki/base/migrate/60ToTxt/src/compile.sh164
-rw-r--r--pki/base/migrate/61ToTxt/classes/CMS61LdifParser.classbin0 -> 9117 bytes
-rw-r--r--pki/base/migrate/61ToTxt/classes/Main.classbin0 -> 1497 bytes
-rwxr-xr-xpki/base/migrate/61ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/61ToTxt/run.sh202
-rw-r--r--pki/base/migrate/61ToTxt/src/Main.java483
-rwxr-xr-xpki/base/migrate/61ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/61ToTxt/src/compile.sh160
-rw-r--r--pki/base/migrate/62ToTxt/classes/CMS62LdifParser.classbin0 -> 9117 bytes
-rw-r--r--pki/base/migrate/62ToTxt/classes/Main.classbin0 -> 1497 bytes
-rwxr-xr-xpki/base/migrate/62ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/62ToTxt/run.sh202
-rw-r--r--pki/base/migrate/62ToTxt/src/Main.java483
-rwxr-xr-xpki/base/migrate/62ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/62ToTxt/src/compile.sh160
-rw-r--r--pki/base/migrate/63ToTxt/classes/CMS63LdifParser.classbin0 -> 8978 bytes
-rw-r--r--pki/base/migrate/63ToTxt/classes/Main.classbin0 -> 1501 bytes
-rwxr-xr-xpki/base/migrate/63ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/63ToTxt/run.sh202
-rw-r--r--pki/base/migrate/63ToTxt/src/Main.java483
-rwxr-xr-xpki/base/migrate/63ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/63ToTxt/src/compile.sh160
-rw-r--r--pki/base/migrate/70ToTxt/classes/CMS70LdifParser.classbin0 -> 8978 bytes
-rw-r--r--pki/base/migrate/70ToTxt/classes/Main.classbin0 -> 1501 bytes
-rwxr-xr-xpki/base/migrate/70ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/70ToTxt/run.sh202
-rw-r--r--pki/base/migrate/70ToTxt/src/Main.java483
-rwxr-xr-xpki/base/migrate/70ToTxt/src/compile.bat152
-rwxr-xr-xpki/base/migrate/70ToTxt/src/compile.sh160
-rw-r--r--pki/base/migrate/71ToTxt/classes/CMS71LdifParser.classbin0 -> 8978 bytes
-rw-r--r--pki/base/migrate/71ToTxt/classes/Main.classbin0 -> 1501 bytes
-rwxr-xr-xpki/base/migrate/71ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/71ToTxt/run.sh202
-rw-r--r--pki/base/migrate/71ToTxt/src/Main.java483
-rwxr-xr-xpki/base/migrate/71ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/71ToTxt/src/compile.sh160
-rw-r--r--pki/base/migrate/72ToTxt/classes/CMS72LdifParser.classbin0 -> 9200 bytes
-rw-r--r--pki/base/migrate/72ToTxt/classes/Main.classbin0 -> 1513 bytes
-rwxr-xr-xpki/base/migrate/72ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/72ToTxt/run.sh158
-rw-r--r--pki/base/migrate/72ToTxt/src/Main.java485
-rwxr-xr-xpki/base/migrate/72ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/72ToTxt/src/compile.sh139
-rw-r--r--pki/base/migrate/73ToTxt/classes/CMS73LdifParser.classbin0 -> 9188 bytes
-rw-r--r--pki/base/migrate/73ToTxt/classes/Main.classbin0 -> 1505 bytes
-rwxr-xr-xpki/base/migrate/73ToTxt/run.bat192
-rwxr-xr-xpki/base/migrate/73ToTxt/run.sh157
-rw-r--r--pki/base/migrate/73ToTxt/src/Main.java485
-rwxr-xr-xpki/base/migrate/73ToTxt/src/compile.bat150
-rwxr-xr-xpki/base/migrate/73ToTxt/src/compile.sh138
-rw-r--r--pki/base/migrate/80/MigrateSecurityDomain.classbin0 -> 6951 bytes
-rw-r--r--pki/base/migrate/80/MigrateSecurityDomain.java222
-rw-r--r--pki/base/migrate/80/readme29
-rw-r--r--pki/base/migrate/80/schema-add.ldif50
-rw-r--r--pki/base/migrate/CMakeLists.txt36
-rw-r--r--pki/base/migrate/LICENSE291
-rw-r--r--pki/base/migrate/TpsTo80/Makefile36
-rwxr-xr-xpki/base/migrate/TpsTo80/linux/migrateTPSData.i386bin0 -> 10408 bytes
-rwxr-xr-xpki/base/migrate/TpsTo80/linux/migrateTPSData.x86_64bin0 -> 12616 bytes
-rw-r--r--pki/base/migrate/TpsTo80/migrateTPSData.c501
-rw-r--r--pki/base/migrate/TpsTo80/readme44
-rwxr-xr-xpki/base/migrate/TpsTo80/solaris/migrateTPSData.sol9sparcbin0 -> 15712 bytes
-rw-r--r--pki/base/migrate/TxtTo60/classes/CMS60LdifParser.classbin0 -> 12047 bytes
-rw-r--r--pki/base/migrate/TxtTo60/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo60/classes/Main.classbin0 -> 1518 bytes
-rwxr-xr-xpki/base/migrate/TxtTo60/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo60/run.sh193
-rw-r--r--pki/base/migrate/TxtTo60/src/Main.java630
-rwxr-xr-xpki/base/migrate/TxtTo60/src/compile.bat154
-rwxr-xr-xpki/base/migrate/TxtTo60/src/compile.sh166
-rw-r--r--pki/base/migrate/TxtTo61/classes/CMS61LdifParser.classbin0 -> 12150 bytes
-rw-r--r--pki/base/migrate/TxtTo61/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo61/classes/Main.classbin0 -> 1497 bytes
-rwxr-xr-xpki/base/migrate/TxtTo61/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo61/run.sh196
-rw-r--r--pki/base/migrate/TxtTo61/src/Main.java644
-rwxr-xr-xpki/base/migrate/TxtTo61/src/compile.bat152
-rwxr-xr-xpki/base/migrate/TxtTo61/src/compile.sh162
-rw-r--r--pki/base/migrate/TxtTo62/classes/CMS62LdifParser.classbin0 -> 12355 bytes
-rw-r--r--pki/base/migrate/TxtTo62/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo62/classes/Main.classbin0 -> 1497 bytes
-rwxr-xr-xpki/base/migrate/TxtTo62/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo62/run.sh196
-rw-r--r--pki/base/migrate/TxtTo62/src/Main.java655
-rwxr-xr-xpki/base/migrate/TxtTo62/src/compile.bat152
-rwxr-xr-xpki/base/migrate/TxtTo62/src/compile.sh162
-rw-r--r--pki/base/migrate/TxtTo70/classes/CMS70LdifParser.classbin0 -> 12270 bytes
-rw-r--r--pki/base/migrate/TxtTo70/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo70/classes/Main.classbin0 -> 1501 bytes
-rwxr-xr-xpki/base/migrate/TxtTo70/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo70/run.sh196
-rw-r--r--pki/base/migrate/TxtTo70/src/Main.java655
-rwxr-xr-xpki/base/migrate/TxtTo70/src/compile.bat154
-rwxr-xr-xpki/base/migrate/TxtTo70/src/compile.sh162
-rw-r--r--pki/base/migrate/TxtTo71/classes/CMS71LdifParser.classbin0 -> 12270 bytes
-rw-r--r--pki/base/migrate/TxtTo71/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo71/classes/Main.classbin0 -> 1501 bytes
-rwxr-xr-xpki/base/migrate/TxtTo71/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo71/run.sh196
-rw-r--r--pki/base/migrate/TxtTo71/src/Main.java655
-rwxr-xr-xpki/base/migrate/TxtTo71/src/compile.bat152
-rwxr-xr-xpki/base/migrate/TxtTo71/src/compile.sh162
-rw-r--r--pki/base/migrate/TxtTo72/classes/CMS72LdifParser.classbin0 -> 12186 bytes
-rw-r--r--pki/base/migrate/TxtTo72/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo72/classes/Main.classbin0 -> 1513 bytes
-rwxr-xr-xpki/base/migrate/TxtTo72/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo72/run.sh152
-rw-r--r--pki/base/migrate/TxtTo72/src/Main.java659
-rwxr-xr-xpki/base/migrate/TxtTo72/src/compile.bat152
-rwxr-xr-xpki/base/migrate/TxtTo72/src/compile.sh141
-rw-r--r--pki/base/migrate/TxtTo73/classes/CMS73LdifParser.classbin0 -> 12166 bytes
-rw-r--r--pki/base/migrate/TxtTo73/classes/DummyAuthManager.classbin0 -> 1187 bytes
-rw-r--r--pki/base/migrate/TxtTo73/classes/Main.classbin0 -> 1505 bytes
-rwxr-xr-xpki/base/migrate/TxtTo73/run.bat186
-rwxr-xr-xpki/base/migrate/TxtTo73/run.sh152
-rw-r--r--pki/base/migrate/TxtTo73/src/Main.java659
-rwxr-xr-xpki/base/migrate/TxtTo73/src/compile.bat152
-rwxr-xr-xpki/base/migrate/TxtTo73/src/compile.sh141
-rw-r--r--pki/base/migrate/TxtTo80/classes/CS80LdifParser.classbin0 -> 8187 bytes
-rw-r--r--pki/base/migrate/TxtTo80/classes/Main.classbin0 -> 1626 bytes
-rwxr-xr-xpki/base/migrate/TxtTo80/run.sh394
-rw-r--r--pki/base/migrate/TxtTo80/src/Main.java559
-rwxr-xr-xpki/base/migrate/TxtTo80/src/compile.sh345
-rw-r--r--pki/base/migrate/build.xml437
-rwxr-xr-xpki/base/migrate/kra/RecoverKey.classbin0 -> 3566 bytes
-rwxr-xr-xpki/base/migrate/kra/RecoverKey.java101
-rwxr-xr-xpki/base/migrate/kra/RecoverPin.classbin0 -> 5029 bytes
-rwxr-xr-xpki/base/migrate/kra/RecoverPin.java149
-rwxr-xr-xpki/base/migrate/kra/readme.txt130
170 files changed, 27981 insertions, 0 deletions
diff --git a/pki/base/migrate/41ToTxt/classes/CMS41LdifParser.class b/pki/base/migrate/41ToTxt/classes/CMS41LdifParser.class
new file mode 100644
index 000000000..b787984a2
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/classes/CMS41LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/41ToTxt/classes/Main.class b/pki/base/migrate/41ToTxt/classes/Main.class
new file mode 100644
index 000000000..87854eb4d
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/41ToTxt/run.bat b/pki/base/migrate/41ToTxt/run.bat
new file mode 100755
index 000000000..35a5fda9f
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 4.1 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 4.1 ldif text file.
+REM
+REM This subsequent normalized CMS 4.1 ldif text file
+REM can be migrated into CMS 6.0 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 4.1 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms41
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\base\jre\bin;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\bin\jssjava.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar;%SERVER_ROOT%\bin\base\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/41ToTxt/run.sh b/pki/base/migrate/41ToTxt/run.sh
new file mode 100755
index 000000000..390195ea1
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/run.sh
@@ -0,0 +1,191 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 4.1 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 4.1 ldif text file. ###
+### ###
+### This subsequent normalized CMS 4.1 ldif text file ###
+### can be migrated into CMS 6.0 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 4.1 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms41
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.1"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform (SunOS)
+###
+
+LD_LIBRARY_PATH=${SERVER_ROOT}/bin/base/jre/lib:${SERVER_ROOT}/bin/base/jre/lib/sparc/native_threads
+export LD_LIBRARY_PATH
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/bin/jssjava -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar:${SERVER_ROOT}/bin/base/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/41ToTxt/src/Main.java b/pki/base/migrate/41ToTxt/src/Main.java
new file mode 100644
index 000000000..758d725a9
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/src/Main.java
@@ -0,0 +1,464 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// "41ToTxt/src/Main.java" represents the initial CMS "ToTxt" migration file.
+//
+// Always comment any new code sections with a "CMS 4.1" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import com.netscape.jss.*; // CMS 4.1/4.2/4.2 (SP 2)
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.1/4.2/4.2 (SP 2)
+ CryptoManager.initialize("./secmod.db", "./key3.db", "./cert7.db");
+ // load JSS provider in CMS 4.1/4.2/4.2 (SP 2)
+ java.security.Security.removeProvider("Netscape version 1.4");
+ java.security.Security.removeProvider("SunRsaSign version 1.0");
+// java.security.Security.insertProviderAt(
+// new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS41LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS41LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS41LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS41LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestattributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS41LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS41LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) {
+ com.netscape.certsrv.base.ArgBlock o =
+ (com.netscape.certsrv.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) {
+ com.netscape.certsrv.dbs.keydb.KeyRecord o =
+ (com.netscape.certsrv.dbs.keydb.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) {
+ com.netscape.certsrv.kra.ProofOfArchival o =
+ (com.netscape.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/41ToTxt/src/compile.bat b/pki/base/migrate/41ToTxt/src/compile.bat
new file mode 100755
index 000000000..fd92f3fb7
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "41ToTxt/classes/Main.class" and
+REM "41ToTxt/classes/CMS41LdifParser.class" which are
+REM used to create a normalized CMS 4.1 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 41ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms41
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 4.1 NOTE: "WINNT" - 1.1.6
+REM
+
+REM SET JDK_VERSION=CMS_4.1
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 41ToTxt - create "CMS41LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\lib\classes.zip;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/41ToTxt/src/compile.sh b/pki/base/migrate/41ToTxt/src/compile.sh
new file mode 100755
index 000000000..968190ff2
--- /dev/null
+++ b/pki/base/migrate/41ToTxt/src/compile.sh
@@ -0,0 +1,150 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "41ToTxt/classes/Main.class" and ###
+### "41ToTxt/classes/CMS41LdifParser.class" which are ###
+### used to create a normalized CMS 4.1 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 41ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms41
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 4.1 NOTE: "SunOS" - 1.1.6
+###
+
+#JDK_VERSION=CMS_4.1
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.1"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform (SunOS)
+###
+
+LD_LIBRARY_PATH=${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+export LD_LIBRARY_PATH
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 41ToTxt - create "CMS41LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/lib/classes.zip:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar Main.java
+
diff --git a/pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.class b/pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.class
new file mode 100644
index 000000000..dbf8a1170
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/42SP2ToTxt/classes/Main.class b/pki/base/migrate/42SP2ToTxt/classes/Main.class
new file mode 100644
index 000000000..d881f3560
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/42SP2ToTxt/run.bat b/pki/base/migrate/42SP2ToTxt/run.bat
new file mode 100755
index 000000000..ec2a5d6ff
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 4.2 (SP 2) ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 4.2 (SP 2) ldif text file.
+REM
+REM This subsequent normalized CMS 4.2 (SP 2) ldif text file
+REM can be migrated into CMS 6.0 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 4.2 (SP 2) ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms43
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.2 (SP 2)"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss21.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/42SP2ToTxt/run.sh b/pki/base/migrate/42SP2ToTxt/run.sh
new file mode 100755
index 000000000..79a203700
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/run.sh
@@ -0,0 +1,205 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 4.2 (SP 2) ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 4.2 (SP 2) ldif text file. ###
+### ###
+### This subsequent normalized CMS 4.2 (SP 2) ldif text file ###
+### can be migrated into CMS 6.0 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 4.2 (SP 2) ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms43
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.2 (SP 2)"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "AIX" ] ; then
+ LIBPATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/aix/native_threads
+ export LIBPATH
+elif [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+elif [ ${OS_NAME} = "OSF1" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/alpha/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss21.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/42SP2ToTxt/src/Main.java b/pki/base/migrate/42SP2ToTxt/src/Main.java
new file mode 100644
index 000000000..1a324d8ee
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/src/Main.java
@@ -0,0 +1,467 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "42SP2ToTxt/src/Main.java" is based upon a copy "42ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 4.2 (SP 2)" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 42ToTxt/src/Main.java 42SP2ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import com.netscape.jss.*; // CMS 4.1/4.2/4.2 (SP 2)
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.1/4.2/4.2 (SP 2)
+ CryptoManager.initialize("./secmod.db", "./key3.db", "./cert7.db");
+ // load JSS provider in CMS 4.1/4.2/4.2 (SP 2)
+ java.security.Security.removeProvider("Netscape version 1.4");
+ java.security.Security.removeProvider("SunRsaSign version 1.0");
+// java.security.Security.insertProviderAt(
+// new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS42SP2LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS42SP2LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS42SP2LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS42SP2LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestattributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS42SP2LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS42SP2LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) {
+ com.netscape.certsrv.base.ArgBlock o =
+ (com.netscape.certsrv.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) {
+ com.netscape.certsrv.dbs.keydb.KeyRecord o =
+ (com.netscape.certsrv.dbs.keydb.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) {
+ com.netscape.certsrv.kra.ProofOfArchival o =
+ (com.netscape.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/42SP2ToTxt/src/compile.bat b/pki/base/migrate/42SP2ToTxt/src/compile.bat
new file mode 100755
index 000000000..5b6c11566
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "42SP2ToTxt/classes/Main.class" and
+REM "42SP2ToTxt/classes/CMS42SP2LdifParser.class" which are
+REM used to create a normalized CMS 4.2 (SP 2) ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 42SP2ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms43
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 4.2 (SP 2) NOTE: "WINNT" - 1.3.0
+REM
+REM CMS 4.2 (SP 2) CONSOLE NOTE: "WINNT" - 1.1.7A
+REM
+
+REM SET JDK_VERSION=CMS_4.3
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.2 (SP 2)"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 42SP2ToTxt - create "CMS42SP2LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss21.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/42SP2ToTxt/src/compile.sh b/pki/base/migrate/42SP2ToTxt/src/compile.sh
new file mode 100755
index 000000000..26aa6140b
--- /dev/null
+++ b/pki/base/migrate/42SP2ToTxt/src/compile.sh
@@ -0,0 +1,174 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "42SP2ToTxt/classes/Main.class" and ###
+### "42SP2ToTxt/classes/CMS42SP2LdifParser.class" which are ###
+### used to create a normalized CMS 4.2 (SP 2) ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 42SP2ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms42sp2
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "AIX", "HP-UX", "Linux", "OSF1", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 4.2 (SP 2) NOTE: "AIX" - 1.3.0
+### "HP-UX" - 1.3.0.00
+### "Linux" - 1.3.0
+### "OSF1" - 1.3.0-1
+### "SunOS" - 1.3.0
+###
+### CMS 4.2 (SP 2) CONSOLE NOTE: "AIX" - 1.1.6_10
+### "HP-UX" - 1.1.6
+### "Linux" - 1.1.7
+### "OSF1" - 1.1.6
+### "SunOS" - 1.1.6
+###
+
+#JDK_VERSION=CMS_4.3
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.2 (SP 2)"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "AIX" ] ; then
+ LIBPATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/aix/native_threads
+ export LIBPATH
+elif [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+elif [ ${OS_NAME} = "OSF1" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/alpha/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 42SP2ToTxt - create "CMS42SP2LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss21.jar Main.java
+
diff --git a/pki/base/migrate/42ToTxt/classes/CMS42LdifParser.class b/pki/base/migrate/42ToTxt/classes/CMS42LdifParser.class
new file mode 100644
index 000000000..81c20523c
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/classes/CMS42LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/42ToTxt/classes/Main.class b/pki/base/migrate/42ToTxt/classes/Main.class
new file mode 100644
index 000000000..7a75e96c0
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/42ToTxt/run.bat b/pki/base/migrate/42ToTxt/run.bat
new file mode 100755
index 000000000..43300869c
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 4.2 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 4.2 ldif text file.
+REM
+REM This subsequent normalized CMS 4.2 ldif text file
+REM can be migrated into CMS 6.0 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 4.2 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms42
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\jre.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/42ToTxt/run.sh b/pki/base/migrate/42ToTxt/run.sh
new file mode 100755
index 000000000..3172159f1
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/run.sh
@@ -0,0 +1,205 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 4.2 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 4.2 ldif text file. ###
+### ###
+### This subsequent normalized CMS 4.2 ldif text file ###
+### can be migrated into CMS 6.0 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 4.2 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms42
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.2"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "AIX" ] ; then
+ LIBPATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/aix/native_threads
+ export LIBPATH
+elif [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+elif [ ${OS_NAME} = "OSF1" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/alpha/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/jre -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/42ToTxt/src/Main.java b/pki/base/migrate/42ToTxt/src/Main.java
new file mode 100644
index 000000000..55e64df08
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/src/Main.java
@@ -0,0 +1,467 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "42ToTxt/src/Main.java" is based upon a copy "41ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 4.2" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 41ToTxt/src/Main.java 42ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import com.netscape.jss.*; // CMS 4.1/4.2/4.2 (SP 2)
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.1/4.2/4.2 (SP 2)
+ CryptoManager.initialize("./secmod.db", "./key3.db", "./cert7.db");
+ // load JSS provider in CMS 4.1/4.2/4.2 (SP 2)
+ java.security.Security.removeProvider("Netscape version 1.4");
+ java.security.Security.removeProvider("SunRsaSign version 1.0");
+// java.security.Security.insertProviderAt(
+// new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS42LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS42LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS42LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS42LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestattributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS42LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS42LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) {
+ com.netscape.certsrv.base.ArgBlock o =
+ (com.netscape.certsrv.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) {
+ com.netscape.certsrv.dbs.keydb.KeyRecord o =
+ (com.netscape.certsrv.dbs.keydb.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) {
+ com.netscape.certsrv.kra.ProofOfArchival o =
+ (com.netscape.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/42ToTxt/src/compile.bat b/pki/base/migrate/42ToTxt/src/compile.bat
new file mode 100755
index 000000000..20ca0ebb5
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "42ToTxt/classes/Main.class" and
+REM "42ToTxt/classes/CMS42LdifParser.class" which are
+REM used to create a normalized CMS 4.2 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 42ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms42
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 4.2 NOTE: "WINNT" - 1.1.7A
+REM
+
+REM SET JDK_VERSION=CMS_4.2
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 42ToTxt - create "CMS42LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\lib\classes.zip;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/42ToTxt/src/compile.sh b/pki/base/migrate/42ToTxt/src/compile.sh
new file mode 100755
index 000000000..e8acf71bf
--- /dev/null
+++ b/pki/base/migrate/42ToTxt/src/compile.sh
@@ -0,0 +1,168 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "42ToTxt/classes/Main.class" and ###
+### "42ToTxt/classes/CMS42LdifParser.class" which are ###
+### used to create a normalized CMS 4.2 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 42ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms42
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "AIX", "HP-UX", "Linux", "OSF1", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 4.2 NOTE: "AIX" - 1.1.6_10
+### "HP-UX" - 1.1.6
+### "Linux" - 1.1.7
+### "OSF1" - 1.1.6
+### "SunOS" - 1.1.6
+###
+
+#JDK_VERSION=CMS_4.2
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.2"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "AIX" ] ; then
+ LIBPATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/aix/native_threads
+ export LIBPATH
+elif [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+elif [ ${OS_NAME} = "OSF1" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/alpha/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 42ToTxt - create "CMS42LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/lib/classes.zip:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar Main.java
+
diff --git a/pki/base/migrate/45ToTxt/classes/CMS45LdifParser.class b/pki/base/migrate/45ToTxt/classes/CMS45LdifParser.class
new file mode 100644
index 000000000..75d4ab47c
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/classes/CMS45LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/45ToTxt/classes/Main.class b/pki/base/migrate/45ToTxt/classes/Main.class
new file mode 100644
index 000000000..a1f3e91c2
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/45ToTxt/run.bat b/pki/base/migrate/45ToTxt/run.bat
new file mode 100755
index 000000000..8dfb4e77c
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 4.5 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 4.5 ldif text file.
+REM
+REM This subsequent normalized CMS 4.5 ldif text file
+REM can be migrated into CMS 6.0 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 4.5 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms45
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.5"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/45ToTxt/run.sh b/pki/base/migrate/45ToTxt/run.sh
new file mode 100755
index 000000000..f19a550d5
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/run.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 4.5 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 4.5 ldif text file. ###
+### ###
+### This subsequent normalized CMS 4.5 ldif text file ###
+### can be migrated into CMS 6.0 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 4.5 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms45
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.5"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/45ToTxt/src/Main.java b/pki/base/migrate/45ToTxt/src/Main.java
new file mode 100644
index 000000000..916ca9cd1
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/src/Main.java
@@ -0,0 +1,469 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "45ToTxt/src/Main.java" is based upon a copy "42SP2ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 4.5" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 42SP2ToTxt/src/Main.java 45ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS45LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS45LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS45LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS45LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestattributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS45LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS45LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) {
+ com.netscape.certsrv.base.ArgBlock o =
+ (com.netscape.certsrv.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) {
+ com.netscape.certsrv.dbs.keydb.KeyRecord o =
+ (com.netscape.certsrv.dbs.keydb.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) {
+ com.netscape.certsrv.kra.ProofOfArchival o =
+ (com.netscape.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/45ToTxt/src/compile.bat b/pki/base/migrate/45ToTxt/src/compile.bat
new file mode 100755
index 000000000..11abbf103
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "45ToTxt/classes/Main.class" and
+REM "45ToTxt/classes/CMS45LdifParser.class" which are
+REM used to create a normalized CMS 4.5 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 45ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms45
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 4.5 NOTE: "WINNT" - 1.3.0
+REM
+REM CMS 4.5 CONSOLE NOTE: "WINNT" - 1.1.7A
+REM
+
+REM SET JDK_VERSION=CMS_4.5
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.5"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 45ToTxt - create "CMS45LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/45ToTxt/src/compile.sh b/pki/base/migrate/45ToTxt/src/compile.sh
new file mode 100755
index 000000000..a08eea1b7
--- /dev/null
+++ b/pki/base/migrate/45ToTxt/src/compile.sh
@@ -0,0 +1,159 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "45ToTxt/classes/Main.class" and ###
+### "45ToTxt/classes/CMS45LdifParser.class" which are ###
+### used to create a normalized CMS 4.5 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 45ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms45
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "Linux" or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 4.5 NOTE: "Linux" - 1.3.0
+### "SunOS" - 1.3.0
+###
+### CMS 4.5 CONSOLE NOTE: "Linux" - 1.1.7
+### "SunOS" - 1.1.6
+###
+
+#JDK_VERSION=CMS_4.5
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.5"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 45ToTxt - create "CMS45LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/47ToTxt/classes/CMS47LdifParser.class b/pki/base/migrate/47ToTxt/classes/CMS47LdifParser.class
new file mode 100644
index 000000000..79d1bc12d
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/classes/CMS47LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/47ToTxt/classes/Main.class b/pki/base/migrate/47ToTxt/classes/Main.class
new file mode 100644
index 000000000..7ee99ee96
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/47ToTxt/run.bat b/pki/base/migrate/47ToTxt/run.bat
new file mode 100755
index 000000000..e658ab410
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 4.7 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 4.7 ldif text file.
+REM
+REM This subsequent normalized CMS 4.7 ldif text file
+REM can be migrated into CMS 6.0 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 4.7 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms47
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.7"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/47ToTxt/run.sh b/pki/base/migrate/47ToTxt/run.sh
new file mode 100755
index 000000000..35a41bc90
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/run.sh
@@ -0,0 +1,205 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 4.7 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 4.7 ldif text file. ###
+### ###
+### This subsequent normalized CMS 4.7 ldif text file ###
+### can be migrated into CMS 6.0 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 4.7 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms47
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.7"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "AIX" ] ; then
+ LIBPATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/aix/native_threads
+ export LIBPATH
+elif [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+elif [ ${OS_NAME} = "OSF1" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/alpha/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/47ToTxt/src/Main.java b/pki/base/migrate/47ToTxt/src/Main.java
new file mode 100644
index 000000000..194c277f1
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/src/Main.java
@@ -0,0 +1,578 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "47ToTxt/src/Main.java" is based upon a copy "42SP2ToTxt/src/Main.java"
+// with additional material provided from "45ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 4.7" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following commands:
+//
+// diff 42SP2ToTxt/src/Main.java 47ToTxt/src/Main.java
+// diff 45ToTxt/src/Main.java 47ToTxt/src/Main.java
+//
+// NOTE: The "47ToTxt/src/Main.java" file will differ substantially
+// from the "42SP2ToTxt/src/Main.java" and "45ToTxt/src/Main.java"
+// files upon which it was based due to the changes that were
+// necessary to change "iplanet" to "netscape".
