summaryrefslogtreecommitdiffstats
path: root/pki/base/setup
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/setup')
-rw-r--r--pki/base/setup/LICENSE311
-rw-r--r--pki/base/setup/build.xml293
-rw-r--r--pki/base/setup/config/product.xml305
-rw-r--r--pki/base/setup/config/release.xml86
-rwxr-xr-xpki/base/setup/pkicommon2150
-rwxr-xr-xpki/base/setup/pkicreate2939
-rwxr-xr-xpki/base/setup/pkihost157
-rwxr-xr-xpki/base/setup/pkiremove419
8 files changed, 6660 insertions, 0 deletions
diff --git a/pki/base/setup/LICENSE b/pki/base/setup/LICENSE
new file mode 100644
index 000000000..e36f2269a
--- /dev/null
+++ b/pki/base/setup/LICENSE
@@ -0,0 +1,311 @@
+This Program is free software; you can redistribute it and/or modify
+it under the terms of the GNU General Public License as published
+by the Free Software Foundation; version 2 of the License.
+
+This Program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+for more details.
+
+You should have received a copy of the GNU General Public License
+along with this Program; if not, write to the Free Software
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+
+In addition, as a special exception, Red Hat, Inc. gives You the additional
+right to link the code of this Program with code not covered under the GNU
+General Public License ("Non-GPL Code") and to distribute linked combinations
+including the two, subject to the limitations in this paragraph. Non-GPL
+Code permitted under this exception must only link to the code of this
+Program through those well defined interfaces identified in the file named
+EXCEPTION found in the source code files (the "Approved Interfaces").
+
+The files of Non-GPL Code may instantiate templates or use macros or inline
+functions from the Approved Interfaces without causing the resulting work to
+be covered by the GNU General Public License. Only Red Hat, Inc. may make
+changes or additions to the list of Approved Interfaces. You must obey the
+GNU General Public License in all respects for all of the Program code and
+other code used in conjunction with the Program except the Non-GPL Code
+covered by this exception. If you modify this file, you may extend this
+exception to your version of the file, but you are not obligated to do so.
+If you do not wish to provide this exception without modification, you must
+delete this exception statement from your version and license this file
+solely under the GPL without exception.
+
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/pki/base/setup/build.xml b/pki/base/setup/build.xml
new file mode 100644
index 000000000..60b66a065
--- /dev/null
+++ b/pki/base/setup/build.xml
@@ -0,0 +1,293 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ ### END COPYRIGHT BLOCK ### -->
+<project name="setup" default="main" basedir=".">
+
+ <import file="config/product.xml"/>
+ <import file="config/product-ext.xml" optional="true"/>
+
+
+ <target name="clean"
+ depends=""
+ description="--> remove component directories">
+ <echo message="${begin.clean.log.message}"/>
+ <delete dir="${dist.base}"/>
+ <delete dir="${build.dir}"/>
+ <echo message="${end.clean.log.message}"/>
+ </target>
+
+
+ <target name="download"
+ depends=""
+ description="--> download dependent components">
+ <echo message="${begin.download.log.message}"/>
+ <echo message="${empty.download.log.message}"/>
+ <echo message="${end.download.log.message}"/>
+ </target>
+
+
+ <target name="compile_java"
+ depends=""
+ description="--> compile java source code into classes">
+ <echo message="${begin.compile.java.log.message}"/>
+ <echo message="${empty.compile.java.log.message}"/>
+ <echo message="${end.compile.java.log.message}"/>
+ </target>
+
+
+ <target name="build_jars"
+ depends="compile_java"
+ description="--> generate jar files">
+ <echo message="${begin.build.jars.log.message}"/>
+ <echo message="${empty.build.jars.log.message}"/>
+ <echo message="${end.build.jars.log.message}"/>
+ </target>
+
+
+ <target name="build_jni_headers"
+ depends="compile_java"
+ description="--> generate jni header files">
+ <echo message="${begin.build.jni.headers.log.message}"/>
+ <echo message="${empty.build.jni.headers.log.message}"/>
+ <echo message="${end.build.jni.headers.log.message}"/>
+ </target>
+
+
+ <target name="build"
+ depends="build_jars,build_jni_headers"
+ description="--> build classes, jars, and jni headers">
+ <echo message="${notify.build.log.message}"/>
+ </target>
+
+
+ <target name="compile_junit_tests"
+ depends="build"
+ description="--> compile junit test source code">
+ <echo message="${begin.compile.junit.tests.log.message}"/>
+ <echo message="${empty.compile.junit.tests.log.message}"/>
+ <echo message="${end.compile.junit.tests.log.message}"/>
+ </target>
+
+
+ <target name="run_junit_tests"
+ depends="compile_junit_tests"
+ description="--> execute junit tests">
+ <echo message="${begin.run.junit.tests.log.message}"/>
+ <echo message="${empty.run.junit.tests.log.message}"/>
+ <echo message="${end.run.junit.tests.log.message}"/>
+ </target>
+
+
+ <target name="verify"
+ depends="run_junit_tests"
+ description="--> build and execute junit tests">
+ <echo message="${notify.verify.log.message}"/>
+ </target>
+
+
+ <target name="clean_javadocs"
+ depends=""
+ description="--> remove javadocs directory">
+ <echo message="${begin.clean.javadocs.log.message}"/>
+ <echo message="${empty.clean.javadocs.log.message}"/>
+ <echo message="${end.clean.javadocs.log.message}"/>
+ </target>
+
+
+ <target name="compose_javadocs"
+ depends="build"
+ description="--> generate javadocs">
+ <echo message="${begin.compose.javadocs.log.message}"/>
+ <echo message="${empty.compose.javadocs.log.message}"/>
+ <echo message="${end.compose.javadocs.log.message}"/>
+ </target>
+
+
+ <target name="document"
+ depends="clean_javadocs,compose_javadocs"
+ description="--> remove old javadocs and compose new javadocs">
+ <echo message="${notify.document.log.message}"/>
+ </target>
+
+
+ <target name="distribute_binaries"
+ depends="document"
+ description="--> create the zip and gzipped tar binary distributions">
+ <echo message="${begin.distribute.binaries.log.message}"/>
+ <mkdir dir="${dist.base.binaries}"/>
+
+ <echo message="${begin.binary.wrappers.log.message}"/>
+ <echo message="${empty.binary.wrappers.log.message}"/>
+ <echo message="${end.binary.wrappers.log.message}"/>
+
+ <echo message="${begin.binary.zip.log.message}"/>
+ <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+ <zipfileset dir="."
+ filemode="755"
+ prefix="usr/bin">
+ <include name="pkihost"/>
+ <include name="pkicreate"/>
+ <include name="pkiremove"/>
+ </zipfileset>
+ <zipfileset dir="."
+ filemode="755"
+ prefix="usr/share/${product.prefix}/scripts">
+ <include name="pkicommon"/>
+ </zipfileset>
+ <zipfileset dir="."
+ filemode="755"
+ prefix="usr/share/doc/${dist.name}">
+ <include name="LICENSE"/>
+ </zipfileset>
+ </zip>
+ <echo message="${end.binary.zip.log.message}"/>
+
+ <echo message="${begin.binary.tar.log.message}"/>
+ <tar longfile="gnu"
+ destfile="${dist.base.binaries}/${dist.name}.tar">
+ <tarfileset dir="."
+ mode="755"
+ prefix="${dist.name}/usr/bin">
+ <include name="pkihost"/>
+ <include name="pkicreate"/>
+ <include name="pkiremove"/>
+ </tarfileset>
+ <tarfileset dir="."
+ mode="755"
+ prefix="${dist.name}/usr/share/${product.prefix}/scripts">
+ <include name="pkicommon"/>
+ </tarfileset>
+ <tarfileset dir="."
+ mode="755"
+ prefix="${dist.name}/usr/share/doc/${dist.name}">
+ <include name="LICENSE"/>
+ </tarfileset>
+ </tar>
+ <echo message="${end.binary.tar.log.message}"/>
+
+ <echo message="${begin.binary.gtar.log.message}"/>
+ <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+ src="${dist.base.binaries}/${dist.name}.tar"/>
+ <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+ <delete dir="${dist.name}"/>
+ <checksum fileext=".md5">
+ <fileset dir="${dist.base.binaries}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <checksum fileext=".sha1"
+ algorithm="SHA">
+ <fileset dir="${dist.base.binaries}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <echo message="${end.binary.gtar.log.message}"/>
+
+ <echo message="${end.distribute.binaries.log.message}"/>
+ </target>
+
+
+ <target name="distribute_source"
+ depends=""
+ description="--> create the zip and gzipped tar source distributions">
+ <echo message="${begin.distribute.source.log.message}"/>
+ <mkdir dir="${dist.base.source}"/>
+
+ <echo message="${begin.source.zip.log.message}"/>
+ <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+ <zipfileset dir="."
+ filemode="755"
+ prefix="${src.dist.name}">
+ <include name="${specfile}"/>
+ <include name="LICENSE"/>
+ <include name="build.xml"/>
+ <include name="config/product*.xml"/>
+ <include name="config/release*.xml"/>
+ <include name="pkicreate"/>
+ <include name="pkicommon"/>
+ <include name="pkihost"/>
+ <include name="pkiremove"/>
+ <include name="release"/>
+ </zipfileset>
+ </zip>
+ <echo message="${end.source.zip.log.message}"/>
+
+ <echo message="${begin.source.tar.log.message}"/>
+ <tar longfile="gnu"
+ destfile="${dist.base.source}/${src.dist.name}.tar">
+ <tarfileset dir="."
+ mode="755"
+ prefix="${src.dist.name}">
+ <include name="${specfile}"/>
+ <include name="LICENSE"/>
+ <include name="build.xml"/>
+ <include name="config/product*.xml"/>
+ <include name="config/release*.xml"/>
+ <include name="pkicreate"/>
+ <include name="pkicommon"/>
+ <include name="pkihost"/>
+ <include name="pkiremove"/>
+ <include name="release"/>
+ </tarfileset>
+ </tar>
+ <echo message="${end.source.tar.log.message}"/>
+
+ <echo message="${begin.source.gtar.log.message}"/>
+ <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+ src="${dist.base.source}/${src.dist.name}.tar"/>
+ <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+ <delete dir="${dist.name}"/>
+ <checksum fileext=".md5">
+ <fileset dir="${dist.base.source}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <checksum fileext=".sha1"
+ algorithm="SHA">
+ <fileset dir="${dist.base.source}/">
+ <include name="**/*"/>
+ <exclude name="**/*.asc"/>
+ <exclude name="**/*.md5"/>
+ </fileset>
+ </checksum>
+ <echo message="${end.source.gtar.log.message}"/>
+
+ <echo message="${end.distribute.source.log.message}"/>
+ </target>
+
+
+ <target name="distribute"
+ depends="distribute_binaries,distribute_source"
+ description="--> create binary and source component distributions">
+ <echo message="${notify.distribute.log.message}"/>
+ </target>
+
+
+ <target name="main"
+ depends="clean,distribute"
+ description="--> clean, build, verify, document, distribute [default]">
+ <echo message="${notify.main.log.message}"/>
+ </target>
+
+</project>
+
diff --git a/pki/base/setup/config/product.xml b/pki/base/setup/config/product.xml
new file mode 100644
index 000000000..33caf48ed
--- /dev/null
+++ b/pki/base/setup/config/product.xml
@@ -0,0 +1,305 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ ### END COPYRIGHT BLOCK ### -->
+<project name="product.xml" default="main" basedir=".">
+
+ <!-- Set up properties based upon the user's default Ant configuration -->
+ <property file=".ant.properties"/>
+ <property file="${user.home}/.ant.properties"/>
+ <property environment="env"/>
+
+
+ <!-- Check for required properties passed-in via the build scripts -->
+ <fail message="The '-Dspecfile=SPECFILE' property MUST always be specified!"
+ unless="specfile"/>
+
+
+ <!-- Set up optional properties passed-in via the build scripts -->
+ <property name="basedir" value=""/>
+ <property name="dirsec" value=""/>
+ <property name="target" value=""/>
+
+
+ <!-- Set up properties obtained from the spec file -->
+ <exec executable="perl"
+ failonerror="true"
+ outputproperty="Name">
+ <arg value="-ne"/>
+ <arg value="print $1 if /%define base_product\s+(.*)/"/>
+ <arg value="${specfile}"/>
+ </exec>
+
+ <exec executable="perl"
+ failonerror="true"
+ outputproperty="spec.product.ui.prefix">
+ <arg value="-ne"/>
+ <arg value="print $1 if /%define base_ui_prefix\s+(\S+)/"/>
+ <arg value="${specfile}"/>
+ </exec>
+
+ <exec executable="perl"
+ failonerror="true"
+ outputproperty="product.prefix">
+ <arg value="-ne"/>
+ <arg value="print $1 if /%define base_prefix\s+(\S+)/"/>
+ <arg value="${specfile}"/>
+ </exec>
+
+ <exec executable="perl"
+ failonerror="true"
+ outputproperty="product">
+ <arg value="-ne"/>
+ <arg value="print $1 if /%define base_component\s+(\S+)/"/>
+ <arg value="${specfile}"/>
+ </exec>
+
+ <!-- if "spec.product.ui.prefix" is "" or "linux", -->
+ <!-- set "product.ui.prefix" to ""; otherwise -->
+ <!-- set "product.ui.prefix" to "spec.product.ui.prefix" -->
+ <condition property="product.ui.prefix"
+ value=""
+ else="${spec.product.ui.prefix}">
+ <or>
+ <equals arg1="${spec.product.ui.prefix}"
+ arg2=""/>
+ <equals arg1="${spec.product.ui.prefix}"
+ arg2="linux"/>
+ </or>
+ </condition>
+
+ <!-- "product.name" is of the form "x-y-z" -->
+ <condition property="product.name"
+ value="${product.ui.prefix}-${product.prefix}-${product}">
+ <not>
+ <equals arg1="${product.ui.prefix}"
+ arg2=""/>
+ </not>
+ </condition>
+
+ <!-- "product.name" is of the form "x-y" -->
+ <condition property="product.name"
+ value="${product.prefix}-${product}">
+ <and>
+ <equals arg1="${product.ui.prefix}"
+ arg2=""/>
+ <not>
+ <equals arg1="${product.prefix}"
+ arg2=""/>
+ </not>
+ </and>
+ </condition>
+
+ <!-- "product.name" is of the form "x" -->
+ <condition property="product.name"
+ value="${product}">
+ <and>
+ <equals arg1="${product.ui.prefix}"
+ arg2=""/>
+ <equals arg1="${product.prefix}"
+ arg2=""/>
+ </and>
+ </condition>
+
+ <exec executable="perl"
+ failonerror="true"
+ outputproperty="version">
+ <arg value="-ne"/>
+ <arg value="print $1 if /%define base_version\s+(\S+)/"/>
+ <arg value="${specfile}"/>
+ </exec>
+
+
+ <!-- Set up architecture-dependent properties -->
+ <exec executable="uname"
+ failonerror="true"
+ outputproperty="arch">
+ <arg line="-i"/>
+ </exec>
+
+ <!-- Set up architecture-independent properties -->
+ <property name="jar.home" value="/usr/share/java"/>
+ <property name="pki-jar.home" value="${jar.home}/${product.prefix}"/>
+ <property name="jni-jar.home" value="/usr/lib/java"/>
+
+ <!-- Set up properties that control various build options -->
+ <property name="debug" value="true"/>
+ <property name="chmod.fail" value="true"/>
+ <property name="chmod.maxparallel" value="250"/>
+ <property name="deprecation" value="false"/>
+ <property name="optimize" value="true"/>
+
+
+ <!-- Set up properties related to the source tree -->
+ <property name="docs.dir" value="docs"/>
+ <property name="lib.dir" value="lib"/>
+ <property name="src.dir" value="src"/>
+ <property name="test.dir" value="test"/>
+ <property name="etc.dir" value="${src.dir}/etc"/>
+ <property name="script.dir" value="${src.dir}/script"/>
+
+
+ <!-- Set up properties for the release area -->
+ <property name="release.root" value="."/>
+
+
+ <!-- Set up properties for the build area -->
+ <property name="build.dir" value="build"/>
+ <property name="bootstrap.dir" value="bootstrap"/>
+ <property name="build.jars" value="${build.dir}/jars"/>
+ <property name="build.classes" value="${build.dir}/classes"/>
+ <property name="build.lib" value="${build.dir}/lib"/>
+ <property name="build.javadocs" value="${build.dir}/javadocs"/>
+ <property name="build.tests" value="${build.dir}/testcases"/>
+ <property name="build.tests.javadocs" value="${build.dir}/javadocs.test/"/>
+ <property name="manifest.tmp" value="${build.dir}/optional.manifest"/>
+
+
+ <!-- Set up properties for the distribution area -->
+ <property name="dist.name" value="${product.name}-${version}"/>
+ <property name="dist.base" value="dist"/>
+ <property name="dist.base.source" value="${dist.base}/source"/>
+ <property name="dist.base.binaries" value="${dist.base}/binary"/>
+ <property name="dist.dir" value="dist"/>
+ <property name="dist.bin" value="${dist.dir}/bin"/>
+ <property name="dist.lib" value="${dist.dir}/lib"/>
+ <property name="dist.docs" value="${dist.dir}/docs"/>
+ <property name="dist.etc" value="${dist.dir}/etc"/>
+ <property name="src.dist.name" value="${product.name}-${version}"/>
+ <property name="src.dist.dir" value="dist-src"/>
+ <property name="src.dist.src" value="${src.dist.dir}/src"/>
+ <property name="src.dist.docs" value="${src.dist.dir}/docs"/>
+ <property name="src.dist.lib" value="${src.dist.dir}/lib"/>
+
+
+ <!-- Set up properties for log messages -->
+ <property name="begin.clean.log.message"
+ value="Removing '${product.name}' component directories ..."/>
+ <property name="empty.clean.log.message"
+ value="Nothing to do!"/>
+ <property name="end.clean.log.message"
+ value="Completed removing '${product.name}' component directories."/>
+ <property name="begin.download.log.message"
+ value="Downloading '${product.name}' dependent components ..."/>
+ <property name="empty.download.log.message"
+ value="Nothing to do!"/>
+ <property name="end.download.log.message"
+ value="Completed downloading '${product.name}' dependent components."/>
+ <property name="begin.compile.java.log.message"
+ value="Compiling '${product.name}' java code from '${src.dir}' into '${build.classes}' ..."/>
+ <property name="empty.compile.java.log.message"
+ value="Nothing to do!"/>
+ <property name="end.compile.java.log.message"
+ value="Completed compiling '${product.name}' java code from '${src.dir}' into '${build.classes}'."/>
+ <property name="begin.build.jars.log.message"
+ value="Generating '${product.name}' jar files ..."/>
+ <property name="empty.build.jars.log.message"
+ value="Nothing to do!"/>
+ <property name="end.build.jars.log.message"
+ value="Completed generating '${product.name}' jar files."/>
+ <property name="begin.build.jni.headers.log.message"
+ value="Generating '${product.name}' java header files ..."/>
+ <property name="empty.build.jni.headers.log.message"
+ value="Nothing to do!"/>
+ <property name="end.build.jni.headers.log.message"
+ value="Completed generating '${product.name}' java header files."/>
+ <property name="notify.build.log.message"
+ value="Built classes, jars, and jni headers for the '${product.name}' component."/>
+ <property name="begin.compile.junit.tests.log.message"
+ value="Compiling '${product.name}' junit tests from '${test.dir}' into '${build.tests}' ..."/>
+ <property name="empty.compile.junit.tests.log.message"
+ value="Nothing to do!"/>
+ <property name="end.compile.junit.tests.log.message"
+ value="Completed compiling '${product.name}' junit tests from '${test.dir}' into '${build.tests}'."/>
+ <property name="begin.run.junit.tests.log.message"
+ value="Executing '${product.name}' tests ..."/>
+ <property name="empty.run.junit.tests.log.message"
+ value="Nothing to do!"/>
+ <property name="end.run.junit.tests.log.message"
+ value="Completed executing '${product.name}' tests."/>
+ <property name="notify.verify.log.message"
+ value="Verified the '${product.name}' component."/>
+ <property name="begin.clean.javadocs.log.message"
+ value="Removing '${product.name}' javadocs directory ..."/>
+ <property name="empty.clean.javadocs.log.message"
+ value="Nothing to do!"/>
+ <property name="end.clean.javadocs.log.message"
+ value="Completed removing '${product.name}' javadocs directory."/>
+ <property name="begin.compose.javadocs.log.message"
+ value="Composing '${product.name}' javadocs ..."/>
+ <property name="empty.compose.javadocs.log.message"
+ value="Nothing to do!"/>
+ <property name="end.compose.javadocs.log.message"
+ value="Completed composing '${product.name}' javadocs."/>
+ <property name="notify.document.log.message"
+ value="Documented '${product.name}' javadocs."/>
+ <property name="begin.distribute.binaries.log.message"
+ value="Creating '${product.name}' binary distributions ..."/>
+ <property name="begin.binary.wrappers.log.message"
+ value=" Creating '${product.name}' binary wrappers ..."/>
+ <property name="empty.binary.wrappers.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.binary.wrappers.log.message"
+ value=" Completed creating '${product.name}' binary wrappers."/>
+ <property name="begin.binary.zip.log.message"
+ value=" Creating '${product.name}' binary zip files ..."/>
+ <property name="empty.binary.zip.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.binary.zip.log.message"
+ value=" Completed creating '${product.name}' binary zip files."/>
+ <property name="begin.binary.tar.log.message"
+ value=" Creating '${product.name}' binary tar files ..."/>
+ <property name="empty.binary.tar.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.binary.tar.log.message"
+ value=" Completed creating '${product.name}' binary tar files."/>
+ <property name="begin.binary.gtar.log.message"
+ value=" Creating '${product.name}' binary gzip files ..."/>
+ <property name="empty.binary.gtar.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.binary.gtar.log.message"
+ value=" Completed creating '${product.name}' binary gzip files."/>
+ <property name="end.distribute.binaries.log.message"
+ value="Completed creating '${product.name}' binary distributions."/>
+ <property name="begin.distribute.source.log.message"
+ value="Creating '${product.name}' source distributions ..."/>
+ <property name="begin.source.zip.log.message"
+ value=" Creating '${product.name}' source zip files ..."/>
+ <property name="empty.source.zip.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.source.zip.log.message"
+ value=" Completed creating '${product.name}' source zip files."/>
+ <property name="begin.source.tar.log.message"
+ value=" Creating '${product.name}' source tar files ..."/>
+ <property name="empty.source.tar.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.source.tar.log.message"
+ value=" Completed creating '${product.name}' source tar files."/>
+ <property name="begin.source.gtar.log.message"
+ value=" Creating '${product.name}' source gzip files ..."/>
+ <property name="empty.source.gtar.log.message"
+ value=" Nothing to do!"/>
+ <property name="end.source.gtar.log.message"
+ value=" Completed creating '${product.name}' source gzip files."/>
+ <property name="end.distribute.source.log.message"
+ value="Completed creating '${product.name}' source distributions."/>
+ <property name="notify.distribute.log.message"
+ value="Distributed '${product.name}' distribution packages."/>
+ <property name="notify.main.log.message"
+ value="Built, verified, documented, and distributed a fresh '${product.name}' component."/>
+
+</project>
+
diff --git a/pki/base/setup/config/release.xml b/pki/base/setup/config/release.xml
new file mode 100644
index 000000000..fc43aaeb7
--- /dev/null
+++ b/pki/base/setup/config/release.xml
@@ -0,0 +1,86 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 of the License.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+ Copyright (C) 2007 Red Hat, Inc.
