summaryrefslogtreecommitdiffstats
path: root/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java')
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java964
1 files changed, 473 insertions, 491 deletions
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
index f8df962a5..c79ec4edd 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
@@ -1,5 +1,4 @@
package com.netscape.pkisilent;
-
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -18,6 +17,7 @@ package com.netscape.pkisilent;
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
+
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
@@ -39,7 +39,8 @@ import com.netscape.pkisilent.common.ParseXML;
import com.netscape.pkisilent.http.HTTPClient;
import com.netscape.pkisilent.http.HTTPResponse;
-public class ConfigureDRM {
+public class ConfigureDRM
+{
// global constants
public static final String DEFAULT_KEY_TYPE = "RSA";
@@ -51,7 +52,7 @@ public class ConfigureDRM {
// define global variables
public static HTTPClient hc = null;
-
+
public static String login_uri = "/kra/admin/console/config/login";
public static String wizard_uri = "/kra/admin/console/config/wizard";
public static String admin_uri = "/ca/admin/ca/getBySerial";
@@ -77,7 +78,7 @@ public class ConfigureDRM {
public static String client_certdb_dir = null;
public static String client_certdb_pwd = null;
- // Login Panel
+ // Login Panel
public static String pin = null;
public static String domain_name = null;
@@ -159,13 +160,14 @@ public class ConfigureDRM {
public static String backup_pwd = null;
public static String backup_fname = null;
- // cert subject names
+ // cert subject names
public static String drm_transport_cert_subject_name = null;
public static String drm_subsystem_cert_subject_name = null;
public static String drm_storage_cert_subject_name = null;
public static String drm_server_cert_subject_name = null;
public static String drm_audit_signing_cert_subject_name = null;
+
public static String subsystem_name = null;
// cloning
@@ -174,32 +176,38 @@ public class ConfigureDRM {
public static String clone_p12_passwd = null;
public static String clone_p12_file = null;
- // for correct selection of CA to be cloned
+ //for correct selection of CA to be cloned
public static String urls;
-
- public ConfigureDRM() {
+
+ public ConfigureDRM ()
+ {
// do nothing :)
}
- public void sleep_time() {
- try {
+ public void sleep_time()
+ {
+ try
+ {
System.out.println("Sleeping for 5 secs..");
Thread.sleep(5000);
- } catch (Exception e) {
+ }
+ catch(Exception e)
+ {
System.out.println("ERROR: sleep problem");
}
}
- public boolean LoginPanel() {
+ public boolean LoginPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "pin=" + pin + "&xml=true";
-
- hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string);
System.out.println("xml returned: " + hr.getHTML());
// parse xml here - nothing to parse
@@ -207,15 +215,14 @@ public class ConfigureDRM {
// get cookie
String temp = hr.getCookieValue("JSESSIONID");
- if (temp != null) {
+ if (temp!=null) {
int index = temp.indexOf(";");
- HTTPClient.j_session_id = temp.substring(0, index);
+ HTTPClient.j_session_id = temp.substring(0,index);
st = true;
}
hr = null;
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
- "p=0&op=next&xml=true");
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, "p=0&op=next&xml=true");
// parse xml here
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -225,7 +232,8 @@ public class ConfigureDRM {
return st;
}
- public boolean TokenChoicePanel() {
+ public boolean TokenChoicePanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -235,9 +243,10 @@ public class ConfigureDRM {
// Software Token
if (token_name.equalsIgnoreCase("internal")) {
- query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
- + URLEncoder.encode("Internal Key Storage Token");
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode("Internal Key Storage Token");
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -245,20 +254,23 @@ public class ConfigureDRM {
px.prettyprintxml();
} else {
// login to hsm first
- query_string = "p=2" + "&op=next" + "&xml=true" + "&uTokName="
- + URLEncoder.encode(token_name) + "&__uPasswd="
- + URLEncoder.encode(token_pwd);
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ query_string = "p=2" + "&op=next" + "&xml=true" +
+ "&uTokName=" +
+ URLEncoder.encode(token_name) +
+ "&__uPasswd=" +
+ URLEncoder.encode(token_pwd);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
// choice with token name now
- query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
- + URLEncoder.encode(token_name);
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ query_string = "p=1" + "&op=next" + "&xml=true" +
+ "&choice=" +
+ URLEncoder.encode(token_name);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -269,18 +281,24 @@ public class ConfigureDRM {
return true;
}
- public boolean DomainPanel() {
+ public boolean DomainPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
- String query_string = "sdomainURL=" + URLEncoder.encode(domain_url)
- + "&choice=existingdomain" + "&p=3" + "&op=next" + "&xml=true";
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ;
+
+ String query_string = "sdomainURL=" +
+ URLEncoder.encode(domain_url) +
+ "&choice=existingdomain"+
+ "&p=3" +
+ "&op=next" +
+ "&xml=true";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -291,41 +309,43 @@ public class ConfigureDRM {
}
- public boolean DisplayChainPanel() {
+ public boolean DisplayChainPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
String query_string = null;
- query_string = "p=4" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ query_string = "p=4" + "&op=next" + "&xml=true";
