From 1685275fabdc90acf449feb9414ecb1021100448 Mon Sep 17 00:00:00 2001 From: mharmsen Date: Thu, 30 Jun 2011 21:52:25 +0000 Subject: Bugzilla Bug #532548 - Tool to do DRM re-key (use configuration file, process based upon records, added additional options) git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2034 c9f7a03b-bd48-0410-a16d-cbbf54688b0b --- pki/base/java-tools/src/CMakeLists.txt | 6 + .../src/com/netscape/cmstools/DRMTool.cfg | 160 + .../src/com/netscape/cmstools/DRMTool.java | 3340 +++++++++++++++++--- 3 files changed, 3084 insertions(+), 422 deletions(-) create mode 100644 pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg (limited to 'pki/base/java-tools/src') diff --git a/pki/base/java-tools/src/CMakeLists.txt b/pki/base/java-tools/src/CMakeLists.txt index 7ea53cf89..678671e7f 100644 --- a/pki/base/java-tools/src/CMakeLists.txt +++ b/pki/base/java-tools/src/CMakeLists.txt @@ -67,6 +67,12 @@ set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION}) # build pki-tools add_jar(pki-tools ${pki-tools_java_SRCS}) add_dependencies(pki-tools osutil pki-nsutil pki-cmsutil) +install( + FILES + com/netscape/cmstools/DRMTool.cfg + DESTINATION + ${SHARE_INSTALL_PREFIX}/pki/java-tools/ +) install_jar(pki-tools ${JAVA_JAR_INSTALL_DIR}/pki) set(PKI_TOOLS_JAR ${pki-tools_JAR_FILE} CACHE INTERNAL "pki-tools jar file") diff --git a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg new file mode 100644 index 000000000..b43441e19 --- /dev/null +++ b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.cfg @@ -0,0 +1,160 @@ +drmtool.ldif.caEnrollmentRequest._000=######################################## +drmtool.ldif.caEnrollmentRequest._001=## DRM CA Enrollment Request ## +drmtool.ldif.caEnrollmentRequest._002=######################################## +drmtool.ldif.caEnrollmentRequest._003=## ## +drmtool.ldif.caEnrollmentRequest._004=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.caEnrollmentRequest._005=## to change the CA 'naming context' ## +drmtool.ldif.caEnrollmentRequest._006=## data in the following fields: ## +drmtool.ldif.caEnrollmentRequest._007=## ## +drmtool.ldif.caEnrollmentRequest._008=## extdata-auth--005ftoken;uid ## +drmtool.ldif.caEnrollmentRequest._009=## extdata-auth--005ftoken;userid ## +drmtool.ldif.caEnrollmentRequest._010=## extdata-updatedby ## +drmtool.ldif.caEnrollmentRequest._011=## ## +drmtool.ldif.caEnrollmentRequest._012=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.caEnrollmentRequest._013=## to change CA 'numeric' data in ## +drmtool.ldif.caEnrollmentRequest._014=## the following fields: ## +drmtool.ldif.caEnrollmentRequest._015=## ## +drmtool.ldif.caEnrollmentRequest._016=## extdata-requestId ## +drmtool.ldif.caEnrollmentRequest._017=## ## +drmtool.ldif.caEnrollmentRequest._018=######################################## +drmtool.ldif.caEnrollmentRequest.cn=true +drmtool.ldif.caEnrollmentRequest.dateOfModify=true +drmtool.ldif.caEnrollmentRequest.dn=true +drmtool.ldif.caEnrollmentRequest.extdata.keyRecord=true +drmtool.ldif.caEnrollmentRequest.extdata.requestNotes=true +drmtool.ldif.caEnrollmentRequest.requestId=true +drmtool.ldif.caKeyRecord._000=######################################### +drmtool.ldif.caKeyRecord._001=## DRM CA Key Record ## +drmtool.ldif.caKeyRecord._002=######################################### +drmtool.ldif.caKeyRecord._003=## ## +drmtool.ldif.caKeyRecord._004=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.caKeyRecord._005=## to change the CA 'naming context' ## +drmtool.ldif.caKeyRecord._006=## data in the following fields: ## +drmtool.ldif.caKeyRecord._007=## ## +drmtool.ldif.caKeyRecord._008=## archivedBy ## +drmtool.ldif.caKeyRecord._009=## ## +drmtool.ldif.caKeyRecord._010=######################################### +drmtool.ldif.caKeyRecord.cn=true +drmtool.ldif.caKeyRecord.dateOfModify=true +drmtool.ldif.caKeyRecord.dn=true +drmtool.ldif.caKeyRecord.privateKeyData=true +drmtool.ldif.caKeyRecord.serialno=true +drmtool.ldif.namingContext._000=############################################ +drmtool.ldif.namingContext._001=## DRM Naming Context Fields ## +drmtool.ldif.namingContext._002=############################################ +drmtool.ldif.namingContext._003=## ## +drmtool.ldif.namingContext._004=## NEVER allow 'DRMTOOL' the ability to ## +drmtool.ldif.namingContext._005=## change the CA 'naming context' data ## +drmtool.ldif.namingContext._006=## in the following 'non-KeyRecord / ## +drmtool.ldif.namingContext._007=## non-Request' fields (as these records ## +drmtool.ldif.namingContext._008=## should be removed via the option to ## +drmtool.ldif.namingContext._009=## process requests and key records only ## +drmtool.ldif.namingContext._010=## if this is a DRM migration): ## +drmtool.ldif.namingContext._011=## ## +drmtool.ldif.namingContext._012=## cn ## +drmtool.ldif.namingContext._013=## sn ## +drmtool.ldif.namingContext._014=## uid ## +drmtool.ldif.namingContext._015=## uniqueMember ## +drmtool.ldif.namingContext._016=## ## +drmtool.ldif.namingContext._017=## NEVER allow 'DRMTOOL' the ability to ## +drmtool.ldif.namingContext._018=## change the DRM 'naming context' data ## +drmtool.ldif.namingContext._019=## in the following 'non-KeyRecord / ## +drmtool.ldif.namingContext._020=## non-Request' fields (as these records ## +drmtool.ldif.namingContext._021=## should be removed via the option to ## +drmtool.ldif.namingContext._022=## process requests and key records only ## +drmtool.ldif.namingContext._023=## if this is a DRM migration): ## +drmtool.ldif.namingContext._024=## ## +drmtool.ldif.namingContext._025=## dc ## +drmtool.ldif.namingContext._026=## dn ## +drmtool.ldif.namingContext._027=## uniqueMember ## +drmtool.ldif.namingContext._028=## ## +drmtool.ldif.namingContext._029=## NEVER allow 'DRMTOOL' the ability to ## +drmtool.ldif.namingContext._030=## change the TPS 'naming context' data ## +drmtool.ldif.namingContext._031=## in the following 'non-KeyRecord / ## +drmtool.ldif.namingContext._032=## non-Request' fields (as these records ## +drmtool.ldif.namingContext._033=## should be removed via the option to ## +drmtool.ldif.namingContext._034=## process requests and key records only ## +drmtool.ldif.namingContext._035=## if this is a DRM migration): ## +drmtool.ldif.namingContext._036=## ## +drmtool.ldif.namingContext._037=## uid ## +drmtool.ldif.namingContext._038=## uniqueMember ## +drmtool.ldif.namingContext._039=## ## +drmtool.ldif.namingContext._040=## If '-source_naming_context ## +drmtool.ldif.namingContext._041=## ' ## +drmtool.ldif.namingContext._042=## and '-target_naming_context ## +drmtool.ldif.namingContext._043=## ' ## +drmtool.ldif.namingContext._044=## options are specified, ALWAYS ## +drmtool.ldif.namingContext._045=## require 'DRMTOOL' to change the ## +drmtool.ldif.namingContext._046=## DRM 'naming context' data in ALL of ## +drmtool.ldif.namingContext._047=## the following fields in EACH of the ## +drmtool.ldif.namingContext._048=## following types of records: ## +drmtool.ldif.namingContext._049=## ## +drmtool.ldif.namingContext._050=## caEnrollmentRequest: ## +drmtool.ldif.namingContext._051=## ## +drmtool.ldif.namingContext._052=## dn ## +drmtool.ldif.namingContext._053=## extdata-auth--005ftoken;user ## +drmtool.ldif.namingContext._054=## extdata-auth--005ftoken;userdn ## +drmtool.ldif.namingContext._055=## ## +drmtool.ldif.namingContext._056=## caKeyRecord: ## +drmtool.ldif.namingContext._057=## ## +drmtool.ldif.namingContext._058=## dn ## +drmtool.ldif.namingContext._059=## ## +drmtool.ldif.namingContext._060=## recoveryRequest: ## +drmtool.ldif.namingContext._061=## ## +drmtool.ldif.namingContext._062=## dn ## +drmtool.ldif.namingContext._063=## ## +drmtool.ldif.namingContext._064=## tpsKeyRecord: ## +drmtool.ldif.namingContext._065=## ## +drmtool.ldif.namingContext._066=## dn ## +drmtool.ldif.namingContext._067=## ## +drmtool.ldif.namingContext._068=## tpsNetkeyKeygenRequest: ## +drmtool.ldif.namingContext._069=## ## +drmtool.ldif.namingContext._070=## dn ## +drmtool.ldif.namingContext._071=## ## +drmtool.ldif.namingContext._072=############################################ +drmtool.ldif.recoveryRequest._000=##################################### +drmtool.ldif.recoveryRequest._001=## DRM CA / TPS Recovery Request ## +drmtool.ldif.recoveryRequest._002=##################################### +drmtool.ldif.recoveryRequest.cn=true +drmtool.ldif.recoveryRequest.dateOfModify=true +drmtool.ldif.recoveryRequest.dn=true +drmtool.ldif.recoveryRequest.extdata.requestId=true +drmtool.ldif.recoveryRequest.extdata.requestNotes=true +drmtool.ldif.recoveryRequest.extdata.serialnumber=true +drmtool.ldif.recoveryRequest.requestId=true +drmtool.ldif.tpsKeyRecord._000=######################################### +drmtool.ldif.tpsKeyRecord._001=## DRM TPS Key Record ## +drmtool.ldif.tpsKeyRecord._002=######################################### +drmtool.ldif.tpsKeyRecord._003=## ## +drmtool.ldif.tpsKeyRecord._004=## NEVER allow 'DRMTOOL' the ability ## +drmtool.ldif.tpsKeyRecord._005=## to change the TPS 'naming context' ## +drmtool.ldif.tpsKeyRecord._006=## data in the following fields: ## +drmtool.ldif.tpsKeyRecord._007=## ## +drmtool.ldif.tpsKeyRecord._008=## archivedBy ## +drmtool.ldif.tpsKeyRecord._009=## ## +drmtool.ldif.tpsKeyRecord._010=######################################### +drmtool.ldif.tpsKeyRecord.cn=true +drmtool.ldif.tpsKeyRecord.dateOfModify=true +drmtool.ldif.tpsKeyRecord.dn=true +drmtool.ldif.tpsKeyRecord.privateKeyData=true +drmtool.ldif.tpsKeyRecord.serialno=true +drmtool.ldif.tpsNetkeyKeygenRequest._000=##################################### +drmtool.ldif.tpsNetkeyKeygenRequest._001=## DRM TPS Netkey Keygen Request ## +drmtool.ldif.tpsNetkeyKeygenRequest._002=##################################### +drmtool.ldif.tpsNetkeyKeygenRequest._003=## ## +drmtool.ldif.tpsNetkeyKeygenRequest._004=## NEVER allow 'DRMTOOL' the ## +drmtool.ldif.tpsNetkeyKeygenRequest._005=## ability to change the ## +drmtool.ldif.tpsNetkeyKeygenRequest._006=## TPS 'naming context' data in ## +drmtool.ldif.tpsNetkeyKeygenRequest._007=## the following fields: ## +drmtool.ldif.tpsNetkeyKeygenRequest._008=## ## +drmtool.ldif.tpsNetkeyKeygenRequest._009=## extdata-updatedby ## +drmtool.ldif.tpsNetkeyKeygenRequest._010=## ## +drmtool.ldif.tpsNetkeyKeygenRequest._011=##################################### +drmtool.ldif.tpsNetkeyKeygenRequest.cn=true +drmtool.ldif.tpsNetkeyKeygenRequest.dateOfModify=true +drmtool.ldif.tpsNetkeyKeygenRequest.dn=true +drmtool.ldif.tpsNetkeyKeygenRequest.extdata.keyRecord=true +drmtool.ldif.tpsNetkeyKeygenRequest.extdata.requestId=true +drmtool.ldif.tpsNetkeyKeygenRequest.extdata.requestNotes=true +drmtool.ldif.tpsNetkeyKeygenRequest.requestId=true + diff --git a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java index e2838854e..f327337d3 100644 --- a/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java +++ b/pki/base/java-tools/src/com/netscape/cmstools/DRMTool.java @@ -33,6 +33,7 @@ import org.mozilla.jss.CryptoManager; import org.mozilla.jss.crypto.PrivateKey; import org.mozilla.jss.crypto.*; import org.mozilla.jss.pkcs11.PK11PubKey; +import org.mozilla.jss.util.Password; import org.mozilla.jss.*; /** @@ -45,7 +46,10 @@ import org.mozilla.jss.*; * * STARTING INVENTORY: * - * (1) an LDIF file containing 'exported' DRM data + * (1) a DRMTOOL configuration file containing DRM LDIF record + * types and the processing status of their associated fields + * + * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) * * NOTE: If this LDIF file contains data that was originally @@ -53,7 +57,7 @@ import org.mozilla.jss.*; * must have previously undergone the appropriate * migration steps. * - * (2) the NSS security databases (e. g. - cert8.db, key3.db, + * (3) the NSS security databases (e. g. - cert8.db, key3.db, * and secmod.db) associated with the data contained in * the source LDIF file * @@ -66,7 +70,7 @@ import org.mozilla.jss.*; * this key (e. g. - which may be located in * the source DRM's 'password.conf' file). * - * (3) a file containing the ASCII BASE-64 storage certificate + * (4) a file containing the ASCII BASE-64 storage certificate * from the DRM instance for which the output LDIF file is * intended (referred to as the "target") * @@ -82,36 +86,52 @@ import org.mozilla.jss.*; * * DRMTool PARAMETERS: * - * (1) the name of the input LDIF file containing data which was + * (1) the name of the DRMTOOL configuration file containing + * DRM LDIF record types and the processing status of their + * associated fields + * + * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance * - * (2) the name of the output LDIF file intended to contain the + * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance * - * (3) the name of the log file that may be used for auditing + * (4) the name of the log file that may be used for auditing * purposes * - * (4) the path to the security databases that were used by + * (5) the path to the security databases that were used by * the source DRM instance * - * (5) the name of the token that was used by + * (6) the name of the token that was used by * the source DRM instance * - * (6) the name of the storage certificate that was used by + * (7) the name of the storage certificate that was used by * the source DRM instance * - * (7) the name of the file containing the ASCII BASE-64 storage + * (8) the name of the file containing the ASCII BASE-64 storage * certificate from the target DRM instance for which the * output LDIF file is intended * - * DATA FIELDS AFFECTED: + * (9) OPTIONALLY, the name of a file which ONLY contains the + * password needed to access the source DRM instance's + * security databases + * + * (10) OPTIONALLY, choose to change the specified source DRM naming + * context to the specified target DRM naming context + * + * (11) OPTIONALLY, choose to ONLY process CA enrollment requests, + * CA recovery requests, CA key records, TPS netkeyKeygen + * enrollment requests, TPS recovery requests, and + * TPS key records + * + * DATA FIELDS AFFECTED (using default config file values): * * (1) CA DRM enrollment request * * (a) dateOfModify * (b) extdata-requestnotes * - * (2) CA DRM keyrecord + * (2) CA DRM key record * * (a) dateOfModify * (b) privateKeyData @@ -126,7 +146,7 @@ import org.mozilla.jss.*; * (a) dateOfModify * (b) extdata-requestnotes (NEW) * - * (5) TPS DRM keyrecord + * (5) TPS DRM key record * * (a) dateOfModify * (b) privateKeyData @@ -141,7 +161,10 @@ import org.mozilla.jss.*; * * STARTING INVENTORY: * - * (1) an LDIF file containing 'exported' DRM data + * (1) a DRMTOOL configuration file containing DRM LDIF record + * types and the processing status of their associated fields + * + * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) * * NOTE: If this LDIF file contains data that was originally @@ -161,30 +184,41 @@ import org.mozilla.jss.*; * * DRMTool PARAMETERS: * - * (1) the name of the input LDIF file containing data which was + * (1) the name of the DRMTOOL configuration file containing + * DRM LDIF record types and the processing status of their + * associated fields + * + * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance * - * (2) the name of the output LDIF file intended to contain the + * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance * - * (3) the name of the log file that may be used for auditing + * (4) the name of the log file that may be used for auditing * purposes * - * (4) a large numeric ID offset (mask) to be appended to existing + * (5) a large numeric ID offset (mask) to be appended to existing * numeric data in the source DRM instance's LDIF file * - * DATA FIELDS AFFECTED: + * (6) OPTIONALLY, choose to change the specified source DRM naming + * context to the specified target DRM naming context + * + * (7) OPTIONALLY, choose to ONLY process CA enrollment requests, + * CA recovery requests, CA key records, TPS netkeyKeygen + * enrollment requests, TPS recovery requests, and + * TPS key records + * + * DATA FIELDS AFFECTED (using default config file values): * * (1) CA DRM enrollment request * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord - * (d) extdata-requestid - * (e) extdata-requestnotes - * (f) requestId + * (d) extdata-requestnotes + * (e) requestId * - * (2) CA DRM keyrecord + * (2) CA DRM key record * * (a) cn * (b) dateOfModify @@ -196,7 +230,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * (4) TPS DRM netkeyKeygen (enrollment) request @@ -208,7 +242,7 @@ import org.mozilla.jss.*; * (e) extdata-requestnotes (NEW) * (f) requestId * - * (5) TPS DRM keyrecord + * (5) TPS DRM key record * * (a) cn * (b) dateOfModify @@ -220,7 +254,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * (C) Specify an ID offset to be removed from existing numeric data @@ -228,7 +262,10 @@ import org.mozilla.jss.*; * * STARTING INVENTORY: * - * (1) an LDIF file containing 'exported' DRM data + * (1) a DRMTOOL configuration file containing DRM LDIF record + * types and the processing status of their associated fields + * + * (2) an LDIF file containing 'exported' DRM data * (referred to as the "source" DRM) * * NOTE: If this LDIF file contains data that was originally @@ -248,30 +285,41 @@ import org.mozilla.jss.*; * * DRMTool PARAMETERS: * - * (1) the name of the input LDIF file containing data which was + * (1) the name of the DRMTOOL configuration file containing + * DRM LDIF record types and the processing status of their + * associated fields + * + * (2) the name of the input LDIF file containing data which was * 'exported' from the source DRM instance * - * (2) the name of the output LDIF file intended to contain the + * (3) the name of the output LDIF file intended to contain the * revised data suitable for 'import' to a target DRM instance * - * (3) the name of the log file that may be used for auditing + * (4) the name of the log file that may be used for auditing * purposes * - * (4) a large numeric ID offset (mask) to be removed from existing + * (5) a large numeric ID offset (mask) to be removed from existing * numeric data in the source DRM instance's LDIF file * - * DATA FIELDS AFFECTED: + * (6) OPTIONALLY, choose to change the specified source DRM naming + * context to the specified target DRM naming context + * + * (7) OPTIONALLY, choose to ONLY process CA enrollment requests, + * CA recovery requests, CA key records, TPS netkeyKeygen + * enrollment requests, TPS recovery requests, and + * TPS key records + * + * DATA FIELDS AFFECTED (using default config file values): * * (1) CA DRM enrollment request * * (a) cn * (b) dateOfModify * (c) extdata-keyrecord - * (d) extdata-requestid - * (e) extdata-requestnotes - * (f) requestId + * (d) extdata-requestnotes + * (e) requestId * - * (2) CA DRM keyrecord + * (2) CA DRM key record * * (a) cn * (b) dateOfModify @@ -283,7 +331,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * (4) TPS DRM netkeyKeygen (enrollment) request @@ -295,7 +343,7 @@ import org.mozilla.jss.*; * (e) extdata-requestnotes (NEW) * (f) requestId * - * (5) TPS DRM keyrecord + * (5) TPS DRM key record * * (a) cn * (b) dateOfModify @@ -307,7 +355,7 @@ import org.mozilla.jss.*; * (b) dateOfModify * (c) extdata-requestid * (d) extdata-requestnotes (NEW) - * (e) extdata-serialno + * (e) extdata-serialnumber * (f) requestId * * @@ -317,6 +365,7 @@ import org.mozilla.jss.*; * 
  *
  *    DRMTool
+ *    -drmtool_config_file <path + drmtool config file>
  *    -source_ldif_file <path + source ldif file>
  *    -target_ldif_file <path + target ldif file>
  *    -log_file <path + log file>
@@ -324,11 +373,16 @@ import org.mozilla.jss.*;
  *    [-source_storage_token_name '<source token>']
  *    [-source_storage_certificate_nickname '<source nickname>']
  *    [-target_storage_certificate_file <path to target certificate file>]
+ *    [-source_pki_security_database_pwdfile <path to PKI password file>]
  *    [-append_id_offset <numeric offset>]
  *    [-remove_id_offset <numeric offset>]
+ *    [-source_drm_naming_context '<original source DRM naming context>']
+ *    [-target_drm_naming_context '<renamed target DRM naming context>']
+ *    [-process_requests_and_key_records_only]
  *
  *    where the following options are 'Mandatory':
  *
+ *    -drmtool_config_file <path + drmtool config file>
  *    -source_ldif_file <path + source ldif file>
  *    -target_ldif_file <path + target ldif file>
  *    -log_file <path + log file>
@@ -344,19 +398,62 @@ import org.mozilla.jss.*;
  *            [-target_storage_certificate_file
  *             <path to target certificate file>]
  *
+ *            AND OPTIONALLY, specify the name of a file which ONLY contains
+ *            the password needed to access the source DRM instance's
+ *            security databases:
+ *
+ *            [-source_pki_security_database_pwdfile
+ *             <path to PKI password file>]
+ *
+ *            AND OPTIONALLY, rename source DRM naming context --> target
+ *            DRM naming context:
+ *
+ *            [-source_drm_naming_context '<source DRM naming context>']
+ *            [-target_drm_naming_context '<target DRM naming context>']
+ *
+ *            AND OPTIONALLY, process requests and key records ONLY:
+ *
+ *            [-process_requests_and_key_records_only]
+ *
  *        (b) option for appending the specified numeric ID offset
  *            to existing numerical data:
  *
  *            [-append_id_offset <numeric offset>]
  *
+ *            AND OPTIONALLY, rename source DRM naming context --> target
+ *            DRM naming context:
+ *
+ *            [-source_drm_naming_context '<source DRM naming context>']
+ *            [-target_drm_naming_context '<target DRM naming context>']
+ *
+ *            AND OPTIONALLY, process requests and key records ONLY:
+ *
+ *            [-process_requests_and_key_records_only]
+ *
  *        (c) option for removing the specified numeric ID offset
  *            from existing numerical data:
  *
+ *            AND OPTIONALLY, rename source DRM naming context --> target
+ *            DRM naming context:
+ *
+ *            [-source_drm_naming_context '<source DRM naming context>']
+ *            [-target_drm_naming_context '<target DRM naming context>']
+ *
  *            [-remove_id_offset <numeric offset>]
  *
+ *            AND OPTIONALLY, process requests and key records ONLY:
+ *
+ *            [-process_requests_and_key_records_only]
+ *
  *        (d) (a) rewrap AND (b) append ID offset
+ *            [AND OPTIONALLY, rename source DRM naming context --> target
+ *            DRM naming context]
+ *            [AND OPTIONALLY process requests and key records ONLY]
  *
  *        (e) (a) rewrap AND (c) remove ID offset
+ *            [AND OPTIONALLY, rename source DRM naming context --> target
+ *            DRM naming context]
+ *            [AND OPTIONALLY process requests and key records ONLY]
  *
  *        NOTE:  Options (b) and (c) are mutually exclusive!
  *
@@ -375,6 +472,9 @@ public class DRMTool
     private static final boolean FAILURE = false;
     private static final boolean SUCCESS = true;
     private static final String COLON = ":";
+    private static final String DOT = ".";
+    private static final String EQUAL_SIGN = "=";
+    private static final String HASH = "#";
     private static final String LEFT_BRACE = "[";
     private static final String NEWLINE = "\n";
     private static final String PLUS = "+";
@@ -390,23 +490,36 @@ public class DRMTool
 