+ All rights reserved.
+ ### END COPYRIGHT BLOCK ### -->
+<project name="release.xml" default="main" basedir="${basedir}">
+
+ <echo message="Importing shared properties ..."/>
+ <import file="product.xml"/>
+ <import file="product-ext.xml" optional="true"/>
+ <import file="release-ext.xml" optional="true"/>
+ <echo message="Completed importing shared properties."/>
+
+
+ <target name="local"
+ depends=""
+ description="--> Generate this target locally">
+ <echo message="Generating the '${product.name}' target locally ..."/>
+ <exec executable="ant" dir="${release.root}">
+ <arg value="-Dspecfile=${product.name}.spec"/>
+ <arg value="-Ddirsec=${dirsec}"/>
+ <arg value="${target}"/>
+ </exec>
+ <echo message="Completed generating the '${product.name}' target locally."/>
+ </target>
+
+
+ <target name="main"
+ depends=""
+ description="--> Generate component RPMS and SRPMS">
+ <echo message="Generating '${product.name}' RPMS and SRPMS ..."/>
+
+ <exec executable="pwd"
+ failonerror="true"
+ outputproperty="top.dir"/>
+ <echo message="Established the '${top.dir}' top-level directory."/>
+
+ <echo message="Creating the '${product.name}' source distribution ..."/>
+ <exec executable="ant"
+ dir="${release.root}">
+ <arg value="-Dspecfile=${product.name}.spec"/>
+ <arg value="-Ddirsec=${dirsec}"/>
+ <arg value="distribute_source"/>
+ </exec>
+ <echo message="Completed creating the '${product.name}' source distribution."/>
+
+ <echo message="Creating '${product.name}' RPM directories ..."/>
+ <mkdir dir="${release.root}/dist/rpmpkg"/>
+ <mkdir dir="${release.root}/dist/rpmpkg/SOURCES"/>
+ <mkdir dir="${release.root}/dist/rpmpkg/RPMS"/>
+ <mkdir dir="${release.root}/dist/rpmpkg/SRPMS"/>
+ <mkdir dir="${release.root}/dist/rpmpkg/SPECS"/>
+ <mkdir dir="${release.root}/dist/rpmpkg/BUILD"/>
+ <echo message="Completed creating '${product.name}' RPM directories."/>
+
+ <echo message="Building '${product.name}' RPMS and SRPMS ..."/>
+ <exec executable="rpmbuild"
+ dir="${release.root}">
+ <arg value="--define"/>
+ <arg value="_topdir ${top.dir}/${release.root}/dist/rpmpkg"/>
+ <arg value="-ta"/>
+ <arg value="${top.dir}/${release.root}/dist/source/${product.name}-${version}.tar.gz"/>
+ </exec>
+ <echo message="Completed building '${product.name}' RPMS and SRPMS."/>
+
+ <echo message="Removing various '${product.name}' RPM directories and files ..."/>
+ <delete dir="${release.root}/dist/rpmpkg/BUILD"/>
+ <echo message="Completed removing various '${product.name}' RPM directories and files."/>
+
+ <echo message="Completed generating '${product.name}' RPMS and SRPMS."/>
+ </target>
+
+</project>
+
diff --git a/pki/base/setup/pkicommon b/pki/base/setup/pkicommon
new file mode 100755
index 000000000..e5913c12b
--- /dev/null
+++ b/pki/base/setup/pkicommon
@@ -0,0 +1,2150 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+##############################################################
+# This file contains shared data and subroutines for
+# the "pkicreate" and "pkiremove" Perl scripts.
+##############################################################
+
+
+##############################################################
+# Perl Version
+##############################################################
+
+my $MINIMUM_PERL_VERSION = "5.006001";
+
+my $perl_version_error_message = "ERROR: Using Perl version $] ...\n"
+ . " Must use Perl version "
+ . "$MINIMUM_PERL_VERSION or later to "
+ . "run this script!\n";
+
+die "$perl_version_error_message" if $] < $MINIMUM_PERL_VERSION;
+
+
+##############################################################
+# Execution Check
+##############################################################
+
+# Check to insure that this script's original
+# invocation directory has not been deleted!
+my $cwd = `/bin/pwd`;
+chomp $cwd;
+if( "$cwd" eq "" ) {
+ print( STDERR "Cannot invoke '$0' from non-existent directory!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+
+##############################################################
+# Environment Variables
+##############################################################
+
+# untaint called subroutines
+if( ( $^O ne 'Windows_NT' ) && ( $^O ne 'MSWin32' ) ) {
+ $> = $<; # set effective user ID to real UID
+ $) = $(; # set effective group ID to real GID
+ $ENV{ 'PATH' } = '/bin:/usr/bin';
+ $ENV{ 'ENV' } = '' if $ENV{ 'ENV' } ne '';
+}
+
+
+##############################################################
+# Perl Modules
+##############################################################
+
+# "File/Copy.pm", "FileHandle.pm", "Getopt/Long.pm",
+# "Socket.pm", and "Sys/Long.pm" are all part of the
+# standard Perl library and should therefore always be
+# available
+use File::Copy;
+use FileHandle;
+use Getopt::Long;
+use Socket;
+use Sys::Hostname;
+
+
+##############################################################
+# Shared Default Values
+##############################################################
+
+$default_hardware_platform = "";
+$default_system_binaries = "";
+$default_system_libraries = "";
+$default_system_user_binaries = "";
+$default_system_user_libraries = "";
+$default_system_jni_java_path = "";
+$default_security_libraries = "";
+$default_certutil_command = "";
+$default_ldapmodify_command = "";
+$default_modutil_command = "";
+
+# Compute "hardware platform" of Operating System
+$default_hardware_platform = `pkiarch`;
+$default_hardware_platform =~ s/\s+$//g;
+chomp( $default_hardware_platform );
+if( $^O eq "linux" ) {
+ if( $default_hardware_platform eq "i386" ) {
+ # 32-bit Linux
+ $default_system_binaries = "/bin";
+ $default_system_libraries = "/lib";
+ $default_system_user_binaries = "/usr/bin";
+ $default_system_user_libraries = "/usr/lib";
+ $default_system_jni_java_path = "/usr/lib/java";
+ } elsif( $default_hardware_platform eq "x86_64" ) {
+ # 64-bit Linux
+ $default_system_binaries = "/bin";
+ $default_system_libraries = "/lib64";
+ $default_system_user_binaries = "/usr/bin";
+ $default_system_user_libraries = "/usr/lib64";
+ $default_system_jni_java_path = "/usr/lib/java";
+ } else {
+ print( STDERR
+ "ERROR: Unsupported '$^O' hardware platform "
+ . "'$default_hardware_platform'!\n" );
+ print( "\n" );
+ exit 255;
+ }
+} elsif( $^O eq "solaris" ) {
+ if( $default_hardware_platform eq "sparc" ) {
+ # 32-bit Solaris
+ $default_system_binaries = "/bin";
+ $default_system_libraries = "/lib";
+ $default_system_user_binaries = "/usr/bin";
+ $default_system_user_libraries = "/usr/lib";
+ $default_system_jni_java_path = "/usr/lib/java";
+ } elsif( $default_hardware_platform eq "sparcv9" ) {
+ # 64-bit Solaris
+ $default_system_binaries = "/bin";
+ $default_system_libraries = "/lib/sparcv9";
+ $default_system_user_binaries = "/usr/bin";
+ $default_system_user_libraries = "/usr/lib/sparcv9";
+ $default_system_jni_java_path = "/usr/lib/java";
+ } else {
+ print( STDERR
+ "ERROR: Unsupported '$^O' hardware platform "
+ . "'$default_hardware_platform'!\n" );
+ print( "\n" );
+ exit 255;
+ }
+} else {
+ print( STDERR
+ "ERROR: Unsupported platform '$^O'!\n" );
+ print( "\n" );
+ exit 255;
+}
+
+
+$default_security_libraries = "$default_system_user_libraries/dirsec";
+
+$default_certutil_command = "$default_system_user_binaries/certutil";
+$default_ldapmodify_command = "$default_system_user_libraries/"
+ . "mozldap/ldapmodify";
+$default_modutil_command = "$default_system_user_binaries/modutil";
+
+
+##############################################################
+# Global Constants
+##############################################################
+
+$ROOTUID = 0;
+
+$MAX_WELL_KNOWN_PORT = 511; # well-known ports = 0 through 511
+$MAX_RESERVED_PORT = 1023; # reserved ports = 512 through 1023
+$MAX_REGISTERED_PORT = 49151; # registered ports = 1024 through 49151
+$MAX_DYNAMIC_PORT = 65535; # dynamic/private ports = 49152 through 65535
+
+$FILE_PREFIX = "file://";
+$FTP_PREFIX = "ftp://";
+$HTTP_PREFIX = "http://";
+$HTTPS_PREFIX = "https://";
+$LDAP_PREFIX = "ldap://";
+$LDAPS_PREFIX = "ldaps://";
+
+
+##############################################################
+# Global Variables
+##############################################################
+
+# Platform-dependent parameters
+$lib_prefix = "";
+$obj_ext = "";
+$path_sep = "";
+$tmp_dir = "";
+
+# Retrieve hostname using Sys::Hostname
+$hostname = hostname;
+
+# "logging" parameters
+$logfile = "";
+
+# Whether or not to do verbose mode
+$verbose = 0;
+
+
+##############################################################
+# Local Variables
+##############################################################
+
+# "identity" parameters
+my $fqdn = "";
+
+# "time" parameters
+my $sec = 0;
+my $min = 0;
+my $hour = 0;
+my $mday = 0;
+my $mon = 0;
+my $year = 0;
+my $wday = 0;
+my $yday = 0;
+my $isdst = 0;
+
+# "logging" parameters
+my $logfd = new FileHandle;
+
+
+##############################################################
+# Generic "platform" Subroutines
+##############################################################
+
+# no args
+# return 1 - true, or
+# return 0 - false
+sub is_Windows()
+{
+ if( ( $^O eq "Windows_NT" ) || ( $^O eq "MSWin32" ) ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+
+# no args
+# return 1 - true, or
+# return 0 - false
+sub is_Linux()
+{
+ if( $^O eq "linux" ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+
+# no args
+# return 1 - true, or
+# return 0 - false
+sub is_Fedora()
+{
+ if( is_Linux() && (-e "/etc/fedora-release") ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+
+# no args
+# return 1 - true, or
+# return 0 - false
+sub is_RHEL() {
+ if( (! is_Fedora()) && (-e "/etc/redhat-release") ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+
+# no args
+# return 1 - true, or
+# return 0 - false
+sub is_RHEL4() {
+ if( is_RHEL() ) {
+ my $releasefd = new FileHandle;
+ if( $releasefd->open("< /etc/redhat-release")) {
+ while( defined($line = <$releasefd>) ) {
+ if($line =~ /4/) {
+ return 1;
+ }
+ }
+ }
+ }
+
+ return 0;
+}
+
+
+# no args
+# no return value
+sub setup_platform_dependent_parameters()
+{
+ # Setup path separators, et. al., based upon platform
+ if( is_Windows() ) {
+ $lib_prefix = "";
+ $obj_ext = ".dll";
+ $path_sep = ";";
+ $tmp_dir = "c:\\temp";
+ } elsif( $^O eq "hpux" ) {
+ $lib_prefix = "lib";
+ $obj_ext = ".sl";
+ $path_sep = ":";
+ $tmp_dir = "/tmp";
+ } else {
+ $lib_prefix = "lib";
+ $obj_ext = ".so";
+ $path_sep = ":";
+ $tmp_dir = "/tmp";
+ }
+
+ return;
+}
+
+
+# arg0 Library Path
+# no return value
+sub set_library_path
+{
+ my( $path ) = @_;
+
+ if( is_Windows() ) {
+ $ENV{PATH} = $path;
+ } elsif( $^O eq "hpux" ) {
+ $ENV{SHLIB_PATH} = $path;
+ } else {
+ $ENV{LD_LIBRARY_PATH} = $path;
+ }
+
+ return;
+}
+
+
+# no args
+# return Library Path Environment variable
+sub get_library_path
+{
+ if( is_Windows() ) {
+ return $ENV{PATH};
+ } elsif( $^O eq "hpux" ) {
+ return $ENV{SHLIB_PATH};
+ } else {
+ return $ENV{LD_LIBRARY_PATH};
+ }
+}
+
+
+##############################################################
+# Generic "identity" Subroutines
+##############################################################
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub check_for_root_UID()
+{
+ my $result = 0;
+
+ # On Linux/UNIX, insure that this script is being run as "root";
+ # First check the "Real" UID, and then check the "Effective" UID.
+ if( !is_Windows() ) {
+ if( ( $< != $ROOTUID ) &&
+ ( $> != $ROOTUID ) ) {
+ print( STDERR
+ "ERROR: This script must be run as root!\n" );
+ print( STDOUT "\n" );
+ $result = 0;
+ } else {
+ # Success -- running script as root
+ $result = 1;
+ }
+ } else {
+ print( STDERR
+ "ERROR: Root UID makes no sense on Windows machines!\n" );
+ print( STDOUT "\n" );
+ $result = 0;
+ }
+
+ return $result;
+}
+
+
+# arg0 username
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub user_exists
+{
+ my( $username ) = $_[0];
+
+ my $result = 0;
+
+ my $uid = getpwnam( $username );
+
+ if( $uid ne "" ) {
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+# arg0 groupname
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub group_exists
+{
+ my( $groupname ) = $_[0];
+
+ my $result = 0;
+
+ my $gid = getgrnam( $groupname );
+
+ if( $gid ne "" ) {
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+# arg0 username
+# arg1 groupname
+# return 1 - is a member, or
+# return 0 - is NOT a member
+sub user_is_a_member_of_group
+{
+ my( $username ) = $_[0];
+ my( $groupname ) = $_[1];
+
+ my $result = 0;
+
+ if( !user_exists( $username ) ) {
+ return $result;
+ }
+
+ if( !group_exists( $groupname ) ) {
+ return $result;
+ }
+
+ my( $name, $passwd, $gid, $members ) = getgrnam( $groupname );
+
+ my $groupuser = $members =~ m/$username/;
+
+ if( $groupuser >= 1 ) {
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+# arg0 username
+# return UID, or
+# return (-1) - user is not in password file
+sub get_UID_from_username
+{
+ my( $user ) = @_;
+
+ my $my_username;
+ my $my_passwd;
+ my $my_uid;
+
+ ( $my_username, $my_passwd, $my_uid ) = getpwnam( $user );
+
+ if( $my_username ne "" ) {
+ # return UID (0 implies root user)
+ return $my_uid;
+ } else {
+ # username '$user' is NOT in the password file
+ return ( -1 );
+ }
+}
+
+
+# arg0 hostname, or
+# arg0 IP address
+# return fully-qualified domain name (FQDN)
+sub get_FQDN
+{
+ if( $_[0] !~ /^(\d+)\.(\d+)\.(\d+)\.(\d+)$/ ) {
+ # Retrieve FQDN via a "mnemonic" hostname
+ ( $fqdn ) = gethostbyname( $_[0] );
+ } else {
+ # Retrieve FQDN via a "4-tuple" IP address
+ $fqdn = gethostbyaddr( pack( 'C4', $1, $2, $3, $4 ), 2 );
+ }
+
+ return( $fqdn );
+}
+
+
+##############################################################
+# Generic "availability" Subroutines
+##############################################################
+
+# arg0 URL prefix
+# return 1 - URL prefix is known (success)
+# return 0 - URL prefix is unknown (failure)
+sub check_for_valid_url_prefix
+{
+ my( $url_prefix ) = @_;
+
+ if( ( "$url_prefix" eq $FILE_PREFIX ) ||
+ ( "$url_prefix" eq $FTP_PREFIX ) ||
+ ( "$url_prefix" eq $HTTP_PREFIX ) ||
+ ( "$url_prefix" eq $HTTPS_PREFIX ) ||
+ ( "$url_prefix" eq $LDAP_PREFIX ) ||
+ ( "$url_prefix" eq $LDAPS_PREFIX ) ) {
+ return 1;
+ }
+
+ return 0;
+}
+
+
+# arg0 username
+# arg1 port
+# return 1 - port is available (success)
+# return 0 - port is unavailable; report an error (failure)
+sub IsLocalPortAvailable
+{
+ # parse parameters
+ my ( $user, $port ) = @_;
+
+ # On Linux/UNIX, check well-known/reserved ports
+ if( !is_Windows() ) {
+ my $uid = -1;
+
+ # retrieve the UID given the username
+ $uid = get_UID_from_username( $user );
+ if( $uid == -1 ) {
+ print( "\n" );
+ print( STDERR
+ "User '$user' is NOT in the password file!\n" );
+ print( "\n" );
+ return 0;
+ }
+
+ # insure that well-known ports cannot be used by a non-root user
+ if( ( $port <= $MAX_WELL_KNOWN_PORT ) && ( $uid != $ROOTUID ) ) {
+ print( "\n" );
+ print( STDERR
+ "ERROR: User '$user' is not allowed to bind to well-known "
+ . "port $port!\n" );
+ print( "\n" );
+ return 0;
+ }
+
+ # insure that reserved ports cannot be used by a non-root user
+ if( ( $port <= $MAX_RESERVED_PORT ) && ( $uid != $ROOTUID ) ) {
+ print( "\n" );
+ print( STDERR
+ "ERROR: User '$user' is not allowed to bind to reserved "
+ . "port $port!\n" );
+ print( "\n" );
+ return 0;
+ }
+
+ # insure that the user has not specified a port greater than
+ # the number of dynamic/private ports
+ if( $port > $MAX_DYNAMIC_PORT ) {
+ print( "\n" );
+ print( STDERR
+ "ERROR: User '$user' is not allowed to bind to a "
+ . "port greater than $MAX_DYNAMIC_PORT!\n" );
+ print( "\n" );
+ return 0;
+ }
+
+ # if the user has specified a port greater than the number
+ # of registered ports, issue a warning and continue
+ if( $port > $MAX_REGISTERED_PORT ) {
+ print( "\n" );
+ print( STDERR
+ "WARNING: User '$user' is binding to port $port; use of "
+ . "a dynamic/private port is discouraged!\n" );
+ print( "\n" );
+ }
+ }
+
+ # initialize local variables
+ my $rv = 0;
+ my $status = "AVAILABLE";
+
+ # make a local TCP server socket
+ my $proto = getprotobyname( 'tcp' );
+ socket( SERVER, PF_INET, SOCK_STREAM, $proto );
+
+ # create a local server socket address
+ my $server_address = sockaddr_in( $port, INADDR_ANY );
+
+ # attempt to bind this local server socket
+ # to this local server socket address
+ bind( SERVER, $server_address ) or $status = $!;
+
+ # identify the status of this attempt to bind
+ if( $status eq "AVAILABLE" ) {
+ # this port is inactive
+ $rv = 1;
+ } elsif( $status eq "Address already in use" ) {
+ print( "\n" );
+ print( STDERR
+ "ERROR: Unable to bind to local port $port : $status\n" );
+ print( "\n" );
+ $rv = 0;
+ } else {
+ print( "\n" );
+ print( STDERR
+ "ERROR: Unable to bind to local port $port : $status\n" );
+ print( "\n" );
+ $rv = 0;
+ }
+
+ # close local server socket
+ close( SERVER );
+
+ # return result
+ return $rv;
+}
+
+
+# arg0 HTTP or LDAP prefix
+# arg1 host
+# arg2 port
+# return 2 - warn that server is unreachable (continue)
+# return 1 - server is reachable (success)
+# return 0 - server is unreachable; report an error (failure)
+sub IsServerReachable
+{
+ # parse parameters
+ my( $prefix, $host, $port ) = @_;
+
+ # check the validity of the prefix
+ my $result = 0;
+
+ $result = check_for_valid_url_prefix( $prefix );
+ if( !$result ) {
+ print( "\n" );
+ print( STDERR
+ "ERROR: Specified unknown url prefix\n"
+ . " '$prefix'!\n" );
+ print( "\n" );
+ return $result;
+ }
+
+ # create a URL from the passed-in parameters
+ my $url = $prefix . "$host" . ":" . "$port";
+
+ # initialize the state of the Server referred to by this URL
+ my $rv = 0;
+ my $status = "ACTIVE";
+
+ # retrieve the remote host IP address
+ my $iaddr = inet_aton( $host ) or $status = $!;
+ if( $status ne "ACTIVE" ) {
+ print( "\n" );
+ print( STDERR
+ "ERROR: Unable to contact the Server at\n"
+ . " '$url' :\n"
+ . " $status\n" );
+ print( "\n" );
+ return $rv;
+ }
+
+ # create a remote server socket address
+ my $server_address = sockaddr_in( $port, $iaddr );
+
+ # make a local TCP client socket
+ my $proto = getprotobyname( 'tcp' );
+ socket( CLIENT, PF_INET, SOCK_STREAM, $proto );
+
+ # attempt to connect this local client socket
+ # to the remote server socket address
+ connect( CLIENT, $server_address ) or $status = $!;
+
+ # identify the status of this connection
+ if( $status eq "ACTIVE" ) {
+ # this '$host:$port' is reachable
+ $rv = 1;
+ } else {
+ print( "\n" );
+ print( STDERR
+ "WARNING: Unable to contact the Server at\n"
+ . " '$url' :\n"
+ . " $status\n" );
+ print( "\n" );
+ }
+
+ # close local client socket
+ close( CLIENT );
+
+ # return result
+ return $rv;
+}
+
+
+##############################################################
+# Generic "time" Subroutines
+##############################################################
+
+# no args
+# return time stamp
+sub get_time_stamp()
+{
+ my $stamp = sprintf "%4d-%02d-%02d %02d:%02d:%02d",
+ $year+1900, $mon+1, $mday, $hour, $min, $sec;
+
+ return $stamp;
+}
+
+
+##############################################################
+# Generic "random" Subroutines
+##############################################################
+
+# arg0 low watermark value
+# arg1 high watermark value
+# return random number
+sub generate_random
+{
+ my $low = $_[0];
+ my $high = $_[1];
+
+ my $number = 0;
+
+ if( $low >= $high || $low < 0 || $high < 0 ) {
+ return -1;
+ }
+
+ $number = int( rand( $high -$low +1 ) ) + $low;
+
+ return $number;
+}
+
+
+# arg0 length of string
+# return random string
+sub generate_random_string()
+{
+ my $length_of_randomstring=shift; # the length of the string
+
+ my @chars=( 'a'..'z','A'..'Z','0'..'9' );
+ my $random_string;
+
+ foreach( 1..$length_of_randomstring ) {
+ $random_string .= $chars[rand @chars];
+ }
+
+ return $random_string;
+}
+
+
+##############################################################
+# Generic "password" Subroutines
+##############################################################
+
+# arg0 password
+# return 1 - success
+# return 0 - failure; report an error
+sub password_quality_checker
+{
+ my( $password ) = @_;
+
+ # Test #1: $password MUST be > 8 characters
+ if( length( $password ) < 8 ) {
+ print( "\n" );
+ print( "Password entered is less than 8 characters. Try again.\n" );
+ return 0;
+ }
+
+
+ # Test #2: $password MUST contain at least one non-alphabetic character
+ my @alphabet = ( "A", "B", "C", "D", "E", "F", "G", "H", "I", "J",
+ "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T",
+ "U", "V", "W", "X", "Y", "Z", "a", "b", "c", "d",
+ "e", "f", "g", "h", "i", "j", "k", "l", "m", "n",
+ "o", "p", "q", "r", "s", "t", "u", "v", "w", "x",
+ "y", "z" );
+
+ my $non_alphabetic_characters = 0;
