diff options
author | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-12 16:06:56 +0000 |
---|---|---|
committer | vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-01-12 16:06:56 +0000 |
commit | 8de8a1ad60d7a5942c618c604e05c3b68e8af3af (patch) | |
tree | 9bd912224224f322a708c329fff945269cd3d85c | |
parent | a3f79f73e3a3ab5fe2403db86e4f9be3b78e20f4 (diff) | |
download | pki-8de8a1ad60d7a5942c618c604e05c3b68e8af3af.tar.gz pki-8de8a1ad60d7a5942c618c604e05c3b68e8af3af.tar.xz pki-8de8a1ad60d7a5942c618c604e05c3b68e8af3af.zip |
Bugzilla BZ645895 and 658641: ECC curves and passwords with special chars
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1726 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
-rw-r--r-- | pki/base/silent/src/ca/ConfigureCA.java | 215 | ||||
-rw-r--r-- | pki/base/silent/src/drm/ConfigureDRM.java | 204 | ||||
-rw-r--r-- | pki/base/silent/src/ocsp/ConfigureOCSP.java | 2293 | ||||
-rw-r--r-- | pki/base/silent/src/ra/ConfigureRA.java | 6 | ||||
-rw-r--r-- | pki/base/silent/src/subca/ConfigureSubCA.java | 2346 | ||||
-rw-r--r-- | pki/base/silent/src/tks/ConfigureTKS.java | 2207 | ||||
-rw-r--r-- | pki/base/silent/src/tps/ConfigureTPS.java | 6 |
7 files changed, 3836 insertions, 3441 deletions
diff --git a/pki/base/silent/src/ca/ConfigureCA.java b/pki/base/silent/src/ca/ConfigureCA.java index 65b2faff..01b6c29a 100644 --- a/pki/base/silent/src/ca/ConfigureCA.java +++ b/pki/base/silent/src/ca/ConfigureCA.java @@ -52,6 +52,13 @@ public class ConfigureCA { public static Hashtable mUsedPort = new Hashtable(); + // global constants + public static final String DEFAULT_KEY_TYPE = "RSA"; + public static final String DEFAULT_KEY_SIZE = "2048"; + public static final String DEFAULT_KEY_CURVENAME = "nistp256"; + public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; + public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; + // define global variables public static HTTPClient hc = null; @@ -93,12 +100,34 @@ public class ConfigureCA { public static String base_dn = null; public static String db_name = null; - public static String key_size = null; public static String key_type = null; + public static String key_size = null; + public static String key_curvename = null; public static String key_algorithm = null; public static String signing_algorithm = null; + + public static String signing_key_type = null; + public static String signing_key_size = null; + public static String signing_key_curvename = null; public static String signing_signingalgorithm = null; + + public static String ocsp_signing_key_type = null; + public static String ocsp_signing_key_size = null; + public static String ocsp_signing_key_curvename = null; public static String ocsp_signing_signingalgorithm = null; + + public static String subsystem_key_type = null; + public static String subsystem_key_size = null; + public static String subsystem_key_curvename = null; + + public static String audit_signing_key_type = null; + public static String audit_signing_key_size = null; + public static String audit_signing_key_curvename = null; + + public static String sslserver_key_type = null; + public static String sslserver_key_size = null; + public static String sslserver_key_curvename = null; + public static String token_name = null; public static String token_pwd = null; @@ -326,7 +355,7 @@ public class ConfigureCA { hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); - String query_string_1 = "uid=" + sd_admin_name + "&pwd=" + sd_admin_password + + String query_string_1 = "uid=" + sd_admin_name + "&pwd=" + URLEncoder.encode(sd_admin_password) + "&url=" + URLEncoder.encode(subca_url) ; hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, @@ -515,32 +544,39 @@ public class ConfigureCA { String query_string = null; if (clone) { query_string = "p=10" + "&op=next" + "&xml=true" - + "&sslserver_custom_size=" + key_size + + "&sslserver_custom_size=" + sslserver_key_size + + "&sslserver_custom_curvename=" + sslserver_key_curvename + "&sslserver_choice=custom" - + "&sslserver_keytype=" + key_type - + "&choice=default" + "&keytype=" + key_type + + "&sslserver_keytype=" + sslserver_key_type + + "&choice=custom" + "&keytype=" + key_type + "&custom_size=" + key_size; } else { query_string = "p=10" + "&op=next" + "&xml=true" - + "&subsystem_custom_size=" + key_size - + "&subsystem_keytype=" + key_type + + "&subsystem_custom_size=" + subsystem_key_size + + "&subsystem_custom_curvename=" + subsystem_key_curvename + + "&subsystem_keytype=" + subsystem_key_type + "&subsystem_choice=custom" - + "&sslserver_custom_size=" + key_size - + "&sslserver_keytype=" + key_type + + "&sslserver_custom_size=" + sslserver_key_size + + "&sslserver_custom_curvename=" + sslserver_key_curvename + + "&sslserver_keytype=" + sslserver_key_type + "&sslserver_choice=custom" - + "&signing_custom_size=" + key_size - + "&signing_keytype=" + key_type + + "&signing_custom_size=" + signing_key_size + + "&signing_custom_curvename=" + signing_key_curvename + + "&signing_keytype=" + signing_key_type + "&signing_choice=custom" + "&signing_keyalgorithm=" + key_algorithm + "&signing_signingalgorithm=" + signing_signingalgorithm - + "&ocsp_signing_custom_size=" + key_size - + "&ocsp_signing_keytype=" + key_type + + "&ocsp_signing_custom_size=" + ocsp_signing_key_size + + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename + + "&ocsp_signing_keytype=" + ocsp_signing_key_type + "&ocsp_signing_choice=custom" + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm - + "&audit_signing_custom_size=" + key_size - + "&audit_signing_keytype=" + key_type + + "&audit_signing_custom_size=" + audit_signing_key_size + + "&audit_signing_custom_curvename=" + audit_signing_key_curvename + + "&audit_signing_keytype=" + audit_signing_key_type + "&audit_signing_choice=custom" + "&custom_size=" + key_size + + "&custom_curvename=" + key_curvename + "&keytype=" + key_type + "&choice=custom" + "&signingalgorithm=" + signing_algorithm @@ -876,8 +912,8 @@ public class ConfigureCA { if (save_p12.equalsIgnoreCase("true")) { String query_string = "p=13" + "&op=next" + "&xml=true" - + "&choice=backupkey" + "&__pwd=" + backup_pwd - + "&__pwdagain=" + backup_pwd + ""; + + "&choice=backupkey" + "&__pwd=" + URLEncoder.encode(backup_pwd) + + "&__pwdagain=" + URLEncoder.encode(backup_pwd); hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string); @@ -1009,8 +1045,8 @@ public class ConfigureCA { String query_string = "p=16" + "&op=next" + "&xml=true" + "&cert_request_type=" + "crmf" + "&uid=" + admin_user - + "&name=" + admin_user + "&__pwd=" + admin_password - + "&__admin_password_again=" + admin_password + "&profileId=" + + "&name=" + admin_user + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + "&profileId=" + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email) + "&cert_request=" + URLEncoder.encode(admin_cert_request) + "&subject=" + URLEncoder.encode(agent_cert_subject) @@ -1380,6 +1416,14 @@ public class ConfigureCA { return true; } + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + public static void main(String args[]) { ConfigureCA ca = new ConfigureCA(); @@ -1397,7 +1441,6 @@ public class ConfigureCA { StringHolder x_admin_password = new StringHolder(); // ldap - StringHolder x_ldap_host = new StringHolder(); StringHolder x_ldap_port = new StringHolder(); StringHolder x_bind_dn = new StringHolder(); @@ -1405,13 +1448,40 @@ public class ConfigureCA { StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); - // key size + // key properties (defaults) StringHolder x_key_size = new StringHolder(); StringHolder x_key_type = new StringHolder(); + StringHolder x_key_curvename = new StringHolder(); StringHolder x_key_algorithm = new StringHolder(); StringHolder x_signing_algorithm = new StringHolder(); + + // key properties (custom - signing) + StringHolder x_signing_key_size = new StringHolder(); + StringHolder x_signing_key_type = new StringHolder(); + StringHolder x_signing_key_curvename = new StringHolder(); StringHolder x_signing_signingalgorithm = new StringHolder(); + + // key properties (custom - ocsp_signing) + StringHolder x_ocsp_signing_key_size = new StringHolder(); + StringHolder x_ocsp_signing_key_type = new StringHolder(); + StringHolder x_ocsp_signing_key_curvename = new StringHolder(); StringHolder x_ocsp_signing_signingalgorithm = new StringHolder(); + + // key properties (custom - audit_signing) + StringHolder x_audit_signing_key_size = new StringHolder(); + StringHolder x_audit_signing_key_type = new StringHolder(); + StringHolder x_audit_signing_key_curvename = new StringHolder(); + + // key properties (custom - subsystem) + StringHolder x_subsystem_key_size = new StringHolder(); + StringHolder x_subsystem_key_type = new StringHolder(); + StringHolder x_subsystem_key_curvename = new StringHolder(); + + // key properties (custom - sslserver) + StringHolder x_sslserver_key_size = new StringHolder(); + StringHolder x_sslserver_key_type = new StringHolder(); + StringHolder x_sslserver_key_curvename = new StringHolder(); + StringHolder x_token_name = new StringHolder(); StringHolder x_token_pwd = new StringHolder(); @@ -1487,12 +1557,40 @@ public class ConfigureCA { parser.addOption("-base_dn %s #base dn", x_base_dn); parser.addOption("-db_name %s #db name", x_db_name); - parser.addOption("-key_size %s #Key Size", x_key_size); - parser.addOption("-key_type %s #Key type [RSA,ECC]", x_key_type); - parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate", x_key_algorithm); + // key and algorithm options (default) + parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); + parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); + parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); + parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm); parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm); + + // key and algorithm options for signing certificate (overrides default) + parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); + parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); + parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename); parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm); + + // key and algorithm options for ocsp_signing certificate (overrides default) + parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type); + parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size); + parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename); parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm); + + // key and algorithm options for audit_signing certificate (overrides default) + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); + parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + + // key and algorithm options for subsystem certificate (overrides default) + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + + // key and algorithm options for sslserver certificate (overrides default) + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption("-token_name %s #HSM/Software Token name", x_token_name); parser.addOption("-token_pwd %s #HSM/Software Token password (optional - only required for HSM)", x_token_pwd); @@ -1575,41 +1673,42 @@ public class ConfigureCA { base_dn = x_base_dn.value; db_name = x_db_name.value; - key_size = x_key_size.value; - key_type = x_key_type.value; - if ((x_key_algorithm.value == null) || (x_key_algorithm.equals(""))) { - key_algorithm = "SHA256withRSA"; - } else { - key_algorithm = x_key_algorithm.value; - } - - if ((x_signing_algorithm.value == null) || (x_signing_algorithm.equals(""))) { - signing_algorithm = key_algorithm; - } else { - signing_algorithm = x_signing_algorithm.value; - } - - if ((x_ocsp_signing_signingalgorithm.value == null) || (x_ocsp_signing_signingalgorithm.equals(""))) { - ocsp_signing_signingalgorithm = signing_algorithm; + key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); + signing_key_type = set_default(x_signing_key_type.value, key_type); + ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type); + audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); + subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); + sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); + + key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); + signing_key_size = set_default(x_signing_key_size.value, key_size); + ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size); + audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); + subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); + sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); + + key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); + signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename); + ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename); + audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); + subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); + sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); + + if (signing_key_type.equalsIgnoreCase("RSA")) { + key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); } else { - ocsp_signing_signingalgorithm = x_ocsp_signing_signingalgorithm.value; + key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); } - - if ((x_signing_signingalgorithm.value == null) || (x_signing_signingalgorithm.equals(""))) { - signing_signingalgorithm = signing_algorithm; - } else { - signing_signingalgorithm = x_signing_signingalgorithm.value; - } - + + signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm); + signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm); + ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm); + token_name = x_token_name.value; token_pwd = x_token_pwd.value; save_p12 = x_save_p12.value; backup_pwd = x_backup_pwd.value; - if ((x_backup_fname.value == null) || (x_backup_fname.equals(""))) { - backup_fname = "/root/tmp-ca.p12"; - } else { - backup_fname = x_backup_fname.value; - } + backup_fname = set_default(x_backup_fname.value, "/root/tmp-ca.p12"); agent_key_size = x_agent_key_size.value; agent_key_type = x_agent_key_type.value; @@ -1623,16 +1722,10 @@ public class ConfigureCA { subsystem_name = x_subsystem_name.value; - external_ca = x_external_ca.value; - if (external_ca == null) { - external_ca = "false"; - } + external_ca = set_default(x_external_ca.value, "false"); ext_ca_cert_file = x_ext_ca_cert_file.value; ext_ca_cert_chain_file = x_ext_ca_cert_chain_file.value; - ext_csr_file = x_ext_csr_file.value; - if ((ext_csr_file == null) || (ext_csr_file.equals(""))) { - ext_csr_file = "/tmp/ext_ca.csr"; - } + ext_csr_file = set_default(x_ext_csr_file.value, "/tmp/ext_ca.csr"); if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) { clone = true; diff --git a/pki/base/silent/src/drm/ConfigureDRM.java b/pki/base/silent/src/drm/ConfigureDRM.java index 96d48b16..077313dc 100644 --- a/pki/base/silent/src/drm/ConfigureDRM.java +++ b/pki/base/silent/src/drm/ConfigureDRM.java @@ -49,6 +49,13 @@ public class ConfigureDRM public static Hashtable mUsedPort = new Hashtable(); + // global constants + public static final String DEFAULT_KEY_TYPE = "RSA"; + public static final String DEFAULT_KEY_SIZE = "2048"; + public static final String DEFAULT_KEY_CURVENAME = "nistp256"; + public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; + public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; + // define global variables public static HTTPClient hc = null; @@ -96,8 +103,32 @@ public class ConfigureDRM public static String base_dn = null; public static String db_name = null; - public static String key_size = null; public static String key_type = null; + public static String key_size = null; + public static String key_curvename = null; + public static String signing_algorithm = null; + + public static String transport_key_type = null; + public static String transport_key_size = null; + public static String transport_key_curvename = null; + public static String transport_signingalgorithm = null; + + public static String storage_key_type = null; + public static String storage_key_size = null; + public static String storage_key_curvename = null; + + public static String subsystem_key_type = null; + public static String subsystem_key_size = null; + public static String subsystem_key_curvename = null; + + public static String audit_signing_key_type = null; + public static String audit_signing_key_size = null; + public static String audit_signing_key_curvename = null; + + public static String sslserver_key_type = null; + public static String sslserver_key_size = null; + public static String sslserver_key_curvename = null; + public static String token_name = null; public static String token_pwd = null; @@ -314,7 +345,7 @@ public class ConfigureDRM hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + sd_admin_password + + "&pwd=" + URLEncoder.encode(sd_admin_password) + "&url=" + URLEncoder.encode(kra_url) ; hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, @@ -449,32 +480,41 @@ public class ConfigureDRM if (!clone) { query_string = "p=8" + "&op=next" + "&xml=true" + - "&transport_custom_size=" + key_size + - "&storage_custom_size=" + key_size + - "&subsystem_custom_size=" + key_size + - "&sslserver_custom_size=" + key_size + - "&custom_size=" + key_size + + "&transport_custom_size=" + transport_key_size + + "&storage_custom_size=" + storage_key_size + + "&subsystem_custom_size=" + subsystem_key_size + + "&sslserver_custom_size=" + sslserver_key_size + "&audit_signing_custom_size=" + key_size + - "&transport_keytype=" + key_type + - "&storage_keytype=" + key_type + - "&subsystem_keytype=" + key_type + - "&sslserver_keytype=" + key_type + - "&audit_signing_keytype=" + key_type + + "&custom_size=" + key_size + + "&transport_custom_curvename=" + transport_key_curvename + + "&storage_custom_curvename=" + storage_key_curvename + + "&subsystem_custom_curvename=" + subsystem_key_curvename + + "&sslserver_custom_curvename=" + sslserver_key_curvename + + "&audit_signing_custom_curvename=" + audit_signing_key_curvename + + "&custom_curvename=" + key_curvename + + "&transport_keytype=" + transport_key_type + + "&storage_keytype=" + storage_key_type + + "&subsystem_keytype=" + subsystem_key_type + + "&sslserver_keytype=" + sslserver_key_type + + "&audit_signing_keytype=" + audit_signing_key_type + "&keytype=" + key_type + - "&transport_choice=default"+ - "&storage_choice=default"+ - "&subsystem_choice=default"+ - "&sslserver_choice=default"+ - "&choice=default"+ - "&audit_signing_choice=default"; + "&transport_choice=custom"+ + "&storage_choice=custom"+ + "&subsystem_choice=custom"+ + "&sslserver_choice=custom"+ + "&choice=custom"+ + "&audit_signing_choice=custom" + + "&signingalgorithm=" + signing_algorithm + + "&transport_signingalgorithm=" + transport_signingalgorithm; + } else { query_string = "p=8" + "&op=next" + "&xml=true" + - "&sslserver_custom_size=" + key_size + - "&sslserver_keytype=" + key_type + - "&sslserver_choice=default" + + "&sslserver_custom_size=" + sslserver_key_size + + "&sslserver_keytype=" + sslserver_key_type + + "&sslserver_choice=custom" + "&custom_size=" + key_size + "&keytype=" + key_type + - "&choice=default"; + "&choice=custom"; } hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); @@ -638,8 +678,8 @@ public class ConfigureDRM String query_string = "p=11" + "&op=next" + "&xml=true" + "&choice=backupkey" + - "&__pwd=" + backup_pwd + - "&__pwdagain=" + backup_pwd; + "&__pwd=" + URLEncoder.encode(backup_pwd) + + "&__pwdagain=" + URLEncoder.encode(backup_pwd); hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); @@ -745,8 +785,8 @@ public class ConfigureDRM "&cert_request_type=" + "crmf" + "&uid=" + admin_user + "&name=" + admin_user + - "&__pwd=" + admin_password + - "&__admin_password_again=" + admin_password + + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + "&profileId=" + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email) + @@ -985,6 +1025,14 @@ public class ConfigureDRM return true; } + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + public static void main(String args[]) { ConfigureDRM ca = new ConfigureDRM(); @@ -1022,9 +1070,38 @@ public class ConfigureDRM StringHolder x_base_dn = new StringHolder(); StringHolder x_db_name = new StringHolder(); - // key size + // key properties (defaults) StringHolder x_key_size = new StringHolder(); StringHolder x_key_type = new StringHolder(); + StringHolder x_key_curvename = new StringHolder(); + StringHolder x_signing_algorithm = new StringHolder(); + + // key properties (custom - transport) + StringHolder x_transport_key_size = new