     // Constants:  PKCS #11 Information
     private static final String INTERNAL_TOKEN = "Internal Key Storage Token";
-    private static final String STORAGE_NICKNAME = "storageCert cert-pki-kra";
-    private static final String TARGET_STORAGE_CERT = "target_storage.cert";
-    private static final String ID_OFFSET_VALUE = "10000000";
 
 
     // Constants:  Command-line Options
     private static final int ID_OFFSET_NAME_VALUE_PAIRS = 1;
-    private static final int MANDATORY_NAME_VALUE_PAIRS = 3;
+    private static final int PWDFILE_NAME_VALUE_PAIRS = 1;
+    private static final int NAMING_CONTEXT_NAME_VALUE_PAIRS = 2;
+    private static final int MANDATORY_NAME_VALUE_PAIRS = 4;
     private static final int REWRAP_NAME_VALUE_PAIRS = 4;
-    private static final int ID_OFFSET_ARGS = 8;
-    private static final int REWRAP_ARGS = 14;
-    private static final int REWRAP_AND_ID_OFFSET_ARGS = 16;
+    private static final int ID_OFFSET_ARGS = 10;
+    private static final int REWRAP_ARGS = 16;
+    private static final int REWRAP_AND_ID_OFFSET_ARGS = 18;
 
 
     // Constants:  Command-line Options (Mandatory)
     private static final String DRM_TOOL = "DRMTool";
 
+    private static final String
+    DRMTOOL_CFG_FILE = "-drmtool_config_file";
+
+    private static final String
+    DRMTOOL_CFG_DESCRIPTION = " ";
+
+    private static final String
+    DRMTOOL_CFG_FILE_EXAMPLE = DRMTOOL_CFG_FILE
+                             + " "
+                             + "/usr/share/pki/java-tools/DRMTool.cfg";
+
     private static final String
     SOURCE_LDIF_FILE = "-source_ldif_file";
 
@@ -417,7 +530,9 @@ public class DRMTool
                             + "  ending with the source LDIF file name>";
 
     private static final String
-    SOURCE_LDIF_FILE_EXAMPLE = "-source_ldif_file /export/pki/source.ldif";
+    SOURCE_LDIF_FILE_EXAMPLE = SOURCE_LDIF_FILE
+                             + " "
+                             + "/export/pki/source.ldif";
 
     private static final String
     TARGET_LDIF_FILE = "-target_ldif_file";
@@ -429,7 +544,9 @@ public class DRMTool
                             + "  ending with the target LDIF file name>";
 
     private static final String
-    TARGET_LDIF_FILE_EXAMPLE = "-target_ldif_file /export/pki/target.ldif";
+    TARGET_LDIF_FILE_EXAMPLE = TARGET_LDIF_FILE
+                             + " "
+                             + "/export/pki/target.ldif";
 
     private static final String
     LOG_FILE = "-log_file";
@@ -441,7 +558,9 @@ public class DRMTool
                     + "  ending with the log file name>";
 
     private static final String
-    LOG_FILE_EXAMPLE = "-log_file /export/pki/drmtool.log";
+    LOG_FILE_EXAMPLE = LOG_FILE
+                     + " "
+                     + "/export/pki/DRMTool.log";
 
 
     // Constants:  Command-line Options (Rewrap)
@@ -456,7 +575,8 @@ public class DRMTool
                               + "   used by data in the source LDIF file>";
 
     private static final String
-    SOURCE_NSS_DB_PATH_EXAMPLE = "-source_pki_security_database_path "
+    SOURCE_NSS_DB_PATH_EXAMPLE = SOURCE_NSS_DB_PATH
+                               + " "
                                + "/export/pki";
 
     private static final String
@@ -467,10 +587,11 @@ public class DRMTool
                                      + "the source storage token>";
 
     private static final String
-    SOURCE_STORAGE_TOKEN_NAME_EXAMPLE = "-source_storage_token_name "
-                                      + "\'"
-                                      + INTERNAL_TOKEN
-                                      + "\'";
+    SOURCE_STORAGE_TOKEN_NAME_EXAMPLE = SOURCE_STORAGE_TOKEN_NAME
+                                      + " "
+                                      + TIC
+                                      + "Internal Key Storage Token"
+                                      + TIC;
 
     private static final String
     SOURCE_STORAGE_CERT_NICKNAME = "-source_storage_certificate_nickname";
@@ -480,11 +601,11 @@ public class DRMTool
                                              + "storage certificate>";
 
     private static final String
-    SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE =
-                                         "-source_storage_certificate_nickname"
-                                         + " \'"
-                                         + STORAGE_NICKNAME
-                                         + "\'";
+    SOURCE_STORAGE_CERT_NICKNAME_EXAMPLE = SOURCE_STORAGE_CERT_NICKNAME
+                                         + " "
+                                         + TIC
+                                         + "storageCert cert-pki-kra"
+                                         + TIC;
 
     private static final String
     TARGET_STORAGE_CERTIFICATE_FILE = "-target_storage_certificate_file";
@@ -506,9 +627,26 @@ public class DRMTool
                                            + "header and footer>";
 
     private static final String
-    TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE = "-target_storage_certificate_file"
-                                            + " /export/pki/"
-                                            + TARGET_STORAGE_CERT;
+    TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE = TARGET_STORAGE_CERTIFICATE_FILE
+                                            + " "
+                                            + "/export/pki/target_storage.cert";
+
+    private static final String
+    SOURCE_NSS_DB_PWDFILE = "-source_pki_security_database_pwdfile";
+
+    private static final String
+    SOURCE_NSS_DB_PWDFILE_DESCRIPTION = "  ";
+
+    private static final String
+    SOURCE_NSS_DB_PWDFILE_EXAMPLE = SOURCE_NSS_DB_PWDFILE
+                                  + " "
+                                  + "/export/pki/pwdfile";
+
 
 
     // Constants:  Command-line Options (ID Offset)
@@ -520,8 +658,9 @@ public class DRMTool
                                  + "each record's source ID>";
 
     private static final String
-    APPEND_ID_OFFSET_EXAMPLE = "-append_id_offset "
-                             + ID_OFFSET_VALUE;
+    APPEND_ID_OFFSET_EXAMPLE = APPEND_ID_OFFSET
+                             + " "
+                             + "100000000000";
 
     private static final String
     REMOVE_ID_OFFSET = "-remove_id_offset";
@@ -531,8 +670,245 @@ public class DRMTool
                                  + "each record's source ID>";
 