+ for( $i = 0; $i < length( $password ); $i++ ) {
+ # always reset character type
+ my $found_alphabetic_character = 0;
+
+ # extract the next character from the $password
+ my $character = substr( $password, $i, 1 );
+
+ # check to see if this character is "alphabetic"
+ for $letter (@alphabet) {
+ if( $character eq $letter ) {
+ $found_alphabetic_character = 1;
+ last;
+ }
+ }
+
+ # keep a count of "non-alphabetic" characters
+ if( $found_alphabetic_character == 0 ) {
+ $non_alphabetic_characters++;
+ }
+ }
+
+ # pass Test #2 if the $password contains any "non-alphabetic" characters
+ if( $non_alphabetic_characters > 0 ) {
+ return 1;
+ } else {
+ print( "\n" );
+ print( "Password entered contains 0 non-alphabetic characters. "
+ . "Try again.\n" );
+ return 0;
+ }
+}
+
+
+##############################################################
+# Generic "LDAP" Subroutines
+##############################################################
+
+# arg0 tokendb hostname - LDAP server name or IP address (default: localhost)
+# arg1 tokendb port - LDAP server TCP port number (default: 389)
+# arg2 tokendb password - bind passwd (for simple authentication)
+# arg3 tokendb file - read modifications from file (default: standard input)
+# no return value
+sub LDAP_add
+{
+ my( $tokendb_hostname, $tokendb_port, $tokendb_password, $file ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ $command = "$default_ldapmodify_command "
+ . "-h '$tokendb_hostname' "
+ . "-p '$tokendb_port' "
+ . "-D 'cn=directory manager' "
+ . "-w '$tokendb_password' "
+ . "-a "
+ . "-f '$file'";
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 tokendb hostname - LDAP server name or IP address (default: localhost)
+# arg1 tokendb port - LDAP server TCP port number (default: 389)
+# arg2 tokendb password - bind passwd (for simple authentication)
+# arg3 tokendb file - read modifications from file (default: standard input)
+# no return value
+sub LDAP_modify
+{
+ my( $tokendb_hostname, $tokendb_port, $tokendb_password, $file ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ $command = "$default_ldapmodify_command "
+ . "-h '$tokendb_hostname' "
+ . "-p '$tokendb_port' "
+ . "-D 'cn=directory manager' "
+ . "-w '$tokendb_password' "
+ . "-f '$file'";
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+##############################################################
+# Generic "Security Databases" Subroutines
+##############################################################
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 password file - Specify the password file
+# no return value
+sub certutil_create_databases
+{
+ my( $instance_path, $pwdfile ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ if( "$pwdfile" eq "" ) {
+ $command = "$default_certutil_command "
+ . "-N "
+ . "-d $instance_path";
+ } else {
+ $command = "$default_certutil_command "
+ . "-N "
+ . "-d $instance_path "
+ . "-f $pwdfile";
+ }
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Name of token in which to look for cert (default is internal,
+# use "all" to look for cert on all tokens)
+# arg2 nickname - The nickname of the cert to delete
+# no return value
+sub certutil_delete_cert
+{
+ my( $instance_path, $token, $nickname ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ $command = "$default_certutil_command "
+ . "-D "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-n '$nickname'";
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Name of token in which to generate key (default is internal)
+# arg2 subject - Specify the subject name (using RFC1485)
+# arg3 password file - Specify the password file
+# no return value
+sub certutil_generate_CSR
+{
+ my( $instance_path, $token, $subject, $pwdfile ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ if( "$pwdfile" eq "" ) {
+ $command = "$default_certutil_command "
+ . "-R "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-s '$subject' "
+ . "-a";
+ } else {
+ $command = "$default_certutil_command "
+ . "-R "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-s '$subject' "
+ . "-a "
+ . "-f $pwdfile";
+ }
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Name of token in which to store the certificate
+# (default is internal)
+# arg2 serial number - Cert serial number
+# arg3 validity period - Months valid (default is 3)
+# arg4 subject - Specify the subject name (using RFC1485)
+# arg5 issuer name - The nickname of the issuer cert
+# arg6 nickname - Specify the nickname of the server certificate
+# arg7 trust args - Set the certificate trust attributes:
+# p valid peer
+# P trusted peer (implies p)
+# c valid CA
+# T trusted CA to issue client certs (implies c)
+# C trusted CA to issue server certs (implies c)
+# u user cert
+# w send warning
+# g make step-up cert
+# arg8 noise file - Specify the noise file to be used
+# (to introduce randomness during key generation)
+# arg9 password file - Specify the password file
+# no return value
+sub certutil_generate_self_signed_cert
+{
+ my( $instance_path, $token, $serial_number, $validity_period,
+ $subject, $issuer_name, $nickname, $trustargs, $noise_file,
+ $pwdfile ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ if( "$pwdfile" eq "" ) {
+ $command = "$default_certutil_command "
+ . "-S "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-m $serial_number "
+ . "-v $validity_period "
+ . "-x "
+ . "-s '$subject' "
+ . "-c '$issuer_name' "
+ . "-n '$nickname' "
+ . "-t '$trustargs' "
+ . "-z $noise_file "
+ . "> /dev/null "
+ . "2>&1";
+ } else {
+ $command = "$default_certutil_command "
+ . "-S "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-f $pwdfile "
+ . "-m $serial_number "
+ . "-v $validity_period "
+ . "-x "
+ . "-s '$subject' "
+ . "-c '$issuer_name' "
+ . "-n '$nickname' "
+ . "-t '$trustargs' "
+ . "-z $noise_file "
+ . "> /dev/null "
+ . "2>&1";
+ }
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Name of token in which to store the certificate
+# (default is internal)
+# arg2 nickname - Specify the nickname of the server certificate
+# arg3 trust args - Set the certificate trust attributes:
+# p valid peer
+# P trusted peer (implies p)
+# c valid CA
+# T trusted CA to issue client certs (implies c)
+# C trusted CA to issue server certs (implies c)
+# u user cert
+# w send warning
+# g make step-up cert
+# (e. g. - Server Cert 'u,u,u', CA Cert 'CT,CT,CT')
+# arg4 cert - The certificate encoded in ASCII (RFC1113)
+# no return value
+sub certutil_import_cert
+{
+ my( $instance_path, $token, $nickname, $trustargs, $cert ) = @_;
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ open( F,
+ "|$default_certutil_command "
+ . "-A "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-n '$nickname' "
+ . "-t '$trustargs' "
+ . "-a" );
+ print( F $cert );
+ close( F );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Name of token in which to look for cert (default is internal,
+# use "all" to look for cert on all tokens)
+# arg2 nickname - Pretty print named cert (list all if unspecified)
+# no return value
+sub certutil_print_cert
+{
+ my( $instance_path, $token, $nickname ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ if( $token ne "" ) {
+ # Raidzilla Bug #57616 - certutil is not being consistent, nickname
+ # requires token name for no reason.
+ $command = "$default_certutil_command "
+ . "-L "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-n '$token:$nickname'";
+ } else {
+ $command = "$default_certutil_command "
+ . "-L "
+ . "-d $instance_path "
+ . "-h '$token' "
+ . "-n '$nickname'";
+ }
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# no return value
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Name of token in which to look for certs (default is internal,
+# use "all" to list certs on all tokens)
+sub certutil_list_certs
+{
+ my( $instance_path, $token ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ $command = "$default_certutil_command "
+ . "-L "
+ . "-d $instance_path "
+ . "-h '$token'";
+
+ system( "$command" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+# arg0 instance path - Security databases directory (default is ~/.netscape)
+# arg1 token - Add the named token to the module database
+# arg2 library - The name of the file (.so or .dll) containing the
+# implementation of PKCS #11
+# no return value
+sub modutil_add_token
+{
+ my( $instance_path, $token, $library ) = @_;
+
+ my $command = "";
+
+ my $original_library_path = get_library_path();
+
+ set_library_path( $default_security_libraries . $path_sep
+ . $default_system_user_libraries . $path_sep
+ . $default_system_libraries . $path_sep
+ . $original_library_path );
+
+ $command = "$default_modutil_command "
+ . "-force "
+ . "-dbdir $instance_path "
+ . "-add $token "
+ . "-libfile $library "
+ . "-nocertdb";
+
+ system( "$command > /dev/null 2>&1" );
+
+ set_library_path( $original_library_path );
+
+ return;
+}
+
+
+##############################################################
+# Generic "logging" Subroutines
+##############################################################
+
+# arg0 logfile name
+# no return value
+sub open_logfile
+{
+ my $logfile_name = $_[0];
+
+ $logfd->open( ">$logfile_name" ) or
+ die "Could not open $logfile_name\n";
+
+ return;
+}
+
+
+# arg0 logfile name
+# arg1 message
+# no return value
+sub print_to_logfile
+{
+ my $logfile_name = $_[0];
+ my $message = $_[1];
+
+ if( "$logfile_name" ne "" ) {
+ $logfd->print( "$message" );
+ }
+
+ return;
+}
+
+
+# arg0 logfile name
+# no return value
+sub close_logfile
+{
+ my $logfile_name = $_[0];
+
+ if( "$logfile_name" ne "" ) {
+ $logfd->close();
+ }
+
+ return;
+}
+
+
+##############################################################
+# Generic "response" Subroutines
+##############################################################
+
+# arg0 question
+# return answer
+sub prompt
+{
+ my $promptStr = $_[0];
+
+ my $answer = "";
+
+ print( STDOUT "$promptStr " );
+
+ $| = 1;
+ $answer = <STDIN>;
+
+ chomp $answer;
+
+ print( STDOUT "\n" );
+
+ return $answer;
+}
+
+
+##############################################################
+# Generic "reply" Subroutines
+##############################################################
+
+# arg0 file handle
+# no return value
+sub printFile
+{
+ my $fileHandle = $_[0];
+
+ while( <$fileHandle> ) {
+ my $line = $_;
+ chomp( $line );
+ print( STDOUT "$line\n" );
+ }
+
+ return;
+}
+
+
+# arg0 message
+# arg1 message type
+# no return value
+sub emit
+{
+ my $string = $_[0];
+ my $type = $_[1];
+
+ my $force_emit = 0;
+ my $log_entry = "";
+
+ if( $type eq "error" || $type eq "info" ) {
+ $force_emit = 1;
+ }
+
+ if( $type eq "" ) {
+ $type = "debug";
+ }
+
+ if( $string eq "" ) {
+ return;
+ }
+
+ ( $sec, $min, $hour, $mday,
+ $mon, $year, $wday, $yday, $isdst ) = localtime( time );
+
+ my $stamp = get_time_stamp();
+
+ if( $verbose || $force_emit ) {
+ # print to stdout
+ if( $type ne "log" ) {
+ print( STDOUT "[$stamp] [$type] $string" );
+ }
+ }
+
+ # If a log file exists, write all types
+ # ( "debug", "error", "info", or "log" )
+ # to this specified log file
+ $log_entry = "[$stamp] [$type] $string";
+ print_to_logfile( "$logfile", "$log_entry" );
+
+ return;
+}
+
+
+##############################################################
+# Generic "validity" Subroutines
+##############################################################
+
+# arg0 path
+# return 1 - valid, or
+# return 0 - invalid
+sub is_path_valid
+{
+ my $path = $_[0];
+
+ my @pathname = split( "/", $path );
+
+ shift @pathname unless $pathname[0];
+
+ my $valid = 0;
+ my $split_path;
+
+ foreach $split_path ( @pathname ) {
+ chomp( $split_path );
+
+ if( !( $split_path !~ /^[-_.a-zA-Z0-9\[\]]+$/ ) ) {
+ $valid = 1;
+ } else {
+ $valid = 0;
+ last;
+ }
+ }
+
+ return $valid;
+}
+
+
+# arg0 name
+# return 1 - valid, or
+# return 0 - invalid
+sub is_name_valid
+{
+ my $name = $_[0];
+
+ my $result = 0;
+
+ if( !( $name !~ /^[-_.a-zA-Z0-9]+$/ ) ) {
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+##############################################################
+# Generic "entity" Subroutines
+##############################################################
+
+# arg0 entity
+# return type of entity
+sub entity_type
+{
+ my( $entity ) = $_[0];
+
+ if( -b $entity ) {
+ return "block special file";
+ } elsif( -c $entity ) {
+ return "character special file";
+ } elsif( -d $entity ) {
+ return "directory";
+ } elsif( -f $entity ) {
+ if( -B $entity ) {
+ return "binary file";
+ } elsif( -T $entity ) {
+ return "text file";
+ } else {
+ return "plain file";
+ }
+ } elsif( -l $entity ) {
+ return "symbolic link";
+ } elsif( -p $entity ) {
+ return "named pipe";
+ } elsif( -S $entity ) {
+ return "socket";
+ }
+
+ return "UNKNOWN";
+}
+
+
+# arg0 entity
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub entity_exists
+{
+ my( $entity ) = $_[0];
+
+ my $result = 0;
+
+ if( -e $entity ) {
+ my $type = entity_type( $entity );
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+##############################################################
+# Generic "file" Subroutines
+##############################################################
+
+# arg0 file candidate
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub file_exists
+{
+ my( $file ) = $_[0];
+
+ my $result = 0;
+
+ if( -f $file ) {
+ $result = 1;
+ } elsif( -e $file ) {
+ my $type = entity_type( $file );
+ emit( "File $file DOES NOT exist because $file is a $type!\n",
+ "error" );
+ $result = 0;
+ }
+
+
+ return $result;
+}
+
+
+# arg0 file
+# return 1 - empty, or
+# return 0 - NOT empty
+sub is_file_empty
+{
+ my( $file ) = $_[0];
+
+ my $result = 0;
+
+ if( -z $file ) {
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+# arg0 file
+# no return value
+sub create_empty_file
+{
+ my( $file ) = @_;
+
+ if( is_Windows() ) {
+ open( FILE, "> $file" );
+ close( FILE );
+ } else {
+ my $rv = 0;
+
+ $rv = `touch $file`;
+ if( !$rv ) {
+ emit( "create_empty_file(): unable to create empty file called "
+ . "$file.\n",
+ "error" );
+ }
+ }
+
+ return;
+}
+
+
+# arg0 file
+# arg1 message
+# no return value
+sub create_file
+{
+ my( $file, $message ) = @_;
+
+ $command = "";
+
+ if( is_Windows() ) {
+ if( "$message" eq "" ) {
+ open( FILE, "> $file" );
+ close( FILE );
+ } else {
+ open( FILE, "> $file" );
+ print( FILE "$message" );
+ close( FILE );
+ }
+ } else {
+ my $rv = 0;
+
+ if( "$message" eq "" ) {
+ $rv = `touch $file`;
+ if( !$rv ) {
+ emit( "create_file(): unable to create empty file called "
+ . "$file.\n",
+ "error" );
+ }
+ } else {
+ $command = "echo '$message' > $file";
+
+ system( "$command" );
+ }
+ }
+
+ return;
+}
+
+
+# arg0 file
+# arg1 destination path
+# return 1 - successfully moved file, or
+# return 0 - failed moving file
+sub move_file
+{
+ my( $file ) = $_[0];
+ my( $dest ) = $_[1];
+
+ my $result = 0;
+
+ if( !is_path_valid( $file ) ) {
+ emit( "move_file(): illegal source path => $file.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !is_path_valid( $dest ) ) {
+ emit( "move_file(): illegal destination path => $dest.\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `mv $file $dest`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "move_file(): failed moving file $file to $dest.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 source path
+# arg1 destination path
+# return 1 - successfully copied file, or
+# return 0 - failed copying file
+sub copy_file
+{
+ my $source_path = $_[0];
+ my $dest_path = $_[1];
+
+ my $result = 0;
+
+ if( !is_path_valid( $source_path ) ) {
+ emit( "copy_file(): illegal source path => $source_path.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !is_path_valid( $dest_path ) ) {
+ emit( "copy_file(): illegal destination path => $dest_path.\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `cp -f $source_path $dest_path`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "copy_file(): failed copying file from $source_path to "
+ . "$dest_path.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 file
+# return 1 - successfully removed file, or
+# return 0 - failed removing file
+sub remove_file
+{
+ my( $file ) = $_[0];
+
+ my $result = 0;
+
+ if( $file eq "" ) {
+ # file is NULL
+ return 1;
+ }
+
+ if( !file_exists( $file ) ) {
+ return 1;
+ }
+
+ $result = `rm -f $file`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "remove_file(): failed to remove file $file.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 file
+# arg1 user
+# arg2 group
+# return 1 - success, or
+# return 0 - failure
+sub give_file_to
+{
+ my $file = $_[0];
+ my $new_user = $_[1];
+ my $new_group = $_[2];
+
+ my $result = 0;
+
+ if( $file eq "" || !file_exists( $file ) ) {
+ emit( "give_file_to(): invalid file specified.\n",
+ "error" );
+ return 0;
+ }
+
+ if( $new_user eq "" || $new_group eq "" ) {
+ emit( "give_file_to(): file $file needs a user and group!\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `chgrp $new_group $file`;
+ if( $result ) {
+ emit( "give_file_to(): can't change file $file ownership to "
+ . "group $new_group!\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `chown $new_user $file`;
+ if( $result ) {
+ emit( "give_file_to(): can't change file $file ownership to "
+ . "user $new_user!\n",
+ "error" );
+ return 0;
+ }
+
+ return 1;
+}
+
+
+##############################################################
+# Generic "directory" Subroutines
+##############################################################
+
+# arg0 directory candidate
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub directory_exists
+{
+ my( $dir ) = $_[0];
+
+ my $result = 0;
+
+ if( -d $dir ) {
+ $result = 1;
+ } elsif( -e $dir ) {
+ my $type = entity_type( $dir );
+ emit( "Directory $dir DOES NOT exist because $dir is a $type!\n",
+ "error" );
+ $result = 0;
+ }
+
+ return $result;
+}
+
+
+# arg0 directory
+# return 1 - empty, or
+# return 0 - NOT empty
+sub is_directory_empty
+{
+ my $dir = $_[0];
+
+ my $empty = 1;
+ my $entity = "";
+
+ if( !directory_exists( $dir ) ) {
+ return 1;
+ }
+
+ opendir( DIR, $dir );
+ while( defined( $entity = readdir( DIR ) ) && ( $empty == 1 ) ) {
+ if( $entity ne "." && $entity ne ".." ) {
+ # NOTE: This is not necessarily an error!
+ #
+ # my $type = entity_type( "$dir/$entity" );
+ # emit( " Found $type $entity in directory $dir.\n",
+ # "debug" );
+
+ $empty = 0;
+ }
+ }
+ closedir( DIR );
+
+ return $empty;
+}
+
+
+# arg0 directory
+# return 1 - success, or
+# return 0 - failure
+sub create_directory
+{
+ my( $dir ) = $_[0];
+
+ my $result = 0;
+
+ if( $dir eq "" ) {
+ # directory is NULL
+ # Just return success
+ return 1;
+ }
+
+ $result = `mkdir -p $dir`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "create_directory(): failed creating directory $dir.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 directory
+# arg1 destination path
+# return 1 - successfully moved directory, or
+# return 0 - failed moving directory
+sub move_directory
+{
+ my( $dir ) = $_[0];
+ my( $dest ) = $_[1];
+
+ my $result = 0;
+
+ if( !is_path_valid( $dir ) ) {
+ emit( "move_directory(): illegal source path => $dir.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !is_path_valid( $dest ) ) {
+ emit( "move_directory(): illegal destination path => $dest.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !directory_exists( $dest ) ) {
+ $result = create_directory( $dest );
+ if( !$result ) {
+ emit( "move_directory(): failed moving dir $dir to new $dest.\n",
+ "error" );
+ return 0;
+ }
+ }
+
+ $result = `mv $dir $dest`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "move_directory(): failed moving dir $dir to $dest.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 source directory
+# arg1 destination path
+# return 1 - successfully copied directory, or
+# return 0 - failed copying directory
+sub copy_directory
+{
+ my $source_dir_path = $_[0];
+ my $dest_dir_path = $_[1];
+
+ my $result = 0;
+
+ if( !is_path_valid( $source_dir_path ) ) {
+ emit( "copy_directory(): illegal source path => $source_dir_path.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !is_path_valid( $dest_dir_path ) ) {
+ emit( "copy_directory(): illegal destination path => "
+ . "$dest_dir_path.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !directory_exists( $source_dir_path ) ) {
+ # Take the case where this directory does not exist
+ # Just return true
+ return 1;
+ }
+
+ if( !directory_exists( $dest_dir_path ) ) {
+ $result = create_directory( $dest_dir_path );
+ if( !$result ) {
+ return 0;
+ }
+ }
+
+ if( !is_directory_empty( $source_dir_path ) ) {
+ $result = `cp -fr $source_dir_path/* $dest_dir_path`;
+ } else {
+ $result = 0;
+ }
+
+ # System call returns 0 on success.
