summaryrefslogtreecommitdiffstats
path: root/pki/base/silent
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/silent')
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java94
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java66
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java46
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java62
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java35
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java14
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java6
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java10
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java3
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/Request.java6
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java3
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java3
12 files changed, 241 insertions, 107 deletions
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
index a7b114085..55ac7ed58 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
@@ -685,7 +685,8 @@ public class ConfigureCA {
in.close();
return true;
} catch (Exception e) {
- System.out.println("CertSubjectPanel: Unable to read in external approved CA cert or certificate chain.");
+ System.out
+ .println("CertSubjectPanel: Unable to read in external approved CA cert or certificate chain.");
System.out.println(e.toString());
return false;
}
@@ -1246,7 +1247,8 @@ public class ConfigureCA {
} else {
// first pass - cacert file not defined
System.out.println("A Certificate Request has been generated and stored in " + ext_csr_file);
- System.out.println("Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain");
+ System.out
+ .println("Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain");
return true;
}
}
@@ -1458,42 +1460,66 @@ public class ConfigureCA {
parser.addOption("-base_dn %s #base dn", x_base_dn);
parser.addOption("-db_name %s #db name", x_db_name);
parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
- parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm);
- parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm);
+ parser.addOption(
+ "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_key_algorithm);
+ parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)",
+ x_signing_algorithm);
// key and algorithm options for signing certificate (overrides default)
parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
- parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename);
- parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm);
+ parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
// key and algorithm options for ocsp_signing certificate (overrides default)
- parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type);
- parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size);
- parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename);
- parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm);
+ parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_ocsp_signing_key_type);
+ parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_ocsp_signing_key_size);
+ parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_ocsp_signing_key_curvename);
+ parser.addOption(
+ "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)",
+ x_ocsp_signing_signingalgorithm);
// key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
// key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
// key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
parser.addOption("-token_name %s #HSM/Software Token name", x_token_name);
parser.addOption("-token_pwd %s #HSM/Software Token password (optional - only required for HSM)",
@@ -1501,8 +1527,10 @@ public class ConfigureCA {
parser.addOption("-save_p12 %s #Enable/Disable p12 Export[true,false]",
x_save_p12);
- parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)", x_backup_pwd);
- parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)", x_backup_fname);
+ parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)",
+ x_backup_pwd);
+ parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)",
+ x_backup_fname);
parser.addOption("-ca_sign_cert_subject_name %s #CA cert subject name",
x_ca_sign_cert_subject_name);
@@ -1532,14 +1560,22 @@ public class ConfigureCA {
x_ext_csr_file);
parser.addOption("-clone %s #Clone of another CA [true, false] (optional, default false)", x_clone);
- parser.addOption("-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri);
- parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)", x_clone_p12_file);
- parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd);
+ parser.addOption(
+ "-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
+ x_clone_uri);
+ parser.addOption(
+ "-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)",
+ x_clone_p12_file);
+ parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
+ x_clone_p12_passwd);
parser.addOption("-sd_hostname %s #Security Domain Hostname (optional, required if -clone=true)", x_sd_hostname);
- parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)", x_sd_ssl_port);
- parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)", x_sd_agent_port);
- parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)", x_sd_admin_port);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)",
+ x_sd_admin_port);
parser.addOption("-sd_admin_name %s #Security Domain admin name (optional, required if -clone=true)",
x_sd_admin_name);
parser.addOption("-sd_admin_password %s #Security Domain admin password (optional, required if -clone=true)",
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
index 0b771d8fb..3dd708a3a 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
@@ -1162,40 +1162,61 @@ public class ConfigureDRM {
parser.addOption("-db_name %s #db name",
x_db_name);
parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
- parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm);
+ parser.addOption(
+ "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_signing_algorithm);
// key and algorithm options for transport certificate (overrides default)
- parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_transport_key_type);
- parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", x_transport_key_size);
- parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_transport_key_curvename);
- parser.addOption("-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", x_transport_signingalgorithm);
+ parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_transport_key_type);
+ parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_transport_key_size);
+ parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_transport_key_curvename);
+ parser.addOption(
+ "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)",
+ x_transport_signingalgorithm);
// key and algorithm options for storage certificate (overrides default)
parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type);
parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size);
- parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_storage_key_curvename);
+ parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_storage_key_curvename);
// key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
// key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
// key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
parser.addOption("-token_name %s #HSM/Software Token name",
x_token_name);
@@ -1237,9 +1258,14 @@ public class ConfigureDRM {
x_drm_audit_signing_cert_subject_name);
parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone);
- parser.addOption("-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri);
- parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", x_clone_p12_file);
- parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd);
+ parser.addOption(
+ "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
+ x_clone_uri);
+ parser.addOption(
+ "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)",
+ x_clone_p12_file);
+ parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
+ x_clone_p12_passwd);
// and then match the arguments
String[] unmatched = null;
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java
index c69a3f7b7..7e481c791 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureOCSP.java
@@ -1039,35 +1039,53 @@ public class ConfigureOCSP {
parser.addOption("-db_name %s #db name",
x_db_name);
parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
- parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm);
+ parser.addOption(
+ "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_signing_algorithm);
// key and algorithm options for signing certificate (overrides default)
parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
- parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename);
- parser.addOption("-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm);
+ parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
// key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
// key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
// key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
parser.addOption("-token_name %s #HSM/Software Token name",
x_token_name);
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java
index d666e3bf5..4c33a8479 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureSubCA.java
@@ -1084,42 +1084,66 @@ public class ConfigureSubCA {
parser.addOption("-db_name %s #db name",
x_db_name);
parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
- parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm);
- parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm);
+ parser.addOption(
+ "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_key_algorithm);
+ parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)",
+ x_signing_algorithm);
// key and algorithm options for signing certificate (overrides default)
parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
- parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename);
- parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm);
+ parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
// key and algorithm options for ocsp_signing certificate (overrides default)
- parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type);
- parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size);
- parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename);
- parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm);
+ parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_ocsp_signing_key_type);
+ parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_ocsp_signing_key_size);
+ parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_ocsp_signing_key_curvename);
+ parser.addOption(
+ "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)",
+ x_ocsp_signing_signingalgorithm);
// key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
// key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
// key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
parser.addOption("-token_name %s #HSM/Software Token name",
x_token_name);
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java
index 854459811..acc699673 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureTKS.java
@@ -999,8 +999,11 @@ public class ConfigureTKS {
parser.addOption("-db_name %s #db name",
x_db_name);
parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
@@ -1008,19 +1011,29 @@ public class ConfigureTKS {
parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
// key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
+ parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
// key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
+ parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
// key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
+ parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
parser.addOption("-token_name %s #HSM/Software Token name",
x_token_name);
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java b/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java
index 7ba9d586e..cdc9a7fb1 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/AutoInstaller.java
@@ -38,14 +38,19 @@ public class AutoInstaller {
private static Properties props = null;
// Admin Server and InternalDB varialbes
- private String adminDomain, adminID, adminPWD, adminPort, machineName, host, serverID, instanceID, serverRoot, sieURL, dbConnPort, dbConnHost, dbInstanceName, dbPassword, dbLDAPauthDN, dbmode, ldapServerDB;
+ private String adminDomain, adminID, adminPWD, adminPort, machineName, host, serverID, instanceID, serverRoot,
+ sieURL, dbConnPort, dbConnHost, dbInstanceName, dbPassword, dbLDAPauthDN, dbmode, ldapServerDB;
// CMS Subsystem info
- private String certAdminName, certAdminUid, certAdminPWD, kra, subsystems, ca, ra, ocsp, remoteKRA, wirelessSupport, eeHttpPort, eeHttpsPort, agentHttpsPort, radminHttpsPort, tokenName, tokenPWD, certType, keyType, keyLength, SingleSignOnPWD, subjectName, aki, isCA, ski, sslCABit, objectSigningCABit, mailCABit, hashType, caOComponent, certValidityDays, signingCert, tks;
+ private String certAdminName, certAdminUid, certAdminPWD, kra, subsystems, ca, ra, ocsp, remoteKRA,
+ wirelessSupport, eeHttpPort, eeHttpsPort, agentHttpsPort, radminHttpsPort, tokenName, tokenPWD, certType,
+ keyType, keyLength, SingleSignOnPWD, subjectName, aki, isCA, ski, sslCABit, objectSigningCABit, mailCABit,
+ hashType, caOComponent, certValidityDays, signingCert, tks;
// CA info
- private String caHostname, caPortnum, caTimeout, caEEPort, enpropfile, cdir, tokenpwd, CAadminId, CAadminPwd, CAcertnickname, caAgentPortnum, cloneInstanceId;
+ private String caHostname, caPortnum, caTimeout, caEEPort, enpropfile, cdir, tokenpwd, CAadminId, CAadminPwd,
+ CAcertnickname, caAgentPortnum, cloneInstanceId;
// Program variables
private int i;
@@ -228,7 +233,8 @@ public class AutoInstaller {
* Takes parameters - sID- ServerID e.x cert1, sRoot- ServerRootK kT- keyType "RSA/DSA" , kL - keylength (1024.2048) , cVD- certificate validity dates e.g 365 for 1 year, sdn - subsystems dn, sAdp - subsystem's Admin port, sAgp - subsystems's Agentport,seSP- subsystem's ee SSL port , sep- Subsystems ee port.
*/
- public void setSubSystemInfo(String sID, String sRoot, String kT, String kL, String hT, String cVD, String sdn, String sAdP, String sAgP, String seSP, String seP) {
+ public void setSubSystemInfo(String sID, String sRoot, String kT, String kL, String hT, String cVD, String sdn,
+ String sAdP, String sAgP, String seSP, String seP) {
serverID = sID;
instanceID = "cert-" + sID;
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
index 5a933a22c..601e5998c 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSConfig.java
@@ -149,7 +149,8 @@ public class CMSConfig extends ServerInfo {
* Takes parameters : secureConnection( true/false), ldapbinddn, ldapbindnpassword,ldaphostname, lapdaportnumber ( in case of secured connection give ldap secured port), basedn (e.g ou=people,o=mcom.com)
*/
- void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, String lbsuffix) {
+ void EnablePortalAuth(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport,
+ String lbsuffix) {
String certnickname = null;
CMSprops.setProperty("auths.instance.PortalEnrollment.pluginName",
@@ -308,7 +309,8 @@ public class CMSConfig extends ServerInfo {
"LdapUserCertPublisher");
}
- public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost, String lport, String base) {
+ public void DisablePublishing(boolean secureConn, String ldaprootDN, String ldaprootDNPW, String lhost,