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import iplanet.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new iplanet.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS47LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS47LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS47LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS47LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS47LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS47LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ String data_type = null;
+ String translation = null;
+ if (obj instanceof String) {
+ data_type = obj.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ System.out.println(" " +
+ key + ":" + translation + "=" +
+ obj);
+ } else if (obj instanceof iplanet.security.x509.CertificateX509Key) {
+ iplanet.security.x509.CertificateX509Key o =
+ (iplanet.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.CertificateX509Key" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.CertificateSubjectName) {
+ iplanet.security.x509.CertificateSubjectName o =
+ (iplanet.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.CertificateSubjectName" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.CertificateExtensions) {
+ iplanet.security.x509.CertificateExtensions o =
+ (iplanet.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.CertificateExtensions" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.X509CertInfo) {
+ iplanet.security.x509.X509CertInfo o =
+ (iplanet.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.X509CertInfo" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.X509CertImpl) {
+ iplanet.security.x509.X509CertImpl o =
+ (iplanet.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.X509CertImpl" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.CertificateChain) {
+ iplanet.security.x509.CertificateChain o =
+ (iplanet.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.CertificateChain" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.X509CertImpl[]) {
+ iplanet.security.x509.X509CertImpl o[] =
+ (iplanet.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.X509CertImpl" +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof iplanet.security.x509.X509CertInfo[]) {
+ iplanet.security.x509.X509CertInfo o[] =
+ (iplanet.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.X509CertInfo" + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof iplanet.security.x509.RevokedCertImpl[]) {
+ iplanet.security.x509.RevokedCertImpl o[] =
+ (iplanet.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "netscape.security.x509.RevokedCertImpl" +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ data_type = o[i].getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + translation +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.iplanet.certsrv.base.ArgBlock) {
+ com.iplanet.certsrv.base.ArgBlock o =
+ (com.iplanet.certsrv.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.base.ArgBlock" + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.iplanet.certsrv.dbs.keydb.KeyRecord) {
+ com.iplanet.certsrv.dbs.keydb.KeyRecord o =
+ (com.iplanet.certsrv.dbs.keydb.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ data_type = ob.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.dbs.keydb.KeyRecord" + "=" +
+ k + ":" + translation + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ data_type = ob.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.dbs.keydb.KeyRecord" + "=" +
+ k + ":" + translation + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ data_type = ob.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.dbs.keydb.KeyRecord" + "=" +
+ k + ":" + translation + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.iplanet.certsrv.kra.ProofOfArchival) {
+ com.iplanet.certsrv.kra.ProofOfArchival o =
+ (com.iplanet.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.kra.ProofOfArchival" + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.iplanet.certsrv.request.AgentApprovals) {
+ com.iplanet.certsrv.request.AgentApprovals o =
+ (com.iplanet.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.iplanet.certsrv.request.AgentApproval approval = (com.iplanet.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ "com.netscape.certsrv.request.AgentApprovals" + ":" + "com.netscape.certsrv.request.AgentApprovals" + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.iplanet.certsrv.authentication.AuthToken) {
+ com.iplanet.certsrv.authentication.AuthToken o =
+ (com.iplanet.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ data_type = ob.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":" + translation + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ data_type = o.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + translation + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ data_type = ob.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":" + translation + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof iplanet.security.x509.CertificateAlgorithmId) {
+ iplanet.security.x509.CertificateAlgorithmId o =
+ (iplanet.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof iplanet.security.x509.CertificateValidity) {
+ iplanet.security.x509.CertificateValidity o =
+ (iplanet.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ data_type = o.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + translation + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ data_type = obj.getClass().getName();
+ if( data_type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + data_type.substring( 7 );
+ } else if( data_type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + data_type.substring( 11 );
+ } else {
+ translation = data_type;
+ }
+ System.out.println(" " +
+ key + ":" + translation + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/47ToTxt/src/compile.bat b/pki/base/migrate/47ToTxt/src/compile.bat
new file mode 100755
index 000000000..553beca5c
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "47ToTxt/classes/Main.class" and
+REM "47ToTxt/classes/CMS47LdifParser.class" which are
+REM used to create a normalized CMS 4.7 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 47ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms47
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 4.7 NOTE: "WINNT" - 1.3.0
+REM
+REM CMS 4.7 CONSOLE NOTE: "WINNT" - 1.1.7A
+REM
+
+REM SET JDK_VERSION=CMS_4.7
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 4.7"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 47ToTxt - create "CMS47LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/47ToTxt/src/compile.sh b/pki/base/migrate/47ToTxt/src/compile.sh
new file mode 100755
index 000000000..8d91b4491
--- /dev/null
+++ b/pki/base/migrate/47ToTxt/src/compile.sh
@@ -0,0 +1,174 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "47ToTxt/classes/Main.class" and ###
+### "47ToTxt/classes/CMS47LdifParser.class" which are ###
+### used to create a normalized CMS 4.7 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 47ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms47
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "AIX", "HP-UX", "Linux", "OSF1", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 4.7 NOTE: "AIX" - 1.3.0
+### "HP-UX" - 1.3.0.00
+### "Linux" - 1.3.0
+### "OSF1" - 1.3.0-1
+### "SunOS" - 1.3.0
+###
+### CMS 4.7 CONSOLE NOTE: "AIX" - 1.1.6_10
+### "HP-UX" - 1.1.6
+### "Linux" - 1.1.7
+### "OSF1" - 1.1.6
+### "SunOS" - 1.1.6
+###
+
+#JDK_VERSION=CMS_4.7
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 4.7"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "AIX" ] ; then
+ LIBPATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/aix/native_threads
+ export LIBPATH
+elif [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+elif [ ${OS_NAME} = "OSF1" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/alpha/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 47ToTxt - create "CMS47LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/60ToTxt/classes/CMS60LdifParser.class b/pki/base/migrate/60ToTxt/classes/CMS60LdifParser.class
new file mode 100644
index 000000000..f3ff43045
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/classes/CMS60LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/60ToTxt/classes/Main.class b/pki/base/migrate/60ToTxt/classes/Main.class
new file mode 100644
index 000000000..6d0d3dcd3
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/60ToTxt/run.bat b/pki/base/migrate/60ToTxt/run.bat
new file mode 100755
index 000000000..cc24fd214
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 6.0/6.01 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 6.0/6.01 ldif text file.
+REM
+REM This subsequent normalized CMS 6.0/6.01 ldif text file
+REM can be migrated into CMS 6.0/6.01 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 6.0/6.01 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms601
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/60ToTxt/run.sh b/pki/base/migrate/60ToTxt/run.sh
new file mode 100755
index 000000000..d41d65294
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/run.sh
@@ -0,0 +1,199 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 6.0/6.01 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 6.0/6.01 ldif text file. ###
+### ###
+### This subsequent normalized CMS 6.0/6.01 ldif text file ###
+### can be migrated into CMS 6.0/6.01 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 6.0/6.01 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms601
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/60ToTxt/src/Main.java b/pki/base/migrate/60ToTxt/src/Main.java
new file mode 100644
index 000000000..380baab99
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/src/Main.java
@@ -0,0 +1,475 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "60ToTxt/src/Main.java" is based upon a copy "45ToTxt/src/Main.java"
+// with additional material provided from "47ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 6.0" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following commands:
+//
+// diff 45ToTxt/src/Main.java 60ToTxt/src/Main.java
+// diff 47ToTxt/src/Main.java 60ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS60LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS60LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS60LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS60LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS60LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS60LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) {
+ com.netscape.certsrv.base.ArgBlock o =
+ (com.netscape.certsrv.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) {
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.cmscore.kra.ProofOfArchival o =
+ (com.netscape.cmscore.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/60ToTxt/src/compile.bat b/pki/base/migrate/60ToTxt/src/compile.bat
new file mode 100755
index 000000000..8c8b122c0
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "60ToTxt/classes/Main.class" and
+REM "60ToTxt/classes/CMS60LdifParser.class" which are
+REM used to create a normalized CMS 6.0/6.01 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 60ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms601
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.0 NOTE: "WINNT" - 1.3.1_02
+REM
+REM CMS 6.01 NOTE: "WINNT" - 1.3.1_02
+REM
+
+REM SET JDK_VERSION=CMS_6.01
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 60ToTxt - create "CMS60LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/60ToTxt/src/compile.sh b/pki/base/migrate/60ToTxt/src/compile.sh
new file mode 100755
index 000000000..5641688bb
--- /dev/null
+++ b/pki/base/migrate/60ToTxt/src/compile.sh
@@ -0,0 +1,164 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "60ToTxt/classes/Main.class" and ###
+### "60ToTxt/classes/CMS60LdifParser.class" which are ###
+### used to create a normalized CMS 6.0/6.01 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 60ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms601
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.0 NOTE: "HP-UX" - 1.3.1.02
+### "Linux" - 1.3.1_02
+### "SunOS" - 1.3.1_02
+###
+### CMS 6.01 NOTE: "HP-UX" - 1.3.1.02
+### "Linux" - 1.4.0
+### "SunOS" - 1.3.1_02
+###
+
+#JDK_VERSION=CMS_6.01
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 60ToTxt - create "CMS60LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/61ToTxt/classes/CMS61LdifParser.class b/pki/base/migrate/61ToTxt/classes/CMS61LdifParser.class
new file mode 100644
index 000000000..4c08a38aa
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/classes/CMS61LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/61ToTxt/classes/Main.class b/pki/base/migrate/61ToTxt/classes/Main.class
new file mode 100644
index 000000000..8f141215d
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/61ToTxt/run.bat b/pki/base/migrate/61ToTxt/run.bat
new file mode 100755
index 000000000..2386ab20b
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 6.1 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 6.1 ldif text file.
+REM
+REM This subsequent normalized CMS 6.1 ldif text file
+REM can be migrated into CMS 6.1 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 6.1 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms61
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/61ToTxt/run.sh b/pki/base/migrate/61ToTxt/run.sh
new file mode 100755
index 000000000..9fa8ffe12
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/run.sh
@@ -0,0 +1,202 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 6.1 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 6.1 ldif text file. ###
+### ###
+### This subsequent normalized CMS 6.1 ldif text file ###
+### can be migrated into CMS 6.1 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 6.1 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms61
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.1"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/61ToTxt/src/Main.java b/pki/base/migrate/61ToTxt/src/Main.java
new file mode 100644
index 000000000..298ee027d
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/src/Main.java
@@ -0,0 +1,483 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "61ToTxt/src/Main.java" is based upon a copy "60ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 6.1" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 60ToTxt/src/Main.java 61ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS61LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS61LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS61LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS61LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS61LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS61LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) {
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.cmscore.kra.ProofOfArchival o =
+ (com.netscape.cmscore.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/61ToTxt/src/compile.bat b/pki/base/migrate/61ToTxt/src/compile.bat
new file mode 100755
index 000000000..48bb90018
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "61ToTxt/classes/Main.class" and
+REM "61ToTxt/classes/CMS61LdifParser.class" which are
+REM used to create a normalized CMS 6.1 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 61ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms61
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.1 NOTE: "WINNT" - 1.4.0
+REM
+
+REM SET JDK_VERSION=CMS_6.1
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 61ToTxt - create "CMS61LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/61ToTxt/src/compile.sh b/pki/base/migrate/61ToTxt/src/compile.sh
new file mode 100755
index 000000000..b1f8c8505
--- /dev/null
+++ b/pki/base/migrate/61ToTxt/src/compile.sh
@@ -0,0 +1,160 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "61ToTxt/classes/Main.class" and ###
+### "61ToTxt/classes/CMS61LdifParser.class" which are ###
+### used to create a normalized CMS 6.1 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 61ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms61
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.1 NOTE: "HP-UX" - 1.3.1.02
+### "Linux" - 1.3.1_02
+### "SunOS" - 1.3.1_02
+###
+
+#JDK_VERSION=CMS_6.1
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.1"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 61ToTxt - create "CMS61LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/62ToTxt/classes/CMS62LdifParser.class b/pki/base/migrate/62ToTxt/classes/CMS62LdifParser.class
new file mode 100644
index 000000000..8c413efe2
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/classes/CMS62LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/62ToTxt/classes/Main.class b/pki/base/migrate/62ToTxt/classes/Main.class
new file mode 100644
index 000000000..a3b28db52
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/62ToTxt/run.bat b/pki/base/migrate/62ToTxt/run.bat
new file mode 100755
index 000000000..f182fd715
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 6.2 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 6.2 ldif text file.
+REM
+REM This subsequent normalized CMS 6.2 ldif text file
+REM can be migrated into CMS 6.2 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 6.2 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms62
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/62ToTxt/run.sh b/pki/base/migrate/62ToTxt/run.sh
new file mode 100755
index 000000000..a192df1ce
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/run.sh
@@ -0,0 +1,202 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 6.2 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 6.2 ldif text file. ###
+### ###
+### This subsequent normalized CMS 6.2 ldif text file ###
+### can be migrated into CMS 6.2 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 6.2 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms62
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.2"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/62ToTxt/src/Main.java b/pki/base/migrate/62ToTxt/src/Main.java
new file mode 100644
index 000000000..95f8d56be
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/src/Main.java
@@ -0,0 +1,483 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "62ToTxt/src/Main.java" is based upon a copy "61ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 6.2" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 61ToTxt/src/Main.java 62ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS62LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS62LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS62LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS62LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS62LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS62LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) {
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.cmscore.kra.ProofOfArchival o =
+ (com.netscape.cmscore.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/62ToTxt/src/compile.bat b/pki/base/migrate/62ToTxt/src/compile.bat
new file mode 100755
index 000000000..c6bfff97e
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "62ToTxt/classes/Main.class" and
+REM "62ToTxt/classes/CMS62LdifParser.class" which are
+REM used to create a normalized CMS 6.2 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 62ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms62
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.2 NOTE: "WINNT" - 1.4.0
+REM
+
+REM SET JDK_VERSION=CMS_6.2
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 62ToTxt - create "CMS62LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/62ToTxt/src/compile.sh b/pki/base/migrate/62ToTxt/src/compile.sh
new file mode 100755
index 000000000..163d5e440
--- /dev/null
+++ b/pki/base/migrate/62ToTxt/src/compile.sh
@@ -0,0 +1,160 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "62ToTxt/classes/Main.class" and ###
+### "62ToTxt/classes/CMS62LdifParser.class" which are ###
+### used to create a normalized CMS 6.2 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 62ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms62
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.2 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.0
+### "SunOS" - 1.4.0
+###
+
+#JDK_VERSION=CMS_6.2
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.2"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 62ToTxt - create "CMS62LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/63ToTxt/classes/CMS63LdifParser.class b/pki/base/migrate/63ToTxt/classes/CMS63LdifParser.class
new file mode 100644
index 000000000..39dde5f50
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/classes/CMS63LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/63ToTxt/classes/Main.class b/pki/base/migrate/63ToTxt/classes/Main.class
new file mode 100644
index 000000000..d8885bc11
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/63ToTxt/run.bat b/pki/base/migrate/63ToTxt/run.bat
new file mode 100755
index 000000000..34c9422c8
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 6.3 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 6.3 ldif text file.
+REM
+REM This subsequent normalized CMS 6.3 ldif text file
+REM can be migrated into CMS 6.3 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 6.3 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms63
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.3"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/63ToTxt/run.sh b/pki/base/migrate/63ToTxt/run.sh
new file mode 100755
index 000000000..d4aa5d5a2
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/run.sh
@@ -0,0 +1,202 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 6.3 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 6.3 ldif text file. ###
+### ###
+### This subsequent normalized CMS 6.3 ldif text file ###
+### can be migrated into CMS 6.3 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 6.3 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms63
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.3"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/63ToTxt/src/Main.java b/pki/base/migrate/63ToTxt/src/Main.java
new file mode 100644
index 000000000..1a13f833b
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/src/Main.java
@@ -0,0 +1,483 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "63ToTxt/src/Main.java" is based upon a copy "62ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 6.3" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 62ToTxt/src/Main.java 63ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS63LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS63LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS63LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS63LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS63LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS63LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) {
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.cmscore.kra.ProofOfArchival o =
+ (com.netscape.cmscore.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/63ToTxt/src/compile.bat b/pki/base/migrate/63ToTxt/src/compile.bat
new file mode 100755
index 000000000..f587dd7e8
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "63ToTxt/classes/Main.class" and
+REM "63ToTxt/classes/CMS63LdifParser.class" which are
+REM used to create a normalized CMS 6.3 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 63ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms63
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.3 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CMS_6.3
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.3"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 63ToTxt - create "CMS63LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/63ToTxt/src/compile.sh b/pki/base/migrate/63ToTxt/src/compile.sh
new file mode 100755
index 000000000..57b9c7718
--- /dev/null
+++ b/pki/base/migrate/63ToTxt/src/compile.sh
@@ -0,0 +1,160 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "63ToTxt/classes/Main.class" and ###
+### "63ToTxt/classes/CMS63LdifParser.class" which are ###
+### used to create a normalized CMS 6.3 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 63ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms63
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.3 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.2
+### "SunOS" - 1.4.2
+###
+
+#JDK_VERSION=CMS_6.3
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.3"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 63ToTxt - create "CMS63LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/70ToTxt/classes/CMS70LdifParser.class b/pki/base/migrate/70ToTxt/classes/CMS70LdifParser.class
new file mode 100644
index 000000000..e6900f5aa
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/classes/CMS70LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/70ToTxt/classes/Main.class b/pki/base/migrate/70ToTxt/classes/Main.class
new file mode 100644
index 000000000..0743af44a
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/70ToTxt/run.bat b/pki/base/migrate/70ToTxt/run.bat
new file mode 100755
index 000000000..3adeee6f9
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CMS 7.0 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CMS 7.0 ldif text file.
+REM
+REM This subsequent normalized CMS 7.0 ldif text file
+REM can be migrated into CMS 7.0 or later utilizing
+REM the corresponding TxtTo<Target CMS Version> script which
+REM converts this normalized CMS 7.0 ldif text file into
+REM a <Target CMS Version> ldif data file.
+REM
+REM This <Target CMS Version> ldif data file can then be
+REM imported into the internal database of the desired CMS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms70
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 7.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/70ToTxt/run.sh b/pki/base/migrate/70ToTxt/run.sh
new file mode 100755
index 000000000..294bb63c7
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/run.sh
@@ -0,0 +1,202 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CMS 7.0/7.01 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CMS 7.0/7.01 ldif text file. ###
+### ###
+### This subsequent normalized CMS 7.0/7.01 ldif text file ###
+### can be migrated into CMS 7.0/7.01 or later utilizing ###
+### the corresponding TxtTo<Target CMS Version> script which ###
+### converts this normalized CMS 7.0/7.01 ldif text file into ###
+### a <Target CMS Version> ldif data file. ###
+### ###
+### This <Target CMS Version> ldif data file can then be ###
+### imported into the internal database of the desired CMS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms701
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 7.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/70ToTxt/src/Main.java b/pki/base/migrate/70ToTxt/src/Main.java
new file mode 100644
index 000000000..b406a5765
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/src/Main.java
@@ -0,0 +1,483 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "70ToTxt/src/Main.java" is based upon a copy "62ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.0" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 62ToTxt/src/Main.java 70ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS70LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS70LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS70LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS70LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS70LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS70LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) {
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.cmscore.kra.ProofOfArchival o =
+ (com.netscape.cmscore.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/70ToTxt/src/compile.bat b/pki/base/migrate/70ToTxt/src/compile.bat
new file mode 100755
index 000000000..164cdc321
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "70ToTxt/classes/Main.class" and
+REM "70ToTxt/classes/CMS70LdifParser.class" which are
+REM used to create a normalized CMS 7.0 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 70ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cms701
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 7.0 NOTE: "WINNT" - 1.4.2
+REM
+REM CMS 7.01 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CMS_7.01
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 7.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CMS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 70ToTxt - create "CMS70LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/70ToTxt/src/compile.sh b/pki/base/migrate/70ToTxt/src/compile.sh
new file mode 100755
index 000000000..7c9de9b89
--- /dev/null
+++ b/pki/base/migrate/70ToTxt/src/compile.sh
@@ -0,0 +1,160 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "70ToTxt/classes/Main.class" and ###
+### "70ToTxt/classes/CMS70LdifParser.class" which are ###
+### used to create a normalized CMS 7.0 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile 70ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cms70
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 7.0 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.2
+### "SunOS" - 1.4.2
+###
+
+#JDK_VERSION=CMS_7.0
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 7.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CMS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 70ToTxt - create "CMS70LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/71ToTxt/classes/CMS71LdifParser.class b/pki/base/migrate/71ToTxt/classes/CMS71LdifParser.class
new file mode 100644
index 000000000..b78e44623
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/classes/CMS71LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/71ToTxt/classes/Main.class b/pki/base/migrate/71ToTxt/classes/Main.class
new file mode 100644
index 000000000..e37d5400a
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/71ToTxt/run.bat b/pki/base/migrate/71ToTxt/run.bat
new file mode 100755
index 000000000..4dbe2f5cd
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CS 7.1 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CS 7.1 ldif text file.
+REM
+REM This subsequent normalized CS 7.1 ldif text file
+REM can be migrated into CS 7.1 or later utilizing
+REM the corresponding TxtTo<Target CS Version> script which
+REM converts this normalized CS 7.1 ldif text file into
+REM a <Target CS Version> ldif data file.
+REM
+REM This <Target CS Version> ldif data file can then be
+REM imported into the internal database of the desired CS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cs71
+
+
+REM
+REM INSTANCE - if the CS instance directory is called 'cert-ca',
+REM set the CS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CS% ldif data file
+REM into a normalized %CS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/71ToTxt/run.sh b/pki/base/migrate/71ToTxt/run.sh
new file mode 100755
index 000000000..e1a33a541
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/run.sh
@@ -0,0 +1,202 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CS 7.1 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CS 7.1 ldif text file. ###
+### ###
+### This subsequent normalized CS 7.1 ldif text file ###
+### can be migrated into CS 7.1 or later utilizing ###
+### the corresponding TxtTo<Target CS Version> script which ###
+### converts this normalized CS 7.1 ldif text file into ###
+### a <Target CS Version> ldif data file. ###
+### ###
+### This <Target CS Version> ldif data file can then be ###
+### imported into the internal database of the desired CS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cs71
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CS instance directory is called 'cert-ca',
+### set the CS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.1"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CS} ldif data file
+### into a normalized ${CS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/71ToTxt/src/Main.java b/pki/base/migrate/71ToTxt/src/Main.java
new file mode 100644
index 000000000..3ff4930a4
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/src/Main.java
@@ -0,0 +1,483 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "71ToTxt/src/Main.java" is based upon a copy "70ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.1" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 70ToTxt/src/Main.java 71ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS71LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS71LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS71LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS71LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS71LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS71LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) {
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.cmscore.kra.ProofOfArchival o =
+ (com.netscape.cmscore.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/71ToTxt/src/compile.bat b/pki/base/migrate/71ToTxt/src/compile.bat
new file mode 100755
index 000000000..49ba89621
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "71ToTxt/classes/Main.class" and
+REM "71ToTxt/classes/CMS71LdifParser.class" which are
+REM used to create a normalized CS 7.1 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CS <server_root> used to compile 71ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cs71
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CS
+REM
+REM CS 7.1 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CS_7.1
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 71ToTxt - create "CMS71LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/71ToTxt/src/compile.sh b/pki/base/migrate/71ToTxt/src/compile.sh
new file mode 100755
index 000000000..23464bcb3
--- /dev/null
+++ b/pki/base/migrate/71ToTxt/src/compile.sh
@@ -0,0 +1,160 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "71ToTxt/classes/Main.class" and ###
+### "71ToTxt/classes/CMS71LdifParser.class" which are ###
+### used to create a normalized CS 7.1 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CS <server_root> used to compile 71ToTxt
+###
+
+#SERVER_ROOT=/export/home/migrate/cs71
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CS
+###
+### CS 7.1 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.2
+### "SunOS" - 1.4.2
+###
+
+#JDK_VERSION=CS_7.1
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.1"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 71ToTxt - create "CMS71LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/72ToTxt/classes/CMS72LdifParser.class b/pki/base/migrate/72ToTxt/classes/CMS72LdifParser.class
new file mode 100644
index 000000000..707657160
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/classes/CMS72LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/72ToTxt/classes/Main.class b/pki/base/migrate/72ToTxt/classes/Main.class
new file mode 100644
index 000000000..470df979a
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/72ToTxt/run.bat b/pki/base/migrate/72ToTxt/run.bat
new file mode 100755
index 000000000..9613fe5d5
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CS 7.2 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CS 7.2 ldif text file.
+REM
+REM This subsequent normalized CS 7.2 ldif text file
+REM can be migrated into CS 7.2 or later utilizing
+REM the corresponding TxtTo<Target CS Version> script which
+REM converts this normalized CS 7.2 ldif text file into
+REM a <Target CS Version> ldif data file.
+REM
+REM This <Target CS Version> ldif data file can then be
+REM imported into the internal database of the desired CS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cs72
+
+
+REM
+REM INSTANCE - if the CS instance directory is called 'cert-ca',
+REM set the CS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CS% ldif data file
+REM into a normalized %CS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/72ToTxt/run.sh b/pki/base/migrate/72ToTxt/run.sh
new file mode 100755
index 000000000..ccdd00630
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/run.sh
@@ -0,0 +1,158 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CS 7.2 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CS 7.2 ldif text file. ###
+### ###
+### This subsequent normalized CS 7.2 ldif text file ###
+### can be migrated into CS 7.2 or later utilizing ###
+### the corresponding TxtTo<Target CS Version> script which ###
+### converts this normalized CS 7.2 ldif text file into ###
+### a <Target CS Version> ldif data file. ###
+### ###
+### This <Target CS Version> ldif data file can then be ###
+### imported into the internal database of the desired CS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+###
+### Java Runtime Environment
+###
+JRE_ROOT=/usr/lib/jvm/jre-1.5.0
+export JRE_ROOT
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.2"
+export CS
+
+OS_NAME=`uname`
+export OS_NAME
+
+ARCH=`uname -i`
+export ARCH
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+export CLASSPATH
+
+if [ ${OS_NAME} = "Linux" ] ; then
+ if [ ${ARCH} = "i386" ] ; then
+ LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ else # x86_64
+ LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+ fi
+else # SunOS 64-bits
+ LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+fi
+
+
+###
+### Convert the specified ${CS} ldif data file
+### into a normalized ${CS} ldif text file.