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "copy_directory(): failed copying directory from $source_dir_path "
+ . "to $dest_dir_path.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 directory
+# return 1 - successfully removed directory, or
+# return 0 - failed removing directory
+sub remove_directory
+{
+ my( $dir ) = $_[0];
+
+ my $result = 0;
+
+ if( !is_path_valid( $dir ) ) {
+ emit( "remove_directory(): specified invalid directory $dir.\n",
+ "error" );
+ return 0;
+ }
+
+ if( $dir eq "/" ) {
+ emit( "remove_directory(): don't even think about removing root!.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !directory_exists( $dir ) ) {
+ return 1;
+ }
+
+ $result = `rm -rf $dir`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "remove_directory(): failed to remove directory $dir.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 directory
+# arg1 user
+# arg2 group
+# return 1 - success, or
+# return 0 - failure
+sub give_directory_to
+{
+ my $directory = $_[0];
+ my $new_user = $_[1];
+ my $new_group = $_[2];
+
+ my $result = 0;
+
+ if( $directory eq "" || !directory_exists( $directory ) ) {
+ emit( "give_directory_to(): invalid directory specified.\n",
+ "error" );
+ return 0;
+ }
+
+ if( $new_user eq "" || $new_group eq "" ) {
+ emit( "give_directory_to(): directory $directory needs a user "
+ . "and group!\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `chgrp -R $new_group $directory`;
+ if( $result ) {
+ emit( "give_directory_to(): can't change directory $directory "
+ . "ownership to group $new_group!\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `chown -R $new_user $directory`;
+ if( $result ) {
+ emit( "give_directory_to(): can't change directory $directory "
+ . "ownership to user $new_user!\n",
+ "error" );
+ return 0;
+ }
+
+ return 1;
+}
+
+
+##############################################################
+# Generic "symbolic link" Subroutines
+##############################################################
+
+# arg0 symbolic link candidate
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub symbolic_link_exists
+{
+ my( $symlink ) = $_[0];
+
+ my $result = 0;
+
+ if( -l $symlink ) {
+ $result = 1;
+ } elsif( -e $symlink ) {
+ my $type = entity_type( $symlink );
+ emit( "Symbolic link $symlink DOES NOT exist because $symlink "
+ . "is a $type!\n",
+ "error" );
+ $result = 0;
+ }
+
+
+ return $result;
+}
+
+
+# arg0 symbolic link
+# arg1 destination path
+# return 1 - success, or
+# return 0 - failure
+sub create_symbolic_link
+{
+ my $symlink = $_[0];
+ my $dest_path = $_[1];
+
+ my $result = 0;
+
+
+ if( symbolic_link_exists( $symlink ) ) {
+ # delete symbolic link so that we can recreate link for upgrades
+ $result = `rm -rf $symlink`;
+ if( !$result ) {
+ emit( "create_symbolic_link(): unable to delete original "
+ . "$symlink.\n",
+ "error" );
+ return 0;
+ }
+ }
+
+ if( !is_path_valid( $symlink ) ) {
+ emit( "create_symbolic_link(): invalid source path => $symlink.\n",
+ "error" );
+ return 0;
+ }
+
+ if( !is_path_valid( $dest_path ) || !entity_exists( $dest_path ) ) {
+ emit( "create_symbolic_link(): illegal destination path => "
+ . "$dest_path.\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `ln -s $dest_path $symlink`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "create_symbolic_link(): failed creating symbolic link "
+ . "$symlink to destination directory $dest_path.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 symbolic link
+# return 1 - successfully removed symbolic link, or
+# return 0 - failed removing symbolic link
+sub remove_symbolic_link
+{
+ my( $symlink ) = $_[0];
+
+ my $result = 0;
+
+ if( $symlink eq "" ) {
+ # symlink is NULL
+ return 1;
+ }
+
+ if( !symbolic_link_exists( $symlink ) ) {
+ return 1;
+ }
+
+ $result = `rm -f $symlink`;
+ if( $result == 0 ) {
+ return 1;
+ }
+
+ emit( "remove_symbolic_link(): failed to remove symbolic_link "
+ . "$symlink.\n",
+ "error" );
+
+ return 0;
+}
+
+
+# arg0 file
+# arg1 user
+# arg2 group
+# return 1 - success, or
+# return 0 - failure
+sub give_symbolic_link_to
+{
+ my $symlink = $_[0];
+ my $new_user = $_[1];
+ my $new_group = $_[2];
+
+ my $result = 0;
+
+ if( $symlink eq "" || !symbolic_link_exists( $symlink ) ) {
+ emit( "give_symbolic_link_to(): invalid symbolic link specified.\n",
+ "error" );
+ return 1;
+ }
+
+ if( $new_user eq "" || $new_group eq "" ) {
+ emit( "give_symbolic_link_to(): symbolic link $symlink needs a "
+ . "user and group!\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `chgrp -h $new_group $symlink`;
+ if( $result ) {
+ emit( "give_symbolic_link_to(): can't change symbolic link $symlink "
+ . "ownership to group $new_group!\n",
+ "error" );
+ return 0;
+ }
+
+ $result = `chown -h $new_user $symlink`;
+ if( $result ) {
+ emit( "give_symbolic_link_to(): can't change symbolic link $symlink "
+ . "ownership to user $new_user!\n",
+ "error" );
+ return 0;
+ }
+
+ return 1;
+}
+
+1;
+
diff --git a/pki/base/setup/pkicreate b/pki/base/setup/pkicreate
new file mode 100755
index 000000000..87439e3c1
--- /dev/null
+++ b/pki/base/setup/pkicreate
@@ -0,0 +1,2939 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+##############################################################
+# This script is used to create a new instance of a
+# subsystem within a PKI installation.
+#
+# Sample Invocation (for CA):
+#
+# ./pkicreate
+# -pki_instance_root=/var/lib
+# -pki_instance_name=pki-ca1
+# -subsystem_type=ca
+# -secure_port=9543
+# -unsecure_port=9180
+# -tomcat_server_port=1801
+# -user=pkiuser
+# -group=pkiuser
+# -redirect conf=/export/pki/pki-ca1/conf
+# -redirect logs=/export/pki/pki-ca1/logs
+# -verbose
+#
+##############################################################
+
+
+##############################################################
+# Perl Version
+##############################################################
+
+my $MINIMUM_PERL_VERSION = "5.006001";
+
+my $perl_version_error_message = "ERROR: Using Perl version $] ...\n"
+ . " Must use Perl version "
+ . "$MINIMUM_PERL_VERSION or later to "
+ . "run this script!\n";
+
+die "$perl_version_error_message" if $] < $MINIMUM_PERL_VERSION;
+
+
+##############################################################
+# Execution Check
+##############################################################
+
+# Disallow 'others' the ability to 'write' to new files
+umask 00002;
+
+# Check to insure that this script's original
+# invocation directory has not been deleted!
+my $cwd = `/bin/pwd`;
+chomp $cwd;
+if( "$cwd" eq "" ) {
+ print( STDERR "Cannot invoke '$0' from non-existent directory!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+
+##############################################################
+# Environment Variables
+##############################################################
+
+# option to not run this script.
+if( defined( $ENV{ 'DONT_RUN_PKICREATE' } ) ) {
+ if( $ENV{ 'DONT_RUN_PKICREATE' } == 1 ) {
+ print( STDERR "Env. variable DONT_RUN_PKICREATE is set. Exiting.\n" );
+ print( STDOUT "\n" );
+ exit 0;
+ }
+}
+
+# additional option to not run this script on Solaris
+# (unfortunately, pkgadd doesn't process all environment variables)
+if( $^O eq "solaris" ) {
+ if( -f "/tmp/DONT_RUN_PKICREATE" ) {
+ print( STDERR "File DONT_RUN_PKICREATE exists. Exiting.\n" );
+ print( STDOUT "\n" );
+ exit 0;
+ }
+}
+
+# untaint called subroutines
+if( ( $^O ne 'Windows_NT' ) && ( $^O ne 'MSWin32' ) ) {
+ $> = $<; # set effective user ID to real UID
+ $) = $(; # set effective group ID to real GID
+ $ENV{ 'PATH' } = '/bin:/usr/bin';
+ $ENV{ 'ENV' } = '' if $ENV{ 'ENV' } ne '';
+}
+
+
+##############################################################
+# Command-Line Variables
+##############################################################
+
+my $ARGS = ( $#ARGV + 1 );
+
+
+##############################################################
+# Shared Common Perl Data and Subroutines
+##############################################################
+
+# Compute "flavor" of Operating System
+my $pki_flavor = "";
+if( $^O eq "linux" ) {
+ $pki_flavor = `pkiflavor`;
+} elsif( $^O eq "solaris" ) {
+ $pki_flavor = `pkiflavor`;
+} else {
+ print( STDERR
+ "ERROR: Unsupported platform '$^O'!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+$pki_flavor =~ s/\s+$//g;
+
+# Establish path to scripts
+my $pki_subsystem_common_area = "/usr/share/$pki_flavor";
+my $common_path = "/usr/share/pki/scripts";
+
+if( ! -d "$common_path" ) {
+ print( STDERR
+ "ERROR: The path '$common_path' does not exist!\n"
+ . " Unable to load shared Common Perl Data "
+ . "and Subroutines!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+if( ! -e "$common_path/pkicommon" ) {
+ print( STDERR
+ "ERROR: The file '$common_path/pkicommon' does not exist!\n"
+ . " Unable to load shared Common Perl Data "
+ . "and Subroutines!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+eval( "use lib '" . $common_path . "'" );
+require( 'pkicommon' );
+
+# make -w happy by suppressing warnings of Global variables used only once
+my $suppress = "";
+$suppress = $hostname;
+$suppress = $obj_ext;
+$suppress = $tmp_dir;
+$suppress = $default_security_libraries;
+$suppress = $default_system_libraries;
+$suppress = $lib_prefix;
+$suppress = $default_system_user_binaries;
+
+
+##############################################################
+# Local Constants
+##############################################################
+
+# Script used to complete setting up the PKI framework
+my $pkicomplete = "$pki_subsystem_common_area/scripts/pkicomplete";
+
+# Links created via initial "tomcat" installation that MUST be removed!!!
+my $jdbc_stdext_link = "/var/lib/tomcat5/common/lib/\[jdbc-stdext\].jar";
+my $jndi_link = "/var/lib/tomcat5/common/lib/\[jndi\].jar";
+my $jaas_link = "/var/lib/tomcat5/server/lib/\[jaas\].jar";
+
+# Subsystem names
+my $CA = "ca";
+my $OCSP = "ocsp";
+my $KRA = "kra";
+my $TKS = "tks";
+my $RA = "ra";
+my $TPS = "tps";
+
+# Base subsystem directory names
+my $acl_base_subsystem_dir = "acl"; # CA, KRA, OCSP, TKS
+my $alias_base_subsystem_dir = "alias"; # CA, KRA, OCSP, TKS, RA, TPS
+my $applets_base_subsystem_dir = "applets"; # TPS
+my $cgibin_base_subsystem_dir = "cgi-bin"; # TPS (Apache)
+my $conf_base_subsystem_dir = "conf"; # CA, KRA, OCSP, TKS, RA, TPS
+my $docroot_base_subsystem_dir = "docroot"; # RA, TPS (Apache)
+my $emails_base_subsystem_dir = "emails"; # CA
+my $etc_base_subsystem_dir = "etc"; # CA, KRA, OCSP, TKS, RA, TPS
+my $lib_base_subsystem_dir = "lib"; # RA, TPS
+my $logs_base_subsystem_dir = "logs"; # CA, KRA, OCSP, TKS, RA, TPS
+my $profiles_base_subsystem_dir = "profiles"; # CA, KRA, OCSP, TKS
+my $samples_base_subsystem_dir = "samples"; # TPS
+my $scripts_base_subsystem_dir = "scripts"; # RA, TPS
+my $shared_base_subsystem_dir = "shared"; # CA, KRA, OCSP, TKS (Tomcat)
+my $temp_base_subsystem_dir = "temp"; # CA, KRA, OCSP, TKS (Tomcat)
+my $webapps_base_subsystem_dir = "webapps"; # CA, KRA, OCSP, TKS
+my $work_base_subsystem_dir = "work"; # CA, KRA, OCSP, TKS (Tomcat)
+
+# Base instance directory names
+my $acl_base_instance_dir = "acl"; # CA, KRA, OCSP, TKS
+my $alias_base_instance_dir = "alias"; # CA, KRA, OCSP, TKS, RA, TPS
+my $bin_base_instance_dir = "bin"; # TPS
+my $cgibin_base_instance_dir = "cgi-bin"; # TPS (Apache)
+my $conf_base_instance_dir = "conf"; # CA, KRA, OCSP, TKS, RA, TPS
+my $docroot_base_instance_dir = "docroot"; # RA, TPS (Apache)
+my $emails_base_instance_dir = "emails"; # CA
+my $lib_base_instance_dir = "lib"; # RA, TPS
+my $logs_base_instance_dir = "logs"; # CA, KRA, OCSP, TKS, RA, TPS
+my $profiles_base_instance_dir = "profiles"; # CA, KRA, OCSP, TKS
+my $scripts_base_instance_dir = "scripts"; # RA, TPS
+my $shared_base_instance_dir = "shared"; # CA, KRA, OCSP, TKS (Tomcat)
+my $temp_base_instance_dir = "temp"; # CA, KRA, OCSP, TKS (Tomcat)
+my $webapps_base_instance_dir = "webapps"; # CA, KRA, OCSP, TKS
+my $work_base_instance_dir = "work"; # CA, KRA, OCSP, TKS (Tomcat)
+
+# Base instance symbolic link names
+my $common_base_instance_symlink = "common"; # CA, KRA, OCSP, TKS
+my $conf_base_instance_symlink = "conf"; # CA, KRA, OCSP, TKS, RA, TPS
+my $logs_base_instance_symlink = "logs"; # CA, KRA, OCSP, TKS, RA, TPS
+my $run_base_instance_symlink = "run"; # RA, TPS
+
+# Base names
+my $cgi_home_base_name = "home/index.cgi"; # TPS
+my $cgi_demo_base_name = "demo/index.cgi"; # TPS
+my $cgi_so_base_name = "so/index.cgi"; # TPS
+my $cgi_sow_base_name = "sow/index.cgi"; # TPS
+my $addAgents_ldif_base_name = "addAgents.ldif"; # TPS
+my $addIndexes_ldif_base_name = "addIndexes.ldif"; # TPS
+my $addTokens_ldif_base_name = "addTokens.ldif"; # TPS
+my $addVLVIndexes_ldif_base_name = "addVLVIndexes.ldif"; # TPS
+my $apachectl_base_name = "apachectl"; # TPS
+my $nss_pcache_base_name = "nss_pcache"; # RA, TPS
+my $catalina_sh_base_name = "dtomcat5"; # CA, KRA, OCSP, TKS
+my $certsrv_jar_base_name = "certsrv.jar"; # CA, KRA, OCSP, TKS
+my $nsutil_jar_base_name = "nsutil.jar"; # CA, KRA, OCSP, TKS
+my $cmsutil_jar_base_name = "cmsutil.jar"; # CA, KRA, OCSP, TKS
+my $cms_jar_base_name = "cms.jar"; # CA, KRA, OCSP, TKS
+my $cmsbundle_jar_base_name = "cmsbundle.jar"; # CA, KRA, OCSP, TKS
+my $cmscore_jar_base_name = "cmscore.jar"; # CA, KRA, OCSP, TKS
+my $conf_base_name = "conf"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $httpd_base_name = "httpd"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $httpd_conf_base_name = "httpd.conf"; # RA, TPS
+my $index_html_base_name = "index.html"; # CA, KRA, OCSP, TKS
+my $logs_base_name = "logs"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $magic_base_name = "magic"; # RA, TPS
+my $mime_types_base_name = "mime.types"; # RA, TPS
+my $noise_base_name = "noise"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $nss_conf_base_name = "nss.conf"; # RA, TPS
+my $perl_conf_base_name = "perl.conf"; # RA, TPS
+my $osutil_jar_base_name = "osutil.jar"; # CA, KRA, OCSP, TKS
+my $password_conf_base_name = "password.conf"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pfile_base_name = "pfile"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pki_cfg_base_name = "CS.cfg"; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $schemaMods_ldif_base_name = "schemaMods.ldif"; # RA, TPS
+my $server_xml_base_name = "server.xml"; # CA, KRA, OCSP, TKS
+my $servercertnick_conf_base_name = "serverCertNick.conf"; # CA, KRA, OCSP, TKS
+my $tomcat5_conf_base_name = "tomcat5.conf"; # CA, KRA, OCSP, TKS
+my $velocity_prop_base_name = "velocity.properties"; # CA, KRA, OCSP, TKS
+my $web_xml_base_name = "web.xml"; # CA, KRA, OCSP, TKS
+
+# Subdirectory names
+my $initd_base_subsystem_dir = "init.d"; # CA, KRA, OCSP, TKS, RA, TPS
+my $perl_base_instance_symlink = "perl"; # RA, TPS
+my $perl_base_subsystem_dir = "perl"; # RA, TPS
+my $webapps_root_base_instance_dir = "ROOT"; # CA, KRA, OCSP, TKS
+my $webapps_root_base_subsystem_dir = "ROOT"; # CA, KRA, OCSP, TKS
+my $webinf_base_instance_dir = "WEB-INF"; # CA, KRA, OCSP, TKS
+
+# Defaults
+my $default_apache_pids_path = "/var/run";
+my $default_java_path = "/usr/share/java";
+my $default_dir_permissions = 00770;
+my $default_exe_permissions = 00770;
+my $default_file_permissions = 00660;
+my $default_security_token = "internal";
+my $default_start_stop_scripts = "/etc/init.d";
+my $default_tomcat_common_path = "/var/lib/tomcat5/common";
+
+# Default PKI user and group to give to PKI installed files
+my $pki_user = "pkiuser";
+my $pki_group = "pkiuser";
+
+# PKI creation constants
+my $db_password_low = 100000000000;
+my $db_password_high = 999999999999;
+
+# Template slot constants (RA, TPS)
+my $GROUPID = "GROUPID";
+my $HTTPD_CONF = "HTTPD_CONF";
+my $INSTANCE_ID = "INSTANCE_ID";
+my $LIB_PREFIX = "LIB_PREFIX";
+my $NSS_CONF = "NSS_CONF";
+my $OBJ_EXT = "OBJ_EXT";
+my $PORT = "PORT";
+my $PROCESS_ID = "PROCESS_ID";
+my $SECURE_PORT = "SECURE_PORT";
+my $SECURITY_LIBRARIES = "SECURITY_LIBRARIES";
+my $SERVER_NAME = "SERVER_NAME";
+my $SERVER_ROOT = "SERVER_ROOT";
+my $SUBSYSTEM_TYPE = "SUBSYSTEM_TYPE";
+my $SYSTEM_LIBRARIES = "SYSTEM_LIBRARIES";
+my $SYSTEM_USER_LIBRARIES = "SYSTEM_USER_LIBRARIES";
+my $TMP_DIR = "TMP_DIR";
+my $TPS_DIR = "TPS_DIR";
+my $USERID = "USERID";
+my $FORTITUDE_APACHE = "FORTITUDE_APACHE";
+my $FORTITUDE_DIR = "FORTITUDE_DIR";
+my $FORTITUDE_MODULE = "FORTITUDE_MODULE";
+my $FORTITUDE_LIB_DIR = "FORTITUDE_LIB_DIR";
+my $FORTITUDE_AUTH_MODULES = "FORTITUDE_AUTH_MODULES";
+my $FORTITUDE_NSS_MODULES = "FORTITUDE_NSS_MODULES";
+
+# Template slot constants (CA, KRA, OCSP, TKS)
+my $INSTALL_TIME = "INSTALL_TIME";
+my $PKI_CERT_DB_PASSWORD_SLOT = "PKI_CERT_DB_PASSWORD";
+my $PKI_CFG_PATH_NAME_SLOT = "PKI_CFG_PATH_NAME";
+my $PKI_GROUP_SLOT = "PKI_GROUP";
+my $PKI_INSTANCE_ID_SLOT = "PKI_INSTANCE_ID";
+my $PKI_INSTANCE_PATH_SLOT = "PKI_INSTANCE_PATH";
+my $PKI_INSTANCE_ROOT_SLOT = "PKI_INSTANCE_ROOT";
+my $PKI_MACHINE_NAME_SLOT = "PKI_MACHINE_NAME";
+my $PKI_RANDOM_NUMBER_SLOT = "PKI_RANDOM_NUMBER";
+my $PKI_SECURE_PORT_SLOT = "PKI_SECURE_PORT";
+my $PKI_SERVER_XML_CONF = "PKI_SERVER_XML_CONF";
+my $PKI_SUBSYSTEM_TYPE_SLOT = "PKI_SUBSYSTEM_TYPE";
+my $PKI_UNSECURE_PORT_SLOT = "PKI_UNSECURE_PORT";
+my $PKI_USER_SLOT = "PKI_USER";
+my $TOMCAT_SERVER_PORT_SLOT = "TOMCAT_SERVER_PORT";
+my $PKI_FLAVOR_SLOT = "PKI_FLAVOR";
+
+# PKI removal constants
+my $saved_cleanup_file_name = ".cleanup.dat";
+my $saved_file_marker = "[files]";
+my $saved_directory_marker = "[directories]";
+
+
+##############################################################
+# Local Data Structures
+##############################################################
+
+# Useful pki references
+@installed_files = ();
+@installed_stray_directories = ();
+
+%redirects = ();
+
+
+##############################################################
+# Local Variables
+##############################################################
+
+# Command-line variables (mandatory)
+my $pki_instance_root = "";
+my $pki_instance_name = "";
+my $subsystem_type = "";
+my $secure_port = -1;
+my $unsecure_port = -1;
+my $tomcat_server_port = -1;
+
+# Command-line variables (optional)
+my $username = "";
+my $groupname = "";
+my $redirected_conf_path = "";
+my $redirected_logs_path = "";
+
+# Base subsystem directory paths
+my $pki_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $acl_subsystem_path = ""; # CA, KRA, OCSP, TKS
+my $alias_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $applets_subsystem_path = ""; # TPS
+my $bin_subsystem_path = ""; # TPS
+my $cgibin_subsystem_path = ""; # TPS (Apache)