     private static final String
-    REMOVE_ID_OFFSET_EXAMPLE = "-remove_id_offset "
-                             + ID_OFFSET_VALUE;
+    REMOVE_ID_OFFSET_EXAMPLE = REMOVE_ID_OFFSET
+                             + " "
+                             + "100000000000";
+
+
+    // Constants:  Command-line Options
+    private static final String
+    SOURCE_DRM_NAMING_CONTEXT = "-source_drm_naming_context";
+
+    private static final String
+    SOURCE_DRM_NAMING_CONTEXT_DESCRIPTION = "  ";
+
+    private static final String
+    SOURCE_DRM_NAMING_CONTEXT_EXAMPLE = SOURCE_DRM_NAMING_CONTEXT
+                                      + " "
+                                      + TIC
+                                      + "alpha.example.com-pki-kra"
+                                      + TIC;
+
+    private static final String
+    TARGET_DRM_NAMING_CONTEXT = "-target_drm_naming_context";
+
+    private static final String
+    TARGET_DRM_NAMING_CONTEXT_DESCRIPTION = "  ";
+
+    private static final String
+    TARGET_DRM_NAMING_CONTEXT_EXAMPLE = TARGET_DRM_NAMING_CONTEXT
+                                      + " "
+                                      + TIC
+                                      + "omega.example.com-pki-kra"
+                                      + TIC;
+
+    private static final String
+    PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY =
+        "-process_requests_and_key_records_only";
+
+
+    // Constants:  DRMTOOL Config File
+    private static final String DRMTOOL_CFG_PREFIX = "drmtool.ldif";
+    private static final String DRMTOOL_CFG_ENROLLMENT = "caEnrollmentRequest";
+    private static final String DRMTOOL_CFG_CA_KEY_RECORD = "caKeyRecord";
+    private static final String DRMTOOL_CFG_RECOVERY = "recoveryRequest";
+    private static final String DRMTOOL_CFG_TPS_KEY_RECORD = "tpsKeyRecord";
+    private static final String DRMTOOL_CFG_KEYGEN = "tpsNetkeyKeygenRequest";
+
+
+    // Constants:  DRMTOOL Config File (DRM CA Enrollment Request Fields)
+    private static final String
+        DRMTOOL_CFG_ENROLLMENT_CN = DRMTOOL_CFG_PREFIX
+                                  + DOT
+                                  + DRMTOOL_CFG_ENROLLMENT
+                                  + DOT
+                                  + "cn";
+    private static final String
+        DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX
+                                              + DOT
+                                              + DRMTOOL_CFG_ENROLLMENT
+                                              + DOT
+                                              + "dateOfModify";
+    private static final String
+        DRMTOOL_CFG_ENROLLMENT_DN = DRMTOOL_CFG_PREFIX
+                                  + DOT
+                                  + DRMTOOL_CFG_ENROLLMENT
+                                  + DOT
+                                  + "dn";
+    private static final String
+        DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX
+                                                  + DOT
+                                                  + DRMTOOL_CFG_ENROLLMENT
+                                                  + DOT
+                                                  + "extdata.keyRecord";
+    private static final String
+        DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX
+                                                     + DOT
+                                                     + DRMTOOL_CFG_ENROLLMENT
+                                                     + DOT
+                                                     + "extdata.requestNotes";
+    private static final String
+        DRMTOOL_CFG_ENROLLMENT_REQUEST_ID = DRMTOOL_CFG_PREFIX
+                                          + DOT
+                                          + DRMTOOL_CFG_ENROLLMENT
+                                          + DOT
+                                          + "requestId";
+
+
+    // Constants:  DRMTOOL Config File (DRM CA Key Record Fields)
+    private static final String
+        DRMTOOL_CFG_CA_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX
+                                     + DOT
+                                     + DRMTOOL_CFG_CA_KEY_RECORD
+                                     + DOT
+                                     + "cn";
+    private static final String
+        DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX
+                                                 + DOT
+                                                 + DRMTOOL_CFG_CA_KEY_RECORD
+                                                 + DOT
+                                                 + "dateOfModify";
+    private static final String
+        DRMTOOL_CFG_CA_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX
+                                     + DOT
+                                     + DRMTOOL_CFG_ENROLLMENT
+                                     + DOT
+                                     + "dn";
+    private static final String
+        DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX
+                                                   + DOT
+                                                   + DRMTOOL_CFG_CA_KEY_RECORD
+                                                   + DOT
+                                                   + "privateKeyData";
+    private static final String
+        DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX
+                                            + DOT
+                                            + DRMTOOL_CFG_CA_KEY_RECORD
+                                            + DOT
+                                            + "serialno";
+
+
+    // Constants:  DRMTOOL Config File (DRM CA / TPS Recovery Request Fields)
+    private static final String
+        DRMTOOL_CFG_RECOVERY_CN = DRMTOOL_CFG_PREFIX
+                                + DOT
+                                + DRMTOOL_CFG_RECOVERY
+                                + DOT
+                                + "cn";
+    private static final String
+        DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX
+                                            + DOT
+                                            + DRMTOOL_CFG_RECOVERY
+                                            + DOT
+                                            + "dateOfModify";
+    private static final String
+        DRMTOOL_CFG_RECOVERY_DN = DRMTOOL_CFG_PREFIX
+                                + DOT
+                                + DRMTOOL_CFG_RECOVERY
+                                + DOT
+                                + "dn";
+    private static final String
+        DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX
+                                                + DOT
+                                                + DRMTOOL_CFG_RECOVERY
+                                                + DOT
+                                                + "extdata.requestId";
+    private static final String
+        DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX
+                                                   + DOT
+                                                   + DRMTOOL_CFG_RECOVERY
+                                                   + DOT
+                                                   + "extdata.requestNotes";
+    private static final String
+        DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER = DRMTOOL_CFG_PREFIX
+                                                   + DOT
+                                                   + DRMTOOL_CFG_RECOVERY
+                                                   + DOT
+                                                   + "extdata.serialnumber";
+    private static final String
+        DRMTOOL_CFG_RECOVERY_REQUEST_ID = DRMTOOL_CFG_PREFIX
+                                        + DOT
+                                        + DRMTOOL_CFG_RECOVERY
+                                        + DOT
+                                        + "requestId";
+
+
+    // Constants:  DRMTOOL Config File (DRM TPS Key Record Fields)
+    private static final String
+        DRMTOOL_CFG_TPS_KEY_RECORD_CN = DRMTOOL_CFG_PREFIX
+                                      + DOT
+                                      + DRMTOOL_CFG_TPS_KEY_RECORD
+                                      + DOT
+                                      + "cn";
+    private static final String
+        DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX
+                                                  + DOT
+                                                  + DRMTOOL_CFG_TPS_KEY_RECORD
+                                                  + DOT
+                                                  + "dateOfModify";
+    private static final String
+        DRMTOOL_CFG_TPS_KEY_RECORD_DN = DRMTOOL_CFG_PREFIX
+                                      + DOT
+                                      + DRMTOOL_CFG_TPS_KEY_RECORD
+                                      + DOT
+                                      + "dn";
+    private static final String
+        DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA = DRMTOOL_CFG_PREFIX
+                                                    + DOT
+                                                    + DRMTOOL_CFG_TPS_KEY_RECORD
+                                                    + DOT
+                                                    + "privateKeyData";
+    private static final String
+        DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO = DRMTOOL_CFG_PREFIX
+                                             + DOT
+                                             + DRMTOOL_CFG_TPS_KEY_RECORD
+                                             + DOT
+                                             + "serialno";
+
+
+    // Constants:  DRMTOOL Config File (DRM TPS Netkey Keygen Request Fields)
+    private static final String
+        DRMTOOL_CFG_KEYGEN_CN = DRMTOOL_CFG_PREFIX
+                              + DOT
+                              + DRMTOOL_CFG_KEYGEN
+                              + DOT
+                              + "cn";
+    private static final String
+        DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY = DRMTOOL_CFG_PREFIX
+                                          + DOT
+                                          + DRMTOOL_CFG_KEYGEN
+                                          + DOT
+                                          + "dateOfModify";
+    private static final String
+        DRMTOOL_CFG_KEYGEN_DN = DRMTOOL_CFG_PREFIX
+                              + DOT
+                              + DRMTOOL_CFG_KEYGEN
+                              + DOT
+                              + "dn";
+    private static final String
+        DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD = DRMTOOL_CFG_PREFIX
+                                              + DOT
+                                              + DRMTOOL_CFG_KEYGEN
+                                              + DOT
+                                              + "extdata.keyRecord";
+    private static final String
+        DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID = DRMTOOL_CFG_PREFIX
+                                              + DOT
+                                              + DRMTOOL_CFG_KEYGEN
+                                              + DOT
+                                              + "extdata.requestId";
+    private static final String
+        DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES = DRMTOOL_CFG_PREFIX
+                                                 + DOT
+                                                 + DRMTOOL_CFG_KEYGEN
+                                                 + DOT
+                                                 + "extdata.requestNotes";
+    private static final String
+        DRMTOOL_CFG_KEYGEN_REQUEST_ID = DRMTOOL_CFG_PREFIX
+                                      + DOT
+                                      + DRMTOOL_CFG_KEYGEN
+                                      + DOT
+                                      + "requestId";
 
 
     // Constants:  Target Certificate Information
@@ -541,32 +917,67 @@ public class DRMTool
     private static final String X509_INFO = "x509.INFO";
 
 
-    // Constants:  DRM LDIF Record Fields (always include trailing space)
-    private static final String CN = "cn:";
-    private static final String DATE_OF_MODIFY = "dateOfModify:";
-    private static final String EXTDATA_KEYRECORD = "extdata-keyrecord:";
-    private static final String EXTDATA_REQUESTID = "extdata-requestid:";
-    private static final String EXTDATA_REQUESTNOTES = "extdata-requestnotes:";
-    private static final String EXTDATA_REQUEST_TYPE = "extdata-requesttype:";
-    private static final String EXTDATA_SERIALNUMBER = "extdata-serialnumber:";
-    private static final String PRIVATE_KEY_DATA = "privateKeyData::";
-    private static final String REQUESTID = "requestId:";
-    private static final String SERIALNO = "serialno:";
+    // Constants:  DRM LDIF Record Fields (always include trailing delimiters)
+    private static final String DRM_LDIF_ARCHIVED_BY = "archivedBy:";
+    private static final String DRM_LDIF_CN = "cn:";
+    private static final String DRM_LDIF_DATE_OF_MODIFY = "dateOfModify:";
+    private static final String DRM_LDIF_DN = "dn:";
+    private static final String
+        DRM_LDIF_EXTDATA_AUTH_TOKEN_USER = "extdata-auth--005ftoken;user:";
+    private static final String
+        DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN = "extdata-auth--005ftoken;userdn:";
+    private static final String
+        DRM_LDIF_EXTDATA_KEY_RECORD = "extdata-keyrecord:";
+    private static final String
+        DRM_LDIF_EXTDATA_REQUEST_ID = "extdata-requestid:";
+    private static final String
+        DRM_LDIF_EXTDATA_REQUEST_NOTES = "extdata-requestnotes:";
+    private static final String
+        DRM_LDIF_EXTDATA_REQUEST_TYPE = "extdata-requesttype:";
+    private static final String
+        DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:";
+    private static final String DRM_LDIF_PRIVATE_KEY_DATA = "privateKeyData::";
+    private static final String DRM_LDIF_REQUEST_ID = "requestId:";
+    private static final String DRM_LDIF_REQUEST_TYPE = "requestType:";
+    private static final String DRM_LDIF_SERIAL_NO = "serialno:";
 
 
     // Constants:  DRM LDIF Record Values
-    private static final String NETKEY_KEYGEN = "netkeyKeygen";
-    private static final String RECOVERY = "recovery";
-    private static final String REWRAP_MESSAGE = "REWRAPPED the existing '"
-                                               + "DES3 symmetric session key"
-                                               + "' with the '";
-    private static final String RSA_MESSAGE = "-bit RSA public key' obtained "
-                                            + "from the target storage "
-                                            + "certificate";
-    private static final String APPENDED_ID_OFFSET_MESSAGE = "APPENDED "
-                                                           + "ID OFFSET";
-    private static final String REMOVED_ID_OFFSET_MESSAGE = "REMOVED "
-                                                          + "ID OFFSET";
+    private static final int INITIAL_LDIF_RECORD_CAPACITY = 0;
+    private static final int EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH = 56;
+    private static final int PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH = 60;
+    private static final String DRM_LDIF_RECORD = "Generic";
+    private static final String DRM_LDIF_CA_KEY_RECORD = "CA";
+    private static final String DRM_LDIF_ENROLLMENT = "enrollment";
+    private static final String DRM_LDIF_KEYGEN = "netkeyKeygen";
+    private static final String DRM_LDIF_RECOVERY = "recovery";
+    private static final String DRM_LDIF_TPS_KEY_RECORD = "TPS";
+
+
+    // Constants:  DRM LDIF Record Messages
+    private static final String DRM_LDIF_REWRAP_MESSAGE = "REWRAPPED the '"
+                                                         + "existing DES3 "
+                                                         + "symmetric "
+                                                         + "session key"
+                                                         + "' with the '";
+    private static final String DRM_LDIF_RSA_MESSAGE = "-bit RSA public key' "
+                                                     + "obtained from the "
+                                                     + "target storage "
+                                                     + "certificate";
+    private static final String DRM_LDIF_USED_PWDFILE_MESSAGE =
+                                    "USED source PKI security database "
+                                  + "password file";
+    private static final String DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE =
+                                    "APPENDED ID offset";
+    private static final String DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE =
+                                    "REMOVED ID offset";
+    private static final String DRM_LDIF_SOURCE_NAME_CONTEXT_MESSAGE =
+                                    "RENAMED source DRM naming context '";
+    private static final String DRM_LDIF_TARGET_NAME_CONTEXT_MESSAGE =
+                                    "' to target DRM naming context '";
+    private static final String
+        DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE =
+            "PROCESSED requests and key records ONLY!";
 
 
     /*************/
@@ -580,15 +991,21 @@ public class DRMTool
     // Variables: Command-Line Options
     private static boolean mMandatoryFlag = false;
     private static boolean mRewrapFlag = false;
+    private static boolean mPwdfileFlag = false;
     private static boolean mAppendIdOffsetFlag = false;
     private static boolean mRemoveIdOffsetFlag = false;
+    private static boolean mDrmNamingContextsFlag = false;
+    private static boolean mProcessRequestsAndKeyRecordsOnlyFlag = false;
     private static int mMandatoryNameValuePairs = 0;
     private static int mRewrapNameValuePairs = 0;
+    private static int mPKISecurityDatabasePwdfileNameValuePairs = 0;
     private static int mAppendIdOffsetNameValuePairs = 0;
     private static int mRemoveIdOffsetNameValuePairs = 0;
+    private static int mDrmNamingContextNameValuePairs = 0;
 
 
     // Variables: Command-Line Values (Mandatory)
+    private static String mDrmtoolCfgFilename = null;
     private static String mSourceLdifFilename = null;
     private static String mTargetLdifFilename = null;
     private static String mLogFilename = null;
@@ -600,12 +1017,28 @@ public class DRMTool
     private static String mSourceStorageCertNickname = null;
     private static String mTargetStorageCertificateFilename = null;
 
+    // Variables: Command-Line Values (Rewrap Password File)
+    private static String mSourcePKISecurityDatabasePwdfile = null;
 
     // Variables: Command-Line Values (ID Offset)
     private static BigInteger mAppendIdOffset = null;
     private static BigInteger mRemoveIdOffset = null;
 
 
+    // Variables: Command-Line Values (DRM Naming Contexts)
+    private static String mSourceDrmNamingContext = null;
+    private static String mTargetDrmNamingContext = null;
+
+
+    // Variables:  DRMTOOL Config File Parameters of Interest
+    private static Hashtable drmtoolCfg = null;
+
+
+    // Variables:  DRMTOOL LDIF File Parameters of Interest
+    private static Vector record = null;
+    private static Iterator ldif_record = null;
+
+
     // Variables:  Logging
     private static boolean mDebug = false;  // set 'true' for debug messages
     private static PrintWriter logger = null;
@@ -613,7 +1046,6 @@ public class DRMTool
 
 
     // Variables:  PKCS #11 Information
-    private static CryptoToken mInternalToken = null;
     private static CryptoToken mSourceToken = null;
     private static X509Certificate mUnwrapCert = null;
     private static PrivateKey mUnwrapPrivateKey = null;
@@ -621,6 +1053,12 @@ public class DRMTool
     private static int mPublicKeySize = 0;
 
 
+    // Variables:  DRM LDIF Record Messages
+    private static String mSourcePKISecurityDatabasePwdfileMessage = null;
+    private static String mDrmNamingContextMessage = null;
+    private static String mProcessRequestsAndKeyRecordsOnlyMessage = null;
+
+
     /********************/
     /* Calendar Methods */
     /********************/
@@ -652,6 +1090,12 @@ public class DRMTool
                           + DRM_TOOL
                           + NEWLINE
                           + "        "
+                          + DRMTOOL_CFG_FILE
+                          + NEWLINE
+                          + "        "
+                          + DRMTOOL_CFG_DESCRIPTION
+                          + NEWLINE
+                          + "        "
                           + SOURCE_LDIF_FILE
                           + NEWLINE
                           + "        "
@@ -703,6 +1147,14 @@ public class DRMTool
                           + NEWLINE
                           + "        "
                           + "["
+                          + SOURCE_NSS_DB_PWDFILE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_NSS_DB_PWDFILE_DESCRIPTION
+                          + "]"
+                          + NEWLINE
+                          + "        "
+                          + "["
                           + APPEND_ID_OFFSET
                           + NEWLINE
                           + "        "
@@ -716,6 +1168,27 @@ public class DRMTool
                           + "        "
                           + REMOVE_ID_OFFSET_DESCRIPTION
                           + "]"
+                          + NEWLINE
+                          + "        "
+                          + "["
+                          + SOURCE_DRM_NAMING_CONTEXT
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_DRM_NAMING_CONTEXT_DESCRIPTION
+                          + "]"
+                          + NEWLINE
+                          + "        "
+                          + "["
+                          + TARGET_DRM_NAMING_CONTEXT
+                          + NEWLINE
+                          + "        "
+                          + TARGET_DRM_NAMING_CONTEXT_DESCRIPTION
+                          + "]"
+                          + NEWLINE
+                          + "        "
+                          + "["
+                          + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY
+                          + "]"
                           + NEWLINE );
 
         System.out.println( "Example of 'Rewrap and Append ID Offset':"
@@ -725,6 +1198,9 @@ public class DRMTool
                           + DRM_TOOL
                           + NEWLINE
                           + "        "
+                          + DRMTOOL_CFG_FILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + SOURCE_LDIF_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
@@ -746,7 +1222,19 @@ public class DRMTool
                           + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
+                          + SOURCE_NSS_DB_PWDFILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + APPEND_ID_OFFSET_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + TARGET_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY
                           + NEWLINE );
 
