diff options
Diffstat (limited to 'pki/base/migrate')
156 files changed, 24983 insertions, 0 deletions
diff --git a/pki/base/migrate/41ToTxt/classes/CMS41LdifParser.class b/pki/base/migrate/41ToTxt/classes/CMS41LdifParser.class Binary files differnew file mode 100644 index 000000000..9e8c2951e --- /dev/null +++ b/pki/base/migrate/41ToTxt/classes/CMS41LdifParser.class diff --git a/pki/base/migrate/41ToTxt/classes/Main.class b/pki/base/migrate/41ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..b534ce990 --- /dev/null +++ b/pki/base/migrate/41ToTxt/classes/Main.class diff --git a/pki/base/migrate/41ToTxt/run.bat b/pki/base/migrate/41ToTxt/run.bat new file mode 100755 index 000000000..35a5fda9f --- /dev/null +++ b/pki/base/migrate/41ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 4.1 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 4.1 ldif text file. +REM +REM This subsequent normalized CMS 4.1 ldif text file +REM can be migrated into CMS 6.0 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 4.1 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms41 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\base\jre\bin;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\bin\jssjava.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar;%SERVER_ROOT%\bin\base\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/41ToTxt/run.sh b/pki/base/migrate/41ToTxt/run.sh new file mode 100755 index 000000000..0e9a40e89 --- /dev/null +++ b/pki/base/migrate/41ToTxt/run.sh @@ -0,0 +1,191 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 4.1 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 4.1 ldif text file. ### +### ### +### This subsequent normalized CMS 4.1 ldif text file ### +### can be migrated into CMS 6.0 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 4.1 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms41 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.1" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform (SunOS) +### + +LD_LIBRARY_PATH=${SERVER_ROOT}/bin/base/jre/lib:${SERVER_ROOT}/bin/base/jre/lib/sparc/native_threads +export LD_LIBRARY_PATH + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/bin/jssjava -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar:${SERVER_ROOT}/bin/base/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/41ToTxt/src/Main.java b/pki/base/migrate/41ToTxt/src/Main.java new file mode 100644 index 000000000..39b3035ab --- /dev/null +++ b/pki/base/migrate/41ToTxt/src/Main.java @@ -0,0 +1,426 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +// +// "41ToTxt/src/Main.java" represents the initial CMS "ToTxt" migration file. +// +// Always comment any new code sections with a "CMS 4.1" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import com.netscape.jss.*; // CMS 4.1/4.2/4.2 (SP 2) +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.1/4.2/4.2 (SP 2) + CryptoManager.initialize("./secmod.db", "./key3.db", "./cert7.db"); + // load JSS provider in CMS 4.1/4.2/4.2 (SP 2) + java.security.Security.removeProvider("Netscape version 1.4"); + java.security.Security.removeProvider("SunRsaSign version 1.0"); +// java.security.Security.insertProviderAt( +// new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS41LdifParser parser = null; + if (args.length == 1) { + parser = new CMS41LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS41LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS41LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes" + private static final String REQUEST_ATTRIBUTES = + "requestattributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS41LdifParser(String filename) + { + mFilename = filename; + } + + public CMS41LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) { + com.netscape.certsrv.base.ArgBlock o = + (com.netscape.certsrv.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) { + com.netscape.certsrv.dbs.keydb.KeyRecord o = + (com.netscape.certsrv.dbs.keydb.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) { + com.netscape.certsrv.kra.ProofOfArchival o = + (com.netscape.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/41ToTxt/src/compile.bat b/pki/base/migrate/41ToTxt/src/compile.bat new file mode 100755 index 000000000..fd92f3fb7 --- /dev/null +++ b/pki/base/migrate/41ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "41ToTxt/classes/Main.class" and +REM "41ToTxt/classes/CMS41LdifParser.class" which are +REM used to create a normalized CMS 4.1 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 41ToTxt +REM + +REM SET SERVER_ROOT=C:\cms41 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 4.1 NOTE: "WINNT" - 1.1.6 +REM + +REM SET JDK_VERSION=CMS_4.1 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 41ToTxt - create "CMS41LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\lib\classes.zip;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/41ToTxt/src/compile.sh b/pki/base/migrate/41ToTxt/src/compile.sh new file mode 100755 index 000000000..968190ff2 --- /dev/null +++ b/pki/base/migrate/41ToTxt/src/compile.sh @@ -0,0 +1,150 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "41ToTxt/classes/Main.class" and ### +### "41ToTxt/classes/CMS41LdifParser.class" which are ### +### used to create a normalized CMS 4.1 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 41ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms41 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 4.1 NOTE: "SunOS" - 1.1.6 +### + +#JDK_VERSION=CMS_4.1 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.1" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform (SunOS) +### + +LD_LIBRARY_PATH=${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads +export LD_LIBRARY_PATH + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 41ToTxt - create "CMS41LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/lib/classes.zip:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar Main.java + diff --git a/pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.class b/pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.class Binary files differnew file mode 100644 index 000000000..a6f2438e8 --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/classes/CMS42SP2LdifParser.class diff --git a/pki/base/migrate/42SP2ToTxt/classes/Main.class b/pki/base/migrate/42SP2ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..41d08aedf --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/classes/Main.class diff --git a/pki/base/migrate/42SP2ToTxt/run.bat b/pki/base/migrate/42SP2ToTxt/run.bat new file mode 100755 index 000000000..ec2a5d6ff --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 4.2 (SP 2) ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 4.2 (SP 2) ldif text file. +REM +REM This subsequent normalized CMS 4.2 (SP 2) ldif text file +REM can be migrated into CMS 6.0 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 4.2 (SP 2) ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms43 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.2 (SP 2)" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss21.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/42SP2ToTxt/run.sh b/pki/base/migrate/42SP2ToTxt/run.sh new file mode 100755 index 000000000..bbb056f0f --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/run.sh @@ -0,0 +1,205 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 4.2 (SP 2) ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 4.2 (SP 2) ldif text file. ### +### ### +### This subsequent normalized CMS 4.2 (SP 2) ldif text file ### +### can be migrated into CMS 6.0 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 4.2 (SP 2) ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms43 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.2 (SP 2)" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "AIX" ] ; then + LIBPATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/aix/native_threads + export LIBPATH +elif [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +elif [ ${OS_NAME} = "OSF1" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/alpha/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss21.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/42SP2ToTxt/src/Main.java b/pki/base/migrate/42SP2ToTxt/src/Main.java new file mode 100644 index 000000000..9f648aef2 --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/src/Main.java @@ -0,0 +1,429 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "42SP2ToTxt/src/Main.java" is based upon a copy "42ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 4.2 (SP 2)" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 42ToTxt/src/Main.java 42SP2ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import com.netscape.jss.*; // CMS 4.1/4.2/4.2 (SP 2) +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.1/4.2/4.2 (SP 2) + CryptoManager.initialize("./secmod.db", "./key3.db", "./cert7.db"); + // load JSS provider in CMS 4.1/4.2/4.2 (SP 2) + java.security.Security.removeProvider("Netscape version 1.4"); + java.security.Security.removeProvider("SunRsaSign version 1.0"); +// java.security.Security.insertProviderAt( +// new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS42SP2LdifParser parser = null; + if (args.length == 1) { + parser = new CMS42SP2LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS42SP2LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS42SP2LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes" + private static final String REQUEST_ATTRIBUTES = + "requestattributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS42SP2LdifParser(String filename) + { + mFilename = filename; + } + + public CMS42SP2LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) { + com.netscape.certsrv.base.ArgBlock o = + (com.netscape.certsrv.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) { + com.netscape.certsrv.dbs.keydb.KeyRecord o = + (com.netscape.certsrv.dbs.keydb.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) { + com.netscape.certsrv.kra.ProofOfArchival o = + (com.netscape.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/42SP2ToTxt/src/compile.bat b/pki/base/migrate/42SP2ToTxt/src/compile.bat new file mode 100755 index 000000000..5b6c11566 --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "42SP2ToTxt/classes/Main.class" and +REM "42SP2ToTxt/classes/CMS42SP2LdifParser.class" which are +REM used to create a normalized CMS 4.2 (SP 2) ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 42SP2ToTxt +REM + +REM SET SERVER_ROOT=C:\cms43 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 4.2 (SP 2) NOTE: "WINNT" - 1.3.0 +REM +REM CMS 4.2 (SP 2) CONSOLE NOTE: "WINNT" - 1.1.7A +REM + +REM SET JDK_VERSION=CMS_4.3 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.2 (SP 2)" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 42SP2ToTxt - create "CMS42SP2LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss21.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/42SP2ToTxt/src/compile.sh b/pki/base/migrate/42SP2ToTxt/src/compile.sh new file mode 100755 index 000000000..a6f9c8165 --- /dev/null +++ b/pki/base/migrate/42SP2ToTxt/src/compile.sh @@ -0,0 +1,174 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "42SP2ToTxt/classes/Main.class" and ### +### "42SP2ToTxt/classes/CMS42SP2LdifParser.class" which are ### +### used to create a normalized CMS 4.2 (SP 2) ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 42SP2ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms43 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "AIX", "HP-UX", "Linux", "OSF1", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 4.2 (SP 2) NOTE: "AIX" - 1.3.0 +### "HP-UX" - 1.3.0.00 +### "Linux" - 1.3.0 +### "OSF1" - 1.3.0-1 +### "SunOS" - 1.3.0 +### +### CMS 4.2 (SP 2) CONSOLE NOTE: "AIX" - 1.1.6_10 +### "HP-UX" - 1.1.6 +### "Linux" - 1.1.7 +### "OSF1" - 1.1.6 +### "SunOS" - 1.1.6 +### + +#JDK_VERSION=CMS_4.3 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.2 (SP 2)" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "AIX" ] ; then + LIBPATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/aix/native_threads + export LIBPATH +elif [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +elif [ ${OS_NAME} = "OSF1" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/alpha/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 42SP2ToTxt - create "CMS42SP2LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss21.jar Main.java + diff --git a/pki/base/migrate/42ToTxt/classes/CMS42LdifParser.class b/pki/base/migrate/42ToTxt/classes/CMS42LdifParser.class Binary files differnew file mode 100644 index 000000000..cba476570 --- /dev/null +++ b/pki/base/migrate/42ToTxt/classes/CMS42LdifParser.class diff --git a/pki/base/migrate/42ToTxt/classes/Main.class b/pki/base/migrate/42ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..8f1cccca9 --- /dev/null +++ b/pki/base/migrate/42ToTxt/classes/Main.class diff --git a/pki/base/migrate/42ToTxt/run.bat b/pki/base/migrate/42ToTxt/run.bat new file mode 100755 index 000000000..43300869c --- /dev/null +++ b/pki/base/migrate/42ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 4.2 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 4.2 ldif text file. +REM +REM This subsequent normalized CMS 4.2 ldif text file +REM can be migrated into CMS 6.0 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 4.2 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms42 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\jre.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/42ToTxt/run.sh b/pki/base/migrate/42ToTxt/run.sh new file mode 100755 index 000000000..2eedfb395 --- /dev/null +++ b/pki/base/migrate/42ToTxt/run.sh @@ -0,0 +1,205 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 4.2 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 4.2 ldif text file. ### +### ### +### This subsequent normalized CMS 4.2 ldif text file ### +### can be migrated into CMS 6.0 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 4.2 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms42 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.2" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "AIX" ] ; then + LIBPATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/aix/native_threads + export LIBPATH +elif [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +elif [ ${OS_NAME} = "OSF1" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/alpha/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/jre -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/42ToTxt/src/Main.java b/pki/base/migrate/42ToTxt/src/Main.java new file mode 100644 index 000000000..041ea329b --- /dev/null +++ b/pki/base/migrate/42ToTxt/src/Main.java @@ -0,0 +1,429 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "42ToTxt/src/Main.java" is based upon a copy "41ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 4.2" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 41ToTxt/src/Main.java 42ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import com.netscape.jss.*; // CMS 4.1/4.2/4.2 (SP 2) +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.1/4.2/4.2 (SP 2) + CryptoManager.initialize("./secmod.db", "./key3.db", "./cert7.db"); + // load JSS provider in CMS 4.1/4.2/4.2 (SP 2) + java.security.Security.removeProvider("Netscape version 1.4"); + java.security.Security.removeProvider("SunRsaSign version 1.0"); +// java.security.Security.insertProviderAt( +// new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS42LdifParser parser = null; + if (args.length == 1) { + parser = new CMS42LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS42LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS42LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes" + private static final String REQUEST_ATTRIBUTES = + "requestattributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS42LdifParser(String filename) + { + mFilename = filename; + } + + public CMS42LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) { + com.netscape.certsrv.base.ArgBlock o = + (com.netscape.certsrv.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) { + com.netscape.certsrv.dbs.keydb.KeyRecord o = + (com.netscape.certsrv.dbs.keydb.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) { + com.netscape.certsrv.kra.ProofOfArchival o = + (com.netscape.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/42ToTxt/src/compile.bat b/pki/base/migrate/42ToTxt/src/compile.bat new file mode 100755 index 000000000..20ca0ebb5 --- /dev/null +++ b/pki/base/migrate/42ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "42ToTxt/classes/Main.class" and +REM "42ToTxt/classes/CMS42LdifParser.class" which are +REM used to create a normalized CMS 4.2 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 42ToTxt +REM + +REM SET SERVER_ROOT=C:\cms42 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 4.2 NOTE: "WINNT" - 1.1.7A +REM + +REM SET JDK_VERSION=CMS_4.2 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 42ToTxt - create "CMS42LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\lib\classes.zip;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss.jar;%SERVER_ROOT%\bin\cert\jars\jssjdk12.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/42ToTxt/src/compile.sh b/pki/base/migrate/42ToTxt/src/compile.sh new file mode 100755 index 000000000..e8acf71bf --- /dev/null +++ b/pki/base/migrate/42ToTxt/src/compile.sh @@ -0,0 +1,168 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "42ToTxt/classes/Main.class" and ### +### "42ToTxt/classes/CMS42LdifParser.class" which are ### +### used to create a normalized CMS 4.2 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 42ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms42 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "AIX", "HP-UX", "Linux", "OSF1", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 4.2 NOTE: "AIX" - 1.1.6_10 +### "HP-UX" - 1.1.6 +### "Linux" - 1.1.7 +### "OSF1" - 1.1.6 +### "SunOS" - 1.1.6 +### + +#JDK_VERSION=CMS_4.2 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.2" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "AIX" ] ; then + LIBPATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/aix/native_threads + export LIBPATH +elif [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +elif [ ${OS_NAME} = "OSF1" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/alpha/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 42ToTxt - create "CMS42LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/lib/classes.zip:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss.jar:${SERVER_ROOT}/bin/cert/jars/jssjdk12.jar Main.java + diff --git a/pki/base/migrate/45ToTxt/classes/CMS45LdifParser.class b/pki/base/migrate/45ToTxt/classes/CMS45LdifParser.class Binary files differnew file mode 100644 index 000000000..89d8e48e1 --- /dev/null +++ b/pki/base/migrate/45ToTxt/classes/CMS45LdifParser.class diff --git a/pki/base/migrate/45ToTxt/classes/Main.class b/pki/base/migrate/45ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..f6feba04e --- /dev/null +++ b/pki/base/migrate/45ToTxt/classes/Main.class diff --git a/pki/base/migrate/45ToTxt/run.bat b/pki/base/migrate/45ToTxt/run.bat new file mode 100755 index 000000000..8dfb4e77c --- /dev/null +++ b/pki/base/migrate/45ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 4.5 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 4.5 ldif text file. +REM +REM This subsequent normalized CMS 4.5 ldif text file +REM can be migrated into CMS 6.0 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 4.5 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms45 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.5" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/45ToTxt/run.sh b/pki/base/migrate/45ToTxt/run.sh new file mode 100755 index 000000000..18f9c9b6f --- /dev/null +++ b/pki/base/migrate/45ToTxt/run.sh @@ -0,0 +1,196 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 4.5 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 4.5 ldif text file. ### +### ### +### This subsequent normalized CMS 4.5 ldif text file ### +### can be migrated into CMS 6.0 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 4.5 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms45 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.5" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/45ToTxt/src/Main.java b/pki/base/migrate/45ToTxt/src/Main.java new file mode 100644 index 000000000..f93623d67 --- /dev/null +++ b/pki/base/migrate/45ToTxt/src/Main.java @@ -0,0 +1,431 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "45ToTxt/src/Main.java" is based upon a copy "42SP2ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 4.5" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 42SP2ToTxt/src/Main.java 45ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS45LdifParser parser = null; + if (args.length == 1) { + parser = new CMS45LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS45LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS45LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.1/4.2/4.2 (SP 2)/4.5 use "requestattributes" + private static final String REQUEST_ATTRIBUTES = + "requestattributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS45LdifParser(String filename) + { + mFilename = filename; + } + + public CMS45LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) { + com.netscape.certsrv.base.ArgBlock o = + (com.netscape.certsrv.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.certsrv.dbs.keydb.KeyRecord) { + com.netscape.certsrv.dbs.keydb.KeyRecord o = + (com.netscape.certsrv.dbs.keydb.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) { + com.netscape.certsrv.kra.ProofOfArchival o = + (com.netscape.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/45ToTxt/src/compile.bat b/pki/base/migrate/45ToTxt/src/compile.bat new file mode 100755 index 000000000..11abbf103 --- /dev/null +++ b/pki/base/migrate/45ToTxt/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "45ToTxt/classes/Main.class" and +REM "45ToTxt/classes/CMS45LdifParser.class" which are +REM used to create a normalized CMS 4.5 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 45ToTxt +REM + +REM SET SERVER_ROOT=C:\cms45 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 4.5 NOTE: "WINNT" - 1.3.0 +REM +REM CMS 4.5 CONSOLE NOTE: "WINNT" - 1.1.7A +REM + +REM SET JDK_VERSION=CMS_4.5 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.5" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 45ToTxt - create "CMS45LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/45ToTxt/src/compile.sh b/pki/base/migrate/45ToTxt/src/compile.sh new file mode 100755 index 000000000..84df9b9c8 --- /dev/null +++ b/pki/base/migrate/45ToTxt/src/compile.sh @@ -0,0 +1,159 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "45ToTxt/classes/Main.class" and ### +### "41ToTxt/classes/CMS45LdifParser.class" which are ### +### used to create a normalized CMS 4.5 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 45ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms45 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "Linux" or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 4.5 NOTE: "Linux" - 1.3.0 +### "SunOS" - 1.3.0 +### +### CMS 4.5 CONSOLE NOTE: "Linux" - 1.1.7 +### "SunOS" - 1.1.6 +### + +#JDK_VERSION=CMS_4.5 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.5" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 45ToTxt - create "CMS45LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/47ToTxt/classes/CMS47LdifParser.class b/pki/base/migrate/47ToTxt/classes/CMS47LdifParser.class Binary files differnew file mode 100644 index 000000000..c94aaac2a --- /dev/null +++ b/pki/base/migrate/47ToTxt/classes/CMS47LdifParser.class diff --git a/pki/base/migrate/47ToTxt/classes/Main.class b/pki/base/migrate/47ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..c0d51a85d --- /dev/null +++ b/pki/base/migrate/47ToTxt/classes/Main.class diff --git a/pki/base/migrate/47ToTxt/run.bat b/pki/base/migrate/47ToTxt/run.bat new file mode 100755 index 000000000..e658ab410 --- /dev/null +++ b/pki/base/migrate/47ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 4.7 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 4.7 ldif text file. +REM +REM This subsequent normalized CMS 4.7 ldif text file +REM can be migrated into CMS 6.0 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 4.7 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms47 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.7" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/47ToTxt/run.sh b/pki/base/migrate/47ToTxt/run.sh new file mode 100755 index 000000000..9fa779715 --- /dev/null +++ b/pki/base/migrate/47ToTxt/run.sh @@ -0,0 +1,205 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 4.7 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 4.7 ldif text file. ### +### ### +### This subsequent normalized CMS 4.7 ldif text file ### +### can be migrated into CMS 6.0 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 4.7 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms47 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.7" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "AIX" ] ; then + LIBPATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/aix/native_threads + export LIBPATH +elif [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +elif [ ${OS_NAME} = "OSF1" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/alpha/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/47ToTxt/src/Main.java b/pki/base/migrate/47ToTxt/src/Main.java new file mode 100644 index 000000000..671447ac9 --- /dev/null +++ b/pki/base/migrate/47ToTxt/src/Main.java @@ -0,0 +1,438 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "47ToTxt/src/Main.java" is based upon a copy "42SP2ToTxt/src/Main.java" +// with additional material provided from "45ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 4.7" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following commands: +// +// diff 42SP2ToTxt/src/Main.java 47ToTxt/src/Main.java +// diff 45ToTxt/src/Main.java 47ToTxt/src/Main.java +// +// NOTE: The "47ToTxt/src/Main.java" file will differ substantially +// from the "42SP2ToTxt/src/Main.java" and "45ToTxt/src/Main.java" +// files upon which it was based due to the changes that were +// necessary to change "iplanet" to "netscape". +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import iplanet.