+my $conf_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $docroot_subsystem_path = ""; # RA, TPS (Apache)
+my $emails_subsystem_path = ""; # CA
+my $etc_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $lib_subsystem_path = ""; # RA, TPS
+my $logs_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $profiles_subsystem_path = ""; # CA, KRA, OCSP, TKS
+my $samples_subsystem_path = ""; # TPS
+my $scripts_subsystem_path = ""; # RA, TPS
+my $shared_subsystem_path = ""; # CA, KRA, OCSP, TKS (Tomcat)
+my $temp_subsystem_path = ""; # CA, KRA, OCSP, TKS (Tomcat)
+my $webapps_subsystem_path = ""; # CA, KRA, OCSP, TKS
+my $common_ui_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $ui_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $work_subsystem_path = ""; # CA, KRA, OCSP, TKS (Tomcat)
+
+# Base instance directory paths
+my $pki_instance_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $acl_instance_path = ""; # CA, KRA, OCSP, TKS
+my $alias_instance_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $bin_instance_path = ""; # TPS
+my $cgibin_instance_path = ""; # TPS (Apache)
+my $conf_instance_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $docroot_instance_path = ""; # RA, TPS (Apache)
+my $emails_instance_path = ""; # CA
+my $lib_instance_path = ""; # RA, TPS
+my $logs_instance_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $profiles_instance_path = ""; # CA, KRA, OCSP, TKS
+my $scripts_instance_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $shared_instance_path = ""; # CA, KRA, OCSP, TKS (Tomcat)
+my $temp_instance_path = ""; # CA, KRA, OCSP, TKS (Tomcat)
+my $webapps_instance_path = ""; # CA, KRA, OCSP, TKS
+my $webapps_subsystem_instance_path = ""; # CA, KRA, OCSP, TKS
+my $work_instance_path = ""; # CA, KRA, OCSP, TKS (Tomcat)
+
+# Base instance symbolic link paths
+my $common_instance_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $conf_instance_symlink_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $logs_instance_symlink_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+my $run_instance_symlink_path = ""; # RA, TPS
+
+# Subdirectory paths
+my $cgi_home_instance_file_path = ""; # TPS
+my $cgi_home_subsystem_file_path = ""; # TPS
+my $cgi_demo_instance_file_path = ""; # TPS
+my $cgi_demo_subsystem_file_path = ""; # TPS
+my $cgi_so_instance_file_path = ""; # TPS
+my $cgi_so_subsystem_file_path = ""; # TPS
+my $cgi_sow_instance_file_path = ""; # TPS
+my $cgi_sow_subsystem_file_path = ""; # TPS
+my $addAgents_ldif_instance_file_path = ""; # TPS
+my $addAgents_ldif_subsystem_file_path = ""; # TPS
+my $addIndexes_ldif_instance_file_path = ""; # TPS
+my $addIndexes_ldif_subsystem_file_path = ""; # TPS
+my $addTokens_ldif_instance_file_path = ""; # TPS
+my $addTokens_ldif_subsystem_file_path = ""; # TPS
+my $addVLVIndexes_ldif_instance_file_path = ""; # TPS
+my $addVLVIndexes_ldif_subsystem_file_path = ""; # TPS
+my $apachectl_instance_file_path = ""; # TPS
+my $apachectl_subsystem_file_path = ""; # TPS
+my $catalina_sh_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $catalina_sh_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $certsrv_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $certsrv_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $cms_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $cms_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $nsutil_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $nsutil_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $cmsutil_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $cmsutil_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $cmsbundle_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $cmsbundle_jar_symlink = ""; # CA, KRA, OCSP, TKS
+my $cmscore_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $cmscore_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $httpd_conf_instance_file_path = ""; # RA, TPS
+my $httpd_conf_subsystem_file_path = ""; # RA, TPS
+my $index_html_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $index_html_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $java_pki_flavor_jar_path = ""; # CA, KRA, OCSP, TKS
+my $java_pki_flavor_subsystem_jar_path = ""; # CA, KRA, OCSP, TKS
+my $magic_instance_file_path = ""; # RA, TPS
+my $magic_subsystem_file_path = ""; # RA, TPS
+my $mime_types_instance_file_path = ""; # RA, TPS
+my $mime_types_subsystem_file_path = ""; # RA, TPS
+my $noise_instance_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $nss_conf_instance_file_path = ""; # RA, TPS
+my $nss_conf_subsystem_file_path = ""; # RA, TPS
+my $perl_conf_instance_file_path = ""; # RA, TPS
+my $perl_conf_subsystem_file_path = ""; # RA, TPS
+my $osutil_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $osutil_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $password_conf_instance_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $perl_instance_symlink_path = ""; # RA, TPS
+my $perl_subsystem_path = ""; # RA, TPS
+my $pfile_instance_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pki_cfg_instance_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pki_cfg_subsystem_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pki_start_stop_script_instance_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pki_start_stop_script_subsystem_file_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $pki_start_stop_script_symlink_path = ""; # CA, KRA, OCSP, TKS,
+ # RA, TPS
+my $schemaMods_ldif_instance_file_path = ""; # RA, TPS
+my $schemaMods_ldif_subsystem_file_path = ""; # RA, TPS
+my $server_xml_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $server_xml_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $servercertnick_conf_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $servercertnick_conf_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $subsystem_jar_file_path = ""; # CA, KRA, OCSP, TKS
+my $subsystem_jar_symlink_path = ""; # CA, KRA, OCSP, TKS
+my $tomcat5_conf_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $tomcat5_conf_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $velocity_prop_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $velocity_prop_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $web_xml_instance_file_path = ""; # CA, KRA, OCSP, TKS
+my $web_xml_subsystem_file_path = ""; # CA, KRA, OCSP, TKS
+my $webapps_root_instance_path = ""; # CA, KRA, OCSP, TKS
+my $webapps_root_subsystem_path = ""; # CA, KRA, OCSP, TKS
+my $webapps_subsystem_instance_path = ""; # CA, KRA, OCSP, TKS
+my $webinf_instance_path = ""; # CA, KRA, OCSP, TKS
+my $webinf_lib_instance_path = ""; # CA, KRA, OCSP, TKS
+my $webinf_subsystem_path = ""; # CA, KRA, OCSP, TKS
+
+# PKI creation variables
+my $host = "";
+my $db_password = 0;
+my $random = 0;
+
+
+##############################################################
+# Platform-Dependent Data Initialization
+##############################################################
+
+if( $^O eq "linux" ) {
+ $setup_base_subsystem_dir = "setup"; # CA, KRA, OCSP, TKS, RA, TPS
+ $setup_subsystem_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+ $setup_config_instance_file_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+ $setup_config_subsystem_file_path = ""; # CA, KRA, OCSP, TKS, RA, TPS
+
+ # Linux required desktop files
+ $setup_config_area = "/usr/share/applications";
+ $setup_config_name = "config.desktop";
+
+ # Platform-specific directories
+ @pki_static_directories = ( "temp",
+ "shared",
+ "shared/lib",
+ "shared/common",
+ "shared/lib",
+ "work",
+ "setup" );
+
+ # Superuser and group to give to PKI installed files
+ $root_user = "root";
+ $root_group = "root";
+} elsif( $^O eq "solaris" ) {
+ # Platform-specific directories
+ @pki_static_directories = ( "temp",
+ "shared",
+ "shared/lib",
+ "shared/common",
+ "shared/lib",
+ "work" );
+
+ # Superuser and group to give to PKI installed files
+ $root_user = "root";
+ $root_group = "other";
+} else {
+ print( STDERR
+ "ERROR: Unsupported platform '$^O'!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+
+##############################################################
+# Local Data Initialization
+##############################################################
+
+# Initialize Java-specific variables
+if( $^O eq "linux" ) {
+ if( $default_hardware_platform eq "i386" ) {
+ # 32-bit Linux
+
+ # Supported hardware token PKCS #11 modules
+ %supported_sec_modules_hash = ( "lunasa",
+ "/usr/lunasa/lib/libCryptoki2.so",
+ "nfast",
+ "/opt/nfast/toolkits/pkcs11/libcknfast.so"
+ );
+ } elsif( $default_hardware_platform eq "x86_64" ) {
+ # 64-bit Linux
+
+ # Supported hardware token PKCS #11 modules
+ %supported_sec_modules_hash = ( "lunasa",
+ "/usr/lunasa/lib/libCryptoki2.so",
+ "nfast",
+ "/opt/nfast/toolkits/pkcs11/libcknfast.so"
+ );
+ } else {
+ print( STDERR
+ "ERROR: Unsupported '$^O' hardware platform "
+ . "'$default_hardware_platform'!\n" );
+ print( "\n" );
+ exit 255;
+ }
+} elsif( $^O eq "solaris" ) {
+ if( $default_hardware_platform eq "sparc" ) {
+ # 32-bit Solaris
+
+ # Supported hardware token PKCS #11 modules
+ %supported_sec_modules_hash = ( "lunasa",
+ "/usr/lunasa/lib/libCryptoki2.so",
+ "nfast",
+ "/opt/nfast/toolkits/pkcs11/libcknfast-32.so"
+ );
+ } elsif( $default_hardware_platform eq "sparcv9" ) {
+ # 64-bit Solaris
+
+ # Supported hardware token PKCS #11 modules
+ %supported_sec_modules_hash = ( "lunasa",
+ "/usr/lunasa/lib/libCryptoki2.so",
+ "nfast",
+ "/opt/nfast/toolkits/pkcs11/libcknfast-64.so"
+ );
+ } else {
+ print( STDERR
+ "ERROR: Unsupported '$^O' hardware platform "
+ . "'$default_hardware_platform'!\n" );
+ print( "\n" );
+ exit 255;
+ }
+} else {
+ print( STDERR
+ "ERROR: Unsupported platform '$^O'!\n" );
+ print( "\n" );
+ exit 255;
+}
+
+# Links created via initial "tomcat" installation that MUST be removed!!!
+if( -l $jdbc_stdext_link ) {
+ my $rv = `rm -f $jdbc_stdext_link`;
+ if( $rv ) {
+ print( STDERR
+ "ERROR: Unable to remove symbolic link called "
+ . "$jdbc_stdext_link!\n" );
+ print( "\n" );
+ exit 255;
+ }
+}
+
+if( -l $jndi_link ) {
+ my $rv = `rm -f $jndi_link`;
+ if( $rv ) {
+ print( STDERR
+ "ERROR: Unable to remove symbolic link called "
+ . "$jndi_link!\n" );
+ print( "\n" );
+ exit 255;
+ }
+}
+
+if( -l $jaas_link ) {
+ my $rv = `rm -f $jaas_link`;
+ if( $rv ) {
+ print( STDERR
+ "ERROR: Unable to remove symbolic link called "
+ . "$jaas_link!\n" );
+ print( "\n" );
+ exit 255;
+ }
+}
+
+
+##############################################################
+# PKI Instance Creation Subroutines
+##############################################################
+
+# no args
+# no return value
+sub usage()
+{
+ print( STDOUT
+ "Usage: pkicreate -pki_instance_root=<pki_instance_root> "
+ . "# Instance root\n"
+ . " "
+ . "# directory\n"
+ . " "
+ . "# destination\n\n"
+ . " -pki_instance_name=<pki_instance_id> "
+ . "# Unique PKI\n"
+ . " "
+ . "# subsystem\n"
+ . " "
+ . "# instance name\n\n"
+ . " -subsystem_type=<subsystem_type> "
+ . "# Subsystem type\n"
+ . " "
+ . "# [ca | kra | ocsp |\n"
+ . " "
+ . "# tks | ra | tps]\n\n"
+ . " -secure_port=<secure_port> "
+ . "# Secure port\n\n"
+ . " -unsecure_port=<unsecure_port> "
+ . "# Unsecure port\n\n"
+ . " -tomcat_server_port=<tomcat_server_port> "
+ . "# Unique port\n"
+ . " "
+ . "# for each\n"
+ . " "
+ . "# tomcat instance\n"
+ . " "
+ . "# [ca | kra | ocsp |\n"
+ . " "
+ . "# tks] ONLY\n\n"
+ . " [-user=<username>] "
+ . "# user ownership\n"
+ . " "
+ . "# [must ALSO specify\n"
+ . " "
+ . "# group ownership]\n"
+ . " "
+ . "#\n"
+ . " "
+ . "# (Default=pkiuser)\n\n"
+ . " [-group=<groupname>] "
+ . "# group ownership\n"
+ . " "
+ . "# [must ALSO specify\n"
+ . " "
+ . "# user ownership]\n"
+ . " "
+ . "#\n"
+ . " "
+ . "# (Default=pkiuser)\n\n"
+ . " [-redirect conf=<real conf dir path>] "
+ . "# redirection of\n"
+ . " "
+ . "# conf directory\n\n"
+ . " [-redirect logs=<real logs dir path>] "
+ . "# redirection of\n"
+ . " "
+ . "# logs directory\n\n"
+ . " [-verbose] "
+ . "# Print out\n"
+ . " "
+ . "# liberal info\n"
+ . " "
+ . "# during pkicreate\n\n"
+ . " [-help] "
+ . "# Print out\n"
+ . " "
+ . "# this screen\n\n" );
+
+ print( STDOUT
+ "Example: pkicreate -pki_instance_root=/var/lib\n"
+ . " -pki_instance_name=$pki_flavor-ca1\n"
+ . " -subsystem_type=ca\n"
+ . " -secure_port=9543\n"
+ . " -unsecure_port=9180\n"
+ . " -tomcat_server_port=1801\n"
+ . " -user=pkiuser\n"
+ . " -group=pkiuser\n"
+ . " -redirect conf=/export/pki/$pki_flavor-ca1/"
+ . "conf\n"
+ . " -redirect logs=/export/pki/$pki_flavor-ca1/"
+ . "logs\n"
+ . " -verbose\n\n" );
+
+ print( STDOUT
+ "IMPORTANT: Must be run as root!\n\n" );
+
+ return;
+}
+
+
+# arg0 instance name
+# return 1 - exists, or
+# return 0 - DOES NOT exist
+sub pki_instance_already_exists
+{
+ my $name = $_[0];
+ my $result = 0;
+
+ my $instance = $default_start_stop_scripts . "/" . $name;
+
+ if( -e $instance ) {
+ $result = 1;
+ }
+
+ return $result;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub parse_arguments()
+{
+ my $l_secure_port = -1;
+ my $l_unsecure_port = -1;
+ my $l_tomcat_server_port = -1;
+ my $show_help = 0;
+
+ $result = GetOptions( "help" => \$show_help,
+ "pki_instance_root=s" => \$pki_instance_root,
+ "pki_instance_name=s" => \$pki_instance_name,
+ "subsystem_type=s" => \$subsystem_type,
+ "secure_port:i" => \$l_secure_port,
+ "unsecure_port:i" => \$l_unsecure_port,
+ "tomcat_server_port:i" => \$l_tomcat_server_port,
+ "user=s" => \$username,
+ "group=s" => \$groupname,
+ "verbose" => \$verbose,
+ "redirect=s" => \%redirects );
+
+
+ ## Optional "-help" option - no "mandatory" options are required
+ if( $show_help ) {
+ usage();
+ return 0;
+ }
+
+
+ ## Mandatory "-pki_instance_root=s" option
+ if( $pki_instance_root eq "" ) {
+ emit( "Must have value for -pki_instance_root!\n", "error" );
+ usage();
+ return 0;
+ }
+
+ if( $pki_instance_root eq "/" ) {
+ emit( "Don't even think about making root the pki_instance_root! "
+ . "Try again.\n", "error" );
+ usage();
+ return 0;
+ }
+
+ # Remove all trailing directory separators ('/')
+ $pki_instance_root =~ s/\/+$//;
+
+ if( !is_path_valid( $pki_instance_root ) ) {
+ emit( "Target directory $pki_instance_root is not a "
+ . "legal directory try again.\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+
+ ## Mandatory "-pki_instance_name=s" option
+ if( $pki_instance_name eq "" ) {
+ emit( "Must have value for -pki_instance_name!\n", "error" );
+ usage();
+ return 0;
+ }
+
+ if( !is_name_valid( $pki_instance_name ) ) {
+ emit( "Illegal Value => $pki_instance_name for -pki_instance_name!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+ if( pki_instance_already_exists( $pki_instance_name ) ) {
+ emit( "An instance named $pki_instance_name "
+ . "already exists; please try again.\n", "error" );
+ usage();
+ return 0;
+ }
+
+ $pki_instance_path = $pki_instance_root
+ . "/" . $pki_instance_name;
+
+ if( directory_exists( $pki_instance_path ) ) {
+ emit( "Target directory $pki_instance_path "
+ . "already exists; clean up and "
+ . "try again.\n", "error" );
+ usage();
+ return 0;
+ }
+
+
+ # capture installation information in a log file
+ # (always overwrite this file)
+ $logfile = "/var/log/$pki_instance_name-install.log";
+ open_logfile( $logfile );
+ push( @installed_files, $logfile );
+
+ emit( "Capturing installation information in $logfile.\n" );
+
+ emit( "Parsing PKI creation arguments ...\n" );
+
+ if( $verbose ) {
+ emit( " verbose mode is ENABLED\n" );
+ }
+
+ emit( " pki_instance_root $pki_instance_root\n" );
+ emit( " pki_instance_name $pki_instance_name\n" );
+
+
+ ## Mandatory "-subsystem_type=s" option
+ if( $subsystem_type ne $CA &&
+ $subsystem_type ne $KRA &&
+ $subsystem_type ne $OCSP &&
+ $subsystem_type ne $TKS &&
+ $subsystem_type ne $RA &&
+ $subsystem_type ne $TPS ) {
+ emit( "Illegal value => $subsystem_type : for -subsystem_type!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+ $pki_subsystem_path = $pki_subsystem_common_area
+ . "/" . $subsystem_type;
+
+ if( !( -d "$pki_subsystem_path" ) ) {
+ emit( "$pki_subsystem_path not present. "
+ . "Please install the corresponding subsystem RPM first!\n",
+ "error" );
+ usage();
+ return 0;
+ } else {
+ emit( " subsystem_type $subsystem_type\n" );
+ }
+
+ ## Mandatory "-secure_port=<secure_port>" option
+ if( $l_secure_port >= 0 ) {
+ $secure_port = $l_secure_port;
+
+ emit( " secure_port $secure_port\n" );
+ } else {
+ emit( "Must include value for secure_port!\n", "error" );
+ usage();
+ return 0;
+ }
+
+
+ ## Mandatory "-unsecure_port=<unsecure_port>" option
+ if( $l_unsecure_port >= 0 ) {
+ $unsecure_port = $l_unsecure_port;
+
+ emit( " unsecure_port $unsecure_port\n" );
+ } else {
+ emit( "Must include value for unsecure_port!\n", "error" );
+ usage();
+ return 0;
+ }
+
+
+ ## Mandatory "-tomcat_server_port=<tomcat_server_port>" option/exclusion
+ if( !($subsystem_type eq $RA || $subsystem_type eq $TPS ) ) {
+ ## Mandatory OPTION for CA, KRA, OCSP, and TKS subsystems
+ if( $l_tomcat_server_port < 0 ) {
+ emit( "Must include value for tomcat_server_port!\n", "error" );
+ usage();
+ return 0;
+ }
+
+ $tomcat_server_port = $l_tomcat_server_port;
+
+ emit( " tomcat_server_port $tomcat_server_port\n" );
+ } else {
+ ## Mandatory EXCLUSION for RA and TPS subsystems
+ if( $l_tomcat_server_port != -1 ) {
+ emit( "Must NOT include value for tomcat_server_port!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+ }
+
+
+ ## Optional "-user=<username>" option
+ if( $username ne "" ) {
+ if( $groupname eq "" ) {
+ emit( "Must ALSO specify group ownership using -group!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+ if( !user_exists( $username ) ) {
+ emit( "The user '$username' is invalid on this machine!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+ # Overwrite default value of $pki_user with user-specified $username
+ $pki_user = $username;
+ }
+
+
+ ## Optional "-group=<groupname>" option
+ if( $groupname ne "" ) {
+ if( $username eq "" ) {
+ emit( "Must ALSO specify user ownership using -user!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+ if( !group_exists( $groupname ) ) {
+ emit( "The group '$groupname' is invalid on this machine!\n",
+ "error" );
+ usage();
+ return 0;
+ }
+
+ # Overwrite default value of $pki_group with user-specified $groupname
+ $pki_group = $groupname;
+ }
+
+
+ # At this point in time, ALWAYS check that "$pki_user"
+ # is a valid member of "$pki_group"
+ #
+ # NOTE: Uncomment the following code to enforce a strict policy of
+ # requiring $pki_user to be a member of $pki_group . . .