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
return true;
}
- public boolean SecurityDomainLoginPanel() {
+ public boolean SecurityDomainLoginPanel()
+ {
try {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String kra_url = "https://" + cs_hostname + ":" + cs_port
- + "/kra/admin/console/config/wizard" + "?p=5&subsystem=KRA";
+ String kra_url = "https://" + cs_hostname + ":" + cs_port +
+ "/kra/admin/console/config/wizard" +
+ "?p=5&subsystem=KRA" ;
- String query_string = "url=" + URLEncoder.encode(kra_url);
+ String query_string = "url=" + URLEncoder.encode(kra_url);
- hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri,
- query_string);
+ hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string);
- String query_string_1 = "uid=" + sd_admin_name + "&pwd="
- + URLEncoder.encode(sd_admin_password) + "&url="
- + URLEncoder.encode(kra_url);
+ String query_string_1 = "uid=" + sd_admin_name +
+ "&pwd=" + URLEncoder.encode(sd_admin_password) +
+ "&url=" + URLEncoder.encode(kra_url) ;
- hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
- query_string_1);
+ hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri,
+ query_string_1);
// get session id from security domain
@@ -337,10 +357,13 @@ public class ConfigureDRM {
// use session id to connect back to KRA
- String query_string_2 = "p=5" + "&subsystem=KRA" + "&session_id="
- + kra_session_id + "&xml=true";
+ String query_string_2 = "p=5" +
+ "&subsystem=KRA" +
+ "&session_id=" + kra_session_id +
+ "&xml=true" ;
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_2);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,
+ query_string_2);
if (clone) {
// parse urls
@@ -349,7 +372,7 @@ public class ConfigureDRM {
if (indx < 0) {
throw new Exception("Invalid clone_uri");
}
- urls = urls.substring(urls.lastIndexOf("<option", indx), indx);
+ urls = urls.substring(urls.lastIndexOf("<option" , indx), indx);
urls = urls.split("\"")[1];
System.out.println("urls =" + urls);
@@ -357,14 +380,14 @@ public class ConfigureDRM {
return true;
} catch (Exception e) {
- System.out.println("Exception in SecurityDomainLoginPanel(): "
- + e.toString());
+ System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString());
e.printStackTrace();
return false;
}
}
-
- public boolean SubsystemPanel() {
+
+ public boolean SubsystemPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -372,15 +395,16 @@ public class ConfigureDRM {
String query_string = null;
if (!clone) {
query_string = "p=5" + "&op=next" + "&xml=true"
- + "&choice=newsubsystem" + "&subsystemName="
- + URLEncoder.encode(subsystem_name);
+ + "&choice=newsubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name);
} else {
query_string = "p=5" + "&op=next" + "&xml=true"
- + "&choice=clonesubsystem" + "&subsystemName="
- + URLEncoder.encode(subsystem_name) + "&urls=" + urls;
+ + "&choice=clonesubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name)
+ + "&urls=" + urls;
}
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
@@ -396,8 +420,8 @@ public class ConfigureDRM {
ParseXML px = new ParseXML();
String query_string = "p=6" + "&op=next" + "&xml=true"
- + "&__password=" + URLEncoder.encode(clone_p12_passwd)
- + "&path=" + URLEncoder.encode(clone_p12_file) + "";
+ + "&__password=" + URLEncoder.encode(clone_p12_passwd)
+ + "&path=" + URLEncoder.encode(clone_p12_file) + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
@@ -407,32 +431,33 @@ public class ConfigureDRM {
px.prettyprintxml();
return true;
} catch (Exception e) {
- System.out.println("Exception in RestoreKeyCertPanel(): "
- + e.toString());
+ System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString());
e.printStackTrace();
return false;
}
}
- public boolean LdapConnectionPanel() {
+ public boolean LdapConnectionPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "p=7" + "&op=next" + "&xml=true" + "&host="
- + URLEncoder.encode(ldap_host) + "&port="
- + URLEncoder.encode(ldap_port) + "&binddn="
- + URLEncoder.encode(bind_dn) + "&__bindpwd="
- + URLEncoder.encode(bind_password) + "&basedn="
- + URLEncoder.encode(base_dn) + "&database="
- + URLEncoder.encode(db_name) + "&display="
- + URLEncoder.encode("$displayStr")
- + (secure_conn.equals("true") ? "&secureConn=on" : "")
- + (clone_start_tls.equals("true") ? "&cloneStartTLS=on" : "")
- + (remove_data.equals("true") ? "&removeData=true" : "");
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ String query_string = "p=7" + "&op=next" + "&xml=true" +
+ "&host=" + URLEncoder.encode(ldap_host) +
+ "&port=" + URLEncoder.encode(ldap_port) +
+ "&binddn=" + URLEncoder.encode(bind_dn) +
+ "&__bindpwd=" + URLEncoder.encode(bind_password) +
+ "&basedn=" + URLEncoder.encode(base_dn) +
+ "&database=" + URLEncoder.encode(db_name) +
+ "&display=" + URLEncoder.encode("$displayStr") +
+ (secure_conn.equals("true")? "&secureConn=on": "") +
+ (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") +
+ (remove_data.equals("true")? "&removeData=true": "");
+
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -442,7 +467,8 @@ public class ConfigureDRM {
return true;
}
- public boolean KeyPanel() {
+ public boolean KeyPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -452,74 +478,56 @@ public class ConfigureDRM {
String query_string = null;
if (!clone) {
- query_string = "p=8" + "&op=next" + "&xml=true"
- + "&transport_custom_size="
- + transport_key_size
- + "&storage_custom_size="
- + storage_key_size
- + "&subsystem_custom_size="
- + subsystem_key_size
- + "&sslserver_custom_size="
- + sslserver_key_size
- + "&audit_signing_custom_size="
- + key_size
- + "&custom_size="
- + key_size
- + "&transport_custom_curvename="
- + transport_key_curvename