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new iplanet.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS47LdifParser parser = null; + if (args.length == 1) { + parser = new CMS47LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS47LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS47LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS47LdifParser(String filename) + { + mFilename = filename; + } + + public CMS47LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof iplanet.security.x509.CertificateX509Key) { + iplanet.security.x509.CertificateX509Key o = + (iplanet.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.CertificateX509Key" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.CertificateSubjectName) { + iplanet.security.x509.CertificateSubjectName o = + (iplanet.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.CertificateSubjectName" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.CertificateExtensions) { + iplanet.security.x509.CertificateExtensions o = + (iplanet.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.CertificateExtensions" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.X509CertInfo) { + iplanet.security.x509.X509CertInfo o = + (iplanet.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.X509CertInfo" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.X509CertImpl) { + iplanet.security.x509.X509CertImpl o = + (iplanet.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.X509CertImpl" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.CertificateChain) { + iplanet.security.x509.CertificateChain o = + (iplanet.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.CertificateChain" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.X509CertImpl[]) { + iplanet.security.x509.X509CertImpl o[] = + (iplanet.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.X509CertImpl" +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof iplanet.security.x509.X509CertInfo[]) { + iplanet.security.x509.X509CertInfo o[] = + (iplanet.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.X509CertInfo" + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof iplanet.security.x509.RevokedCertImpl[]) { + iplanet.security.x509.RevokedCertImpl o[] = + (iplanet.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "netscape.security.x509.RevokedCertImpl" +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.iplanet.certsrv.base.ArgBlock) { + com.iplanet.certsrv.base.ArgBlock o = + (com.iplanet.certsrv.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + "com.netscape.certsrv.base.ArgBlock" + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.iplanet.certsrv.dbs.keydb.KeyRecord) { + com.iplanet.certsrv.dbs.keydb.KeyRecord o = + (com.iplanet.certsrv.dbs.keydb.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + "com.netscape.certsrv.dbs.keydb.KeyRecord" + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "com.netscape.certsrv.dbs.keydb.KeyRecord" + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + "com.netscape.certsrv.dbs.keydb.KeyRecord" + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.iplanet.certsrv.kra.ProofOfArchival) { + com.iplanet.certsrv.kra.ProofOfArchival o = + (com.iplanet.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + "com.netscape.certsrv.kra.ProofOfArchival" + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.iplanet.certsrv.request.AgentApprovals) { + com.iplanet.certsrv.request.AgentApprovals o = + (com.iplanet.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.iplanet.certsrv.request.AgentApproval approval = (com.iplanet.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + "com.netscape.certsrv.request.AgentApprovals" + ":" + "com.netscape.certsrv.request.AgentApprovals" + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.iplanet.certsrv.authentication.AuthToken) { + com.iplanet.certsrv.authentication.AuthToken o = + (com.iplanet.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + "com.netscape.certsrv.authentication.AuthToken" + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof iplanet.security.x509.CertificateAlgorithmId) { + iplanet.security.x509.CertificateAlgorithmId o = + (iplanet.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof iplanet.security.x509.CertificateValidity) { + iplanet.security.x509.CertificateValidity o = + (iplanet.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/47ToTxt/src/compile.bat b/pki/base/migrate/47ToTxt/src/compile.bat new file mode 100755 index 000000000..553beca5c --- /dev/null +++ b/pki/base/migrate/47ToTxt/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "47ToTxt/classes/Main.class" and +REM "47ToTxt/classes/CMS47LdifParser.class" which are +REM used to create a normalized CMS 4.7 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 47ToTxt +REM + +REM SET SERVER_ROOT=C:\cms47 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 4.7 NOTE: "WINNT" - 1.3.0 +REM +REM CMS 4.7 CONSOLE NOTE: "WINNT" - 1.1.7A +REM + +REM SET JDK_VERSION=CMS_4.7 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 4.7" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 47ToTxt - create "CMS47LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/47ToTxt/src/compile.sh b/pki/base/migrate/47ToTxt/src/compile.sh new file mode 100755 index 000000000..8d91b4491 --- /dev/null +++ b/pki/base/migrate/47ToTxt/src/compile.sh @@ -0,0 +1,174 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "47ToTxt/classes/Main.class" and ### +### "47ToTxt/classes/CMS47LdifParser.class" which are ### +### used to create a normalized CMS 4.7 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 47ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms47 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "AIX", "HP-UX", "Linux", "OSF1", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 4.7 NOTE: "AIX" - 1.3.0 +### "HP-UX" - 1.3.0.00 +### "Linux" - 1.3.0 +### "OSF1" - 1.3.0-1 +### "SunOS" - 1.3.0 +### +### CMS 4.7 CONSOLE NOTE: "AIX" - 1.1.6_10 +### "HP-UX" - 1.1.6 +### "Linux" - 1.1.7 +### "OSF1" - 1.1.6 +### "SunOS" - 1.1.6 +### + +#JDK_VERSION=CMS_4.7 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 4.7" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "AIX" ] ; then + LIBPATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/aix/native_threads + export LIBPATH +elif [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +elif [ ${OS_NAME} = "OSF1" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/alpha/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 47ToTxt - create "CMS47LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/60ToTxt/classes/CMS60LdifParser.class b/pki/base/migrate/60ToTxt/classes/CMS60LdifParser.class Binary files differnew file mode 100644 index 000000000..73da94b57 --- /dev/null +++ b/pki/base/migrate/60ToTxt/classes/CMS60LdifParser.class diff --git a/pki/base/migrate/60ToTxt/classes/Main.class b/pki/base/migrate/60ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..2027e509e --- /dev/null +++ b/pki/base/migrate/60ToTxt/classes/Main.class diff --git a/pki/base/migrate/60ToTxt/run.bat b/pki/base/migrate/60ToTxt/run.bat new file mode 100755 index 000000000..cc24fd214 --- /dev/null +++ b/pki/base/migrate/60ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 6.0/6.01 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 6.0/6.01 ldif text file. +REM +REM This subsequent normalized CMS 6.0/6.01 ldif text file +REM can be migrated into CMS 6.0/6.01 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 6.0/6.01 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms601 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/60ToTxt/run.sh b/pki/base/migrate/60ToTxt/run.sh new file mode 100755 index 000000000..a29e6e1f9 --- /dev/null +++ b/pki/base/migrate/60ToTxt/run.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 6.0/6.01 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 6.0/6.01 ldif text file. ### +### ### +### This subsequent normalized CMS 6.0/6.01 ldif text file ### +### can be migrated into CMS 6.0/6.01 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 6.0/6.01 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms601 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/60ToTxt/src/Main.java b/pki/base/migrate/60ToTxt/src/Main.java new file mode 100644 index 000000000..a5c67f0e4 --- /dev/null +++ b/pki/base/migrate/60ToTxt/src/Main.java @@ -0,0 +1,437 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "60ToTxt/src/Main.java" is based upon a copy "45ToTxt/src/Main.java" +// with additional material provided from "47ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 6.0" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following commands: +// +// diff 45ToTxt/src/Main.java 60ToTxt/src/Main.java +// diff 47ToTxt/src/Main.java 60ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS60LdifParser parser = null; + if (args.length == 1) { + parser = new CMS60LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS60LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS60LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS60LdifParser(String filename) + { + mFilename = filename; + } + + public CMS60LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.certsrv.base.ArgBlock) { + com.netscape.certsrv.base.ArgBlock o = + (com.netscape.certsrv.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) { + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.cmscore.kra.ProofOfArchival o = + (com.netscape.cmscore.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/60ToTxt/src/compile.bat b/pki/base/migrate/60ToTxt/src/compile.bat new file mode 100755 index 000000000..8c8b122c0 --- /dev/null +++ b/pki/base/migrate/60ToTxt/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "60ToTxt/classes/Main.class" and +REM "60ToTxt/classes/CMS60LdifParser.class" which are +REM used to create a normalized CMS 6.0/6.01 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 60ToTxt +REM + +REM SET SERVER_ROOT=C:\cms601 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.0 NOTE: "WINNT" - 1.3.1_02 +REM +REM CMS 6.01 NOTE: "WINNT" - 1.3.1_02 +REM + +REM SET JDK_VERSION=CMS_6.01 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 60ToTxt - create "CMS60LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/60ToTxt/src/compile.sh b/pki/base/migrate/60ToTxt/src/compile.sh new file mode 100755 index 000000000..5641688bb --- /dev/null +++ b/pki/base/migrate/60ToTxt/src/compile.sh @@ -0,0 +1,164 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "60ToTxt/classes/Main.class" and ### +### "60ToTxt/classes/CMS60LdifParser.class" which are ### +### used to create a normalized CMS 6.0/6.01 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 60ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms601 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.0 NOTE: "HP-UX" - 1.3.1.02 +### "Linux" - 1.3.1_02 +### "SunOS" - 1.3.1_02 +### +### CMS 6.01 NOTE: "HP-UX" - 1.3.1.02 +### "Linux" - 1.4.0 +### "SunOS" - 1.3.1_02 +### + +#JDK_VERSION=CMS_6.01 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 60ToTxt - create "CMS60LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/61ToTxt/classes/CMS61LdifParser.class b/pki/base/migrate/61ToTxt/classes/CMS61LdifParser.class Binary files differnew file mode 100644 index 000000000..9ec0e9e73 --- /dev/null +++ b/pki/base/migrate/61ToTxt/classes/CMS61LdifParser.class diff --git a/pki/base/migrate/61ToTxt/classes/Main.class b/pki/base/migrate/61ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..0f65e98a0 --- /dev/null +++ b/pki/base/migrate/61ToTxt/classes/Main.class diff --git a/pki/base/migrate/61ToTxt/run.bat b/pki/base/migrate/61ToTxt/run.bat new file mode 100755 index 000000000..2386ab20b --- /dev/null +++ b/pki/base/migrate/61ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 6.1 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 6.1 ldif text file. +REM +REM This subsequent normalized CMS 6.1 ldif text file +REM can be migrated into CMS 6.1 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 6.1 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms61 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/61ToTxt/run.sh b/pki/base/migrate/61ToTxt/run.sh new file mode 100755 index 000000000..aacdcfce7 --- /dev/null +++ b/pki/base/migrate/61ToTxt/run.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 6.1 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 6.1 ldif text file. ### +### ### +### This subsequent normalized CMS 6.1 ldif text file ### +### can be migrated into CMS 6.1 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 6.1 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms61 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.1" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/61ToTxt/src/Main.java b/pki/base/migrate/61ToTxt/src/Main.java new file mode 100644 index 000000000..05088ea23 --- /dev/null +++ b/pki/base/migrate/61ToTxt/src/Main.java @@ -0,0 +1,445 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "61ToTxt/src/Main.java" is based upon a copy "60ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 6.1" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 60ToTxt/src/Main.java 61ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS61LdifParser parser = null; + if (args.length == 1) { + parser = new CMS61LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS61LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS61LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS61LdifParser(String filename) + { + mFilename = filename; + } + + public CMS61LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) { + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.cmscore.kra.ProofOfArchival o = + (com.netscape.cmscore.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/61ToTxt/src/compile.bat b/pki/base/migrate/61ToTxt/src/compile.bat new file mode 100755 index 000000000..48bb90018 --- /dev/null +++ b/pki/base/migrate/61ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "61ToTxt/classes/Main.class" and +REM "61ToTxt/classes/CMS61LdifParser.class" which are +REM used to create a normalized CMS 6.1 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 61ToTxt +REM + +REM SET SERVER_ROOT=C:\cms61 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.1 NOTE: "WINNT" - 1.4.0 +REM + +REM SET JDK_VERSION=CMS_6.1 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 61ToTxt - create "CMS61LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/61ToTxt/src/compile.sh b/pki/base/migrate/61ToTxt/src/compile.sh new file mode 100755 index 000000000..b1f8c8505 --- /dev/null +++ b/pki/base/migrate/61ToTxt/src/compile.sh @@ -0,0 +1,160 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "61ToTxt/classes/Main.class" and ### +### "61ToTxt/classes/CMS61LdifParser.class" which are ### +### used to create a normalized CMS 6.1 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 61ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms61 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.1 NOTE: "HP-UX" - 1.3.1.02 +### "Linux" - 1.3.1_02 +### "SunOS" - 1.3.1_02 +### + +#JDK_VERSION=CMS_6.1 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.1" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 61ToTxt - create "CMS61LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/62ToTxt/classes/CMS62LdifParser.class b/pki/base/migrate/62ToTxt/classes/CMS62LdifParser.class Binary files differnew file mode 100644 index 000000000..092f19340 --- /dev/null +++ b/pki/base/migrate/62ToTxt/classes/CMS62LdifParser.class diff --git a/pki/base/migrate/62ToTxt/classes/Main.class b/pki/base/migrate/62ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..1a4cf38f7 --- /dev/null +++ b/pki/base/migrate/62ToTxt/classes/Main.class diff --git a/pki/base/migrate/62ToTxt/run.bat b/pki/base/migrate/62ToTxt/run.bat new file mode 100755 index 000000000..f182fd715 --- /dev/null +++ b/pki/base/migrate/62ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 6.2 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 6.2 ldif text file. +REM +REM This subsequent normalized CMS 6.2 ldif text file +REM can be migrated into CMS 6.2 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 6.2 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms62 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/62ToTxt/run.sh b/pki/base/migrate/62ToTxt/run.sh new file mode 100755 index 000000000..3715a4855 --- /dev/null +++ b/pki/base/migrate/62ToTxt/run.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 6.2 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 6.2 ldif text file. ### +### ### +### This subsequent normalized CMS 6.2 ldif text file ### +### can be migrated into CMS 6.2 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 6.2 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms62 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.2" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/62ToTxt/src/Main.java b/pki/base/migrate/62ToTxt/src/Main.java new file mode 100644 index 000000000..502b3a81b --- /dev/null +++ b/pki/base/migrate/62ToTxt/src/Main.java @@ -0,0 +1,445 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "62ToTxt/src/Main.java" is based upon a copy "61ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 6.2" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 61ToTxt/src/Main.java 62ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS62LdifParser parser = null; + if (args.length == 1) { + parser = new CMS62LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS62LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS62LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS62LdifParser(String filename) + { + mFilename = filename; + } + + public CMS62LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) { + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.cmscore.kra.ProofOfArchival o = + (com.netscape.cmscore.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/62ToTxt/src/compile.bat b/pki/base/migrate/62ToTxt/src/compile.bat new file mode 100755 index 000000000..c6bfff97e --- /dev/null +++ b/pki/base/migrate/62ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "62ToTxt/classes/Main.class" and +REM "62ToTxt/classes/CMS62LdifParser.class" which are +REM used to create a normalized CMS 6.2 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 62ToTxt +REM + +REM SET SERVER_ROOT=C:\cms62 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.2 NOTE: "WINNT" - 1.4.0 +REM + +REM SET JDK_VERSION=CMS_6.2 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 62ToTxt - create "CMS62LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/62ToTxt/src/compile.sh b/pki/base/migrate/62ToTxt/src/compile.sh new file mode 100755 index 000000000..163d5e440 --- /dev/null +++ b/pki/base/migrate/62ToTxt/src/compile.sh @@ -0,0 +1,160 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "62ToTxt/classes/Main.class" and ### +### "62ToTxt/classes/CMS62LdifParser.class" which are ### +### used to create a normalized CMS 6.2 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 62ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms62 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.2 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.0 +### "SunOS" - 1.4.0 +### + +#JDK_VERSION=CMS_6.2 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.2" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 62ToTxt - create "CMS62LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/63ToTxt/classes/CMS63LdifParser.class b/pki/base/migrate/63ToTxt/classes/CMS63LdifParser.class Binary files differnew file mode 100644 index 000000000..a3c055eb7 --- /dev/null +++ b/pki/base/migrate/63ToTxt/classes/CMS63LdifParser.class diff --git a/pki/base/migrate/63ToTxt/classes/Main.class b/pki/base/migrate/63ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..727f4054e --- /dev/null +++ b/pki/base/migrate/63ToTxt/classes/Main.class diff --git a/pki/base/migrate/63ToTxt/run.bat b/pki/base/migrate/63ToTxt/run.bat new file mode 100755 index 000000000..34c9422c8 --- /dev/null +++ b/pki/base/migrate/63ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 6.3 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 6.3 ldif text file. +REM +REM This subsequent normalized CMS 6.3 ldif text file +REM can be migrated into CMS 6.3 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 6.3 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms63 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.3" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/63ToTxt/run.sh b/pki/base/migrate/63ToTxt/run.sh new file mode 100755 index 000000000..def9d7180 --- /dev/null +++ b/pki/base/migrate/63ToTxt/run.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 6.3 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 6.3 ldif text file. ### +### ### +### This subsequent normalized CMS 6.3 ldif text file ### +### can be migrated into CMS 6.3 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 6.3 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms63 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.3" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/63ToTxt/src/Main.java b/pki/base/migrate/63ToTxt/src/Main.java new file mode 100644 index 000000000..326404642 --- /dev/null +++ b/pki/base/migrate/63ToTxt/src/Main.java @@ -0,0 +1,445 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "63ToTxt/src/Main.java" is based upon a copy "62ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 6.3" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 62ToTxt/src/Main.java 63ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS63LdifParser parser = null; + if (args.length == 1) { + parser = new CMS63LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS63LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS63LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS63LdifParser(String filename) + { + mFilename = filename; + } + + public CMS63LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) { + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.cmscore.kra.ProofOfArchival o = + (com.netscape.cmscore.