StringHolder(); + StringHolder x_transport_key_type = new StringHolder(); + StringHolder x_transport_key_curvename = new StringHolder(); + StringHolder x_transport_signingalgorithm = new StringHolder(); + + // key properties (custom - storage) + StringHolder x_storage_key_size = new StringHolder(); + StringHolder x_storage_key_type = new StringHolder(); + StringHolder x_storage_key_curvename = new StringHolder(); + + // key properties (custom - audit_signing) + StringHolder x_audit_signing_key_size = new StringHolder(); + StringHolder x_audit_signing_key_type = new StringHolder(); + StringHolder x_audit_signing_key_curvename = new StringHolder(); + + // key properties (custom - subsystem) + StringHolder x_subsystem_key_size = new StringHolder(); + StringHolder x_subsystem_key_type = new StringHolder(); + StringHolder x_subsystem_key_curvename = new StringHolder(); + + // key properties (custom - sslserver) + StringHolder x_sslserver_key_size = new StringHolder(); + StringHolder x_sslserver_key_type = new StringHolder(); + StringHolder x_sslserver_key_curvename = new StringHolder(); + StringHolder x_token_name = new StringHolder(); StringHolder x_token_pwd = new StringHolder(); @@ -1110,10 +1187,38 @@ public class ConfigureDRM parser.addOption ("-db_name %s #db name", x_db_name); - parser.addOption ("-key_size %s #Key Size", - x_key_size); - parser.addOption ("-key_type %s #Key type [RSA,ECC]", - x_key_type); + // key and algorithm options (default) + parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); + parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); + parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); + parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm); + + // key and algorithm options for transport certificate (overrides default) + parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_transport_key_type); + parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", x_transport_key_size); + parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_transport_key_curvename); + parser.addOption("-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", x_transport_signingalgorithm); + + // key and algorithm options for storage certificate (overrides default) + parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type); + parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size); + parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_storage_key_curvename); + + // key and algorithm options for audit_signing certificate (overrides default) + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); + parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + + // key and algorithm options for subsystem certificate (overrides default) + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + + // key and algorithm options for sslserver certificate (overrides default) + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + parser.addOption ("-token_name %s #HSM/Software Token name", x_token_name); parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", @@ -1201,8 +1306,35 @@ public class ConfigureDRM base_dn = x_base_dn.value; db_name = x_db_name.value; - key_size = x_key_size.value; - key_type = x_key_type.value; + key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); + transport_key_type = set_default(x_transport_key_type.value, key_type); + storage_key_type = set_default(x_storage_key_type.value, key_type); + audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); + subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); + sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); + + key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); + transport_key_size = set_default(x_transport_key_size.value, key_size); + storage_key_size = set_default(x_storage_key_size.value, key_size); + audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); + subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); + sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); + + key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); + transport_key_curvename = set_default(x_transport_key_curvename.value, key_curvename); + storage_key_curvename = set_default(x_storage_key_curvename.value, key_curvename); + audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); + subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); + sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); + + if (transport_key_type.equalsIgnoreCase("RSA")) { + signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); + } else { + signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); + } + + transport_signingalgorithm = set_default(x_transport_signingalgorithm.value, signing_algorithm); + token_name = x_token_name.value; token_pwd = x_token_pwd.value; @@ -1211,11 +1343,7 @@ public class ConfigureDRM agent_cert_subject = x_agent_cert_subject.value; backup_pwd = x_backup_pwd.value; - if ((x_backup_fname.value == null) || (x_backup_fname.equals(""))) { - backup_fname = "/root/tmp-kra.p12"; - } else { - backup_fname = x_backup_fname.value; - } + backup_fname = set_default(x_backup_fname.value, "/root/tmp-kra.p12"); drm_transport_cert_subject_name = x_drm_transport_cert_subject_name.value ; diff --git a/pki/base/silent/src/ocsp/ConfigureOCSP.java b/pki/base/silent/src/ocsp/ConfigureOCSP.java index dc05d8a6..35f0fc01 100644 --- a/pki/base/silent/src/ocsp/ConfigureOCSP.java +++ b/pki/base/silent/src/ocsp/ConfigureOCSP.java @@ -46,1127 +46,1186 @@ import com.netscape.osutil.*; public class ConfigureOCSP { - - public static Hashtable mUsedPort = new Hashtable(); - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/ocsp/admin/console/config/login"; - public static String wizard_uri = "/ocsp/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/ocsp/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - - public static String key_size = null; - public static String key_type = null; - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String ocsp_signing_cert_name = null; - public static String ocsp_signing_cert_req = null; - public static String ocsp_signing_cert_pp = null; - public static String ocsp_signing_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String ocsp_subsystem_cert_name = null; - public static String ocsp_subsystem_cert_req = null; - public static String ocsp_subsystem_cert_pp = null; - public static String ocsp_subsystem_cert_cert = null; - - public static String ocsp_audit_signing_cert_name = null; - public static String ocsp_audit_signing_cert_req = null; - public static String ocsp_audit_signing_cert_pp = null; - public static String ocsp_audit_signing_cert_cert = null; - - - public static String backup_pwd = null; - public static String backup_fname = null; - - // cert subject names - public static String ocsp_sign_cert_subject_name = null; - public static String ocsp_subsystem_cert_subject_name = null; - public static String ocsp_server_cert_subject_name = null; - public static String ocsp_audit_signing_cert_subject_name = null; - - public static String subsystem_name = null; - public ConfigureOCSP () - { - // do nothing :) - } - - public void sleep_time() - { - try - { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } - catch(Exception e) - { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if(temp!