- + "&storage_custom_curvename="
- + storage_key_curvename
- + "&subsystem_custom_curvename="
- + subsystem_key_curvename
- + "&sslserver_custom_curvename="
- + sslserver_key_curvename
- + "&audit_signing_custom_curvename="
- + audit_signing_key_curvename
- + "&custom_curvename="
- + key_curvename
- + "&transport_keytype="
- + transport_key_type
- + "&storage_keytype="
- + storage_key_type
- + "&subsystem_keytype="
- + subsystem_key_type
- + "&sslserver_keytype="
- + sslserver_key_type
- + "&audit_signing_keytype="
- + audit_signing_key_type
- + "&keytype="
- + key_type
- + "&transport_choice=custom"
- + "&storage_choice=custom"
- + "&subsystem_choice=custom"
- + "&sslserver_choice=custom"
- + "&choice=custom"
- + "&audit_signing_choice=custom"
- + "&signingalgorithm="
- + signing_algorithm
- + "&transport_signingalgorithm="
- + transport_signingalgorithm;
+ query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&transport_custom_size=" + transport_key_size +
+ "&storage_custom_size=" + storage_key_size +
+ "&subsystem_custom_size=" + subsystem_key_size +
+ "&sslserver_custom_size=" + sslserver_key_size +
+ "&audit_signing_custom_size=" + key_size +
+ "&custom_size=" + key_size +
+ "&transport_custom_curvename=" + transport_key_curvename +
+ "&storage_custom_curvename=" + storage_key_curvename +
+ "&subsystem_custom_curvename=" + subsystem_key_curvename +
+ "&sslserver_custom_curvename=" + sslserver_key_curvename +
+ "&audit_signing_custom_curvename=" + audit_signing_key_curvename +
+ "&custom_curvename=" + key_curvename +
+ "&transport_keytype=" + transport_key_type +
+ "&storage_keytype=" + storage_key_type +
+ "&subsystem_keytype=" + subsystem_key_type +
+ "&sslserver_keytype=" + sslserver_key_type +
+ "&audit_signing_keytype=" + audit_signing_key_type +
+ "&keytype=" + key_type +
+ "&transport_choice=custom"+
+ "&storage_choice=custom"+
+ "&subsystem_choice=custom"+
+ "&sslserver_choice=custom"+
+ "&choice=custom"+
+ "&audit_signing_choice=custom" +
+ "&signingalgorithm=" + signing_algorithm +
+ "&transport_signingalgorithm=" + transport_signingalgorithm;
} else {
- query_string = "p=8" + "&op=next" + "&xml=true"
- + "&sslserver_custom_size=" + sslserver_key_size
- + "&sslserver_keytype=" + sslserver_key_type
- + "&sslserver_choice=custom" + "&custom_size=" + key_size
- + "&keytype=" + key_type + "&choice=custom";
- }
+ query_string = "p=8" + "&op=next" + "&xml=true" +
+ "&sslserver_custom_size=" + sslserver_key_size +
+ "&sslserver_keytype=" + sslserver_key_type +
+ "&sslserver_choice=custom" +
+ "&custom_size=" + key_size +
+ "&keytype=" + key_type +
+ "&choice=custom";
+ }
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
- al = px.constructValueList("CertReqPair", "DN");
+
+ al = px.constructValueList("CertReqPair","DN");
// get ca cert subject name
if (al != null) {
- for (int i = 0; i < al.size(); i++) {
- String temp = al.get(i);
+ for (int i=0; i < al.size(); i++) {
+ String temp = al.get(i);
if (temp.indexOf("DRM Transport") > 0) {
drm_transport_cert_name = temp;
} else if (temp.indexOf("DRM Storage") > 0) {
@@ -533,21 +541,23 @@ public class ConfigureDRM {
}
}
}
-
- System.out.println("default: drm_transport_cert_name="
- + drm_transport_cert_name);
- System.out.println("default: drm_storage_cert_name="
- + drm_storage_cert_name);
- System.out.println("default: drm_subsystem_cert_name="
- + drm_subsystem_cert_name);
- System.out.println("default: drm_audit_signing_cert_name="
- + drm_audit_signing_cert_name);
-
- System.out.println("default: server_cert_name=" + server_cert_name);
+
+ System.out.println("default: drm_transport_cert_name=" +
+ drm_transport_cert_name);
+ System.out.println("default: drm_storage_cert_name=" +
+ drm_storage_cert_name);
+ System.out.println("default: drm_subsystem_cert_name=" +
+ drm_subsystem_cert_name);
+ System.out.println("default: drm_audit_signing_cert_name=" +
+ drm_audit_signing_cert_name);
+
+ System.out.println("default: server_cert_name=" +
+ server_cert_name);
return true;
}
- public boolean CertSubjectPanel() {
+ public boolean CertSubjectPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -557,64 +567,69 @@ public class ConfigureDRM {
ArrayList<String> dn_list = null;
String query_string = null;
- String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port;
+ String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ;
if (!clone) {
- query_string = "p=9" + "&op=next" + "&xml=true" + "&subsystem="
- + URLEncoder.encode(drm_subsystem_cert_subject_name)
- + "&transport="
- + URLEncoder.encode(drm_transport_cert_subject_name)
- + "&storage="
- + URLEncoder.encode(drm_storage_cert_subject_name)
- + "&sslserver="
- + URLEncoder.encode(drm_server_cert_subject_name)
- + "&audit_signing="
- + URLEncoder.encode(drm_audit_signing_cert_subject_name)
- + "&urls=" + URLEncoder.encode(domain_url);
+ query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(drm_subsystem_cert_subject_name) +
+ "&transport=" +
+ URLEncoder.encode(drm_transport_cert_subject_name) +
+ "&storage=" +
+ URLEncoder.encode(drm_storage_cert_subject_name) +
+ "&sslserver=" +
+ URLEncoder.encode(drm_server_cert_subject_name) +
+ "&audit_signing=" +
+ URLEncoder.encode(drm_audit_signing_cert_subject_name) +
+ "&urls=" +
+ URLEncoder.encode(domain_url);
} else {
- query_string = "p=9" + "&op=next" + "&xml=true" + "&sslserver="
- + URLEncoder.encode(drm_server_cert_subject_name)
- + "&urls=" + URLEncoder.encode(domain_url);
+ query_string = "p=9" + "&op=next" + "&xml=true" +
+ "&sslserver=" +
+ URLEncoder.encode(drm_server_cert_subject_name) +
+ "&urls=" +
+ URLEncoder.encode(domain_url);
}
-
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