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/63ToTxt/src/compile.bat b/pki/base/migrate/63ToTxt/src/compile.bat new file mode 100755 index 000000000..f587dd7e8 --- /dev/null +++ b/pki/base/migrate/63ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "63ToTxt/classes/Main.class" and +REM "63ToTxt/classes/CMS63LdifParser.class" which are +REM used to create a normalized CMS 6.3 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 63ToTxt +REM + +REM SET SERVER_ROOT=C:\cms63 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.3 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CMS_6.3 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.3" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 63ToTxt - create "CMS63LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/63ToTxt/src/compile.sh b/pki/base/migrate/63ToTxt/src/compile.sh new file mode 100755 index 000000000..57b9c7718 --- /dev/null +++ b/pki/base/migrate/63ToTxt/src/compile.sh @@ -0,0 +1,160 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "63ToTxt/classes/Main.class" and ### +### "63ToTxt/classes/CMS63LdifParser.class" which are ### +### used to create a normalized CMS 6.3 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 63ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms63 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.3 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### + +#JDK_VERSION=CMS_6.3 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.3" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 63ToTxt - create "CMS63LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/70ToTxt/classes/CMS70LdifParser.class b/pki/base/migrate/70ToTxt/classes/CMS70LdifParser.class Binary files differnew file mode 100644 index 000000000..336286501 --- /dev/null +++ b/pki/base/migrate/70ToTxt/classes/CMS70LdifParser.class diff --git a/pki/base/migrate/70ToTxt/classes/Main.class b/pki/base/migrate/70ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..67545d8c1 --- /dev/null +++ b/pki/base/migrate/70ToTxt/classes/Main.class diff --git a/pki/base/migrate/70ToTxt/run.bat b/pki/base/migrate/70ToTxt/run.bat new file mode 100755 index 000000000..15434b345 --- /dev/null +++ b/pki/base/migrate/70ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CMS 7.0/7.01 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CMS 7.0/7.01 ldif text file. +REM +REM This subsequent normalized CMS 7.0/7.01 ldif text file +REM can be migrated into CMS 7.0/7.01 or later utilizing +REM the corresponding TxtTo<Target CMS Version> script which +REM converts this normalized CMS 7.0/7.01 ldif text file into +REM a <Target CMS Version> ldif data file. +REM +REM This <Target CMS Version> ldif data file can then be +REM imported into the internal database of the desired CMS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms701 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 7.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/70ToTxt/run.sh b/pki/base/migrate/70ToTxt/run.sh new file mode 100755 index 000000000..7cae41bd5 --- /dev/null +++ b/pki/base/migrate/70ToTxt/run.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CMS 7.0/7.01 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CMS 7.0/7.01 ldif text file. ### +### ### +### This subsequent normalized CMS 7.0/7.01 ldif text file ### +### can be migrated into CMS 7.0/7.01 or later utilizing ### +### the corresponding TxtTo<Target CMS Version> script which ### +### converts this normalized CMS 7.0/7.01 ldif text file into ### +### a <Target CMS Version> ldif data file. ### +### ### +### This <Target CMS Version> ldif data file can then be ### +### imported into the internal database of the desired CMS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms701 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 7.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/70ToTxt/src/Main.java b/pki/base/migrate/70ToTxt/src/Main.java new file mode 100644 index 000000000..ba1edcf0e --- /dev/null +++ b/pki/base/migrate/70ToTxt/src/Main.java @@ -0,0 +1,445 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "70ToTxt/src/Main.java" is based upon a copy "62ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.0" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 62ToTxt/src/Main.java 70ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS70LdifParser parser = null; + if (args.length == 1) { + parser = new CMS70LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS70LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS70LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS70LdifParser(String filename) + { + mFilename = filename; + } + + public CMS70LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) { + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.cmscore.kra.ProofOfArchival o = + (com.netscape.cmscore.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/70ToTxt/src/compile.bat b/pki/base/migrate/70ToTxt/src/compile.bat new file mode 100755 index 000000000..164cdc321 --- /dev/null +++ b/pki/base/migrate/70ToTxt/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "70ToTxt/classes/Main.class" and +REM "70ToTxt/classes/CMS70LdifParser.class" which are +REM used to create a normalized CMS 7.0 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile 70ToTxt +REM + +REM SET SERVER_ROOT=C:\cms701 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 7.0 NOTE: "WINNT" - 1.4.2 +REM +REM CMS 7.01 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CMS_7.01 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 7.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CMS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 70ToTxt - create "CMS70LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/70ToTxt/src/compile.sh b/pki/base/migrate/70ToTxt/src/compile.sh new file mode 100755 index 000000000..28960f8ef --- /dev/null +++ b/pki/base/migrate/70ToTxt/src/compile.sh @@ -0,0 +1,164 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "70ToTxt/classes/Main.class" and ### +### "70ToTxt/classes/CMS70LdifParser.class" which are ### +### used to create a normalized CMS 7.0 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile 70ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cms701 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 7.0 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### +### CMS 7.01 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### + +#JDK_VERSION=CMS_7.01 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 7.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CMS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 70ToTxt - create "CMS70LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/71ToTxt/classes/CMS71LdifParser.class b/pki/base/migrate/71ToTxt/classes/CMS71LdifParser.class Binary files differnew file mode 100644 index 000000000..58d1ff7e3 --- /dev/null +++ b/pki/base/migrate/71ToTxt/classes/CMS71LdifParser.class diff --git a/pki/base/migrate/71ToTxt/classes/Main.class b/pki/base/migrate/71ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..7ca2b1ca7 --- /dev/null +++ b/pki/base/migrate/71ToTxt/classes/Main.class diff --git a/pki/base/migrate/71ToTxt/run.bat b/pki/base/migrate/71ToTxt/run.bat new file mode 100755 index 000000000..4dbe2f5cd --- /dev/null +++ b/pki/base/migrate/71ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CS 7.1 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CS 7.1 ldif text file. +REM +REM This subsequent normalized CS 7.1 ldif text file +REM can be migrated into CS 7.1 or later utilizing +REM the corresponding TxtTo<Target CS Version> script which +REM converts this normalized CS 7.1 ldif text file into +REM a <Target CS Version> ldif data file. +REM +REM This <Target CS Version> ldif data file can then be +REM imported into the internal database of the desired CS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cs71 + + +REM +REM INSTANCE - if the CS instance directory is called 'cert-ca', +REM set the CS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CS% ldif data file +REM into a normalized %CS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/71ToTxt/run.sh b/pki/base/migrate/71ToTxt/run.sh new file mode 100755 index 000000000..f9659bab4 --- /dev/null +++ b/pki/base/migrate/71ToTxt/run.sh @@ -0,0 +1,199 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CS 7.1 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CS 7.1 ldif text file. ### +### ### +### This subsequent normalized CS 7.1 ldif text file ### +### can be migrated into CS 7.1 or later utilizing ### +### the corresponding TxtTo<Target CS Version> script which ### +### converts this normalized CS 7.1 ldif text file into ### +### a <Target CS Version> ldif data file. ### +### ### +### This <Target CS Version> ldif data file can then be ### +### imported into the internal database of the desired CS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cs71 +#export SERVER_ROOT + + +### +### INSTANCE - if the CS instance directory is called 'cert-ca', +### set the CS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.1" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CS} ldif data file +### into a normalized ${CS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/71ToTxt/src/Main.java b/pki/base/migrate/71ToTxt/src/Main.java new file mode 100644 index 000000000..2ad7823a5 --- /dev/null +++ b/pki/base/migrate/71ToTxt/src/Main.java @@ -0,0 +1,445 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "71ToTxt/src/Main.java" is based upon a copy "70ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.1" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 70ToTxt/src/Main.java 71ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS71LdifParser parser = null; + if (args.length == 1) { + parser = new CMS71LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS71LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS71LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS71LdifParser(String filename) + { + mFilename = filename; + } + + public CMS71LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.cmscore.kra.ProofOfArchival) { + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.cmscore.kra.ProofOfArchival o = + (com.netscape.cmscore.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/71ToTxt/src/compile.bat b/pki/base/migrate/71ToTxt/src/compile.bat new file mode 100755 index 000000000..49ba89621 --- /dev/null +++ b/pki/base/migrate/71ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "71ToTxt/classes/Main.class" and +REM "71ToTxt/classes/CMS71LdifParser.class" which are +REM used to create a normalized CS 7.1 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CS <server_root> used to compile 71ToTxt +REM + +REM SET SERVER_ROOT=C:\cs71 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CS +REM +REM CS 7.1 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CS_7.1 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 71ToTxt - create "CMS71LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/71ToTxt/src/compile.sh b/pki/base/migrate/71ToTxt/src/compile.sh new file mode 100755 index 000000000..23464bcb3 --- /dev/null +++ b/pki/base/migrate/71ToTxt/src/compile.sh @@ -0,0 +1,160 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "71ToTxt/classes/Main.class" and ### +### "71ToTxt/classes/CMS71LdifParser.class" which are ### +### used to create a normalized CS 7.1 ldif text file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CS <server_root> used to compile 71ToTxt +### + +#SERVER_ROOT=/export/home/migrate/cs71 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CS +### +### CS 7.1 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### + +#JDK_VERSION=CS_7.1 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.1" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 71ToTxt - create "CMS71LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/72ToTxt/classes/CMS72LdifParser.class b/pki/base/migrate/72ToTxt/classes/CMS72LdifParser.class Binary files differnew file mode 100644 index 000000000..98cda7178 --- /dev/null +++ b/pki/base/migrate/72ToTxt/classes/CMS72LdifParser.class diff --git a/pki/base/migrate/72ToTxt/classes/Main.class b/pki/base/migrate/72ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..850ae710e --- /dev/null +++ b/pki/base/migrate/72ToTxt/classes/Main.class diff --git a/pki/base/migrate/72ToTxt/run.bat b/pki/base/migrate/72ToTxt/run.bat new file mode 100755 index 000000000..9613fe5d5 --- /dev/null +++ b/pki/base/migrate/72ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CS 7.2 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CS 7.2 ldif text file. +REM +REM This subsequent normalized CS 7.2 ldif text file +REM can be migrated into CS 7.2 or later utilizing +REM the corresponding TxtTo<Target CS Version> script which +REM converts this normalized CS 7.2 ldif text file into +REM a <Target CS Version> ldif data file. +REM +REM This <Target CS Version> ldif data file can then be +REM imported into the internal database of the desired CS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cs72 + + +REM +REM INSTANCE - if the CS instance directory is called 'cert-ca', +REM set the CS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CS% ldif data file +REM into a normalized %CS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/72ToTxt/run.sh b/pki/base/migrate/72ToTxt/run.sh new file mode 100755 index 000000000..da356e1a2 --- /dev/null +++ b/pki/base/migrate/72ToTxt/run.sh @@ -0,0 +1,154 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CS 7.2 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CS 7.2 ldif text file. ### +### ### +### This subsequent normalized CS 7.2 ldif text file ### +### can be migrated into CS 7.2 or later utilizing ### +### the corresponding TxtTo<Target CS Version> script which ### +### converts this normalized CS 7.2 ldif text file into ### +### a <Target CS Version> ldif data file. ### +### ### +### This <Target CS Version> ldif data file can then be ### +### imported into the internal database of the desired CS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + +### +### Java Runtime Environment +### +JRE_ROOT=/usr/lib/jvm/jre-1.5.0 +export JRE_ROOT + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + +### +### Script-defined constants +### + +CS="CS 7.2" +export CS + +OS_NAME=`uname` +export OS_NAME + +ARCH=`uname -i` +export ARCH + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### +CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar +export CLASSPATH + +if [ ${OS_NAME} = "Linux" ] ; then + if [ ${ARCH} = "i386" ] ; then + LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + else # x86_64 + LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH + fi +else # SunOS 64-bits + LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH +fi + + +### +### Convert the specified ${CS} ldif data file +### into a normalized ${CS} ldif text file. +### + +${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2 diff --git a/pki/base/migrate/72ToTxt/src/Main.java b/pki/base/migrate/72ToTxt/src/Main.java new file mode 100644 index 000000000..856e4209f --- /dev/null +++ b/pki/base/migrate/72ToTxt/src/Main.java @@ -0,0 +1,447 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "71ToTxt/src/Main.java" is based upon a copy "70ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.1" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 70ToTxt/src/Main.java 71ToTxt/src/Main.java +// + +import java.io.*; +import java.math.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS72LdifParser parser = null; + if (args.length == 1) { + parser = new CMS72LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS72LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS72LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS72LdifParser(String filename) + { + mFilename = filename; + } + + public CMS72LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) { + // CS 7.2: moved com.netscape.cmscore.kra.ProofOfArchival + // to com.netscape.certsrv.kra.ProofOfArchival + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.certsrv.kra.ProofOfArchival o = + (com.netscape.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/72ToTxt/src/compile.bat b/pki/base/migrate/72ToTxt/src/compile.bat new file mode 100755 index 000000000..c0377e5e5 --- /dev/null +++ b/pki/base/migrate/72ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "72ToTxt/classes/Main.class" and +REM "72ToTxt/classes/CMS72LdifParser.class" which are +REM used to create a normalized CS 7.2 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CS <server_root> used to compile 72ToTxt +REM + +REM SET SERVER_ROOT=C:\cs72 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CS +REM +REM CS 7.2 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CS_7.2 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 72ToTxt - create "CMS72LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/72ToTxt/src/compile.sh b/pki/base/migrate/72ToTxt/src/compile.sh new file mode 100755 index 000000000..6c616cd40 --- /dev/null +++ b/pki/base/migrate/72ToTxt/src/compile.sh @@ -0,0 +1,139 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "72ToTxt/classes/Main.class" and ### +### "72ToTxt/classes/CMS72LdifParser.class" which are ### +### used to create a normalized CS 7.2 ldif text file. ### +### ### +##################################################################### + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=Linux +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CS +### +### CS 7.2 NOTE: "Linux" - 1.5.0 (IBM) +### "SunOS" - 1.5.0 +### + +#JDK_VERSION=CS_7.2.0 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.2" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 72ToTxt - create "CMS72LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/rhpki/ca/ca.jar:/usr/lib/java/rhpki/tks/tks.jar:/usr/lib/java/rhpki/ocsp/ocsp.jar:/usr/lib/java/rhpki/kra/kra.jar:/usr/lib/java/dirsec/jss4.jar Main.java + diff --git a/pki/base/migrate/73ToTxt/classes/CMS73LdifParser.class b/pki/base/migrate/73ToTxt/classes/CMS73LdifParser.class Binary files differnew file mode 100644 index 000000000..d59151df9 --- /dev/null +++ b/pki/base/migrate/73ToTxt/classes/CMS73LdifParser.class diff --git a/pki/base/migrate/73ToTxt/classes/Main.class b/pki/base/migrate/73ToTxt/classes/Main.class Binary files differnew file mode 100644 index 000000000..7fd850ae7 --- /dev/null +++ b/pki/base/migrate/73ToTxt/classes/Main.class diff --git a/pki/base/migrate/73ToTxt/run.bat b/pki/base/migrate/73ToTxt/run.bat new file mode 100755 index 000000000..0896bf17a --- /dev/null +++ b/pki/base/migrate/73ToTxt/run.bat @@ -0,0 +1,192 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a pre-existing CS 7.3 ldif data +REM file (e. g. - created via a utility such as db2ldif) +REM into a normalized CS 7.3 ldif text file. +REM +REM This subsequent normalized CS 7.3 ldif text file +REM can be migrated into CS 7.3 or later utilizing +REM the corresponding TxtTo<Target CS Version> script which +REM converts this normalized CS 7.3 ldif text file into +REM a <Target CS Version> ldif data file. +REM +REM This <Target CS Version> ldif data file can then be +REM imported into the internal database of the desired CS +REM server using a utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cs72 + + +REM +REM INSTANCE - if the CS instance directory is called 'cert-ca', +REM set the CS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.3" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CS% ldif data file +REM into a normalized %CS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/73ToTxt/run.sh b/pki/base/migrate/73ToTxt/run.sh new file mode 100755 index 000000000..405d08b86 --- /dev/null +++ b/pki/base/migrate/73ToTxt/run.sh @@ -0,0 +1,154 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a pre-existing CS 7.3 ldif data ### +### file (e. g. - created via a utility such as db2ldif) ### +### into a normalized CS 7.3 ldif text file. ### +### ### +### This subsequent normalized CS 7.3 ldif text file ### +### can be migrated into CS 7.3 or later utilizing ### +### the corresponding TxtTo<Target CS Version> script which ### +### converts this normalized CS 7.3 ldif text file into ### +### a <Target CS Version> ldif data file. ### +### ### +### This <Target CS Version> ldif data file can then be ### +### imported into the internal database of the desired CS ### +### server using a utility such as ldif2db. ### +### ### +##################################################################### + +### +### Java Runtime Environment +### +JRE_ROOT=/usr/lib/jvm/jre-1.5.0 +export JRE_ROOT + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + +### +### Script-defined constants +### + +CS="CS 7.3" +export CS + +OS_NAME=`uname` +export OS_NAME + +ARCH=`uname -i` +export ARCH + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### +CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar +export CLASSPATH + +if [ ${OS_NAME} = "Linux" ] ; then + if [ ${ARCH} = "i386" ] ; then + LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + else # x86_64 + LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH + fi +else # SunOS 64-bits + LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/72ToTxt/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH +fi + + +### +### Convert the specified ${CS} ldif data file +### into a normalized ${CS} ldif text file. +### + +${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2 diff --git a/pki/base/migrate/73ToTxt/src/Main.java b/pki/base/migrate/73ToTxt/src/Main.java new file mode 100644 index 000000000..63e306ed8 --- /dev/null +++ b/pki/base/migrate/73ToTxt/src/Main.java @@ -0,0 +1,447 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "71ToTxt/src/Main.java" is based upon a copy "70ToTxt/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.1" header, and +// apply these changes forward to all other "*ToTxt/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "*ToTxt" version. +// +// This file should always be maintained by executing the following command: +// +// diff 70ToTxt/src/Main.java 71ToTxt/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import netscape.security.util.