+ String lport, String base) {
CMSprops.setProperty("ca.publish.enable", "false");
CMSprops.setProperty("ca.publish.ldappublish.enable", "false");
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java b/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java
index d163a7f16..ec7ce3545 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/CMSInstance.java
@@ -41,9 +41,12 @@ public class CMSInstance {
* Constructor. Takes parameters hostname, adminserverport, adminDN, adminDNpassword, Dominanname, ServerRoot( full path) , instanceID, mnameand sieURL. mname is the fully qualified name of the server ( jupiter2.nscp.aoltw.net) sieURL is ("ldap://jupiter2.nscp.aoltw.net:(ConfigLADPPort)/o=NetscapeRoot"
*/
- private String cs_server_root, cs_tps_root, tps_hostname, tps_fqdn, tps_instanceid, tps_ee_port, tps_agent_port, tps_auth_ldap_host, tps_auth_ldap_port, tps_auth_ldap_suffix, ca_hostname, ca_ee_port, tks_hostname, tks_agent_port, token_db_hostname, token_db_port, token_db_suffix, token_db_passwd;
+ private String cs_server_root, cs_tps_root, tps_hostname, tps_fqdn, tps_instanceid, tps_ee_port, tps_agent_port,
+ tps_auth_ldap_host, tps_auth_ldap_port, tps_auth_ldap_suffix, ca_hostname, ca_ee_port, tks_hostname,
+ tks_agent_port, token_db_hostname, token_db_port, token_db_suffix, token_db_passwd;
- public CMSInstance(String h, String p, String AdDN, String pwd, String domain, String sroot, String insID, String mname, String sieURL) {
+ public CMSInstance(String h, String p, String AdDN, String pwd, String domain, String sroot, String insID,
+ String mname, String sieURL) {
host = h;
port = p;
@@ -254,7 +257,8 @@ public class CMSInstance {
System.out.println(args.length);
if (args.length < 10) {
- System.out.println(
+ System.out
+ .println(
"Usage : <task:Create/REmove> host port AdminDN AdminDNPW adminDomain serverRoot instanceID machineName sieURL");
System.exit(-1);
}
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java b/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
index f82c7c8fb..0087da254 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/DirEnroll.java
@@ -82,7 +82,8 @@ public class DirEnroll extends TestClient {
* @param adminpassword
*/
- public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname, String ksz, String kt) {
+ public DirEnroll(String hs, String p, String uid, String pw, String certdir, String certtokenpwd, String nickname,
+ String ksz, String kt) {
host = hs;
ports = p;
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/Request.java b/pki/base/silent/src/com/netscape/pkisilent/common/Request.java
index 0cb085776..9b5a88b15 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/Request.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/Request.java
@@ -52,7 +52,8 @@ public class Request extends TestClient {
// Cert Detail variables
private String csrRequestorName, csrRequestorPhone, csrRequestorEmail, subject, subjectdn, reqStatus, certType;
- private String requestType, requestID, sslclient, clientcert, servercert, emailcert, objectsigningcert, sslcacert, objectsigningcacert, emailcacert, sigAlgo, totalRecord, validitylength, trustedManager;
+ private String requestType, requestID, sslclient, clientcert, servercert, emailcert, objectsigningcert, sslcacert,
+ objectsigningcacert, emailcacert, sigAlgo, totalRecord, validitylength, trustedManager;
private int totalNumApproved = 0;
@@ -102,7 +103,8 @@ public class Request extends TestClient {
* @param trustedManager true/false
*/
- public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum, String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) {
+ public Request(String h, String p, String aid, String apwd, String cname, String cd, String ctpwd, String snum,
+ String sfrom, String sto, String ty, String rty, String rstate, String aty, String tm) {
host = h;
ports = p;
adminid = aid;
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java b/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
index 216465a47..1fbf834b0 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/UserEnroll.java
@@ -75,7 +75,8 @@ public class UserEnroll extends TestClient {
* @param propfilename name of the parameter file
*/
- public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd, String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) {
+ public UserEnroll(String h, String p, String dn, String e, String cn, String uid, String ou, String o, String cd,
+ String tpwd, String sslcl, String ksize, String keyty, String reqname, String reqemail, String ctype) {
host = h;
ports = p;
diff --git a/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java b/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
index 3b06d3d23..d0b0373d7 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/common/checkRequest.java
@@ -94,7 +94,8 @@ public class checkRequest extends TestClient {
* <p>
*/
- public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname, String impc) {
+ public checkRequest(String hs, String pt, String certdir, String certtokenpwd, String seqnum, String nickname,
+ String impc) {
host = hs;
ports = pt;
cdir = certdir;
generated by cgit (git 2.34.1) at 2024-09-19 23:43:03 +0000