=null) - { - int index = temp.indexOf(";"); - hc.j_session_id = temp.substring(0,index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = null; - - // Software Token - if(token_name.equalsIgnoreCase("internal")) - { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token") + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else - { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name) + - "&__uPasswd=" + - URLEncoder.encode(token_pwd) + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name) + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - return true; - } - - public boolean DomainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url) + - "&choice=existingdomain"+ - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String query_string = null; - - query_string = "p=4" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SecurityDomainLoginPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String ocsp_url = "https://" + cs_hostname + ":" + cs_port + - "/ocsp/admin/console/config/wizard" + - "?p=5&subsystem=OCSP" ; - - String query_string = "url=" + URLEncoder.encode(ocsp_url); - - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + sd_admin_password + - "&url=" + URLEncoder.encode(ocsp_url) ; - - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String ocsp_session_id = hr.getContentValue("header.session_id"); - String ocsp_url_1 = hr.getContentValue("header.url"); - - System.out.println("OCSP_SESSION_ID=" + ocsp_session_id ); - System.out.println("OCSP_URL=" + ocsp_url_1 ); - - // use session id to connect back to OCSP - - String query_string_2 = "p=5" + - "&subsystem=OCSP" + - "&session_id=" + ocsp_session_id + - "&xml=true" ; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - query_string_2); - - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SubsystemPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=5" + "&op=next" + "&xml=true" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name) + - "&choice=newsubsystem" ; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean LdapConnectionPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=7" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host) + - "&port=" + URLEncoder.encode(ldap_port) + - "&binddn=" + URLEncoder.encode(bind_dn) + - "&__bindpwd=" + URLEncoder.encode(bind_password) + - "&basedn=" + URLEncoder.encode(base_dn) + - "&database=" + URLEncoder.encode(db_name) + - "&display=" + URLEncoder.encode("$displayStr") + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList al = null; - - - String query_string = "p=8" + "&op=next" + "&xml=true" + - "&signing_custom_size=" + key_size + - "&subsystem_custom_size=" + key_size + - "&sslserver_custom_size=" + key_size + - "&audit_signing_custom_size=" + key_size + - "&custom_size=" + key_size + - "&signing_keytype=" + key_type + - "&subsystem_keytype=" + key_type + - "&sslserver_keytype=" + key_type + - "&audit_signing_keytype=" + key_type + - "&keytype=" + key_type + - "&signing_choice=default"+ - "&subsystem_choice=default"+ - "&sslserver_choice=default"+ - "&audit_signing_choice=default" + - "&choice=default"+ - ""; - - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructvaluelist("CertReqPair","DN"); - // get ca cert subject name - if(al != null) - { - for (int i=0; i < al.size(); i++) - { - String temp = (String) al.get(i); - if(temp.indexOf("OCSP Signing") > 0 ) - { - ocsp_signing_cert_name = temp; - } - else if(temp.indexOf("OCSP Subsystem") > 0 ) - { - ocsp_subsystem_cert_name = temp; - } - else if (temp.indexOf("Audit Signing Certificate") > 0) { - ocsp_audit_signing_cert_name = temp; - } - else - { - server_cert_name = temp; - } - } - } - - System.out.println("default: ocsp_signing_cert_name=" + ocsp_signing_cert_name); - System.out.println("default: ocsp_subsystem_cert_name=" + ocsp_subsystem_cert_name); - System.out.println("default: server_cert_name=" + server_cert_name); + public static Hashtable mUsedPort = new Hashtable(); + + public static final String DEFAULT_KEY_TYPE = "RSA"; + public static final String DEFAULT_KEY_SIZE = "2048"; + public static final String DEFAULT_KEY_CURVENAME = "nistp256"; + public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; + public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; + + // define global variables + + public static HTTPClient hc = null; + + public static String login_uri = "/ocsp/admin/console/config/login"; + public static String wizard_uri = "/ocsp/admin/console/config/wizard"; + public static String admin_uri = "/ca/admin/ca/getBySerial"; + + public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; + public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; + public static String pkcs12_uri = "/ocsp/admin/console/config/savepkcs12"; + + public static String cs_hostname = null; + public static String cs_port = null; + + public static String sd_hostname = null; + public static String sd_ssl_port = null; + public static String sd_agent_port = null; + public static String sd_admin_port = null; + public static String sd_admin_name = null; + public static String sd_admin_password = null; + + public static String ca_hostname = null; + public static String ca_port = null; + public static String ca_ssl_port = null; + + public static String client_certdb_dir = null; + public static String client_certdb_pwd = null; + + // Login Panel + public static String pin = null; + + public static String domain_name = null; + + public static String admin_user = null; + public static String admin_email = null; + public static String admin_password = null; + public static String admin_serial_number = null; + public static String agent_name = null; + + public static String ldap_host = null; + public static String ldap_port = null; + public static String bind_dn = null; + public static String bind_password = null; + public static String base_dn = null; + public static String db_name = null; + + public static String key_type = null; + public static String key_size = null; + public static String key_curvename = null; + public static String signing_algorithm = null; + + public static String signing_key_type = null; + public static String signing_key_size = null; + public static String signing_key_curvename = null; + public static String signing_signingalgorithm = null; + + public static String subsystem_key_type = null; + public static String subsystem_key_size = null; + public static String subsystem_key_curvename = null; + + public