+###
+
+${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2
diff --git a/pki/base/migrate/72ToTxt/src/Main.java b/pki/base/migrate/72ToTxt/src/Main.java
new file mode 100644
index 000000000..3bd1a333a
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/src/Main.java
@@ -0,0 +1,485 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "71ToTxt/src/Main.java" is based upon a copy "70ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.1" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 70ToTxt/src/Main.java 71ToTxt/src/Main.java
+//
+
+import java.io.*;
+import java.math.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS72LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS72LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS72LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS72LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS72LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS72LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) {
+ // CS 7.2: moved com.netscape.cmscore.kra.ProofOfArchival
+ // to com.netscape.certsrv.kra.ProofOfArchival
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.certsrv.kra.ProofOfArchival o =
+ (com.netscape.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/72ToTxt/src/compile.bat b/pki/base/migrate/72ToTxt/src/compile.bat
new file mode 100755
index 000000000..c0377e5e5
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "72ToTxt/classes/Main.class" and
+REM "72ToTxt/classes/CMS72LdifParser.class" which are
+REM used to create a normalized CS 7.2 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CS <server_root> used to compile 72ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cs72
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CS
+REM
+REM CS 7.2 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CS_7.2
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 72ToTxt - create "CMS72LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/72ToTxt/src/compile.sh b/pki/base/migrate/72ToTxt/src/compile.sh
new file mode 100755
index 000000000..6c616cd40
--- /dev/null
+++ b/pki/base/migrate/72ToTxt/src/compile.sh
@@ -0,0 +1,139 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "72ToTxt/classes/Main.class" and ###
+### "72ToTxt/classes/CMS72LdifParser.class" which are ###
+### used to create a normalized CS 7.2 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=Linux
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CS
+###
+### CS 7.2 NOTE: "Linux" - 1.5.0 (IBM)
+### "SunOS" - 1.5.0
+###
+
+#JDK_VERSION=CS_7.2.0
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.2"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 72ToTxt - create "CMS72LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/rhpki/ca/ca.jar:/usr/lib/java/rhpki/tks/tks.jar:/usr/lib/java/rhpki/ocsp/ocsp.jar:/usr/lib/java/rhpki/kra/kra.jar:/usr/lib/java/dirsec/jss4.jar Main.java
+
diff --git a/pki/base/migrate/73ToTxt/classes/CMS73LdifParser.class b/pki/base/migrate/73ToTxt/classes/CMS73LdifParser.class
new file mode 100644
index 000000000..9ca1fdfd5
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/classes/CMS73LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/73ToTxt/classes/Main.class b/pki/base/migrate/73ToTxt/classes/Main.class
new file mode 100644
index 000000000..30a21375d
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/73ToTxt/run.bat b/pki/base/migrate/73ToTxt/run.bat
new file mode 100755
index 000000000..f360f44d0
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/run.bat
@@ -0,0 +1,192 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a pre-existing CS 7.3 ldif data
+REM file (e. g. - created via a utility such as db2ldif)
+REM into a normalized CS 7.3 ldif text file.
+REM
+REM This subsequent normalized CS 7.3 ldif text file
+REM can be migrated into CS 7.3 or later utilizing
+REM the corresponding TxtTo<Target CS Version> script which
+REM converts this normalized CS 7.3 ldif text file into
+REM a <Target CS Version> ldif data file.
+REM
+REM This <Target CS Version> ldif data file can then be
+REM imported into the internal database of the desired CS
+REM server using a utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cs73
+
+
+REM
+REM INSTANCE - if the CS instance directory is called 'cert-ca',
+REM set the CS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.3"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CS% ldif data file
+REM into a normalized %CS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/73ToTxt/run.sh b/pki/base/migrate/73ToTxt/run.sh
new file mode 100755
index 000000000..a35994fb0
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/run.sh
@@ -0,0 +1,157 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a pre-existing CS 7.3 ldif data ###
+### file (e. g. - created via a utility such as db2ldif) ###
+### into a normalized CS 7.3 ldif text file. ###
+### ###
+### This subsequent normalized CS 7.3 ldif text file ###
+### can be migrated into CS 7.3 or later utilizing ###
+### the corresponding TxtTo<Target CS Version> script which ###
+### converts this normalized CS 7.3 ldif text file into ###
+### a <Target CS Version> ldif data file. ###
+### ###
+### This <Target CS Version> ldif data file can then be ###
+### imported into the internal database of the desired CS ###
+### server using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+###
+### Java Runtime Environment
+###
+JRE_ROOT=/usr/lib/jvm/jre-1.5.0
+export JRE_ROOT
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.3"
+export CS
+
+OS_NAME=`uname`
+export OS_NAME
+
+ARCH=`uname -i`
+export ARCH
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+CLASSPATH=/usr/share/rhpki/migrate/73ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+export CLASSPATH
+
+if [ ${OS_NAME} = "Linux" ] ; then
+ if [ ${ARCH} = "i386" ] ; then
+ LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ else # x86_64
+ LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/73ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+ fi
+else # SunOS 64-bits
+ LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/73ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+fi
+
+
+###
+### Convert the specified ${CS} ldif data file
+### into a normalized ${CS} ldif text file.
+###
+
+${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2
diff --git a/pki/base/migrate/73ToTxt/src/Main.java b/pki/base/migrate/73ToTxt/src/Main.java
new file mode 100644
index 000000000..088ae441f
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/src/Main.java
@@ -0,0 +1,485 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "71ToTxt/src/Main.java" is based upon a copy "70ToTxt/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.1" header, and
+// apply these changes forward to all other "*ToTxt/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "*ToTxt" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff 70ToTxt/src/Main.java 71ToTxt/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import netscape.security.util.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS73LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS73LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS73LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS73LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS73LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS73LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ StringBuffer requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.startsWith(REQUEST_ATTRIBUTES)) {
+ requestAttributes = new StringBuffer();
+ // System.out.println(line);
+ requestAttributes.append(
+ line.substring(REQUEST_ATTRIBUTES.length(),
+ line.length()).trim());
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.startsWith(" ")) {
+ // System.out.println(line);
+ requestAttributes.append(line.trim());
+ } else {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ System.out.println(line);
+ }
+ }
+ }
+
+ public void parseAttributes(String dn, StringBuffer attrs) throws Exception
+ {
+ BASE64Decoder decoder = new BASE64Decoder();
+ decodeHashtable(dn, decoder.decodeBuffer(attrs.toString()));
+
+// System.out.println(attrs);
+ }
+
+ public Object decode(byte[] data) throws
+ ObjectStreamException,
+ IOException,
+ ClassNotFoundException
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+ return is.readObject();
+ }
+
+ public void decodeHashtable(String dn, byte[] data) throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(data);
+ ObjectInputStream is = new ObjectInputStream(bis);
+
+ System.out.println(BEGIN);
+ String key = null;
+ while (true)
+ {
+ key = (String)is.readObject();
+ // end of table is marked with null
+ if (key == null) break;
+ try {
+ byte[] bytes = (byte[])is.readObject();
+ Object obj = decode(bytes);
+ output(key, obj);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ }
+ System.out.println(END);
+ }
+
+ public void output(String key, Object obj) throws Exception
+ {
+ if (obj instanceof String) {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ } else if (obj instanceof netscape.security.x509.CertificateX509Key) {
+ netscape.security.x509.CertificateX509Key o =
+ (netscape.security.x509.CertificateX509Key)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateSubjectName) {
+ netscape.security.x509.CertificateSubjectName o =
+ (netscape.security.x509.CertificateSubjectName)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateExtensions) {
+ netscape.security.x509.CertificateExtensions o =
+ (netscape.security.x509.CertificateExtensions)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertInfo) {
+ netscape.security.x509.X509CertInfo o =
+ (netscape.security.x509.X509CertInfo)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl) {
+ netscape.security.x509.X509CertImpl o =
+ (netscape.security.x509.X509CertImpl)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateChain) {
+ netscape.security.x509.CertificateChain o =
+ (netscape.security.x509.CertificateChain)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.X509CertImpl[]) {
+ netscape.security.x509.X509CertImpl o[] =
+ (netscape.security.x509.X509CertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.X509CertInfo[]) {
+ netscape.security.x509.X509CertInfo o[] =
+ (netscape.security.x509.X509CertInfo[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" +
+ encoder.encodeBuffer(bos.toByteArray()));
+ }
+ } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) {
+ netscape.security.x509.RevokedCertImpl o[] =
+ (netscape.security.x509.RevokedCertImpl[])obj;
+ for (int i = 0; i < o.length; i++) {
+ DerOutputStream bos =
+ new DerOutputStream();
+ o[i].encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(bos.toByteArray()));
+ }
+ } else if (obj instanceof java.security.cert.Certificate[]) {
+ java.security.cert.Certificate o[] =
+ (java.security.cert.Certificate[])obj;
+ for (int i = 0; i < o.length; i++) {
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" +
+ encoder.encode(o[i].getEncoded()));
+ }
+ } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock o =
+ (com.netscape.cmscore.base.ArgBlock)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" +(String)o.get(k));
+ }
+ } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) {
+ // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord"
+ // to "com.netscape.cmscore.dbs.KeyRecord"
+ com.netscape.cmscore.dbs.KeyRecord o =
+ (com.netscape.cmscore.dbs.KeyRecord)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob != null) {
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob));
+
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ }
+ } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) {
+ // CS 7.2: moved com.netscape.cmscore.kra.ProofOfArchival
+ // to com.netscape.certsrv.kra.ProofOfArchival
+ // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival"
+ // to "com.netscape.cmscore.kra.ProofOfArchival"
+ com.netscape.certsrv.kra.ProofOfArchival o =
+ (com.netscape.certsrv.kra.ProofOfArchival)obj;
+ DerOutputStream bos =
+ new DerOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) {
+ com.netscape.certsrv.request.AgentApprovals o =
+ (com.netscape.certsrv.request.AgentApprovals)obj;
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ approval.getUserName() + ";" + approval.getDate().getTime());
+ }
+ } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) {
+ com.netscape.certsrv.authentication.AuthToken o =
+ (com.netscape.certsrv.authentication.AuthToken)obj;
+ Enumeration e = o.getElements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ Object ob = o.get(k);
+ if (ob instanceof java.util.Date) {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime());
+ } else if (ob instanceof java.math.BigInteger[]) {
+ // Bugzilla Bug #225031 (a.k.a. - Raidzilla Bug #58356)
+ java.math.BigInteger in[] = (java.math.BigInteger[])ob;
+ String numbers = "";
+ for (int i = 0; i < in.length; i++) {
+ if (numbers.equals("")) {
+ numbers = in[i].toString();
+ } else {
+ numbers = numbers + "," + in[i].toString();
+ }
+ }
+ System.out.println(" " +
+ key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" +
+ k + ":java.lang.String=" + numbers);
+ } else if (ob instanceof String[]) {
+ // Bugzilla Bug #224763 (a.k.a. - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ String str[] = (String[])ob;
+ String v = "";
+ if (str != null) {
+ for (int i = 0; i < str.length; i++) {
+ if (i != 0) {
+ v += ",";
+ }
+ v += str[i];
+ }
+ }
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + "java.lang.String" + "=" + v);
+ } else {
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + ":" + ob.getClass().getName() + "=" + ob);
+ }
+ }
+ } else if (obj instanceof byte[]) {
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key + ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof Integer[]) {
+ Integer in[] = (Integer[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof BigInteger[]) {
+ // Bugzilla Bug #238779
+ BigInteger in[] = (BigInteger[])obj;
+ for (int i = 0; i < in.length; i++) {
+ System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]);
+ }
+ } else if (obj instanceof String[]) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ String str[] = (String[])obj;
+ for (int i = 0; i < str.length; i++) {
+ System.out.println(" " + key + ":java.lang.String[" + str.length + "," + i + "]="+ str[i]);
+ }
+ } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) {
+ netscape.security.x509.CertificateAlgorithmId o =
+ (netscape.security.x509.CertificateAlgorithmId)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateAlgorithmId="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof netscape.security.x509.CertificateValidity) {
+ netscape.security.x509.CertificateValidity o =
+ (netscape.security.x509.CertificateValidity)obj;
+ ByteArrayOutputStream bos =
+ new ByteArrayOutputStream();
+ o.encode(bos);
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":netscape.security.x509.CertificateValidity="+
+ encoder.encode(bos.toByteArray()));
+ } else if (obj instanceof byte[]) {
+ // Since 6.1's profile framework,
+ // req_archive_options is a byte array
+ BASE64Encoder encoder = new BASE64Encoder();
+ System.out.println(" " + key +
+ ":byte[]="+
+ encoder.encode((byte[])obj));
+ } else if (obj instanceof java.util.Hashtable) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ //
+ // Example: fingerprints:java.util.Hashtable=
+ // {SHA1=[B@52513a, MD5=[B@52c4d9, MD2=[B@799ff5}
+ //
+ java.util.Hashtable o = (java.util.Hashtable)obj;
+ BASE64Encoder encoder = new BASE64Encoder();
+ Enumeration e = o.elements();
+ while (e.hasMoreElements()) {
+ String k = (String)e.nextElement();
+ System.out.println(" " +
+ key + ":" + o.getClass().getName() + "=" +
+ k + "=" + encoder.encode((byte[])o.get(k)));
+ }
+ } else {
+ System.out.println(" " +
+ key + ":" + obj.getClass().getName() + "=" +
+ obj);
+ }
+ }
+}
+
diff --git a/pki/base/migrate/73ToTxt/src/compile.bat b/pki/base/migrate/73ToTxt/src/compile.bat
new file mode 100755
index 000000000..f5b720e54
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/src/compile.bat
@@ -0,0 +1,150 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "73ToTxt/classes/Main.class" and
+REM "73ToTxt/classes/CMS73LdifParser.class" which are
+REM used to create a normalized CS 7.3 ldif text file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CS <server_root> used to compile 73ToTxt
+REM
+
+REM SET SERVER_ROOT=C:\cs73
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CS
+REM
+REM CS 7.3 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CS_7.3
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.3"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO normalized %CS% ldif text classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile 73ToTxt - create "CMS73LdifParser.class" and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/73ToTxt/src/compile.sh b/pki/base/migrate/73ToTxt/src/compile.sh
new file mode 100755
index 000000000..0c8975c4a
--- /dev/null
+++ b/pki/base/migrate/73ToTxt/src/compile.sh
@@ -0,0 +1,138 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "73ToTxt/classes/Main.class" and ###
+### "73ToTxt/classes/CMS73LdifParser.class" which are ###
+### used to create a normalized CS 7.3 ldif text file. ###
+### ###
+#####################################################################
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+JDK_PLATFORM=Linux
+export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CS
+###
+### CS 7.3 NOTE: "Linux" - 1.5.0 (IBM)
+### "SunOS" - 1.5.0
+###
+
+JDK_VERSION=PKI_7.3.0
+export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+export JAVA_HOME
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.3"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " normalized ${CS} ldif text classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile 73ToTxt - create "CMS73LdifParser.class" and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/rhpki/ca/ca.jar:/usr/lib/java/rhpki/tks/tks.jar:/usr/lib/java/rhpki/ocsp/ocsp.jar:/usr/lib/java/rhpki/kra/kra.jar:/usr/lib/java/dirsec/jss4.jar Main.java
+
diff --git a/pki/base/migrate/80/MigrateSecurityDomain.class b/pki/base/migrate/80/MigrateSecurityDomain.class
new file mode 100644
index 000000000..f2a174dab
--- /dev/null
+++ b/pki/base/migrate/80/MigrateSecurityDomain.class
Binary files differ
diff --git a/pki/base/migrate/80/MigrateSecurityDomain.java b/pki/base/migrate/80/MigrateSecurityDomain.java
new file mode 100644
index 000000000..33bbb72b1
--- /dev/null
+++ b/pki/base/migrate/80/MigrateSecurityDomain.java
@@ -0,0 +1,222 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2008 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+import com.netscape.cmsutil.xml.*;
+import com.netscape.cmscore.base.*;
+import com.netscape.cmscore.ldapconn.*;
+import com.netscape.cmsutil.ldap.*;
+import netscape.ldap.*;
+import java.io.*;
+import java.util.*;
+import org.w3c.dom.*;
+
+public class MigrateSecurityDomain {
+
+ private static LDAPConnection getLDAPConn(FileConfigStore cs, String passwd)
+ throws IOException
+ {
+
+ String host = "";
+ String port = "";
+ String binddn = "";
+ String security = "";
+
+ try {
+ host = cs.getString("internaldb.ldapconn.host");
+ port = cs.getString("internaldb.ldapconn.port");
+ binddn = cs.getString("internaldb.ldapauth.bindDN");
+ security = cs.getString("internaldb.ldapconn.secureConn");
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: getLDAPConnection" + e.toString());
+ throw new IOException(
+ "Failed to retrieve LDAP information from CS.cfg.");
+ }
+
+ int p = -1;
+
+ try {
+ p = Integer.parseInt(port);
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+ throw new IOException("Port is not valid");
+ }
+
+ LDAPConnection conn = null;
+ if (security.equals("true")) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap");
+ conn = new LDAPConnection(new LdapJssSSLSocketFactory());
+ } else {
+ System.out.println("MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap");
+ conn = new LDAPConnection();
+ }
+
+ System.out.println("MigrateSecurityDomain connecting to " + host + ":" + p);
+ try {
+ conn.connect(host, p, binddn, passwd);
+ } catch (LDAPException e) {
+ System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString());
+ throw new IOException("Failed to connect to the internal database.");
+ }
+
+ return conn;
+ }
+
+
+ public static void main(String args[]) throws Exception
+ {
+ if (args.length != 2) {
+ System.out.println("Usage: MigrateSecurityDomain <instance root path> <directory manager password>");
+ System.exit(0);
+ }
+
+ String instRoot = args[0];
+ String dmPass = args[1];
+
+ XMLObject parser = null;
+ // get the security domain data from the domain.xml file
+ try {
+ String path = instRoot + "/conf/domain.xml";
+ System.out.println("MigrateSecurityDomain: Reading domain.xml from file ...");
+ parser = new XMLObject(new FileInputStream(path));
+
+ }
+ catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file");
+ System.out.println(e.toString());
+ System.exit(1);
+ }
+
+ try {
+ String configFile = instRoot + "/conf/CS.cfg";
+ FileConfigStore cs = new FileConfigStore(configFile);
+
+ LDAPConnection conn = null;
+ conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass);
+ if (conn == null) {
+ System.out.println("MigrateSecurityDomain: Failed to connect to internal database");
+ System.exit(1);
+ }
+
+ // add new schema elements
+ String importFile = "./schema-add.ldif";
+ try {
+ LDAPUtil.importLDIF(conn, importFile);
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Error in adding new schema elements");
+ System.exit(1);
+ }
+ // create the containers
+ String basedn = cs.getString("internaldb.basedn");
+ String secdomain = parser.getValue("Name");
+
+ try {
+ String dn = "ou=Security Domain," + basedn;
+ System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn);
+
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "organizationalUnit"));
+ attrs.add(new LDAPAttribute("name", secdomain));
+ attrs.add(new LDAPAttribute("ou", "Security Domain"));
+ entry = new LDAPEntry(dn, attrs);
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create security domain" + e.toString());
+ System.exit(1);
+ }
+ }
+
+ // create list containers
+ String clist[] = {"CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList"};
+ for (int i=0; i< 6; i++) {
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup"));
+ attrs.add(new LDAPAttribute("cn", clist[i]));
+ entry = new LDAPEntry(dn, attrs);
+ try {
+ conn.add(entry);
+ } catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create security domain list entry " + dn +": "+ e.toString());
+ System.exit(1);
+ }
+ }
+ }
+
+ // create system entries
+ String tlist[] = {"CA", "OCSP", "KRA", "RA", "TKS", "TPS"};
+ Document doc = parser.getDocument();
+ for (int j=0; j<6; j++) {
+ String type = tlist[j];
+ NodeList nodeList = doc.getElementsByTagName(type);
+ int len = nodeList.getLength();
+ for (int i = 0; i < len; i++) {
+ Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone");
+ Vector v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName");
+ Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host");
+ Vector v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort");
+
+ String cn = (String)v_host.elementAt(0) + ":" + (String)v_port.elementAt(0);
+ String dn = "cn=" + cn + ",cn=" + type +"List,ou=Security Domain," + basedn;
+ LDAPEntry entry = null;
+ LDAPAttributeSet attrs = null;
+ attrs = new LDAPAttributeSet();
+ attrs.add(new LDAPAttribute("objectclass", "top"));
+ attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem"));
+ attrs.add(new LDAPAttribute("Host", (String)v_host.elementAt(0)));
+ attrs.add(new LDAPAttribute("SecurePort", (String)v_port.elementAt(0)));
+ attrs.add(new LDAPAttribute("Clone", (String)v_clone.elementAt(0)));
+ attrs.add(new LDAPAttribute("SubsystemName", (String)v_name.elementAt(0)));
+ attrs.add(new LDAPAttribute("cn", cn));
+ attrs.add(new LDAPAttribute("DomainManager", "true"));
+ // Since the initial port separation feature didn't occur
+ // until an RHCS 7.3 errata, simply store the "SecurePort"
+ // value for BOTH the "SecureAgentPort" and the
+ // "SecureAdminPort", and DON'T store any values for the
+ // "UnSecurePort"
+ attrs.add(new LDAPAttribute("SecureAgentPort", (String)v_port.elementAt(0)));
+ attrs.add(new LDAPAttribute("SecureAdminPort", (String)v_port.elementAt(0)));
+ entry = new LDAPEntry(dn, attrs);
+
+ try {
+ conn.add(entry);
+ }
+ catch (LDAPException e) {
+ if (e.getLDAPResultCode() != 68) {
+ System.out.println("Unable to create entry " + dn +": "+ e.toString());
+ }
+ }
+ }
+ }
+ cs.putString("securitydomain.store", "ldap");
+ cs.commit(false);
+ System.out.println("MigrateSecurityDomain: Domain successfully migrated.");
+ } catch (Exception e) {
+ System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString());
+ }
+ System.exit(0);
+ }
+
+}
diff --git a/pki/base/migrate/80/readme b/pki/base/migrate/80/readme
new file mode 100644
index 000000000..50365c985
--- /dev/null
+++ b/pki/base/migrate/80/readme
@@ -0,0 +1,29 @@
+Date
+
+ Fri Oct 3 00:37:14 EDT 2008
+
+Version
+
+ CMS 8.0
+
+Overview
+
+ In CMS8.0, the security domain data has been migrated into the
+ internal LDAP database to allow easier replication of this data
+ when cloning. Prior to this release, this information was stored
+ in the domain.xml configuration file on the CA serving as the Domain
+ Master.
+
+Program
+
+ MigrateSecurityDomain - This command will add the relevant schema and migrate
+ security domain data that resides in domain.xml into the internal database.
+ The program needs only two arguments - the location of the instance root directory
+ (like /var/lib/pki-ca) and the directory user's password.
+
+Example
+
+ Here is an example of MigrateSecurityDomain usage
+java -cp /usr/share/java/ldapjdk.jar:/usr/share/java/pki/cmscore.jar:/usr/share/java/pki/cmsutil.jar:/usr/share/java/pki/certsrv.jar:. MigrateSecurityDomain /var/lib/pki-ca mypassword
+
+
diff --git a/pki/base/migrate/80/schema-add.ldif b/pki/base/migrate/80/schema-add.ldif
new file mode 100644
index 000000000..fe6577e51
--- /dev/null
+++ b/pki/base/migrate/80/schema-add.ldif
@@ -0,0 +1,50 @@
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ name ) X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' )
+
diff --git a/pki/base/migrate/CMakeLists.txt b/pki/base/migrate/CMakeLists.txt
new file mode 100644
index 000000000..94cc990f6
--- /dev/null
+++ b/pki/base/migrate/CMakeLists.txt
@@ -0,0 +1,36 @@
+project(migrate)
+
+set(INSTALL_DIRS
+ 41ToTxt
+ 42SP2ToTxt
+ 42ToTxt
+ 45ToTxt
+ 47ToTxt
+ 60ToTxt
+ 61ToTxt
+ 62ToTxt
+ 63ToTxt
+ 70ToTxt
+ 71ToTxt
+ 72ToTxt
+ 73ToTxt
+ 80
+ TpsTo80
+ TxtTo60
+ TxtTo61
+ TxtTo62
+ TxtTo70
+ TxtTo71
+ TxtTo72
+ TxtTo73
+ TxtTo80
+)
+
+foreach(INSTALL_DIR ${INSTALL_DIRS})
+ install(
+ DIRECTORY
+ ${INSTALL_DIR}
+ DESTINATION
+ ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/${INSTALL_DIR}
+ )
+endforeach(INSTALL_DIR ${INSTALL_DIRS})
diff --git a/pki/base/migrate/LICENSE b/pki/base/migrate/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/pki/base/migrate/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published
+by the Free Software Foundation; version 2 of the License.
+
+This Program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+for more details.
+
+You should have received a copy of the GNU General Public License
+along with this Program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/pki/base/migrate/TpsTo80/Makefile b/pki/base/migrate/TpsTo80/Makefile
new file mode 100644
index 000000000..99c0d275c
--- /dev/null
+++ b/pki/base/migrate/TpsTo80/Makefile
@@ -0,0 +1,36 @@
+OS_ARCH := $(subst /,_,$(shell uname -s))
+
+ifeq ($(OS_ARCH), Linux)
+ CC = gcc
+ CFLAGS = -g
+ LDFLAGS = -s -lldif60 -lplc4 -lplds4 -lnspr4
+else
+ifeq ($(OS_ARCH), SunOS)
+ CC = cc
+ LINTFLAGS = -c
+ CFLAGS = -dalign -xO2 -xarch=v9 -DSOLARIS
+ INCLUDE_PATH = -I/usr/include/dirsec
+ LDFLAGS = -s -L/usr/lib/64 -lldif60 -L/usr/lib/64/dirsec -R/usr/lib/64/dirsec -lplc4 -lplds4 -lnspr4
+endif # SunOS
+endif # Linux
+
+OBJS = migrateTPSData.o
+
+SRCS = migrateTPSData.c
+
+all: migrateTPSData
+
+$(OBJS): $(SRCS)
+ $(CC) $(CFLAGS) $(INCLUDE_PATH) -c $< \
+ -o $*.o
+
+migrateTPSData: $(OBJS)
+ $(CC) $(CFLAGS) -o $@ $(OBJS) $(LDFLAGS)
+
+lint: $(SRCS)
+ lint $(LINTFLAGS) $(CFLAGS) $(INCLUDE_PATH) $(SRCS)
+
+clean:
+ -rm migrateTPSData.ln
+ -rm migrateTPSData.o
+ -rm migrateTPSData
diff --git a/pki/base/migrate/TpsTo80/linux/migrateTPSData.i386 b/pki/base/migrate/TpsTo80/linux/migrateTPSData.i386
new file mode 100755
index 000000000..9fd4b3906
--- /dev/null
+++ b/pki/base/migrate/TpsTo80/linux/migrateTPSData.i386
Binary files differ
diff --git a/pki/base/migrate/TpsTo80/linux/migrateTPSData.x86_64 b/pki/base/migrate/TpsTo80/linux/migrateTPSData.x86_64
new file mode 100755
index 000000000..d89125c7e
--- /dev/null
+++ b/pki/base/migrate/TpsTo80/linux/migrateTPSData.x86_64
Binary files differ
diff --git a/pki/base/migrate/TpsTo80/migrateTPSData.c b/pki/base/migrate/TpsTo80/migrateTPSData.c
new file mode 100644
index 000000000..a4cf340ab
--- /dev/null
+++ b/pki/base/migrate/TpsTo80/migrateTPSData.c
@@ -0,0 +1,501 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+//
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+// Lesser General Public License for more details.