         System.out.println( "Example of 'Rewrap and Remove ID Offset':"
@@ -756,6 +1244,9 @@ public class DRMTool
                           + DRM_TOOL
                           + NEWLINE
                           + "        "
+                          + DRMTOOL_CFG_FILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + SOURCE_LDIF_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
@@ -777,7 +1268,19 @@ public class DRMTool
                           + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
+                          + SOURCE_NSS_DB_PWDFILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + REMOVE_ID_OFFSET_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + TARGET_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY
                           + NEWLINE );
 
         System.out.println( "Example of 'Rewrap':"
@@ -787,6 +1290,9 @@ public class DRMTool
                           + DRM_TOOL
                           + NEWLINE
                           + "        "
+                          + DRMTOOL_CFG_FILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + SOURCE_LDIF_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
@@ -806,6 +1312,18 @@ public class DRMTool
                           + NEWLINE
                           + "        "
                           + TARGET_STORAGE_CERTIFICATE_FILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_NSS_DB_PWDFILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + TARGET_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY
                           + NEWLINE );
 
         System.out.println( "Example of 'Append ID Offset':"
@@ -815,6 +1333,9 @@ public class DRMTool
                           + DRM_TOOL
                           + NEWLINE
                           + "        "
+                          + DRMTOOL_CFG_FILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + SOURCE_LDIF_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
@@ -825,6 +1346,15 @@ public class DRMTool
                           + NEWLINE
                           + "        "
                           + APPEND_ID_OFFSET_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + TARGET_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY
                           + NEWLINE );
 
         System.out.println( "Example of 'Remove ID Offset':"
@@ -834,6 +1364,9 @@ public class DRMTool
                           + DRM_TOOL
                           + NEWLINE
                           + "        "
+                          + DRMTOOL_CFG_FILE_EXAMPLE
+                          + NEWLINE
+                          + "        "
                           + SOURCE_LDIF_FILE_EXAMPLE
                           + NEWLINE
                           + "        "
@@ -844,6 +1377,15 @@ public class DRMTool
                           + NEWLINE
                           + "        "
                           + REMOVE_ID_OFFSET_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + SOURCE_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + TARGET_DRM_NAMING_CONTEXT_EXAMPLE
+                          + NEWLINE
+                          + "        "
+                          + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY
                           + NEWLINE );
     }
 
@@ -867,7 +1409,7 @@ public class DRMTool
             System.err.println( "ERROR:  Unable to open file '"
                               + logfile
                               + "' for writing: '"
-                              + eFile
+                              + eFile.toString()
                               + "'"
                               + NEWLINE );
             System.exit( 0 );
@@ -963,7 +1505,7 @@ public class DRMTool
         } catch( TokenException exToken ) {
             log( "ERROR:  Getting private key - "
                + "TokenException: '"
-               + exToken
+               + exToken.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1008,7 +1550,7 @@ public class DRMTool
                + "certificate file named '"
                + mTargetStorageCertificateFilename
                + "' exists!  FileNotFoundException: '"
-               + exWrapFileNotFound
+               + exWrapFileNotFound.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1030,7 +1572,7 @@ public class DRMTool
                + "encoded error encountered while reading '"
                + mTargetStorageCertificateFilename
                + "'!  IOException: '"
-               + exWrapReadLineIO
+               + exWrapReadLineIO.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1044,7 +1586,7 @@ public class DRMTool
                + "encoded error encountered in closing '"
                + mTargetStorageCertificateFilename
                + "'!  IOException: '"
-               + exWrapCloseIO
+               + exWrapCloseIO.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1072,7 +1614,7 @@ public class DRMTool
                + "in parsing certificate in '"
                + mTargetStorageCertificateFilename
                + "'  CertificateException: '"
-               + exWrapCertificate
+               + exWrapCertificate.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1095,7 +1637,7 @@ public class DRMTool
         } catch( InvalidKeyException exInvalidKey ) {
             log( "ERROR:  Converting X.509 public key --> RSA public key - "
                + "InvalidKeyException: '"
-               + exInvalidKey
+               + exInvalidKey.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1131,7 +1673,7 @@ public class DRMTool
             log( "ERROR:  source_pki_security_database_path='"
                + mSourcePKISecurityDatabasePath
                + "' KeyDatabaseException: '"
-               + exKey
+               + exKey.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1139,7 +1681,7 @@ public class DRMTool
             log( "ERROR:  source_pki_security_database_path='"
                + mSourcePKISecurityDatabasePath
                + "' CertDatabaseException: '"
-               + exCert
+               + exCert.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1147,7 +1689,7 @@ public class DRMTool
             log( "ERROR:  source_pki_security_database_path='"
                + mSourcePKISecurityDatabasePath
                + "' AlreadyInitializedException: '"
-               + exAlreadyInitialized
+               + exAlreadyInitialized.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1155,46 +1697,61 @@ public class DRMTool
             log( "ERROR:  source_pki_security_database_path='"
                + mSourcePKISecurityDatabasePath
                + "' GeneralSecurityException: '"
-               + exSecurity
+               + exSecurity.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         }
 
-        // Retrieve the internal token from the source database
+        // Retrieve the source storage token by its name
         try {
-            log( "Retrieving internal token from CryptoManager."
+            log( "Retrieving token from CryptoManager."
                + NEWLINE, true );
             cm = CryptoManager.getInstance();
 
-            mInternalToken = cm.getInternalKeyStorageToken();
-            if( mInternalToken == null ) {
-                return FAILURE;
-            }
-        } catch( Exception exUninitialized ) {
-            log( "ERROR:  Uninitialized CryptoManager - '"
-               + exUninitialized
-               + "'"
-               + NEWLINE, true );
-            System.exit( 0 );
-        }
-
-        // Retrieve the source storage token by its name
-        try {
             log( "Retrieving source storage token called '"
                + mSourceStorageTokenName
                + "'."
                + NEWLINE, true );
 
-            mSourceToken = cm.getTokenByName( mSourceStorageTokenName );
+            if( mSourceStorageTokenName.equals( INTERNAL_TOKEN ) ) {
+                mSourceToken = cm.getInternalKeyStorageToken();
+            } else {
+                mSourceToken = cm.getTokenByName( mSourceStorageTokenName );
+            }
+
             if( mSourceToken == null ) {
                 return FAILURE;
             }
-        } catch( NoSuchTokenException exToken ) {
-            log( "ERROR:  No source storage token named '"
-               + mSourceStorageTokenName
-               + "' exists!  NoSuchTokenException: '"
-               + exToken
+
+            if( mPwdfileFlag ) {
+                BufferedReader in = null;
+                String pwd = null;
+                Password mPwd = null;
+
+                try {
+                    in = new BufferedReader(
+                             new FileReader(
+                                 mSourcePKISecurityDatabasePwdfile ) );
+                    pwd = in.readLine();
+
+                    mPwd = new Password( pwd.toCharArray() );
+
+                    mSourceToken.login( mPwd );
+                } catch( Exception exReadPwd ) {
+                    log( "ERROR:  Failed to read the keydb password from "
+                       + "the file '"
+                       + mSourcePKISecurityDatabasePwdfile
+                       + "'.  Exception: '"
+                       + exReadPwd.toString()
+                       + "'"
+                       + NEWLINE, true );
+                    System.exit( 0 );
+                }
+            }
+        } catch( Exception exUninitialized ) {
+            log( "ERROR:  Uninitialized CryptoManager - '"
+               + exUninitialized.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1232,7 +1789,7 @@ public class DRMTool
                    + "source storage cert named '"
                    + mSourceStorageCertNickname
                    + "' exists!  ObjectNotFoundException: '"
-                   + exUnwrapObjectNotFound
+                   + exUnwrapObjectNotFound.toString()
                    + "'"
                    + NEWLINE, true );
             } else {
@@ -1253,7 +1810,7 @@ public class DRMTool
                    + "source storage cert named '"
                    + mSourceStorageCertNickname
                    + "' exists!  TokenException: '"
-                   + exUnwrapToken
+                   + exUnwrapToken.toString()
                    + "'"
                    + NEWLINE, true );
             } else {
@@ -1317,7 +1874,7 @@ public class DRMTool
                + "public key from target storage certificate stored in '"
                + mTargetStorageCertificateFilename
                + "' InvalidKeyFormatException '"
-               + exInvalidPublicKey
+               + exInvalidPublicKey.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1394,42 +1951,42 @@ public class DRMTool
         } catch( IOException exUnwrapIO ) {
             log( "ERROR:  Unwrapping key data - "
                + "IOException: '"
-               + exUnwrapIO
+               + exUnwrapIO.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( NoSuchAlgorithmException exUnwrapAlgorithm ) {
             log( "ERROR:  Unwrapping key data - "
                + "NoSuchAlgorithmException: '"
-               + exUnwrapAlgorithm
+               + exUnwrapAlgorithm.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( TokenException exUnwrapToken ) {
             log( "ERROR:  Unwrapping key data - "
                + "TokenException: '"
-               + exUnwrapToken
+               + exUnwrapToken.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( InvalidKeyException exUnwrapInvalidKey ) {
             log( "ERROR:  Unwrapping key data - "
                + "InvalidKeyException: '"
-               + exUnwrapInvalidKey
+               + exUnwrapInvalidKey.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( InvalidAlgorithmParameterException exUnwrapInvalidAlgorithm ) {
             log( "ERROR:  Unwrapping key data - "
                + "InvalidAlgorithmParameterException: '"
-               + exUnwrapInvalidAlgorithm
+               + exUnwrapInvalidAlgorithm.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( IllegalStateException exUnwrapState ) {
             log( "ERROR:  Unwrapping key data - "
                + "InvalidStateException: '"
-               + exUnwrapState
+               + exUnwrapState.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1439,8 +1996,8 @@ public class DRMTool
         // mStorageUnit.encryptInternalPrivate( byte priKey[] )
         // throws EBaseException
         try {
-            // Use "mInternalToken" to get "KeyWrapAlgorithm.RSA"
-            target_rsaWrap = mInternalToken.getKeyWrapper(
+            // Use "mSourceToken" to get "KeyWrapAlgorithm.RSA"
+            target_rsaWrap = mSourceToken.getKeyWrapper(
                                  KeyWrapAlgorithm.RSA );
             target_rsaWrap.initWrap( mWrapPublicKey, null );
             target_session = target_rsaWrap.wrap( sk );
@@ -1456,42 +2013,42 @@ public class DRMTool
         } catch( NoSuchAlgorithmException exWrapAlgorithm ) {
             log( "ERROR:  Wrapping key data - "
                + "NoSuchAlgorithmException: '"
-               + exWrapAlgorithm
+               + exWrapAlgorithm.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( TokenException exWrapToken ) {
             log( "ERROR:  Wrapping key data - "
                + "TokenException: '"
-               + exWrapToken
+               + exWrapToken.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( InvalidKeyException exWrapInvalidKey ) {
             log( "ERROR:  Wrapping key data - "
                + "InvalidKeyException: '"
-               + exWrapInvalidKey
+               + exWrapInvalidKey.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( InvalidAlgorithmParameterException exWrapInvalidAlgorithm ) {
             log( "ERROR:  Wrapping key data - "
                + "InvalidAlgorithmParameterException: '"
-               + exWrapInvalidAlgorithm
+               + exWrapInvalidAlgorithm.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( IllegalStateException exWrapState ) {
             log( "ERROR:  Wrapping key data - "
                + "InvalidStateException: '"
-               + exWrapState
+               + exWrapState.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
         } catch( IOException exWrapIO ) {
             log( "ERROR:  Wrapping key data - "
                + "IOException: '"
-               + exWrapIO
+               + exWrapIO.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1506,8 +2063,8 @@ public class DRMTool
      * from the passed in string.
      * 

      *
-     * @param data consisting of an ASCII BASE 64 string containing EOLs
-     * @return a string consisting of an ASCII BASE 64 string with no EOLs
+     * @param data consisting of a string containing EOLs
+     * @return a string consisting of a string with no EOLs
      */
     private static String stripEOL( String data ) {
         StringBuffer buffer = new StringBuffer();
@@ -1527,21 +2084,22 @@ public class DRMTool
 
 
     /**
-     * Helper method used to format the unformatted string containing an
-     * ASCII BASE 64 string into an ASCII BASE 64 string suitable as an
-     * entry for an LDIF file.
+     * Helper method used to format a string containing unformatted data
+     * into a string containing formatted data suitable as an entry for
+     * an LDIF file.
      * 

      *
-     * @param an unformatted string containing an ASCII BASE 64 string
-     * @return formatted data consisting of an ASCII BASE 64 string
+     * @param length the length of the first line of data
+     * @param data a string containing unformatted data
+     * @return formatted data consisting of data formatted for an LDIF record
      * suitable for an LDIF file
      */
-    private static String format_ldif_data( String data ) {
+    private static String format_ldif_data( int length, String data ) {
         String revised_data = "";
 
-        if( data.length() > 60 ) {
+        if( data.length() > length ) {
             // process first line
-            for( int i = 0; i < 60; i++ ) {
+            for( int i = 0; i < length; i++ ) {
                 revised_data += data.charAt( i );
             }
 
@@ -1550,7 +2108,7 @@ public class DRMTool
 
             // process remaining lines
             int j = 0;
-            for( int i = 60; i < data.length(); i++ ) {
+            for( int i = length; i < data.length(); i++ ) {
                 if( j == 0 ) {
                     revised_data += ' ';
                 }
@@ -1649,12 +2207,12 @@ public class DRMTool
      * An "attribute" consists of one of the following values:
      *
      * 
-     *     CN = "cn:";
-     *     EXTDATA_KEYRECORD = "extdata-keyrecord:";
-     *     EXTDATA_REQUESTID = "extdata-requestid:";
-     *     EXTDATA_SERIALNUMBER = "extdata-serialnumber:";
-     *     REQUESTID = "requestId:";
-     *     SERIALNO = "serialno:";
+     *     DRM_LDIF_CN = "cn:";
+     *     DRM_LDIF_EXTDATA_KEY_RECORD = "extdata-keyrecord:";
+     *     DRM_LDIF_EXTDATA_REQUEST_ID = "extdata-requestid:";
+     *     DRM_LDIF_EXTDATA_SERIAL_NUMBER = "extdata-serialnumber:";
+     *     DRM_LDIF_REQUEST_ID = "requestId:";
+     *     DRM_LDIF_SERIAL_NO = "serialno:";
      *
      *
      *     NOTE:  Indexed data means that the numeric data
@@ -1781,7 +2339,7 @@ public class DRMTool
             log( "ERROR:  source_line='"
                + source_line
                + "' IndexOutOfBoundsException: '"
-               + exBounds
+               + exBounds.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1789,7 +2347,7 @@ public class DRMTool
             log( "ERROR:  data='"
                + data
                + "' PatternSyntaxException: '"
-               + exPattern
+               + exPattern.toString()
                + "'"
                + NEWLINE, true );
             System.exit( 0 );
@@ -1804,210 +2362,1362 @@ public class DRMTool
     /***********************/
 
     /**
-     * This method performs the actual parsing of the "source" LDIF file
-     * and produces the "target" LDIF file.
+     * Helper method which composes the output line for DRM_LDIF_CN.
      * 

      *
-     * @return true if the "target" LDIF file is successfully created
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
      */
-    private static boolean convert_source_ldif_to_target_ldif() {
-        boolean success = false;
-        BufferedReader reader = null;
-        PrintWriter writer = null;
-        String line = null;
-        String previous_line = null;
-        String revised_line = null;
-        String data = null;
-        String revised_data = null;
-        String unformatted_data = null;
-        String formatted_data = null;
-        byte source_wrappedKeyData[] = null;
-        byte target_wrappedKeyData[] = null;
-
-        if( mRewrapFlag ) {
-            success = obtain_RSA_rewrapping_keys();
-            if( !success ) {
-                return FAILURE;
+    private static String output_cn( String record_type,
+                                     String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_CN ) ) {
+                output = compose_numeric_line( DRM_LDIF_CN,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_CN ) ) {
+                output = compose_numeric_line( DRM_LDIF_CN,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_CN ) ) {
+                output = compose_numeric_line( DRM_LDIF_CN,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_CN ) ) {
+                output = compose_numeric_line( DRM_LDIF_CN,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_CN ) ) {
+                output = compose_numeric_line( DRM_LDIF_CN,
+                                               line,
+                                               false );
+            } else {
+                output = line;
             }
+        } else if( record_type.equals( DRM_LDIF_RECORD ) ) {
+            // Non-Request / Non-Key Record:
+            //     Pass through the original
+            //     'cn' line UNCHANGED
+            //     so that it is ALWAYS written
+            output = line;
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_CN
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
         }
 