+ #
+ # if( !user_is_a_member_of_group( $pki_user, $pki_group ) ) {
+ # emit( "The user '$pki_user' is NOT a member of group '$pki_group'!\n",
+ # "error" );
+ # usage();
+ # return 0;
+ # }
+
+
+ ## Optional "-redirect <dir_name>=<real dir path> ..." option
+ while( my ($key, $value) = each( %redirects ) ) {
+ if( !is_path_valid( $value ) ) {
+ emit( "Illegal redirect directory value: key=$key value="
+ . "$value\n", "error" );
+ usage();
+ return 0;
+ }
+
+ if( $key eq "conf" ) {
+ $redirected_conf_path = $value;
+ emit( "setting conf_path $redirected_conf_path\n" );
+ } elsif( $key eq "logs" ) {
+ $redirected_logs_path = $value;
+ emit( "setting logs_path $redirected_logs_path\n" );
+ } else {
+ emit( "Illegal redirect directory key: key=$key value="
+ . "$value\n", "error" );
+ usage();
+ return 0;
+ }
+
+ emit( "redirect $key => $value\n" );
+ }
+
+ return 1;
+}
+
+
+# no args
+# no return value
+sub initialize_subsystem_paths()
+{
+ ## Initialize subsystem directory paths (subsystem independent)
+ $alias_subsystem_path = $pki_subsystem_path
+ . "/" . $alias_base_subsystem_dir;
+ $conf_subsystem_path = $pki_subsystem_path
+ . "/" . $conf_base_subsystem_dir;
+ $etc_subsystem_path = $pki_subsystem_path
+ . "/" . $etc_base_subsystem_dir;
+ $logs_subsystem_path = $pki_subsystem_path
+ . "/" . $logs_base_subsystem_dir;
+ if( $^O eq "linux" ) {
+ $setup_subsystem_path = $pki_subsystem_path
+ . "/" . $setup_base_subsystem_dir;
+ }
+
+ ## Initialize subsystem directory paths (CA subsystems)
+ if( $subsystem_type eq $CA ) {
+ $emails_subsystem_path = $pki_subsystem_path
+ . "/" . $emails_base_subsystem_dir;
+ }
+
+
+ $common_ui_subsystem_path = $pki_subsystem_common_area . "/" .
+ "common-ui";
+ $ui_subsystem_path = $pki_subsystem_path . "-ui";
+
+ ## Initialize subsystem directory paths (RA, TPS subsystems)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ if( $subsystem_type eq $TPS ) {
+ $applets_subsystem_path = $pki_subsystem_path
+ . "/" . $applets_base_subsystem_dir;
+ $bin_subsystem_path = $default_system_user_libraries
+ . "/" . $pki_flavor
+ . "/" . $subsystem_type;
+ $samples_subsystem_path = $pki_subsystem_path
+ . "/" . $samples_base_subsystem_dir;
+ }
+
+ $lib_subsystem_path = $pki_subsystem_path
+ . "/" . $lib_base_subsystem_dir;
+ $scripts_subsystem_path = $pki_subsystem_path
+ . "/" . $scripts_base_subsystem_dir;
+
+ # Apache Specific
+ if( $subsystem_type eq $TPS ) {
+ $cgibin_subsystem_path = $pki_subsystem_path
+ . "/" . $cgibin_base_subsystem_dir;
+ }
+
+ # Apache Specific
+ $docroot_subsystem_path = $pki_subsystem_path
+ . "/" . $docroot_base_subsystem_dir;
+ } else {
+
+ ## Initialize subsystem directory paths (CA, KRA, OCSP, TKS subsystems)
+
+ $acl_subsystem_path = $pki_subsystem_path
+ . "/" . $acl_base_subsystem_dir;
+ $profiles_subsystem_path = $pki_subsystem_path
+ . "/" . $profiles_base_subsystem_dir;
+ $webapps_subsystem_path = $pki_subsystem_path
+ . "/" . $webapps_base_subsystem_dir;
+
+ # Tomcat Specific
+ $shared_subsystem_path = $pki_subsystem_path
+ . "/" . $shared_base_subsystem_dir;
+ $temp_subsystem_path = $pki_subsystem_path
+ . "/" . $temp_base_subsystem_dir;
+ $work_subsystem_path = $pki_subsystem_path
+ . "/" . $work_base_subsystem_dir;
+ }
+
+ return;
+}
+
+
+# no args
+# no return value
+sub initialize_instance_paths()
+{
+ ## Initialize instance directory paths (instance independent)
+ $alias_instance_path = $pki_instance_path
+ . "/" . $alias_base_instance_dir;
+ $conf_instance_path = $pki_instance_path
+ . "/" . $conf_base_instance_dir;
+ $logs_instance_path = $pki_instance_path
+ . "/" . $logs_base_instance_dir;
+
+
+ ## Initialize instance directory paths (CA instances)
+ if( $subsystem_type eq $CA ) {
+ $emails_instance_path = $pki_instance_path
+ . "/" . $emails_base_instance_dir;
+ }
+
+
+ ## Initialize instance directory paths (RA, TPS instances)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ if( $subsystem_type eq $TPS ) {
+ $bin_instance_path = $pki_instance_path
+ . "/" . $bin_base_instance_dir;
+ }
+
+ $lib_instance_path = $pki_instance_path
+ . "/" . $lib_base_instance_dir;
+ $scripts_instance_path = $pki_instance_path
+ . "/" . $scripts_base_instance_dir;
+
+ # Apache Specific
+ if( $subsystem_type eq $TPS ) {
+ $cgibin_instance_path = $pki_instance_path
+ . "/" . $cgibin_base_instance_dir;
+ }
+
+ # Apache Specific
+ $docroot_instance_path = $pki_instance_path
+ . "/" . $docroot_base_instance_dir;
+ } else {
+ ## Initialize instance directory paths (CA, KRA, OCSP, TKS instances)
+ $acl_instance_path = $pki_instance_path
+ . "/" . $acl_base_instance_dir;
+ $profiles_instance_path = $pki_instance_path
+ . "/" . $profiles_base_instance_dir;
+ $webapps_instance_path = $pki_instance_path
+ . "/" . $webapps_base_instance_dir;
+ $webapps_subsystem_instance_path = $webapps_instance_path . "/"
+ . $subsystem_type;
+
+ # Tomcat Specific
+ $shared_instance_path = $pki_instance_path
+ . "/" . $shared_base_instance_dir;
+ $temp_instance_path = $pki_instance_path
+ . "/" . $temp_base_instance_dir;
+ $work_instance_path = $pki_instance_path
+ . "/" . $work_base_instance_dir;
+ }
+
+ return;
+}
+
+
+# no args
+# no return value
+sub initialize_instance_symlink_paths()
+{
+ ## Initialize instance symlinks (instance independent)
+ $conf_instance_symlink_path = $pki_instance_path
+ . "/" . $conf_base_instance_symlink;
+ $logs_instance_symlink_path = $pki_instance_path
+ . "/" . $logs_base_instance_symlink;
+
+
+ ## Initialize instance symlinks (CA instances)
+ # if( $subsystem_type eq $CA ) {
+ # }
+
+
+ ## Initialize instance symlinks (RA, TPS instances)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ # Apache Specific
+ $run_instance_symlink_path = $pki_instance_path
+ . "/" . $run_base_instance_symlink;
+ } else {
+ ## Initialize instance symlinks (CA, KRA, OCSP, TKS instances)
+ $common_instance_symlink_path = $pki_instance_path
+ . "/" . $common_base_instance_symlink;
+ }
+
+ return;
+}
+
+
+# no args
+# no return value
+sub initialize_subdirectory_paths()
+{
+ ## Initialize subdirectory paths (subsystem independent)
+ $pki_cfg_subsystem_file_path = $conf_subsystem_path
+ . "/" . $pki_cfg_base_name;
+ $pki_start_stop_script_instance_file_path = $default_start_stop_scripts
+ . "/" . $pki_instance_name;
+ $pki_start_stop_script_subsystem_file_path = $pki_subsystem_path
+ . "/" . $etc_base_subsystem_dir
+ . "/" . $initd_base_subsystem_dir
+ . "/" . $httpd_base_name;
+ $pki_start_stop_script_symlink_path = $pki_instance_path
+ . "/" . $pki_instance_name;
+ if( $^O eq "linux" ) {
+ $setup_config_instance_file_path = $setup_config_area
+ . "/" . $pki_instance_name
+ . "-" . $setup_config_name;
+ $setup_config_subsystem_file_path = $setup_subsystem_path
+ . "/" . $setup_config_name;
+ }
+
+
+ ## Initialize subdirectory paths (CA subsystems)
+ # if( $subsystem_type eq $CA ) {
+ # }
+
+
+ ## Initialize subdirectory paths (RA, TPS subsystems)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+
+ if( $subsystem_type eq $TPS ) {
+
+ $apachectl_instance_file_path = $bin_instance_path
+ . "/" . $apachectl_base_name;
+ $apachectl_subsystem_file_path = $bin_subsystem_path
+ . "/" . $apachectl_base_name;
+ $cgi_home_instance_file_path = $cgibin_instance_path
+ . "/"
+ . $cgi_home_base_name;
+ $cgi_home_subsystem_file_path = $cgibin_subsystem_path
+ . "/"
+ . $cgi_home_base_name;
+ $cgi_demo_instance_file_path = $cgibin_instance_path
+ . "/"
+ . $cgi_demo_base_name;
+ $cgi_demo_subsystem_file_path = $cgibin_subsystem_path
+ . "/"
+ . $cgi_demo_base_name;
+ $cgi_so_instance_file_path = $cgibin_instance_path
+ . "/"
+ . $cgi_so_base_name;
+ $cgi_so_subsystem_file_path = $cgibin_subsystem_path
+ . "/"
+ . $cgi_so_base_name;
+ $cgi_sow_instance_file_path = $cgibin_instance_path
+ . "/"
+ . $cgi_sow_base_name;
+ $cgi_sow_subsystem_file_path = $cgibin_subsystem_path
+ . "/"
+ . $cgi_sow_base_name;
+ $addAgents_ldif_instance_file_path = $scripts_instance_path
+ . "/"
+ . $addAgents_ldif_base_name;
+ $addAgents_ldif_subsystem_file_path = $scripts_subsystem_path
+ . "/"
+ . $addAgents_ldif_base_name;
+ $addIndexes_ldif_instance_file_path = $scripts_instance_path
+ . "/"
+ . $addIndexes_ldif_base_name;
+ $addIndexes_ldif_subsystem_file_path = $scripts_subsystem_path
+ . "/"
+ . $addIndexes_ldif_base_name;
+ $addTokens_ldif_instance_file_path = $scripts_instance_path
+ . "/"
+ . $addTokens_ldif_base_name;
+ $addTokens_ldif_subsystem_file_path = $scripts_subsystem_path
+ . "/"
+ . $addTokens_ldif_base_name;
+ $addVLVIndexes_ldif_instance_file_path = $scripts_instance_path
+ . "/"
+ . $addVLVIndexes_ldif_base_name;
+ $addVLVIndexes_ldif_subsystem_file_path = $scripts_subsystem_path
+ . "/"
+ . $addVLVIndexes_ldif_base_name;
+ $schemaMods_ldif_instance_file_path = $scripts_instance_path
+ . "/"
+ . $schemaMods_ldif_base_name;
+ $schemaMods_ldif_subsystem_file_path = $scripts_subsystem_path
+ . "/"
+ . $schemaMods_ldif_base_name;
+ }
+
+ $nss_pcache_instance_file_path = $scripts_instance_path
+ . "/"
+ . $nss_pcache_base_name;
+ $nss_pcache_subsystem_file_path = $scripts_subsystem_path
+ . "/"
+ . $nss_pcache_base_name;
+ $httpd_conf_subsystem_file_path = $conf_subsystem_path
+ . "/" . $httpd_conf_base_name;
+ $magic_subsystem_file_path = $conf_subsystem_path
+ . "/" . $magic_base_name;
+ $mime_types_subsystem_file_path = $conf_subsystem_path
+ . "/" . $mime_types_base_name;
+ $nss_conf_subsystem_file_path = $conf_subsystem_path
+ . "/" . $nss_conf_base_name;
+ $perl_conf_subsystem_file_path = $conf_subsystem_path
+ . "/" . $perl_conf_base_name;
+ $perl_instance_symlink_path = $lib_instance_path
+ . "/"
+ . $perl_base_instance_symlink;
+ $perl_subsystem_path = $lib_subsystem_path
+ . "/"
+ . $perl_base_subsystem_dir;
+ } else {
+ ## Initialize subdirectory paths (CA, KRA, OCSP, TKS subsystems)
+ $webapps_root_instance_path = $webapps_instance_path
+ . "/"
+ . $webapps_root_base_instance_dir;
+ $webapps_root_subsystem_path = $webapps_subsystem_path
+ . "/"
+ . $webapps_root_base_subsystem_dir;
+ $webapps_subsystem_instance_path = $webapps_instance_path
+ . "/" . $subsystem_type;
+ $webinf_instance_path = $webapps_instance_path
+ . "/" . $subsystem_type
+ . "/" . $webinf_base_instance_dir;
+ $webinf_subsystem_path = $webapps_subsystem_path
+ . "/" . $subsystem_type
+ . "/" . $webinf_base_instance_dir;
+ $webinf_lib_instance_path = $webinf_instance_path
+ . "/" . $lib_base_instance_dir;
+
+ $java_pki_flavor_jar_path = $default_java_path
+ . "/" . $pki_flavor;
+ $java_pki_flavor_subsystem_jar_path = $java_pki_flavor_jar_path
+ . "/" . $subsystem_type;
+
+ $catalina_sh_instance_file_path = $default_system_user_binaries
+ . "/" . $catalina_sh_base_name
+ . "-" . $pki_instance_name;
+ $catalina_sh_subsystem_file_path = $conf_subsystem_path
+ . "/" . $catalina_sh_base_name;
+ $certsrv_jar_file_path = $java_pki_flavor_jar_path
+ . "/" . $certsrv_jar_base_name;
+ $certsrv_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $certsrv_jar_base_name;
+ $nsutil_jar_file_path = $java_pki_flavor_jar_path
+ . "/" . $nsutil_jar_base_name;
+ $nsutil_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $nsutil_jar_base_name;
+ $cmsutil_jar_file_path = $java_pki_flavor_jar_path
+ . "/" . $cmsutil_jar_base_name;
+ $cmsutil_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $cmsutil_jar_base_name;
+ $cms_jar_file_path = $java_pki_flavor_jar_path
+ . "/" . $cms_jar_base_name;
+ $cms_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $cms_jar_base_name;
+ $cmsbundle_jar_file_path = $java_pki_flavor_jar_path
+ . "/" . $cmsbundle_jar_base_name;
+ $cmsbundle_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $cmsbundle_jar_base_name;
+ $cmscore_jar_file_path = $java_pki_flavor_jar_path
+ . "/" . $cmscore_jar_base_name;
+ $cmscore_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $cmscore_jar_base_name;
+ $index_html_instance_file_path = $webapps_root_instance_path
+ . "/" . $index_html_base_name;
+ $index_html_subsystem_file_path = $webapps_root_subsystem_path
+ . "/" . $index_html_base_name;
+ $osutil_jar_file_path = $default_system_jni_java_path
+ . "/" . $osutil_jar_base_name;
+ $osutil_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $osutil_jar_base_name;
+ $server_xml_subsystem_file_path = $conf_subsystem_path
+ . "/" . $server_xml_base_name;
+ $servercertnick_conf_subsystem_file_path = $conf_subsystem_path
+ . "/" . $servercertnick_conf_base_name;
+ $subsystem_jar_file_path = $java_pki_flavor_subsystem_jar_path
+ . "/" . $subsystem_type . ".jar";
+ $subsystem_jar_symlink_path = $webinf_lib_instance_path
+ . "/" . $subsystem_type . ".jar";
+ $tomcat5_conf_subsystem_file_path = $conf_subsystem_path
+ . "/" . $tomcat5_conf_base_name;
+ $velocity_prop_instance_file_path = $webinf_instance_path
+ . "/" . $velocity_prop_base_name;
+ $velocity_prop_subsystem_file_path = $webinf_subsystem_path
+ . "/" . $velocity_prop_base_name;
+ $web_xml_instance_file_path = $webinf_instance_path
+ . "/" . $web_xml_base_name;
+ $web_xml_subsystem_file_path = $webinf_subsystem_path
+ . "/" . $web_xml_base_name;
+ }
+}
+
+
+# no args
+# no return value
+sub initialize_paths()
+{
+ initialize_subsystem_paths();
+ initialize_instance_paths();
+ initialize_instance_symlink_paths();
+ initialize_subdirectory_paths();
+}
+
+
+# no args
+# no return value
+sub initialize_pki_creation_values()
+{
+ # obtain the fully-qualified domain name of this host
+ $host = get_FQDN( $hostname );
+
+ # we need the certdb password generated now ...
+ $db_password = generate_random( $db_password_low, $db_password_high );
+
+ # generate a random value for a pin ...
+ $random = generate_random_string( 20 );
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub process_pki_directories()
+{
+ my $result = 0;
+
+ emit( "Processing PKI directories for '$pki_instance_path' ...\n" );
+
+ ## Populate instance directory paths (instance independent)
+ $result = copy_directory( $alias_subsystem_path,
+ $alias_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $alias_subsystem_path to $alias_instance_path ...\n" );
+ return 0;
+ }
+
+ # Check for an optionally redirected "conf" directory path ...
+ if( $redirected_conf_path eq "" ) {
+ $noise_instance_file_path = $conf_instance_path
+ . "/" . $noise_base_name;
+ $password_conf_instance_file_path = $conf_instance_path
+ . "/" . $password_conf_base_name;
+ $pfile_instance_file_path = $conf_instance_path
+ . "/" . $pfile_base_name;
+ $pki_cfg_instance_file_path = $conf_instance_path
+ . "/" . $pki_cfg_base_name;
+
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ $httpd_conf_instance_file_path = "$conf_instance_path"
+ . "/" . $httpd_conf_base_name;
+ $magic_instance_file_path = "$conf_instance_path"
+ . "/" . $magic_base_name;
+ $mime_types_instance_file_path = $conf_instance_path
+ . "/" . $mime_types_base_name;
+ $nss_conf_instance_file_path = "$conf_instance_path"
+ . "/" . $nss_conf_base_name;
+ $perl_conf_instance_file_path = "$conf_instance_path"
+ . "/" . $perl_conf_base_name;
+
+ # create instance directory
+ $result = create_directory( $conf_instance_path );
+ if( !$result ) {
+ emit( "Failed to create directory $conf_instance_path ...\n" );
+ return 0;
+ }
+
+ # only copy selected files
+ $result = copy_file( $magic_subsystem_file_path,
+ $magic_instance_file_path );
+ if( !$result ) {
+ emit( "Failed to copy file $magic_subsystem_file_path to $magic_instance_file_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_file( $mime_types_subsystem_file_path,
+ $mime_types_instance_file_path );
+ if( !$result ) {
+ emit( "Failed to copy file $mime_types_subsystem_file_path to $mime_types_instance_file_path ...\n" );
+ return 0;
+ }
+
+ # fix permissions
+ if( !is_Windows() ) {
+ chmod( $default_file_permissions,
+ $magic_instance_file_path );
+ chmod( $default_file_permissions,
+ $mime_types_instance_file_path );
+ }
+ } else {
+ $server_xml_instance_file_path = $conf_instance_path
+ . "/" . $server_xml_base_name;
+ $servercertnick_conf_instance_file_path = $conf_instance_path
+ . "/" . $servercertnick_conf_base_name;
+ $tomcat5_conf_instance_file_path = $conf_instance_path
+ . "/" . $tomcat5_conf_base_name;
+
+ $result = copy_directory( $conf_subsystem_path,
+ $conf_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $conf_subsystem_path to $conf_instance_path ...\n" );
+ return 0;
+ }
+ }
+ } else {
+ $noise_instance_file_path = $redirected_conf_path
+ . "/" . $noise_base_name;
+ $password_conf_instance_file_path = $redirected_conf_path
+ . "/" . $password_conf_base_name;
+ $pfile_instance_file_path = $redirected_conf_path
+ . "/" . $pfile_base_name;
+ $pki_cfg_instance_file_path = $redirected_conf_path
+ . "/" . $pki_cfg_base_name;
+
+ # Populate optionally redirected instance directory path
+ # and setup a symlink in the standard area
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ $httpd_conf_instance_file_path = "$redirected_conf_path"
+ . "/" . $httpd_conf_base_name;
+ $magic_instance_file_path = "$redirected_conf_path"
+ . "/" . $magic_base_name;
+ $mime_types_instance_file_path = $redirected_conf_path
+ . "/" . $mime_types_base_name;
+ $nss_conf_instance_file_path = "$redirected_conf_path"
+ . "/" . $nss_conf_base_name;
+ $perl_conf_instance_file_path = "$redirected_conf_path"
+ . "/" . $perl_conf_base_name;
+
+ # create redirected instance directory
+ $result = create_directory( $redirected_conf_path );
+ if( !$result ) {
+ emit( "Failed to create directory $redirected_conf_path ...\n" );
+ return 0;
+ }
+
+ # only copy selected files
+ $result = copy_file( $magic_subsystem_file_path,
+ $magic_instance_file_path );
+ if( !$result ) {
+ emit( "Failed to copy file $magic_subsystem_file_path to $magic_instance_file_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_file( $mime_types_subsystem_file_path,
+ $mime_types_instance_file_path );
+ if( !$result ) {
+ emit( "Failed to copy file $mime_types_subsystem_file_path to $mime_types_instance_file_path ...\n" );
+ return 0;
+ }
+
+ # fix permissions
+ if( !is_Windows() ) {
+ chmod( $default_file_permissions,
+ $magic_instance_file_path );
+ chmod( $default_file_permissions,
+ $mime_types_instance_file_path );
+ }
+ } else {
+ $server_xml_instance_file_path = $redirected_conf_path
+ . "/" . $server_xml_base_name;
+ $servercertnick_conf_instance_file_path = $redirected_conf_path
+ . "/" . $servercertnick_conf_base_name;
+ $tomcat5_conf_instance_file_path = $redirected_conf_path
+ . "/" . $tomcat5_conf_base_name;
+
+ $result = copy_directory( $conf_subsystem_path,
+ $redirected_conf_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $conf_subsystem_path to $redirected_conf_path ...\n" );
+ return 0;
+ }
+ }
+
+ push( @installed_stray_directories,
+ $redirected_conf_path );
+
+ $result = create_symbolic_link( $conf_instance_symlink_path,
+ $redirected_conf_path );
+ if( !$result ) {
+ emit( "Failed to create symlink $conf_instance_symlink_path ...\n" );
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $conf_instance_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$conf_instance_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+ give_directory_to( $redirected_conf_path,
+ $pki_user,
+ $pki_group );
+ }
+
+
+ # Check for an optionally redirected "logs" directory path ...