- req_list = px.constructValueList("CertReqPair", "Request");
- cert_list = px.constructValueList("CertReqPair", "Certificate");
- dn_list = px.constructValueList("CertReqPair", "Nickname");
+
+ req_list = px.constructValueList("CertReqPair","Request");
+ cert_list = px.constructValueList("CertReqPair","Certificate");
+ dn_list = px.constructValueList("CertReqPair","Nickname");
if (req_list != null && cert_list != null && dn_list != null) {
- for (int i = 0; i < dn_list.size(); i++) {
- String temp = dn_list.get(i);
+ for (int i=0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
if (temp.indexOf("transportCert") >= 0) {
- drm_transport_cert_req = req_list.get(i);
- drm_transport_cert_cert = cert_list.get(i);
+ drm_transport_cert_req = req_list.get(i);
+ drm_transport_cert_cert = cert_list.get(i);
} else if (temp.indexOf("storageCert") >= 0) {
- drm_storage_cert_req = req_list.get(i);
- drm_storage_cert_cert = cert_list.get(i);
+ drm_storage_cert_req = req_list.get(i);
+ drm_storage_cert_cert = cert_list.get(i);
} else if (temp.indexOf("subsystemCert") >= 0) {
- drm_subsystem_cert_req = req_list.get(i);
- drm_subsystem_cert_cert = cert_list.get(i);
- } else if (temp.indexOf("auditSigningCert") >= 0) {
- drm_audit_signing_cert_req = req_list.get(i);
- drm_audit_signing_cert_cert = cert_list.get(i);
+ drm_subsystem_cert_req = req_list.get(i);
+ drm_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >=0) {
+ drm_audit_signing_cert_req = req_list.get(i);
+ drm_audit_signing_cert_cert = cert_list.get(i);
} else {
- server_cert_req = req_list.get(i);
- server_cert_cert = cert_list.get(i);
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
}
}
}
-
+
return true;
}
- public boolean CertificatePanel() {
+ public boolean CertificatePanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -624,56 +639,68 @@ public class ConfigureDRM {
ArrayList<String> dn_list = null;
ArrayList<String> pp_list = null;
- String query_string = "p=10" + "&op=next" + "&xml=true" + "&subsystem="
- + URLEncoder.encode(drm_subsystem_cert_cert) + "&subsystem_cc="
- + "&transport=" + URLEncoder.encode(drm_transport_cert_cert)
- + "&transport_cc=" + "&storage="
- + URLEncoder.encode(drm_storage_cert_cert) + "&storage_cc="
- + "&sslserver=" + URLEncoder.encode(server_cert_cert)
- + "&sslserver_cc=" + "&audit_signing="
- + URLEncoder.encode(drm_audit_signing_cert_cert)
- + "&audit_signing_cc=";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ String query_string = "p=10" + "&op=next" + "&xml=true" +
+ "&subsystem=" +
+ URLEncoder.encode(drm_subsystem_cert_cert) +
+ "&subsystem_cc=" +
+ "&transport=" +
+ URLEncoder.encode(drm_transport_cert_cert) +
+ "&transport_cc=" +
+ "&storage=" +
+ URLEncoder.encode(drm_storage_cert_cert) +
+ "&storage_cc=" +
+ "&sslserver=" +
+ URLEncoder.encode(server_cert_cert) +
+ "&sslserver_cc=" +
+ "&audit_signing=" +
+ URLEncoder.encode(drm_audit_signing_cert_cert) +
+ "&audit_signing_cc=";
+
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
return true;
}
- public boolean BackupPanel() {
+ public boolean BackupPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "p=11" + "&op=next" + "&xml=true"
- + "&choice=backupkey" + "&__pwd="
- + URLEncoder.encode(backup_pwd) + "&__pwdagain="
- + URLEncoder.encode(backup_pwd);
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ String query_string = "p=11" + "&op=next" + "&xml=true" +
+ "&choice=backupkey" +
+ "&__pwd=" + URLEncoder.encode(backup_pwd) +
+ "&__pwdagain=" + URLEncoder.encode(backup_pwd);
+
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
return true;
}
- public boolean SavePKCS12Panel() {
+ public boolean SavePKCS12Panel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "";
- hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
+ String query_string = "";
+
+ hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string);
// dump hr.getResponseData() to file
try {
@@ -682,18 +709,17 @@ public class ConfigureDRM {
fos.close();
// set file to permissions 600
- String rtParams[] = { "chmod", "600", backup_fname };
+ String rtParams[] = { "chmod","600", backup_fname};
Process proc = Runtime.getRuntime().exec(rtParams);
- BufferedReader br = new BufferedReader(new InputStreamReader(
- proc.getErrorStream()));
+ BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
String line = null;
- while ((line = br.readLine()) != null)
- System.out.println("Error: " + line);
+ while ( (line = br.readLine()) != null)
+ System.out.println("Error: " + line);
int exitVal = proc.waitFor();
-
+
// verify p12 file
-
+
// Decode the P12 file
FileInputStream fis = new FileInputStream(backup_fname);
PFX.Template pfxt = new PFX.Template();
@@ -701,18 +727,17 @@ public class ConfigureDRM {
System.out.println("Decoded PFX");
// now peruse it for interesting info
- System.out.println("Version: " + pfx.getVersion());
+ System.out.println("Version: "+pfx.getVersion());
AuthenticatedSafes authSafes = pfx.getAuthSafes();
SEQUENCE asSeq = authSafes.getSequence();
- System.out.println("AuthSafes has " + asSeq.size()
- + " SafeContents");
+ System.out.println("AuthSafes has "+
+ asSeq.size()+" SafeContents");
fis.close();
if (clone) {
query_string = "p=12" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
- query_string);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -727,15 +752,19 @@ public class ConfigureDRM {
return true;
}
- public boolean AdminCertReqPanel() {
+ public boolean AdminCertReqPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
String admin_cert_request = null;
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
- agent_cert_subject, agent_key_size, agent_key_type);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ agent_cert_subject,
