From 621d9e5c413e561293d7484b93882d985b3fe15f Mon Sep 17 00:00:00 2001 From: Endi Sukma Dewata Date: Sat, 24 Mar 2012 02:27:47 -0500 Subject: Removed unnecessary pki folder. Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131 --- base/migrate/80/MigrateSecurityDomain.class | Bin 0 -> 6951 bytes base/migrate/80/MigrateSecurityDomain.java | 235 ++++++++++++++++++++++++++++ base/migrate/80/readme | 29 ++++ base/migrate/80/schema-add.ldif | 50 ++++++ 4 files changed, 314 insertions(+) create mode 100644 base/migrate/80/MigrateSecurityDomain.class create mode 100644 base/migrate/80/MigrateSecurityDomain.java create mode 100644 base/migrate/80/readme create mode 100644 base/migrate/80/schema-add.ldif (limited to 'base/migrate/80') diff --git a/base/migrate/80/MigrateSecurityDomain.class b/base/migrate/80/MigrateSecurityDomain.class new file mode 100644 index 000000000..f2a174dab Binary files /dev/null and b/base/migrate/80/MigrateSecurityDomain.class differ diff --git a/base/migrate/80/MigrateSecurityDomain.java b/base/migrate/80/MigrateSecurityDomain.java new file mode 100644 index 000000000..4624f1259 --- /dev/null +++ b/base/migrate/80/MigrateSecurityDomain.java @@ -0,0 +1,235 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// (C) 2008 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +import java.io.FileInputStream; +import java.io.IOException; +import java.util.ArrayList; +import java.util.Vector; + +import netscape.ldap.LDAPAttribute; +import netscape.ldap.LDAPAttributeSet; +import netscape.ldap.LDAPConnection; +import netscape.ldap.LDAPEntry; +import netscape.ldap.LDAPException; + +import org.w3c.dom.Document; +import org.w3c.dom.NodeList; + +import com.netscape.cmscore.base.FileConfigStore; +import com.netscape.cmscore.ldapconn.LdapJssSSLSocketFactory; +import com.netscape.cmsutil.ldap.LDAPUtil; +import com.netscape.cmsutil.xml.XMLObject; + +public class MigrateSecurityDomain { + + private static LDAPConnection getLDAPConn(FileConfigStore cs, String passwd) + throws IOException { + + String host = ""; + String port = ""; + String binddn = ""; + String security = ""; + + try { + host = cs.getString("internaldb.ldapconn.host"); + port = cs.getString("internaldb.ldapconn.port"); + binddn = cs.getString("internaldb.ldapauth.bindDN"); + security = cs.getString("internaldb.ldapconn.secureConn"); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: getLDAPConnection" + e.toString()); + throw new IOException( + "Failed to retrieve LDAP information from CS.cfg."); + } + + int p = -1; + + try { + p = Integer.parseInt(port); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString()); + throw new IOException("Port is not valid"); + } + + LDAPConnection conn = null; + if (security.equals("true")) { + System.out.println("MigrateSecurityDomain getLDAPConn: creating secure (SSL) connection for internal ldap"); + conn = new LDAPConnection(new LdapJssSSLSocketFactory()); + } else { + System.out.println( + "MigrateSecurityDomain getLDAPConn: creating non-secure (non-SSL) connection for internal ldap"); + conn = new LDAPConnection(); + } + + System.out.println("MigrateSecurityDomain connecting to " + host + ":" + p); + try { + conn.connect(host, p, binddn, passwd); + } catch (LDAPException e) { + System.out.println("MigrateSecurityDomain getLDAPConn: " + e.toString()); + throw new IOException("Failed to connect to the internal database."); + } + + return conn; + } + + public static void main(String args[]) throws Exception { + if (args.length != 2) { + System.out.println("Usage: MigrateSecurityDomain "); + System.exit(0); + } + + String instRoot = args[0]; + String dmPass = args[1]; + + XMLObject parser = null; + // get the security domain data from the domain.xml file + try { + String path = instRoot + "/conf/domain.xml"; + System.out.println("MigrateSecurityDomain: Reading domain.xml from file ..."); + parser = new XMLObject(new FileInputStream(path)); + + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Unable to get domain info from domain.xml file"); + System.out.println(e.toString()); + System.exit(1); + } + + try { + String configFile = instRoot + "/conf/CS.cfg"; + FileConfigStore cs = new FileConfigStore(configFile); + + LDAPConnection conn = null; + conn = MigrateSecurityDomain.getLDAPConn(cs, dmPass); + if (conn == null) { + System.out.println("MigrateSecurityDomain: Failed to connect to internal database"); + System.exit(1); + } + + // add new schema elements + String importFile = "./schema-add.ldif"; + ArrayList errors = new ArrayList(); + try { + LDAPUtil.importLDIF(conn, importFile, errors); + if (! errors.isEmpty()) { + System.out.println("MigrateSecurityDomain: Errors in adding new schema elements:"); + for (String error: errors) { + System.out.println(error); + } + } + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Error in adding new schema elements"); + System.exit(1); + } + // create the containers + String basedn = cs.getString("internaldb.basedn"); + String