+ if( $redirected_logs_path eq "" ) {
+ $result = copy_directory( $logs_subsystem_path,
+ $logs_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $logs_subsystem_path to $logs_instance_path ...\n" );
+ return 0;
+ }
+ } else {
+ # Populate optionally redirected instance directory path
+ # and setup a symlink in the standard area
+ $result = copy_directory( $logs_subsystem_path,
+ $redirected_logs_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $logs_subsystem_path to $redirected_logs_path ...\n" );
+ return 0;
+ }
+
+ push( @installed_stray_directories,
+ $redirected_logs_path );
+
+ $result = create_symbolic_link( $logs_instance_symlink_path,
+ $redirected_logs_path );
+ if( !$result ) {
+ emit( "Failed to create symlink $logs_instance_symlink_path ...\n" );
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $logs_instance_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$logs_instance_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+ give_directory_to( $redirected_logs_path,
+ $pki_user,
+ $pki_group );
+ }
+
+
+ ## Populate instance directory paths (CA instances)
+ if( $subsystem_type eq $CA ) {
+ $result = copy_directory( $emails_subsystem_path,
+ $emails_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $emails_subsystem_path to $emails_instance_path ...\n" );
+ return 0;
+ }
+ }
+
+
+ ## Populate instance directory paths (RA, TPS instances)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+
+ if( $subsystem_type eq $TPS ) {
+ $result = create_directory( $bin_instance_path );
+ if( !$result ) {
+ emit( "Failed to create directory $bin_instance_path ...\n" );
+ return 0;
+ }
+ }
+
+ $result = create_directory( $lib_instance_path );
+ if( !$result ) {
+ emit( "Failed to create directory $lib_instance_path ...\n" );
+ return 0;
+ }
+
+ $result = create_directory( $scripts_instance_path );
+ if( !$result ) {
+ emit( "Failed to create directory $scripts_instance_path ...\n" );
+ return 0;
+ }
+
+ # Apache Specific
+ if( $subsystem_type eq $TPS ) {
+ $result = copy_directory( $cgibin_subsystem_path,
+ $cgibin_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $cgibin_subsystem_path ...\n" );
+ return 0;
+ }
+ }
+
+ # Apache Specific
+ $result = copy_directory( $docroot_subsystem_path,
+ $docroot_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $docroot_subsystem_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_directory( $ui_subsystem_path,
+ $pki_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $webapps_subsystem_path ...\n" );
+ return 0;
+ }
+
+ # fix permissions
+ if( !is_Windows() ) {
+ # Apache Specific
+ if( $subsystem_type eq $TPS ) {
+ chmod( $default_dir_permissions,
+ "$cgibin_instance_path/demo" );
+ chmod( $default_exe_permissions,
+ "$cgibin_instance_path/demo/*.cgi" );
+ chmod( $default_file_permissions,
+ "$cgibin_instance_path/demo/*.html" );
+ chmod( $default_dir_permissions,
+ "$cgibin_instance_path/home" );
+ chmod( $default_exe_permissions,
+ "$cgibin_instance_path/home/*.cgi" );
+ chmod( $default_file_permissions,
+ "$cgibin_instance_path/home/*.html" );
+ chmod( $default_dir_permissions,
+ "$cgibin_instance_path/so" );
+ chmod( $default_exe_permissions,
+ "$cgibin_instance_path/so/*.cgi" );
+ chmod( $default_file_permissions,
+ "$cgibin_instance_path/so/*.html" );
+ chmod( $default_dir_permissions,
+ "$cgibin_instance_path/sow" );
+ chmod( $default_exe_permissions,
+ "$cgibin_instance_path/sow/*.cgi" );
+ chmod( $default_file_permissions,
+ "$cgibin_instance_path/sow/*.html" );
+ chmod( $default_exe_permissions,
+ "$cgibin_instance_path/sow/*.pl" );
+ }
+
+ # Apache Specific
+ chmod( $default_file_permissions,
+ "$docroot_instance_path/GenericAuth.html" );
+ chmod( $default_file_permissions,
+ "$docroot_instance_path/style.css" );
+ }
+ } else {
+ ## Populate instance directory paths (CA, KRA, OCSP, TKS instances)
+ $result = copy_directory( $acl_subsystem_path,
+ $acl_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $acl_subsystem_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_directory( $profiles_subsystem_path,
+ $profiles_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $profiles_subsystem_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_directory( $webapps_subsystem_path,
+ $webapps_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $webapps_subsystem_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_directory( $common_ui_subsystem_path,
+ $webapps_subsystem_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $webapps_subsystem_path ...\n" );
+ return 0;
+ }
+
+ $result = copy_directory( $ui_subsystem_path,
+ $pki_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $webapps_subsystem_path ...\n" );
+ return 0;
+ }
+
+ # Tomcat Specific
+ $result = copy_directory( $shared_subsystem_path,
+ $shared_instance_path );
+ if( !$result ) {
+ emit( "Failed to copy directory $shared_subsystem_path ...\n" );
+ return 0;
+ }
+
+ $result = create_directory( $temp_instance_path );
+ if( !$result ) {
+ emit( "Failed to create directory $temp_instance_path ...\n" );
+ return 0;
+ }
+
+ $result = create_directory( $work_instance_path );
+ if( !$result ) {
+ emit( "Failed to create directory $work_instance_path ...\n" );
+ return 0;
+ }
+ }
+
+ ## Set appropriate permissions
+ give_directory_to( $pki_instance_path,
+ $pki_user,
+ $pki_group );
+
+ return 1;
+}
+
+
+# arg0 source file path
+# arg1 dest file path
+# arg2 %slot_hash
+# return 1 - success, or
+# return 0 - failure
+sub process_file_template
+{
+ my( $source_file_path ) = $_[0];
+ my( $dest_file_path ) = $_[1];
+ my( $l_slot_hash ) = $_[2];
+
+ my $result = 0;
+ my $inf = new FileHandle;
+ my $buff = "";
+ my $ouf = new FileHandle;
+
+ emit( " Converting '$source_file_path' ==> '$dest_file_path' ...\n" );
+
+ # check for a valid source file
+ if( !is_path_valid( $source_file_path ) ) {
+ emit( "process_file_template(): invalid source path "
+ . "$source_file_path!\n",
+ "error" );
+ return $result;
+ }
+
+ # check for a valid destination file
+ if( !is_path_valid( $dest_file_path ) ) {
+ emit( "process_file_template(): invalid destination path "
+ . "$dest_file_path!\n",
+ "error" );
+ return $result;
+ }
+
+ # read in contents of source file
+ $inf->open( "<$source_file_path" ) or
+ die "Could not open $source_file_path\n";
+ while( <$inf> ) {
+ my $line = $_;
+ chomp( $line );
+ $buff = $buff . "$line\n";
+ }
+ $inf->close();
+
+
+ # process each line substituting each [KEY]
+ # with its corresponding slot hash value
+ while( my( $key, $value ) = each( %$l_slot_hash ) ) {
+ emit( " replacing: $key with: $value\n" );
+ $buff =~ s/\[$key\]/$value/g;
+ }
+
+
+ # write out these modified contents to the destination file
+ $ouf->open( ">$dest_file_path" ) or die "Could not open $dest_file_path\n";
+ $ouf->print( $buff );
+ $ouf->close();
+
+ $result = 1;
+
+ return $result;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub process_pki_templates()
+{
+ my %slot_hash = ();
+
+ emit( "Processing PKI templates for '$pki_instance_path' ...\n" );
+
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ # Setup templates (RA, TPS)
+ $slot_hash{$GROUPID} = $pki_group;
+ $slot_hash{$HTTPD_CONF} = $httpd_conf_instance_file_path;
+ $slot_hash{$INSTANCE_ID} = $pki_instance_name;
+ $slot_hash{$LIB_PREFIX} = $lib_prefix;
+ $slot_hash{$NSS_CONF} = $nss_conf_instance_file_path;
+ $slot_hash{$OBJ_EXT} = $obj_ext;
+ $slot_hash{$PORT} = $unsecure_port;
+ $slot_hash{$PROCESS_ID} = $$;
+ $slot_hash{$SECURE_PORT} = $secure_port;
+ $slot_hash{$SECURITY_LIBRARIES} = $default_security_libraries;
+ $slot_hash{$SERVER_NAME} = $host;
+ $slot_hash{$SERVER_ROOT} = $pki_instance_path;
+ $slot_hash{$SUBSYSTEM_TYPE} = $subsystem_type;
+ $slot_hash{$SYSTEM_LIBRARIES} = $default_system_libraries;
+ $slot_hash{$SYSTEM_USER_LIBRARIES} = $default_system_user_libraries;
+ $slot_hash{$TMP_DIR} = $tmp_dir;
+ $slot_hash{$TPS_DIR} = $pki_subsystem_path;
+ $slot_hash{$USERID} = $pki_user;
+ $slot_hash{$PKI_FLAVOR} = $pki_flavor;
+ $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random;
+ if( is_Fedora() || (is_RHEL() && (! is_RHEL4())) ) {
+ $slot_hash{$FORTITUDE_APACHE} = "Apache2";
+ $slot_hash{$FORTITUDE_DIR} = "/usr";
+ $slot_hash{$FORTITUDE_LIB_DIR} = "/etc/httpd";
+ $slot_hash{$FORTITUDE_MODULE} = "/etc/httpd/modules";
+ $slot_hash{$FORTITUDE_AUTH_MODULES} =
+"
+LoadModule auth_basic_module /etc/httpd/modules/mod_auth_basic.so
+LoadModule authn_file_module /etc/httpd/modules/mod_authn_file.so
+LoadModule authz_user_module /etc/httpd/modules/mod_authz_user.so
+LoadModule authz_groupfile_module /etc/httpd/modules/mod_authz_groupfile.so
+LoadModule authz_host_module /etc/httpd/modules/mod_authz_host.so
+";
+ $slot_hash{$FORTITUDE_NSS_MODULES} =
+"
+LoadModule nss_module /etc/httpd/modules/libmodnss.so
+";
+ }
+ else {
+ $slot_hash{$FORTITUDE_APACHE} = "Apache";
+ $slot_hash{$FORTITUDE_DIR} = "/opt/fortitude";
+ $slot_hash{$FORTITUDE_LIB_DIR} = "/opt/fortitude";
+ $slot_hash{$FORTITUDE_MODULE} = "/opt/fortitude/modules.local";
+ $slot_hash{$FORTITUDE_AUTH_MODULES} =
+"
+LoadModule auth_module /opt/fortitude/modules/mod_auth.so
+LoadModule access_module /opt/fortitude/modules/mod_access.so
+";
+ $slot_hash{$FORTITUDE_NSS_MODULES} =
+"
+LoadModule nss_module /opt/fortitude/modules.local/libmodnss.so
+";
+ }
+ } else {
+ # Setup templates (CA, KRA, OCSP, TKS)
+ $slot_hash{$INSTALL_TIME} = localtime;
+ $slot_hash{$PKI_CERT_DB_PASSWORD_SLOT} = $db_password;
+ $slot_hash{$PKI_CFG_PATH_NAME_SLOT} = $pki_cfg_instance_file_path;
+ $slot_hash{$PKI_GROUP_SLOT} = $pki_group;
+ $slot_hash{$PKI_INSTANCE_ID_SLOT} = $pki_instance_name;
+ $slot_hash{$PKI_INSTANCE_PATH_SLOT} = $pki_instance_path;
+ $slot_hash{$PKI_INSTANCE_ROOT_SLOT} = $pki_instance_root;
+ $slot_hash{$PKI_MACHINE_NAME_SLOT} = $host;
+ $slot_hash{$PKI_RANDOM_NUMBER_SLOT} = $random;
+ $slot_hash{$PKI_SECURE_PORT_SLOT} = $secure_port;
+ $slot_hash{$PKI_SERVER_XML_CONF} = $server_xml_instance_file_path;
+ $slot_hash{$PKI_SUBSYSTEM_TYPE_SLOT} = $subsystem_type;
+ $slot_hash{$PKI_UNSECURE_PORT_SLOT} = $unsecure_port;
+ $slot_hash{$PKI_USER_SLOT} = $pki_user;
+ $slot_hash{$TOMCAT_SERVER_PORT_SLOT} = $tomcat_server_port;
+ $slot_hash{$PKI_FLAVOR_SLOT} = $pki_flavor;
+ }
+
+
+ ## Process templates (instance independent)
+ #
+ # NOTE: The values substituted may differ across subsystems.
+ #
+
+ # process "CS.cfg" template
+ $result = process_file_template( $pki_cfg_subsystem_file_path,
+ $pki_cfg_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "httpd" template
+ #
+ # NOTE: CA, KRA, OCSP, TKS instances are dependent upon the location
+ # of the instance-specific "server.xml" file, while RA and TPS
+ # instances are dependent upon the instance-specific location
+ # of the "nss.conf" file.
+ #
+ $result = process_file_template(
+ $pki_start_stop_script_subsystem_file_path,
+ $pki_start_stop_script_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ chmod( $default_exe_permissions,
+ $pki_start_stop_script_instance_file_path );
+
+ push( @installed_files,
+ $pki_start_stop_script_instance_file_path );
+
+
+ if( $^O eq "linux" ) {
+ # process "config.desktop" template
+ $result = process_file_template( $setup_config_subsystem_file_path,
+ $setup_config_instance_file_path,
+ \%slot_hash );
+ if( ! $result ) {
+ return 0;
+ }
+
+ push( @installed_files,
+ $setup_config_instance_file_path );
+ }
+
+
+ ## Process templates (CA instances)
+ # if( $subsystem_type eq $CA ) {
+ # }
+
+
+ ## Process templates (RA, TPS instances)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+
+ if( $subsystem_type eq $TPS ) {
+
+ # process "apachectl" template
+ $result = process_file_template( $apachectl_subsystem_file_path,
+ $apachectl_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ chmod( $default_exe_permissions,
+ $apachectl_instance_file_path );
+
+
+ # process "cgi" template
+ $result = process_file_template( $cgi_home_subsystem_file_path,
+ $cgi_home_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_file_template( $cgi_demo_subsystem_file_path,
+ $cgi_demo_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_file_template( $cgi_so_subsystem_file_path,
+ $cgi_so_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_file_template( $cgi_sow_subsystem_file_path,
+ $cgi_sow_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ # process "addAgents.ldif" template
+ $result = process_file_template( $addAgents_ldif_subsystem_file_path,
+ $addAgents_ldif_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "addIndexes.ldif" template
+ $result = process_file_template( $addIndexes_ldif_subsystem_file_path,
+ $addIndexes_ldif_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "addTokens.ldif" template
+ $result = process_file_template( $addTokens_ldif_subsystem_file_path,
+ $addTokens_ldif_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "addVLVIndexes.ldif" template
+ $result = process_file_template(
+ $addVLVIndexes_ldif_subsystem_file_path,
+ $addVLVIndexes_ldif_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ # process "schemaMods.ldif" template
+ $result = process_file_template( $schemaMods_ldif_subsystem_file_path,
+ $schemaMods_ldif_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ }
+
+
+ # process "httpd.conf" template
+ $result = process_file_template( $httpd_conf_subsystem_file_path,
+ $httpd_conf_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ chmod( $default_file_permissions,
+ $httpd_conf_instance_file_path );
+
+
+ # process "nss.conf" template
+ $result = process_file_template( $nss_conf_subsystem_file_path,
+ $nss_conf_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ # fix ownership for nss.conf
+ $result = give_file_to( $nss_conf_instance_file_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "Can't change ownership of "
+ . "$nss_conf_instance_file_path.\n",
+ "error" );
+ return 0;
+ }
+
+ chmod( $default_file_permissions,
+ $nss_conf_instance_file_path );
+
+
+ # process "perl.conf" template
+ $result = process_file_template( $perl_conf_subsystem_file_path,
+ $perl_conf_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ chmod( $default_file_permissions,
+ $perl_conf_instance_file_path );
+
+ # process "nss_pcache" template
+ $result = process_file_template( $nss_pcache_subsystem_file_path,
+ $nss_pcache_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ chmod( $default_exe_permissions,
+ $nss_pcache_instance_file_path );
+
+
+ } else {
+ ## Process templates (CA, KRA, OCSP, TKS instances)
+ # process "catalina.sh" (aka dtomcat5) template
+ $result = process_file_template( $catalina_sh_subsystem_file_path,
+ $catalina_sh_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_file_to( $catalina_sh_instance_file_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "Can't change ownership of "
+ . "$catalina_sh_instance_file_path.\n",
+ "error" );
+ return 0;
+ }
+
+ chmod( $default_exe_permissions,
+ $catalina_sh_instance_file_path );
+
+ push( @installed_files,
+ $catalina_sh_instance_file_path );
+
+
+ # process "index.html" template
+ $result = process_file_template( $index_html_subsystem_file_path,
+ $index_html_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "server.xml" template
+ $result = process_file_template( $server_xml_subsystem_file_path,
+ $server_xml_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "serverCertNick.conf" template
+ $result = process_file_template( $servercertnick_conf_subsystem_file_path,
+ $servercertnick_conf_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+ # process "tomcat5.conf" template
+ $result = process_file_template( $tomcat5_conf_subsystem_file_path,
+ $tomcat5_conf_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "velocity.properties" template
+ $result = process_file_template( $velocity_prop_subsystem_file_path,
+ $velocity_prop_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # process "web.xml" template
+ $result = process_file_template( $web_xml_subsystem_file_path,
+ $web_xml_instance_file_path,
+ \%slot_hash );
+ if( !$result ) {
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub process_pki_files_and_symlinks()
+{
+ my $result = 0;
+
+ emit( "Processing PKI files and symbolic links for "
+ . "'$pki_instance_path' ...\n" );
+
+ ## Populate instances (instance independent)
+
+ # create a filled in temporary "noise"
+ # file for this instance
+ my $noise = generate_random_string( 1024 );
+
+ create_file( $noise_instance_file_path,
+ $noise );
+
+ $result = give_file_to( $noise_instance_file_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "Can't change ownership of $noise_base_name.\n",
+ "error" );
+ return 0;
+ }
+
+ chmod( $default_file_permissions,
+ $noise_instance_file_path );
+
+
+ # create a filled in empty "password.conf"
+ # password file for this instance
+ create_file( $password_conf_instance_file_path,
+ "$default_security_token:$db_password" );
+
+ $result = give_file_to( $password_conf_instance_file_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "Can't change ownership of $password_conf_base_name.\n",
+ "error" );
+ return 0;
+ }
+
+ chmod( $default_file_permissions,
+ $password_conf_instance_file_path );
+
+
+ # create a filled in empty temporary "pfile"
+ # password file for this instance
+ create_file( $pfile_instance_file_path,
+ $db_password );
+
+ $result = give_file_to( $pfile_instance_file_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "Can't change ownership of $pfile_base_name.\n",
+ "error" );
+ return 0;
+ }
+
+ chmod( $default_file_permissions,
+ $pfile_instance_file_path );
+
+
+ # create instance symlink to actual instance "start/stop" script
+ $result = create_symbolic_link( $pki_start_stop_script_symlink_path,
+ $pki_start_stop_script_instance_file_path );
+ if( !$result ) {
+ return 0;
+ }
+ #
+ # NOTE: This symlink requires "$root_user:$root_group" ownership
+ # since the destination that it refers to is owned by
+ # "$root_user:$root_group".
+ #
+ $result = give_symbolic_link_to( $pki_start_stop_script_symlink_path,
+ $root_user,
+ $root_group );
+ if( !$result ) {
+ emit( "$pki_start_stop_script_instance_file_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ ## Populate instances (CA instances)
+ # if( $subsystem_type eq $CA ) {
+ # }
+
+
+ ## Populate instances (RA, TPS instances)
+ if( $subsystem_type eq $RA || $subsystem_type eq $TPS ) {
+ # Subdirectory Specific symbolic links
+
+ # create instance symlink to subsystem "perl" subdirectory
+ $result = create_symbolic_link( $perl_instance_symlink_path,
+ $perl_subsystem_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $perl_instance_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$perl_instance_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ # Apache Specific symbolic links
+
+ # create instance symlink to apache "run" subdirectory
+ $result = create_symbolic_link( $run_instance_symlink_path,
+ $default_apache_pids_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $run_instance_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$run_base_instance_symlink ownership problems!",
+ "error" );
+ return 0;
+ }
+ } else {
+ ## Populate instances (CA, KRA, OCSP, TKS instances)
+ # create instance "webapps/$subsystem_type/WEB-INF/lib" subdirectory
+ $result = create_directory( $webinf_lib_instance_path );
+ if( !$result ) {
+ return 0;
+ }
+
+
+ # create instance symlink to "$subsystem_type.jar"
+ $result = create_symbolic_link( $subsystem_jar_symlink_path,
+ $subsystem_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $subsystem_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$subsystem_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ # create instance symlink to "certsrv.jar"
+ $result = create_symbolic_link( $certsrv_jar_symlink_path,
+ $certsrv_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $certsrv_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$certsrv_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+ # create instance symlink to "cmsutil.jar"
+ $result = create_symbolic_link( $cmsutil_jar_symlink_path,
+ $cmsutil_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $cmsutil_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$cms_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+ # create instance symlink to "nsutil.jar"
+ $result = create_symbolic_link( $nsutil_jar_symlink_path,
+ $nsutil_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $nsutil_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$cms_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+ # create instance symlink to "cms.jar"
+ $result = create_symbolic_link( $cms_jar_symlink_path,
+ $cms_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $cms_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$cms_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ # create instance symlink to "cmsbundle.jar"
+ $result = create_symbolic_link( $cmsbundle_jar_symlink_path,
+ $cmsbundle_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $cmsbundle_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$cmsbundle_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ # create instance symlink to "cmscore.jar"
+ $result = create_symbolic_link( $cmscore_jar_symlink_path,
+ $cmscore_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $cmscore_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$cmscore_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ # create instance symlink to "osutil.jar"
+ $result = create_symbolic_link( $osutil_jar_symlink_path,
+ $osutil_jar_file_path );
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = give_symbolic_link_to( $osutil_jar_symlink_path,
+ $pki_user,
+ $pki_group );
+ if( !$result ) {
+ emit( "$osutil_jar_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+
+
+ # Tomcat Specific
+
+ # create instance symlink to tomcat "common" directory
+ #
+ # NOTE: This symlink requires "$root_user:$root_group" ownership
+ # since the destination that it refers to is owned by
+ # "$root_user:$root_group".