+ agent_key_size,
+ agent_key_type);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
cCrypt.setTransportCert(null);
@@ -745,67 +774,76 @@ public class ConfigureDRM {
String crmf_request = cCrypt.generateCRMFrequest();
if (crmf_request == null) {
- System.out
- .println("ERROR: AdminCertReqPanel() cert req gen failed");
- return false;
+ System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
}
admin_cert_request = crmf_request;
- String query_string = "p=13" + "&op=next" + "&xml=true"
- + "&cert_request_type=" + "crmf" + "&uid=" + admin_user
- + "&name=" + admin_user + "&__pwd="
- + URLEncoder.encode(admin_password)
- + "&__admin_password_again="
- + URLEncoder.encode(admin_password) + "&profileId="
- + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email)
- + "&cert_request=" + URLEncoder.encode(admin_cert_request)
- + "&subject=" + URLEncoder.encode(agent_cert_subject)
- + "&clone=new" + "&import=true" + "&securitydomain="
- + URLEncoder.encode(domain_name);
-
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ String query_string = "p=13" + "&op=next" + "&xml=true" +
+ "&cert_request_type=" + "crmf" +
+ "&uid=" + admin_user +
+ "&name=" + admin_user +
+ "&__pwd=" + URLEncoder.encode(admin_password) +
+ "&__admin_password_again=" + URLEncoder.encode(admin_password) +
+ "&profileId=" + "caAdminCert" +
+ "&email=" +
+ URLEncoder.encode(admin_email) +
+ "&cert_request=" +
+ URLEncoder.encode(admin_cert_request) +
+ "&subject=" +
+ URLEncoder.encode(agent_cert_subject) +
+ "&clone=new" +
+ "&import=true" +
+ "&securitydomain=" +
+ URLEncoder.encode(domain_name);
+
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
- admin_serial_number = px.getvalue("serialNumber");
+
+ admin_serial_number = px.getvalue("serialNumber");
return true;
}
- public boolean AdminCertImportPanel() {
+ public boolean AdminCertImportPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "serialNumber=" + admin_serial_number
- + "&importCert=" + "true";
-
- hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string);
+ String query_string = "serialNumber=" + admin_serial_number +
+ "&importCert=" + "true";
+ hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string);
+
// get response data
- // String cert_to_import =
- // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
- String cert_to_import = OSUtil.BtoA(hr.getResponseData());
+ // String cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ String cert_to_import =
+ OSUtil.BtoA(hr.getResponseData());
System.out.println("Imported Cert=" + cert_to_import);
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
- null, null, null);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
cCrypt.loginDB();
- String start = "-----BEGIN CERTIFICATE-----\r\n";
- String end = "\r\n-----END CERTIFICATE-----";
+ String start = "-----BEGIN CERTIFICATE-----\r\n" ;
+ String end = "\r\n-----END CERTIFICATE-----" ;
- st = cCrypt.importCert(start + cert_to_import + end, agent_name);
+ st = cCrypt.importCert(start+cert_to_import+end,agent_name);
if (!st) {
- System.out
- .println("ERROR: AdminCertImportPanel() during cert import");
+ System.out.println("ERROR: AdminCertImportPanel() during cert import");
return false;
}
@@ -813,30 +851,35 @@ public class ConfigureDRM {
return true;
}
- public boolean UpdateDomainPanel() {
+ public boolean UpdateDomainPanel()
+ {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "p=14" + "&op=next" + "&xml=true" + "&caHost="
- + URLEncoder.encode(sd_hostname) + "&caPort="
- + URLEncoder.encode(sd_agent_port);
+ String query_string = "p=14" + "&op=next" + "&xml=true" +
+ "&caHost=" + URLEncoder.encode(sd_hostname) +
+ "&caPort=" + URLEncoder.encode(sd_agent_port);
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
+ hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
return true;
}
- public boolean ConfigureDRMInstance() {
+ public boolean ConfigureDRMInstance()
+ {
// 0. login to cert db
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
- null, null, null);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd,
+ null,
+ null,
+ null);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
cCrypt.loginDB();
@@ -855,8 +898,7 @@ public class ConfigureDRM {
// 2. Token Choice Panel
boolean disp_token = TokenChoicePanel();
if (!disp_token) {
- System.out
- .println("ERROR: ConfigureDRM: TokenChoicePanel() failure");
+ System.out.println("ERROR: ConfigureDRM: TokenChoicePanel() failure");
return false;
}
@@ -872,8 +914,7 @@ public class ConfigureDRM {
// 4. display cert chain panel
boolean disp_st = DisplayChainPanel();
if (!disp_st) {
- System.out
- .println("ERROR: ConfigureDRM: DisplayChainPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: DisplayChainPanel() failure");
return false;
}
@@ -881,8 +922,7 @@ public class ConfigureDRM {
// security domain login panel
boolean disp_sd = SecurityDomainLoginPanel();
if (!disp_sd) {
- System.out
- .println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure");
return false;
}
@@ -899,8 +939,7 @@ public class ConfigureDRM {
if (clone) {
boolean restore_st = RestoreKeyCertPanel();
if (!restore_st) {
- System.out
- .println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
+ System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
return false;
}
}
@@ -909,8 +948,7 @@ public class ConfigureDRM {
// 7. ldap connection panel
boolean disp_ldap = LdapConnectionPanel();
if (!disp_ldap) {
- System.out
- .println("ERROR: ConfigureDRM: LdapConnectionPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: LdapConnectionPanel() failure");
return false;
}
@@ -927,8 +965,7 @@ public class ConfigureDRM {
// 10. Cert Subject Panel
boolean disp_csubj = CertSubjectPanel();