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS73LdifParser parser = null; + if (args.length == 1) { + parser = new CMS73LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS73LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS73LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS73LdifParser(String filename) + { + mFilename = filename; + } + + public CMS73LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + StringBuffer requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.startsWith(REQUEST_ATTRIBUTES)) { + requestAttributes = new StringBuffer(); + // System.out.println(line); + requestAttributes.append( + line.substring(REQUEST_ATTRIBUTES.length(), + line.length()).trim()); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.startsWith(" ")) { + // System.out.println(line); + requestAttributes.append(line.trim()); + } else { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + System.out.println(line); + } + } + } + + public void parseAttributes(String dn, StringBuffer attrs) throws Exception + { + BASE64Decoder decoder = new BASE64Decoder(); + decodeHashtable(dn, decoder.decodeBuffer(attrs.toString())); + +// System.out.println(attrs); + } + + public Object decode(byte[] data) throws + ObjectStreamException, + IOException, + ClassNotFoundException + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + return is.readObject(); + } + + public void decodeHashtable(String dn, byte[] data) throws Exception + { + ByteArrayInputStream bis = new ByteArrayInputStream(data); + ObjectInputStream is = new ObjectInputStream(bis); + + System.out.println(BEGIN); + String key = null; + while (true) + { + key = (String)is.readObject(); + // end of table is marked with null + if (key == null) break; + try { + byte[] bytes = (byte[])is.readObject(); + Object obj = decode(bytes); + output(key, obj); + } catch (Exception e) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } + System.out.println(END); + } + + public void output(String key, Object obj) throws Exception + { + if (obj instanceof String) { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } else if (obj instanceof netscape.security.x509.CertificateX509Key) { + netscape.security.x509.CertificateX509Key o = + (netscape.security.x509.CertificateX509Key)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateSubjectName) { + netscape.security.x509.CertificateSubjectName o = + (netscape.security.x509.CertificateSubjectName)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateExtensions) { + netscape.security.x509.CertificateExtensions o = + (netscape.security.x509.CertificateExtensions)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertInfo) { + netscape.security.x509.X509CertInfo o = + (netscape.security.x509.X509CertInfo)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl) { + netscape.security.x509.X509CertImpl o = + (netscape.security.x509.X509CertImpl)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateChain) { + netscape.security.x509.CertificateChain o = + (netscape.security.x509.CertificateChain)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.X509CertImpl[]) { + netscape.security.x509.X509CertImpl o[] = + (netscape.security.x509.X509CertImpl[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.X509CertInfo[]) { + netscape.security.x509.X509CertInfo o[] = + (netscape.security.x509.X509CertInfo[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() + "["+o.length + "," + i+"]"+"=" + + encoder.encodeBuffer(bos.toByteArray())); + } + } else if (obj instanceof netscape.security.x509.RevokedCertImpl[]) { + netscape.security.x509.RevokedCertImpl o[] = + (netscape.security.x509.RevokedCertImpl[])obj; + for (int i = 0; i < o.length; i++) { + DerOutputStream bos = + new DerOutputStream(); + o[i].encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(bos.toByteArray())); + } + } else if (obj instanceof java.security.cert.Certificate[]) { + java.security.cert.Certificate o[] = + (java.security.cert.Certificate[])obj; + for (int i = 0; i < o.length; i++) { + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o[i].getClass().getName() +"["+o.length+","+i+"]" + "=" + + encoder.encode(o[i].getEncoded())); + } + } else if (obj instanceof com.netscape.cmscore.base.ArgBlock) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock o = + (com.netscape.cmscore.base.ArgBlock)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + "=" +(String)o.get(k)); + } + } else if (obj instanceof com.netscape.cmscore.dbs.KeyRecord) { + // CMS 6.0: moved "com.netscape.certsrv.dbs.keydb.KeyRecord" + // to "com.netscape.cmscore.dbs.KeyRecord" + com.netscape.cmscore.dbs.KeyRecord o = + (com.netscape.cmscore.dbs.KeyRecord)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob != null) { + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + encoder.encode((byte[])ob)); + + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } + } else if (obj instanceof com.netscape.certsrv.kra.ProofOfArchival) { + // CS 7.2: moved com.netscape.cmscore.kra.ProofOfArchival + // to com.netscape.certsrv.kra.ProofOfArchival + // CMS 6.0: moved "com.netscape.certsrv.kra.ProofOfArchival" + // to "com.netscape.cmscore.kra.ProofOfArchival" + com.netscape.certsrv.kra.ProofOfArchival o = + (com.netscape.certsrv.kra.ProofOfArchival)obj; + DerOutputStream bos = + new DerOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + encoder.encode(bos.toByteArray())); + } else if (obj instanceof com.netscape.certsrv.request.AgentApprovals) { + com.netscape.certsrv.request.AgentApprovals o = + (com.netscape.certsrv.request.AgentApprovals)obj; + Enumeration e = o.elements(); + while (e.hasMoreElements()) { + com.netscape.certsrv.request.AgentApproval approval = (com.netscape.certsrv.request.AgentApproval)e.nextElement(); + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + approval.getUserName() + ";" + approval.getDate().getTime()); + } + } else if (obj instanceof com.netscape.certsrv.authentication.AuthToken) { + com.netscape.certsrv.authentication.AuthToken o = + (com.netscape.certsrv.authentication.AuthToken)obj; + Enumeration e = o.getElements(); + while (e.hasMoreElements()) { + String k = (String)e.nextElement(); + Object ob = o.get(k); + if (ob instanceof java.util.Date) { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ((java.util.Date)ob).getTime()); + } else if (ob instanceof String[]) { + String str[] = (String[])ob; + String v = ""; + if (str != null) { + for (int i = 0; i < str.length; i++) { + if (i != 0) { + v += ","; + } + v += str[i]; + } + } + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + "java.lang.String" + "=" + v); + } else { + System.out.println(" " + + key + ":" + o.getClass().getName() + "=" + + k + ":" + ob.getClass().getName() + "=" + ob); + } + } + } else if (obj instanceof byte[]) { + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + ":byte[]="+ + encoder.encode((byte[])obj)); + } else if (obj instanceof Integer[]) { + Integer in[] = (Integer[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":Integer[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof BigInteger[]) { + BigInteger in[] = (BigInteger[])obj; + for (int i = 0; i < in.length; i++) { + System.out.println(" " + key + ":java.math.BigInteger[" + in.length + "," + i + "]="+ in[i]); + } + } else if (obj instanceof netscape.security.x509.CertificateAlgorithmId) { + netscape.security.x509.CertificateAlgorithmId o = + (netscape.security.x509.CertificateAlgorithmId)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateAlgorithmId="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof netscape.security.x509.CertificateValidity) { + netscape.security.x509.CertificateValidity o = + (netscape.security.x509.CertificateValidity)obj; + ByteArrayOutputStream bos = + new ByteArrayOutputStream(); + o.encode(bos); + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":netscape.security.x509.CertificateValidity="+ + encoder.encode(bos.toByteArray())); + } else if (obj instanceof byte[]) { + // Since 6.1's profile framework, + // req_archive_options is a byte array + BASE64Encoder encoder = new BASE64Encoder(); + System.out.println(" " + key + + ":byte[]="+ + encoder.encode((byte[])obj)); + } else { + System.out.println(" " + + key + ":" + obj.getClass().getName() + "=" + + obj); + } + } +} + diff --git a/pki/base/migrate/73ToTxt/src/compile.bat b/pki/base/migrate/73ToTxt/src/compile.bat new file mode 100755 index 000000000..f5b720e54 --- /dev/null +++ b/pki/base/migrate/73ToTxt/src/compile.bat @@ -0,0 +1,150 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "73ToTxt/classes/Main.class" and +REM "73ToTxt/classes/CMS73LdifParser.class" which are +REM used to create a normalized CS 7.3 ldif text file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CS <server_root> used to compile 73ToTxt +REM + +REM SET SERVER_ROOT=C:\cs73 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CS +REM +REM CS 7.3 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CS_7.3 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.3" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO normalized %CS% ldif text classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile 73ToTxt - create "CMS73LdifParser.class" and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/73ToTxt/src/compile.sh b/pki/base/migrate/73ToTxt/src/compile.sh new file mode 100755 index 000000000..0c8975c4a --- /dev/null +++ b/pki/base/migrate/73ToTxt/src/compile.sh @@ -0,0 +1,138 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "73ToTxt/classes/Main.class" and ### +### "73ToTxt/classes/CMS73LdifParser.class" which are ### +### used to create a normalized CS 7.3 ldif text file. ### +### ### +##################################################################### + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +JDK_PLATFORM=Linux +export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CS +### +### CS 7.3 NOTE: "Linux" - 1.5.0 (IBM) +### "SunOS" - 1.5.0 +### + +JDK_VERSION=PKI_7.3.0 +export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +export JAVA_HOME + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.3" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " normalized ${CS} ldif text classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile 73ToTxt - create "CMS73LdifParser.class" and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/rhpki/ca/ca.jar:/usr/lib/java/rhpki/tks/tks.jar:/usr/lib/java/rhpki/ocsp/ocsp.jar:/usr/lib/java/rhpki/kra/kra.jar:/usr/lib/java/dirsec/jss4.jar Main.java + diff --git a/pki/base/migrate/LICENSE b/pki/base/migrate/LICENSE new file mode 100644 index 000000000..e36f2269a --- /dev/null +++ b/pki/base/migrate/LICENSE @@ -0,0 +1,311 @@ +This Program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published +by the Free Software Foundation; version 2 of the License. + +This Program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License +for more details. + +You should have received a copy of the GNU General Public License +along with this Program; if not, write to the Free Software +Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + +In addition, as a special exception, Red Hat, Inc. gives You the additional +right to link the code of this Program with code not covered under the GNU +General Public License ("Non-GPL Code") and to distribute linked combinations +including the two, subject to the limitations in this paragraph. Non-GPL +Code permitted under this exception must only link to the code of this +Program through those well defined interfaces identified in the file named +EXCEPTION found in the source code files (the "Approved Interfaces"). + +The files of Non-GPL Code may instantiate templates or use macros or inline +functions from the Approved Interfaces without causing the resulting work to +be covered by the GNU General Public License. Only Red Hat, Inc. may make +changes or additions to the list of Approved Interfaces. You must obey the +GNU General Public License in all respects for all of the Program code and +other code used in conjunction with the Program except the Non-GPL Code +covered by this exception. If you modify this file, you may extend this +exception to your version of the file, but you are not obligated to do so. +If you do not wish to provide this exception without modification, you must +delete this exception statement from your version and license this file +solely under the GPL without exception. + + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. diff --git a/pki/base/migrate/TxtTo60/classes/CMS60LdifParser.class b/pki/base/migrate/TxtTo60/classes/CMS60LdifParser.class Binary files differnew file mode 100644 index 000000000..4c46bf63f --- /dev/null +++ b/pki/base/migrate/TxtTo60/classes/CMS60LdifParser.class diff --git a/pki/base/migrate/TxtTo60/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo60/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..5f668cb93 --- /dev/null +++ b/pki/base/migrate/TxtTo60/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo60/classes/Main.class b/pki/base/migrate/TxtTo60/classes/Main.class Binary files differnew file mode 100644 index 000000000..ab71fe2ed --- /dev/null +++ b/pki/base/migrate/TxtTo60/classes/Main.class diff --git a/pki/base/migrate/TxtTo60/run.bat b/pki/base/migrate/TxtTo60/run.bat new file mode 100755 index 000000000..bd7d582ed --- /dev/null +++ b/pki/base/migrate/TxtTo60/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CMS Version> ldif +REM text file (e. g. - created via a <Source CMS Version>ToTxt +REM script) into a CMS 6.0/6.01 ldif data file. +REM +REM This CMS 6.0/6.01 ldif data file can then be imported into the +REM internal database of the desired CMS 6.0/6.01 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms601 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\hotspot;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo60/run.sh b/pki/base/migrate/TxtTo60/run.sh new file mode 100755 index 000000000..0bbe99cdd --- /dev/null +++ b/pki/base/migrate/TxtTo60/run.sh @@ -0,0 +1,193 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CMS Version> ldif ### +### text file (e. g. - created via a <Source CMS Version>ToTxt ### +### script) into a CMS 6.0/6.01 ldif data file. ### +### ### +### This CMS 6.0/6.01 ldif data file can then be imported into ### +### the internal database of the desired CMS 6.0/6.01 server ### +### using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms601 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/TxtTo60/src/Main.java b/pki/base/migrate/TxtTo60/src/Main.java new file mode 100644 index 000000000..c20fffe9d --- /dev/null +++ b/pki/base/migrate/TxtTo60/src/Main.java @@ -0,0 +1,557 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo60/src/Main.java" represents the initial CMS "TxtTo" migration file. +// +// Always comment any new code sections with a "CMS 6.0" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS60LdifParser parser = null; + if (args.length == 1) { + parser = new CMS60LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS60LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS60LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS60LdifParser(String filename) + { + mFilename = filename; + } + + public CMS60LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock")) { + com.netscape.certsrv.base.ArgBlock obj = + (com.netscape.certsrv.base.ArgBlock)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions( + new DerInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.cmscore.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.cmscore.kra.ProofOfArchival obj = + new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo60/src/compile.bat b/pki/base/migrate/TxtTo60/src/compile.bat new file mode 100755 index 000000000..bc21bb20e --- /dev/null +++ b/pki/base/migrate/TxtTo60/src/compile.bat @@ -0,0 +1,154 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo60/classes/Main.class", +REM "TxtTo60/classes/CMS60LdifParser.class", and +REM "TxtTo60/classes/DummyAuthManager.class" which are +REM used to create a CMS 6.0/6.01 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo60 +REM + +REM SET SERVER_ROOT=C:\cms601 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.0 NOTE: "WINNT" - 1.3.1_02 +REM +REM CMS 6.01 NOTE: "WINNT" - 1.3.1_02 +REM + +REM SET JDK_VERSION=CMS_6.01 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CMS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo60 - create "CMS60LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo60/src/compile.sh b/pki/base/migrate/TxtTo60/src/compile.sh new file mode 100755 index 000000000..a15b6a670 --- /dev/null +++ b/pki/base/migrate/TxtTo60/src/compile.sh @@ -0,0 +1,166 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo60/classes/Main.class", ### +### "TxtTo60/classes/CMS60LdifParser.class", and ### +### "TxtTo60/classes/DummyAuthManager.class" which are ### +### used to create a CMS 6.0/6.01 ldif data file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo60 +### + +#SERVER_ROOT=/export/home/migrate/cms601 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.0 NOTE: "HP-UX" - 1.3.1.02 +### "Linux" - 1.3.1_02 +### "SunOS" - 1.3.1_02 +### +### CMS 6.01 NOTE: "HP-UX" - 1.3.1.02 +### "Linux" - 1.4.0 +### "SunOS" - 1.3.1_02 +### + +#JDK_VERSION=CMS_6.01 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CMS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo60 - create "CMS60LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/TxtTo61/classes/CMS61LdifParser.class b/pki/base/migrate/TxtTo61/classes/CMS61LdifParser.class Binary files differnew file mode 100644 index 000000000..70ef9f715 --- /dev/null +++ b/pki/base/migrate/TxtTo61/classes/CMS61LdifParser.class diff --git a/pki/base/migrate/TxtTo61/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo61/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..bcd8be3bb --- /dev/null +++ b/pki/base/migrate/TxtTo61/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo61/classes/Main.class b/pki/base/migrate/TxtTo61/classes/Main.class Binary files differnew file mode 100644 index 000000000..69495b02f --- /dev/null +++ b/pki/base/migrate/TxtTo61/classes/Main.class diff --git a/pki/base/migrate/TxtTo61/run.bat b/pki/base/migrate/TxtTo61/run.bat new file mode 100755 index 000000000..a63296608 --- /dev/null +++ b/pki/base/migrate/TxtTo61/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CMS Version> ldif +REM text file (e. g. - created via a <Source CMS Version>ToTxt +REM script) into a CMS 6.1 ldif data file. +REM +REM This CMS 6.1 ldif data file can then be imported into the +REM internal database of the desired CMS 6.1 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms61 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo61/run.sh b/pki/base/migrate/TxtTo61/run.sh new file mode 100755 index 000000000..d219e921e --- /dev/null +++ b/pki/base/migrate/TxtTo61/run.sh @@ -0,0 +1,193 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CMS Version> ldif ### +### text file (e. g. - created via a <Source CMS Version>ToTxt ### +### script) into a CMS 6.1 ldif data file. ### +### ### +### This CMS 6.1 ldif data file can then be imported into the ### +### internal database of the desired CMS 6.1 server using a ### +### utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms61 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.1" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/TxtTo61/src/Main.java b/pki/base/migrate/TxtTo61/src/Main.java new file mode 100644 index 000000000..4cc928928 --- /dev/null +++ b/pki/base/migrate/TxtTo61/src/Main.java @@ -0,0 +1,573 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo61/src/Main.java" is based upon a copy "TxtTo60/src/Main.java". +// +// Always comment any new code sections with a "CMS 6.1" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// +// This file should always be maintained by executing the following command: +// +// diff TxtTo60/src/Main.java TxtTo61/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS61LdifParser parser = null; + if (args.length == 1) { + parser = new CMS61LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS61LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS61LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS61LdifParser(String filename) + { + mFilename = filename; + } + + public CMS61LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("byte[]")) { + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock") || type.startsWith("com.netscape.cmscore.base.ArgBlock")) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock obj = + (com.netscape.cmscore.base.ArgBlock)table.get(name); + if (obj == null) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + obj = new com.netscape.cmscore.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo[")) { + // CMS 6.1: "netscape.security.x509.X509CertInfo" + // now always utilizes arrays such as + // "netscape.security.x509.X509CertInfo[" + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions( + new DerInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.cmscore.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.cmscore.kra.ProofOfArchival obj = + new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo61/src/compile.bat b/pki/base/migrate/TxtTo61/src/compile.bat new file mode 100755 index 000000000..8b2a3bff9 --- /dev/null +++ b/pki/base/migrate/TxtTo61/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo61/classes/Main.class", +REM "TxtTo61/classes/CMS61LdifParser.class", and +REM "TxtTo61/classes/DummyAuthManager.class" which are +REM used to create a CMS 6.1 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo61 +REM + +REM SET SERVER_ROOT=C:\cms61 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.1 NOTE: "WINNT" - 1.4.0 +REM + +REM SET JDK_VERSION=CMS_6.1 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CMS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo61 - create "CMS61LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo61/src/compile.sh b/pki/base/migrate/TxtTo61/src/compile.sh new file mode 100755 index 000000000..3ec4885c9 --- /dev/null +++ b/pki/base/migrate/TxtTo61/src/compile.sh @@ -0,0 +1,162 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo61/classes/Main.class", ### +### "TxtTo61/classes/CMS61LdifParser.class", and ### +### "TxtTo61/classes/DummyAuthManager.class" which are ### +### used to create a CMS 6.1 ldif data file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo61 +### + +#SERVER_ROOT=/export/home/migrate/cms61 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.1 NOTE: "HP-UX" - 1.3.1.02 +### "Linux" - 1.3.1_02 +### "SunOS" - 1.3.1_02 +### + +#JDK_VERSION=CMS_6.1 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.1" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CMS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo61 - create "CMS61LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/TxtTo62/classes/CMS62LdifParser.class b/pki/base/migrate/TxtTo62/classes/CMS62LdifParser.class Binary files differnew file mode 100644 index 000000000..114f08b7b --- /dev/null +++ b/pki/base/migrate/TxtTo62/classes/CMS62LdifParser.class diff --git a/pki/base/migrate/TxtTo62/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo62/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..825b0c3e4 --- /dev/null +++ b/pki/base/migrate/TxtTo62/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo62/classes/Main.class b/pki/base/migrate/TxtTo62/classes/Main.class Binary files differnew file mode 100644 index 000000000..0e5383832 --- /dev/null +++ b/pki/base/migrate/TxtTo62/classes/Main.class diff --git a/pki/base/migrate/TxtTo62/run.bat b/pki/base/migrate/TxtTo62/run.bat new file mode 100755 index 000000000..1e342ed24 --- /dev/null +++ b/pki/base/migrate/TxtTo62/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CMS Version> ldif +REM text file (e. g. - created via a <Source CMS Version>ToTxt +REM script) into a CMS 6.2 ldif data file. +REM +REM This CMS 6.2 ldif data file can then be imported into the +REM internal database of the desired CMS 6.2 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms62 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo62/run.sh b/pki/base/migrate/TxtTo62/run.sh new file mode 100755 index 000000000..f1be8974d --- /dev/null +++ b/pki/base/migrate/TxtTo62/run.sh @@ -0,0 +1,193 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CMS Version> ldif ### +### text file (e. g. - created via a <Source CMS Version>ToTxt ### +### script) into a CMS 6.2 ldif data file. ### +### ### +### This CMS 6.2 ldif data file can then be imported into the ### +### internal database of the desired CMS 6.2 server using a ### +### utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms62 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.2" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/TxtTo62/src/Main.java b/pki/base/migrate/TxtTo62/src/Main.java new file mode 100644 index 000000000..406448dd7 --- /dev/null +++ b/pki/base/migrate/TxtTo62/src/Main.java @@ -0,0 +1,583 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo62/src/Main.java" is based upon a copy "TxtTo61/src/Main.java". +// +// Always comment any new code sections with a "CMS 6.2" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// +// This file should always be maintained by executing the following command: +// +// diff TxtTo61/src/Main.java TxtTo62/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS62LdifParser parser = null; + if (args.length == 1) { + parser = new CMS62LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS62LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS62LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS62LdifParser(String filename) + { + mFilename = filename; + } + + public CMS62LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("byte[]")) { + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Locale")) { + // CMS 6.2: begin checking for new type + // "java.util.Locale" + table.put(name, Locale.getDefault()); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock") || type.startsWith("com.netscape.cmscore.base.ArgBlock")) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock obj = + (com.netscape.cmscore.base.ArgBlock)table.get(name); + if (obj == null) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + obj = new com.netscape.cmscore.