+//
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA 02110-1301 USA
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#ifdef SOLARIS
+#include <mozldap6/ldif.h>
+#else
+#include <mozldap/ldif.h>
+#endif
+#include <ctype.h>
+#include <nspr4/nspr.h>
+#include <nspr4/plstr.h>
+#include <nspr4/plhash.h>
+#include <nspr4/prmem.h>
+#include <nspr4/prprf.h>
+#include <nspr4/prsystem.h>
+#include <errno.h>
+#include <string.h>
+
+#define SHORT_LEN 512
+#define NO_TOKEN_TYPE "no_token_type"
+
+static PLHashTable *token_set;
+static FILE *infile;
+static FILE *outfile;
+
+/* hash functions */
+static PR_CALLBACK void*
+_AllocTable(void* pool, PRSize size)
+{
+ return PR_MALLOC(size);
+}
+
+static PR_CALLBACK void
+_FreeTable(void* pool, void* item)
+{
+ PR_DELETE(item);
+}
+
+static PR_CALLBACK PLHashEntry*
+_AllocEntry(void* pool, const void* key)
+{
+ return PR_NEW(PLHashEntry);
+}
+
+static PR_CALLBACK void
+_FreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
+{
+ if( he == NULL ) {
+ return;
+ }
+
+ if (flag == HT_FREE_VALUE) {
+ if( he->value != NULL ) {
+ PL_strfree( ( char* ) he->value );
+ he->value = NULL;
+ }
+ } else if (flag == HT_FREE_ENTRY) {
+ if( he->key != NULL ) {
+ PL_strfree( ( char* ) he->key );
+ he->key = NULL;
+ }
+ if( he->value != NULL ) {
+ PL_strfree( ( char* ) he->value );
+ he->value = NULL;
+ }
+ PR_DELETE(he);
+ }
+}
+
+static PLHashAllocOps _AllocOps = {
+ _AllocTable,
+ _FreeTable,
+ _AllocEntry,
+ _FreeEntry
+};
+
+/* utility functions */
+#ifdef SOLARIS
+void do_free(char * buf)
+{
+ if (buf != NULL) {
+ PR_Free(buf);
+ buf = NULL;
+ }
+}
+#else
+inline void do_free(char * buf)
+{
+ if (buf != NULL) {
+ PR_Free(buf);
+ buf = NULL;
+ }
+}
+#endif
+
+
+
+char *get_field( char *s, char* fname, int len)
+{
+ char *end = NULL;
+ int n;
+
+ if( ( s = PL_strstr( s, fname ) ) == NULL ) {
+ return NULL;
+ }
+
+ s += strlen(fname);
+ end = PL_strchr( s, ' ' );
+
+ if( end != NULL ) {
+ n = end - s;
+ } else {
+ n = PL_strlen( s );
+ }
+
+ if (n == 0) {
+ return NULL;
+ } else if (n > len) {
+ /* string too long */
+ return NULL;
+ } else {
+ return PL_strndup( s, n );
+ }
+}
+
+/*
+ * Read the ldif, munge the entry and write to output.
+ */
+int read_and_modify_ldif() {
+ // user changes
+ static char agent_entry[] = "dn: cn=TUS Agents,ou=Groups";
+ static int agent_ent_len = sizeof(agent_entry)-1;
+ static char admin_entry[] = "dn: cn=TUS Adminstrators,ou=Groups";
+ static int admin_ent_len = sizeof(admin_entry)-1;
+ static char operator_entry[] = "dn: cn=TUS Officers,ou=Groups";
+ static int operator_ent_len = sizeof(operator_entry)-1;
+ static char user_entry[] = "ou=People";
+
+ // token changes
+ static char token_entry[] = "ou=Tokens";
+
+ // activity changes
+ static char activity_entry[] = "ou=Activities";
+
+ char *entry = 0;
+ int lineno = 0;
+
+ while ((entry = ldif_get_entry(infile, &lineno))) {
+ char *begin = entry;
+
+ if (!PL_strncasecmp(entry, agent_entry, agent_ent_len)) {
+ process_agent_entry(entry);
+ } else if (!PL_strncasecmp(entry, admin_entry, admin_ent_len)) {
+ process_admin_entry(entry);
+ } else if (!PL_strncasecmp(entry, operator_entry, operator_ent_len)) {
+ process_operator_entry(entry);
+ } else if (PL_strstr(entry, token_entry) != NULL) {
+ process_token_entry(entry);
+ } else if (PL_strstr(entry, activity_entry) != NULL) {
+ process_activity_entry(entry);
+ } else if ((PL_strstr(entry, user_entry) != NULL) &&
+ (PL_strstr(entry, "objectClass: organizationalunit") == NULL)) {
+ process_user_entry(entry);
+ } else {
+ process_unchanged_entry(entry);
+ fprintf(outfile, "\n");
+ }
+ free(begin);
+ }
+ return 0;
+}
+
+/**
+ * read the file, parse the activity records
+ * record the tokenTypes found for later use
+ */
+int parse_ldif_activities() {
+ // activity changes
+ static char activity_entry[] = "ou=Activities";
+
+ char *entry = 0;
+ int lineno = 0;
+
+ while ((entry = ldif_get_entry(infile, &lineno))) {
+ char *begin = entry;
+ if (PL_strstr(entry, activity_entry) != NULL) {
+ parse_activity_entry(entry);
+ }
+ free(begin);
+ }
+ return 0;
+}
+
+int parse_activity_entry(char* entry) {
+ static char tokenMsg_attr[] = "tokenMsg";
+ static char tokenid_attr[] = "tokenID";
+ char *line = entry;
+ char *tokenType = NULL;
+ char *cuid = NULL;
+ while ((line = ldif_getline(&entry))) {
+ char *type, *value;
+ int vlen = 0;
+ int rc;
+
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ /* this call modifies line */
+ rc = ldif_parse_line(line, &type, &value, &vlen);
+ if (rc != 0) {
+ printf("Unknown error processing ldif entry: %s\n", entry);
+ } else {
+ if (!PL_strncasecmp(type, tokenMsg_attr, SHORT_LEN)) {
+ tokenType = get_field(value, "tokenType=",SHORT_LEN);
+ } else if (!PL_strncasecmp(type, tokenid_attr, SHORT_LEN)) {
+ cuid = PL_strdup(value);
+ }
+ }
+ }
+
+ if ((tokenType != NULL) && (cuid != NULL)) {
+ if ((char *) PL_HashTableLookupConst(token_set, cuid) == NULL) {
+ PL_HashTableAdd(token_set, PL_strdup(cuid), PL_strdup(tokenType));
+ //printf("Adding entry: %s %s to hash\n", cuid, tokenType);
+ }
+ }
+ do_free(cuid);
+ do_free(tokenType);
+ return 0;
+}
+
+
+
+/* change uniqueMember -> member */
+int process_agent_entry(char* entry) {
+ static char member_attr[] = "uniqueMember";
+
+ char *line = entry;
+ while ((line = ldif_getline(&entry))) {
+ char *type, *value;
+ int vlen = 0;
+ int rc;
+
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ /* this call modifies line */
+ rc = ldif_parse_line(line, &type, &value, &vlen);
+ if (rc != 0) {
+ printf("Unknown error processing ldif entry: %s\n", entry);
+ } else {
+ if (!PL_strncasecmp(type, member_attr, SHORT_LEN)) {
+ fprintf(outfile, "member: %s\n", value);
+ } else if ((!PL_strncasecmp(type, "objectClass", SHORT_LEN)) && (!PL_strncasecmp(value, "groupOfUniqueNames", SHORT_LEN))) {
+ fprintf(outfile, "objectClass: groupOfNames\n");
+ } else {
+ fprintf(outfile, "%s", ldif_type_and_value(type, value, vlen));
+ }
+ }
+ }
+ fprintf(outfile, "\n");
+ return 0;
+}
+
+/* same as agent */
+int process_operator_entry(char* entry) {
+ return process_agent_entry(entry);
+}
+
+/* change uniqueMember -> member
+ * change typo in dn
+ */
+int process_admin_entry(char* entry) {
+ static char member_attr[] = "uniqueMember";
+ static char dn_attr[] = "dn";
+
+ char *line = entry;
+ while ((line = ldif_getline(&entry))) {
+ char *type, *value;
+ int vlen = 0;
+ int rc;
+
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ /* this call modifies line */
+ rc = ldif_parse_line(line, &type, &value, &vlen);
+ if (rc != 0) {
+ printf("Unknown error processing ldif entry: %s", entry);
+ } else {
+ if (!PL_strncasecmp(type, member_attr, SHORT_LEN)) {
+ fprintf(outfile, "member: %s\n", value);
+ } else if (!PL_strncasecmp(type, dn_attr, SHORT_LEN)) {
+ int rep_size = PL_strlen("cn=TUS Adminstrators,ou=Groups,");
+ fprintf(outfile, "dn: cn=TUS Administrators,ou=Groups,%s\n", value + rep_size);
+ } else if ((!PL_strncasecmp(type, "objectClass", SHORT_LEN)) && (!PL_strncasecmp(value, "groupOfUniqueNames", SHORT_LEN))) {
+ fprintf(outfile, "objectClass: groupOfNames\n");
+ } else {
+ fprintf(outfile, "%s", ldif_type_and_value(type, value, vlen));
+ }
+ }
+ }
+ fprintf(outfile, "\n");
+ return 0;
+}
+
+int process_user_entry(char *entry) {
+ process_unchanged_entry(entry);
+ fprintf(outfile, "objectClass: tpsProfileId\n");
+ fprintf(outfile, "profileID: All Profiles\n");
+ fprintf(outfile, "\n");
+ return 0;
+}
+
+int process_unchanged_entry(char *entry) {
+ char *line = entry;
+ while ((line = ldif_getline(&entry))) {
+ char *type, *value;
+ int vlen = 0;
+ int rc;
+
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ /* this call modifies line */
+ rc = ldif_parse_line(line, &type, &value, &vlen);
+ if (rc != 0) {
+ printf("Unknown error processing ldif entry: %s\n", entry);
+ } else {
+ fprintf(outfile, "%s", ldif_type_and_value(type, value, vlen));
+ }
+ }
+ return 0;
+}
+
+int process_activity_entry(char *entry) {
+ static char tokenmsg_attr[] = "tokenMsg";
+ static char tokenid_attr[] = "tokenID";
+ char *line = entry;
+ char *tokenType = NULL;
+ char *cuid = NULL;
+ char *dn = NULL;
+ while ((line = ldif_getline(&entry))) {
+ char *type, *value;
+ int vlen = 0;
+ int rc;
+
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ /* this call modifies line */
+ rc = ldif_parse_line(line, &type, &value, &vlen);
+ if (rc != 0) {
+ printf("Unknown error processing ldif entry: %s\n", entry);
+ } else {
+ fprintf(outfile, "%s", ldif_type_and_value(type, value, vlen));
+
+ if (!PL_strncasecmp(type, tokenmsg_attr, SHORT_LEN)) {
+ tokenType = get_field(value, "tokenType=",SHORT_LEN);
+ if (tokenType != NULL) {
+ fprintf(outfile, "tokenType: %s\n", tokenType);
+ }
+ } else if (!PL_strncasecmp(type, tokenid_attr, SHORT_LEN)) {
+ cuid = PL_strdup(value);
+ } else if (!PL_strncasecmp(type, tokenid_attr, SHORT_LEN)) {
+ dn = PL_strdup(value);
+ }
+ }
+ }
+
+ if ((tokenType == NULL) && (cuid!= NULL)) {
+ // check hash for a value
+ if (PL_HashTableLookupConst(token_set, cuid) != NULL) {
+ fprintf(outfile, "tokenType: %s\n", (char *) PL_HashTableLookupConst(token_set, cuid));
+ } else {
+ fprintf(outfile, "tokenType: %s\n", NO_TOKEN_TYPE);
+ // log error here - unable to set token type using dn
+ }
+ }
+ fprintf(outfile, "\n");
+ do_free(cuid);
+ do_free(dn);
+ do_free(tokenType);
+
+ return 0;
+}
+
+int process_token_entry(char* entry) {
+ static char cn_attr[] = "cn";
+ static char dn_attr[] = "dn";
+ char *line = entry;
+ char *tokenType = NULL;
+ char *dn = NULL;
+ while ((line = ldif_getline(&entry))) {
+ char *type, *value;
+ int vlen = 0;
+ int rc;
+
+ if ( *line == '\n' || *line == '\0' ) {
+ break;
+ }
+
+ /* this call modifies line */
+ rc = ldif_parse_line(line, &type, &value, &vlen);
+ if (rc != 0) {
+ printf("Unknown error processing ldif entry: %s\n", entry);
+ } else {
+ fprintf(outfile, "%s", ldif_type_and_value(type, value, vlen));
+
+ if (!PL_strncasecmp(type, cn_attr, SHORT_LEN)) {
+ if (value != NULL) {
+ tokenType = (char *) PL_HashTableLookupConst(token_set, value);
+ }
+ if (tokenType != NULL) {
+ fprintf(outfile, "tokenType: %s\n", tokenType);
+ } else {
+ fprintf(outfile, "tokenType: %s\n", NO_TOKEN_TYPE);
+ }
+ } else if (!PL_strncasecmp(type, dn_attr, SHORT_LEN)) {
+ dn = PL_strdup(value);
+ }
+ }
+ }
+ if ((tokenType == NULL) && (dn != NULL)) {
+ //log the error
+ }
+ fprintf(outfile, "\n");
+ do_free(dn);
+ return 0;
+}
+
+
+int main (int argc, char *argv[]) {
+ char *in_fname = NULL;
+ char *out_fname = NULL;
+
+ if (argc < 3) {
+ printf ("Usage:\n %s infile outfile\n", argv[0]);
+ return 1;
+ }
+
+ in_fname = argv[1];
+ infile = fopen(in_fname, "r");
+ if (infile == NULL) {
+ perror("Error opening input file");
+ return 1;
+ }
+
+ out_fname = argv[2];
+ outfile = fopen(out_fname, "w");
+ if (outfile == NULL) {
+ perror("Error opening output file");
+ return 1;
+ }
+
+ //declare hash
+ token_set = PL_NewHashTable(3, PL_HashString,
+ PL_CompareStrings, PL_CompareValues,
+ &_AllocOps, NULL);
+
+ printf("Parsing LDIF file for Token Activities\n");
+ parse_ldif_activities();
+ rewind(infile);
+
+ printf("Parsing old LDIF file, and creating new LDIF file\n\n");
+ read_and_modify_ldif();
+
+ printf("Operation is complete.\nA new LDIF file has been written at %s, \n", out_fname);
+ printf("to be imported into the database of your new TPS. \nPlease attend to any errors reported.\n\n");
+
+ fclose(infile);
+ fclose(outfile);
+ return 0;
+}
+
diff --git a/pki/base/migrate/TpsTo80/readme b/pki/base/migrate/TpsTo80/readme
new file mode 100644
index 000000000..aa98de930
--- /dev/null
+++ b/pki/base/migrate/TpsTo80/readme
@@ -0,0 +1,44 @@
+Date
+
+ Tue May 12 14:37:14 EDT 2009
+
+Version
+
+ CMS 8.0
+
+Overview
+
+ In CMS8.0, the database schema for the TPS has changed. The following
+ changes were made:
+ 1. The objectclass of the LDAP groups TUS Administrators, TUS Agents and TUS Officers has been
+ changed from groupOfUniqueNames to groupOfNames. This also means that the attribute "uniqueMember"
+ must change to "member".
+ 2. The dn of the TUS Administrators group was originally misspelled. This has been fixed.
+ 3. A tokenType field has been added to the tokenRecord and tokenActivity tables.
+ 4. Users that have administrator, admin or officer access to the TUS are stored under ou=People, $basedn.
+ These users now require an auxilliary class tpsProfileId to be added, with the attribute profileID.
+ This multi-valued attribute profileID contains profiles for which this user has access in the TPS UI
+ pages. See the admin guide for more details. Because the previous versions of the TPS allowed
+ access to all profiles, a value for "All Profiles" will be added for all users by the migrateTpsData
+ program. If this is not desired, change the access of specific users using the UI.
+
+Program
+
+ migrateTpsData(.x86_64 or .i386) will perform the above operations on an LDIF file and create a new
+ output LDIF file with the appropriate data to be imported into the new TPS instance. The input LDIF
+ file can be generated by running db2ldif on the old database for suffix containing the TPS data.
+
+ The program requires two arguments - the location of the LDIF file containing a dump of the old data,
+ and the location of the output file.
+
+ Any errors reported by the program should be investigated and fixed in the output LDIF file. Once
+ this file is corrected, it can be imported into the new TPS database.
+
+ Note: This program should be run to migrate data into a configured TPS system.
+
+Example
+
+ Here is an example of migrateTpsData usage
+ (for x86_64)
+ migrateTpsData.x86_64 old.ldif new.ldif
+
diff --git a/pki/base/migrate/TpsTo80/solaris/migrateTPSData.sol9sparc b/pki/base/migrate/TpsTo80/solaris/migrateTPSData.sol9sparc
new file mode 100755
index 000000000..082201859
--- /dev/null
+++ b/pki/base/migrate/TpsTo80/solaris/migrateTPSData.sol9sparc
Binary files differ
diff --git a/pki/base/migrate/TxtTo60/classes/CMS60LdifParser.class b/pki/base/migrate/TxtTo60/classes/CMS60LdifParser.class
new file mode 100644
index 000000000..e65aea96f
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/classes/CMS60LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo60/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo60/classes/DummyAuthManager.class
new file mode 100644
index 000000000..c713d8604
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo60/classes/Main.class b/pki/base/migrate/TxtTo60/classes/Main.class
new file mode 100644
index 000000000..5fa0c203e
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo60/run.bat b/pki/base/migrate/TxtTo60/run.bat
new file mode 100755
index 000000000..bd7d582ed
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CMS Version> ldif
+REM text file (e. g. - created via a <Source CMS Version>ToTxt
+REM script) into a CMS 6.0/6.01 ldif data file.
+REM
+REM This CMS 6.0/6.01 ldif data file can then be imported into the
+REM internal database of the desired CMS 6.0/6.01 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms601
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo60/run.sh b/pki/base/migrate/TxtTo60/run.sh
new file mode 100755
index 000000000..80856e207
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/run.sh
@@ -0,0 +1,193 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CMS Version> ldif ###
+### text file (e. g. - created via a <Source CMS Version>ToTxt ###
+### script) into a CMS 6.0/6.01 ldif data file. ###
+### ###
+### This CMS 6.0/6.01 ldif data file can then be imported into ###
+### the internal database of the desired CMS 6.0/6.01 server ###
+### using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms601
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jre/lib/i18n.jar Main $1 $2
+
diff --git a/pki/base/migrate/TxtTo60/src/Main.java b/pki/base/migrate/TxtTo60/src/Main.java
new file mode 100644
index 000000000..3c47d8ad7
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/src/Main.java
@@ -0,0 +1,630 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo60/src/Main.java" represents the initial CMS "TxtTo" migration file.
+//
+// Always comment any new code sections with a "CMS 6.0" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS60LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS60LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS60LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS60LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS60LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS60LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")) {
+ com.netscape.certsrv.base.ArgBlock obj =
+ (com.netscape.certsrv.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions(
+ new DerInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo60/src/compile.bat b/pki/base/migrate/TxtTo60/src/compile.bat
new file mode 100755
index 000000000..bc21bb20e
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/src/compile.bat
@@ -0,0 +1,154 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo60/classes/Main.class",
+REM "TxtTo60/classes/CMS60LdifParser.class", and
+REM "TxtTo60/classes/DummyAuthManager.class" which are
+REM used to create a CMS 6.0/6.01 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo60
+REM
+
+REM SET SERVER_ROOT=C:\cms601
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.0 NOTE: "WINNT" - 1.3.1_02
+REM
+REM CMS 6.01 NOTE: "WINNT" - 1.3.1_02
+REM
+
+REM SET JDK_VERSION=CMS_6.01
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CMS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo60 - create "CMS60LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo60/src/compile.sh b/pki/base/migrate/TxtTo60/src/compile.sh
new file mode 100755
index 000000000..a15b6a670
--- /dev/null
+++ b/pki/base/migrate/TxtTo60/src/compile.sh
@@ -0,0 +1,166 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo60/classes/Main.class", ###
+### "TxtTo60/classes/CMS60LdifParser.class", and ###
+### "TxtTo60/classes/DummyAuthManager.class" which are ###
+### used to create a CMS 6.0/6.01 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo60
+###
+
+#SERVER_ROOT=/export/home/migrate/cms601
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.0 NOTE: "HP-UX" - 1.3.1.02
+### "Linux" - 1.3.1_02
+### "SunOS" - 1.3.1_02
+###
+### CMS 6.01 NOTE: "HP-UX" - 1.3.1.02
+### "Linux" - 1.4.0
+### "SunOS" - 1.3.1_02
+###
+
+#JDK_VERSION=CMS_6.01
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CMS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo60 - create "CMS60LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo61/classes/CMS61LdifParser.class b/pki/base/migrate/TxtTo61/classes/CMS61LdifParser.class
new file mode 100644
index 000000000..03f2d90af
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/classes/CMS61LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo61/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo61/classes/DummyAuthManager.class
new file mode 100644
index 000000000..8b2039e74
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo61/classes/Main.class b/pki/base/migrate/TxtTo61/classes/Main.class
new file mode 100644
index 000000000..2f0c1663e
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo61/run.bat b/pki/base/migrate/TxtTo61/run.bat
new file mode 100755
index 000000000..a63296608
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CMS Version> ldif
+REM text file (e. g. - created via a <Source CMS Version>ToTxt
+REM script) into a CMS 6.1 ldif data file.
+REM
+REM This CMS 6.1 ldif data file can then be imported into the
+REM internal database of the desired CMS 6.1 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms61
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo61/run.sh b/pki/base/migrate/TxtTo61/run.sh
new file mode 100755
index 000000000..6ef1cae42
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/run.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CMS Version> ldif ###
+### text file (e. g. - created via a <Source CMS Version>ToTxt ###
+### script) into a CMS 6.1 ldif data file. ###
+### ###
+### This CMS 6.1 ldif data file can then be imported into the ###
+### internal database of the desired CMS 6.1 server using a ###
+### utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms61
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.1"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/TxtTo61/src/Main.java b/pki/base/migrate/TxtTo61/src/Main.java
new file mode 100644
index 000000000..8b95ccc97
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/src/Main.java
@@ -0,0 +1,644 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo61/src/Main.java" is based upon a copy "TxtTo60/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 6.1" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo60/src/Main.java TxtTo61/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS61LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS61LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS61LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS61LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS61LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS61LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")
+ || type.startsWith("com.netscape.cmscore.base.ArgBlock")) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock obj =
+ (com.netscape.cmscore.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ obj = new com.netscape.cmscore.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions(
+ new DerInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo[")) {
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo61/src/compile.bat b/pki/base/migrate/TxtTo61/src/compile.bat
new file mode 100755
index 000000000..8b2a3bff9
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo61/classes/Main.class",
+REM "TxtTo61/classes/CMS61LdifParser.class", and
+REM "TxtTo61/classes/DummyAuthManager.class" which are
+REM used to create a CMS 6.1 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo61
+REM
+
+REM SET SERVER_ROOT=C:\cms61
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.1 NOTE: "WINNT" - 1.4.0
+REM
+
+REM SET JDK_VERSION=CMS_6.1
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CMS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo61 - create "CMS61LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo61/src/compile.sh b/pki/base/migrate/TxtTo61/src/compile.sh
new file mode 100755
index 000000000..3ec4885c9
--- /dev/null
+++ b/pki/base/migrate/TxtTo61/src/compile.sh
@@ -0,0 +1,162 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo61/classes/Main.class", ###
+### "TxtTo61/classes/CMS61LdifParser.class", and ###
+### "TxtTo61/classes/DummyAuthManager.class" which are ###
+### used to create a CMS 6.1 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo61
+###
+
+#SERVER_ROOT=/export/home/migrate/cms61
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.1 NOTE: "HP-UX" - 1.3.1.02
+### "Linux" - 1.3.1_02
+### "SunOS" - 1.3.1_02
+###
+
+#JDK_VERSION=CMS_6.1
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.1"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CMS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo61 - create "CMS61LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo62/classes/CMS62LdifParser.class b/pki/base/migrate/TxtTo62/classes/CMS62LdifParser.class
new file mode 100644
index 000000000..ca25274a8
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/classes/CMS62LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo62/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo62/classes/DummyAuthManager.class
new file mode 100644
index 000000000..387cde908
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo62/classes/Main.class b/pki/base/migrate/TxtTo62/classes/Main.class
new file mode 100644
index 000000000..e2e92309e
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo62/run.bat b/pki/base/migrate/TxtTo62/run.bat
new file mode 100755
index 000000000..1e342ed24
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CMS Version> ldif
+REM text file (e. g. - created via a <Source CMS Version>ToTxt
+REM script) into a CMS 6.2 ldif data file.
+REM
+REM This CMS 6.2 ldif data file can then be imported into the
+REM internal database of the desired CMS 6.2 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms62
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo62/run.sh b/pki/base/migrate/TxtTo62/run.sh
new file mode 100755
index 000000000..fdd6b2ee9
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/run.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CMS Version> ldif ###
+### text file (e. g. - created via a <Source CMS Version>ToTxt ###
+### script) into a CMS 6.2 ldif data file. ###
+### ###
+### This CMS 6.2 ldif data file can then be imported into the ###
+### internal database of the desired CMS 6.2 server using a ###
+### utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms62
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.2"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/TxtTo62/src/Main.java b/pki/base/migrate/TxtTo62/src/Main.java
new file mode 100644
index 000000000..da48981b7
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/src/Main.java
@@ -0,0 +1,655 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo62/src/Main.java" is based upon a copy "TxtTo61/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 6.2" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo61/src/Main.java TxtTo62/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS62LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS62LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS62LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS62LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS62LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS62LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")
+ || type.startsWith("com.netscape.cmscore.base.ArgBlock")) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock obj =
+ (com.netscape.cmscore.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ obj = new com.netscape.cmscore.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions();
+ obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateExtensions"
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateSubjectName"
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Locale")) {
+ // CMS 6.2: begin checking for new type
+ // "java.util.Locale"
+ table.put(name, Locale.getDefault());
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo[")
+ || type.startsWith("netscape.security.extensions.CertInfo[")) {
+ // CMS 6.2: begin checking for additional new type
+ // "netscape.security.extensions.CertInfo["
+ //
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo62/src/compile.bat b/pki/base/migrate/TxtTo62/src/compile.bat
new file mode 100755
index 000000000..063b8969f
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo62/classes/Main.class",
+REM "TxtTo62/classes/CMS62LdifParser.class", and
+REM "TxtTo62/classes/DummyAuthManager.class" which are
+REM used to create a CMS 6.2 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo62
+REM
+
+REM SET SERVER_ROOT=C:\cms62
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 6.2 NOTE: "WINNT" - 1.4.0
+REM
+
+REM SET JDK_VERSION=CMS_6.2
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 6.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CMS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo62 - create "CMS62LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo62/src/compile.sh b/pki/base/migrate/TxtTo62/src/compile.sh
new file mode 100755
index 000000000..4ab44f966
--- /dev/null
+++ b/pki/base/migrate/TxtTo62/src/compile.sh
@@ -0,0 +1,162 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo62/classes/Main.class", ###
+### "TxtTo62/classes/CMS62LdifParser.class", and ###
+### "TxtTo62/classes/DummyAuthManager.class" which are ###
+### used to create a CMS 6.2 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo62
+###
+
+#SERVER_ROOT=/export/home/migrate/cms62
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 6.2 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.0
+### "SunOS" - 1.4.0
+###
+
+#JDK_VERSION=CMS_6.2
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 6.2"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CMS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo62 - create "CMS62LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo70/classes/CMS70LdifParser.class b/pki/base/migrate/TxtTo70/classes/CMS70LdifParser.class
new file mode 100644
index 000000000..3f4ed9b52
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/classes/CMS70LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo70/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo70/classes/DummyAuthManager.class
new file mode 100644
index 000000000..387cde908
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo70/classes/Main.class b/pki/base/migrate/TxtTo70/classes/Main.class
new file mode 100644
index 000000000..09498213f
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo70/run.bat b/pki/base/migrate/TxtTo70/run.bat
new file mode 100755
index 000000000..3e70ee8cd
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CMS Version> ldif
+REM text file (e. g. - created via a <Source CMS Version>ToTxt
+REM script) into a CMS 7.0 ldif data file.