if (!disp_csubj) {
- System.out
- .println("ERROR: ConfigureDRM: CertSubjectPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: CertSubjectPanel() failure");
return false;
}
@@ -936,8 +973,7 @@ public class ConfigureDRM {
// 11. Certificate Panel
boolean disp_cp = CertificatePanel();
if (!disp_cp) {
- System.out
- .println("ERROR: ConfigureDRM: CertificatePanel() failure");
+ System.out.println("ERROR: ConfigureDRM: CertificatePanel() failure");
return false;
}
@@ -953,8 +989,7 @@ public class ConfigureDRM {
// save panel
boolean disp_save = SavePKCS12Panel();
if (!disp_save) {
- System.out
- .println("ERROR: ConfigureDRM: SavePKCS12Panel() failure");
+ System.out.println("ERROR: ConfigureDRM: SavePKCS12Panel() failure");
return false;
}
@@ -967,8 +1002,7 @@ public class ConfigureDRM {
// 13. Admin Cert Req Panel
boolean disp_adm = AdminCertReqPanel();
if (!disp_adm) {
- System.out
- .println("ERROR: ConfigureDRM: AdminCertReqPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: AdminCertReqPanel() failure");
return false;
}
@@ -976,8 +1010,7 @@ public class ConfigureDRM {
// 14. Admin Cert import Panel
boolean disp_im = AdminCertImportPanel();
if (!disp_im) {
- System.out
- .println("ERROR: ConfigureDRM: AdminCertImportPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: AdminCertImportPanel() failure");
return false;
}
@@ -985,8 +1018,7 @@ public class ConfigureDRM {
// 15. Update Domain Panel
boolean disp_ud = UpdateDomainPanel();
if (!disp_ud) {
- System.out
- .println("ERROR: ConfigureDRM: UpdateDomainPanel() failure");
+ System.out.println("ERROR: ConfigureDRM: UpdateDomainPanel() failure");
return false;
}
@@ -1002,7 +1034,8 @@ public class ConfigureDRM {
}
}
- public static void main(String args[]) {
+ public static void main(String args[])
+ {
ConfigureDRM ca = new ConfigureDRM();
// set variables
@@ -1030,7 +1063,7 @@ public class ConfigureDRM {
StringHolder x_admin_email = new StringHolder();
StringHolder x_admin_password = new StringHolder();
- // ldap
+ // ldap
StringHolder x_ldap_host = new StringHolder();
StringHolder x_ldap_port = new StringHolder();
StringHolder x_bind_dn = new StringHolder();
@@ -1094,7 +1127,7 @@ public class ConfigureDRM {
// subsystemName
StringHolder x_subsystem_name = new StringHolder();
- // clone parameters
+ //clone parameters
StringHolder x_clone = new StringHolder();
StringHolder x_clone_uri = new StringHolder();
StringHolder x_clone_p12_file = new StringHolder();
@@ -1103,187 +1136,145 @@ public class ConfigureDRM {
// parse the args
ArgParser parser = new ArgParser("ConfigureDRM");
- parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname);
- parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port);
-
- parser.addOption("-sd_hostname %s #Security Domain Hostname",
- x_sd_hostname);
- parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
- x_sd_ssl_port);
- parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
- x_sd_agent_port);
- parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
- x_sd_admin_port);
- parser.addOption("-sd_admin_name %s #Security Domain username",
- x_sd_admin_name);
- parser.addOption("-sd_admin_password %s #Security Domain password",
- x_sd_admin_password);
-
- parser.addOption("-ca_hostname %s #CA Hostname", x_ca_hostname);
- parser.addOption("-ca_port %s #CA non-SSL EE port", x_ca_port);
- parser.addOption("-ca_ssl_port %s #CA SSL EE port", x_ca_ssl_port);
-
- parser.addOption("-client_certdb_dir %s #Client CertDB dir",
- x_client_certdb_dir);
- parser.addOption("-client_certdb_pwd %s #client certdb password",
- x_client_certdb_pwd);
- parser.addOption("-preop_pin %s #pre op pin", x_preop_pin);
- parser.addOption("-domain_name %s #domain name", x_domain_name);
- parser.addOption("-admin_user %s #Admin User Name", x_admin_user);
- parser.addOption("-admin_email %s #Admin email", x_admin_email);
- parser.addOption("-admin_password %s #Admin password", x_admin_password);
- parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name);
-
- parser.addOption("-ldap_host %s #ldap host", x_ldap_host);
- parser.addOption("-ldap_port %s #ldap port", x_ldap_port);
- parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn);
- parser.addOption("-bind_password %s #ldap bind password",
- x_bind_password);
- parser.addOption("-base_dn %s #base dn", x_base_dn);
- parser.addOption("-db_name %s #db name", x_db_name);
- parser.addOption(
- "-secure_conn %s #use ldaps port (optional, default is false)",
- x_secure_conn);
- parser.addOption(
- "-remove_data %s #remove existing data under base_dn (optional, default is false) ",
- x_remove_data);
- parser.addOption(
- "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
- x_clone_start_tls);
+ parser.addOption ("-cs_hostname %s #CS Hostname",
+ x_cs_hostname);
+ parser.addOption ("-cs_port %s #CS SSL Admin port",
+ x_cs_port);
+
+ parser.addOption ("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption ("-sd_admin_name %s #Security Domain username",
+ x_sd_admin_name);
+ parser.addOption ("-sd_admin_password %s #Security Domain password",
+ x_sd_admin_password);
+
+ parser.addOption ("-ca_hostname %s #CA Hostname",
+ x_ca_hostname);
+ parser.addOption ("-ca_port %s #CA non-SSL EE port",
+ x_ca_port);
+ parser.addOption ("-ca_ssl_port %s #CA SSL EE port",
+ x_ca_ssl_port);
+
+ parser.addOption ("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption ("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption ("-preop_pin %s #pre op pin",
+ x_preop_pin);
+ parser.addOption ("-domain_name %s #domain name",
+ x_domain_name);
+ parser.addOption ("-admin_user %s #Admin User Name",
+ x_admin_user);
+ parser.addOption ("-admin_email %s #Admin email",