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo[") || type.startsWith("netscape.security.extensions.CertInfo[")) { + // CMS 6.2: begin checking for additional new type + // "netscape.security.extensions.CertInfo[" + // + // CMS 6.1: "netscape.security.x509.X509CertInfo" + // now always utilizes arrays such as + // "netscape.security.x509.X509CertInfo[" + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions(); + obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateExtensions" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateSubjectName" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.cmscore.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.cmscore.kra.ProofOfArchival obj = + new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo62/src/compile.bat b/pki/base/migrate/TxtTo62/src/compile.bat new file mode 100755 index 000000000..063b8969f --- /dev/null +++ b/pki/base/migrate/TxtTo62/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo62/classes/Main.class", +REM "TxtTo62/classes/CMS62LdifParser.class", and +REM "TxtTo62/classes/DummyAuthManager.class" which are +REM used to create a CMS 6.2 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo62 +REM + +REM SET SERVER_ROOT=C:\cms62 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 6.2 NOTE: "WINNT" - 1.4.0 +REM + +REM SET JDK_VERSION=CMS_6.2 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 6.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CMS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo62 - create "CMS62LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo62/src/compile.sh b/pki/base/migrate/TxtTo62/src/compile.sh new file mode 100755 index 000000000..4ab44f966 --- /dev/null +++ b/pki/base/migrate/TxtTo62/src/compile.sh @@ -0,0 +1,162 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo62/classes/Main.class", ### +### "TxtTo62/classes/CMS62LdifParser.class", and ### +### "TxtTo62/classes/DummyAuthManager.class" which are ### +### used to create a CMS 6.2 ldif data file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo62 +### + +#SERVER_ROOT=/export/home/migrate/cms62 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 6.2 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.0 +### "SunOS" - 1.4.0 +### + +#JDK_VERSION=CMS_6.2 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 6.2" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CMS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo62 - create "CMS62LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/TxtTo70/classes/CMS70LdifParser.class b/pki/base/migrate/TxtTo70/classes/CMS70LdifParser.class Binary files differnew file mode 100644 index 000000000..f903b58e7 --- /dev/null +++ b/pki/base/migrate/TxtTo70/classes/CMS70LdifParser.class diff --git a/pki/base/migrate/TxtTo70/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo70/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..825b0c3e4 --- /dev/null +++ b/pki/base/migrate/TxtTo70/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo70/classes/Main.class b/pki/base/migrate/TxtTo70/classes/Main.class Binary files differnew file mode 100644 index 000000000..f5e2c248e --- /dev/null +++ b/pki/base/migrate/TxtTo70/classes/Main.class diff --git a/pki/base/migrate/TxtTo70/run.bat b/pki/base/migrate/TxtTo70/run.bat new file mode 100755 index 000000000..7c99f67aa --- /dev/null +++ b/pki/base/migrate/TxtTo70/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CMS Version> ldif +REM text file (e. g. - created via a <Source CMS Version>ToTxt +REM script) into a CMS 7.0/7.01 ldif data file. +REM +REM This CMS 7.0/7.01 ldif data file can then be imported into the +REM internal database of the desired CMS 7.0/7.01 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cms701 + + +REM +REM INSTANCE - if the CMS instance directory is called 'cert-ca', +REM set the CMS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CMS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 7.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CMS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CMS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CMS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CMS% ldif data file +REM into a normalized %CMS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo70/run.sh b/pki/base/migrate/TxtTo70/run.sh new file mode 100755 index 000000000..ac007d2dd --- /dev/null +++ b/pki/base/migrate/TxtTo70/run.sh @@ -0,0 +1,193 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CMS Version> ldif ### +### text file (e. g. - created via a <Source CMS Version>ToTxt ### +### script) into a CMS 7.0/7.01 ldif data file. ### +### ### +### This CMS 7.0/7.01 ldif data file can then be imported into ### +### the internal database of the desired CMS 7.0/7.01 server ### +### using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cms701 +#export SERVER_ROOT + + +### +### INSTANCE - if the CMS instance directory is called 'cert-ca', +### set the CMS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CMS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 7.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CMS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CMS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CMS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CMS} ldif data file +### into a normalized ${CMS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/TxtTo70/src/Main.java b/pki/base/migrate/TxtTo70/src/Main.java new file mode 100644 index 000000000..c51f32c8f --- /dev/null +++ b/pki/base/migrate/TxtTo70/src/Main.java @@ -0,0 +1,583 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo70/src/Main.java" is based upon a copy "TxtTo62/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.0" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// +// This file should always be maintained by executing the following command: +// +// diff TxtTo62/src/Main.java TxtTo70/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS70LdifParser parser = null; + if (args.length == 1) { + parser = new CMS70LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS70LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS70LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS70LdifParser(String filename) + { + mFilename = filename; + } + + public CMS70LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("byte[]")) { + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Locale")) { + // CMS 6.2: begin checking for new type + // "java.util.Locale" + table.put(name, Locale.getDefault()); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock") || type.startsWith("com.netscape.cmscore.base.ArgBlock")) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock obj = + (com.netscape.cmscore.base.ArgBlock)table.get(name); + if (obj == null) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + obj = new com.netscape.cmscore.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo[") || type.startsWith("netscape.security.extensions.CertInfo[")) { + // CMS 6.2: begin checking for additional new type + // "netscape.security.extensions.CertInfo[" + // + // CMS 6.1: "netscape.security.x509.X509CertInfo" + // now always utilizes arrays such as + // "netscape.security.x509.X509CertInfo[" + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions(); + obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateExtensions" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateSubjectName" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.cmscore.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.cmscore.kra.ProofOfArchival obj = + new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo70/src/compile.bat b/pki/base/migrate/TxtTo70/src/compile.bat new file mode 100755 index 000000000..f4d496a42 --- /dev/null +++ b/pki/base/migrate/TxtTo70/src/compile.bat @@ -0,0 +1,154 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo70/classes/Main.class", +REM "TxtTo70/classes/CMS70LdifParser.class", and +REM "TxtTo70/classes/DummyAuthManager.class" which are +REM used to create a CMS 7.0/7.01 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo70 +REM + +REM SET SERVER_ROOT=C:\cms701 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CMS +REM +REM CMS 7.0 NOTE: "WINNT" - 1.4.2 +REM +REM CMS 7.01 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CMS_7.01 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CMS="CMS 7.0" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CMS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo70 - create "CMS70LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo70/src/compile.sh b/pki/base/migrate/TxtTo70/src/compile.sh new file mode 100755 index 000000000..819cbda99 --- /dev/null +++ b/pki/base/migrate/TxtTo70/src/compile.sh @@ -0,0 +1,166 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo70/classes/Main.class", ### +### "TxtTo70/classes/CMS70LdifParser.class", and ### +### "TxtTo70/classes/DummyAuthManager.class" which are ### +### used to create a CMS 7.0/7.01 ldif data file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CMS <server_root> used to compile TxtTo70 +### + +#SERVER_ROOT=/export/home/migrate/cms701 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CMS +### +### CMS 7.0 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### +### CMS 7.01 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### + +#JDK_VERSION=CMS_7.01 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CMS="CMS 7.0" +export CMS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CMS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo70 - create "CMS70LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/TxtTo71/classes/CMS71LdifParser.class b/pki/base/migrate/TxtTo71/classes/CMS71LdifParser.class Binary files differnew file mode 100644 index 000000000..a05d09a04 --- /dev/null +++ b/pki/base/migrate/TxtTo71/classes/CMS71LdifParser.class diff --git a/pki/base/migrate/TxtTo71/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo71/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..6b5f84aeb --- /dev/null +++ b/pki/base/migrate/TxtTo71/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo71/classes/Main.class b/pki/base/migrate/TxtTo71/classes/Main.class Binary files differnew file mode 100644 index 000000000..d2472ff79 --- /dev/null +++ b/pki/base/migrate/TxtTo71/classes/Main.class diff --git a/pki/base/migrate/TxtTo71/run.bat b/pki/base/migrate/TxtTo71/run.bat new file mode 100755 index 000000000..1682bacbc --- /dev/null +++ b/pki/base/migrate/TxtTo71/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CS Version> ldif +REM text file (e. g. - created via a <Source CS Version>ToTxt +REM script) into a CS 7.1 ldif data file. +REM +REM This CS 7.1 ldif data file can then be imported into the +REM internal database of the desired CS 7.1 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cs71 + + +REM +REM INSTANCE - if the CS instance directory is called 'cert-ca', +REM set the CS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CS% ldif data file +REM into a normalized %CS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo71/run.sh b/pki/base/migrate/TxtTo71/run.sh new file mode 100755 index 000000000..46e3c3488 --- /dev/null +++ b/pki/base/migrate/TxtTo71/run.sh @@ -0,0 +1,193 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CS Version> ldif ### +### text file (e. g. - created via a <Source CS Version>ToTxt ### +### script) into a CS 7.1 ldif data file. ### +### ### +### This CS 7.1 ldif data file can then be imported into ### +### the internal database of the desired CS 7.1 server ### +### using a utility such as ldif2db. ### +### ### +##################################################################### + + +### +### SERVER_ROOT - fully qualified path of the location of the server +### + +#SERVER_ROOT=/export/home/migrate/cs71 +#export SERVER_ROOT + + +### +### INSTANCE - if the CS instance directory is called 'cert-ca', +### set the CS instance to 'ca' +### +### NOTE: When a single SERVER_ROOT contains more than +### one CS instance, this script must be run multiple +### times. To do this, there is only a need to change +### the INSTANCE parameter. +### + +#INSTANCE=ca +#export INSTANCE + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.1" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${INSTANCE}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and INSTANCE " + echo " environment variables for this script!" + echo + exit 5 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 6 +fi + + +### +### Check that the specified INSTANCE exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}/cert-${INSTANCE}" ] ; then + echo "ERROR: Either the specified INSTANCE does not exist, " + echo " or it is not a directory!" + echo + exit 7 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${SERVER_ROOT}/bin/cert/jre/lib:${SERVER_ROOT}/bin/cert/jre/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Convert the specified ${CS} ldif data file +### into a normalized ${CS} ldif text file. +### + +${SERVER_ROOT}/bin/cert/jre/bin/java -classpath ./classes:${SERVER_ROOT}/cert-${INSTANCE}/classes:${SERVER_ROOT}/bin/cert/classes:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar:${SERVER_ROOT}/bin/cert/jre/lib/rt.jar Main $1 $2 + diff --git a/pki/base/migrate/TxtTo71/src/Main.java b/pki/base/migrate/TxtTo71/src/Main.java new file mode 100644 index 000000000..edaf2b531 --- /dev/null +++ b/pki/base/migrate/TxtTo71/src/Main.java @@ -0,0 +1,592 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo71/src/Main.java" is based upon a copy "TxtTo70/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.1" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// +// This file should always be maintained by executing the following command: +// +// diff TxtTo70/src/Main.java TxtTo71/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS71LdifParser parser = null; + if (args.length == 1) { + parser = new CMS71LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS71LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS71LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS71LdifParser(String filename) + { + mFilename = filename; + } + + public CMS71LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("byte[]")) { + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Locale")) { + // CMS 6.2: begin checking for new type + // "java.util.Locale" + table.put(name, Locale.getDefault()); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock") || type.startsWith("com.netscape.cmscore.base.ArgBlock")) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock obj = + (com.netscape.cmscore.base.ArgBlock)table.get(name); + if (obj == null) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + obj = new com.netscape.cmscore.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo[") || type.startsWith("netscape.security.extensions.CertInfo[")) { + // CMS 6.2: begin checking for additional new type + // "netscape.security.extensions.CertInfo[" + // + // CMS 6.1: "netscape.security.x509.X509CertInfo" + // now always utilizes arrays such as + // "netscape.security.x509.X509CertInfo[" + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions(); + obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateExtensions" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateSubjectName" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.cmscore.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("java.math.BigInteger[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name); + if (objs == null) { + objs = new java.math.BigInteger[size]; + table.put(name, objs); + } + objs[index] = new java.math.BigInteger(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.cmscore.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.cmscore.kra.ProofOfArchival obj = + new com.netscape.cmscore.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo71/src/compile.bat b/pki/base/migrate/TxtTo71/src/compile.bat new file mode 100755 index 000000000..d0a1be0b2 --- /dev/null +++ b/pki/base/migrate/TxtTo71/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo71/classes/Main.class", +REM "TxtTo71/classes/CMS71LdifParser.class", and +REM "TxtTo71/classes/DummyAuthManager.class" which are +REM used to create a CS 7.1 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo71 +REM + +REM SET SERVER_ROOT=C:\cs71 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CS +REM +REM CS 7.1 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CS_7.1 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo71 - create "CMS71LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo71/src/compile.sh b/pki/base/migrate/TxtTo71/src/compile.sh new file mode 100755 index 000000000..0fcdef734 --- /dev/null +++ b/pki/base/migrate/TxtTo71/src/compile.sh @@ -0,0 +1,162 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo71/classes/Main.class", ### +### "TxtTo71/classes/CMS71LdifParser.class", and ### +### "TxtTo71/classes/DummyAuthManager.class" which are ### +### used to create a CS 7.1 ldif data file. ### +### ### +##################################################################### + + +### +### Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo71 +### + +#SERVER_ROOT=/export/home/migrate/cs71 +#export SERVER_ROOT + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=SunOS +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CS +### +### CS 7.1 NOTE: "HP-UX" - 1.4.0.00 +### "Linux" - 1.4.2 +### "SunOS" - 1.4.2 +### + +#JDK_VERSION=CS_7.1 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.1" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${SERVER_ROOT}" -o -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified SERVER_ROOT exists and is a directory +### + +if [ ! -d "${SERVER_ROOT}" ] ; then + echo "ERROR: Either the specified SERVER_ROOT does not exist, " + echo " or it is not a directory!" + echo + exit 3 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=${SERVER_ROOT}/bin/cert/lib:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo70 - create "CMS71LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:${SERVER_ROOT}/bin/cert/jars/nsutil.jar:${SERVER_ROOT}/bin/cert/jars/certsrv.jar:${SERVER_ROOT}/bin/cert/jars/cmscore.jar:${SERVER_ROOT}/bin/cert/jars/jss3.jar Main.java + diff --git a/pki/base/migrate/TxtTo72/classes/CMS72LdifParser.class b/pki/base/migrate/TxtTo72/classes/CMS72LdifParser.class Binary files differnew file mode 100644 index 000000000..51dd432cf --- /dev/null +++ b/pki/base/migrate/TxtTo72/classes/CMS72LdifParser.class diff --git a/pki/base/migrate/TxtTo72/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo72/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..7fa7e3aa7 --- /dev/null +++ b/pki/base/migrate/TxtTo72/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo72/classes/Main.class b/pki/base/migrate/TxtTo72/classes/Main.class Binary files differnew file mode 100644 index 000000000..a059f8a6e --- /dev/null +++ b/pki/base/migrate/TxtTo72/classes/Main.class diff --git a/pki/base/migrate/TxtTo72/run.bat b/pki/base/migrate/TxtTo72/run.bat new file mode 100755 index 000000000..1682bacbc --- /dev/null +++ b/pki/base/migrate/TxtTo72/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CS Version> ldif +REM text file (e. g. - created via a <Source CS Version>ToTxt +REM script) into a CS 7.1 ldif data file. +REM +REM This CS 7.1 ldif data file can then be imported into the +REM internal database of the desired CS 7.1 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cs71 + + +REM +REM INSTANCE - if the CS instance directory is called 'cert-ca', +REM set the CS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.1" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CS% ldif data file +REM into a normalized %CS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo72/run.sh b/pki/base/migrate/TxtTo72/run.sh new file mode 100755 index 000000000..ad64dbcdd --- /dev/null +++ b/pki/base/migrate/TxtTo72/run.sh @@ -0,0 +1,149 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CS Version> ldif ### +### text file (e. g. - created via a <Source CS Version>ToTxt ### +### script) into a CS 7.2 ldif data file. ### +### ### +### This CS 7.2 ldif data file can then be imported into ### +### the internal database of the desired CS 7.2 server ### +### using a utility such as ldif2db. ### +### ### +##################################################################### + +### +### Java Runtime Environment +### +JRE_ROOT=/usr/lib/jvm/jre-1.5.0 +export JRE_ROOT + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.2" +export CS + +OS_NAME=`uname` +export OS_NAME + +ARCH=`uname -i` +export ARCH + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar +export CLASSPATH + +if [ ${OS_NAME} = "Linux" ] ; then + if [ ${ARCH} = "i386" ] ; then + LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + else # x86_64 + LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH + fi +else # SunOS 64-bits + LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH +fi + + +### +### Convert the specified ${CS} ldif data file +### into a normalized ${CS} ldif text file. +### + +${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2 diff --git a/pki/base/migrate/TxtTo72/src/Main.java b/pki/base/migrate/TxtTo72/src/Main.java new file mode 100644 index 000000000..197e487e4 --- /dev/null +++ b/pki/base/migrate/TxtTo72/src/Main.java @@ -0,0 +1,596 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo71/src/Main.java" is based upon a copy "TxtTo70/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.1" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// +// This file should always be maintained by executing the following command: +// +// diff TxtTo70/src/Main.java TxtTo71/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS72LdifParser parser = null; + if (args.length == 1) { + parser = new CMS72LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS72LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS72LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS72LdifParser(String filename) + { + mFilename = filename; + } + + public CMS72LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("org.mozilla.jss.asn1.INTEGER")) { + // CMS 7.1 stores bodyPartId as INTEGER + // CS 72. fixed the problem by storing it as String + table.put(name, value); + } else if (type.startsWith("byte[]")) { + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Locale")) { + // CMS 6.2: begin checking for new type + // "java.util.Locale" + table.put(name, Locale.getDefault()); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock") || type.startsWith("com.netscape.cmscore.base.ArgBlock")) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock obj = + (com.netscape.cmscore.base.ArgBlock)table.get(name); + if (obj == null) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + obj = new com.netscape.cmscore.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo[") || type.startsWith("netscape.security.extensions.CertInfo[")) { + // CMS 6.2: begin checking for additional new type + // "netscape.security.extensions.CertInfo[" + // + // CMS 6.1: "netscape.security.x509.X509CertInfo" + // now always utilizes arrays such as + // "netscape.security.x509.X509CertInfo[" + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions(); + obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateExtensions" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateSubjectName" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.certsrv.