-        // Process each line in the source LDIF file
-        // and store it in the target LDIF file
-        try {
-            // Open source LDIF file for reading
-            reader = new BufferedReader(
-                         new FileReader( mSourceLdifFilename ) );
+        return output;
+    }
 
-            // Open target LDIF file for writing
-            writer = new PrintWriter(
-                         new BufferedWriter(
-                             new FileWriter( mTargetLdifFilename ) ) );
 
-            System.out.print( "PROCESSING: " );
-            while( ( line = reader.readLine() ) != null ) {
-                if( line.startsWith( CN ) ) {
-                    revised_line = compose_numeric_line( CN,
-                                                         line,
-                                                         false );
-                } else if( line.startsWith( DATE_OF_MODIFY ) ) {
-                    // write out a new 'dateOfModify' line
-                    revised_line = DATE_OF_MODIFY + SPACE + mDateOfModify;
+    /**
+     * Helper method which composes the output line for DRM_LDIF_DATE_OF_MODIFY.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_date_of_modify( String record_type,
+                                                 String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY ) ) {
+                output = DRM_LDIF_DATE_OF_MODIFY
+                       + SPACE
+                       + mDateOfModify;
+
+                log( "Changed '"
+                   + line
+                   + "' to '"
+                   + output
+                   + "'."
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY ) ) {
+                output = DRM_LDIF_DATE_OF_MODIFY
+                       + SPACE
+                       + mDateOfModify;
+
+                log( "Changed '"
+                   + line
+                   + "' to '"
+                   + output
+                   + "'."
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY ) ) {
+                output = DRM_LDIF_DATE_OF_MODIFY
+                       + SPACE
+                       + mDateOfModify;
+
+                log( "Changed '"
+                   + line
+                   + "' to '"
+                   + output
+                   + "'."
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY ) ) {
+                output = DRM_LDIF_DATE_OF_MODIFY
+                       + SPACE
+                       + mDateOfModify;
+
+                log( "Changed '"
+                   + line
+                   + "' to '"
+                   + output
+                   + "'."
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY ) ) {
+                output = DRM_LDIF_DATE_OF_MODIFY
+                       + SPACE
+                       + mDateOfModify;
+
+                log( "Changed '"
+                   + line
+                   + "' to '"
+                   + output
+                   + "'."
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_DATE_OF_MODIFY
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for DRM_LDIF_DN.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_dn( String record_type,
+                                     String line ) {
+        String data = null;
+        String output = null;
+
+        try {
+            if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+                if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_DN ) ) {
+                    // Since "-source_drm_naming_context", and
+                    // "-target_drm_naming_context" are OPTIONAL
+                    // parameters, ONLY process this field if both of
+                    // these options have been selected
+                    if( mDrmNamingContextsFlag ) {
+                        output = line.replace( mSourceDrmNamingContext,
+                                               mTargetDrmNamingContext );
+                    } else {
+                        output = line;
+                    }
+                } else {
+                    output = line;
+                }
+            } else if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) {
+                if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_DN ) ) {
+                    // Since "-source_drm_naming_context", and
+                    // "-target_drm_naming_context" are OPTIONAL
+                    // parameters, ONLY process this field if both of
+                    // these options have been selected
+                    if( mDrmNamingContextsFlag ) {
+                        output = line.replace( mSourceDrmNamingContext,
+                                               mTargetDrmNamingContext );
+                    } else {
+                        output = line;
+                    }
+                } else {
+                    output = line;
+                }
+            } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+                if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_DN ) ) {
+                    // Since "-source_drm_naming_context", and
+                    // "-target_drm_naming_context" are OPTIONAL
+                    // parameters, ONLY process this field if both of
+                    // these options have been selected
+                    if( mDrmNamingContextsFlag ) {
+                        output = line.replace( mSourceDrmNamingContext,
+                                               mTargetDrmNamingContext );
+                    } else {
+                        output = line;
+                    }
+                } else {
+                    output = line;
+                }
+            } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) {
+                if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_DN ) ) {
+                    // Since "-source_drm_naming_context", and
+                    // "-target_drm_naming_context" are OPTIONAL
+                    // parameters, ONLY process this field if both of
+                    // these options have been selected
+                    if( mDrmNamingContextsFlag ) {
+                        output = line.replace( mSourceDrmNamingContext,
+                                               mTargetDrmNamingContext );
+                    } else {
+                        output = line;
+                    }
+                } else {
+                    output = line;
+                }
+            } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+                if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_DN ) ) {
+                    // Since "-source_drm_naming_context", and
+                    // "-target_drm_naming_context" are OPTIONAL
+                    // parameters, ONLY process this field if both of
+                    // these options have been selected
+                    if( mDrmNamingContextsFlag ) {
+                        output = line.replace( mSourceDrmNamingContext,
+                                               mTargetDrmNamingContext );
+                    } else {
+                        output = line;
+                    }
+                } else {
+                    output = line;
+                }
+            } else if( record_type.equals( DRM_LDIF_RECORD ) ) {
+                // Non-Request / Non-Key Record:
+                //     Pass through the original
+                //     'dn' line UNCHANGED
+                //     so that it is ALWAYS written
+                output = line;
+            } else {
+                log( "ERROR:  Mismatched record field='"
+                   + DRM_LDIF_DN
+                   + "' for record type='"
+                   + record_type
+                   + "'!"
+                   + NEWLINE, true );
+            }
+        } catch( NullPointerException exNullPointerException ) {
+                log( "ERROR:  Unable to replace source DRM naming context '"
+                   + mSourceDrmNamingContext
+                   + "' with target DRM naming context '"
+                   + mTargetDrmNamingContext
+                   + "' NullPointerException: '"
+                   + exNullPointerException.toString()
+                   + "'"
+                   + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_KEY_RECORD.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_extdata_key_record( String record_type,
+                                                     String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD ) ) {
+                output = compose_numeric_line( DRM_LDIF_EXTDATA_KEY_RECORD,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD ) ) {
+                output = compose_numeric_line( DRM_LDIF_EXTDATA_KEY_RECORD,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_EXTDATA_KEY_RECORD
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_REQUEST_ID.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_extdata_request_id( String record_type,
+                                                     String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+            // ALWAYS pass-through "extdata-requestId" for
+            // DRM_LDIF_ENROLLMENT records UNCHANGED because the
+            // value in this field is associated with the issuing CA!
+            output = line;
+        } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID ) ) {
+                output = compose_numeric_line( DRM_LDIF_EXTDATA_REQUEST_ID,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID ) ) {
+                output = compose_numeric_line( DRM_LDIF_EXTDATA_REQUEST_ID,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_EXTDATA_REQUEST_ID
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_REQUEST_NOTES.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_extdata_request_notes( String record_type,
+                                                        String line ) {
+        String input = null;
+        String data = null;
+        String unformatted_data = null;
+        String output = null;
+        String next_line = null;
+
+        // extract the data
+        input = line.substring(
+                    DRM_LDIF_EXTDATA_REQUEST_NOTES.length() + 1
+                ).trim();
+
+        while( ( line = ldif_record.next() ) != null ) {
+            if( line.startsWith( SPACE ) ) {
+                // Do NOT use "trim()";
+                // remove single leading space and
+                // trailing carriage returns and newlines ONLY!
+                input += line.replaceFirst(" ","").replace('\r','\0').replace('\n','\0');
+            } else {
+                next_line = line;
+                break;
+            }
+        }
+
+        if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+            if(drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES )) {
+                // write out a revised 'extdata-requestnotes' line
+                if( mRewrapFlag && mAppendIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + SPACE
+                         + PLUS + SPACE
+                         + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mAppendIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + SPACE
+                         + PLUS + SPACE
+                         + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mRemoveIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRewrapFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mAppendIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mAppendIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRemoveIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mRemoveIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                }
+
+                // log this information
+                log( "Changed:"
+                   + NEWLINE
+                   + TIC
+                   + DRM_LDIF_EXTDATA_REQUEST_NOTES
+                   + SPACE
+                   + format_ldif_data(
+                         EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                         input )
+                   + TIC
+                   + NEWLINE
+                   + "--->"
+                   + NEWLINE
+                   + TIC
+                   + output
+                   + TIC
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) ) {
+                // write out a revised 'extdata-requestnotes' line
+                if( mRewrapFlag && mAppendIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + SPACE
+                         + PLUS + SPACE
+                         + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mAppendIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + SPACE
+                         + PLUS + SPACE
+                         + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mRemoveIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRewrapFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mAppendIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mAppendIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRemoveIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mRemoveIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                }
+
+                // log this information
+                log( "Changed:"
+                   + NEWLINE
+                   + TIC
+                   + DRM_LDIF_EXTDATA_REQUEST_NOTES
+                   + SPACE
+                   + format_ldif_data(
+                         EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                         input )
+                   + TIC
+                   + NEWLINE
+                   + "--->"
+                   + NEWLINE
+                   + TIC
+                   + output
+                   + TIC
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) ) {
+                // write out a revised 'extdata-requestnotes' line
+                if( mRewrapFlag && mAppendIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + SPACE
+                         + PLUS + SPACE
+                         + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mAppendIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + SPACE
+                         + PLUS + SPACE
+                         + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mRemoveIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRewrapFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REWRAP_MESSAGE
+                         + mPublicKeySize
+                         + DRM_LDIF_RSA_MESSAGE
+                         + mSourcePKISecurityDatabasePwdfileMessage
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mAppendIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mAppendIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                } else if( mRemoveIdOffsetFlag ) {
+                    data = input
+                         + SPACE
+                         + LEFT_BRACE
+                         + mDateOfModify
+                         + RIGHT_BRACE
+                         + COLON + SPACE
+                         + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                         + SPACE
+                         + TIC
+                         + mRemoveIdOffset.toString()
+                         + TIC
+                         + mDrmNamingContextMessage
+                         + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                    // Unformat the data
+                    unformatted_data = stripEOL( data );
+
+                    // Format the unformatted_data
+                    // to match the desired LDIF format
+                    output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                           + SPACE
+                           + format_ldif_data(
+                                 EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                 unformatted_data );
+                }
+
+                // log this information
+                log( "Changed:"
+                   + NEWLINE
+                   + TIC
+                   + DRM_LDIF_EXTDATA_REQUEST_NOTES
+                   + SPACE
+                   + format_ldif_data(
+                         EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                         input )
+                   + TIC
+                   + NEWLINE
+                   + "--->"
+                   + NEWLINE
+                   + TIC
+                   + output
+                   + TIC
+                   + NEWLINE, false );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_EXTDATA_REQUEST_NOTES
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        if( output != null ) {
+            output += NEWLINE + next_line;
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_REQUEST_NOTES.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param previous_line the string representation of the previous input line
+     * @param writer the PrintWriter used to output this new LDIF line
+     * @return the composed output line
+     */
+    private static void create_extdata_request_notes( String record_type,
+                                                      String previous_line,
+                                                      PrintWriter writer ) {
+        String data = null;
+        String unformatted_data = null;
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES ) ) {
+                if(!previous_line.startsWith( DRM_LDIF_EXTDATA_REQUEST_NOTES)) {
+                    // write out the missing 'extdata-requestnotes' line
+                    if( mRewrapFlag && mAppendIdOffsetFlag ) {
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REWRAP_MESSAGE
+                             + mPublicKeySize
+                             + DRM_LDIF_RSA_MESSAGE
+                             + mSourcePKISecurityDatabasePwdfileMessage
+                             + SPACE
+                             + PLUS + SPACE
+                             + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mAppendIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
+                    } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REWRAP_MESSAGE
+                             + mPublicKeySize
+                             + DRM_LDIF_RSA_MESSAGE
+                             + mSourcePKISecurityDatabasePwdfileMessage
+                             + SPACE
+                             + PLUS + SPACE
+                             + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mRemoveIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
+                    } else if( mRewrapFlag ) {
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REWRAP_MESSAGE
+                             + mPublicKeySize
+                             + DRM_LDIF_RSA_MESSAGE
+                             + mSourcePKISecurityDatabasePwdfileMessage
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
+                    } else if( mAppendIdOffsetFlag ) {
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mAppendIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
+                    } else if( mRemoveIdOffsetFlag ) {
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mRemoveIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
+                    }
 
                     // log this information
-                    log( "Changed '"
-                       + line
-                       + "' to '"
-                       + revised_line
-                       + "'."
+                    log( "Created:"
+                       + NEWLINE
+                       + TIC
+                       + output
+                       + TIC
                        + NEWLINE, false );
-                } else if( line.startsWith( EXTDATA_KEYRECORD ) ) {
-                    revised_line = compose_numeric_line( EXTDATA_KEYRECORD,
-                                                         line,
-                                                         false );
-                } else if( line.startsWith( EXTDATA_REQUESTID ) ) {
-                    revised_line = compose_numeric_line( EXTDATA_REQUESTID,
-                                                         line,
-                                                         false );
-                } else if( line.startsWith( EXTDATA_REQUESTNOTES ) ) {
-                    // write out a revised 'extdata-requestnotes' line
+
+                    // Write out this revised line
+                    // and flush the buffer
+                    writer.write( output + NEWLINE );
+                    writer.flush();
+                    System.out.print( "." );
+                }
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES ) ) {
+                if(!previous_line.startsWith( DRM_LDIF_EXTDATA_REQUEST_NOTES)) {
+                    // write out the missing 'extdata-requestnotes' line
                     if( mRewrapFlag && mAppendIdOffsetFlag ) {
-                        revised_line = line + SPACE
-                                     + LEFT_BRACE
-                                     + mDateOfModify
-                                     + RIGHT_BRACE
-                                     + COLON + COLON + SPACE
-                                     + REWRAP_MESSAGE
-                                     + mPublicKeySize
-                                     + RSA_MESSAGE + SPACE
-                                     + PLUS + SPACE
-                                     + APPENDED_ID_OFFSET_MESSAGE + SPACE
-                                     + TIC + mAppendIdOffset.toString() + TIC;
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REWRAP_MESSAGE
+                             + mPublicKeySize
+                             + DRM_LDIF_RSA_MESSAGE
+                             + mSourcePKISecurityDatabasePwdfileMessage
+                             + SPACE
+                             + PLUS + SPACE
+                             + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mAppendIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
                     } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
-                        revised_line = line + SPACE
-                                     + LEFT_BRACE
-                                     + mDateOfModify
-                                     + RIGHT_BRACE
-                                     + COLON + COLON + SPACE
-                                     + REWRAP_MESSAGE
-                                     + mPublicKeySize
-                                     + RSA_MESSAGE + SPACE
-                                     + PLUS + SPACE
-                                     + REMOVED_ID_OFFSET_MESSAGE + SPACE
-                                     + TIC + mRemoveIdOffset.toString() + TIC;
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REWRAP_MESSAGE
+                             + mPublicKeySize
+                             + DRM_LDIF_RSA_MESSAGE
+                             + mSourcePKISecurityDatabasePwdfileMessage
+                             + SPACE
+                             + PLUS + SPACE
+                             + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mRemoveIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
                     } else if( mRewrapFlag ) {
-                        revised_line = line + SPACE
-                                     + LEFT_BRACE
-                                     + mDateOfModify
-                                     + RIGHT_BRACE
-                                     + COLON + COLON + SPACE
-                                     + REWRAP_MESSAGE
-                                     + mPublicKeySize
-                                     + RSA_MESSAGE;
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REWRAP_MESSAGE
+                             + mPublicKeySize
+                             + DRM_LDIF_RSA_MESSAGE
+                             + mSourcePKISecurityDatabasePwdfileMessage
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
                     } else if( mAppendIdOffsetFlag ) {
-                        revised_line = line + SPACE
-                                     + LEFT_BRACE
-                                     + mDateOfModify
-                                     + RIGHT_BRACE
-                                     + COLON + COLON + SPACE
-                                     + APPENDED_ID_OFFSET_MESSAGE + SPACE
-                                     + TIC + mAppendIdOffset.toString() + TIC;
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_APPENDED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mAppendIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
                     } else if( mRemoveIdOffsetFlag ) {
-                        revised_line = line + SPACE
-                                     + LEFT_BRACE
-                                     + mDateOfModify
-                                     + RIGHT_BRACE
-                                     + COLON + COLON + SPACE
-                                     + REMOVED_ID_OFFSET_MESSAGE + SPACE
-                                     + TIC + mRemoveIdOffset.toString() + TIC;
+                        data = LEFT_BRACE
+                             + mDateOfModify
+                             + RIGHT_BRACE
+                             + COLON + SPACE
+                             + DRM_LDIF_REMOVED_ID_OFFSET_MESSAGE
+                             + SPACE
+                             + TIC
+                             + mRemoveIdOffset.toString()
+                             + TIC
+                             + mDrmNamingContextMessage
+                             + mProcessRequestsAndKeyRecordsOnlyMessage;
+
+                        // Unformat the data
+                        unformatted_data = stripEOL( data );
+
+                        // Format the unformatted_data
+                        // to match the desired LDIF format
+                        output = DRM_LDIF_EXTDATA_REQUEST_NOTES
+                               + SPACE
+                               + format_ldif_data(
+                                   EXTDATA_REQUEST_NOTES_FIRST_LINE_DATA_LENGTH,
+                                   unformatted_data );
                     }
 