+REM
+REM This CMS 7.0 ldif data file can then be imported into the
+REM internal database of the desired CMS 7.0 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cms70
+
+
+REM
+REM INSTANCE - if the CMS instance directory is called 'cert-ca',
+REM set the CMS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CMS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 7.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CMS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CMS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CMS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CMS% ldif data file
+REM into a normalized %CMS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo70/run.sh b/pki/base/migrate/TxtTo70/run.sh
new file mode 100755
index 000000000..c7e0a3140
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/run.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CMS Version> ldif ###
+### text file (e. g. - created via a <Source CMS Version>ToTxt ###
+### script) into a CMS 7.0 ldif data file. ###
+### ###
+### This CMS 7.0 ldif data file can then be imported into ###
+### the internal database of the desired CMS 7.0 server ###
+### using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cms70
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CMS instance directory is called 'cert-ca',
+### set the CMS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CMS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 7.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CMS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CMS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CMS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CMS} ldif data file
+### into a normalized ${CMS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/TxtTo70/src/Main.java b/pki/base/migrate/TxtTo70/src/Main.java
new file mode 100644
index 000000000..bcb1b5a15
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/src/Main.java
@@ -0,0 +1,655 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo70/src/Main.java" is based upon a copy "TxtTo62/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.0" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo62/src/Main.java TxtTo70/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS70LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS70LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS70LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS70LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS70LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS70LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")
+ || type.startsWith("com.netscape.cmscore.base.ArgBlock")) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock obj =
+ (com.netscape.cmscore.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ obj = new com.netscape.cmscore.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions();
+ obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateExtensions"
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateSubjectName"
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.util.Locale")) {
+ // CMS 6.2: begin checking for new type
+ // "java.util.Locale"
+ table.put(name, Locale.getDefault());
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo[")
+ || type.startsWith("netscape.security.extensions.CertInfo[")) {
+ // CMS 6.2: begin checking for additional new type
+ // "netscape.security.extensions.CertInfo["
+ //
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo70/src/compile.bat b/pki/base/migrate/TxtTo70/src/compile.bat
new file mode 100755
index 000000000..f4d496a42
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/src/compile.bat
@@ -0,0 +1,154 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo70/classes/Main.class",
+REM "TxtTo70/classes/CMS70LdifParser.class", and
+REM "TxtTo70/classes/DummyAuthManager.class" which are
+REM used to create a CMS 7.0/7.01 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo70
+REM
+
+REM SET SERVER_ROOT=C:\cms701
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CMS
+REM
+REM CMS 7.0 NOTE: "WINNT" - 1.4.2
+REM
+REM CMS 7.01 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CMS_7.01
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CMS="CMS 7.0"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CMS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo70 - create "CMS70LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo70/src/compile.sh b/pki/base/migrate/TxtTo70/src/compile.sh
new file mode 100755
index 000000000..11b1b6df8
--- /dev/null
+++ b/pki/base/migrate/TxtTo70/src/compile.sh
@@ -0,0 +1,162 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo70/classes/Main.class", ###
+### "TxtTo70/classes/CMS70LdifParser.class", and ###
+### "TxtTo70/classes/DummyAuthManager.class" which are ###
+### used to create a CMS 7.0 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo70
+###
+
+#SERVER_ROOT=/export/home/migrate/cms70
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CMS
+###
+### CMS 7.0 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.2
+### "SunOS" - 1.4.2
+###
+
+#JDK_VERSION=CMS_7.0
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CMS="CMS 7.0"
+export CMS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CMS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo70 - create "CMS70LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo71/classes/CMS71LdifParser.class b/pki/base/migrate/TxtTo71/classes/CMS71LdifParser.class
new file mode 100644
index 000000000..fb449c41f
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/classes/CMS71LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo71/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo71/classes/DummyAuthManager.class
new file mode 100644
index 000000000..387cde908
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo71/classes/Main.class b/pki/base/migrate/TxtTo71/classes/Main.class
new file mode 100644
index 000000000..8f02b13db
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo71/run.bat b/pki/base/migrate/TxtTo71/run.bat
new file mode 100755
index 000000000..1682bacbc
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CS Version> ldif
+REM text file (e. g. - created via a <Source CS Version>ToTxt
+REM script) into a CS 7.1 ldif data file.
+REM
+REM This CS 7.1 ldif data file can then be imported into the
+REM internal database of the desired CS 7.1 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cs71
+
+
+REM
+REM INSTANCE - if the CS instance directory is called 'cert-ca',
+REM set the CS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CS% ldif data file
+REM into a normalized %CS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo71/run.sh b/pki/base/migrate/TxtTo71/run.sh
new file mode 100755
index 000000000..04e8d4587
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/run.sh
@@ -0,0 +1,196 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CS Version> ldif ###
+### text file (e. g. - created via a <Source CS Version>ToTxt ###
+### script) into a CS 7.1 ldif data file. ###
+### ###
+### This CS 7.1 ldif data file can then be imported into ###
+### the internal database of the desired CS 7.1 server ###
+### using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+
+###
+### SERVER_ROOT - fully qualified path of the location of the server
+###
+
+#SERVER_ROOT=/export/home/migrate/cs71
+#export SERVER_ROOT
+
+
+###
+### INSTANCE - if the CS instance directory is called 'cert-ca',
+### set the CS instance to 'ca'
+###
+### NOTE: When a single SERVER_ROOT contains more than
+### one CS instance, this script must be run multiple
+### times. To do this, there is only a need to change
+### the INSTANCE parameter.
+###
+
+#INSTANCE=ca
+#export INSTANCE
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.1"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and INSTANCE "
+ echo " environment variables for this script!"
+ echo
+ exit 5
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 6
+fi
+
+
+###
+### Check that the specified INSTANCE exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then
+ echo "ERROR: Either the specified INSTANCE does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 7
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Convert the specified ${CS} ldif data file
+### into a normalized ${CS} ldif text file.
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2
+
diff --git a/pki/base/migrate/TxtTo71/src/Main.java b/pki/base/migrate/TxtTo71/src/Main.java
new file mode 100644
index 000000000..7dcb13943
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/src/Main.java
@@ -0,0 +1,655 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo71/src/Main.java" is based upon a copy "TxtTo70/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.1" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo70/src/Main.java TxtTo71/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS71LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS71LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS71LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS71LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS71LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS71LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")
+ || type.startsWith("com.netscape.cmscore.base.ArgBlock")) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock obj =
+ (com.netscape.cmscore.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ obj = new com.netscape.cmscore.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions();
+ obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateExtensions"
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateSubjectName"
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.util.Locale")) {
+ // CMS 6.2: begin checking for new type
+ // "java.util.Locale"
+ table.put(name, Locale.getDefault());
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo[")
+ || type.startsWith("netscape.security.extensions.CertInfo[")) {
+ // CMS 6.2: begin checking for additional new type
+ // "netscape.security.extensions.CertInfo["
+ //
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.cmscore.kra.ProofOfArchival obj =
+ new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo71/src/compile.bat b/pki/base/migrate/TxtTo71/src/compile.bat
new file mode 100755
index 000000000..d0a1be0b2
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo71/classes/Main.class",
+REM "TxtTo71/classes/CMS71LdifParser.class", and
+REM "TxtTo71/classes/DummyAuthManager.class" which are
+REM used to create a CS 7.1 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo71
+REM
+
+REM SET SERVER_ROOT=C:\cs71
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CS
+REM
+REM CS 7.1 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CS_7.1
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.1"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo71 - create "CMS71LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo71/src/compile.sh b/pki/base/migrate/TxtTo71/src/compile.sh
new file mode 100755
index 000000000..397912a3f
--- /dev/null
+++ b/pki/base/migrate/TxtTo71/src/compile.sh
@@ -0,0 +1,162 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo71/classes/Main.class", ###
+### "TxtTo71/classes/CMS71LdifParser.class", and ###
+### "TxtTo71/classes/DummyAuthManager.class" which are ###
+### used to create a CS 7.1 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo71
+###
+
+#SERVER_ROOT=/export/home/migrate/cs71
+#export SERVER_ROOT
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=SunOS
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CS
+###
+### CS 7.1 NOTE: "HP-UX" - 1.4.0.00
+### "Linux" - 1.4.2
+### "SunOS" - 1.4.2
+###
+
+#JDK_VERSION=CS_7.1
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.1"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified SERVER_ROOT exists and is a directory
+###
+
+if [ ! -d "${SERVER_ROOT}" ] ; then
+ echo "ERROR: Either the specified SERVER_ROOT does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 3
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo71 - create "CMS71LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo72/classes/CMS72LdifParser.class b/pki/base/migrate/TxtTo72/classes/CMS72LdifParser.class
new file mode 100644
index 000000000..c3b8d5643
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/classes/CMS72LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo72/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo72/classes/DummyAuthManager.class
new file mode 100644
index 000000000..323081a39
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo72/classes/Main.class b/pki/base/migrate/TxtTo72/classes/Main.class
new file mode 100644
index 000000000..2512afa7d
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo72/run.bat b/pki/base/migrate/TxtTo72/run.bat
new file mode 100755
index 000000000..852158747
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CS Version> ldif
+REM text file (e. g. - created via a <Source CS Version>ToTxt
+REM script) into a CS 7.2 ldif data file.
+REM
+REM This CS 7.2 ldif data file can then be imported into the
+REM internal database of the desired CS 7.2 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cs72
+
+
+REM
+REM INSTANCE - if the CS instance directory is called 'cert-ca',
+REM set the CS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CS% ldif data file
+REM into a normalized %CS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo72/run.sh b/pki/base/migrate/TxtTo72/run.sh
new file mode 100755
index 000000000..972686e3b
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/run.sh
@@ -0,0 +1,152 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CS Version> ldif ###
+### text file (e. g. - created via a <Source CS Version>ToTxt ###
+### script) into a CS 7.2 ldif data file. ###
+### ###
+### This CS 7.2 ldif data file can then be imported into ###
+### the internal database of the desired CS 7.2 server ###
+### using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+###
+### Java Runtime Environment
+###
+JRE_ROOT=/usr/lib/jvm/jre-1.5.0
+export JRE_ROOT
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.2"
+export CS
+
+OS_NAME=`uname`
+export OS_NAME
+
+ARCH=`uname -i`
+export ARCH
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+export CLASSPATH
+
+if [ ${OS_NAME} = "Linux" ] ; then
+ if [ ${ARCH} = "i386" ] ; then
+ LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ else # x86_64
+ LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+ fi
+else # SunOS 64-bits
+ LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+fi
+
+
+###
+### Convert the specified ${CS} ldif data file
+### into a normalized ${CS} ldif text file.
+###
+
+${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2
diff --git a/pki/base/migrate/TxtTo72/src/Main.java b/pki/base/migrate/TxtTo72/src/Main.java
new file mode 100644
index 000000000..9b22cd84d
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/src/Main.java
@@ -0,0 +1,659 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo71/src/Main.java" is based upon a copy "TxtTo70/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.1" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo70/src/Main.java TxtTo71/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS72LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS72LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS72LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS72LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS72LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS72LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")
+ || type.startsWith("com.netscape.cmscore.base.ArgBlock")) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock obj =
+ (com.netscape.cmscore.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ obj = new com.netscape.cmscore.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions();
+ obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateExtensions"
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateSubjectName"
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("org.mozilla.jss.asn1.INTEGER")) {
+ // CMS 7.1 stores bodyPartId as INTEGER
+ // CS 72. fixed the problem by storing it as String
+ table.put(name, value);
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.util.Locale")) {
+ // CMS 6.2: begin checking for new type
+ // "java.util.Locale"
+ table.put(name, Locale.getDefault());
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.certsrv.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo[")
+ || type.startsWith("netscape.security.extensions.CertInfo[")) {
+ // CMS 6.2: begin checking for additional new type
+ // "netscape.security.extensions.CertInfo["
+ //
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.certsrv.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.certsrv.kra.ProofOfArchival obj =
+ new com.netscape.certsrv.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo72/src/compile.bat b/pki/base/migrate/TxtTo72/src/compile.bat
new file mode 100755
index 000000000..2c50e988e
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo72/classes/Main.class",
+REM "TxtTo72/classes/CMS72LdifParser.class", and
+REM "TxtTo72/classes/DummyAuthManager.class" which are
+REM used to create a CS 7.2 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo72
+REM
+
+REM SET SERVER_ROOT=C:\cs72
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CS
+REM
+REM CS 7.2 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CS_7.2
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.2"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo72 - create "CMS72LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo72/src/compile.sh b/pki/base/migrate/TxtTo72/src/compile.sh
new file mode 100755
index 000000000..ec0b466ba
--- /dev/null
+++ b/pki/base/migrate/TxtTo72/src/compile.sh
@@ -0,0 +1,141 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo72/classes/Main.class", ###
+### "TxtTo72/classes/CMS72LdifParser.class", and ###
+### "TxtTo72/classes/DummyAuthManager.class" which are ###
+### used to create a CS 7.2 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+#JDK_PLATFORM=Linux
+#export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CS
+###
+### CS 7.2 NOTE: "Linux" - 1.5.0 (IBM)
+### "SunOS" - 1.5.0
+###
+
+#JDK_VERSION=CS_7.2.0
+#export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+#export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.2"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo72 - create "CMS72LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/rhpki/ca/ca.jar:/usr/lib/java/rhpki/tks/tks.jar:/usr/lib/java/rhpki/ocsp/ocsp.jar:/usr/lib/java/rhpki/kra/kra.jar:/usr/lib/java/dirsec/jss4.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo73/classes/CMS73LdifParser.class b/pki/base/migrate/TxtTo73/classes/CMS73LdifParser.class
new file mode 100644
index 000000000..03a09612d
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/classes/CMS73LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo73/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo73/classes/DummyAuthManager.class
new file mode 100644
index 000000000..323081a39
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/classes/DummyAuthManager.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo73/classes/Main.class b/pki/base/migrate/TxtTo73/classes/Main.class
new file mode 100644
index 000000000..6609674ae
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo73/run.bat b/pki/base/migrate/TxtTo73/run.bat
new file mode 100755
index 000000000..9e3898a47
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/run.bat
@@ -0,0 +1,186 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM This program is free software; you can redistribute it and/or modify
+REM it under the terms of the GNU General Public License as published by
+REM the Free Software Foundation; version 2 of the License.
+REM
+REM This program is distributed in the hope that it will be useful,
+REM but WITHOUT ANY WARRANTY; without even the implied warranty of
+REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+REM GNU General Public License for more details.
+REM
+REM You should have received a copy of the GNU General Public License along
+REM with this program; if not, write to the Free Software Foundation, Inc.,
+REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+REM
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script converts a normalized <Source CS Version> ldif
+REM text file (e. g. - created via a <Source CS Version>ToTxt
+REM script) into a CS 7.3 ldif data file.
+REM
+REM This CS 7.3 ldif data file can then be imported into the
+REM internal database of the desired CS 7.3 server using a
+REM utility such as ldif2db.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM SERVER_ROOT - fully qualified path of the location of the server
+REM
+
+REM SET SERVER_ROOT=C:\cs73
+
+
+REM
+REM INSTANCE - if the CS instance directory is called 'cert-ca',
+REM set the CS instance to 'ca'
+REM
+REM NOTE: When a single SERVER_ROOT contains more than
+REM one CS instance, this script must be run multiple
+REM times. To do this, there is only a need to change
+REM the INSTANCE parameter.
+REM
+
+REM SET INSTANCE=ca
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.3"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO USAGE
+IF "%3" == "" GOTO CHECK_INPUT_FILE
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0 input [errors] > output"
+ECHO.
+ECHO where: input - the specified %CS% ldif data file,
+ECHO errors - an optional errors file containing
+ECHO skipped attributes, and
+ECHO output - the normalized %CS% ldif text file.
+ECHO.
+ECHO NOTE: If no redirection is provided to
+ECHO 'output', then the normalized
+ECHO %CS% ldif text will merely
+ECHO be echoed to stdout.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified "input" file exists
+REM
+
+:CHECK_INPUT_FILE
+IF EXIST %1 GOTO CHECK_ERRORS_FILE
+
+
+ECHO ERROR: The specified input file, %1, does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM If an "errors" file is specified, then check that it does not already
+REM exist.
+REM
+
+:CHECK_ERRORS_FILE
+IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+IF EXIST %2 GOTO ERRORS_FILE_ERROR
+GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:ERRORS_FILE_ERROR
+ECHO ERROR: The specified errors file, %2, already exists!
+ECHO Please specify a different file!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified INSTANCE exists
+REM
+
+:CHECK_INSTANCE
+IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified INSTANCE does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH%
+
+
+REM
+REM Convert the specified %CS% ldif data file
+REM into a normalized %CS% ldif text file.
+REM
+
+%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo73/run.sh b/pki/base/migrate/TxtTo73/run.sh
new file mode 100755
index 000000000..52469acca
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/run.sh
@@ -0,0 +1,152 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CS Version> ldif ###
+### text file (e. g. - created via a <Source CS Version>ToTxt ###
+### script) into a CS 7.3 ldif data file. ###
+### ###
+### This CS 7.3 ldif data file can then be imported into ###
+### the internal database of the desired CS 7.3 server ###
+### using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+###
+### Java Runtime Environment
+###
+JRE_ROOT=/usr/lib/jvm/jre-1.5.0
+export JRE_ROOT
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.3"
+export CS
+
+OS_NAME=`uname`
+export OS_NAME
+
+ARCH=`uname -i`
+export ARCH
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - the specified ${CS} ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the normalized ${CS} ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the normalized"
+ echo " ${CS} ldif text will merely"
+ echo " be echoed to stdout."
+ echo
+ exit 1
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ exit 3
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ exit 4
+ fi
+fi
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+CLASSPATH=/usr/share/rhpki/migrate/TxtTo73/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+export CLASSPATH
+
+if [ ${OS_NAME} = "Linux" ] ; then
+ if [ ${ARCH} = "i386" ] ; then
+ LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ else # x86_64
+ LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/TxtTo73/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+ fi
+else # SunOS 64-bits
+ LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+ CLASSPATH=/usr/share/rhpki/migrate/TxtTo73/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar
+ export CLASSPATH
+fi
+
+
+###
+### Convert the specified ${CS} ldif data file
+### into a normalized ${CS} ldif text file.
+###
+
+${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2
diff --git a/pki/base/migrate/TxtTo73/src/Main.java b/pki/base/migrate/TxtTo73/src/Main.java
new file mode 100644
index 000000000..4ffe0c120
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/src/Main.java
@@ -0,0 +1,659 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo71/src/Main.java" is based upon a copy "TxtTo70/src/Main.java".
+//
+// Always comment any new code sections with a "CMS 7.1" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo70/src/Main.java TxtTo71/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import sun.misc.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CMS73LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CMS73LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CMS73LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CMS73LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CMS 4.7 and later use "requestAttributes"
+ private static final String REQUEST_ATTRIBUTES =
+ "requestAttributes::";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CMS73LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CMS73LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ System.out.println(line);
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // begining of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ private byte[] encode(Object value) throws Exception
+ {
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+
+ os.writeObject(value);
+ os.close();
+ return bos.toByteArray();
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ Hashtable hashtable = new Hashtable();
+ for (int i = 0; i < attrs.size(); i++) {
+ String attr = (String)attrs.elementAt(i);
+ buildHashtable(dn, hashtable, attr);
+ }
+
+ ByteArrayOutputStream bos = new ByteArrayOutputStream();
+ ObjectOutputStream os = new ObjectOutputStream(bos);
+ Enumeration e = hashtable.keys();
+ while (e.hasMoreElements()) {
+ String key = (String)e.nextElement();
+ Object value = hashtable.get(key);
+
+ try {
+ byte data[] = null;
+ data = encode(value);
+ os.writeObject(key);
+ os.writeObject(data);
+ } catch (Exception ex) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + key);
+ }
+ }
+ } // while
+ os.writeObject(null);
+ os.close();
+
+ // print the BASE64 encoding of the Hashtable
+ BASE64Encoder encoder = new BASE64Encoder();
+ String attrsStr = encoder.encodeBuffer(bos.toByteArray());
+ // trim the last "\n"
+ StringBuffer buffer = null;
+ attrsStr = attrsStr.trim();
+ StringTokenizer st = new StringTokenizer(attrsStr, "\r\n");
+ while (st.hasMoreTokens()) {
+ if (buffer == null) {
+ buffer = new StringBuffer();
+ buffer.append(st.nextToken());
+ } else {
+ buffer.append("\r\n " + st.nextToken());
+ }
+ }
+
+ System.out.println(REQUEST_ATTRIBUTES + " " + buffer);
+ }
+
+ public void buildHashtable(String dn, Hashtable table, String attr)
+ throws Exception
+ {
+ // attribute format [name]:[type]=[value]
+
+ int colon = attr.indexOf(':');
+ if (colon == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ int equal = attr.indexOf('=');
+ if (equal == -1) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ String name = null;
+ String type = null;
+ String value = null;
+ try {
+ name = attr.substring(0, colon);
+ type = attr.substring(colon+1, equal);
+ value = attr.substring(equal+1);
+ } catch (Exception e) {
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ if (name.startsWith("serviceErrors")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+ if (name.startsWith("Error")) {
+ // #56953 - skip serviceErrors
+ if (mErrorPrintWriter != null) {
+ if (dn != null) {
+ mErrorPrintWriter.println(dn);
+ }
+ mErrorPrintWriter.println("Skipped " + attr);
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) {
+ com.netscape.certsrv.request.AgentApprovals obj =
+ (com.netscape.certsrv.request.AgentApprovals)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.certsrv.request.AgentApprovals();
+ table.put(name, obj);
+ }
+ obj.addApproval(value.substring(0,value.indexOf(';')));
+ } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")
+ || type.startsWith("com.netscape.cmscore.base.ArgBlock")) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ com.netscape.cmscore.base.ArgBlock obj =
+ (com.netscape.cmscore.base.ArgBlock)table.get(name);
+ if (obj == null) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ obj = new com.netscape.cmscore.base.ArgBlock();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.set(valuekey, valuevalue);
+ } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) {
+ com.netscape.certsrv.authentication.AuthToken obj =
+ (com.netscape.certsrv.authentication.AuthToken)table.get(name);
+ if (obj == null) {
+ com.netscape.certsrv.authentication.IAuthManager mgr =
+ new DummyAuthManager();
+ obj = new com.netscape.certsrv.authentication.AuthToken(mgr);
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else {
+ System.err.println("ERROR AuthToken type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.math.BigInteger[")) {
+ // Bugzilla Bug #238779
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name);
+ if (objs == null) {
+ objs = new java.math.BigInteger[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.math.BigInteger(value);
+ } else if (type.startsWith("java.math.BigInteger")) {
+ table.put(name, new java.math.BigInteger(value));
+ } else if (type.startsWith("byte[]")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("byte[")) {
+ // byte array
+ BASE64Decoder decoder = new BASE64Decoder();
+ table.put(name, decoder.decodeBuffer(value));
+ } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateAlgorithmId obj =
+ new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateChain")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateChain obj =
+ new netscape.security.x509.CertificateChain();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateExtensions")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateExtensions obj =
+ new netscape.security.x509.CertificateExtensions();
+ obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateExtensions"
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateSubjectName")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateSubjectName obj =
+ new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value)));
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateSubjectName"
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.CertificateValidity")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateValidity obj =
+ new netscape.security.x509.CertificateValidity();
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ obj.decode(bis);
+ table.put(name, obj);
+ } else if (type.equals("netscape.security.x509.CertificateX509Key")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.CertificateX509Key obj =
+ new netscape.security.x509.CertificateX509Key(
+ new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ table.put(name, obj);
+ } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.extensions.CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.extensions.CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ java.util.Hashtable obj = (java.util.Hashtable)table.get(name);
+ if (obj == null) {
+ obj = new java.util.Hashtable();
+ table.put(name, obj);
+ }
+ BASE64Decoder decoder = new BASE64Decoder();
+ String valuekey = value.substring(0, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ obj.put(valuekey, decoder.decodeBuffer(valuevalue));
+ } else if (type.startsWith("Integer[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ Integer objs[] = (Integer[])table.get(name);
+ if (objs == null) {
+ objs = new Integer[size];
+ table.put(name, objs);
+ }
+ objs[index] = new Integer(value);
+ } else if (type.startsWith("java.lang.Integer")) {
+ table.put(name, new Integer(value));
+ } else if (type.startsWith("org.mozilla.jss.asn1.INTEGER")) {
+ // CMS 7.1 stores bodyPartId as INTEGER
+ // CS 72. fixed the problem by storing it as String
+ table.put(name, value);
+ } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord")
+ || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) {
+ com.netscape.cmscore.dbs.KeyRecord obj =
+ (com.netscape.cmscore.dbs.KeyRecord)table.get(name);
+ if (obj == null) {
+ obj = new com.netscape.cmscore.dbs.KeyRecord();
+ table.put(name, obj);
+ }
+ String valuekey = value.substring(0, value.indexOf(':'));
+ String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('='));
+ String valuevalue = value.substring(value.indexOf('=')+1);
+ if (valuetype.equals("java.lang.String")) {
+ obj.set(valuekey, valuevalue);
+ } else if (valuetype.equals("java.util.Date")) {
+ obj.set(valuekey, new Date(Long.parseLong(valuevalue)));
+ } else if (valuetype.equals("java.math.BigInteger")) {
+ obj.set(valuekey, new java.math.BigInteger(valuevalue));
+ } else if (valuetype.equals("java.lang.Integer")) {
+ obj.set(valuekey, new Integer(valuevalue));
+ } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) {
+ obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue));
+ } else if (valuetype.equals("[B")) {
+ // byte array
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ obj.set(valuekey, decoder.decodeBuffer(valuevalue));
+ } else {
+ System.err.println("ERROR KeyRecord type - " + attr);
+ System.exit(0);
+ }
+ } else if (type.startsWith("java.util.Locale")) {
+ // CMS 6.2: begin checking for new type
+ // "java.util.Locale"
+ table.put(name, Locale.getDefault());
+ } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival")
+ || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value));
+ com.netscape.certsrv.kra.ProofOfArchival obj =
+ buildPOA(decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.RevokedCertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value));
+ } else if (type.startsWith("java.lang.String[")) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ java.lang.String objs[] = (java.lang.String[])table.get(name);
+ if (objs == null) {
+ objs = new java.lang.String[size];
+ table.put(name, objs);
+ }
+ objs[index] = new java.lang.String(value);
+ } else if (type.startsWith("java.lang.String")) {
+ table.put(name, value);
+ } else if (type.startsWith("java.util.Vector")) {
+ Vector obj =
+ (Vector)table.get(name);
+ if (obj == null) {
+ obj = new Vector();
+ table.put(name, obj);
+ }
+ obj.addElement(value);
+ } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) {
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertImpl[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value));
+ } else if (type.equals("netscape.security.x509.X509CertImpl")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertImpl obj =
+ new netscape.security.x509.X509CertImpl(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if (type.startsWith("netscape.security.x509.X509CertInfo[")
+ || type.startsWith("netscape.security.extensions.CertInfo[")) {
+ // CMS 6.2: begin checking for additional new type
+ // "netscape.security.extensions.CertInfo["
+ //
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(',')));
+ int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']')));
+ netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name);
+ BASE64Decoder decoder = new BASE64Decoder();
+ if (objs == null) {
+ objs = new netscape.security.x509.X509CertInfo[size];
+ table.put(name, objs);
+ }
+ objs[index] = new netscape.security.x509.X509CertInfo();
+ objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value)));
+ } else if (type.equals("netscape.security.x509.X509CertInfo")) {
+ BASE64Decoder decoder = new BASE64Decoder();
+ netscape.security.x509.X509CertInfo obj =
+ new netscape.security.x509.X509CertInfo(
+ decoder.decodeBuffer(value));
+ table.put(name, obj);
+ } else if( type.endsWith( "Exception" ) ) {
+ Class[] argClass = { String.class }; // the argument's class
+ Object[] argValue = { value }; // the argument's value
+
+ Class x = Class.forName( type );
+ Constructor ctr = x.getConstructor( argClass );
+ Exception e = ( Exception ) ctr.newInstance( argValue );
+ } else {
+ System.err.println("ERROR type - " + type + " - "+ attr);
+ System.exit(0);
+ }
+ }
+
+ public com.netscape.certsrv.kra.ProofOfArchival buildPOA(byte data[])
+ throws Exception
+ {
+ DerInputStream dis = new DerInputStream(data);
+ DerValue seq[] = dis.getSequence(0);
+
+ BigInteger mSerialNo = seq[0].getInteger().toBigInteger();
+
+ // subject
+ DerValue subject = seq[1];
+ netscape.security.x509.X500Name mSubject =
+ new netscape.security.x509.X500Name(subject.toByteArray());
+
+ // issuer
+ DerValue issuer = seq[2];
+ netscape.security.x509.X500Name mIssuer =
+ new netscape.security.x509.X500Name(issuer.toByteArray());
+
+ // date of archival
+ DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray());
+ Date mDateOfArchival = dateOfArchival.getUTCTime();
+ com.netscape.certsrv.kra.ProofOfArchival obj =
+ new com.netscape.certsrv.kra.ProofOfArchival(mSerialNo,
+ mSubject.toString(), mIssuer.toString(), mDateOfArchival);
+ return obj;
+ }
+}
+
+class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager
+{
+ public String getName()
+ {
+ return "dummy";
+ }
+
+ public String getImplName()
+ {
+ return "dummy";
+ }
+
+ public IAuthToken authenticate(IAuthCredentials authCred)
+ throws EMissingCredential, EInvalidCredentials, EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Initialize this authentication manager.