+ x_admin_email);
+ parser.addOption ("-admin_password %s #Admin password",
+ x_admin_password);
+ parser.addOption ("-agent_name %s #Agent Cert Nickname",
+ x_agent_name);
+
+ parser.addOption ("-ldap_host %s #ldap host",
+ x_ldap_host);
+ parser.addOption ("-ldap_port %s #ldap port",
+ x_ldap_port);
+ parser.addOption ("-bind_dn %s #ldap bind dn",
+ x_bind_dn);
+ parser.addOption ("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption ("-base_dn %s #base dn",
+ x_base_dn);
+ parser.addOption ("-db_name %s #db name",
+ x_db_name);
+ parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
+ parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
// key and algorithm options (default)
- parser.addOption(
- "-key_type %s #Key type [RSA,ECC] (optional, default is RSA)",
- x_key_type);
- parser.addOption(
- "-key_size %s #Key Size (optional, for RSA default is 2048)",
- x_key_size);
- parser.addOption(
- "-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)",
- x_key_curvename);
- parser.addOption(
- "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
- x_signing_algorithm);
+ parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
+ parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
+ parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
+ parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm);
- // key and algorithm options for transport certificate (overrides
- // default)
- parser.addOption(
- "-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
- x_transport_key_type);
- parser.addOption(
- "-transport_key_size %s #Key Size (optional, for RSA default is key_size)",
- x_transport_key_size);
- parser.addOption(
- "-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
- x_transport_key_curvename);
- parser.addOption(
- "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)",
- x_transport_signingalgorithm);
+ // key and algorithm options for transport certificate (overrides default)
+ parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_transport_key_type);
+ parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", x_transport_key_size);
+ parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_transport_key_curvename);
+ parser.addOption("-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", x_transport_signingalgorithm);
// key and algorithm options for storage certificate (overrides default)
- parser.addOption(
- "-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
- x_storage_key_type);
- parser.addOption(
- "-storage_key_size %s #Key Size (optional, for RSA default is key_size)",
- x_storage_key_size);
- parser.addOption(
- "-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
- x_storage_key_curvename);
-
- // key and algorithm options for audit_signing certificate (overrides
- // default)
- parser.addOption(
- "-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
- x_audit_signing_key_type);
- parser.addOption(
- "-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
- x_audit_signing_key_size);
- parser.addOption(
- "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
- x_audit_signing_key_curvename);
-
- // key and algorithm options for subsystem certificate (overrides
- // default)
- parser.addOption(
- "-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
- x_subsystem_key_type);
- parser.addOption(
- "-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
- x_subsystem_key_size);
- parser.addOption(
- "-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
- x_subsystem_key_curvename);
-
- // key and algorithm options for sslserver certificate (overrides
- // default)
- parser.addOption(
- "-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
- x_sslserver_key_type);
- parser.addOption(
- "-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
- x_sslserver_key_size);
- parser.addOption(
- "-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
- x_sslserver_key_curvename);
+ parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type);
+ parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size);
+ parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_storage_key_curvename);
+
+ // key and algorithm options for audit_signing certificate (overrides default)
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
+ parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides default)
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides default)
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
+
+ parser.addOption ("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
+ x_token_pwd);
+
+ parser.addOption ("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption ("-agent_cert_subject %s #Agent Cert Subject ",
+ x_agent_cert_subject);
+
+ parser.addOption ("-backup_pwd %s #PKCS12 password",
+ x_backup_pwd);
+
+ parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)",
+ x_backup_fname);
+
+ parser.addOption (
+ "-drm_transport_cert_subject_name %s #DRM transport cert subject name",
+ x_drm_transport_cert_subject_name);
+ parser.addOption (
+ "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name",
+ x_drm_subsystem_cert_subject_name);
+ parser.addOption (
+ "-drm_storage_cert_subject_name %s #DRM storage cert subject name",
+ x_drm_storage_cert_subject_name);
+ parser.addOption (
+ "-drm_server_cert_subject_name %s #DRM server cert subject name",
+ x_drm_server_cert_subject_name);
+
+ parser.addOption (
+ "-subsystem_name %s #CA subsystem name",
+ x_subsystem_name);
- parser.addOption("-token_name %s #HSM/Software Token name",
- x_token_name);
parser.addOption(
- "-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
- x_token_pwd);
+ "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name",