                     // log this information
-                    log( "Changed '"
-                       + line
-                       + "' to '"
-                       + revised_line
-                       + "'."
+                    log( "Created:"
+                       + NEWLINE
+                       + TIC
+                       + output
+                       + TIC
                        + NEWLINE, false );
-                } else if( line.startsWith( EXTDATA_REQUEST_TYPE ) ) {
-                    if( ( line.contains( NETKEY_KEYGEN ) ||
-                          line.contains( RECOVERY ) ) &&
-                          !previous_line.startsWith( EXTDATA_REQUESTNOTES ) ) {
-                        // write out the missing 'extdata-requestnotes' line
-                        if( mRewrapFlag && mAppendIdOffsetFlag ) {
-                            revised_line = EXTDATA_REQUESTNOTES + SPACE
-                                         + LEFT_BRACE
-                                         + mDateOfModify
-                                         + RIGHT_BRACE
-                                         + COLON + COLON + SPACE
-                                         + REWRAP_MESSAGE
-                                         + mPublicKeySize
-                                         + RSA_MESSAGE + SPACE
-                                         + PLUS + SPACE
-                                         + APPENDED_ID_OFFSET_MESSAGE + SPACE
-                                         + TIC + mAppendIdOffset.toString()
-                                         + TIC;
-                        } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
-                            revised_line = EXTDATA_REQUESTNOTES + SPACE
-                                         + LEFT_BRACE
-                                         + mDateOfModify
-                                         + RIGHT_BRACE
-                                         + COLON + COLON + SPACE
-                                         + REWRAP_MESSAGE
-                                         + mPublicKeySize
-                                         + RSA_MESSAGE + SPACE
-                                         + PLUS + SPACE
-                                         + REMOVED_ID_OFFSET_MESSAGE + SPACE
-                                         + TIC + mRemoveIdOffset.toString()
-                                         + TIC;
-                        } else if( mRewrapFlag ) {
-                            revised_line = EXTDATA_REQUESTNOTES + SPACE
-                                         + LEFT_BRACE
-                                         + mDateOfModify
-                                         + RIGHT_BRACE
-                                         + COLON + COLON + SPACE
-                                         + REWRAP_MESSAGE
-                                         + mPublicKeySize
-                                         + RSA_MESSAGE;
-                        } else if( mAppendIdOffsetFlag ) {
-                            revised_line = EXTDATA_REQUESTNOTES + SPACE
-                                         + LEFT_BRACE
-                                         + mDateOfModify
-                                         + RIGHT_BRACE
-                                         + COLON + COLON + SPACE
-                                         + APPENDED_ID_OFFSET_MESSAGE + SPACE
-                                         + TIC + mAppendIdOffset.toString()
-                                         + TIC;
-                        } else if( mRemoveIdOffsetFlag ) {
-                            revised_line = EXTDATA_REQUESTNOTES + SPACE
-                                         + LEFT_BRACE
-                                         + mDateOfModify
-                                         + RIGHT_BRACE
-                                         + COLON + COLON + SPACE
-                                         + REMOVED_ID_OFFSET_MESSAGE + SPACE
-                                         + TIC + mRemoveIdOffset.toString()
-                                         + TIC;
+
+                    // Write out this revised line
+                    // and flush the buffer
+                    writer.write( output + NEWLINE );
+                    writer.flush();
+                    System.out.print( "." );
+                }
+            }
+        }
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_SERIAL_NUMBER.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_extdata_serial_number( String record_type,
+                                                        String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER ) ) {
+                output = compose_numeric_line( DRM_LDIF_EXTDATA_SERIAL_NUMBER,
+                                               line,
+                                               false );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_EXTDATA_SERIAL_NUMBER
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_PRIVATE_KEY_DATA.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_private_key_data( String record_type,
+                                                   String line ) {
+        byte source_wrappedKeyData[] = null;
+        byte target_wrappedKeyData[] = null;
+        String data = null;
+        String revised_data = null;
+        String unformatted_data = null;
+        String formatted_data = null;
+        String output = null;
+
+        try {
+            if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) {
+                if(drmtoolCfg.get(DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA)) {
+                    // Since "-source_pki_security_database_path",
+                    // "-source_storage_token_name",
+                    // "-source_storage_certificate_nickname", and
+                    // "-target_storage_certificate_file" are OPTIONAL
+                    // parameters, ONLY process this field if all of
+                    // these options have been selected
+                    if( mRewrapFlag ) {
+                        // extract the data
+                        data = line.substring(
+                                   DRM_LDIF_PRIVATE_KEY_DATA.length() + 1
+                               ).trim();
+
+                        while( ( line = ldif_record.next() ) != null ) {
+                            if( line.startsWith( SPACE ) ) {
+                                data += line.trim();
+                            } else {
+                                break;
+                            }
                         }
 
-                        // log this information
-                        log( "Created '"
-                           + revised_line
-                           + "'."
-                           + NEWLINE, false );
+                        // Decode the ASCII BASE 64 certificate
+                        // enclosed in the String() object
+                        // into a BINARY BASE 64 byte[] object
+                        source_wrappedKeyData =
+                            com.netscape.osutil.OSUtil.AtoB( data );
 
-                        // Write out this revised line and flush the buffer
-                        writer.write( revised_line + NEWLINE );
-                        writer.flush();
-                        System.out.print( "." );
+                        // rewrap the source wrapped private key data
+                        target_wrappedKeyData = rewrap_wrapped_key_data(
+                                                    source_wrappedKeyData );
+
+                        // Encode the BINARY BASE 64 byte[] object
+                        // into an ASCII BASE 64 certificate
+                        // enclosed in a String() object
+                        revised_data = com.netscape.osutil.OSUtil.BtoA(
+                                           target_wrappedKeyData );
+
+                        // Unformat the ASCII BASE 64 certificate
+                        // for the log file
+                        unformatted_data = stripEOL( revised_data );
+
+                        // Format the ASCII BASE 64 certificate
+                        // to match the desired LDIF format
+                        formatted_data = format_ldif_data(
+                            PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH,
+                            unformatted_data );
+
+                        // construct a revised 'privateKeyData' line
+                        output = DRM_LDIF_PRIVATE_KEY_DATA
+                               + SPACE
+                               + formatted_data
+                               + NEWLINE
+                               + line;
+
+                        // log this information
+                        log( "Changed 'privateKeyData' from:"
+                           + NEWLINE
+                           + TIC
+                           + data
+                           + TIC
+                           + NEWLINE
+                           + " to:"
+                           + NEWLINE
+                           + TIC
+                           + unformatted_data
+                           + TIC
+                           + NEWLINE, false );
+                    } else {
+                        output = line;
                     }
-
-                    // ALWAYS pass through the original 'extdata-requesttype'
-                    // line UNCHANGED so that it is ALWAYS written
-                    revised_line = line;
-                } else if( line.startsWith( EXTDATA_SERIALNUMBER ) ) {
-                    revised_line = compose_numeric_line( EXTDATA_SERIALNUMBER,
-                                                         line,
-                                                         false );
-                } else if( line.startsWith( PRIVATE_KEY_DATA ) ) {
+                } else {
+                    output = line;
+                }
+            } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) {
+                if(drmtoolCfg.get(DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA)){
                     // Since "-source_pki_security_database_path",
                     // "-source_storage_token_name",
                     // "-source_storage_certificate_nickname", and
@@ -2016,10 +3726,11 @@ public class DRMTool
                     // these options have been selected
                     if( mRewrapFlag ) {
                         // extract the data
-                        data = line.substring( PRIVATE_KEY_DATA.length() + 1
-                                             ).trim();
+                        data = line.substring(
+                                   DRM_LDIF_PRIVATE_KEY_DATA.length() + 1
+                               ).trim();
 
-                        while( ( line = reader.readLine() ) != null ) {
+                        while( ( line = ldif_record.next() ) != null ) {
                             if( line.startsWith( SPACE ) ) {
                                 data += line.trim();
                             } else {
@@ -2027,10 +3738,11 @@ public class DRMTool
                             }
                         }
 
-                        // Decode the ASCII BASE 64 certificate enclosed in the
-                        // String() object into a BINARY BASE 64 byte[] object
-                        source_wrappedKeyData = com.netscape.osutil.OSUtil.AtoB(
-                                                    data );
+                        // Decode the ASCII BASE 64 certificate
+                        // enclosed in the String() object
+                        // into a BINARY BASE 64 byte[] object
+                        source_wrappedKeyData =
+                            com.netscape.osutil.OSUtil.AtoB( data );
 
                         // rewrap the source wrapped private key data
                         target_wrappedKeyData = rewrap_wrapped_key_data(
@@ -2048,14 +3760,16 @@ public class DRMTool
 
                         // Format the ASCII BASE 64 certificate
                         // to match the desired LDIF format
-                        formatted_data = format_ldif_data( unformatted_data );
+                        formatted_data = format_ldif_data(
+                            PRIVATE_KEY_DATA_FIRST_LINE_DATA_LENGTH,
+                            unformatted_data );
 
                         // construct a revised 'privateKeyData' line
-                        revised_line = PRIVATE_KEY_DATA
-                                     + SPACE
-                                     + formatted_data
-                                     + NEWLINE
-                                     + line;
+                        output = DRM_LDIF_PRIVATE_KEY_DATA
+                               + SPACE
+                               + formatted_data
+                               + NEWLINE
+                               + line;
 
                         // log this information
                         log( "Changed 'privateKeyData' from:"
@@ -2071,44 +3785,581 @@ public class DRMTool
                            + TIC
                            + NEWLINE, false );
                     } else {
-                        revised_line = line;
+                        output = line;
                     }
-                } else if( line.startsWith( REQUESTID ) ) {
-                    revised_line = compose_numeric_line( REQUESTID,
-                                                         line,
-                                                         true );
-                } else if( line.startsWith( SERIALNO ) ) {
-                    revised_line = compose_numeric_line( SERIALNO,
-                                                         line,
-                                                         true );
                 } else {
-                    // Pass through line unchanged
-                    revised_line = line;
+                    output = line;
+                }
+            } else {
+                log( "ERROR:  Mismatched record field='"
+                   + DRM_LDIF_PRIVATE_KEY_DATA
+                   + "' for record type='"
+                   + record_type
+                   + "'!"
+                   + NEWLINE, true );
+            }
+        } catch( Exception exRewrap ) {
+            log( "ERROR:  Unable to rewrap BINARY BASE 64 data. "
+               + "Exception: '"
+               + exRewrap.toString()
+               + "'"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for DRM_LDIF_REQUEST_ID.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_request_id( String record_type,
+                                             String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_ENROLLMENT_REQUEST_ID ) ) {
+                output = compose_numeric_line( DRM_LDIF_REQUEST_ID,
+                                               line,
+                                               true );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_RECOVERY ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_RECOVERY_REQUEST_ID ) ) {
+                output = compose_numeric_line( DRM_LDIF_REQUEST_ID,
+                                               line,
+                                               true );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_KEYGEN ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_KEYGEN_REQUEST_ID ) ) {
+                output = compose_numeric_line( DRM_LDIF_REQUEST_ID,
+                                               line,
+                                               true );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_REQUEST_ID
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for DRM_LDIF_SERIAL_NO.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_serial_no( String record_type,
+                                            String line ) {
+        String output = null;
+
+        if( record_type.equals( DRM_LDIF_CA_KEY_RECORD ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO ) ) {
+                output = compose_numeric_line( DRM_LDIF_SERIAL_NO,
+                                               line,
+                                               true );
+            } else {
+                output = line;
+            }
+        } else if( record_type.equals( DRM_LDIF_TPS_KEY_RECORD ) ) {
+            if( drmtoolCfg.get( DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO ) ) {
+                output = compose_numeric_line( DRM_LDIF_SERIAL_NO,
+                                               line,
+                                               true );
+            } else {
+                output = line;
+            }
+        } else {
+            log( "ERROR:  Mismatched record field='"
+               + DRM_LDIF_SERIAL_NO
+               + "' for record type='"
+               + record_type
+               + "'!"
+               + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_AUTH_TOKEN_USER.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_extdata_auth_token_user( String record_type,
+                                                          String line ) {
+        String data = null;
+        String output = null;
+
+        try {
+            if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+                // Since "-source_drm_naming_context", and
+                // "-target_drm_naming_context" are OPTIONAL
+                // parameters, ONLY process this field if both of
+                // these options have been selected
+                if( mDrmNamingContextsFlag ) {
+                    output = line.replace( mSourceDrmNamingContext,
+                                           mTargetDrmNamingContext );
+                } else {
+                    output = line;
+                }
+            } else {
+                log( "ERROR:  Mismatched record field='"
+                   + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER
+                   + "' for record type='"
+                   + record_type
+                   + "'!"
+                   + NEWLINE, true );
+            }
+        } catch( NullPointerException exNullPointerException ) {
+                log( "ERROR:  Unable to replace source DRM naming context '"
+                   + mSourceDrmNamingContext
+                   + "' with target DRM naming context '"
+                   + mTargetDrmNamingContext
+                   + "' NullPointerException: '"
+                   + exNullPointerException.toString()
+                   + "'"
+                   + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * Helper method which composes the output line for
+     * DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN.
+     * 

+     *
+     * @param record_type the string representation of the input record type
+     * @param line the string representation of the input line
+     * @return the composed output line
+     */
+    private static String output_extdata_auth_token_user_dn( String record_type,
+                                                             String line ) {
+        String data = null;
+        String output = null;
+
+        try {
+            if( record_type.equals( DRM_LDIF_ENROLLMENT ) ) {
+                // Since "-source_drm_naming_context", and
+                // "-target_drm_naming_context" are OPTIONAL
+                // parameters, ONLY process this field if both of
+                // these options have been selected
+                if( mDrmNamingContextsFlag ) {
+                    output = line.replace( mSourceDrmNamingContext,
+                                           mTargetDrmNamingContext );
+                } else {
+                    output = line;
+                }
+            } else {
+                log( "ERROR:  Mismatched record field='"
+                   + DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN
+                   + "' for record type='"
+                   + record_type
+                   + "'!"
+                   + NEWLINE, true );
+            }
+        } catch( NullPointerException exNullPointerException ) {
+                log( "ERROR:  Unable to replace source DRM naming context '"
+                   + mSourceDrmNamingContext
+                   + "' with target DRM naming context '"
+                   + mTargetDrmNamingContext
+                   + "' NullPointerException: '"
+                   + exNullPointerException.toString()
+                   + "'"
+                   + NEWLINE, true );
+        }
+
+        return output;
+    }
+
+
+    /**
+     * This method performs the actual parsing of the "source" LDIF file
+     * and produces the "target" LDIF file.
+     * 