+ * @param name The name of this authentication manager instance.
+ * @param implName The name of the authentication manager plugin.
+ * @param config The configuration store for this authentication manager.
+ * @exception EBaseException If an initialization error occurred.
+ */
+ public void init(String name, String implName, IConfigStore config)
+ throws EBaseException
+ {
+ }
+
+ public void shutdown()
+ {
+ }
+
+ public String[] getRequiredCreds()
+ {
+ return null;
+ }
+
+ /**
+ * Get configuration parameters for this implementation.
+ * The configuration parameters returned is passed to the
+ * configuration console so configuration for instances of this
+ * implementation can be made through the console.
+ *
+ * @param implName The authentication manager plugin name.
+ * @exception EBaseException If an internal error occurred
+ */
+ public String[] getConfigParams()
+ throws EBaseException
+ {
+ return null;
+ }
+
+ /**
+ * Get the configuration store for this authentication manager.
+ * @return The configuration store of this authentication manager.
+ */
+ public IConfigStore getConfigStore()
+ {
+ return null;
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo73/src/compile.bat b/pki/base/migrate/TxtTo73/src/compile.bat
new file mode 100755
index 000000000..db46fa019
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/src/compile.bat
@@ -0,0 +1,152 @@
+@ECHO OFF
+REM --- BEGIN COPYRIGHT BLOCK ---
+REM Copyright (C) 2007 Red Hat, Inc.
+REM All rights reserved.
+REM --- END COPYRIGHT BLOCK ---
+
+REM
+REM This script creates the "TxtTo73/classes/Main.class",
+REM "TxtTo73/classes/CMS73LdifParser.class", and
+REM "TxtTo73/classes/DummyAuthManager.class" which are
+REM used to create a CS 7.3 ldif data file.
+REM
+
+
+SETLOCAL
+
+
+REM
+REM Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo73
+REM
+
+REM SET SERVER_ROOT=C:\cs73
+
+
+REM
+REM Set JDK_VERSION - specify the JDK version used by this version of CS
+REM
+REM CS 7.3 NOTE: "WINNT" - 1.4.2
+REM
+
+REM SET JDK_VERSION=CS_7.3
+
+
+REM
+REM Set JAVA_HOME - specify the complete path to the JDK
+REM
+REM example: \\bermuda.redhat.com\sbc mounted as Y:
+REM
+
+REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION%
+
+
+REM
+REM *** DON'T CHANGE ANYTHING BELOW THIS LINE ***
+REM
+
+
+REM
+REM Script-defined constants
+REM
+
+SET CS="CS 7.3"
+
+
+REM
+REM Perform a usage check for the appropriate number of arguments:
+REM
+
+IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES
+
+
+:USAGE
+ECHO.
+ECHO Usage: "%0"
+ECHO.
+ECHO NOTE: No arguments are required to build the
+ECHO %CS% ldif data classes.
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check presence of user-defined variables
+REM
+
+:CHECK_ENVIRONMENT_VARIABLES
+IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR
+GOTO CHECK_SERVER_ROOT
+
+
+:ENVIRONMENT_VARIABLES_ERROR
+ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME
+ECHO environment variables for this script!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified SERVER_ROOT exists
+REM
+
+:CHECK_SERVER_ROOT
+IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME
+
+
+ECHO ERROR: The specified SERVER_ROOT does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Check that the specified JAVA_HOME exists
+REM
+
+:CHECK_JAVA_HOME
+IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH
+
+
+ECHO ERROR: The specified JAVA_HOME does not exist!
+ECHO.
+GOTO EXIT_PROCESS
+
+
+REM
+REM Setup the appropriate library path environment variable
+REM based upon the platform (WINNT)
+REM
+
+:SET_LIBRARY_PATH
+SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH%
+
+
+REM
+REM Set TARGET - identify the complete path to the new classes target directory
+REM
+
+SET TARGET=..\classes
+
+
+REM
+REM Create the new classes target directory (if it does not already exist)
+REM
+
+IF EXIST %TARGET% goto COMPILE_CLASSES
+MKDIR %TARGET%
+
+
+REM
+REM Compile TxtTo73 - create "CMS73LdifParser.class", "DummyAuthManager.class",
+REM and "Main.class"
+REM
+
+:COMPILE_CLASSES
+%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java
+
+
+:EXIT_PROCESS
+
+
+ENDLOCAL
+
diff --git a/pki/base/migrate/TxtTo73/src/compile.sh b/pki/base/migrate/TxtTo73/src/compile.sh
new file mode 100755
index 000000000..a8230e673
--- /dev/null
+++ b/pki/base/migrate/TxtTo73/src/compile.sh
@@ -0,0 +1,141 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#####################################################################
+### ###
+### This script creates the "TxtTo73/classes/Main.class", ###
+### "TxtTo73/classes/CMS73LdifParser.class", and ###
+### "TxtTo73/classes/DummyAuthManager.class" which are ###
+### used to create a CS 7.3 ldif data file. ###
+### ###
+#####################################################################
+
+
+###
+### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS"
+###
+
+JDK_PLATFORM=Linux
+export JDK_PLATFORM
+
+
+###
+### Set JDK_VERSION - specify the JDK version used by this version of CS
+###
+### CS 7.3 NOTE: "Linux" - 1.5.0 (IBM)
+### "SunOS" - 1.5.0
+###
+
+JDK_VERSION=PKI_7.3.0
+export JDK_VERSION
+
+
+###
+### Set JAVA_HOME - specify the complete path to the JDK
+###
+
+JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION}
+export JAVA_HOME
+
+
+############################################################################
+### ###
+### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ###
+### ###
+############################################################################
+
+
+###
+### Script-defined constants
+###
+
+CS="CS 7.3"
+export CS
+
+
+OS_NAME=`uname`
+export OS_NAME
+
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " ${CS} ldif data classes."
+ echo
+ exit 1
+fi
+
+
+###
+### Check presence of user-defined variables
+###
+
+if [ -z "${JAVA_HOME}" ] ; then
+ echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME "
+ echo " environment variables for this script!"
+ echo
+ exit 2
+fi
+
+
+###
+### Check that the specified JAVA_HOME exists and is a directory
+###
+
+if [ ! -d "${JAVA_HOME}" ] ; then
+ echo "ERROR: Either the specified JAVA_HOME does not exist, "
+ echo " or it is not a directory!"
+ echo
+ exit 4
+fi
+
+
+###
+### Setup the appropriate library path environment variable
+### based upon the platform
+###
+
+if [ ${OS_NAME} = "HP-UX" ] ; then
+ SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads
+ export SHLIB_PATH
+elif [ ${OS_NAME} = "Linux" ] ; then
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads
+ export LD_LIBRARY_PATH
+else # SunOS
+ LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo73 - create "CMS73LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/rhpki/ca/ca.jar:/usr/lib/java/rhpki/tks/tks.jar:/usr/lib/java/rhpki/ocsp/ocsp.jar:/usr/lib/java/rhpki/kra/kra.jar:/usr/lib/java/dirsec/jss4.jar Main.java
+
diff --git a/pki/base/migrate/TxtTo80/classes/CS80LdifParser.class b/pki/base/migrate/TxtTo80/classes/CS80LdifParser.class
new file mode 100644
index 000000000..22e6fe9a3
--- /dev/null
+++ b/pki/base/migrate/TxtTo80/classes/CS80LdifParser.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo80/classes/Main.class b/pki/base/migrate/TxtTo80/classes/Main.class
new file mode 100644
index 000000000..0f162327d
--- /dev/null
+++ b/pki/base/migrate/TxtTo80/classes/Main.class
Binary files differ
diff --git a/pki/base/migrate/TxtTo80/run.sh b/pki/base/migrate/TxtTo80/run.sh
new file mode 100755
index 000000000..6dde55758
--- /dev/null
+++ b/pki/base/migrate/TxtTo80/run.sh
@@ -0,0 +1,394 @@
+#!/bin/sh
+
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script converts a normalized <Source CS Version> ldif ###
+### text file (e. g. - created via a <Source CS Version>ToTxt ###
+### script) into a CS 8.0 ldif data file. ###
+### ###
+### This CS 8.0 ldif data file can then be imported into ###
+### the internal database of the desired CS 8.0 server ###
+### using a utility such as ldif2db. ###
+### ###
+#####################################################################
+
+###
+### Provide a usage function
+###
+
+usage() {
+ echo
+ echo "Usage: $0 input [errors] > output"
+ echo
+ echo " where: input - a "normalized" CS ldif data file,"
+ echo " errors - an optional errors file containing"
+ echo " skipped attributes, and"
+ echo " output - the CS 8.0 ldif text file."
+ echo
+ echo " NOTE: If no redirection is provided to"
+ echo " 'output', then the CS 8.0 ldif text"
+ echo " file will merely be echoed to stdout."
+ echo
+ exit 255
+}
+
+
+##
+## Perform a usage check for the appropriate number of arguments:
+##
+
+if [ $# -lt 1 -o $# -gt 2 ] ; then
+ usage
+fi
+
+
+###
+### Check that the specified "input" file exists and is a regular file.
+###
+
+if [ ! -f $1 ] ; then
+ echo "ERROR: Either the specified 'input' file, '$1', does not exist, "
+ echo " or it is not a regular file!"
+ echo
+ usage
+fi
+
+
+###
+### Check that the specified "input" file exists and is not empty.
+###
+
+if [ ! -s $1 ] ; then
+ echo "ERROR: The specified 'input' file, '$1', is empty!"
+ echo
+ usage
+fi
+
+
+###
+### If an "errors" file is specified, then check that it does not already
+### exist.
+###
+
+if [ $# -eq 2 ] ; then
+ if [ -f $2 ] ; then
+ echo "ERROR: The specified 'errors' file, '$2', already exists!"
+ echo " Please specify a different file!"
+ echo
+ usage
+ fi
+fi
+
+
+###
+### Set PKI_OS
+###
+### CS 8.0 NOTE: "Linux"
+### "SunOS"
+###
+
+PKI_OS=`uname`
+export PKI_OS
+
+if [ "${PKI_OS}" != "Linux" ] &&
+ [ "${PKI_OS}" != "SunOS" ]; then
+ printf "This '$0' script is ONLY executable\n"
+ printf "on either a 'Linux' or 'Solaris' machine!\n"
+ exit 255
+fi
+
+
+###
+### Set PKI_ARCHITECTURE
+###
+### CS 8.0 NOTE: "Linux i386" - 32-bit ("i386")
+### "Linux x86_64" - 64-bit ("x86_64")
+### "SunOS sparc" - 64-bit ("sparcv9")
+###
+
+if [ "${PKI_OS}" == "Linux" ]; then
+ PKI_PLATFORM=`uname -i`
+ export PKI_PLATFORM
+ if [ "${PKI_PLATFORM}" == "i386" ] ||
+ [ "${PKI_PLATFORM}" == "x86_64" ]; then
+ PKI_ARCHITECTURE="${PKI_PLATFORM}"
+ export PKI_ARCHITECTURE
+ else
+ printf "On 'Linux', this '$0' script is ONLY executable\n"
+ printf "on either an 'i386' or 'x86_64' architecture!\n"
+ exit 255
+ fi
+elif [ "${PKI_OS}" == "SunOS" ]; then
+ PKI_PLATFORM=`uname -p`
+ export PKI_PLATFORM
+ if [ "${PKI_PLATFORM}" == "sparc" ]; then
+ PKI_ARCHITECTURE="sparcv9"
+ export PKI_ARCHITECTURE
+ else
+ printf "On 'Solaris', this '$0' script is ONLY executable\n"
+ printf "on a 'sparcv9' architecture!\n"
+ exit 255
+ fi
+fi
+
+
+###
+### Set PKI_OS_DISTRIBUTION
+###
+### CS 8.0 NOTE: "Linux Fedora 8" - "Fedora"
+### "Linux Fedora 9" - "Fedora"
+### "Linux Fedora 10" - "Fedora"
+### "Linux RHEL 5" - "Red Hat"
+### "SunOS 5.9" - "Solaris"
+###
+
+if [ "${PKI_OS}" == "Linux" ]; then
+ IS_FEDORA=`test -e /etc/fedora-release && echo 1 || echo 0`
+ if [ "${IS_FEDORA}" -eq 1 ]; then
+ PKI_DISTRIBUTION="Fedora"
+ export PKI_DISTRIBUTION
+ PKI_OS_RPM_VERSION=`rpm -qf --qf='%{VERSION}' /etc/fedora-release`
+ export PKI_OS_RPM_VERSION
+ PKI_OS_VERSION=`echo "${PKI_OS_RPM_VERSION}" | tr -d [A-Za-z]`
+ export PKI_OS_VERSION
+ else
+ IS_REDHAT=`test -e /etc/redhat-release && echo 1 || echo 0`
+ if [ "${IS_REDHAT}" -eq 1 ]; then
+ PKI_DISTRIBUTION="Red Hat"
+ export PKI_DISTRIBUTION
+ PKI_OS_RPM_VERSION=`rpm -qf --qf='%{VERSION}' /etc/redhat-release`
+ export PKI_OS_RPM_VERSION
+ PKI_OS_VERSION=`echo "${PKI_OS_RPM_VERSION}" | tr -d [A-Za-z]`
+ export PKI_OS_VERSION
+ else
+ printf "On 'Linux',this '$0' script is ONLY executable\n"
+ printf "on either a 'Fedora' or 'Red Hat' machine!\n"
+ exit 255
+ fi
+ fi
+elif [ "${PKI_OS}" == "SunOS" ]; then
+ PKI_DISTRIBUTION="Solaris"
+ export PKI_DISTRIBUTION
+ PKI_OS_VERSION=`uname -r | awk -F. '{print $2}'`
+ export PKI_OS_VERSION
+fi
+
+
+###
+### Set JAVA_HOME
+###
+### CS 8.0 NOTE: "Linux Fedora 8" - JRE 1.7.0 (IcedTea)
+### "Linux Fedora 9" - JRE 1.6.0 (OpenJDK)
+### "Linux Fedora 10" - JRE 1.6.0 (OpenJDK)
+### "Linux RHEL 5" - JRE 1.6.0 (OpenJDK)
+### "SunOS 5.9" - JRE 1.6.0 (Sun JDK)
+###
+### "Linux" - ALWAYS set specific JAVA_HOME
+### "SunOS" - ALLOW JAVA_HOME to be pre-defined
+###
+
+if [ "${PKI_OS}" == "Linux" ]; then
+ if [ "${PKI_DISTRIBUTION}" == "Fedora" ]; then
+ if [ ${PKI_OS_VERSION} -eq 8 ]; then
+ if [ "${PKI_ARCHITECTURE}" == "i386" ]; then
+ JAVA_HOME="/usr/lib/jvm/jre-1.7.0-icedtea"
+ JAVA_ARCHITECTURE="i386"
+ else # "x86_64"
+ JAVA_HOME="/usr/lib/jvm/jre-1.7.0-icedtea.${PKI_ARCHITECTURE}"
+ JAVA_ARCHITECTURE="amd64"
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/java" ] &&
+ [ ! -f "${JAVA_HOME}/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'Fedora 8', this '$0' script is ONLY executable\n"
+ printf "by 'JRE 1.7.0 (IcedTea)'!\n"
+ exit 255
+ fi
+ elif [ ${PKI_OS_VERSION} -gt 8 ]; then
+ if [ "${PKI_ARCHITECTURE}" == "i386" ]; then
+ JAVA_HOME="/usr/lib/jvm/jre-1.6.0-openjdk"
+ JAVA_ARCHITECTURE="i386"
+ else # "x86_64"
+ JAVA_HOME="/usr/lib/jvm/jre-1.6.0-openjdk.${PKI_ARCHITECTURE}"
+ JAVA_ARCHITECTURE="amd64"
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/java" ] &&
+ [ ! -f "${JAVA_HOME}/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'Fedora ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JRE 1.6.0 (OpenJDK)'!\n"
+ exit 255
+ fi
+ else
+ printf "On 'Fedora', this '$0' script is ONLY executable\n"
+ printf "on 'Fedora 8' or later!\n"
+ exit 255
+ fi
+ elif [ "${PKI_DISTRIBUTION}" == "Red Hat" ]; then
+ if [ ${PKI_OS_VERSION} -ge 5 ]; then
+ if [ "${PKI_ARCHITECTURE}" == "i386" ]; then
+ JAVA_HOME="/usr/lib/jvm/jre-1.6.0-openjdk"
+ JAVA_ARCHITECTURE="i386"
+ else # "x86_64"
+ JAVA_HOME="/usr/lib/jvm/jre-1.6.0-openjdk.${PKI_ARCHITECTURE}"
+ JAVA_ARCHITECTURE="amd64"
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/java" ] &&
+ [ ! -f "${JAVA_HOME}/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'RHEL ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JRE 1.6.0 (OpenJDK)'!\n"
+ exit 255
+ fi
+ else
+ printf "On 'Red Hat', this '$0' script is ONLY executable\n"
+ printf "on 'RHEL 5' or later!\n"
+ exit 255
+ fi
+ fi
+ JRE_EXE="${JAVA_HOME}/bin/java"
+ export JRE_EXE
+ JRE_VERSION=`${JAVA_HOME}/bin/java -version 2>&1 | cut -b15-19 | sed -n '/[0-9]\.[0-9]\.[0-9]/p'`
+ export JRE_VERSION
+elif [ "${PKI_OS}" == "SunOS" ]; then
+ if [ "${JAVA_HOME}" == "" ]; then
+ JAVA_HOME="/usr/java"
+ fi
+ JRE_EXE="${JAVA_HOME}/bin/${PKI_ARCHITECTURE}/java"
+ export JRE_EXE
+ JRE_VERSION=`${JAVA_HOME}/bin/${PKI_ARCHITECTURE}/java -version 2>&1 | cut -b15-19 | sed -n '/[0-9]\.[0-9]\.[0-9]/p'`
+ export JRE_VERSION
+ if [ ${PKI_OS_VERSION} -eq 9 ]; then
+ if [ "${JRE_VERSION}" != "1.6.0" ]; then
+ printf "On 'Solaris ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JRE 1.6.0'!\n"
+ exit 255
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/${PKI_ARCHITECTURE}/java" ] &&
+ [ ! -f "${JAVA_HOME}/jre/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'Solaris ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JRE 1.6.0 (Sun JDK)'!\n"
+ exit 255
+ fi
+ else
+ printf "On 'Solaris', this '$0' script is ONLY executable\n"
+ printf "on 'Solaris 9'!\n"
+ exit 255
+ fi
+fi
+
+
+###
+### Setup the appropriate CLASSPATH and LD_LIBRARY_PATH
+### environment variables based upon the platform
+###
+### NOTE: As of SunOS JDK 1.4.0, the required "Unicode" classes
+### have been moved from "i18n.jar" to "rt.jar".
+###
+
+if [ ! -f "/usr/share/java/pki/cmscore.jar" ] &&
+ [ ! -f "/usr/share/java/pki/certsrv.jar" ]; then
+ printf "This '$0' script must be EXECUTED against\n"
+ printf "the 'pki-common' package!\n"
+ exit 255
+fi
+if [ ! -f "/usr/share/java/pki/nsutil.jar" ]; then
+ printf "This '$0' script must be EXECUTED against\n"
+ printf "the 'pki-util' package!\n"
+ exit 255
+fi
+if [ ! -d "/usr/share/pki/migrate/TxtTo80/classes" ]; then
+ printf "This '$0' script must be EXECUTED against\n"
+ printf "the 'pki-migrate' package!\n"
+ exit 255
+fi
+
+if [ ${PKI_OS} = "Linux" ] ; then
+ if [ ! -f "/usr/lib/java/jss4.jar" ]; then
+ printf "This '$0' script must be EXECUTED against\n"
+ printf "the 'jss' package!\n"
+ exit 255
+ fi
+ CLASSPATH=${JAVA_HOME}/lib/rt.jar
+ CLASSPATH=/usr/lib/java/jss4.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/nsutil.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/cmscore.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/certsrv.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/pki/migrate/TxtTo80/classes:${CLASSPATH}
+ export CLASSPATH
+ if [ ${PKI_ARCHITECTURE} = "i386" ] ; then
+ LD_LIBRARY_PATH=${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}/native_threads
+ LD_LIBRARY_PATH=${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib:${LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH
+ else # "x86_64"
+ LD_LIBRARY_PATH=${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}/native_threads
+ LD_LIBRARY_PATH=${JAVA_HOME}/lib/${JAVA_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib64:${LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH
+ fi
+else # "SunOS"
+ if [ ! -f "/usr/lib/java/dirsec/jss4.jar" ]; then
+ printf "This '$0' script must be EXECUTED against\n"
+ printf "the 'dirsec-jss' package!\n"
+ exit 255
+ fi
+ CLASSPATH=${JAVA_HOME}/jre/lib/rt.jar
+ CLASSPATH=/usr/lib/java/dirsec/jss4.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/nsutil.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/cmscore.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/certsrv.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/pki/migrate/TxtTo80/classes:${CLASSPATH}
+ export CLASSPATH
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}/native_threads
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib/${PKI_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib/${PKI_ARCHITECTURE}/dirsec:${LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Execute TxtTo80 to convert the "normalized" CS ldif data file in to
+### a CS 8.0 ldif text file suitable for import in to a CS 8.0 LDAP DB.
+###
+
+# printf "================================================================\n"
+# printf "PKI_OS='${PKI_OS}'\n"
+# printf "PKI_DISTRIBUTION='${PKI_DISTRIBUTION}'\n"
+# printf "PKI_OS_VERSION='${PKI_OS_VERSION}'\n"
+# printf "PKI_ARCHITECTURE='${PKI_ARCHITECTURE}'\n"
+# printf "JAVA_HOME='${JAVA_HOME}'\n"
+# printf "JRE_EXE='${JRE_EXE}'\n"
+# printf "JRE_VERSION='${JRE_VERSION}'\n"
+# printf "================================================================\n\n"
+
+${JRE_EXE} -classpath ${CLASSPATH} Main $1 $2
+
diff --git a/pki/base/migrate/TxtTo80/src/Main.java b/pki/base/migrate/TxtTo80/src/Main.java
new file mode 100644
index 000000000..f2734bfa3
--- /dev/null
+++ b/pki/base/migrate/TxtTo80/src/Main.java
@@ -0,0 +1,559 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2009 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+//
+// "TxtTo80/src/Main.java" is based upon a copy "TxtTo80/src/Main.java".
+//
+// Always comment any new code sections with a "CS 8.0" header, and
+// apply these changes forward to all other "TxtTo*/src/Main.java" files
+// (including this comment header) so that these differences will only
+// appear when this file is diffed against an earlier "TxtTo*" version.
+//
+// This file should always be maintained by executing the following command:
+//
+// diff TxtTo73/src/Main.java TxtTo80/src/Main.java
+//
+
+import java.math.*;
+import java.io.*;
+import java.util.*;
+import org.mozilla.jss.*; // CMS 4.5 and later
+import org.mozilla.jss.crypto.*; // CMS 4.5 and later
+import com.netscape.certsrv.base.*;
+import com.netscape.certsrv.authentication.*;
+import netscape.security.util.*;
+import java.lang.reflect.*;
+
+public class Main
+{
+ public static void main(String args[])
+ {
+ try {
+ // initialize CryptoManager in CMS 4.5 and later
+ CryptoManager.initialize(".");
+ // load JSS provider in CMS 4.5 and later
+ java.security.Security.removeProvider("SUN version 1.2");
+ // The following call to "java.security.Security.insertProviderAt()"
+ // is no longer commented out in CMS 4.5 and later
+ java.security.Security.insertProviderAt(
+ new netscape.security.provider.CMS(), 0);
+ java.security.Provider ps[] =
+ java.security.Security.getProviders();
+ if (ps == null || ps.length <= 0) {
+ System.err.println("Java Security Provider NONE");
+ } else {
+ for (int x = 0; x < ps.length; x++) {
+ System.err.println("Java Security Provider " + x + " class=" + ps[x]);
+ }
+ }
+
+ // Parse the File
+ CS80LdifParser parser = null;
+ if (args.length == 1) {
+ parser = new CS80LdifParser(args[0]);
+ } else if (args.length == 2) {
+ parser = new CS80LdifParser(args[0], args[1]);
+ } else {
+ throw new IOException("Invalid Parameters");
+ }
+ parser.parse();
+ } catch (Exception e) {
+ System.err.println("ERROR: " + e.toString());
+ e.printStackTrace();
+ }
+ }
+}
+
+class CS80LdifParser
+{
+ // constants
+ private static final String DN =
+ "dn:";
+ // Directory Servers in CS 8.0 and later use "extdata-"
+ private static final String extAttrPrefix =
+ "extdata-";
+ private static final String BEGIN =
+ "--- BEGIN ATTRIBUTES ---";
+ private static final String END =
+ "--- END ATTRIBUTES ---";
+
+ // variables
+ private String mFilename = null;
+ private String mErrorFilename = null;
+ private PrintWriter mErrorPrintWriter = null;
+
+ public CS80LdifParser(String filename)
+ {
+ mFilename = filename;
+ }
+
+ public CS80LdifParser(String filename, String errorFilename)
+ {
+ mFilename = filename;
+ mErrorFilename = errorFilename;
+ }
+
+ public void parse() throws Exception
+ {
+ if (mErrorFilename != null) {
+ mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename));
+ }
+ BufferedReader reader = new BufferedReader(
+ new FileReader(mFilename));
+ String line = null;
+ String dn = null;
+ Vector requestAttributes = null;
+ while ((line = reader.readLine()) != null) {
+ if (line.startsWith(DN)) {
+ dn = line;
+ }
+ if (line.equals(BEGIN)) {
+ requestAttributes = new Vector();
+ continue;
+ }
+ if (requestAttributes == null) {
+ // Since we are not in the midst of a Request Attribute,
+ // simply print out the line.
+ System.out.println(line);
+
+ // New in CS 8.0:
+ if( line.equals( "objectClass: request" ) ) {
+ // Since Request Objects now contain individual undefined
+ // schema attributes (rather than a single serialized blob),
+ // we disable schema checking to allow them to be stored as
+ // Multi-Value strings by adding an "extensibleObject"
+ // objectclass to each Request Object entry.