+ #
+ $result = create_symbolic_link( $common_instance_symlink_path,
+ $default_tomcat_common_path );
+ if( !$result ) {
+ return 0;
+ }
+ $result = give_symbolic_link_to( $common_instance_symlink_path,
+ $root_user,
+ $root_group );
+ if( !$result ) {
+ emit( "$common_instance_symlink_path ownership problems!",
+ "error" );
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub process_pki_security_databases()
+{
+ my $result = 0;
+ my $serial_number = 0;
+ my $validity_period = 12;
+ my $time_stamp = get_time_stamp();
+ my $subject = "CN=$host,O=$time_stamp";
+ my $issuer_name = "CN=$host,O=$time_stamp";
+ my $nickname = "Server-Cert cert-$pki_instance_name";
+ my $trustargs = "CTu,CTu,CTu";
+
+ emit( "Processing PKI security databases for '$pki_instance_path' ...\n" );
+
+ # now create and configure pki security databases,
+ # cert3.db, key3.db, secmod.db ...
+ if( !file_exists( $default_certutil_command ) ) {
+ emit( "process_pki_security_databases(): $default_certutil_command "
+ . "does not exist!\n",
+ "error" );
+ return $result;
+
+ }
+
+ if( !file_exists( $noise_instance_file_path ) ) {
+ emit( "process_pki_security_databases(): Can't find "
+ . "temp noise file!\n",
+ "error" );
+ return $result;
+ }
+
+ if( !file_exists( $pfile_instance_file_path ) ) {
+ emit( "process_pki_security_databases(): Can't find temp file "
+ . "with password!\n",
+ "error" );
+ return $result;
+ }
+
+ certutil_create_databases( $alias_instance_path,
+ $pfile_instance_file_path );
+
+ certutil_generate_self_signed_cert( $alias_instance_path,
+ $default_security_token,
+ $serial_number,
+ $validity_period,
+ $subject,
+ $issuer_name,
+ $nickname,
+ $trustargs,
+ $noise_instance_file_path,
+ $pfile_instance_file_path );
+
+ remove_file( $noise_instance_file_path );
+
+ remove_file( $pfile_instance_file_path );
+
+ give_directory_to( $alias_instance_path, $pki_user, $pki_group );
+
+ return 1;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub process_pki_security_modules()
+{
+ my $result = 0;
+
+ emit( "Processing PKI security modules for '$pki_instance_path' ...\n" );
+
+ if( !file_exists( $default_modutil_command ) ) {
+ emit( "process_pki_security_modules(): $default_modutil_command "
+ . "must be installed on system!\n",
+ "error" );
+ return $result;
+ }
+
+ emit( " Attempting to add hardware security modules to system if "
+ . "applicable ...\n" );
+
+ while( my( $key, $value ) = each( %supported_sec_modules_hash ) ) {
+ if( !file_exists( $value ) ) {
+ emit( " module name: $key lib: $value DOES NOT EXIST!\n" );
+ next;
+ } else {
+ modutil_add_token( $alias_instance_path, $key, $value );
+ emit( " Added module name: $key lib: $value\n" );
+ }
+ }
+
+ return 1;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub install_pki_instance()
+{
+ my $result = 0;
+
+ emit( "Installing PKI instance ...\n" );
+
+ if( !directory_exists( "$pki_instance_path" ) ) {
+ $result = create_directory( "$pki_instance_path" );
+
+ push( @installed_stray_directories,
+ "$pki_instance_path" );
+ if( !$result ) {
+ return 0;
+ }
+ }
+
+ $result = process_pki_directories();
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_pki_templates();
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_pki_files_and_symlinks();
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_pki_security_databases();
+ if( !$result ) {
+ return 0;
+ }
+
+ $result = process_pki_security_modules();
+ if( !$result ) {
+ return 0;
+ }
+
+ return 1;
+}
+
+
+##############################################################
+# PKI Instance Removal Subroutines
+##############################################################
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub save_cleanup_file()
+{
+ my $result = 0;
+
+ my $cleanup = new FileHandle;
+
+ my $source_file_path = $pki_instance_path
+ . "/" . $saved_cleanup_file_name;
+
+ my $files_size = @installed_files;
+ my $directories_size = @installed_stray_directories;
+
+ if( $files_size == 0 && $installed_stray_directories == 0 ) {
+ emit( "No files or directories created in save_cleanup_file!",
+ "error" );
+ return $result;
+ }
+
+ $cleanup->open( ">$source_file_path" ) or
+ die "Could not open $source_file_path\n";
+
+ my $buff = "";
+
+ $cleanup->print( "$saved_file_marker\n" );
+
+ if( $files_size ) {
+ my $i = 0;
+
+ for( $i = 0; $i < $files_size; $i++ ) {
+ $cleanup->print( "$installed_files[$i]\n" );
+ }
+ }
+
+ $cleanup->print( "$saved_directory_marker\n" );
+
+ if( $directories_size ) {
+ my $i = 0;
+
+ for( $i = 0; $i < $directories_size; $i++ ) {
+ $cleanup->print( "$installed_stray_directories[$i]\n" );
+ }
+ }
+
+ $cleanup->close();
+
+ return 1;
+}
+
+
+# no args
+# no return value
+sub cleanup()
+{
+ my $result = 0;
+
+ print( STDOUT
+ "\n\nPKI instance creation Cleanup Utility "
+ . "cleaning up on error ...\n\n" );
+
+ $result = remove_directory( "$pki_instance_path" );
+
+ my $size = @installed_files;
+
+ if( $size ) {
+ my $i = 0;
+
+ for( $i = 0; $i < $size; $i ++ ) {
+ remove_file( $installed_files[$i] );
+ }
+ }
+
+ $size = @installed_stray_directories;
+
+ if( $size ) {
+ my $i = 0;
+
+ for( $i = 0; $i < $size; $i++ ) {
+ remove_directory( $installed_stray_directories[$i] );
+ }
+ }
+
+ return;
+}
+
+
+##############################################################
+# Main Program
+##############################################################
+
+# no args
+# no return value
+sub main()
+{
+ my $result = 0;
+ my $parse_result = 0;
+ my $command = "";
+
+ chdir( "/tmp" );
+
+ print( STDOUT
+ "PKI instance creation Utility ...\n\n" );
+
+ # On Linux/UNIX, insure that this script is being run as "root".
+ $result = check_for_root_UID();
+ if( !$result ) {
+ usage();
+ exit 255;
+ }
+
+ # Setup platform-dependent parameters
+ setup_platform_dependent_parameters();
+
+ $parse_result = parse_arguments();
+ if( !$parse_result || $parse_result == -1 ) {
+ # If it exists, close the log file
+ close_logfile( $logfile );
+ exit 255;
+ }
+
+ initialize_paths();
+
+ initialize_pki_creation_values();
+
+ if( $subsystem_type eq $CA ||
+ $subsystem_type eq $KRA ||
+ $subsystem_type eq $OCSP ||
+ $subsystem_type eq $TKS ) {
+ if( -e $pkicomplete ) {
+ `$pkicomplete`;
+ }
+ }
+
+ $result = install_pki_instance();
+ if( !$result ) {
+ print( STDOUT "\n" );
+
+ASK_AGAIN:
+ my $confirm = prompt( "Error detected would you like to clean up "
+ . "$pki_instance_path (Y/N)? " );
+
+ if( $confirm eq "Y" || $confirm eq "y" ) {
+ cleanup();
+ } elsif( $confirm ne "N" && $confirm ne "n" ) {
+ goto ASK_AGAIN;
+ }
+
+ # If it exists, close the log file
+ close_logfile( $logfile );
+
+ exit 255;
+ }
+
+ print( STDOUT "\n" );
+ print( STDOUT
+ "PKI instance creation completed ...\n\n" );
+
+
+ $result = save_cleanup_file();
+ if( !$result ) {
+ emit( "Unable to create "
+ . $pki_instance_path
+ . "/" . $saved_cleanup_file_name
+ . "!\n",
+ "error" );
+
+ # If it exists, close the log file
+ close_logfile( $logfile );
+
+ exit 255;
+ }
+
+ $command = "$pki_start_stop_script_instance_file_path start";
+
+ system( "$command" );
+
+ print( STDOUT
+ "Server can be operated with "
+ . "$pki_start_stop_script_instance_file_path "
+ . "start | stop | restart\n\n" );
+ emit( "Server can be operated with "
+ . "$pki_start_stop_script_instance_file_path "
+ . "start | stop | restart\n",
+ "log" );
+
+ print( STDOUT
+ "Please start the configuration by accessing:\n"
+ . "http://$host:$unsecure_port/$subsystem_type/admin/"
+ . "console/config/login?pin=$random\n\n" );
+ emit( "Configuration Wizard listening on\n"
+ . "http://$host:$unsecure_port/$subsystem_type/admin/"
+ . "console/config/login?pin=$random\n",
+ "log" );
+
+ # If it exists, close the log file
+ close_logfile( $logfile );
+
+ return;
+}
+
+
+##############################################################
+# PKI Instance Creation
+##############################################################
+
+main();
+
+exit 0;
+
diff --git a/pki/base/setup/pkihost b/pki/base/setup/pkihost
new file mode 100755
index 000000000..bdd5ff5c8
--- /dev/null
+++ b/pki/base/setup/pkihost
@@ -0,0 +1,157 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+##############################################################
+# This script is used to display the fully qualified name
+# of this host.
+#
+# Sample Invocation:
+#
+# ./pkihost
+#
+##############################################################
+
+
+##############################################################
+# Perl Version
+##############################################################
+
+my $MINIMUM_PERL_VERSION = "5.006001";
+
+my $perl_version_error_message = "ERROR: Using Perl version $] ...\n"
+ . " Must use Perl version "
+ . "$MINIMUM_PERL_VERSION or later to "
+ . "run this script!\n";
+
+die "$perl_version_error_message" if $] < $MINIMUM_PERL_VERSION;
+
+
+##############################################################
+# Execution Check
+##############################################################
+
+# Check to insure that this script's original
+# invocation directory has not been deleted!
+my $cwd = `/bin/pwd`;
+chomp $cwd;
+if( "$cwd" eq "" ) {
+ print( STDERR "Cannot invoke '$0' from non-existent directory!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+
+##############################################################
+# Environment Variables
+##############################################################
+
+# untaint called subroutines
+if( ( $^O ne 'Windows_NT' ) && ( $^O ne 'MSWin32' ) ) {
+ $> = $<; # set effective user ID to real UID
+ $) = $(; # set effective group ID to real GID
+ $ENV{ 'PATH' } = '/bin:/usr/bin';
+ $ENV{ 'ENV' } = '' if $ENV{ 'ENV' } ne '';
+}
+
+
+##############################################################
+# Command-Line Variables
+##############################################################
+
+my $ARGS = ( $#ARGV + 1 );
+
+
+##############################################################
+# Shared Common Perl Data and Subroutines
+##############################################################
+
+# Compute "flavor" of Operating System
+my $pki_flavor = "";
+if( $^O eq "linux" ) {
+ $pki_flavor = `pkiflavor`;
+} elsif( $^O eq "solaris" ) {
+ $pki_flavor = `pkiflavor`;
+} else {
+ print( STDERR
+ "ERROR: Unsupported platform '$^O'!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+$pki_flavor =~ s/\s+$//g;
+
+# Establish path to scripts
+my $pki_subsystem_common_area = "/usr/share/$pki_flavor";
+my $common_path = "/usr/share/pki/scripts";
+
+if( ! -d "$common_path" ) {
+ print( STDERR
+ "ERROR: The path '$common_path' does not exist!\n"
+ . " Unable to load shared Common Perl Data "
+ . "and Subroutines!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+if( ! -e "$common_path/pkicommon" ) {
+ print( STDERR
+ "ERROR: The file '$common_path/pkicommon' does not exist!\n"
+ . " Unable to load shared Common Perl Data "
+ . "and Subroutines!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+eval( "use lib '" . $common_path . "'" );
+require( 'pkicommon' );
+
+# make -w happy by suppressing warnings of Global variables used only once
+my $suppress = "";
+$suppress = $hostname;
+
+
+##############################################################
+# Main Program
+##############################################################
+
+# no args
+# no return value
+sub main()
+{
+ my $host = "";
+
+ # obtain the fully-qualified domain name of this host
+ $host = get_FQDN( $hostname );
+
+ print( STDOUT "$host\n" );
+
+ return;
+}
+
+
+##############################################################
+# PKI Instance Creation
+##############################################################
+
+main();
+
+exit 0;
+
diff --git a/pki/base/setup/pkiremove b/pki/base/setup/pkiremove
new file mode 100755
index 000000000..6ec3752b5
--- /dev/null
+++ b/pki/base/setup/pkiremove
@@ -0,0 +1,419 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+##############################################################
+# This script is used to remove an existing PKI instance.
+#
+# To execute:
+#
+# ./pkiremove -pki_instance_root=<pki_instance_root> # Instance root
+# # directory destination
+#
+# -pki_instance_name=<pki_instance_id> # Unique PKI subsystem
+# # instance name
+# # (e. g. - pki-pki1)
+#
+# [-force] # Don't ask any
+# # questions
+#
+##############################################################
+
+
+##############################################################
+# Perl Version
+##############################################################
+
+my $MINIMUM_PERL_VERSION = "5.006001";
+
+my $perl_version_error_message = "ERROR: Using Perl version $] ...\n"
+ . " Must use Perl version "
+ . "$MINIMUM_PERL_VERSION or later to "
+ . "run this script!\n";
+
+die "$perl_version_error_message" if $] < $MINIMUM_PERL_VERSION;
+
+
+##############################################################
+# Execution Check
+##############################################################
+
+# Check to insure that this script's original
+# invocation directory has not been deleted!
+my $cwd = `/bin/pwd`;
+chomp $cwd;
+if( "$cwd" eq "" ) {
+ print( STDERR "Cannot invoke '$0' from non-existent directory!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+
+##############################################################
+# Environment Variables
+##############################################################
+
+# untaint called subroutines
+if( ( $^O ne 'Windows_NT' ) && ( $^O ne 'MSWin32' ) ) {
+ $> = $<; # set effective user ID to real UID
+ $) = $(; # set effective group ID to real GID
+ $ENV{ 'PATH' } = '/bin:/usr/bin';
+ $ENV{ 'ENV' } = '' if $ENV{ 'ENV' } ne '';
+}
+
+
+##############################################################
+# Command-Line Variables
+##############################################################
+
+my $ARGS = ( $#ARGV + 1 );
+
+
+##############################################################
+# Shared Common Perl Data and Subroutines
+##############################################################
+
+# Compute "flavor" of Operating System
+my $pki_flavor = "";
+if( $^O eq "linux" ) {
+ $pki_flavor = `pkiflavor`;
+} elsif( $^O eq "solaris" ) {
+ $pki_flavor = `pkiflavor`;
+} else {
+ print( STDERR
+ "ERROR: Unsupported platform '$^O'!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+$pki_flavor =~ s/\s+$//g;
+
+# Establish path to scripts
+my $common_path = "/usr/share/pki/scripts";
+
+if( ! -d "$common_path" ) {
+ print( STDERR
+ "ERROR: The path '$common_path' does not exist!\n"
+ . " Unable to load shared Common Perl Data "
+ . "and Subroutines!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+if( ! -e "$common_path/pkicommon" ) {
+ print( STDERR
+ "ERROR: The file '$common_path/pkicommon' does not exist!\n"
+ . " Unable to load shared Common Perl Data "
+ . "and Subroutines!\n" );
+ print( STDOUT "\n" );
+ exit 255;
+}
+
+eval( "use lib '" . $common_path . "'" );
+require( 'pkicommon' );
+
+
+##############################################################
+# Local Constants
+##############################################################
+
+my $saved_cleanup_file_name = ".cleanup.dat";
+my $saved_file_marker = "[files]";
+my $saved_directory_marker = "[directories]";
+
+
+##############################################################
+# Local Data Structures
+##############################################################
+
+
+##############################################################
+# Local Variables
+##############################################################
+
+my $pki_instance_root = "";
+my $pki_instance_name = "";
+my $force = 0;
+
+my $pki_instance_path = "";
+
+
+##############################################################
+# Platform-Dependent Data Initialization
+##############################################################
+
+
+##############################################################
+# Local Data Initialization
+##############################################################
+
+
+##############################################################
+# PKI Instance Removal Subroutines
+##############################################################
+
+# no args
+# no return value
+sub usage()
+{
+ print( STDOUT
+ "Usage: pkiremove -pki_instance_root=<pki_instance_root> "
+ . "# Instance root\n"
+ . " "
+ . "# directory\n"
+ . " "
+ . "# destination\n\n"
+ . " -pki_instance_name=<pki_instance_id> "
+ . "# Unique PKI\n"
+ . " "
+ . "# subsystem\n"
+ . " "
+ . "# instance name\n"
+ . " "
+ . "# (e. g. - pki-pki1)\n\n"
+ . " [-force] "
+ . "# Don't ask\n"
+ . " "
+ . "# any questions\n\n" );
+
+ print( STDOUT
+ "Example: pkiremove -pki_instance_root=/var/lib "
+ . "-pki_instance_name=$pki_flavor-ca1\n\n" );
+
+ print( STDOUT
+ "IMPORTANT: Must be run as root!\n\n" );
+
+ return;
+}
+
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub remove_instance()
+{
+ my $command = "";
+
+ print( STDOUT
+ "PKI instance Deletion Utility "
+ . "cleaning up instance ...\n\n" );
+
+ my $result = 0;
+ my $cleanup = new FileHandle;
+ my $source_file_path = $pki_instance_path
+ . "/" . $saved_cleanup_file_name;
+ my @files;
+ my @directories;
+ my $pki_start_stop_script_instance_file_path = "";
+ my $confirm = "Y";
+
+ASK_AGAIN:
+ if( !$force ) {
+ $confirm = prompt( "You have elected to remove the instance "
+ . "installed in "
+ . "$pki_instance_path.\n"
+ . "Are you sure (Y/N)? " );
+ }
+
+ if( $confirm eq "N" || $confirm eq "n" ) {
+ return 1;
+ } elsif( $confirm ne "Y" && $confirm ne "y" ) {
+ goto ASK_AGAIN;
+ }
+
+ if( !file_exists( "$source_file_path" ) ) {
+ print( STDERR
+ "ERROR: Can't remove instance, "
+ . "cleanup file does not exist!\n" );
+ return $result;
+ }
+
+ $cleanup->open( "<$source_file_path" ) or die "Could not open file!\n";
+
+ my $file_mode = "file";
+ my @file_split;
+
+ while( <$cleanup> )
+ {
+ my $line = $_;
+ chomp( $line );
+
+ if( $line eq $saved_file_marker ) {
+ $file_mode = "file";
+ next;
+ }
+
+ if( $line eq $saved_directory_marker ) {
+ $file_mode = "directory";
+ next;
+ }
+
+ if( $file_mode eq "file" ) {
+ push( @files, $line );
+
+ @file_split = split( '/', $line );
+ my $last = @file_split;
+
+ if( $file_split[$last -1] eq $pki_instance_name ) {
+ $pki_start_stop_script_instance_file_path = $line;
+ }
+ }
+
+ if( $file_mode eq "directory" ) {
+ push( @directories, $line );
+ }
+ }
+
+ $cleanup->close();
+
+ if( $pki_start_stop_script_instance_file_path eq "" ) {
+ print( STDERR
+ "ERROR: Can't locate start script of "
+ . "instance to be cleaned up!\n" );
+ return $result;
+ }
+
+ $command = "$pki_start_stop_script_instance_file_path stop";
+
+ system( "$command" );
+
+ my $size = @directories;
+
+ print( STDOUT "\n" );
+
+ if( $size ) {
+ my $i = 0;
+ for( $i = 0; $i < $size; $i ++ ) {
+ print( STDOUT
+ "Removing dir $directories[$i]\n" );
+ remove_directory( $directories[$i] );
+ }
+ }
+
+ $size = @files;
+
+ if( $size ) {
+ my $i = 0;
+ for( $i = 0; $i < $size; $i++ ) {
+ print( STDOUT
+ "Removing file $files[$i]\n" );
+ remove_file( $files[$i] );
+ }
+ }
+
+ print( STDOUT "\n" );
+
+ $result = 1;
+ return $result;
+}
+
+
+##############################################################
+# Main Program
+##############################################################
+
+# no args
+# return 1 - success, or
+# return 0 - failure
+sub main()
+{
+ chdir( "/tmp" );
+
+ my $result = 0;
+
+ print( STDOUT
+ "PKI instance Deletion Utility ...\n\n" );
+
+ # On Linux/UNIX, insure that this script is being run as "root".
+ $result = check_for_root_UID();
+ if( !$result ) {
+ usage();
+ exit 255;
+ }
+
+ # Check for a valid number of command-line arguments.
+ if( $ARGS < 2 ) {
+ print( STDERR
+ "$0: Insufficient arguments!\n\n" );
+ usage();
+ exit 255;
+ }
+
+ # Parse command-line arguments.
+ $result = GetOptions( "pki_instance_root=s" => \$pki_instance_root,
+ "pki_instance_name=s" => \$pki_instance_name,
+ "force" => \$force );
+
+ # Always disallow root to be the pki_instance_root.
+ if( $pki_instance_root eq "/" ) {
+ print( STDERR
+ "$0: Don't even think about making root "
+ . "the pki_instance_root!\n\n" );
+ usage();
+ exit 255;
+ }
+
+ # Remove all trailing directory separators ('/')
+ $pki_instance_root =~ s/\/+$//;
+
+ # Check for valid content of command-line arguments.
+ if( $pki_instance_root eq "" ) {
+ print( STDERR
+ "$0: Must have value for -pki_instance_root!\n\n" );
+ usage();
+ exit 255;
+ }
+
+ if( $pki_instance_name eq "" ) {
+ print( STDERR
+ "$0: The instance ID of the PKI instance "
+ . "to be removed is required!\n\n" );
+ usage();
+ exit 255;
+ }
+
+ $pki_instance_path = $pki_instance_root . "/" . $pki_instance_name;
+
+ if( !directory_exists( "$pki_instance_path" ) ) {
+ print( STDERR
+ "$0: Target directory $pki_instance_path "
+ . "is not a legal directory.\n\n" );
+ usage();
+ exit 255;
+ }
+
+ # Remove the specified instance
+ $result = remove_instance();
+ if( $result != 1 ) {
+ exit 255;
+ }
+
+ return $result;
+}
+
+
+##############################################################
+# PKI Instance Removal
+##############################################################
+
+main();
+
+exit 0;
+
generated by cgit (git 2.34.1) at 2024-09-17 07:15:48 +0000