+ x_drm_audit_signing_cert_subject_name);
- parser.addOption("-agent_key_size %s #Agent Cert Key Size",
- x_agent_key_size);
- parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
- x_agent_key_type);
- parser.addOption("-agent_cert_subject %s #Agent Cert Subject ",
- x_agent_cert_subject);
-
- parser.addOption("-backup_pwd %s #PKCS12 password", x_backup_pwd);
-
- parser.addOption(
- "-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)",
- x_backup_fname);
-
- parser.addOption(
- "-drm_transport_cert_subject_name %s #DRM transport cert subject name",
- x_drm_transport_cert_subject_name);
- parser.addOption(
- "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name",
- x_drm_subsystem_cert_subject_name);
- parser.addOption(
- "-drm_storage_cert_subject_name %s #DRM storage cert subject name",
- x_drm_storage_cert_subject_name);
- parser.addOption(
- "-drm_server_cert_subject_name %s #DRM server cert subject name",
- x_drm_server_cert_subject_name);
-
- parser.addOption("-subsystem_name %s #CA subsystem name",
- x_subsystem_name);
-
- parser.addOption(
- "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name",
- x_drm_audit_signing_cert_subject_name);
-
- parser.addOption(
- "-clone %s #Clone of another KRA [true, false] (optional, default false)",
- x_clone);
- parser.addOption(
- "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
- x_clone_uri);
- parser.addOption(
- "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)",
- x_clone_p12_file);
- parser.addOption(
- "-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
- x_clone_p12_passwd);
+ parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone);
+ parser.addOption("-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri);
+ parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", x_clone_p12_file);
+ parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd);
// and then match the arguments
- String[] unmatched = null;
- unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
+ String [] unmatched = null;
+ unmatched = parser.matchAllArgs (args,0,ArgParser.EXIT_ON_UNMATCHED);
- if (unmatched != null) {
+ if (unmatched!=null) {
System.out.println("ERROR: Argument Mismatch");
System.exit(-1);
}
@@ -1328,42 +1319,31 @@ public class ConfigureDRM {
key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
transport_key_type = set_default(x_transport_key_type.value, key_type);
storage_key_type = set_default(x_storage_key_type.value, key_type);
- audit_signing_key_type = set_default(x_audit_signing_key_type.value,
- key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
transport_key_size = set_default(x_transport_key_size.value, key_size);
storage_key_size = set_default(x_storage_key_size.value, key_size);
- audit_signing_key_size = set_default(x_audit_signing_key_size.value,
- key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
- key_curvename = set_default(x_key_curvename.value,
- DEFAULT_KEY_CURVENAME);
- transport_key_curvename = set_default(x_transport_key_curvename.value,
- key_curvename);
- storage_key_curvename = set_default(x_storage_key_curvename.value,
- key_curvename);
- audit_signing_key_curvename = set_default(
- x_audit_signing_key_curvename.value, key_curvename);
- subsystem_key_curvename = set_default(x_subsystem_key_curvename.value,
- key_curvename);
- sslserver_key_curvename = set_default(x_sslserver_key_curvename.value,
- key_curvename);
+ key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
+ transport_key_curvename = set_default(x_transport_key_curvename.value, key_curvename);
+ storage_key_curvename = set_default(x_storage_key_curvename.value, key_curvename);
+ audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
if (transport_key_type.equalsIgnoreCase("RSA")) {
- signing_algorithm = set_default(x_signing_algorithm.value,
- DEFAULT_KEY_ALGORITHM_RSA);
+ signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
} else {
- signing_algorithm = set_default(x_signing_algorithm.value,
- DEFAULT_KEY_ALGORITHM_ECC);
+ signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
}
- transport_signingalgorithm = set_default(
- x_transport_signingalgorithm.value, signing_algorithm);
+ transport_signingalgorithm = set_default(x_transport_signingalgorithm.value, signing_algorithm);
token_name = x_token_name.value;
token_pwd = x_token_pwd.value;
@@ -1374,13 +1354,15 @@ public class ConfigureDRM {
backup_pwd = x_backup_pwd.value;
backup_fname = set_default(x_backup_fname.value, "/root/tmp-kra.p12");
-
- drm_transport_cert_subject_name = x_drm_transport_cert_subject_name.value;
- drm_subsystem_cert_subject_name = x_drm_subsystem_cert_subject_name.value;
- drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value;
- drm_server_cert_subject_name = x_drm_server_cert_subject_name.value;
- drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value;
-
+
+ drm_transport_cert_subject_name =
+ x_drm_transport_cert_subject_name.value ;
+ drm_subsystem_cert_subject_name =
+ x_drm_subsystem_cert_subject_name.value;
+ drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value ;
+ drm_server_cert_subject_name = x_drm_server_cert_subject_name.value ;
+ drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value;
+
subsystem_name = x_subsystem_name.value;
if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) {
@@ -1393,12 +1375,12 @@ public class ConfigureDRM {
clone_p12_passwd = x_clone_p12_passwd.value;
boolean st = ca.ConfigureDRMInstance();
-
+
if (!st) {
System.out.println("ERROR: unable to create DRM");
System.exit(-1);
}
-
+
System.out.println("Certificate System - DRM Instance Configured");
System.exit(0);
}
generated by cgit (git 2.34.1) at 2024-07-03 10:27:25 +0000