+ System.out.println( "objectClass: extensibleObject" );
+ }
+ continue;
+ }
+ if (line.equals(END)) {
+ parseAttributes(dn, requestAttributes);
+ requestAttributes = null;
+ continue;
+ }
+ if (line.startsWith(" ")) { // beginning of attr
+ requestAttributes.addElement(
+ line.substring(1, line.length()));
+ } else {
+ requestAttributes.setElementAt(
+ (String)
+ requestAttributes.lastElement() +
+ "\n" +
+ line,
+ requestAttributes.size() - 1);
+ }
+ }
+ }
+
+ public String getKey( String dn, String attr )
+ {
+ String key = null;
+
+ int colon = attr.indexOf( ':' );
+ if (colon == -1) {
+ return key;
+ }
+
+ int equal = attr.indexOf( '=' );
+ if( equal == -1 ) {
+ return key;
+ }
+
+ key = attr.substring( 0, colon );
+ if( key.startsWith( "serviceErrors" ) ) {
+ // #56953 - skip serviceErrors
+ return key;
+ }
+
+ if( key.startsWith( "Error" ) ) {
+ // #56953 - skip Error
+ return key;
+ }
+
+ return key;
+ }
+
+ public void parseAttributes(String dn, Vector attrs) throws Exception
+ {
+ for( int i = 0; i < attrs.size(); i++ ) {
+ String attr = ( String ) attrs.elementAt( i );
+ try {
+ translateAttributes( dn, attr );
+ } catch( Exception e ) {
+ if( mErrorPrintWriter != null ) {
+ mErrorPrintWriter.println( dn );
+ }
+ String key = getKey( dn, attr );
+ if( key != null ) {
+ mErrorPrintWriter.println( "Skipped " + key );
+ }
+ }
+ }
+ }
+
+ /*************************************************************************/
+ /* The following two functions: */
+ /* */
+ /* protected boolean isAlphaNum(char in) {} */
+ /* */
+ /* public String encodeKey(String key) {} */
+ /* */
+ /* were copied from the private class called: */
+ /* */
+ /* class ExtAttrDynMapper implements IDBDynAttrMapper {} */
+ /* */
+ /* in the file called: */
+ /* */
+ /* pki/base/common/src/com/netscape/cmscore/request/RequestRecord.java */
+ /* */
+ /*************************************************************************/
+
+ protected boolean isAlphaNum(char in) {
+ if ((in >= 'a') && (in <= 'z')) {
+ return true;
+ }
+ if ((in >= 'A') && (in <= 'Z')) {
+ return true;
+ }
+ if ((in >= '0') && (in <= '9')) {
+ return true;
+ }
+ return false;
+ }
+
+ /**
+ * Encoded extdata keys for storage in LDAP.
+ *
+ * The rules for encoding are trickier than decoding. We want to allow
+ * '-' by itself to be stored in the database (for the common case of keys
+ * like 'Foo-Bar'. Therefore we are using '--' as the encoding character.
+ * The rules are:
+ * 1) All characters [^-a-zA-Z0-9] are encoded as --XXXX where XXXX is the
+ * hex representation of the digit.
+ * 2) [a-zA-Z0-9] are always passed through unencoded
+ * 3) [-] is passed through as long as it is preceded and followed
+ * by [a-zA-Z0-9] (or if it's at the beginning/end of the string)
+ * 4) If [-] is preceded or followed by [^a-zA-Z0-9] then
+ * the - as well as all following [^a-zA-Z0-9] characters are encoded
+ * as --XXXX.
+ *
+ * This routine tries to be as efficient as possible with StringBuffer and
+ * large copies. However, the encoding unfortunately requires several
+ * objects to be allocated.
+ *
+ * @param key The key to encode
+ * @return The encoded key
+ */
+ public String encodeKey(String key) {
+ StringBuffer output = null;
+ char[] input = key.toCharArray();
+ int startCopyIndex = 0;
+
+ int index = 0;
+ while (index < input.length) {
+ if (! isAlphaNum(input[index])) {
+ if ((input[index] == '-') &&
+ ((index + 1) < input.length) &&
+ (isAlphaNum(input[index + 1]))) {
+ index += 2;
+ } else if ((input[index] == '-') &&
+ ((index + 1) == input.length)) {
+ index += 1;
+ } else {
+ if (output == null) {
+ output = new StringBuffer(input.length + 5);
+ }
+ output.append(input, startCopyIndex, index - startCopyIndex);
+ while ( (index < input.length) &&
+ (! isAlphaNum(input[index])) ) {
+ output.append("--");
+ String hexString = Integer.toHexString(input[index]);
+ int padding = 4 - hexString.length();
+ while (padding > 0) {
+ output.append('0');
+ padding--;
+ }
+ output.append(hexString);
+ index++;
+ }
+ startCopyIndex = index;
+ }
+ } else {
+ index++;
+ }
+ }
+
+ if (output == null) {
+ return key;
+ } else {
+ output.append(input, startCopyIndex, index - startCopyIndex);
+ return output.toString();
+ }
+ }
+
+ public String formatData( String data ) {
+ StringBuffer output = null;
+ char[] input = data.toCharArray();
+ int startCopyIndex = 0;
+
+ // Every string buffer has a capacity. As long as the length of the
+ // character sequence contained in the string buffer does not exceed
+ // the capacity, it is not necessary to allocate a new internal buffer
+ // array. If the internal buffer overflows, it is automatically made
+ // larger.
+ //
+ // Start out with an output buffer at least as big as the input buffer.
+ output = new StringBuffer( input.length );
+
+ int index = 0;
+ while( index < input.length ) {
+ if( input[index] != '\n' ) {
+ output.append( input[index] );
+ } else {
+ output.append( input[index] );
+ if( index != ( input.length - 1 ) ) {
+ // Place an initial space after each carriage return
+ // with the exception of the last one
+ output.append( ' ' );
+ }
+ }
+
+ index++;
+ }
+
+ return( output.toString() );
+ }
+
+ public void translateAttributes( String dn, String attr )
+ throws Exception
+ {
+ // attribute format [key]:[type]=[data]
+
+ int colon = attr.indexOf( ':' );
+ if( colon == -1 ) {
+ if( mErrorPrintWriter != null ) {
+ if( dn != null ) {
+ mErrorPrintWriter.println( dn );
+ }
+ mErrorPrintWriter.println( "Skipped " + attr );
+ }
+ return;
+ }
+ int equal = attr.indexOf( '=' );
+ if( equal == -1 ) {
+ if( mErrorPrintWriter != null ) {
+ if( dn != null ) {
+ mErrorPrintWriter.println( dn );
+ }
+ mErrorPrintWriter.println( "Skipped " + attr );
+ }
+ return;
+ }
+
+ String key = attr.substring( 0, colon );
+ String type = attr.substring( colon + 1, equal );
+ String data = attr.substring( equal + 1 );
+
+ if( key.startsWith( "serviceErrors" ) ) {
+ // #56953 - skip serviceErrors
+ if( mErrorPrintWriter != null ) {
+ if( dn != null ) {
+ mErrorPrintWriter.println( dn );
+ }
+ mErrorPrintWriter.println( "Skipped " + attr );
+ }
+ return;
+ }
+
+ if( key.startsWith( "Error" ) ) {
+ // #56953 - skip serviceErrors
+ if( mErrorPrintWriter != null ) {
+ if( dn != null ) {
+ mErrorPrintWriter.println( dn );
+ }
+ mErrorPrintWriter.println( "Skipped " + attr );
+ }
+ return;
+ }
+
+ // To account for '47ToTxt' data files that have previously
+ // been generated, ALWAYS convert 'iplanet' to 'netscape'.
+ //
+ // Bugzilla Bug #224801 (a.k.a - Raidzilla Bug #56981)
+ // Bugzilla Bug #483519
+ //
+ String translation = null;
+ if( type.startsWith( "iplanet" ) ) {
+ translation = "netscape"
+ + type.substring( 7 );
+ type = translation;
+ } else if( type.startsWith( "com.iplanet" ) ) {
+ translation = "com.netscape"
+ + type.substring( 11 );
+ type = translation;
+ }
+
+ if( type.startsWith( "com.netscape.certsrv.request.AgentApprovals" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "com.netscape.certsrv.base.ArgBlock" )
+ || type.startsWith( "com.netscape.cmscore.base.ArgBlock" ) ) {
+ // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and
+ // moved old "com.netscape.certsrv.base.ArgBlock"
+ // to "com.netscape.cmscore.base.ArgBlock"
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "com.netscape.certsrv.authentication.AuthToken" ) ) {
+ // Processes 'java.math.BigInteger[]':
+ //
+ // Bugzilla Bug #225031 (a.k.a - Raidzilla Bug #58356)
+ //
+ // Processes 'java.lang.String[]':
+ //
+ // Bugzilla Bug #224763 (a.k.a - Raidzilla Bug #57949)
+ // Bugzilla Bug #252240
+ //
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "java.math.BigInteger[" ) ) {
+ // Bugzilla Bug #238779
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "java.math.BigInteger" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "byte[]" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "byte[" ) ) {
+ // byte array
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "netscape.security.x509.CertificateAlgorithmId" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.equals( "netscape.security.x509.CertificateChain" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.equals( "netscape.security.x509.CertificateExtensions" ) ) {
+ // XXX - "db2ldif" appears dumps these as ":" values, but they
+ // always appear as "::" base-64 encoded values?
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateExtensions"
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.equals( "netscape.security.x509.CertificateSubjectName" ) ) {
+ // CMS 6.2: revised method of decoding objects of type
+ // "netscape.security.x509.CertificateSubjectName"
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "netscape.security.x509.CertificateValidity" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.equals( "netscape.security.x509.CertificateX509Key" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "com.netscape.certsrv.cert.CertInfo" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if (type.startsWith("java.util.Hashtable")) {
+ // Bugzilla Bug #224800 (a.k.a - Raidzilla Bug #56953)
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "Integer[" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "java.lang.Integer" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "org.mozilla.jss.asn1.INTEGER" ) ) {
+ // CS 7.1 stores bodyPartId as INTEGER
+ // CS 7.2 fixed the problem by storing it as String
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "com.netscape.certsrv.dbs.keydb.KeyRecord" )
+ || type.startsWith( "com.netscape.cmscore.dbs.KeyRecord" ) ) {
+ // Bugzilla Bug #508191 - These only apply to KRA; and in CS 8.0,
+ // since KRA requests only need to refer
+ // to the actual "keyRecord" referenced
+ // by the "keySerialNumber" data,
+ // all other "KeyRecord" request data is
+ // ignored, since it is already stored
+ // in the actual "keyRecord".
+ if( data.startsWith( "keySerialNumber" ) ) {
+ String keySerialNumber = data.substring( data.indexOf( "=" ) + 1 );
+ System.out.println( extAttrPrefix +
+ encodeKey( key.toLowerCase() ) + ": " +
+ formatData( keySerialNumber ) );
+ }
+ } else if( type.startsWith( "java.util.Locale" ) ) {
+ // CMS 6.2: begin checking for new type
+ // "java.util.Locale"
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "com.netscape.certsrv.kra.ProofOfArchival" )
+ || type.startsWith( "com.netscape.cmscore.kra.ProofOfArchival" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "netscape.security.x509.RevokedCertImpl" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "java.lang.String[" ) ) {
+ // Bugzilla Bug #223360 (a.k.a - Raidzilla Bug #58086)
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if (type.startsWith("java.lang.String")) {
+ // Examples:
+ //
+ // key.equals( "publickey" )
+ // key.equals( "cert_request" )
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "java.util.Vector" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "netscape.security.x509.X509CertImpl[" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.equals( "netscape.security.x509.X509CertImpl" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.startsWith( "netscape.security.x509.X509CertInfo[" )
+ || type.startsWith( "netscape.security.extensions.CertInfo[" ) )
+ {
+ // CMS 6.2: begin checking for additional new type
+ // "netscape.security.extensions.CertInfo["
+ //
+ // CMS 6.1: "netscape.security.x509.X509CertInfo"
+ // now always utilizes arrays such as
+ // "netscape.security.x509.X509CertInfo["
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.equals( "netscape.security.x509.X509CertInfo" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else if( type.endsWith( "Exception" ) ) {
+ System.out.println( extAttrPrefix + encodeKey( key ) + ": " +
+ formatData( data ) );
+ } else {
+ System.err.println( "ERROR type - " + type + " - "+ attr );
+ System.exit( 0 );
+ }
+ }
+}
+
diff --git a/pki/base/migrate/TxtTo80/src/compile.sh b/pki/base/migrate/TxtTo80/src/compile.sh
new file mode 100755
index 000000000..c8dd848e0
--- /dev/null
+++ b/pki/base/migrate/TxtTo80/src/compile.sh
@@ -0,0 +1,345 @@
+#!/bin/bash
+
+# --- BEGIN COPYRIGHT BLOCK ---
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#####################################################################
+### ###
+### This script creates: ###
+### ###
+### "TxtTo80/classes/CS80LdifParser.class", ###
+### "TxtTo80/classes/DummyAuthManager.class", and ###
+### "TxtTo80/classes/Main.class", ###
+### ###
+### which may be used to convert a "normalized" ldif data file ###
+### exported from a version of CS prior to 8.0 into a CS 8.0 ###
+### ldif data file suitable for import into a CS 8.0 LDAP DB. ###
+### ###
+#####################################################################
+
+###
+### Provide a usage function
+###
+
+usage() {
+ echo
+ echo "Usage: $0"
+ echo
+ echo " NOTE: No arguments are required to build the"
+ echo " CS 8.0 ldif data classes."
+ echo
+ exit 255
+}
+
+###
+### Perform a usage check for the appropriate number of arguments:
+###
+
+if [ $# -gt 0 ] ; then
+ usage
+fi
+
+
+###
+### Set PKI_OS
+###
+### CS 8.0 NOTE: "Linux"
+### "SunOS"
+###
+
+PKI_OS=`uname`
+export PKI_OS
+
+if [ "${PKI_OS}" != "Linux" ] &&
+ [ "${PKI_OS}" != "SunOS" ]; then
+ printf "This '$0' script is ONLY executable\n"
+ printf "on either a 'Linux' or 'Solaris' machine!\n"
+ exit 255
+fi
+
+
+###
+### Set PKI_ARCHITECTURE
+###
+### CS 8.0 NOTE: "Linux i386" - 32-bit ("i386")
+### "Linux x86_64" - 64-bit ("x86_64")
+### "SunOS sparc" - 64-bit ("sparcv9")
+###
+
+if [ "${PKI_OS}" == "Linux" ]; then
+ PKI_PLATFORM=`uname -i`
+ export PKI_PLATFORM
+ if [ "${PKI_PLATFORM}" == "i386" ] ||
+ [ "${PKI_PLATFORM}" == "x86_64" ]; then
+ PKI_ARCHITECTURE="${PKI_PLATFORM}"
+ export PKI_ARCHITECTURE
+ else
+ printf "On 'Linux', this '$0' script is ONLY executable\n"
+ printf "on either an 'i386' or 'x86_64' architecture!\n"
+ exit 255
+ fi
+elif [ "${PKI_OS}" == "SunOS" ]; then
+ PKI_PLATFORM=`uname -p`
+ export PKI_PLATFORM
+ if [ "${PKI_PLATFORM}" == "sparc" ]; then
+ PKI_ARCHITECTURE="sparcv9"
+ export PKI_ARCHITECTURE
+ else
+ printf "On 'Solaris', this '$0' script is ONLY executable\n"
+ printf "on a 'sparcv9' architecture!\n"
+ exit 255
+ fi
+fi
+
+
+###
+### Set PKI_OS_DISTRIBUTION
+###
+### CS 8.0 NOTE: "Linux Fedora 8" - "Fedora"
+### "Linux Fedora 9" - "Fedora"
+### "Linux Fedora 10" - "Fedora"
+### "Linux RHEL 5" - "Red Hat"
+### "SunOS 5.9" - "Solaris"
+###
+
+if [ "${PKI_OS}" == "Linux" ]; then
+ IS_FEDORA=`test -e /etc/fedora-release && echo 1 || echo 0`
+ if [ "${IS_FEDORA}" -eq 1 ]; then
+ PKI_DISTRIBUTION="Fedora"
+ export PKI_DISTRIBUTION
+ PKI_OS_RPM_VERSION=`rpm -qf --qf='%{VERSION}' /etc/fedora-release`
+ export PKI_OS_RPM_VERSION
+ PKI_OS_VERSION=`echo "${PKI_OS_RPM_VERSION}" | tr -d [A-Za-z]`
+ export PKI_OS_VERSION
+ else
+ IS_REDHAT=`test -e /etc/redhat-release && echo 1 || echo 0`
+ if [ "${IS_REDHAT}" -eq 1 ]; then
+ PKI_DISTRIBUTION="Red Hat"
+ export PKI_DISTRIBUTION
+ PKI_OS_RPM_VERSION=`rpm -qf --qf='%{VERSION}' /etc/redhat-release`
+ export PKI_OS_RPM_VERSION
+ PKI_OS_VERSION=`echo "${PKI_OS_RPM_VERSION}" | tr -d [A-Za-z]`
+ export PKI_OS_VERSION
+ else
+ printf "On 'Linux',this '$0' script is ONLY executable\n"
+ printf "on either a 'Fedora' or 'Red Hat' machine!\n"
+ exit 255
+ fi
+ fi
+elif [ "${PKI_OS}" == "SunOS" ]; then
+ PKI_DISTRIBUTION="Solaris"
+ export PKI_DISTRIBUTION
+ PKI_OS_VERSION=`uname -r | awk -F. '{print $2}'`
+ export PKI_OS_VERSION
+fi
+
+
+###
+### Set JAVA_HOME
+###
+### CS 8.0 NOTE: "Linux Fedora 8" - JDK 1.7.0 (IcedTea)
+### "Linux Fedora 9" - JDK 1.6.0 (OpenJDK)
+### "Linux Fedora 10" - JDK 1.6.0 (OpenJDK)
+### "Linux RHEL 5" - JDK 1.6.0 (OpenJDK)
+### "SunOS 5.9" - JDK 1.6.0 (Sun JDK)
+###
+### "Linux" - ALWAYS set specific JAVA_HOME
+### "SunOS" - ALLOW JAVA_HOME to be pre-defined
+###
+
+if [ "${PKI_OS}" == "Linux" ]; then
+ if [ "${PKI_DISTRIBUTION}" == "Fedora" ]; then
+ if [ ${PKI_OS_VERSION} -eq 8 ]; then
+ if [ "${PKI_ARCHITECTURE}" == "i386" ]; then
+ JAVA_HOME="/usr/lib/jvm/java-1.7.0-icedtea"
+ JAVA_ARCHITECTURE="i386"
+ else # "x86_64"
+ JAVA_HOME="/usr/lib/jvm/java-1.7.0-icedtea.${PKI_ARCHITECTURE}"
+ JAVA_ARCHITECTURE="amd64"
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/javac" ] &&
+ [ ! -f "${JAVA_HOME}/jre/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'Fedora 8', this '$0' script is ONLY executable\n"
+ printf "by 'JDK 1.7.0 (IcedTea)'!\n"
+ exit 255
+ fi
+ elif [ ${PKI_OS_VERSION} -gt 8 ]; then
+ if [ "${PKI_ARCHITECTURE}" == "i386" ]; then
+ JAVA_HOME="/usr/lib/jvm/java-1.6.0-openjdk"
+ JAVA_ARCHITECTURE="i386"
+ else # "x86_64"
+ JAVA_HOME="/usr/lib/jvm/java-1.6.0-openjdk.${PKI_ARCHITECTURE}"
+ JAVA_ARCHITECTURE="amd64"
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/javac" ] &&
+ [ ! -f "${JAVA_HOME}/jre/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'Fedora ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JDK 1.6.0 (OpenJDK)'!\n"
+ exit 255
+ fi
+ else
+ printf "On 'Fedora', this '$0' script is ONLY executable\n"
+ printf "on 'Fedora 8' or later!\n"
+ exit 255
+ fi
+ elif [ "${PKI_DISTRIBUTION}" == "Red Hat" ]; then
+ if [ ${PKI_OS_VERSION} -ge 5 ]; then
+ if [ "${PKI_ARCHITECTURE}" == "i386" ]; then
+ JAVA_HOME="/usr/lib/jvm/java-1.6.0-openjdk"
+ JAVA_ARCHITECTURE="i386"
+ else # "x86_64"
+ JAVA_HOME="/usr/lib/jvm/java-1.6.0-openjdk.${PKI_ARCHITECTURE}"
+ JAVA_ARCHITECTURE="amd64"
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/javac" ] &&
+ [ ! -f "${JAVA_HOME}/jre/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'RHEL ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JDK 1.6.0 (OpenJDK)'!\n"
+ exit 255
+ fi
+ else
+ printf "On 'Red Hat', this '$0' script is ONLY executable\n"
+ printf "on 'RHEL 5' or later!\n"
+ exit 255
+ fi
+ fi
+ JDK_EXE="${JAVA_HOME}/bin/javac"
+ export JDK_EXE
+ JDK_VERSION=`${JAVA_HOME}/bin/javac -version 2>&1 | cut -b7-11`
+ export JDK_VERSION
+elif [ "${PKI_OS}" == "SunOS" ]; then
+ if [ "${JAVA_HOME}" == "" ]; then
+ JAVA_HOME="/usr/java"
+ fi
+ JDK_EXE="${JAVA_HOME}/bin/${PKI_ARCHITECTURE}/javac"
+ export JDK_EXE
+ JDK_VERSION=`${JAVA_HOME}/bin/${PKI_ARCHITECTURE}/javac -version 2>&1 | cut -b7-11`
+ export JDK_VERSION
+ if [ ${PKI_OS_VERSION} -eq 9 ]; then
+ if [ "${JDK_VERSION}" != "1.6.0" ]; then
+ printf "On 'Solaris ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JDK 1.6.0'!\n"
+ exit 255
+ fi
+ if [ ! -x "${JAVA_HOME}/bin/${PKI_ARCHITECTURE}/javac" ] &&
+ [ ! -f "${JAVA_HOME}/jre/lib/rt.jar" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}" ] &&
+ [ ! -d "${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}/native_threads" ]; then
+ printf "On 'Solaris ${PKI_OS_VERSION}', "
+ printf "this '$0' script is ONLY executable\n"
+ printf "by 'JDK 1.6.0 (Sun JDK)'!\n"
+ exit 255
+ fi
+ else
+ printf "On 'Solaris', this '$0' script is ONLY executable\n"
+ printf "on 'Solaris 9'!\n"
+ exit 255
+ fi
+fi
+
+
+###
+### Setup the appropriate CLASSPATH and LD_LIBRARY_PATH
+### environment variables based upon the platform
+###
+
+if [ ! -f "/usr/share/java/pki/cmscore.jar" ] &&
+ [ ! -f "/usr/share/java/pki/certsrv.jar" ]; then
+ printf "This '$0' script must be COMPILED against\n"
+ printf "the 'pki-common' package!\n"
+ exit 255
+fi
+if [ ! -f "/usr/share/java/pki/nsutil.jar" ]; then
+ printf "This '$0' script must be COMPILED against\n"
+ printf "the 'pki-util' package!\n"
+ exit 255
+fi
+
+if [ ${PKI_OS} = "Linux" ] ; then
+ if [ ! -f "/usr/lib/java/jss4.jar" ]; then
+ printf "This '$0' script must be COMPILED against\n"
+ printf "the 'jss' package!\n"
+ exit 255
+ fi
+ CLASSPATH=${JAVA_HOME}/jre/lib/rt.jar
+ CLASSPATH=/usr/lib/java/jss4.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/nsutil.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/cmscore.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/certsrv.jar:${CLASSPATH}
+ export CLASSPATH
+ if [ ${PKI_ARCHITECTURE} = "i386" ] ; then
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}/native_threads
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib:${LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH
+ else # "x86_64"
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}/native_threads
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${JAVA_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib64:${LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH
+ fi
+else # "SunOS"
+ if [ ! -f "/usr/lib/java/dirsec/jss4.jar" ]; then
+ printf "This '$0' script must be COMPILED against\n"
+ printf "the 'dirsec-jss' package!\n"
+ exit 255
+ fi
+ CLASSPATH=${JAVA_HOME}/jre/lib/rt.jar
+ CLASSPATH=/usr/lib/java/dirsec/jss4.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/nsutil.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/cmscore.jar:${CLASSPATH}
+ CLASSPATH=/usr/share/java/pki/certsrv.jar:${CLASSPATH}
+ export CLASSPATH
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}/native_threads
+ LD_LIBRARY_PATH=${JAVA_HOME}/jre/lib/${PKI_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib/${PKI_ARCHITECTURE}:${LD_LIBRARY_PATH}
+ LD_LIBRARY_PATH=/usr/lib/${PKI_ARCHITECTURE}/dirsec:${LD_LIBRARY_PATH}
+ export LD_LIBRARY_PATH
+fi
+
+
+###
+### Set TARGET - identify the complete path to the new classes target directory
+###
+
+TARGET=../classes
+export TARGET
+
+
+###
+### Create the new classes target directory (if it does not already exist)
+###
+
+if [ ! -d ${TARGET} ]; then
+ mkdir -p ${TARGET}
+fi
+
+
+###
+### Compile TxtTo80 - create "CS80LdifParser.class", "DummyAuthManager.class",
+### and "Main.class"
+###
+
+printf "================================================================\n"
+printf "PKI_OS='${PKI_OS}'\n"
+printf "PKI_DISTRIBUTION='${PKI_DISTRIBUTION}'\n"
+printf "PKI_OS_VERSION='${PKI_OS_VERSION}'\n"
+printf "PKI_ARCHITECTURE='${PKI_ARCHITECTURE}'\n"
+printf "JAVA_HOME='${JAVA_HOME}'\n"
+printf "JDK_EXE='${JDK_EXE}'\n"
+printf "JDK_VERSION='${JDK_VERSION}'\n"
+printf "================================================================\n\n"
+
+${JDK_EXE} -d ${TARGET} -classpath ${CLASSPATH} Main.java
+
diff --git a/pki/base/migrate/build.xml b/pki/base/migrate/build.xml
new file mode 100644
index 000000000..ff380c7f2
--- /dev/null
+++ b/pki/base/migrate/build.xml
@@ -0,0 +1,437 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ ### END COPYRIGHT BLOCK ### -->
+<project name="migrate" default="main" basedir=".">
+
+ <import file="config/product.xml"/>
+ <import file="config/product-ext.xml" optional="true"/>
+
+
+ <target name="clean"
+ depends=""
+ description="--> remove component directories">
+ <echo message="${begin.clean.log.message}"/>
+ <delete dir="${dist.base}"/>
+ <delete dir="${build.dir}"/>
+ <echo message="${end.clean.log.message}"/>
+ </target>
+
+
+ <target name="download"
+ depends=""
+ description="--> download dependent components">
+ <echo message="${begin.download.log.message}"/>
+ <echo message="${empty.download.log.message}"/>
+ <echo message="${end.download.log.message}"/>
+ </target>
+
+
+ <target name="compile_java"
+ depends=""
+ description="--> compile java source code into classes">
+ <echo message="${begin.compile.java.log.message}"/>
+ <echo message="${empty.compile.java.log.message}"/>
+ <echo message="${end.compile.java.log.message}"/>
+ </target>
+
+
+ <target name="build_jars"
+ depends="compile_java"
+ description="--> generate jar files">
+ <echo message="${begin.build.jars.log.message}"/>
+ <echo message="${empty.build.jars.log.message}"/>
+ <echo message="${end.build.jars.log.message}"/>
+ </target>
+
+
+ <target name="build_jni_headers"
+ depends="compile_java"
+ description="--> generate jni header files">
+ <echo message="${begin.build.jni.headers.log.message}"/>
+ <echo message="${empty.build.jni.headers.log.message}"/>
+ <echo message="${end.build.jni.headers.log.message}"/>
+ </target>
+
+
+ <target name="build"
+ depends="build_jars,build_jni_headers"
+ description="--> build classes, jars, and jni headers">
+ <echo message="${notify.build.log.message}"/>
+ </target>
+
+
+ <target name="compile_junit_tests"
+ depends="build"
+ description="--> compile junit test source code">
+ <echo message="${begin.compile.junit.tests.log.message}"/>
+ <echo message="${empty.compile.junit.tests.log.message}"/>
+ <echo message="${end.compile.junit.tests.log.message}"/>
+ </target>
+
+
+ <target name="run_junit_tests"
+ depends="compile_junit_tests"
+ description="--> execute junit tests">
+ <echo message="${begin.run.junit.tests.log.message}"/>
+ <echo message="${empty.run.junit.tests.log.message}"/>
+ <echo message="${end.run.junit.tests.log.message}"/>
+ </target>
+
+
+ <target name="verify"
+ depends="run_junit_tests"
+ description="--> build and execute junit tests">
+ <echo message="${notify.verify.log.message}"/>
+ </target>
+
+
+ <target name="clean_javadocs"
+ depends=""
+ description="--> remove javadocs directory">
+ <echo message="${begin.clean.javadocs.log.message}"/>
+ <echo message="${empty.clean.javadocs.log.message}"/>
+ <echo message="${end.clean.javadocs.log.message}"/>
+ </target>
+
+
+ <target name="compose_javadocs"
+ depends="build"
+ description="--> generate javadocs">
+ <echo message="${begin.compose.javadocs.log.message}"/>
+ <echo message="${empty.compose.javadocs.log.message}"/>
+ <echo message="${end.compose.javadocs.log.message}"/>
+ </target>
+
+
+ <target name="document"
+ depends="clean_javadocs,compose_javadocs"
+ description="--> remove old javadocs and compose new javadocs">
+ <echo message="${notify.document.log.message}"/>
+ </target>
+
+
+ <target name="distribute_binaries"
+ depends="document"
+ description="--> create the zip and gzipped tar binary distributions">
+ <echo message="${begin.distribute.binaries.log.message}"/>
+ <mkdir dir="${dist.base.binaries}"/>
+
+ <echo message="${begin.binary.wrappers.log.message}"/>
+ <echo message="${empty.binary.wrappers.log.message}"/>
+ <echo message="${end.binary.wrappers.log.message}"/>
+
+ <echo message="${begin.binary.zip.log.message}"/>
+ <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+ <zipfileset dir="."