+     *
+     * @return true if the "target" LDIF file is successfully created
+     */
+    private static boolean convert_source_ldif_to_target_ldif() {
+        boolean success = false;
+        BufferedReader reader = null;
+        PrintWriter writer = null;
+        String input = null;
+        String line = null;
+        String previous_line = null;
+        String output = null;
+        String data = null;
+        String record_type = null;
+
+        if( mRewrapFlag ) {
+            success = obtain_RSA_rewrapping_keys();
+            if( !success ) {
+                return FAILURE;
+            }
+        }
+
+        // Create a vector for LDIF input
+        record = new Vector( INITIAL_LDIF_RECORD_CAPACITY );
+
+        // Process each line in the source LDIF file
+        // and store it in the target LDIF file
+        try {
+            // Open source LDIF file for reading
+            reader = new BufferedReader(
+                         new FileReader( mSourceLdifFilename ) );
+
+            // Open target LDIF file for writing
+            writer = new PrintWriter(
+                         new BufferedWriter(
+                             new FileWriter( mTargetLdifFilename ) ) );
+
+            System.out.print( "PROCESSING: " );
+            while( ( input = reader.readLine() ) != null ) {
+                // Read in a record from the source LDIF file and
+                // add this line of input into the record vector
+                success = record.add( input );
+                if( !success ) {
+                    return FAILURE;
+                }
+
+                // Check for the end of an LDIF record
+                if( !input.equals( "" ) ) {
+                    // Check to see if input line identifies the record type
+                    if( input.startsWith( DRM_LDIF_REQUEST_TYPE ) ) {
+                        // set the record type:
+                        //
+                        //     * DRM_LDIF_ENROLLMENT
+                        //     * DRM_LDIF_KEYGEN
+                        //     * DRM_LDIF_RECOVERY
+                        //
+                        record_type = input.substring(
+                                          DRM_LDIF_REQUEST_TYPE.length() + 1
+                                      ).trim();
+                        if( !record_type.equals( DRM_LDIF_ENROLLMENT ) &&
+                            !record_type.equals( DRM_LDIF_KEYGEN )     &&
+                            !record_type.equals( DRM_LDIF_RECOVERY ) ) {
+                            log( "ERROR:  Unknown LDIF record type='"
+                               + record_type
+                               + "'!"
+                               + NEWLINE, true );
+                            return FAILURE;
+                        }
+                    } else if( input.startsWith( DRM_LDIF_ARCHIVED_BY ) ) {
+                        // extract the data
+                        data = input.substring(
+                                   DRM_LDIF_ARCHIVED_BY.length() + 1
+                               ).trim();
+
+                        // set the record type:
+                        //
+                        //     * DRM_LDIF_CA_KEY_RECORD
+                        //     * DRM_LDIF_TPS_KEY_RECORD
+                        //
+                        if( data.startsWith( DRM_LDIF_TPS_KEY_RECORD ) ) {
+                            record_type = DRM_LDIF_TPS_KEY_RECORD;
+                        } else if( data.startsWith( DRM_LDIF_CA_KEY_RECORD ) ) {
+                            record_type = DRM_LDIF_CA_KEY_RECORD;
+                        } else {
+                            log( "ERROR:  Unable to determine LDIF record type "
+                               + "from data='"
+                               + data
+                               + "'!"
+                               + NEWLINE, true );
+                            return FAILURE;
+                        }
+                    }
+
+                    // continue adding input lines into this record
+                    continue;
+                }
+
+                // If record type is unset, then this record is neither
+                // an LDIF request record nor an LDIF key record; check
+                // to see if it needs to be written out to the target
+                // LDIF file or thrown away.
+                if( ( record_type == null ) &&
+                    mProcessRequestsAndKeyRecordsOnlyFlag ) {
+                    // Mark each removed record with an 'x'
+                    System.out.print( "x" );
+
+                    // log this information
+                    log( "INFO:  Throwing away an LDIF record which is "
+                       + "neither a Request nor a Key Record!"
+                       + NEWLINE, false );
+
+                    // clear this LDIF record from the record vector
+                    record.clear();
+
+                    // NOTE:  there is no need to reset the record type
+
+                    // begin adding input lines into a new record
+                    continue;
+                } else if( record_type == null ) {
+                    // Set record type to specify a "generic" LDIF record
+                    record_type = DRM_LDIF_RECORD;
                 }
 
-                // Always save a copy of this line
-                previous_line = revised_line;
+                ldif_record = record.iterator();
+
+                // Process each line of the record:
+                //   * If LDIF Record Type for this line is 'valid'
+                //     * If DRMTOOL Configuration File Parameter is 'true'
+                //       * Process this data
+                //     * Else If DRMTOOL Configuration File Parameter is 'false'
+                //       * Pass through this data unchanged
+                //   * Else If LDIF Record Type for this line is 'invalid'
+                //     * Log error and leave method returning 'false'
+                while( ldif_record.hasNext() ) {
+
+                    line = ldif_record.next();
+
+                    if( line.startsWith( DRM_LDIF_CN ) ) {
+                        output = output_cn( record_type, line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( line.startsWith( DRM_LDIF_DATE_OF_MODIFY ) ) {
+                        output = output_date_of_modify( record_type, line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( line.startsWith( DRM_LDIF_DN ) ) {
+                        output = output_dn( record_type, line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if(line.startsWith( DRM_LDIF_EXTDATA_KEY_RECORD )) {
+                        output = output_extdata_key_record( record_type,
+                                                            line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if(line.startsWith( DRM_LDIF_EXTDATA_REQUEST_ID )) {
+                        output = output_extdata_request_id( record_type,
+                                                            line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if(line.startsWith(DRM_LDIF_EXTDATA_REQUEST_NOTES)) {
+                        output = output_extdata_request_notes( record_type,
+                                                               line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if(line.startsWith(DRM_LDIF_EXTDATA_REQUEST_TYPE)) {
+                        // if one is not already present,
+                        // compose and write out the missing
+                        // 'extdata_requestnotes' line
+                        create_extdata_request_notes( record_type,
+                                                      previous_line,
+                                                      writer );
+
+                        // ALWAYS pass through the original
+                        // 'extdata-requesttype' line UNCHANGED
+                        // so that it is ALWAYS written
+                        output = line;
+                    } else if(line.startsWith(DRM_LDIF_EXTDATA_SERIAL_NUMBER)) {
+                        output = output_extdata_serial_number( record_type,
+                                                               line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( line.startsWith( DRM_LDIF_PRIVATE_KEY_DATA ) ) {
+                        output = output_private_key_data( record_type,
+                                                          line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( line.startsWith( DRM_LDIF_REQUEST_ID ) ) {
+                        output = output_request_id( record_type, line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( line.startsWith( DRM_LDIF_SERIAL_NO ) ) {
+                        output = output_serial_no( record_type, line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( previous_line != null &&
+                               previous_line.startsWith(
+                                   DRM_LDIF_EXTDATA_AUTH_TOKEN_USER ) ) {
+                        output = output_extdata_auth_token_user( record_type,
+                                                                 line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else if( previous_line != null &&
+                               previous_line.startsWith(
+                                   DRM_LDIF_EXTDATA_AUTH_TOKEN_USER_DN ) ) {
+                        output = output_extdata_auth_token_user_dn( record_type,
+                                                                    line );
+                        if( output == null ) {
+                            return FAILURE;
+                        }
+                    } else {
+                        // Pass through line unchanged
+                        output = line;
+                    }
+
+                    // Always save a copy of this line
+                    previous_line = output;
+
+                    // Always write out the output line and flush the buffer
+                    writer.write( output + NEWLINE );
+                    writer.flush();
+                    System.out.print( "." );
+                }
+                // Mark the end of the LDIF record
+                System.out.print( "!" );
 
-                // Always write out the revised line and flush the buffer
-                writer.write( revised_line + NEWLINE );
-                writer.flush();
-                System.out.print( "." );
+                // clear this LDIF record from the record vector
+                record.clear();
             }
             System.out.println( " FINISHED." + NEWLINE );
         } catch( IOException exIO ) {
             log( "ERROR:  line='"
                + line
-               + "' OR revised_line='"
-               + revised_line
+               + "' OR output='"
+               + output
                + "' IOException: '"
-               + exIO
+               + exIO.toString()
                + "'"
                + NEWLINE, true );
             return FAILURE;
-        } catch( Exception exRewrap ) {
-            log( "ERROR:  Unable to rewrap BINARY BASE 64 data. "
-               + "Exception: '"
-               + exRewrap
+        }
+
+        return SUCCESS;
+    }
+
+
+    /**************************************/
+    /* DRMTOOL Config File Parser Methods */
+    /**************************************/
+
+    /**
+     * This method performs the actual parsing of the DRMTOOL config file
+     * and initializes how the DRM Record Fields should be processed.
+     * 

+     *
+     * @return true if the DRMTOOL config file is successfully processed
+     */
+    private static boolean process_drmtool_config_file() {
+        boolean success = false;
+        BufferedReader reader = null;
+        String line = null;
+        String name_value_pair[] = null;
+        String name = null;
+        Boolean value = null;
+
+        // Process each line containing a name/value pair
+        // in the DRMTOOL config file
+        try {
+            // Open DRMTOOL config file for reading
+            reader = new BufferedReader(
+                         new FileReader( mDrmtoolCfgFilename ) );
+
+            // Create a hashtable for relevant name/value pairs
+            drmtoolCfg = new Hashtable();
+
+            System.out.print( "PROCESSING DRMTOOL CONFIG FILE: " );
+            while( ( line = reader.readLine() ) != null ) {
+                if( line.startsWith( DRMTOOL_CFG_PREFIX ) ) {
+                    // obtain "name=value" pair
+                    name_value_pair = line.split( EQUAL_SIGN );
+
+                    // obtain "name"
+                    name = name_value_pair[0];
+
+                    // compute "boolean" value
+                    if( name_value_pair[1].equals( "true" ) ) {
+                        value = Boolean.TRUE;
+                    } else {
+                        value = Boolean.FALSE;
+                    }
+
+                    // store relevant DRM LDIF fields for processing
+                    if( name.equals( DRMTOOL_CFG_ENROLLMENT_CN )
+                    ||  name.equals( DRMTOOL_CFG_ENROLLMENT_DATE_OF_MODIFY )
+                    ||  name.equals( DRMTOOL_CFG_ENROLLMENT_DN )
+                    ||  name.equals( DRMTOOL_CFG_ENROLLMENT_EXTDATA_KEY_RECORD )
+                    ||  name.equals( DRMTOOL_CFG_ENROLLMENT_EXTDATA_REQUEST_NOTES )
+                    ||  name.equals( DRMTOOL_CFG_ENROLLMENT_REQUEST_ID )
+                    ||  name.equals( DRMTOOL_CFG_CA_KEY_RECORD_CN )
+                    ||  name.equals( DRMTOOL_CFG_CA_KEY_RECORD_DATE_OF_MODIFY )
+                    ||  name.equals( DRMTOOL_CFG_CA_KEY_RECORD_DN )
+                    ||  name.equals( DRMTOOL_CFG_CA_KEY_RECORD_PRIVATE_KEY_DATA )
+                    ||  name.equals( DRMTOOL_CFG_CA_KEY_RECORD_SERIAL_NO )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_CN )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_DATE_OF_MODIFY )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_DN )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_ID )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_REQUEST_NOTES )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_EXTDATA_SERIAL_NUMBER )
+                    ||  name.equals( DRMTOOL_CFG_RECOVERY_REQUEST_ID )
+                    ||  name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_CN )
+                    ||  name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_DATE_OF_MODIFY )
+                    ||  name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_DN )
+                    ||  name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_PRIVATE_KEY_DATA )
+                    ||  name.equals( DRMTOOL_CFG_TPS_KEY_RECORD_SERIAL_NO )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_CN )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_DATE_OF_MODIFY )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_DN )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_KEY_RECORD )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_ID )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_EXTDATA_REQUEST_NOTES )
+                    ||  name.equals( DRMTOOL_CFG_KEYGEN_REQUEST_ID ) ) {
+                        drmtoolCfg.put( name, value );
+                        System.out.print( "." );
+                    }
+                }
+            }
+            System.out.println( " FINISHED." + NEWLINE );
+        } catch( FileNotFoundException exDrmtoolCfgFileNotFound ) {
+            log( "ERROR:  No DRMTOOL config file named '"
+               + mDrmtoolCfgFilename
+               + "' exists!  FileNotFoundException: '"
+               + exDrmtoolCfgFileNotFound.toString()
+               + "'"
+               + NEWLINE, true );
+            return FAILURE;
+        } catch( IOException exDrmtoolCfgIO ) {
+            log( "ERROR:  line='"
+               + line
+               + "' IOException: '"
+               + exDrmtoolCfgIO.toString()
+               + "'"
+               + NEWLINE, true );
+            return FAILURE;
+        } catch( PatternSyntaxException exDrmtoolCfgNameValuePattern ) {
+            log( "ERROR:  line='"
+               + line
+               + "' PatternSyntaxException: '"
+               + exDrmtoolCfgNameValuePattern.toString()
                + "'"
                + NEWLINE, true );
             return FAILURE;
@@ -2132,8 +4383,13 @@ public class DRMTool
         // Variables
         String append_id_offset = null;
         String remove_id_offset = null;
+        String process_drm_naming_context_fields = null;
+        String process_requests_and_key_records_only = null;
+        String use_PKI_security_database_pwdfile = null;
+        File cfgFile = null;
         File sourceFile = null;
         File sourceDBPath = null;
+        File sourceDBPwdfile = null;
         File targetStorageCertFile = null;
         File targetFile = null;
         File logFile = null;
@@ -2144,9 +4400,26 @@ public class DRMTool
 
         // Check that the correct number of arguments were
         // submitted to the program
-        if( ( args.length != ID_OFFSET_ARGS )  &&
-            ( args.length != REWRAP_ARGS )     &&
-            ( args.length != REWRAP_AND_ID_OFFSET_ARGS ) ) {
+        if( ( args.length != ID_OFFSET_ARGS )                    &&
+            ( args.length != ( ID_OFFSET_ARGS + 1 ) )            &&
+            ( args.length != ( ID_OFFSET_ARGS + 4 ) )            &&
+            ( args.length != ( ID_OFFSET_ARGS + 5 ) )            &&
+            ( args.length != REWRAP_ARGS )                       &&
+            ( args.length != ( REWRAP_ARGS + 1 ) )               &&
+            ( args.length != ( REWRAP_ARGS + 2 ) )               &&
+            ( args.length != ( REWRAP_ARGS + 3 ) )               &&
+            ( args.length != ( REWRAP_ARGS + 4 ) )               &&
+            ( args.length != ( REWRAP_ARGS + 5 ) )               &&
+            ( args.length != ( REWRAP_ARGS + 6 ) )               &&
+            ( args.length != ( REWRAP_ARGS + 7 ) )               &&
+            ( args.length != REWRAP_AND_ID_OFFSET_ARGS )         &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 1 ) ) &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 2 ) ) &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 3 ) ) &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 4 ) ) &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 5 ) ) &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 6 ) ) &&
+            ( args.length != ( REWRAP_AND_ID_OFFSET_ARGS + 7 ) ) ) {
             System.err.println( "ERROR:  Incorrect number of arguments!"
                               + NEWLINE );
             printUsage();
@@ -2155,7 +4428,10 @@ public class DRMTool
 
