1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
|
.\" First parameter, NAME, should be all caps
.\" Second parameter, SECTION, should be 1-8, maybe w/ subsection
.\" other parameters are allowed: see man(7), man(1)
.TH tpsclient 1 "Jul 8, 2015" "version 10.2" "PKI TPS tpsclient test program" Dogtag Team
.\" Please adjust this date whenever revising the man page.
.\"
.\" Some roff macros, for reference:
.\" .nh disable hyphenation
.\" .hy enable hyphenation
.\" .ad l left justify
.\" .ad b justify to both left and right margins
.\" .nf disable filling
.\" .fi enable filling
.\" .br insert line break
.\" .sp <n> insert n+1 empty lines
.\" for man page specific macros, see man(7)
.SH NAME
\fBtpsclient\fR \- TPS testing tool to exercise TPS server functionality, simulating a smart card
.SH SYNOPSIS
.nf
\fBtpsclient\fR < <script-file-name>\fR
\fBtpsclient\fR
Note this tool currently works to simulate Secure Channel Protocol 01 , GP201 tokens. Support for SCP02/GP211 is planned in future versions.
.fi
.SH DESCRIPTION
.PP
The \fBtpsclient\fR command provides a way to exercise the TPS server without a hardware token, through the use of a simple script file containing commands to the \fBtpsclient\fR engine.
.PP
.SH OPTIONS
The only option is whether or not to provide a script file. Not providing the script argument will launch the program in interactive mode, though this is not recommended. The best way to interact with the TPS server is to provide a simple script file to \fBtpsclient\fR.
.SH OPERATIONS
The Operations are contained within the \fBtpsclient\fR script file. Some sample scripts are provided below.
.SH EXAMPLES
\fBtpsclient\fR
This command will simply run the program in interactive mode. Commands will have to be issued manually with this mode one by one, and thus is not recommended.
List of commands inside interactive mode:
.nf
Output> Available Operations:
Output> op=debug filename=<filename> - enable debugging
Output> op=help
Output> op=ra_enroll uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> keygen=<true|false> - Enrollment Via RA
Output> op=ra_reset_pin uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> new_pin=<new_pin> - Reset Pin Via RA
Output> op=ra_update uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> new_pin=<new_pin> - Reset Pin Via RA
Output> op=token_set <name>=<value> - Set Token Value
Output> op=token_status - Print Token Status
Output> op=var_get name=<name> - Get Value of Variable
Output> op=var_list - List All Variables
Output> op=var_set name=<name> value=<value> - Set Value to Variable
.fi
\fBtpsclient\fR < format.txt
\fBtpsclient\fR < enroll.txt
.SH format.txt contents:
.nf
# Set the host name of the TPS server
op=var_set name=ra_host value=localhost.localdomain
# Set the port where the TPS server is listening
op=var_set name=ra_port value=8080
# Set the URL on the TPS that responds to client token operation requests
op=var_set name=ra_uri value=/tps/tps
# Set the cuid number of our virtual token and some other values needed by TPS
op=token_set cuid=40906145C76224192D2B msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=1 minor_ver=1
# Set the global platform auth key for the virtual token
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
# Set the global platform mac key for the virtual token
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
# Set the global platform kek key for the virtual token
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
#Issue the actual request to format our token to the TPS server.
# Within this command we must provide the authentication userid, authentication password, and virtual token PIN value to proceed
# Also, the "extensions" consist of extra info evaluated by TPS. In this case we declare the "type" of our virtual token.
# The TPS uses the type to control the flow of the operation.
op=ra_format uid=user1 pwd=secret123 new_pin=secret123 num_threads=1 extensions=tokenType=userKey
# Exit the operation and leave the program
op=exit
.fi
.SH enroll.txt contents:
.nf
# Set the host name of the TPS server
op=var_set name=ra_host value=localhost.localdomain
# Set the port where the TPS server is listening
op=var_set name=ra_port value=8080
# Set the URL on the TPS that responds to client token operation requests
op=var_set name=ra_uri value=/tps/tps
# Set the cuid number of our virtual token and some other values needed by TPS
op=token_set cuid=40906145C76224192D2B msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=1 minor_ver=1
# Set the global platform auth key for the virtual token
op=token_set auth_key=404142434445464748494a4b4c4d4e4f
# Set the global platform mac key for the virtual token
op=token_set mac_key=404142434445464748494a4b4c4d4e4f
# Set the global platform kek key for the virtual token
op=token_set kek_key=404142434445464748494a4b4c4d4e4f
#Issue the actual request to format our token to the TPS server.
# Within this command we must provide the authentication userid, authentication password, and virtual token PIN value to proceed
# Also, the "extensions" consist of extra info evaluated by TPS. In this case we declare the "type" of our virtual token.
# The TPS uses the type to control the flow of the operation.
op=ra_enroll uid=user1 pwd=secret123 new_pin=secret123 num_threads=1 extensions=tokenType=userKey
.fi
.SH COPYRIGHT
Copyright (c) 2014 Red Hat, Inc. This is licensed under the GNU General Public License, version 2 (GPLv2). A copy of this license is available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
|