secdomain = parser.getValue("Name"); + + try { + String dn = "ou=Security Domain," + basedn; + System.out.println("MigrateSecurityDomain: creating ldap entry : " + dn); + + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "organizationalUnit")); + attrs.add(new LDAPAttribute("name", secdomain)); + attrs.add(new LDAPAttribute("ou", "Security Domain")); + entry = new LDAPEntry(dn, attrs); + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create security domain" + e.toString()); + System.exit(1); + } + } + + // create list containers + String clist[] = { "CAList", "OCSPList", "KRAList", "RAList", "TKSList", "TPSList" }; + for (int i = 0; i < 6; i++) { + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + String dn = "cn=" + clist[i] + ",ou=Security Domain," + basedn; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSecurityGroup")); + attrs.add(new LDAPAttribute("cn", clist[i])); + entry = new LDAPEntry(dn, attrs); + try { + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create security domain list entry " + dn + ": " + e.toString()); + System.exit(1); + } + } + } + + // create system entries + String tlist[] = { "CA", "OCSP", "KRA", "RA", "TKS", "TPS" }; + Document doc = parser.getDocument(); + for (int j = 0; j < 6; j++) { + String type = tlist[j]; + NodeList nodeList = doc.getElementsByTagName(type); + int len = nodeList.getLength(); + for (int i = 0; i < len; i++) { + Vector v_clone = parser.getValuesFromContainer(nodeList.item(i), "Clone"); + Vector v_name = parser.getValuesFromContainer(nodeList.item(i), "SubsystemName"); + Vector v_host = parser.getValuesFromContainer(nodeList.item(i), "Host"); + Vector v_port = parser.getValuesFromContainer(nodeList.item(i), "SecurePort"); + + String cn = (String) v_host.elementAt(0) + ":" + (String) v_port.elementAt(0); + String dn = "cn=" + cn + ",cn=" + type + "List,ou=Security Domain," + basedn; + LDAPEntry entry = null; + LDAPAttributeSet attrs = null; + attrs = new LDAPAttributeSet(); + attrs.add(new LDAPAttribute("objectclass", "top")); + attrs.add(new LDAPAttribute("objectclass", "pkiSubsystem")); + attrs.add(new LDAPAttribute("Host", (String) v_host.elementAt(0))); + attrs.add(new LDAPAttribute("SecurePort", (String) v_port.elementAt(0))); + attrs.add(new LDAPAttribute("Clone", (String) v_clone.elementAt(0))); + attrs.add(new LDAPAttribute("SubsystemName", (String) v_name.elementAt(0))); + attrs.add(new LDAPAttribute("cn", cn)); + attrs.add(new LDAPAttribute("DomainManager", "true")); + // Since the initial port separation feature didn't occur + // until an RHCS 7.3 errata, simply store the "SecurePort" + // value for BOTH the "SecureAgentPort" and the + // "SecureAdminPort", and DON'T store any values for the + // "UnSecurePort" + attrs.add(new LDAPAttribute("SecureAgentPort", (String) v_port.elementAt(0))); + attrs.add(new LDAPAttribute("SecureAdminPort", (String) v_port.elementAt(0))); + entry = new LDAPEntry(dn, attrs); + + try { + conn.add(entry); + } catch (LDAPException e) { + if (e.getLDAPResultCode() != 68) { + System.out.println("Unable to create entry " + dn + ": " + e.toString()); + } + } + } + } + cs.putString("securitydomain.store", "ldap"); + cs.commit(false); + System.out.println("MigrateSecurityDomain: Domain successfully migrated."); + } catch (Exception e) { + System.out.println("MigrateSecurityDomain: Migration failed. " + e.toString()); + } + System.exit(0); + } + +} diff --git a/base/migrate/80/readme b/base/migrate/80/readme new file mode 100644 index 000000000..50365c985 --- /dev/null +++ b/base/migrate/80/readme @@ -0,0 +1,29 @@ +Date + + Fri Oct 3 00:37:14 EDT 2008 + +Version + + CMS 8.0 + +Overview + + In CMS8.0, the security domain data has been migrated into the + internal LDAP database to allow easier replication of this data + when cloning. Prior to this release, this information was stored + in the domain.xml configuration file on the CA serving as the Domain + Master. + +Program + + MigrateSecurityDomain - This command will add the relevant schema and migrate + security domain data that resides in domain.xml into the internal database. + The program needs only two arguments - the location of the instance root directory + (like /var/lib/pki-ca) and the directory user's password. + +Example + + Here is an example of MigrateSecurityDomain usage +java -cp /usr/share/java/ldapjdk.jar:/usr/share/java/pki/cmscore.jar:/usr/share/java/pki/cmsutil.jar:/usr/share/java/pki/certsrv.jar:. MigrateSecurityDomain /var/lib/pki-ca mypassword + + diff --git a/base/migrate/80/schema-add.ldif b/base/migrate/80/schema-add.ldif new file mode 100644 index 000000000..fe6577e51 --- /dev/null +++ b/base/migrate/80/schema-add.ldif @@ -0,0 +1,50 @@ +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: attributeTypes +attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ name ) X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $ UnSecurePort ) X-ORIGIN 'user defined' ) + -- cgit