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("java.math.BigInteger[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name); + if (objs == null) { + objs = new java.math.BigInteger[size]; + table.put(name, objs); + } + objs[index] = new java.math.BigInteger(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.certsrv.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.certsrv.kra.ProofOfArchival obj = + new com.netscape.certsrv.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo72/src/compile.bat b/pki/base/migrate/TxtTo72/src/compile.bat new file mode 100755 index 000000000..2c50e988e --- /dev/null +++ b/pki/base/migrate/TxtTo72/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo72/classes/Main.class", +REM "TxtTo72/classes/CMS72LdifParser.class", and +REM "TxtTo72/classes/DummyAuthManager.class" which are +REM used to create a CS 7.2 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo72 +REM + +REM SET SERVER_ROOT=C:\cs72 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CS +REM +REM CS 7.2 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CS_7.2 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.2" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo72 - create "CMS72LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo72/src/compile.sh b/pki/base/migrate/TxtTo72/src/compile.sh new file mode 100755 index 000000000..d08c7f47e --- /dev/null +++ b/pki/base/migrate/TxtTo72/src/compile.sh @@ -0,0 +1,141 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo72/classes/Main.class", ### +### "TxtTo72/classes/CMS72LdifParser.class", and ### +### "TxtTo72/classes/DummyAuthManager.class" which are ### +### used to create a CS 7.2 ldif data file. ### +### ### +##################################################################### + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +#JDK_PLATFORM=Linux +#export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CS +### +### CS 7.2 NOTE: "Linux" - 1.5.0 (IBM) +### "SunOS" - 1.5.0 +### + +#JDK_VERSION=CS_7.2.0 +#export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +#JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +#export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.2" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo70 - create "CMS72LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/dirsec/jss4.jar Main.java + diff --git a/pki/base/migrate/TxtTo73/classes/CMS73LdifParser.class b/pki/base/migrate/TxtTo73/classes/CMS73LdifParser.class Binary files differnew file mode 100644 index 000000000..ccdae3392 --- /dev/null +++ b/pki/base/migrate/TxtTo73/classes/CMS73LdifParser.class diff --git a/pki/base/migrate/TxtTo73/classes/DummyAuthManager.class b/pki/base/migrate/TxtTo73/classes/DummyAuthManager.class Binary files differnew file mode 100644 index 000000000..7fa7e3aa7 --- /dev/null +++ b/pki/base/migrate/TxtTo73/classes/DummyAuthManager.class diff --git a/pki/base/migrate/TxtTo73/classes/Main.class b/pki/base/migrate/TxtTo73/classes/Main.class Binary files differnew file mode 100644 index 000000000..79304773b --- /dev/null +++ b/pki/base/migrate/TxtTo73/classes/Main.class diff --git a/pki/base/migrate/TxtTo73/run.bat b/pki/base/migrate/TxtTo73/run.bat new file mode 100755 index 000000000..4787506f3 --- /dev/null +++ b/pki/base/migrate/TxtTo73/run.bat @@ -0,0 +1,186 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM This program is free software; you can redistribute it and/or modify +REM it under the terms of the GNU General Public License as published by +REM the Free Software Foundation; version 2 of the License. +REM +REM This program is distributed in the hope that it will be useful, +REM but WITHOUT ANY WARRANTY; without even the implied warranty of +REM MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +REM GNU General Public License for more details. +REM +REM You should have received a copy of the GNU General Public License along +REM with this program; if not, write to the Free Software Foundation, Inc., +REM 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +REM +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script converts a normalized <Source CS Version> ldif +REM text file (e. g. - created via a <Source CS Version>ToTxt +REM script) into a CS 7.3 ldif data file. +REM +REM This CS 7.3 ldif data file can then be imported into the +REM internal database of the desired CS 7.3 server using a +REM utility such as ldif2db. +REM + + +SETLOCAL + + +REM +REM SERVER_ROOT - fully qualified path of the location of the server +REM + +REM SET SERVER_ROOT=C:\cs71 + + +REM +REM INSTANCE - if the CS instance directory is called 'cert-ca', +REM set the CS instance to 'ca' +REM +REM NOTE: When a single SERVER_ROOT contains more than +REM one CS instance, this script must be run multiple +REM times. To do this, there is only a need to change +REM the INSTANCE parameter. +REM + +REM SET INSTANCE=ca + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.3" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO USAGE +IF "%3" == "" GOTO CHECK_INPUT_FILE + + +:USAGE +ECHO. +ECHO Usage: "%0 input [errors] > output" +ECHO. +ECHO where: input - the specified %CS% ldif data file, +ECHO errors - an optional errors file containing +ECHO skipped attributes, and +ECHO output - the normalized %CS% ldif text file. +ECHO. +ECHO NOTE: If no redirection is provided to +ECHO 'output', then the normalized +ECHO %CS% ldif text will merely +ECHO be echoed to stdout. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified "input" file exists +REM + +:CHECK_INPUT_FILE +IF EXIST %1 GOTO CHECK_ERRORS_FILE + + +ECHO ERROR: The specified input file, %1, does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM If an "errors" file is specified, then check that it does not already +REM exist. +REM + +:CHECK_ERRORS_FILE +IF "%2" == "" GOTO CHECK_ENVIRONMENT_VARIABLES +IF EXIST %2 GOTO ERRORS_FILE_ERROR +GOTO CHECK_ENVIRONMENT_VARIABLES + + +:ERRORS_FILE_ERROR +ECHO ERROR: The specified errors file, %2, already exists! +ECHO Please specify a different file! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%INSTANCE%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and INSTANCE +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_INSTANCE + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified INSTANCE exists +REM + +:CHECK_INSTANCE +IF EXIST %SERVER_ROOT%\cert-%INSTANCE% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified INSTANCE does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%SERVER_ROOT%\bin\cert\jre\bin;%SERVER_ROOT\bin\cert\jre\bin\server;%PATH% + + +REM +REM Convert the specified %CS% ldif data file +REM into a normalized %CS% ldif text file. +REM + +%SERVER_ROOT%\bin\cert\jre\bin\java.exe -classpath .\classes;%SERVER_ROOT%\cert-%INSTANCE%\classes;%SERVER_ROOT%\bin\cert\classes;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar;%SERVER_ROOT%\bin\cert\jre\lib\rt.jar Main %1 %2 + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo73/run.sh b/pki/base/migrate/TxtTo73/run.sh new file mode 100755 index 000000000..180851700 --- /dev/null +++ b/pki/base/migrate/TxtTo73/run.sh @@ -0,0 +1,149 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +# +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- + +##################################################################### +### ### +### This script converts a normalized <Source CS Version> ldif ### +### text file (e. g. - created via a <Source CS Version>ToTxt ### +### script) into a CS 7.3 ldif data file. ### +### ### +### This CS 7.3 ldif data file can then be imported into ### +### the internal database of the desired CS 7.3 server ### +### using a utility such as ldif2db. ### +### ### +##################################################################### + +### +### Java Runtime Environment +### +JRE_ROOT=/usr/lib/jvm/jre-1.5.0 +export JRE_ROOT + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.3" +export CS + +OS_NAME=`uname` +export OS_NAME + +ARCH=`uname -i` +export ARCH + + +## +## Perform a usage check for the appropriate number of arguments: +## + +if [ $# -lt 1 -o $# -gt 2 ] ; then + echo + echo "Usage: $0 input [errors] > output" + echo + echo " where: input - the specified ${CS} ldif data file," + echo " errors - an optional errors file containing" + echo " skipped attributes, and" + echo " output - the normalized ${CS} ldif text file." + echo + echo " NOTE: If no redirection is provided to" + echo " 'output', then the normalized" + echo " ${CS} ldif text will merely" + echo " be echoed to stdout." + echo + exit 1 +fi + + +### +### Check that the specified "input" file exists and is a regular file. +### + +if [ ! -f $1 ] ; then + echo "ERROR: Either the specified 'input' file, '$1', does not exist, " + echo " or it is not a regular file!" + echo + exit 2 +fi + + +### +### Check that the specified "input" file exists and is not empty. +### + +if [ ! -s $1 ] ; then + echo "ERROR: The specified 'input' file, '$1', is empty!" + echo + exit 3 +fi + + +### +### If an "errors" file is specified, then check that it does not already +### exist. +### + +if [ $# -eq 2 ] ; then + if [ -f $2 ] ; then + echo "ERROR: The specified 'errors' file, '$2', already exists!" + echo " Please specify a different file!" + echo + exit 4 + fi +fi + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar +export CLASSPATH + +if [ ${OS_NAME} = "Linux" ] ; then + if [ ${ARCH} = "i386" ] ; then + LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + else # x86_64 + LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:${JRE_ROOT}/lib:${JRE_ROOT}/lib/i386/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib64/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH + fi +else # SunOS 64-bits + LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:${JRE_ROOT}/lib:${JRE_ROOT}/lib/sparc/native_threads + export LD_LIBRARY_PATH + CLASSPATH=/usr/share/rhpki/migrate/TxtTo72/classes:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/share/java/rhpki/nsutil.jar:/usr/lib/sparcv9/java/dirsec/jss4.jar:${JRE_ROOT}/lib/rt.jar + export CLASSPATH +fi + + +### +### Convert the specified ${CS} ldif data file +### into a normalized ${CS} ldif text file. +### + +${JRE_ROOT}/bin/java -classpath ${CLASSPATH} Main $1 $2 diff --git a/pki/base/migrate/TxtTo73/src/Main.java b/pki/base/migrate/TxtTo73/src/Main.java new file mode 100644 index 000000000..9b7ae5355 --- /dev/null +++ b/pki/base/migrate/TxtTo73/src/Main.java @@ -0,0 +1,596 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- +// +// "TxtTo71/src/Main.java" is based upon a copy "TxtTo70/src/Main.java". +// +// Always comment any new code sections with a "CMS 7.1" header, and +// apply these changes forward to all other "TxtTo*/src/Main.java" files +// (including this comment header) so that these differences will only +// appear when this file is diffed against an earlier "TxtTo*" version. +// +// This file should always be maintained by executing the following command: +// +// diff TxtTo70/src/Main.java TxtTo71/src/Main.java +// + +import java.math.*; +import java.io.*; +import java.util.*; +import sun.misc.*; +import org.mozilla.jss.*; // CMS 4.5 and later +import org.mozilla.jss.crypto.*; // CMS 4.5 and later +import com.netscape.certsrv.base.*; +import com.netscape.certsrv.authentication.*; +import netscape.security.util.*; +import java.lang.reflect.*; + +public class Main +{ + public static void main(String args[]) + { + try { + // initialize CryptoManager in CMS 4.5 and later + CryptoManager.initialize("."); + // load JSS provider in CMS 4.5 and later + java.security.Security.removeProvider("SUN version 1.2"); + // The following call to "java.security.Security.insertProviderAt()" + // is no longer commented out in CMS 4.5 and later + java.security.Security.insertProviderAt( + new netscape.security.provider.CMS(), 0); + java.security.Provider ps[] = + java.security.Security.getProviders(); + if (ps == null || ps.length <= 0) { + System.err.println("Java Security Provider NONE"); + } else { + for (int x = 0; x < ps.length; x++) { + System.err.println("Java Security Provider " + x + " class=" + ps[x]); + } + } + + // Parse the File + CMS73LdifParser parser = null; + if (args.length == 1) { + parser = new CMS73LdifParser(args[0]); + } else if (args.length == 2) { + parser = new CMS73LdifParser(args[0], args[1]); + } else { + throw new IOException("Invalid Parameters"); + } + parser.parse(); + } catch (Exception e) { + System.err.println("ERROR: " + e.toString()); + e.printStackTrace(); + } + } +} + +class CMS73LdifParser +{ + // constants + private static final String DN = + "dn:"; + // Directory Servers in CMS 4.7 and later use "requestAttributes" + private static final String REQUEST_ATTRIBUTES = + "requestAttributes::"; + private static final String BEGIN = + "--- BEGIN ATTRIBUTES ---"; + private static final String END = + "--- END ATTRIBUTES ---"; + + // variables + private String mFilename = null; + private String mErrorFilename = null; + private PrintWriter mErrorPrintWriter = null; + + public CMS73LdifParser(String filename) + { + mFilename = filename; + } + + public CMS73LdifParser(String filename, String errorFilename) + { + mFilename = filename; + mErrorFilename = errorFilename; + } + + public void parse() throws Exception + { + if (mErrorFilename != null) { + mErrorPrintWriter = new PrintWriter(new FileOutputStream(mErrorFilename)); + } + BufferedReader reader = new BufferedReader( + new FileReader(mFilename)); + String line = null; + String dn = null; + Vector requestAttributes = null; + while ((line = reader.readLine()) != null) { + if (line.startsWith(DN)) { + dn = line; + } + if (line.equals(BEGIN)) { + requestAttributes = new Vector(); + continue; + } + if (requestAttributes == null) { + System.out.println(line); + continue; + } + if (line.equals(END)) { + parseAttributes(dn, requestAttributes); + requestAttributes = null; + continue; + } + if (line.startsWith(" ")) { // begining of attr + requestAttributes.addElement( + line.substring(1, line.length())); + } else { + requestAttributes.setElementAt( + (String) + requestAttributes.lastElement() + + "\n" + + line, + requestAttributes.size() - 1); + } + } + } + + private byte[] encode(Object value) throws Exception + { + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + + os.writeObject(value); + os.close(); + return bos.toByteArray(); + } + + public void parseAttributes(String dn, Vector attrs) throws Exception + { + Hashtable hashtable = new Hashtable(); + for (int i = 0; i < attrs.size(); i++) { + String attr = (String)attrs.elementAt(i); + buildHashtable(dn, hashtable, attr); + } + + ByteArrayOutputStream bos = new ByteArrayOutputStream(); + ObjectOutputStream os = new ObjectOutputStream(bos); + Enumeration e = hashtable.keys(); + while (e.hasMoreElements()) { + String key = (String)e.nextElement(); + Object value = hashtable.get(key); + + try { + byte data[] = null; + data = encode(value); + os.writeObject(key); + os.writeObject(data); + } catch (Exception ex) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + key); + } + } + } // while + os.writeObject(null); + os.close(); + + // print the BASE64 encoding of the Hashtable + BASE64Encoder encoder = new BASE64Encoder(); + String attrsStr = encoder.encodeBuffer(bos.toByteArray()); + // trim the last "\n" + StringBuffer buffer = null; + attrsStr = attrsStr.trim(); + StringTokenizer st = new StringTokenizer(attrsStr, "\r\n"); + while (st.hasMoreTokens()) { + if (buffer == null) { + buffer = new StringBuffer(); + buffer.append(st.nextToken()); + } else { + buffer.append("\r\n " + st.nextToken()); + } + } + + System.out.println(REQUEST_ATTRIBUTES + " " + buffer); + } + + public void buildHashtable(String dn, Hashtable table, String attr) + throws Exception + { + // attribute format [name]:[type]=[value] + + int colon = attr.indexOf(':'); + if (colon == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + int equal = attr.indexOf('='); + if (equal == -1) { + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + String name = attr.substring(0, colon); + String type = attr.substring(colon+1, equal); + String value = attr.substring(equal+1); + + if (name.startsWith("serviceErrors")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (name.startsWith("Error")) { + // #56953 - skip serviceErrors + if (mErrorPrintWriter != null) { + if (dn != null) { + mErrorPrintWriter.println(dn); + } + mErrorPrintWriter.println("Skipped " + attr); + } + return; + } + if (type.startsWith("java.lang.String")) { + table.put(name, value); + } else if (type.startsWith("org.mozilla.jss.asn1.INTEGER")) { + // CMS 7.1 stores bodyPartId as INTEGER + // CS 72. fixed the problem by storing it as String + table.put(name, value); + } else if (type.startsWith("byte[]")) { + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if (type.startsWith("java.lang.Integer")) { + table.put(name, new Integer(value)); + } else if (type.startsWith("java.math.BigInteger")) { + table.put(name, new java.math.BigInteger(value)); + } else if (type.startsWith("java.util.Locale")) { + // CMS 6.2: begin checking for new type + // "java.util.Locale" + table.put(name, Locale.getDefault()); + } else if (type.startsWith("java.util.Vector")) { + Vector obj = + (Vector)table.get(name); + if (obj == null) { + obj = new Vector(); + table.put(name, obj); + } + obj.addElement(value); + } else if (type.startsWith("com.netscape.certsrv.base.ArgBlock") || type.startsWith("com.netscape.cmscore.base.ArgBlock")) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + com.netscape.cmscore.base.ArgBlock obj = + (com.netscape.cmscore.base.ArgBlock)table.get(name); + if (obj == null) { + // CMS 6.1: created new "com.netscape.certsrv.base.IArgBlock" and + // moved old "com.netscape.certsrv.base.ArgBlock" + // to "com.netscape.cmscore.base.ArgBlock" + obj = new com.netscape.cmscore.base.ArgBlock(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + obj.set(valuekey, valuevalue); + } else if (type.startsWith("com.netscape.certsrv.request.AgentApprovals")) { + com.netscape.certsrv.request.AgentApprovals obj = + (com.netscape.certsrv.request.AgentApprovals)table.get(name); + if (obj == null) { + obj = new com.netscape.certsrv.request.AgentApprovals(); + table.put(name, obj); + } + obj.addApproval(value.substring(0,value.indexOf(';'))); + } else if (type.startsWith("com.netscape.certsrv.authentication.AuthToken")) { + com.netscape.certsrv.authentication.AuthToken obj = + (com.netscape.certsrv.authentication.AuthToken)table.get(name); + if (obj == null) { + com.netscape.certsrv.authentication.IAuthManager mgr = + new DummyAuthManager(); + obj = new com.netscape.certsrv.authentication.AuthToken(mgr); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("netscape.security.x509.X509CertInfo[") || type.startsWith("netscape.security.extensions.CertInfo[")) { + // CMS 6.2: begin checking for additional new type + // "netscape.security.extensions.CertInfo[" + // + // CMS 6.1: "netscape.security.x509.X509CertInfo" + // now always utilizes arrays such as + // "netscape.security.x509.X509CertInfo[" + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertInfo objs[] = (netscape.security.x509.X509CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.startsWith("com.netscape.certsrv.cert.CertInfo")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.extensions.CertInfo objs[] = (netscape.security.extensions.CertInfo[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.extensions.CertInfo[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.extensions.CertInfo(); + objs[index].decode(new ByteArrayInputStream(decoder.decodeBuffer(value))); + } else if (type.equals("netscape.security.x509.CertificateX509Key")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateX509Key obj = + new netscape.security.x509.CertificateX509Key( + new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertInfo")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertInfo obj = + new netscape.security.x509.X509CertInfo( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateExtensions")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateExtensions obj = + new netscape.security.x509.CertificateExtensions(); + obj.decodeEx(new ByteArrayInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateExtensions" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateChain")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateChain obj = + new netscape.security.x509.CertificateChain(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.equals("netscape.security.x509.CertificateSubjectName")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateSubjectName obj = + new netscape.security.x509.CertificateSubjectName(new DerInputStream(decoder.decodeBuffer(value))); + // CMS 6.2: revised method of decoding objects of type + // "netscape.security.x509.CertificateSubjectName" + table.put(name, obj); + } else if (type.equals("netscape.security.x509.X509CertImpl")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.X509CertImpl obj = + new netscape.security.x509.X509CertImpl( + decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.X509CertImpl[")) { + // + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.X509CertImpl objs[] = (netscape.security.x509.X509CertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.X509CertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.X509CertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("netscape.security.x509.RevokedCertImpl")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + netscape.security.x509.RevokedCertImpl objs[] = (netscape.security.x509.RevokedCertImpl[])table.get(name); + BASE64Decoder decoder = new BASE64Decoder(); + if (objs == null) { + objs = new netscape.security.x509.RevokedCertImpl[size]; + table.put(name, objs); + } + objs[index] = new netscape.security.x509.RevokedCertImpl(decoder.decodeBuffer(value)); + } else if (type.startsWith("com.netscape.certsrv.dbs.keydb.KeyRecord") || type.startsWith("com.netscape.cmscore.dbs.KeyRecord")) { + com.netscape.cmscore.dbs.KeyRecord obj = + (com.netscape.cmscore.dbs.KeyRecord)table.get(name); + if (obj == null) { + obj = new com.netscape.cmscore.dbs.KeyRecord(); + table.put(name, obj); + } + String valuekey = value.substring(0, value.indexOf(':')); + String valuetype = value.substring(value.indexOf(':')+1, value.indexOf('=')); + String valuevalue = value.substring(value.indexOf('=')+1); + if (valuetype.equals("java.lang.String")) { + obj.set(valuekey, valuevalue); + } else if (valuetype.equals("java.util.Date")) { + obj.set(valuekey, new Date(Long.parseLong(valuevalue))); + } else if (valuetype.equals("java.math.BigInteger")) { + obj.set(valuekey, new java.math.BigInteger(valuevalue)); + } else if (valuetype.equals("java.lang.Integer")) { + obj.set(valuekey, new Integer(valuevalue)); + } else if (valuetype.equals("com.netscape.certsrv.dbs.keydb.KeyState")) { + obj.set(valuekey, com.netscape.certsrv.dbs.keydb.KeyState.toKeyState(valuevalue)); + } else if (valuetype.equals("[B")) { + // byte array + + BASE64Decoder decoder = new BASE64Decoder(); + obj.set(valuekey, decoder.decodeBuffer(valuevalue)); + } else { + System.err.println("ERROR AuthToken type - " + attr); + System.exit(0); + } + } else if (type.startsWith("com.netscape.certsrv.kra.ProofOfArchival") || type.startsWith("com.netscape.cmscore.kra.ProofOfArchival")) { + BASE64Decoder decoder = new BASE64Decoder(); + + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + com.netscape.certsrv.kra.ProofOfArchival obj = + buildPOA(decoder.decodeBuffer(value)); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateAlgorithmId")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateAlgorithmId obj = + new netscape.security.x509.CertificateAlgorithmId(new ByteArrayInputStream(decoder.decodeBuffer(value))); + table.put(name, obj); + } else if (type.startsWith("netscape.security.x509.CertificateValidity")) { + BASE64Decoder decoder = new BASE64Decoder(); + netscape.security.x509.CertificateValidity obj = + new netscape.security.x509.CertificateValidity(); + ByteArrayInputStream bis = new ByteArrayInputStream(decoder.decodeBuffer(value)); + obj.decode(bis); + table.put(name, obj); + } else if (type.startsWith("Integer[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + Integer objs[] = (Integer[])table.get(name); + if (objs == null) { + objs = new Integer[size]; + table.put(name, objs); + } + objs[index] = new Integer(value); + } else if (type.startsWith("java.math.BigInteger[")) { + int size = Integer.parseInt(type.substring(type.indexOf('[')+ 1, type.indexOf(','))); + int index = Integer.parseInt(type.substring(type.indexOf(',')+1, type.indexOf(']'))); + java.math.BigInteger objs[] = (java.math.BigInteger[])table.get(name); + if (objs == null) { + objs = new java.math.BigInteger[size]; + table.put(name, objs); + } + objs[index] = new java.math.BigInteger(value); + } else if (type.startsWith("byte[")) { + // byte array + BASE64Decoder decoder = new BASE64Decoder(); + table.put(name, decoder.decodeBuffer(value)); + } else if( type.endsWith( "Exception" ) ) { + Class[] argClass = { String.class }; // the argument's class + Object[] argValue = { value }; // the argument's value + + Class x = Class.forName( type ); + Constructor ctr = x.getConstructor( argClass ); + Exception e = ( Exception ) ctr.newInstance( argValue ); + } else { + // + System.err.println("ERROR type - " + type + " - "+ attr); + System.exit(0); + } + } + + public com.netscape.certsrv.kra.ProofOfArchival buildPOA(byte data[]) + throws Exception + { + DerInputStream dis = new DerInputStream(data); + DerValue seq[] = dis.getSequence(0); + + BigInteger mSerialNo = seq[0].getInteger().toBigInteger(); + + // subject + DerValue subject = seq[1]; + netscape.security.x509.X500Name mSubject = + new netscape.security.x509.X500Name(subject.toByteArray()); + + // issuer + DerValue issuer = seq[2]; + netscape.security.x509.X500Name mIssuer = + new netscape.security.x509.X500Name(issuer.toByteArray()); + + // date of archival + DerInputStream dateOfArchival = new DerInputStream(seq[3].toByteArray()); + Date mDateOfArchival = dateOfArchival.getUTCTime(); + com.netscape.certsrv.kra.ProofOfArchival obj = + new com.netscape.certsrv.kra.ProofOfArchival(mSerialNo, + mSubject.toString(), mIssuer.toString(), mDateOfArchival); + return obj; + } +} + +class DummyAuthManager implements com.netscape.certsrv.authentication.IAuthManager +{ + public String getName() + { + return "dummy"; + } + + public String getImplName() + { + return "dummy"; + } + + public IAuthToken authenticate(IAuthCredentials authCred) + throws EMissingCredential, EInvalidCredentials, EBaseException + { + return null; + } + + /** + * Initialize this authentication manager. + * @param name The name of this authentication manager instance. + * @param implName The name of the authentication manager plugin. + * @param config The configuration store for this authentication manager. + * @exception EBaseException If an initialization error occurred. + */ + public void init(String name, String implName, IConfigStore config) + throws EBaseException + { + } + + public void shutdown() + { + } + + public String[] getRequiredCreds() + { + return null; + } + + /** + * Get configuration parameters for this implementation. + * The configuration parameters returned is passed to the + * configuration console so configuration for instances of this + * implementation can be made through the console. + * + * @param implName The authentication manager plugin name. + * @exception EBaseException If an internal error occurred + */ + public String[] getConfigParams() + throws EBaseException + { + return null; + } + + /** + * Get the configuration store for this authentication manager. + * @return The configuration store of this authentication manager. + */ + public IConfigStore getConfigStore() + { + return null; + } +} + diff --git a/pki/base/migrate/TxtTo73/src/compile.bat b/pki/base/migrate/TxtTo73/src/compile.bat new file mode 100755 index 000000000..db46fa019 --- /dev/null +++ b/pki/base/migrate/TxtTo73/src/compile.bat @@ -0,0 +1,152 @@ +@ECHO OFF +REM --- BEGIN COPYRIGHT BLOCK --- +REM Copyright (C) 2007 Red Hat, Inc. +REM All rights reserved. +REM --- END COPYRIGHT BLOCK --- + +REM +REM This script creates the "TxtTo73/classes/Main.class", +REM "TxtTo73/classes/CMS73LdifParser.class", and +REM "TxtTo73/classes/DummyAuthManager.class" which are +REM used to create a CS 7.3 ldif data file. +REM + + +SETLOCAL + + +REM +REM Set SERVER_ROOT - identify the CS <server_root> used to compile TxtTo73 +REM + +REM SET SERVER_ROOT=C:\cs73 + + +REM +REM Set JDK_VERSION - specify the JDK version used by this version of CS +REM +REM CS 7.3 NOTE: "WINNT" - 1.4.2 +REM + +REM SET JDK_VERSION=CS_7.3 + + +REM +REM Set JAVA_HOME - specify the complete path to the JDK +REM +REM example: \\bermuda.redhat.com\sbc mounted as Y: +REM + +REM SET JAVA_HOME=Y:\cms_jdk\WINNT\%JDK_VERSION% + + +REM +REM *** DON'T CHANGE ANYTHING BELOW THIS LINE *** +REM + + +REM +REM Script-defined constants +REM + +SET CS="CS 7.3" + + +REM +REM Perform a usage check for the appropriate number of arguments: +REM + +IF "%1" == "" GOTO CHECK_ENVIRONMENT_VARIABLES + + +:USAGE +ECHO. +ECHO Usage: "%0" +ECHO. +ECHO NOTE: No arguments are required to build the +ECHO %CS% ldif data classes. +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check presence of user-defined variables +REM + +:CHECK_ENVIRONMENT_VARIABLES +IF !%SERVER_ROOT%==! GOTO ENVIRONMENT_VARIABLES_ERROR +IF !%JAVA_HOME%==! GOTO ENVIRONMENT_VARIABLES_ERROR +GOTO CHECK_SERVER_ROOT + + +:ENVIRONMENT_VARIABLES_ERROR +ECHO ERROR: Please specify the SERVER_ROOT and JAVA_HOME +ECHO environment variables for this script! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified SERVER_ROOT exists +REM + +:CHECK_SERVER_ROOT +IF EXIST %SERVER_ROOT% GOTO CHECK_JAVA_HOME + + +ECHO ERROR: The specified SERVER_ROOT does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Check that the specified JAVA_HOME exists +REM + +:CHECK_JAVA_HOME +IF EXIST %JAVA_HOME% GOTO SET_LIBRARY_PATH + + +ECHO ERROR: The specified JAVA_HOME does not exist! +ECHO. +GOTO EXIT_PROCESS + + +REM +REM Setup the appropriate library path environment variable +REM based upon the platform (WINNT) +REM + +:SET_LIBRARY_PATH +SET PATH=%SERVER_ROOT%\bin\cert\lib;%JAVA_HOME%\bin;%JAVA_HOME%\lib;%PATH% + + +REM +REM Set TARGET - identify the complete path to the new classes target directory +REM + +SET TARGET=..\classes + + +REM +REM Create the new classes target directory (if it does not already exist) +REM + +IF EXIST %TARGET% goto COMPILE_CLASSES +MKDIR %TARGET% + + +REM +REM Compile TxtTo73 - create "CMS73LdifParser.class", "DummyAuthManager.class", +REM and "Main.class" +REM + +:COMPILE_CLASSES +%JAVA_HOME%\bin\javac.exe -d %TARGET% -classpath %JAVA_HOME%\jre\lib\rt.jar;%SERVER_ROOT%\bin\cert\jars\nsutil.jar;%SERVER_ROOT%\bin\cert\jars\certsrv.jar;%SERVER_ROOT%\bin\cert\jars\cmscore.jar;%SERVER_ROOT%\bin\cert\jars\jss3.jar Main.java + + +:EXIT_PROCESS + + +ENDLOCAL + diff --git a/pki/base/migrate/TxtTo73/src/compile.sh b/pki/base/migrate/TxtTo73/src/compile.sh new file mode 100755 index 000000000..05d512a5a --- /dev/null +++ b/pki/base/migrate/TxtTo73/src/compile.sh @@ -0,0 +1,141 @@ +#!/bin/sh +# --- BEGIN COPYRIGHT BLOCK --- +# Copyright (C) 2007 Red Hat, Inc. +# All rights reserved. +# --- END COPYRIGHT BLOCK --- +##################################################################### +### ### +### This script creates the "TxtTo73/classes/Main.class", ### +### "TxtTo73/classes/CMS73LdifParser.class", and ### +### "TxtTo73/classes/DummyAuthManager.class" which are ### +### used to create a CS 7.3 ldif data file. ### +### ### +##################################################################### + + +### +### Set JDK_PLATFORM - must be "HP-UX", "Linux", or "SunOS" +### + +JDK_PLATFORM=Linux +export JDK_PLATFORM + + +### +### Set JDK_VERSION - specify the JDK version used by this version of CS +### +### CS 7.3 NOTE: "Linux" - 1.5.0 (IBM) +### "SunOS" - 1.5.0 +### + +JDK_VERSION=PKI_7.3.0 +export JDK_VERSION + + +### +### Set JAVA_HOME - specify the complete path to the JDK +### + +JAVA_HOME=/share/builds/components/cms_jdk/${JDK_PLATFORM}/${JDK_VERSION} +export JAVA_HOME + + +############################################################################ +### ### +### *** DON'T CHANGE ANYTHING BELOW THIS LINE *** ### +### ### +############################################################################ + + +### +### Script-defined constants +### + +CS="CS 7.3" +export CS + + +OS_NAME=`uname` +export OS_NAME + + +### +### Perform a usage check for the appropriate number of arguments: +### + +if [ $# -gt 0 ] ; then + echo + echo "Usage: $0" + echo + echo " NOTE: No arguments are required to build the" + echo " ${CS} ldif data classes." + echo + exit 1 +fi + + +### +### Check presence of user-defined variables +### + +if [ -z "${JAVA_HOME}" ] ; then + echo "ERROR: Please specify the SERVER_ROOT and JAVA_HOME " + echo " environment variables for this script!" + echo + exit 2 +fi + + +### +### Check that the specified JAVA_HOME exists and is a directory +### + +if [ ! -d "${JAVA_HOME}" ] ; then + echo "ERROR: Either the specified JAVA_HOME does not exist, " + echo " or it is not a directory!" + echo + exit 4 +fi + + +### +### Setup the appropriate library path environment variable +### based upon the platform +### + +if [ ${OS_NAME} = "HP-UX" ] ; then + SHLIB_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/PA_RISC/native_threads + export SHLIB_PATH +elif [ ${OS_NAME} = "Linux" ] ; then + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/i386/native_threads + export LD_LIBRARY_PATH +else # SunOS + LD_LIBRARY_PATH=/usr/lib:/usr/lib/dirsec:${JAVA_HOME}/lib:${JAVA_HOME}/lib/sparc/native_threads + export LD_LIBRARY_PATH +fi + + +### +### Set TARGET - identify the complete path to the new classes target directory +### + +TARGET=../classes +export TARGET + + +### +### Create the new classes target directory (if it does not already exist) +### + +if [ ! -d ${TARGET} ]; then + mkdir -p ${TARGET} +fi + + +### +### Compile TxtTo70 - create "CMS73LdifParser.class", "DummyAuthManager.class", +### and "Main.class" +### + +${JAVA_HOME}/bin/javac -d ${TARGET} -classpath ${JAVA_HOME}/jre/lib/rt.jar:/usr/share/java/rhpki/nsutil.jar:/usr/share/java/rhpki/certsrv.jar:/usr/share/java/rhpki/cmscore.jar:/usr/lib/java/dirsec/jss4.jar Main.java + diff --git a/pki/base/migrate/build.xml b/pki/base/migrate/build.xml new file mode 100644 index 000000000..48623cdac --- /dev/null +++ b/pki/base/migrate/build.xml @@ -0,0 +1,349 @@ +<!-- ### BEGIN COPYRIGHT BLOCK ### + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + ### END COPYRIGHT BLOCK ### --> +<project name="migrate" default="main" basedir="."> + + <import file="config/product.xml"/> + <import file="config/product-ext.xml" optional="true"/> + + + <target name="clean" + depends="" + description="--> remove component directories"> + <echo message="${begin.clean.log.message}"/> + <delete dir="${dist.base}"/> + <delete dir="${build.dir}"/> + <echo message="${end.clean.log.message}"/> + </target> + + + <target name="download" + depends="" + description="--> download dependent components"> + <echo message="${begin.download.log.message}"/> + <echo message="${empty.download.log.message}"/> + <echo message="${end.download.log.message}"/> + </target> + + + <target name="compile_java" + depends="" + description="--> compile java source code into classes"> + <echo message="${begin.compile.java.log.message}"/> + <echo message="${empty.compile.java.log.message}"/> + <echo message="${end.compile.java.log.message}"/> + </target> + + + <target name="build_jars" + depends="compile_java" + description="--> generate jar files"> + <echo message="${begin.build.jars.log.message}"/> + <echo message="${empty.build.jars.log.message}"/> + <echo message="${end.build.jars.log.message}"/> + </target> + + + <target name="build_jni_headers" + depends="compile_java" + description="--> generate jni header files"> + <echo message="${begin.build.jni.headers.log.message}"/> + <echo message="${empty.build.jni.headers.log.message}"/> + <echo message="${end.build.jni.headers.log.message}"/> + </target> + + + <target name="build" + depends="build_jars,build_jni_headers" + description="--> build classes, jars, and jni headers"> + <echo message="${notify.build.log.message}"/> + </target> + + + <target name="compile_junit_tests" + depends="build" + description="--> compile junit test source code"> + <echo message="${begin.compile.junit.tests.log.message}"/> + <echo message="${empty.compile.junit.tests.log.message}"/> + <echo message="${end.compile.junit.tests.log.message}"/> + </target> + + + <target name="run_junit_tests" + depends="compile_junit_tests" + description="--> execute junit tests"> + <echo message="${begin.run.junit.tests.log.message}"/> + <echo message="${empty.run.junit.tests.log.message}"/> + <echo message="${end.run.junit.tests.log.message}"/> + </target> + + + <target name="verify" + depends="run_junit_tests" + description="--> build and execute junit tests"> + <echo message="${notify.verify.log.message}"/> + </target> + + + <target name="clean_javadocs" + depends="" + description="--> remove javadocs directory"> + <echo message="${begin.clean.javadocs.log.message}"/> + <echo message="${empty.clean.javadocs.log.message}"/> + <echo message="${end.clean.javadocs.log.message}"/> + </target> + + + <target name="compose_javadocs" + depends="build" + description="--> generate javadocs"> + <echo message="${begin.compose.javadocs.log.message}"/> + <echo message="${empty.compose.javadocs.log.message}"/> + <echo message="${end.compose.javadocs.log.message}"/> + </target> + + + <target name="document" + depends="clean_javadocs,compose_javadocs" + description="--> remove old javadocs and compose new javadocs"> + <echo message="${notify.document.log.message}"/> + </target> + + + <target name="distribute_binaries" + depends="document" + description="--> create the zip and gzipped tar binary distributions"> + <echo message="${begin.distribute.binaries.log.message}"/> + <mkdir dir="${dist.base.binaries}"/> + + <echo message="${begin.binary.wrappers.log.message}"/> + <echo message="${empty.binary.wrappers.log.message}"/> + <echo message="${end.binary.wrappers.log.message}"/> + + <echo message="${begin.binary.zip.log.message}"/> + <zip destfile="${dist.base.binaries}/${dist.name}.zip"> + <zipfileset dir="." + filemode="755" + prefix="usr/share/${product.prefix}/${product}"> + <include name="42SP2ToTxt/**"/> + <include name="47ToTxt/**"/> + <include name="45ToTxt/**"/> + <include name="TxtTo72/**"/> + <include name="63ToTxt/**"/> + <include name="72ToTxt/**"/> + <include name="TxtTo71/**"/> + <include name="62ToTxt/**"/> + <include name="71ToTxt/**"/> + <include name="TxtTo62/**"/> + <include name="61ToTxt/**"/> + <include name="TxtTo70/**"/> + <include name="42ToTxt/**"/> + <include name="60ToTxt/**"/> + <include name="70ToTxt/**"/> + <include name="TxtTo60/**"/> + <include name="TxtTo61/**"/> + <include name="41ToTxt/**"/> + <include name="73ToTxt/**"/> + <include name="TxtTo73/**"/> + </zipfileset> + <zipfileset dir="." + filemode="755" + prefix="usr/share/doc/${dist.name}"> + <include name="LICENSE"/> + </zipfileset> + </zip> + <echo message="${end.binary.zip.log.message}"/> + + <echo message="${begin.binary.tar.log.message}"/> + <tar longfile="gnu" + destfile="${dist.base.binaries}/${dist.name}.tar"> + <tarfileset dir="." + mode="755" + prefix="${dist.name}/usr/share/${product.prefix}/${product}"> + <include name="42SP2ToTxt/**"/> + <include name="47ToTxt/**"/> + <include name="45ToTxt/**"/> + <include name="TxtTo72/**"/> + <include name="63ToTxt/**"/> + <include name="72ToTxt/**"/> + <include name="TxtTo71/**"/> + <include name="62ToTxt/**"/> + <include name="71ToTxt/**"/> + <include name="TxtTo62/**"/> + <include name="61ToTxt/**"/> + <include name="TxtTo70/**"/> + <include name="42ToTxt/**"/> + <include name="60ToTxt/**"/> + <include name="70ToTxt/**"/> + <include name="TxtTo60/**"/> + <include name="TxtTo61/**"/> + <include name="41ToTxt/**"/> + <include name="73ToTxt/**"/> + <include name="TxtTo73/**"/> + </tarfileset> + <tarfileset dir="." + mode="755" + prefix="${dist.name}/usr/share/doc/${dist.name}"> + <include name="LICENSE"/> + </tarfileset> + </tar> + <echo message="${end.binary.tar.log.message}"/> + + <echo message="${begin.binary.gtar.log.message}"/> + <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz" + src="${dist.base.binaries}/${dist.name}.tar"/> + <delete file="${dist.base.binaries}/${dist.name}.tar"/> + <delete dir="${dist.name}"/> + <checksum fileext=".md5"> + <fileset dir="${dist.base.binaries}/"> + <include name="**/*"/> + <exclude name="**/*.asc"/> + <exclude name="**/*.md5"/> + </fileset> + </checksum> + <checksum fileext=".sha1" + algorithm="SHA"> + <fileset dir="${dist.base.binaries}/"> + <include name="**/*"/> + <exclude name="**/*.asc"/> + <exclude name="**/*.md5"/> + </fileset> + </checksum> + <echo message="${end.binary.gtar.log.message}"/> + + <echo message="${end.distribute.binaries.log.message}"/> + </target> + + + <target name="distribute_source" + depends="" + description="--> create the zip and gzipped tar source distributions"> + <echo message="${begin.distribute.source.log.message}"/> + <mkdir dir="${dist.base.source}"/> + + <echo message="${begin.source.zip.log.message}"/> + <zip destfile="${dist.base.source}/${src.dist.name}.zip"> + <zipfileset dir="." + filemode="755" + prefix="${src.dist.name}"> + <include name="${specfile}"/> + <include name="LICENSE"/> + <include name="build.xml"/> + <include name="config/product*.xml"/> + <include name="config/release*.xml"/> + <include name="release"/> + <include name="41ToTxt/**"/> + <include name="42ToTxt/**"/> + <include name="42SP2ToTxt/**"/> + <include name="45ToTxt/**"/> + <include name="47ToTxt/**"/> + <include name="60ToTxt/**"/> + <include name="61ToTxt/**"/> + <include name="62ToTxt/**"/> + <include name="63ToTxt/**"/> + <include name="70ToTxt/**"/> + <include name="71ToTxt/**"/> + <include name="72ToTxt/**"/> + <include name="73ToTxt/**"/> + <include name="TxtTo60/**"/> + <include name="TxtTo61/**"/> + <include name="TxtTo62/**"/> + <include name="TxtTo70/**"/> + <include name="TxtTo71/**"/> + <include name="TxtTo72/**"/> + <include name="TxtTo73/**"/> + </zipfileset> + </zip> + <echo message="${end.source.zip.log.message}"/> + + <echo message="${begin.source.tar.log.message}"/> + <tar longfile="gnu" + destfile="${dist.base.source}/${src.dist.name}.tar"> + <tarfileset dir="." + mode="755" + prefix="${src.dist.name}"> + <include name="${specfile}"/> + <include name="LICENSE"/> + <include name="build.xml"/> + <include name="config/product*.xml"/> + <include name="config/release*.xml"/> + <include name="release"/> + <include name="41ToTxt/**"/> + <include name="42ToTxt/**"/> + <include name="42SP2ToTxt/**"/> + <include name="45ToTxt/**"/> + <include name="47ToTxt/**"/> + <include name="60ToTxt/**"/> + <include name="61ToTxt/**"/> + <include name="62ToTxt/**"/> + <include name="63ToTxt/**"/> + <include name="70ToTxt/**"/> + <include name="71ToTxt/**"/> + <include name="72ToTxt/**"/> + <include name="73ToTxt/**"/> + <include name="TxtTo60/**"/> + <include name="TxtTo61/**"/> + <include name="TxtTo62/**"/> + <include name="TxtTo70/**"/> + <include name="TxtTo71/**"/> + <include name="TxtTo72/**"/> + <include name="TxtTo73/**"/> + </tarfileset> + </tar> + <echo message="${end.source.tar.log.message}"/> + + <echo message="${begin.source.gtar.log.message}"/> + <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz" + src="${dist.base.source}/${src.dist.name}.tar"/> + <delete file="${dist.base.source}/${src.dist.name}.tar"/> + <delete dir="${dist.name}"/> + <checksum fileext=".md5"> + <fileset dir="${dist.base.source}/"> + <include name="**/*"/> + <exclude name="**/*.asc"/> + <exclude name="**/*.md5"/> + </fileset> + </checksum> + <checksum fileext=".sha1" + algorithm="SHA"> + <fileset dir="${dist.base.source}/"> + <include name="**/*"/> + <exclude name="**/*.asc"/> + <exclude name="**/*.md5"/> + </fileset> + </checksum> + <echo message="${end.source.gtar.log.message}"/> + + <echo message="${end.distribute.source.log.message}"/> + </target> + + + <target name="distribute" + depends="distribute_binaries,distribute_source" + description="--> create binary and source component distributions"> + <echo message="${notify.distribute.log.message}"/> + </target> + + + <target name="main" + depends="clean,distribute" + description="--> clean, build, verify, document, distribute [default]"> + <echo message="${notify.main.log.message}"/> + </target> + +</project> + diff --git a/pki/base/migrate/config/product.xml b/pki/base/migrate/config/product.xml new file mode 100644 index 000000000..33caf48ed --- /dev/null +++ b/pki/base/migrate/config/product.xml @@ -0,0 +1,305 @@ +<!-- ### BEGIN COPYRIGHT BLOCK ### + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + ### END COPYRIGHT BLOCK ### --> +<project name="product.xml" default="main" basedir="."> + + <!-- Set up properties based upon the user's default Ant configuration --> + <property file=".ant.properties"/> + <property file="${user.home}/.ant.properties"/> + <property environment="env"/> + + + <!-- Check for required properties passed-in via the build scripts --> + <fail message="The '-Dspecfile=SPECFILE' property MUST always be specified!" + unless="specfile"/> + + + <!-- Set up optional properties passed-in via the build scripts --> + <property name="basedir" value=""/> + <property name="dirsec" value=""/> + <property name="target" value=""/> + + + <!-- Set up properties obtained from the spec file --> + <exec executable="perl" + failonerror="true" + outputproperty="Name"> + <arg value="-ne"/> + <arg value="print $1 if /%define base_product\s+(.*)/"/> + <arg value="${specfile}"/> + </exec> + + <exec executable="perl" + failonerror="true" + outputproperty="spec.product.ui.prefix"> + <arg value="-ne"/> + <arg value="print $1 if /%define base_ui_prefix\s+(\S+)/"/> + <arg value="${specfile}"/> + </exec> + + <exec executable="perl" + failonerror="true" + outputproperty="product.prefix"> + <arg value="-ne"/> + <arg value="print $1 if /%define base_prefix\s+(\S+)/"/> + <arg value="${specfile}"/> + </exec> + + <exec executable="perl" + failonerror="true" + outputproperty="product"> + <arg value="-ne"/> + <arg value="print $1 if /%define base_component\s+(\S+)/"/> + <arg value="${specfile}"/> + </exec> + + <!-- if "spec.product.ui.prefix" is "" or "linux", --> + <!-- set "product.ui.prefix" to ""; otherwise --> + <!-- set "product.ui.prefix" to "spec.product.ui.prefix" --> + <condition property="product.ui.prefix" + value="" + else="${spec.product.ui.prefix}"> + <or> + <equals arg1="${spec.product.ui.prefix}" + arg2=""/> + <equals arg1="${spec.product.ui.prefix}" + arg2="linux"/> + </or> + </condition> + + <!-- "product.name" is of the form "x-y-z" --> + <condition property="product.name" + value="${product.ui.prefix}-${product.prefix}-${product}"> + <not> + <equals arg1="${product.ui.prefix}" + arg2=""/> + </not> + </condition> + + <!-- "product.name" is of the form "x-y" --> + <condition property="product.name" + value="${product.prefix}-${product}"> + <and> + <equals arg1="${product.ui.prefix}" + arg2=""/> + <not> + <equals arg1="${product.prefix}" + arg2=""/> + </not> + </and> + </condition> + + <!-- "product.name" is of the form "x" --> + <condition property="product.name" + value="${product}"> + <and> + <equals arg1="${product.ui.prefix}" + arg2=""/> + <equals arg1="${product.prefix}" + arg2=""/> + </and> + </condition> + + <exec executable="perl" + failonerror="true" + outputproperty="version"> + <arg value="-ne"/> + <arg value="print $1 if /%define base_version\s+(\S+)/"/> + <arg value="${specfile}"/> + </exec> + + + <!