+ filemode="755"
+ prefix="usr/share/${product.prefix}/${product}">
+ <include name="42SP2ToTxt/*.sh"/>
+ <include name="42SP2ToTxt/classes/**"/>
+ <include name="47ToTxt/*.sh"/>
+ <include name="47ToTxt/classes/**"/>
+ <include name="45ToTxt/*.sh"/>
+ <include name="45ToTxt/classes/**"/>
+ <include name="TxtTo72/*.sh"/>
+ <include name="TxtTo72/classes/**"/>
+ <include name="63ToTxt/*.sh"/>
+ <include name="63ToTxt/classes/**"/>
+ <include name="72ToTxt/*.sh"/>
+ <include name="72ToTxt/classes/**"/>
+ <include name="TxtTo71/*.sh"/>
+ <include name="TxtTo71/classes/**"/>
+ <include name="62ToTxt/*.sh"/>
+ <include name="62ToTxt/classes/**"/>
+ <include name="71ToTxt/*.sh"/>
+ <include name="71ToTxt/classes/**"/>
+ <include name="TxtTo62/*.sh"/>
+ <include name="TxtTo62/classes/**"/>
+ <include name="61ToTxt/*.sh"/>
+ <include name="61ToTxt/classes/**"/>
+ <include name="TxtTo70/*.sh"/>
+ <include name="TxtTo70/classes/**"/>
+ <include name="42ToTxt/*.sh"/>
+ <include name="42ToTxt/classes/**"/>
+ <include name="60ToTxt/*.sh"/>
+ <include name="60ToTxt/classes/**"/>
+ <include name="70ToTxt/*.sh"/>
+ <include name="70ToTxt/classes/**"/>
+ <include name="TxtTo60/*.sh"/>
+ <include name="TxtTo60/classes/**"/>
+ <include name="TxtTo61/*.sh"/>
+ <include name="TxtTo61/classes/**"/>
+ <include name="41ToTxt/*.sh"/>
+ <include name="41ToTxt/classes/**"/>
+ <include name="73ToTxt/*.sh"/>
+ <include name="73ToTxt/classes/**"/>
+ <include name="TxtTo73/*.sh"/>
+ <include name="TxtTo73/classes/**"/>
+ <include name="TxtTo80/*.sh"/>
+ <include name="TxtTo80/classes/**"/>
+ <include name="80/*.class"/>
+ <include name="TpsTo80/linux/**"/>
+ <include name="TpsTo80/solaris/**"/>
+ </zipfileset>
+ <zipfileset dir="."
+ filemode="644"
+ prefix="usr/share/${product.prefix}/${product}">
+ <include name="*/*.bat"/>
+ <include name="80/*.ldif"/>
+ <include name="80/readme"/>
+ <include name="TpsTo80/readme"/>
+ </zipfileset>
+ <zipfileset dir="."
+ filemode="644"
+ prefix="usr/share/doc/${dist.name}">
+ <include name="EULA"/>
+ <include name="LICENSE"/>
+ </zipfileset>
+ </zip>
+ <echo message="${end.binary.zip.log.message}"/>
+
+ <echo message="${begin.binary.tar.log.message}"/>
+ <tar longfile="gnu"
+ destfile="${dist.base.binaries}/${dist.name}.tar">
+ <tarfileset dir="."
+ mode="755"
+ prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+ <include name="42SP2ToTxt/*.sh"/>
+ <include name="42SP2ToTxt/classes/**"/>
+ <include name="47ToTxt/*.sh"/>
+ <include name="47ToTxt/classes/**"/>
+ <include name="45ToTxt/*.sh"/>
+ <include name="45ToTxt/classes/**"/>
+ <include name="TxtTo72/*.sh"/>
+ <include name="TxtTo72/classes/**"/>
+ <include name="63ToTxt/*.sh"/>
+ <include name="63ToTxt/classes/**"/>
+ <include name="72ToTxt/*.sh"/>
+ <include name="72ToTxt/classes/**"/>
+ <include name="TxtTo71/*.sh"/>
+ <include name="TxtTo71/classes/**"/>
+ <include name="62ToTxt/*.sh"/>
+ <include name="62ToTxt/classes/**"/>
+ <include name="71ToTxt/*.sh"/>
+ <include name="71ToTxt/classes/**"/>
+ <include name="TxtTo62/*.sh"/>
+ <include name="TxtTo62/classes/**"/>
+ <include name="61ToTxt/*.sh"/>
+ <include name="61ToTxt/classes/**"/>
+ <include name="TxtTo70/*.sh"/>
+ <include name="TxtTo70/classes/**"/>
+ <include name="42ToTxt/*.sh"/>
+ <include name="42ToTxt/classes/**"/>
+ <include name="60ToTxt/*.sh"/>
+ <include name="60ToTxt/classes/**"/>
+ <include name="70ToTxt/*.sh"/>
+ <include name="70ToTxt/classes/**"/>
+ <include name="TxtTo60/*.sh"/>
+ <include name="TxtTo60/classes/**"/>
+ <include name="TxtTo61/*.sh"/>
+ <include name="TxtTo61/classes/**"/>
+ <include name="41ToTxt/*.sh"/>
+ <include name="41ToTxt/classes/**"/>
+ <include name="73ToTxt/*.sh"/>
+ <include name="73ToTxt/classes/**"/>
+ <include name="TxtTo73/*.sh"/>
+ <include name="TxtTo73/classes/**"/>
+ <include name="TxtTo80/*.sh"/>
+ <include name="TxtTo80/classes/**"/>
+ <include name="80/*.class"/>
+ <include name="TpsTo80/linux/**"/>
+ <include name="TpsTo80/solaris/**"/>
+ </tarfileset>
+ <tarfileset dir="."
+ mode="644"
+ prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+ <include name="*/*.bat"/>
+ <include name="80/*.ldif"/>
+ <include name="80/readme"/>
+ <include name="TpsTo80/readme"/>
+ </tarfileset>
+ <tarfileset dir="."
+ mode="644"
+ prefix="${dist.name}/usr/share/doc/${dist.name}">
+ <include name="EULA"/>
+ <include name="LICENSE"/>
+ </tarfileset>
+ </tar>
+ <echo message="${end.binary.tar.log.message}"/>
+
+ <echo message="${begin.binary.gtar.log.message}"/>
+ <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+ src="${dist.base.binaries}/${dist.name}.tar"/>
+ <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+ <delete dir="${dist.name}"/>
+ <checksum fileext=".md5">
+ <fileset dir="${dist.base.binaries}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <checksum fileext=".sha1"
+ algorithm="SHA">
+ <fileset dir="${dist.base.binaries}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <echo message="${end.binary.gtar.log.message}"/>
+
+ <echo message="${end.distribute.binaries.log.message}"/>
+ </target>
+
+
+ <target name="distribute_source"
+ depends=""
+ description="--> create the zip and gzipped tar source distributions">
+ <echo message="${begin.distribute.source.log.message}"/>
+ <mkdir dir="${dist.base.source}"/>
+
+ <echo message="${begin.source.zip.log.message}"/>
+ <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+ <zipfileset dir="."
+ filemode="755"
+ prefix="${src.dist.name}">
+ <include name="${specfile}"/>
+ <exclude name="EULA"/>
+ <exclude name="LICENSE"/>
+ <include name="build.xml"/>
+ <include name="config/product*.xml"/>
+ <include name="config/release*.xml"/>
+ <include name="release"/>
+ <include name="41ToTxt/**"/>
+ <include name="42ToTxt/**"/>
+ <include name="42SP2ToTxt/**"/>
+ <include name="45ToTxt/**"/>
+ <include name="47ToTxt/**"/>
+ <include name="60ToTxt/**"/>
+ <include name="61ToTxt/**"/>
+ <include name="62ToTxt/**"/>
+ <include name="63ToTxt/**"/>
+ <include name="70ToTxt/**"/>
+ <include name="71ToTxt/**"/>
+ <include name="72ToTxt/**"/>
+ <include name="73ToTxt/**"/>
+ <include name="TxtTo60/**"/>
+ <include name="TxtTo61/**"/>
+ <include name="TxtTo62/**"/>
+ <include name="TxtTo70/**"/>
+ <include name="TxtTo71/**"/>
+ <include name="TxtTo72/**"/>
+ <include name="TxtTo73/**"/>
+ <include name="TxtTo80/**"/>
+ <include name="80/**"/>
+ <include name="TpsTo80/**"/>
+ </zipfileset>
+ <zipfileset dir="."
+ filemode="644"
+ prefix="${src.dist.name}">
+ <include name="EULA"/>
+ <include name="LICENSE"/>
+ </zipfileset>
+ </zip>
+ <echo message="${end.source.zip.log.message}"/>
+
+ <echo message="${begin.source.tar.log.message}"/>
+ <tar longfile="gnu"
+ destfile="${dist.base.source}/${src.dist.name}.tar">
+ <tarfileset dir="."
+ mode="755"
+ prefix="${src.dist.name}">
+ <include name="${specfile}"/>
+ <exclude name="EULA"/>
+ <exclude name="LICENSE"/>
+ <include name="build.xml"/>
+ <include name="config/product*.xml"/>
+ <include name="config/release*.xml"/>
+ <include name="release"/>
+ <include name="41ToTxt/**"/>
+ <include name="42ToTxt/**"/>
+ <include name="42SP2ToTxt/**"/>
+ <include name="45ToTxt/**"/>
+ <include name="47ToTxt/**"/>
+ <include name="60ToTxt/**"/>
+ <include name="61ToTxt/**"/>
+ <include name="62ToTxt/**"/>
+ <include name="63ToTxt/**"/>
+ <include name="70ToTxt/**"/>
+ <include name="71ToTxt/**"/>
+ <include name="72ToTxt/**"/>
+ <include name="73ToTxt/**"/>
+ <include name="TxtTo60/**"/>
+ <include name="TxtTo61/**"/>
+ <include name="TxtTo62/**"/>
+ <include name="TxtTo70/**"/>
+ <include name="TxtTo71/**"/>
+ <include name="TxtTo72/**"/>
+ <include name="TxtTo73/**"/>
+ <include name="TxtTo80/**"/>
+ <include name="80/**"/>
+ <include name="TpsTo80/**"/>
+ </tarfileset>
+ <tarfileset dir="."
+ mode="644"
+ prefix="${src.dist.name}">
+ <include name="EULA"/>
+ <include name="LICENSE"/>
+ </tarfileset>
+ </tar>
+ <echo message="${end.source.tar.log.message}"/>
+
+ <echo message="${begin.source.gtar.log.message}"/>
+ <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+ src="${dist.base.source}/${src.dist.name}.tar"/>
+ <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+ <delete dir="${dist.name}"/>
+ <checksum fileext=".md5">
+ <fileset dir="${dist.base.source}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <checksum fileext=".sha1"
+ algorithm="SHA">
+ <fileset dir="${dist.base.source}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <echo message="${end.source.gtar.log.message}"/>
+
+ <echo message="${end.distribute.source.log.message}"/>
+ </target>
+
+
+ <target name="distribute"
+ depends="distribute_binaries,distribute_source"
+ description="--> create binary and source component distributions">
+ <echo message="${notify.distribute.log.message}"/>
+ </target>
+
+
+ <target name="main"
+ depends="clean,distribute"
+ description="--> clean, build, verify, document, distribute [default]">
+ <echo message="${notify.main.log.message}"/>
+ </target>
+
+</project>
+
diff --git a/pki/base/migrate/kra/RecoverKey.class b/pki/base/migrate/kra/RecoverKey.class
new file mode 100755
index 000000000..756380e8d
--- /dev/null
+++ b/pki/base/migrate/kra/RecoverKey.class
Binary files differ
diff --git a/pki/base/migrate/kra/RecoverKey.java b/pki/base/migrate/kra/RecoverKey.java
new file mode 100755
index 000000000..06e5fc55f
--- /dev/null
+++ b/pki/base/migrate/kra/RecoverKey.java
@@ -0,0 +1,101 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+// package com.netscape.cmstools;
+
+import org.mozilla.jss.pkix.cmc.*;
+import org.mozilla.jss.pkix.cms.*;
+import org.mozilla.jss.pkix.cert.*;
+import org.mozilla.jss.pkix.primitive.*;
+import org.mozilla.jss.asn1.*;
+import org.mozilla.jss.pkcs10.*;
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.SignatureAlgorithm;
+import org.mozilla.jss.crypto.DigestAlgorithm;
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.util.*;
+import org.mozilla.jss.*;
+
+import sun.misc.BASE64Encoder;
+import sun.misc.*;
+
+import java.io.*;
+import java.util.*;
+
+import com.netscape.cmscore.shares.*;
+
+public class RecoverKey {
+
+ public static void main(String args[]) throws Exception
+ {
+ if (args.length != 6) {
+ System.out.println("Usage: RecoverKey <alias directory> <prefix> <password> <pin> <nickname> <kra-key.db path>");
+ System.exit(0);
+ }
+
+ String alias = args[0];
+ String prefix = args[1];
+ String password = args[2];
+ String pin = args[3];
+ String nickname = args[4];
+ String db_path = args[5];
+
+ CryptoManager.InitializationValues vals =
+ new CryptoManager.InitializationValues(alias,
+ prefix, prefix, "secmod.db");
+
+ CryptoManager.initialize(vals);
+ CryptoManager cm = CryptoManager.getInstance();
+
+ CryptoToken token = cm.getInternalKeyStorageToken();
+ token.login(new Password(password.toCharArray()));
+
+ // retrieve public key
+ X509Certificate cert = cm.findCertByNickname(nickname);
+
+ // retrieve encrypted private key material
+ File priFile = new File(db_path);
+ byte priData[] = new byte[(new Long(priFile.length())).intValue()];
+ FileInputStream fi = new FileInputStream(priFile);
+ fi.read(priData);
+ fi.close();
+
+ // recover private key
+ Password pass = new Password(pin.toCharArray());
+ KeyGenerator kg = token.getKeyGenerator(
+ PBEAlgorithm.PBE_SHA1_DES3_CBC);
+ byte iv[] = {0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01};
+ PBEKeyGenParams kgp = new PBEKeyGenParams(pass,
+ iv, 5);
+
+ pass.clear();
+ kg.initialize(kgp);
+ SymmetricKey sk = kg.generate();
+
+ KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD);
+ wrapper.initUnwrap(sk, new IVParameterSpec(iv));
+ PrivateKey pk = wrapper.unwrapPrivate(priData,
+ PrivateKey.RSA, cert.getPublicKey());
+
+ System.out.println("=> Private is '" + pk + "'");
+ }
+}
diff --git a/pki/base/migrate/kra/RecoverPin.class b/pki/base/migrate/kra/RecoverPin.class
new file mode 100755
index 000000000..75db9d5f9
--- /dev/null
+++ b/pki/base/migrate/kra/RecoverPin.class
Binary files differ
diff --git a/pki/base/migrate/kra/RecoverPin.java b/pki/base/migrate/kra/RecoverPin.java
new file mode 100755
index 000000000..2ad268c37
--- /dev/null
+++ b/pki/base/migrate/kra/RecoverPin.java
@@ -0,0 +1,149 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+// package com.netscape.cmstools;
+
+import org.mozilla.jss.pkix.cmc.*;
+import org.mozilla.jss.pkix.cms.*;
+import org.mozilla.jss.pkix.cert.*;
+import org.mozilla.jss.pkix.primitive.*;
+import org.mozilla.jss.asn1.*;
+import org.mozilla.jss.pkcs10.*;
+import org.mozilla.jss.crypto.*;
+import org.mozilla.jss.CryptoManager;
+import org.mozilla.jss.crypto.CryptoToken;
+import org.mozilla.jss.crypto.SignatureAlgorithm;
+import org.mozilla.jss.crypto.DigestAlgorithm;
+import org.mozilla.jss.crypto.X509Certificate;
+import org.mozilla.jss.util.*;
+import org.mozilla.jss.*;
+
+import sun.misc.BASE64Encoder;
+import sun.misc.*;
+
+import java.io.*;
+import java.util.*;
+
+import com.netscape.cmscore.shares.*;
+
+public class RecoverPin {
+
+ public static String getPassword(Hashtable shares) throws Exception
+ {
+ System.out.println("Share size '" + shares.size() + "'");
+ JoinShares j = new JoinShares(shares.size());
+
+ Enumeration e = shares.keys();
+ while (e.hasMoreElements()) {
+ String next = (String) e.nextElement();
+System.out.println("Add share " + (int)(Integer.parseInt(next) + 1));
+ j.addShare(Integer.parseInt(next) + 1,
+ (byte[]) shares.get(next));
+ }
+ byte secret[] = j.recoverSecret();
+ String pwd = new String(secret);
+ return pwd;
+ }
+
+ public static byte[] resizeShare(byte share[]) {
+ byte data[] = new byte[share.length - 2];
+
+ for (int i = 2; i < share.length; i++) {
+ data[i - 2] = share[i];
+ }
+ return data;
+ }
+
+ public static Hashtable getShares(CryptoToken token,
+ Properties kra_mn_p) throws Exception
+ {
+ BufferedReader br = new BufferedReader( new InputStreamReader(System.in));
+ Hashtable v = new Hashtable();
+ Enumeration e = kra_mn_p.keys();
+ int n = Integer.parseInt((String)kra_mn_p.get("n"));
+ for (int i = 0; i < n; i++) {
+ String uid = (String)kra_mn_p.get("uid"+i);
+ System.out.println("Got uid '" + uid + "'");
+
+ String encrypted = (String)kra_mn_p.get("share"+i);
+ System.out.println("Got share '" + encrypted + "'");
+
+ BASE64Decoder decoder = new BASE64Decoder();
+ byte share[] = decoder.decodeBuffer(encrypted);
+ System.out.println("Got encrypted share length '" +
+ share.length + "'");
+
+ System.out.println("Please input password for " + uid + ":");
+ String pwd = br.readLine();
+ System.out.println("Got password '" + pwd + "'");
+
+ Cipher cipher = token.getCipherContext(
+ EncryptionAlgorithm.DES3_CBC_PAD);
+ byte iv[] = {0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01};
+ Password pass = new Password(pwd.toCharArray());
+ KeyGenerator kg = token.getKeyGenerator(
+ PBEAlgorithm.PBE_SHA1_DES3_CBC);
+ PBEKeyGenParams kgp = new PBEKeyGenParams(pass,
+ iv, 5);
+ kg.initialize(kgp);
+ SymmetricKey sk = kg.generate();
+ cipher.initDecrypt(sk, new IVParameterSpec(iv));
+ byte dec[] = cipher.doFinal(share);
+ System.out.println("Got decrypted share length '" + dec.length + "'");
+ System.out.println("Got share[0] '" + dec[0] + "'");
+ System.out.println("Got share[1] '" + dec[1] + "'");
+ byte res[] = resizeShare(dec);
+ v.put(Integer.toString(i), res);
+ }
+ return v;
+ }
+
+ public static void main(String args[]) throws Exception
+ {
+ if (args.length != 4) {
+ System.out.println("Usage: RecoverPin <alias directory> <prefix> <password> <kra-mn.conf path>");
+ System.exit(0);
+ }
+
+ String alias = args[0];
+ String prefix = args[1];
+ String password = args[2];
+ String path_kra_mn = args[3];
+
+ CryptoManager.InitializationValues vals =
+ new CryptoManager.InitializationValues(alias,
+ prefix, prefix, "secmod.db");
+
+ CryptoManager.initialize(vals);
+ CryptoManager cm = CryptoManager.getInstance();
+
+ // load files into properties
+ Properties kra_mn_p = new Properties();
+ kra_mn_p.load(new FileInputStream(path_kra_mn));
+
+ CryptoToken token = cm.getInternalKeyStorageToken();
+ token.login(new Password(password.toCharArray()));
+
+ Hashtable shares = getShares(token, kra_mn_p);
+
+ String pwd = getPassword(shares);
+ System.out.println("=> Pin is '" + pwd + "'");
+ }
+}
diff --git a/pki/base/migrate/kra/readme.txt b/pki/base/migrate/kra/readme.txt
new file mode 100755
index 000000000..8b7b69b49
--- /dev/null
+++ b/pki/base/migrate/kra/readme.txt
@@ -0,0 +1,130 @@
+Date
+
+ Tue Oct 17 16:11:07 PDT 2006
+
+Version
+
+ CMS 6.1
+
+Overview
+
+ In CMS6.1 Data Recovery Manager (DRM), it has deployed a
+ complicated key splitting scheme where software token and
+ hardware token are treated differently.
+
+ Both software and hardware token requires a group of N recovery agents
+ to be present during the configuration. A Pin is randomly generated
+ and splitted into N pieces called shares. Each share is encrypted with
+ a password provided by the individual recovery agent. This is to
+ ensure no single recovery agent to access the pin.
+
+ For software token, during configuration, a storage key pair is
+ generated, and the private key portion is then encrypted by the
+ Pin mentioned above. The encrypted key is stored in a file called
+ kra-key.db in the conf directory. The configuration deletes
+ the private key from the software token. For each recovery
+ operation, the private key is then reconstructed and imported
+ into the software token.
+
+ For hardware token, during configuration, a storage key pair is
+ generated on the selected token, then the configuration changes the
+ hardware token's pin to the randomly generated pin mentioned above.
+ For each recovery operation, the token's pin is reconstructed and
+ private key is accessed.
+
+ To provide migration on the user keys that were encrypted with the
+ storage keys of CS6.1, we need to be able to migrate the public and
+ private keys to the new system. To access the private key, we need
+ to have a way to reconstruct the pin.
+
+ This support package provides 2 utilities that can assist the
+ migration.
+
+Programs
+
+ RecoverPin - This command is to reconstruct the pin. It reads
+ the shares from conf/kra-mn.conf, and prompts for
+ agent passwords. It then reconstructs and prints the
+ pin to the screen.
+
+ RecoverKey - For software token deployment, the encrypted private
+ key is stored in the file conf/kra-key.db. To recover
+ the private key, the user needs to use the pin obtained
+ from RecoverPin. Once the private key is recovered into
+ the security database. The user can use pk12util to
+ migrate key to the new installation. For hardware token
+ deployment, this command is not necessary.
+
+Examples
+
+ Here is an example of RecoverPin usage
+
+ java -classpath <server-root>/bin/cert/jars/cmscore.jar:<server-root>/bin/cert/jars/nsutil.jar:<server-root>/bin/cert/jars/jss3.jar:. RecoverPin <path to alias directory> <prefix> <password> <key splitting scheme file>
+
+ For example,
+
+ java -classpath /home/user/cs61/servers/bin/cert/jars/cmscore.jar:/export/home/user/cs61/servers/bin/cert/jars/nsutil.jar:/export/home/user/cs61/servers/bin/cert/jars/jss3.jar:. RecoverPin /export/home/user/cs61/servers/alias "cert-drm-sunburst-" netscape /export/home/user/cs61/servers/cert-drm/config/kra-mn.conf
+
+ The output is:
+
+ Got uid 'agent1'
+ Got share 'A23UO/q9f40='
+ Got encrypted share length '8'
+ Please input password for agent1:
+ netscape1
+ Got password 'netscape1'
+ Got decrypted share length '2'
+ Got share[0] '0'
+ Got share[1] '0'
+ Got uid 'agent2'
+ Got share 'R+zGVd5zczI='
+ Got encrypted share length '8'
+ Please input password for agent2:
+ netscape2
+ Got password 'netscape2'
+ Got decrypted share length '2'
+ Got share[0] '0'
+ Got share[1] '0'
+ Got uid 'agent3'
+ Got share 'lsipE7cM8jg='
+ Got encrypted share length '8'
+ Please input password for agent3:
+ netscape3
+ Got password 'netscape3'
+ Got decrypted share length '2'
+ Got share[0] '0'
+ Got share[1] '0'
+ Share size '3'
+ Add share 3
+ Add share 2
+ Add share 1
+ => Pin is ''
+
+ Here is an example of RecoverKey usage
+
+ java -classpath <server-root>/bin/cert/jars/cmscore.jar:<server-root>/bin/cert/jars/nsutil.jar:<server-root>/bin/cert/jars/jss3.jar:. RecoverKey <alias path> <prefix> <db password> <pin from RecoverPin> <nickname> <key db path>
+
+ For example,
+
+ java -classpath /export/home/user/cs61/servers/bin/cert/jars/cmscore.jar:/export/home/user/cs61/servers/bin/cert/jars/nsutil.jar:/export/home/user/cs61/servers/bin/cert/jars/jss3.jar:. RecoverKey /export/home/user/cs61/servers/alias cert-drm-sunburst- "netscape" "" "kraStorageCert 1161121005622" /export/home/user/cs61/servers/cert-drm/config/kra-key.db
+
+ The output is:
+
+ => Private is 'org.mozilla.jss.pkcs11.PK11RSAPrivateKey@1ab8f9e'
+
+To make the private and public key exportable via pk12util. You need to first
+backup the storage certificate, delete it, and then import it
+again. For example,
+
+ certutil -d . -P cert-drm-sunburst- \
+ -n "kraStorageCert 1161121005622" -a > storageCert.txt
+
+ certutil -d . -P cert-drm-sunburst- -D -n "kraStorageCert 1161121005622"
+
+ certutil -d . -P cert-drm-sunburst- -A -t "u,u,u" \
+ -n "kraStorageCert 1161121005622" -i storageCert.txt
+
+Finally, you can export the private and public key using pk12util
+
+ pk12util -o storage.p12 -d . -P cert-drm-sunburst- \
+ -n "kraStorageCert 1161121005622"