         // Process command-line arguments
         for( int i = 0; i < args.length;  i += 2 ) {
-            if( args[i].equals( SOURCE_LDIF_FILE ) ) {
+            if( args[i].equals( DRMTOOL_CFG_FILE ) ) {
+                mDrmtoolCfgFilename = args[i + 1];
+                mMandatoryNameValuePairs++;
+            } else if( args[i].equals( SOURCE_LDIF_FILE ) ) {
                 mSourceLdifFilename = args[i + 1];
                 mMandatoryNameValuePairs++;
             } else if( args[i].equals( TARGET_LDIF_FILE ) ) {
@@ -2176,12 +4452,25 @@ public class DRMTool
             } else if( args[i].equals( TARGET_STORAGE_CERTIFICATE_FILE ) ) {
                 mTargetStorageCertificateFilename = args[i + 1];
                 mRewrapNameValuePairs++;
+            } else if( args[i].equals( SOURCE_NSS_DB_PWDFILE ) ) {
+                mSourcePKISecurityDatabasePwdfile = args[i + 1];
+                mPKISecurityDatabasePwdfileNameValuePairs++;
             } else if( args[i].equals( APPEND_ID_OFFSET ) ) {
                 append_id_offset = args[i + 1];
                 mAppendIdOffsetNameValuePairs++;
             } else if( args[i].equals( REMOVE_ID_OFFSET ) ) {
                 remove_id_offset = args[i + 1];
                 mRemoveIdOffsetNameValuePairs++;
+            } else if( args[i].equals( SOURCE_DRM_NAMING_CONTEXT ) ) {
+                mSourceDrmNamingContext = args[i + 1];
+                mDrmNamingContextNameValuePairs++;
+            } else if( args[i].equals( TARGET_DRM_NAMING_CONTEXT ) ) {
+                mTargetDrmNamingContext = args[i + 1];
+                mDrmNamingContextNameValuePairs++;
+            } else if( args[i].equals( PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY ) )
+            {
+                mProcessRequestsAndKeyRecordsOnlyFlag = true;
+                i -= 1;
             } else {
                 System.err.println( "ERROR:  Unknown argument '"
                                   + args[i]
@@ -2195,6 +4484,8 @@ public class DRMTool
         // Verify that correct number of valid mandatory
         // arguments were submitted to the program
         if( mMandatoryNameValuePairs != MANDATORY_NAME_VALUE_PAIRS  ||
+            mDrmtoolCfgFilename == null                             ||
+            mDrmtoolCfgFilename.length() == 0                       ||
             mSourceLdifFilename == null                             ||
             mSourceLdifFilename.length() == 0                       ||
             mTargetLdifFilename == null                             ||
@@ -2206,13 +4497,29 @@ public class DRMTool
             printUsage();
             System.exit( 0 );
         } else {
+            // Check for a valid DRMTOOL config file
+            cfgFile = new File( mDrmtoolCfgFilename );
+            if( !cfgFile.exists() ||
+                !cfgFile.isFile() ||
+                ( cfgFile.length() == 0 ) ) {
+                System.err.println( "ERROR:  '"
+                                  + mDrmtoolCfgFilename
+                                  + "' does NOT exist, is NOT a file, "
+                                  + "or is empty!"
+                                  + NEWLINE );
+                printUsage();
+                System.exit( 0 );
+            }
+
             // Check for a valid source LDIF file
             sourceFile = new File( mSourceLdifFilename );
             if( !sourceFile.exists() ||
-                !sourceFile.isFile() ) {
+                !sourceFile.isFile() ||
+                ( sourceFile.length() == 0 ) ) {
                 System.err.println( "ERROR:  '"
                                   + mSourceLdifFilename
-                                  + "' does NOT exist or is NOT a file!"
+                                  + "' does NOT exist, is NOT a file, "
+                                  + "or is empty!"
                                   + NEWLINE );
                 printUsage();
                 System.exit( 0 );
@@ -2278,10 +4585,12 @@ public class DRMTool
                 targetStorageCertFile = new File(
                                             mTargetStorageCertificateFilename );
                 if( !targetStorageCertFile.exists() ||
-                    !targetStorageCertFile.isFile() ) {
+                    !targetStorageCertFile.isFile() ||
+                    ( targetStorageCertFile.length() == 0 ) ) {
                     System.err.println( "ERROR:  '"
                                       + mTargetStorageCertificateFilename
-                                      + "' does NOT exist or is NOT a file!"
+                                      + "' does NOT exist, is NOT a file, "
+                                      + "or is empty!"
                                       + NEWLINE );
                     printUsage();
                     System.exit( 0 );
@@ -2331,7 +4640,7 @@ public class DRMTool
                     System.err.println( "ERROR:  append_id_offset='"
                                       + append_id_offset
                                       + "' PatternSyntaxException: '"
-                                      + exAppendPattern
+                                      + exAppendPattern.toString()
                                       + "'"
                                       + NEWLINE );
                     System.exit( 0 );
@@ -2371,7 +4680,7 @@ public class DRMTool
                     System.err.println( "ERROR:  remove_id_offset='"
                                       + remove_id_offset
                                       + "' PatternSyntaxException: '"
-                                      + exRemovePattern
+                                      + exRemovePattern.toString()
                                       + "'"
                                       + NEWLINE );
                     System.exit( 0 );
@@ -2398,13 +4707,135 @@ public class DRMTool
             System.exit( 0 );
         }
 
+        // Check to see that if the OPTIONAL
+        // 'PKI Security Database Password File'
+        // command-line options were specified,
+        // that they are all present and accounted for
+        if( mPKISecurityDatabasePwdfileNameValuePairs > 0 ) {
+            if( mPKISecurityDatabasePwdfileNameValuePairs !=
+                PWDFILE_NAME_VALUE_PAIRS                  ||
+                mSourcePKISecurityDatabasePwdfile == null ||
+                mSourcePKISecurityDatabasePwdfile.length() == 0 ) {
+                System.err.println( "ERROR:  Missing 'Password File' "
+                                  + "arguments!"
+                                  + NEWLINE );
+                printUsage();
+                System.exit( 0 );
+            } else {
+                if( mRewrapFlag ) {
+                    // Check for a valid source PKI
+                    // security database password file
+                    sourceDBPwdfile = new
+                                      File( mSourcePKISecurityDatabasePwdfile );
+                    if( !sourceDBPwdfile.exists() ||
+                        !sourceDBPwdfile.isFile() ||
+                        ( sourceDBPwdfile.length() == 0 ) ) {
+                        System.err.println( "ERROR:  '"
+                                          + mSourcePKISecurityDatabasePwdfile
+                                          + "' does NOT exist, is NOT a file, "
+                                          + "or is empty!"
+                                          + NEWLINE );
+                        printUsage();
+                        System.exit( 0 );
+                    }
+
+                    use_PKI_security_database_pwdfile = SPACE
+                                             + SOURCE_NSS_DB_PWDFILE
+                                             + SPACE
+                                             + TIC
+                                             + mSourcePKISecurityDatabasePwdfile
+                                             + TIC;
+
+                    mSourcePKISecurityDatabasePwdfileMessage = SPACE
+                                             + PLUS
+                                             + SPACE
+                                             + DRM_LDIF_USED_PWDFILE_MESSAGE;
+
+                    // Mark the 'Password File' flag true
+                    mPwdfileFlag = true;
+                } else {
+                    System.err.println( "ERROR:  The "
+                                      + TIC
+                                      + SOURCE_NSS_DB_PWDFILE
+                                      + TIC
+                                      + " option is ONLY valid when "
+                                      + "performing rewrapping."
+                                      + NEWLINE );
+                    printUsage();
+                    System.exit( 0 );
+                }
+            }
+        } else {
+            use_PKI_security_database_pwdfile = "";
+            mSourcePKISecurityDatabasePwdfileMessage = "";
+        }
+
+        // Check to see that if the OPTIONAL 'DRM Naming Context' command-line
+        // options were specified, that they are all present and accounted for
+        if( mDrmNamingContextNameValuePairs > 0 ) {
+            if( mDrmNamingContextNameValuePairs !=
+                NAMING_CONTEXT_NAME_VALUE_PAIRS        ||
+                mSourceDrmNamingContext == null        ||
+                mSourceDrmNamingContext.length() == 0  ||
+                mTargetDrmNamingContext == null        ||
+                mTargetDrmNamingContext.length() == 0 ) {
+                System.err.println( "ERROR:  Both 'source DRM naming context' "
+                                  + "and 'target DRM naming context' "
+                                  + "options MUST be specified!"
+                                  + NEWLINE );
+                printUsage();
+                System.exit( 0 );
+            } else {
+                process_drm_naming_context_fields = SPACE
+                                                  + SOURCE_DRM_NAMING_CONTEXT
+                                                  + SPACE
+                                                  + TIC
+                                                  + mSourceDrmNamingContext
+                                                  + TIC
+                                                  + SPACE
+                                                  + TARGET_DRM_NAMING_CONTEXT
+                                                  + SPACE
+                                                  + TIC
+                                                  + mTargetDrmNamingContext
+                                                  + TIC;
+
+                mDrmNamingContextMessage = SPACE
+                                         + PLUS
+                                         + SPACE
+                                         + DRM_LDIF_SOURCE_NAME_CONTEXT_MESSAGE
+                                         + mSourceDrmNamingContext
+                                         + DRM_LDIF_TARGET_NAME_CONTEXT_MESSAGE
+                                         + mTargetDrmNamingContext
+                                         + TIC;
+
+                // Mark the 'DRM Naming Contexts' flag true
+                mDrmNamingContextsFlag = true;
+            }
+        } else {
+            process_drm_naming_context_fields = "";
+            mDrmNamingContextMessage = "";
+        }
+
+        // Check for OPTIONAL "Process Requests and Key Records ONLY" option
+        if( mProcessRequestsAndKeyRecordsOnlyFlag ) {
+            process_requests_and_key_records_only = SPACE
+                                                  + PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY;
+            mProcessRequestsAndKeyRecordsOnlyMessage = SPACE + PLUS + SPACE +
+                DRM_LDIF_PROCESS_REQUESTS_AND_KEY_RECORDS_ONLY_MESSAGE;
+        } else {
+            process_requests_and_key_records_only = "";
+            mProcessRequestsAndKeyRecordsOnlyMessage = "";
+        }
+
         // Enable logging process . . .
         open_log( mLogFilename );
 
         // Begin logging progress . . .
         if( mRewrapFlag && mAppendIdOffsetFlag ) {
-            log( "BEGIN '"
+            log( "BEGIN \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2414,17 +4845,23 @@ public class DRMTool
                + SOURCE_NSS_DB_PATH + SPACE
                + mSourcePKISecurityDatabasePath + SPACE
                + SOURCE_STORAGE_TOKEN_NAME + SPACE
-               + mSourceStorageTokenName + SPACE
+               + TIC + mSourceStorageTokenName + TIC + SPACE
                + SOURCE_STORAGE_CERT_NICKNAME + SPACE
-               + mSourceStorageCertNickname + SPACE
+               + TIC + mSourceStorageCertNickname + TIC + SPACE
                + TARGET_STORAGE_CERTIFICATE_FILE + SPACE
                + mTargetStorageCertificateFilename + SPACE
+               + use_PKI_security_database_pwdfile
                + APPEND_ID_OFFSET + SPACE
-               + append_id_offset + "' . . ."
+               + append_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\" . . ."
                + NEWLINE, true );
         } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
-            log( "BEGIN '"
+            log( "BEGIN \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2434,17 +4871,23 @@ public class DRMTool
                + SOURCE_NSS_DB_PATH + SPACE
                + mSourcePKISecurityDatabasePath + SPACE
                + SOURCE_STORAGE_TOKEN_NAME + SPACE
-               + mSourceStorageTokenName + SPACE
+               + TIC + mSourceStorageTokenName + TIC + SPACE
                + SOURCE_STORAGE_CERT_NICKNAME + SPACE
-               + mSourceStorageCertNickname + SPACE
+               + TIC + mSourceStorageCertNickname + TIC + SPACE
                + TARGET_STORAGE_CERTIFICATE_FILE + SPACE
                + mTargetStorageCertificateFilename + SPACE
+               + use_PKI_security_database_pwdfile
                + REMOVE_ID_OFFSET + SPACE
-               + remove_id_offset + "' . . ."
+               + remove_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\" . . ."
                + NEWLINE, true );
         } else if( mRewrapFlag ) {
-            log( "BEGIN '"
+            log( "BEGIN \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2454,15 +4897,21 @@ public class DRMTool
                + SOURCE_NSS_DB_PATH + SPACE
                + mSourcePKISecurityDatabasePath + SPACE
                + SOURCE_STORAGE_TOKEN_NAME + SPACE
-               + mSourceStorageTokenName + SPACE
+               + TIC + mSourceStorageTokenName + TIC + SPACE
                + SOURCE_STORAGE_CERT_NICKNAME + SPACE
-               + mSourceStorageCertNickname + SPACE
+               + TIC + mSourceStorageCertNickname + TIC + SPACE
                + TARGET_STORAGE_CERTIFICATE_FILE + SPACE
-               + mTargetStorageCertificateFilename + "' . . ."
+               + mTargetStorageCertificateFilename
+               + use_PKI_security_database_pwdfile
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\" . . ."
                + NEWLINE, true );
         } else if( mAppendIdOffsetFlag ) {
-            log( "BEGIN '"
+            log( "BEGIN \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2470,11 +4919,16 @@ public class DRMTool
                + LOG_FILE + SPACE
                + mLogFilename + SPACE
                + APPEND_ID_OFFSET + SPACE
-               + append_id_offset + "' . . ."
+               + append_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\" . . ."
                + NEWLINE, true );
         } else if( mRemoveIdOffsetFlag ) {
-            log( "BEGIN '"
+            log( "BEGIN \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2482,24 +4936,40 @@ public class DRMTool
                + LOG_FILE + SPACE
                + mLogFilename + SPACE
                + REMOVE_ID_OFFSET + SPACE
-               + remove_id_offset + "' . . ."
+               + remove_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\" . . ."
                + NEWLINE, true );
         }
 
-        // Convert the source LDIF file to a target LDIF file
-        success = convert_source_ldif_to_target_ldif();
+        // Process the DRMTOOL config file
+        success = process_drmtool_config_file();
         if( !success ) {
-            log( "FAILED converting source LDIF file --> target LDIF file!"
+            log( "FAILED processing drmtool config file!"
                + NEWLINE, true );
         } else {
-            log( "SUCCESSFULLY converted source LDIF file --> target LDIF file!"
+            log( "SUCCESSFULLY processed drmtool config file!"
                + NEWLINE, true );
+
+            // Convert the source LDIF file to a target LDIF file
+            success = convert_source_ldif_to_target_ldif();
+            if( !success ) {
+                log( "FAILED converting source LDIF file --> target LDIF file!"
+                   + NEWLINE, true );
+            } else {
+                log( "SUCCESSFULLY converted source LDIF file --> "
+                   + "target LDIF file!"
+                   + NEWLINE, true );
+            }
         }
 
         // Finish logging progress
         if( mRewrapFlag && mAppendIdOffsetFlag ) {
-            log( "FINISHED '"
+            log( "FINISHED \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2509,17 +4979,23 @@ public class DRMTool
                + SOURCE_NSS_DB_PATH + SPACE
                + mSourcePKISecurityDatabasePath + SPACE
                + SOURCE_STORAGE_TOKEN_NAME + SPACE
-               + mSourceStorageTokenName + SPACE
+               + TIC + mSourceStorageTokenName + TIC + SPACE
                + SOURCE_STORAGE_CERT_NICKNAME + SPACE
-               + mSourceStorageCertNickname + SPACE
+               + TIC + mSourceStorageCertNickname + TIC + SPACE
                + TARGET_STORAGE_CERTIFICATE_FILE + SPACE
                + mTargetStorageCertificateFilename + SPACE
+               + use_PKI_security_database_pwdfile
                + APPEND_ID_OFFSET + SPACE
-               + append_id_offset + "'."
+               + append_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\"."
                + NEWLINE, true );
         } else if( mRewrapFlag && mRemoveIdOffsetFlag ) {
-            log( "FINISHED '"
+            log( "FINISHED \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2529,17 +5005,23 @@ public class DRMTool
                + SOURCE_NSS_DB_PATH + SPACE
                + mSourcePKISecurityDatabasePath + SPACE
                + SOURCE_STORAGE_TOKEN_NAME + SPACE
-               + mSourceStorageTokenName + SPACE
+               + TIC + mSourceStorageTokenName + TIC + SPACE
                + SOURCE_STORAGE_CERT_NICKNAME + SPACE
-               + mSourceStorageCertNickname + SPACE
+               + TIC + mSourceStorageCertNickname + TIC + SPACE
                + TARGET_STORAGE_CERTIFICATE_FILE + SPACE
                + mTargetStorageCertificateFilename + SPACE
+               + use_PKI_security_database_pwdfile
                + REMOVE_ID_OFFSET + SPACE
-               + remove_id_offset + "'."
+               + remove_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\"."
                + NEWLINE, true );
         } else if( mRewrapFlag ) {
-            log( "FINISHED '"
+            log( "FINISHED \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2549,15 +5031,21 @@ public class DRMTool
                + SOURCE_NSS_DB_PATH + SPACE
                + mSourcePKISecurityDatabasePath + SPACE
                + SOURCE_STORAGE_TOKEN_NAME + SPACE
-               + mSourceStorageTokenName + SPACE
+               + TIC + mSourceStorageTokenName + TIC + SPACE
                + SOURCE_STORAGE_CERT_NICKNAME + SPACE
-               + mSourceStorageCertNickname + SPACE
+               + TIC + mSourceStorageCertNickname + TIC + SPACE
                + TARGET_STORAGE_CERTIFICATE_FILE + SPACE
-               + mTargetStorageCertificateFilename + "'."
+               + mTargetStorageCertificateFilename
+               + use_PKI_security_database_pwdfile
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\"."
                + NEWLINE, true );
         } else if( mAppendIdOffsetFlag ) {
-            log( "FINISHED '"
+            log( "FINISHED \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2565,11 +5053,16 @@ public class DRMTool
                + LOG_FILE + SPACE
                + mLogFilename + SPACE
                + APPEND_ID_OFFSET + SPACE
-               + append_id_offset + "'."
+               + append_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\"."
                + NEWLINE, true );
         } else if( mRemoveIdOffsetFlag ) {
-            log( "FINISHED '"
+            log( "FINISHED \""
                + DRM_TOOL + SPACE
+               + DRMTOOL_CFG_FILE + SPACE
+               + mDrmtoolCfgFilename + SPACE
                + SOURCE_LDIF_FILE + SPACE
                + mSourceLdifFilename + SPACE
                + TARGET_LDIF_FILE + SPACE
@@ -2577,7 +5070,10 @@ public class DRMTool
                + LOG_FILE + SPACE
                + mLogFilename + SPACE
                + REMOVE_ID_OFFSET + SPACE
-               + remove_id_offset + "'."
+               + remove_id_offset
+               + process_drm_naming_context_fields
+               + process_requests_and_key_records_only
+               + "\"."
                + NEWLINE, true );
         }
 
-- 
cgit