-- Set up architecture-dependent properties --> + <exec executable="uname" + failonerror="true" + outputproperty="arch"> + <arg line="-i"/> + </exec> + + <!-- Set up architecture-independent properties --> + <property name="jar.home" value="/usr/share/java"/> + <property name="pki-jar.home" value="${jar.home}/${product.prefix}"/> + <property name="jni-jar.home" value="/usr/lib/java"/> + + <!-- Set up properties that control various build options --> + <property name="debug" value="true"/> + <property name="chmod.fail" value="true"/> + <property name="chmod.maxparallel" value="250"/> + <property name="deprecation" value="false"/> + <property name="optimize" value="true"/> + + + <!-- Set up properties related to the source tree --> + <property name="docs.dir" value="docs"/> + <property name="lib.dir" value="lib"/> + <property name="src.dir" value="src"/> + <property name="test.dir" value="test"/> + <property name="etc.dir" value="${src.dir}/etc"/> + <property name="script.dir" value="${src.dir}/script"/> + + + <!-- Set up properties for the release area --> + <property name="release.root" value="."/> + + + <!-- Set up properties for the build area --> + <property name="build.dir" value="build"/> + <property name="bootstrap.dir" value="bootstrap"/> + <property name="build.jars" value="${build.dir}/jars"/> + <property name="build.classes" value="${build.dir}/classes"/> + <property name="build.lib" value="${build.dir}/lib"/> + <property name="build.javadocs" value="${build.dir}/javadocs"/> + <property name="build.tests" value="${build.dir}/testcases"/> + <property name="build.tests.javadocs" value="${build.dir}/javadocs.test/"/> + <property name="manifest.tmp" value="${build.dir}/optional.manifest"/> + + + <!-- Set up properties for the distribution area --> + <property name="dist.name" value="${product.name}-${version}"/> + <property name="dist.base" value="dist"/> + <property name="dist.base.source" value="${dist.base}/source"/> + <property name="dist.base.binaries" value="${dist.base}/binary"/> + <property name="dist.dir" value="dist"/> + <property name="dist.bin" value="${dist.dir}/bin"/> + <property name="dist.lib" value="${dist.dir}/lib"/> + <property name="dist.docs" value="${dist.dir}/docs"/> + <property name="dist.etc" value="${dist.dir}/etc"/> + <property name="src.dist.name" value="${product.name}-${version}"/> + <property name="src.dist.dir" value="dist-src"/> + <property name="src.dist.src" value="${src.dist.dir}/src"/> + <property name="src.dist.docs" value="${src.dist.dir}/docs"/> + <property name="src.dist.lib" value="${src.dist.dir}/lib"/> + + + <!-- Set up properties for log messages --> + <property name="begin.clean.log.message" + value="Removing '${product.name}' component directories ..."/> + <property name="empty.clean.log.message" + value="Nothing to do!"/> + <property name="end.clean.log.message" + value="Completed removing '${product.name}' component directories."/> + <property name="begin.download.log.message" + value="Downloading '${product.name}' dependent components ..."/> + <property name="empty.download.log.message" + value="Nothing to do!"/> + <property name="end.download.log.message" + value="Completed downloading '${product.name}' dependent components."/> + <property name="begin.compile.java.log.message" + value="Compiling '${product.name}' java code from '${src.dir}' into '${build.classes}' ..."/> + <property name="empty.compile.java.log.message" + value="Nothing to do!"/> + <property name="end.compile.java.log.message" + value="Completed compiling '${product.name}' java code from '${src.dir}' into '${build.classes}'."/> + <property name="begin.build.jars.log.message" + value="Generating '${product.name}' jar files ..."/> + <property name="empty.build.jars.log.message" + value="Nothing to do!"/> + <property name="end.build.jars.log.message" + value="Completed generating '${product.name}' jar files."/> + <property name="begin.build.jni.headers.log.message" + value="Generating '${product.name}' java header files ..."/> + <property name="empty.build.jni.headers.log.message" + value="Nothing to do!"/> + <property name="end.build.jni.headers.log.message" + value="Completed generating '${product.name}' java header files."/> + <property name="notify.build.log.message" + value="Built classes, jars, and jni headers for the '${product.name}' component."/> + <property name="begin.compile.junit.tests.log.message" + value="Compiling '${product.name}' junit tests from '${test.dir}' into '${build.tests}' ..."/> + <property name="empty.compile.junit.tests.log.message" + value="Nothing to do!"/> + <property name="end.compile.junit.tests.log.message" + value="Completed compiling '${product.name}' junit tests from '${test.dir}' into '${build.tests}'."/> + <property name="begin.run.junit.tests.log.message" + value="Executing '${product.name}' tests ..."/> + <property name="empty.run.junit.tests.log.message" + value="Nothing to do!"/> + <property name="end.run.junit.tests.log.message" + value="Completed executing '${product.name}' tests."/> + <property name="notify.verify.log.message" + value="Verified the '${product.name}' component."/> + <property name="begin.clean.javadocs.log.message" + value="Removing '${product.name}' javadocs directory ..."/> + <property name="empty.clean.javadocs.log.message" + value="Nothing to do!"/> + <property name="end.clean.javadocs.log.message" + value="Completed removing '${product.name}' javadocs directory."/> + <property name="begin.compose.javadocs.log.message" + value="Composing '${product.name}' javadocs ..."/> + <property name="empty.compose.javadocs.log.message" + value="Nothing to do!"/> + <property name="end.compose.javadocs.log.message" + value="Completed composing '${product.name}' javadocs."/> + <property name="notify.document.log.message" + value="Documented '${product.name}' javadocs."/> + <property name="begin.distribute.binaries.log.message" + value="Creating '${product.name}' binary distributions ..."/> + <property name="begin.binary.wrappers.log.message" + value=" Creating '${product.name}' binary wrappers ..."/> + <property name="empty.binary.wrappers.log.message" + value=" Nothing to do!"/> + <property name="end.binary.wrappers.log.message" + value=" Completed creating '${product.name}' binary wrappers."/> + <property name="begin.binary.zip.log.message" + value=" Creating '${product.name}' binary zip files ..."/> + <property name="empty.binary.zip.log.message" + value=" Nothing to do!"/> + <property name="end.binary.zip.log.message" + value=" Completed creating '${product.name}' binary zip files."/> + <property name="begin.binary.tar.log.message" + value=" Creating '${product.name}' binary tar files ..."/> + <property name="empty.binary.tar.log.message" + value=" Nothing to do!"/> + <property name="end.binary.tar.log.message" + value=" Completed creating '${product.name}' binary tar files."/> + <property name="begin.binary.gtar.log.message" + value=" Creating '${product.name}' binary gzip files ..."/> + <property name="empty.binary.gtar.log.message" + value=" Nothing to do!"/> + <property name="end.binary.gtar.log.message" + value=" Completed creating '${product.name}' binary gzip files."/> + <property name="end.distribute.binaries.log.message" + value="Completed creating '${product.name}' binary distributions."/> + <property name="begin.distribute.source.log.message" + value="Creating '${product.name}' source distributions ..."/> + <property name="begin.source.zip.log.message" + value=" Creating '${product.name}' source zip files ..."/> + <property name="empty.source.zip.log.message" + value=" Nothing to do!"/> + <property name="end.source.zip.log.message" + value=" Completed creating '${product.name}' source zip files."/> + <property name="begin.source.tar.log.message" + value=" Creating '${product.name}' source tar files ..."/> + <property name="empty.source.tar.log.message" + value=" Nothing to do!"/> + <property name="end.source.tar.log.message" + value=" Completed creating '${product.name}' source tar files."/> + <property name="begin.source.gtar.log.message" + value=" Creating '${product.name}' source gzip files ..."/> + <property name="empty.source.gtar.log.message" + value=" Nothing to do!"/> + <property name="end.source.gtar.log.message" + value=" Completed creating '${product.name}' source gzip files."/> + <property name="end.distribute.source.log.message" + value="Completed creating '${product.name}' source distributions."/> + <property name="notify.distribute.log.message" + value="Distributed '${product.name}' distribution packages."/> + <property name="notify.main.log.message" + value="Built, verified, documented, and distributed a fresh '${product.name}' component."/> + +</project> + diff --git a/pki/base/migrate/config/release.xml b/pki/base/migrate/config/release.xml new file mode 100644 index 000000000..fc43aaeb7 --- /dev/null +++ b/pki/base/migrate/config/release.xml @@ -0,0 +1,86 @@ +<!-- ### BEGIN COPYRIGHT BLOCK ### + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + ### END COPYRIGHT BLOCK ### --> +<project name="release.xml" default="main" basedir="${basedir}"> + + <echo message="Importing shared properties ..."/> + <import file="product.xml"/> + <import file="product-ext.xml" optional="true"/> + <import file="release-ext.xml" optional="true"/> + <echo message="Completed importing shared properties."/> + + + <target name="local" + depends="" + description="--> Generate this target locally"> + <echo message="Generating the '${product.name}' target locally ..."/> + <exec executable="ant" dir="${release.root}"> + <arg value="-Dspecfile=${product.name}.spec"/> + <arg value="-Ddirsec=${dirsec}"/> + <arg value="${target}"/> + </exec> + <echo message="Completed generating the '${product.name}' target locally."/> + </target> + + + <target name="main" + depends="" + description="--> Generate component RPMS and SRPMS"> + <echo message="Generating '${product.name}' RPMS and SRPMS ..."/> + + <exec executable="pwd" + failonerror="true" + outputproperty="top.dir"/> + <echo message="Established the '${top.dir}' top-level directory."/> + + <echo message="Creating the '${product.name}' source distribution ..."/> + <exec executable="ant" + dir="${release.root}"> + <arg value="-Dspecfile=${product.name}.spec"/> + <arg value="-Ddirsec=${dirsec}"/> + <arg value="distribute_source"/> + </exec> + <echo message="Completed creating the '${product.name}' source distribution."/> + + <echo message="Creating '${product.name}' RPM directories ..."/> + <mkdir dir="${release.root}/dist/rpmpkg"/> + <mkdir dir="${release.root}/dist/rpmpkg/SOURCES"/> + <mkdir dir="${release.root}/dist/rpmpkg/RPMS"/> + <mkdir dir="${release.root}/dist/rpmpkg/SRPMS"/> + <mkdir dir="${release.root}/dist/rpmpkg/SPECS"/> + <mkdir dir="${release.root}/dist/rpmpkg/BUILD"/> + <echo message="Completed creating '${product.name}' RPM directories."/> + + <echo message="Building '${product.name}' RPMS and SRPMS ..."/> + <exec executable="rpmbuild" + dir="${release.root}"> + <arg value="--define"/> + <arg value="_topdir ${top.dir}/${release.root}/dist/rpmpkg"/> + <arg value="-ta"/> + <arg value="${top.dir}/${release.root}/dist/source/${product.name}-${version}.tar.gz"/> + </exec> + <echo message="Completed building '${product.name}' RPMS and SRPMS."/> + + <echo message="Removing various '${product.name}' RPM directories and files ..."/> + <delete dir="${release.root}/dist/rpmpkg/BUILD"/> + <echo message="Completed removing various '${product.name}' RPM directories and files."/> + + <echo message="Completed generating '${product.name}' RPMS and SRPMS."/> + </target> + +</project> + diff --git a/pki/base/migrate/kra/RecoverKey.class b/pki/base/migrate/kra/RecoverKey.class Binary files differnew file mode 100755 index 000000000..756380e8d --- /dev/null +++ b/pki/base/migrate/kra/RecoverKey.class diff --git a/pki/base/migrate/kra/RecoverKey.java b/pki/base/migrate/kra/RecoverKey.java new file mode 100755 index 000000000..06e5fc55f --- /dev/null +++ b/pki/base/migrate/kra/RecoverKey.java @@ -0,0 +1,101 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +// package com.netscape.cmstools; + +import org.mozilla.jss.pkix.cmc.*; +import org.mozilla.jss.pkix.cms.*; +import org.mozilla.jss.pkix.cert.*; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkcs10.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.SignatureAlgorithm; +import org.mozilla.jss.crypto.DigestAlgorithm; +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.util.*; +import org.mozilla.jss.*; + +import sun.misc.BASE64Encoder; +import sun.misc.*; + +import java.io.*; +import java.util.*; + +import com.netscape.cmscore.shares.*; + +public class RecoverKey { + + public static void main(String args[]) throws Exception + { + if (args.length != 6) { + System.out.println("Usage: RecoverKey <alias directory> <prefix> <password> <pin> <nickname> <kra-key.db path>"); + System.exit(0); + } + + String alias = args[0]; + String prefix = args[1]; + String password = args[2]; + String pin = args[3]; + String nickname = args[4]; + String db_path = args[5]; + + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(alias, + prefix, prefix, "secmod.db"); + + CryptoManager.initialize(vals); + CryptoManager cm = CryptoManager.getInstance(); + + CryptoToken token = cm.getInternalKeyStorageToken(); + token.login(new Password(password.toCharArray())); + + // retrieve public key + X509Certificate cert = cm.findCertByNickname(nickname); + + // retrieve encrypted private key material + File priFile = new File(db_path); + byte priData[] = new byte[(new Long(priFile.length())).intValue()]; + FileInputStream fi = new FileInputStream(priFile); + fi.read(priData); + fi.close(); + + // recover private key + Password pass = new Password(pin.toCharArray()); + KeyGenerator kg = token.getKeyGenerator( + PBEAlgorithm.PBE_SHA1_DES3_CBC); + byte iv[] = {0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01}; + PBEKeyGenParams kgp = new PBEKeyGenParams(pass, + iv, 5); + + pass.clear(); + kg.initialize(kgp); + SymmetricKey sk = kg.generate(); + + KeyWrapper wrapper = token.getKeyWrapper(KeyWrapAlgorithm.DES3_CBC_PAD); + wrapper.initUnwrap(sk, new IVParameterSpec(iv)); + PrivateKey pk = wrapper.unwrapPrivate(priData, + PrivateKey.RSA, cert.getPublicKey()); + + System.out.println("=> Private is '" + pk + "'"); + } +} diff --git a/pki/base/migrate/kra/RecoverPin.class b/pki/base/migrate/kra/RecoverPin.class Binary files differnew file mode 100755 index 000000000..75db9d5f9 --- /dev/null +++ b/pki/base/migrate/kra/RecoverPin.class diff --git a/pki/base/migrate/kra/RecoverPin.java b/pki/base/migrate/kra/RecoverPin.java new file mode 100755 index 000000000..2ad268c37 --- /dev/null +++ b/pki/base/migrate/kra/RecoverPin.java @@ -0,0 +1,149 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + + +// package com.netscape.cmstools; + +import org.mozilla.jss.pkix.cmc.*; +import org.mozilla.jss.pkix.cms.*; +import org.mozilla.jss.pkix.cert.*; +import org.mozilla.jss.pkix.primitive.*; +import org.mozilla.jss.asn1.*; +import org.mozilla.jss.pkcs10.*; +import org.mozilla.jss.crypto.*; +import org.mozilla.jss.CryptoManager; +import org.mozilla.jss.crypto.CryptoToken; +import org.mozilla.jss.crypto.SignatureAlgorithm; +import org.mozilla.jss.crypto.DigestAlgorithm; +import org.mozilla.jss.crypto.X509Certificate; +import org.mozilla.jss.util.*; +import org.mozilla.jss.*; + +import sun.misc.BASE64Encoder; +import sun.misc.*; + +import java.io.*; +import java.util.*; + +import com.netscape.cmscore.shares.*; + +public class RecoverPin { + + public static String getPassword(Hashtable shares) throws Exception + { + System.out.println("Share size '" + shares.size() + "'"); + JoinShares j = new JoinShares(shares.size()); + + Enumeration e = shares.keys(); + while (e.hasMoreElements()) { + String next = (String) e.nextElement(); +System.out.println("Add share " + (int)(Integer.parseInt(next) + 1)); + j.addShare(Integer.parseInt(next) + 1, + (byte[]) shares.get(next)); + } + byte secret[] = j.recoverSecret(); + String pwd = new String(secret); + return pwd; + } + + public static byte[] resizeShare(byte share[]) { + byte data[] = new byte[share.length - 2]; + + for (int i = 2; i < share.length; i++) { + data[i - 2] = share[i]; + } + return data; + } + + public static Hashtable getShares(CryptoToken token, + Properties kra_mn_p) throws Exception + { + BufferedReader br = new BufferedReader( new InputStreamReader(System.in)); + Hashtable v = new Hashtable(); + Enumeration e = kra_mn_p.keys(); + int n = Integer.parseInt((String)kra_mn_p.get("n")); + for (int i = 0; i < n; i++) { + String uid = (String)kra_mn_p.get("uid"+i); + System.out.println("Got uid '" + uid + "'"); + + String encrypted = (String)kra_mn_p.get("share"+i); + System.out.println("Got share '" + encrypted + "'"); + + BASE64Decoder decoder = new BASE64Decoder(); + byte share[] = decoder.decodeBuffer(encrypted); + System.out.println("Got encrypted share length '" + + share.length + "'"); + + System.out.println("Please input password for " + uid + ":"); + String pwd = br.readLine(); + System.out.println("Got password '" + pwd + "'"); + + Cipher cipher = token.getCipherContext( + EncryptionAlgorithm.DES3_CBC_PAD); + byte iv[] = {0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01}; + Password pass = new Password(pwd.toCharArray()); + KeyGenerator kg = token.getKeyGenerator( + PBEAlgorithm.PBE_SHA1_DES3_CBC); + PBEKeyGenParams kgp = new PBEKeyGenParams(pass, + iv, 5); + kg.initialize(kgp); + SymmetricKey sk = kg.generate(); + cipher.initDecrypt(sk, new IVParameterSpec(iv)); + byte dec[] = cipher.doFinal(share); + System.out.println("Got decrypted share length '" + dec.length + "'"); + System.out.println("Got share[0] '" + dec[0] + "'"); + System.out.println("Got share[1] '" + dec[1] + "'"); + byte res[] = resizeShare(dec); + v.put(Integer.toString(i), res); + } + return v; + } + + public static void main(String args[]) throws Exception + { + if (args.length != 4) { + System.out.println("Usage: RecoverPin <alias directory> <prefix> <password> <kra-mn.conf path>"); + System.exit(0); + } + + String alias = args[0]; + String prefix = args[1]; + String password = args[2]; + String path_kra_mn = args[3]; + + CryptoManager.InitializationValues vals = + new CryptoManager.InitializationValues(alias, + prefix, prefix, "secmod.db"); + + CryptoManager.initialize(vals); + CryptoManager cm = CryptoManager.getInstance(); + + // load files into properties + Properties kra_mn_p = new Properties(); + kra_mn_p.load(new FileInputStream(path_kra_mn)); + + CryptoToken token = cm.getInternalKeyStorageToken(); + token.login(new Password(password.toCharArray())); + + Hashtable shares = getShares(token, kra_mn_p); + + String pwd = getPassword(shares); + System.out.println("=> Pin is '" + pwd + "'"); + } +} diff --git a/pki/base/migrate/kra/readme.txt b/pki/base/migrate/kra/readme.txt new file mode 100755 index 000000000..8b7b69b49 --- /dev/null +++ b/pki/base/migrate/kra/readme.txt @@ -0,0 +1,130 @@ +Date + + Tue Oct 17 16:11:07 PDT 2006 + +Version + + CMS 6.1 + +Overview + + In CMS6.1 Data Recovery Manager (DRM), it has deployed a + complicated key splitting scheme where software token and + hardware token are treated differently. + + Both software and hardware token requires a group of N recovery agents + to be present during the configuration. A Pin is randomly generated + and splitted into N pieces called shares. Each share is encrypted with + a password provided by the individual recovery agent. This is to + ensure no single recovery agent to access the pin. + + For software token, during configuration, a storage key pair is + generated, and the private key portion is then encrypted by the + Pin mentioned above. The encrypted key is stored in a file called + kra-key.db in the conf directory. The configuration deletes + the private key from the software token. For each recovery + operation, the private key is then reconstructed and imported + into the software token. + + For hardware token, during configuration, a storage key pair is + generated on the selected token, then the configuration changes the + hardware token's pin to the randomly generated pin mentioned above. + For each recovery operation, the token's pin is reconstructed and + private key is accessed. + + To provide migration on the user keys that were encrypted with the + storage keys of CS6.1, we need to be able to migrate the public and + private keys to the new system. To access the private key, we need + to have a way to reconstruct the pin. + + This support package provides 2 utilities that can assist the + migration. + +Programs + + RecoverPin - This command is to reconstruct the pin. It reads + the shares from conf/kra-mn.conf, and prompts for + agent passwords. It then reconstructs and prints the + pin to the screen. + + RecoverKey - For software token deployment, the encrypted private + key is stored in the file conf/kra-key.db. To recover + the private key, the user needs to use the pin obtained + from RecoverPin. Once the private key is recovered into + the security database. The user can use pk12util to + migrate key to the new installation. For hardware token + deployment, this command is not necessary. + +Examples + + Here is an example of RecoverPin usage + + java -classpath <server-root>/bin/cert/jars/cmscore.jar:<server-root>/bin/cert/jars/nsutil.jar:<server-root>/bin/cert/jars/jss3.jar:. RecoverPin <path to alias directory> <prefix> <password> <key splitting scheme file> + + For example, + + java -classpath /home/user/cs61/servers/bin/cert/jars/cmscore.jar:/export/home/user/cs61/servers/bin/cert/jars/nsutil.jar:/export/home/user/cs61/servers/bin/cert/jars/jss3.jar:. RecoverPin /export/home/user/cs61/servers/alias "cert-drm-sunburst-" netscape /export/home/user/cs61/servers/cert-drm/config/kra-mn.conf + + The output is: + + Got uid 'agent1' + Got share 'A23UO/q9f40=' + Got encrypted share length '8' + Please input password for agent1: + netscape1 + Got password 'netscape1' + Got decrypted share length '2' + Got share[0] '0' + Got share[1] '0' + Got uid 'agent2' + Got share 'R+zGVd5zczI=' + Got encrypted share length '8' + Please input password for agent2: + netscape2 + Got password 'netscape2' + Got decrypted share length '2' + Got share[0] '0' + Got share[1] '0' + Got uid 'agent3' + Got share 'lsipE7cM8jg=' + Got encrypted share length '8' + Please input password for agent3: + netscape3 + Got password 'netscape3' + Got decrypted share length '2' + Got share[0] '0' + Got share[1] '0' + Share size '3' + Add share 3 + Add share 2 + Add share 1 + => Pin is '' + + Here is an example of RecoverKey usage + + java -classpath <server-root>/bin/cert/jars/cmscore.jar:<server-root>/bin/cert/jars/nsutil.jar:<server-root>/bin/cert/jars/jss3.jar:. RecoverKey <alias path> <prefix> <db password> <pin from RecoverPin> <nickname> <key db path> + + For example, + + java -classpath /export/home/user/cs61/servers/bin/cert/jars/cmscore.jar:/export/home/user/cs61/servers/bin/cert/jars/nsutil.jar:/export/home/user/cs61/servers/bin/cert/jars/jss3.jar:. RecoverKey /export/home/user/cs61/servers/alias cert-drm-sunburst- "netscape" "" "kraStorageCert 1161121005622" /export/home/user/cs61/servers/cert-drm/config/kra-key.db + + The output is: + + => Private is 'org.mozilla.jss.pkcs11.PK11RSAPrivateKey@1ab8f9e' + +To make the private and public key exportable via pk12util. You need to first +backup the storage certificate, delete it, and then import it +again. For example, + + certutil -d . -P cert-drm-sunburst- \ + -n "kraStorageCert 1161121005622" -a > storageCert.txt + + certutil -d . -P cert-drm-sunburst- -D -n "kraStorageCert 1161121005622" + + certutil -d . -P cert-drm-sunburst- -A -t "u,u,u" \ + -n "kraStorageCert 1161121005622" -i storageCert.txt + +Finally, you can export the private and public key using pk12util + + pk12util -o storage.p12 -d . -P cert-drm-sunburst- \ + -n "kraStorageCert 1161121005622" |