static String audit_signing_key_type = null; + public static String audit_signing_key_size = null; + public static String audit_signing_key_curvename = null; + + public static String sslserver_key_type = null; + public static String sslserver_key_size = null; + public static String sslserver_key_curvename = null; + + public static String token_name = null; + public static String token_pwd = null; + + public static String agent_key_size = null; + public static String agent_key_type = null; + public static String agent_cert_subject = null; + + public static String ocsp_signing_cert_name = null; + public static String ocsp_signing_cert_req = null; + public static String ocsp_signing_cert_pp = null; + public static String ocsp_signing_cert_cert = null; + + public static String server_cert_name = null; + public static String server_cert_req = null; + public static String server_cert_pp = null; + public static String server_cert_cert = null; + + public static String ocsp_subsystem_cert_name = null; + public static String ocsp_subsystem_cert_req = null; + public static String ocsp_subsystem_cert_pp = null; + public static String ocsp_subsystem_cert_cert = null; + + public static String ocsp_audit_signing_cert_name = null; + public static String ocsp_audit_signing_cert_req = null; + public static String ocsp_audit_signing_cert_pp = null; + public static String ocsp_audit_signing_cert_cert = null; + + public static String backup_pwd = null; + public static String backup_fname = null; + + // cert subject names + public static String ocsp_sign_cert_subject_name = null; + public static String ocsp_subsystem_cert_subject_name = null; + public static String ocsp_server_cert_subject_name = null; + public static String ocsp_audit_signing_cert_subject_name = null; + + public static String subsystem_name = null; + public ConfigureOCSP () + { + // do nothing :) + } + + public void sleep_time() + { + try + { + System.out.println("Sleeping for 5 secs.."); + Thread.sleep(5000); + } + catch(Exception e) + { + System.out.println("ERROR: sleep problem"); + } + + } + + public boolean LoginPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "pin=" + pin + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); + System.out.println("xml returned: " + hr.getHTML()); + + // parse xml here - nothing to parse + + // get cookie + String temp = hr.getCookieValue("JSESSIONID"); + + if (temp!=null) { + int index = temp.indexOf(";"); + hc.j_session_id = temp.substring(0,index); + st = true; + } + + hr = null; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, + "p=0&op=next&xml=true"); + + // parse xml here + + bais = new ByteArrayInputStream( + hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return st; + } + + public boolean TokenChoicePanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = null; + + // Software Token + if (token_name.equalsIgnoreCase("internal")) { + query_string = "p=1" + "&op=next" + "&xml=true" + + "&choice=" + + URLEncoder.encode("Internal Key Storage Token") + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + } + // HSM + else { + // login to hsm first + query_string = "p=2" + "&op=next" + "&xml=true" + + "&uTokName=" + + URLEncoder.encode(token_name) + + "&__uPasswd=" + + URLEncoder.encode(token_pwd) + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + // choice with token name now + query_string = "p=1" + "&op=next" + "&xml=true" + + "&choice=" + + URLEncoder.encode(token_name) + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + } + return true; + } + + public boolean DomainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; + + String query_string = "sdomainURL=" + + URLEncoder.encode(domain_url) + + "&choice=existingdomain"+ + "&p=3" + + "&op=next" + + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + + } + + public boolean DisplayChainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + String query_string = null; + + query_string = "p=4" + "&op=next" + "&xml=true"; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + // px.parse(bais); + // px.prettyprintxml(); + + return true; + + } + + public boolean SecurityDomainLoginPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String ocsp_url = "https://" + cs_hostname + ":" + cs_port + + "/ocsp/admin/console/config/wizard" + + "?p=5&subsystem=OCSP" ; + + String query_string = "url=" + URLEncoder.encode(ocsp_url); + + hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); + + String query_string_1 = "uid=" + sd_admin_name + + "&pwd=" + URLEncoder.encode(sd_admin_password) + + "&url=" + URLEncoder.encode(ocsp_url) ; + + hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, + query_string_1); + + // get session id from security domain + + String ocsp_session_id = hr.getContentValue("header.session_id"); + String ocsp_url_1 = hr.getContentValue("header.url"); + + System.out.println("OCSP_SESSION_ID=" + ocsp_session_id ); + System.out.println("OCSP_URL=" + ocsp_url_1 ); + + // use session id to connect back to OCSP + + String query_string_2 = "p=5" + + "&subsystem=OCSP" + + "&session_id=" + ocsp_session_id + + "&xml=true" ; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, + query_string_2); + + // parse xml + // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + // px.parse(bais); + // px.prettyprintxml(); + + return true; + + } + + public boolean SubsystemPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "p=5" + "&op=next" + "&xml=true" + + "&subsystemName=" + + URLEncoder.encode(subsystem_name) + + "&choice=newsubsystem" ; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean LdapConnectionPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=7" + "&op=next" + "&xml=true" + + "&host=" + URLEncoder.encode(ldap_host) + + "&port=" + URLEncoder.encode(ldap_port) + + "&binddn=" + URLEncoder.encode(bind_dn) + + "&__bindpwd=" + URLEncoder.encode(bind_password) + + "&basedn=" + URLEncoder.encode(base_dn) + + "&database=" + URLEncoder.encode(db_name) + + "&display=" + URLEncoder.encode("$displayStr") + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean KeyPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList al = null; + + String query_string = "p=8" + "&op=next" + "&xml=true" + + "&signing_custom_size=" + signing_key_size + + "&subsystem_custom_size=" + subsystem_key_size + + "&sslserver_custom_size=" + sslserver_key_size + + "&audit_signing_custom_size=" + audit_signing_key_size + + "&custom_size=" + key_size + + "&signing_custom_curvename=" + signing_key_curvename + + "&subsystem_custom_curvename=" + subsystem_key_curvename + + "&sslserver_custom_curvename=" + sslserver_key_curvename + + "&audit_signing_custom_curvename=" + audit_signing_key_curvename + + "&custom_curvename=" + key_curvename + + "&signing_keytype=" + signing_key_type + + "&subsystem_keytype=" + subsystem_key_type + + "&sslserver_keytype=" + sslserver_key_type + + "&audit_signing_keytype=" + audit_signing_key_type + + "&keytype=" + key_type + + "&signing_choice=custom"+ + "&subsystem_choice=custom"+ + "&sslserver_choice=custom"+ + "&audit_signing_choice=custom" + + "&signingalgorithm=" + signing_algorithm + + "&signing_signingalgorithm=" + signing_signingalgorithm + + "&choice=custom"; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + al = px.constructvaluelist("CertReqPair","DN"); + // get ca cert subject name + if (al != null) { + for (int i=0; i < al.size(); i++) { + String temp = (String) al.get(i); + if (temp.indexOf("OCSP Signing") > 0) { + ocsp_signing_cert_name = temp; + } else if (temp.indexOf("OCSP Subsystem") > 0) { + ocsp_subsystem_cert_name = temp; + } else if (temp.indexOf("Audit Signing Certificate") > 0) { + ocsp_audit_signing_cert_name = temp; + } else { + server_cert_name = temp; + } + } + } + + System.out.println("default: ocsp_signing_cert_name=" + ocsp_signing_cert_name); + System.out.println("default: ocsp_subsystem_cert_name=" + ocsp_subsystem_cert_name); + System.out.println("default: server_cert_name=" + server_cert_name); System.out.println("default: oscp_audit_signing_cert_name=" + ocsp_audit_signing_cert_name); - return true; - } - - public boolean CertSubjectPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList req_list = null; - ArrayList cert_list = null; - ArrayList dn_list = null; - - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; - - String query_string = "p=9" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(ocsp_subsystem_cert_subject_name) + - "&signing=" + - URLEncoder.encode(ocsp_sign_cert_subject_name) + - "&sslserver=" + - URLEncoder.encode(ocsp_server_cert_subject_name) + - "&audit_signing=" + - URLEncoder.encode(ocsp_audit_signing_cert_subject_name) + - "&urls=" + - URLEncoder.encode(domain_url) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructvaluelist("CertReqPair","Request"); - cert_list = px.constructvaluelist("CertReqPair","Certificate"); - dn_list = px.constructvaluelist("CertReqPair","Nickname"); - - if(req_list != null && cert_list != null && dn_list != null) - { - for (int i=0; i < dn_list.size(); i++) - { - String temp = (String) dn_list.get(i); - - if(temp.indexOf("ocspSigningCert") >= 0 ) - { - ocsp_signing_cert_req = (String) req_list.get(i); - ocsp_signing_cert_cert = (String) cert_list.get(i); - } - else if(temp.indexOf("subsystemCert") >= 0 ) - { - ocsp_subsystem_cert_req = (String) req_list.get(i); - ocsp_subsystem_cert_cert = (String) cert_list.get(i); - } - else if (temp.indexOf("auditSigningCert") >=0) { - ocsp_audit_signing_cert_req = (String) req_list.get(i); - ocsp_audit_signing_cert_cert = (String) cert_list.get(i); - } - else - { - server_cert_req = (String) req_list.get(i); - server_cert_cert = (String) cert_list.get(i); - } - } - } - - return true; - } - - public boolean CertificatePanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList req_list = null; - ArrayList cert_list = null; - ArrayList dn_list = null; - ArrayList pp_list = null; - - - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(ocsp_subsystem_cert_cert) + - "&subsystem_cc=" + - "&signing=" + - URLEncoder.encode(ocsp_signing_cert_cert) + - "&signing_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert) + - "&sslserver_cc=" + - "&audit_signing=" + - URLEncoder.encode(ocsp_audit_signing_cert_cert) + - "&audit_signing_cc=" + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - - System.out.println("html returned=" + hr.getHTML()); - - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + backup_pwd + - "&__pwdagain=" + backup_pwd + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean SavePKCS12Panel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = ""; - - hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string); - - // dump hr.getResponseData() to file - - try - { - FileOutputStream fos = new FileOutputStream(backup_fname); - fos.write(hr.getResponseData()); - fos.close(); - - // set file to permissions 600 - String rtParams[] = { "chmod","600", backup_fname}; - Process proc = Runtime.getRuntime().exec(rtParams); - - BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); - String line = null; - while ( (line = br.readLine()) != null) - System.out.println("Error: " + line); - int exitVal = proc.waitFor(); - - // verify p12 file - - // Decode the P12 file - FileInputStream fis = new FileInputStream(backup_fname); - PFX.Template pfxt = new PFX.Template(); - PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); - System.out.println("Decoded PFX"); - - // now peruse it for interesting info - System.out.println("Version: "+pfx.getVersion()); - AuthenticatedSafes authSafes = pfx.getAuthSafes(); - SEQUENCE asSeq = authSafes.getSequence(); - System.out.println("AuthSafes has "+ - asSeq.size()+" SafeContents"); - - fis.close(); - } - catch(Exception e) - { - System.out.println("ERROR: Exception=" + e.getMessage()); - return false; - } - - return true; - } - - public boolean AdminCertReqPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - - String cert_subject = "CN=ocsp-" + admin_user; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if(crmf_request == null) - { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&cert_request_type=" + "crmf" + - "&uid=" + admin_user + - "&name=" + admin_user + - "&__pwd=" + admin_password + - "&__admin_password_again=" + admin_password + - "&profileId=" + "caAdminCert" + - "&email=" + - URLEncoder.encode(admin_email) + - "&cert_request=" + - URLEncoder.encode(admin_cert_request) + - "&subject=" + - URLEncoder.encode(agent_cert_subject) + - "&clone=new" + - "&import=true" + - "&securitydomain=" + - URLEncoder.encode(domain_name) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string); - - // get response data - String cert_to_import = - new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n" ; - String end = "\r\n-----END CERTIFICATE-----" ; - - st = cCrypt.importCert(start+cert_to_import+end,agent_name); - if(!st) - { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - return true; - } - - public boolean UpdateDomainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=14" + "&op=next" + "&xml=true" + - "&caHost=" + URLEncoder.encode(sd_hostname) + - "&caPort=" + URLEncoder.encode(sd_agent_port) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - - public boolean ConfigureOCSPInstance() - { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - // 1. Login panel - boolean log_st = LoginPanel(); - if(!log_st) - { - System.out.println("ERROR: ConfigureOCSP: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if(!disp_token) - { - System.out.println("ERROR: ConfigureOCSP: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean dom_st = DomainPanel(); - if(!dom_st) - { - System.out.println("ERROR: ConfigureOCSP: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if(!disp_st) - { - System.out.println("ERROR: ConfigureOCSP: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if(!disp_sd) - { - System.out.println("ERROR: ConfigureOCSP: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // subsystem panel - boolean disp_ss = SubsystemPanel(); - if(!disp_ss) - { - System.out.println("ERROR: ConfigureOCSP: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if(!disp_ldap) - { - System.out.println("ERROR: ConfigureOCSP: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 9. Key Panel - boolean disp_key = KeyPanel(); - if(!disp_key) - { - System.out.println("ERROR: ConfigureOCSP: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 10. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if(!disp_csubj) - { - System.out.println("ERROR: ConfigureOCSP: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 11. Certificate Panel - boolean disp_cp = CertificatePanel(); - if(!disp_cp) - { - System.out.println("ERROR: ConfigureOCSP: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // backup panel - boolean disp_back = BackupPanel(); - if(!disp_back) - { - System.out.println("ERROR: ConfigureOCSP: BackupPanel() failure"); - return false; - } - - sleep_time(); - // save panel - boolean disp_save = SavePKCS12Panel(); - if(!disp_save) - { - System.out.println("ERROR: ConfigureOCSP: SavePKCS12Panel() failure"); - return false; - } - - sleep_time(); - // 13. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if(!disp_adm) - { - System.out.println("ERROR: ConfigureOCSP: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 14. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if(!disp_im) - { - System.out.println("ERROR: ConfigureOCSP: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 15. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if(!disp_ud) - { - System.out.println("ERROR: ConfigureOCSP: UpdateDomainPanel() failure"); - return false; - } - - sleep_time(); - return true; - } - - public static void main(String args[]) - { - ConfigureOCSP ca = new ConfigureOCSP(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - - // key size - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - StringHolder x_backup_fname = new StringHolder(); - - // ca cert subject name params - StringHolder x_ocsp_sign_cert_subject_name = new StringHolder(); - StringHolder x_ocsp_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_ocsp_server_cert_subject_name = new StringHolder(); - StringHolder x_ocsp_audit_signing_cert_subject_name = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureOCSP"); - - parser.addOption ("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption ("-cs_port %s #CS SSL Admin port", - x_cs_port); - - parser.addOption ("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption ("-sd_admin_name %s #Security Domain Admin Name", - x_sd_admin_name); - parser.addOption ("-sd_admin_password %s #Security Domain Admin password", - x_sd_admin_password); - - parser.addOption ("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption ("-ca_port %s #CA non-SSL EE port", - x_ca_port); - parser.addOption ("-ca_ssl_port %s #CA SSL EE port", - x_ca_ssl_port); - - parser.addOption ("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption ("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption ("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption ("-domain_name %s #domain name", - x_domain_name); - parser.addOption ("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption ("-admin_email %s #Admin email", - x_admin_email); - parser.addOption ("-admin_password %s #Admin password", - x_admin_password); - parser.addOption ("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption ("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption ("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption ("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption ("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption ("-base_dn %s #base dn", - x_base_dn); - parser.addOption ("-db_name %s #db name", - x_db_name); - - parser.addOption ("-key_size %s #Key Size", - x_key_size); - parser.addOption ("-key_type %s #Key type [RSA,ECC]", - x_key_type); - parser.addOption ("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - - parser.addOption ("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption ("-agent_cert_subject %s #Agent Cert Subject", - x_agent_cert_subject); - - parser.addOption ("-backup_pwd %s #PKCS12 password", - x_backup_pwd); - - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-ocsp.p12", - x_backup_fname); - - parser.addOption ( - "-ocsp_sign_cert_subject_name %s #OCSP cert subject name", - x_ocsp_sign_cert_subject_name); - parser.addOption ( - "-ocsp_subsystem_cert_subject_name %s #OCSP subsystem cert subject name", - x_ocsp_subsystem_cert_subject_name); - parser.addOption ( - "-ocsp_server_cert_subject_name %s #OCSP server cert subject name", - x_ocsp_server_cert_subject_name); - - parser.addOption ( - "-subsystem_name %s #OCSP subsystem name", - x_subsystem_name); - - parser.addOption( - "-ocsp_audit_signing_cert_subject_name %s #OCSP audit signing cert subject name", - x_ocsp_audit_signing_cert_subject_name); - - // and then match the arguments - String [] unmatched = null; - unmatched = parser.matchAllArgs (args,0,parser.EXIT_ON_UNMATCHED); - - if(unmatched!=null) - { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - - key_size = x_key_size.value; - key_type = x_key_type.value; - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - if ((x_backup_fname.value == null) || (x_backup_fname.equals(""))) { - backup_fname = "/root/tmp-ocsp.p12"; + return true; + } + + public boolean CertSubjectPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList req_list = null; + ArrayList cert_list = null; + ArrayList dn_list = null; + + String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; + + String query_string = "p=9" + "&op=next" + "&xml=true" + + "&subsystem=" + + URLEncoder.encode(ocsp_subsystem_cert_subject_name) + + "&signing=" + + URLEncoder.encode(ocsp_sign_cert_subject_name) + + "&sslserver=" + + URLEncoder.encode(ocsp_server_cert_subject_name) + + "&audit_signing=" + + URLEncoder.encode(ocsp_audit_signing_cert_subject_name) + + "&urls=" + + URLEncoder.encode(domain_url) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + req_list = px.constructvaluelist("CertReqPair","Request"); + cert_list = px.constructvaluelist("CertReqPair","Certificate"); + dn_list = px.constructvaluelist("CertReqPair","Nickname"); + + if (req_list != null && cert_list != null && dn_list != null) { + for (int i=0; i < dn_list.size(); i++) { + String temp = (String) dn_list.get(i); + + if (temp.indexOf("ocspSigningCert") >= 0 ) { + ocsp_signing_cert_req = (String) req_list.get(i); + ocsp_signing_cert_cert = (String) cert_list.get(i); + } else if (temp.indexOf("subsystemCert") >= 0 ) { + ocsp_subsystem_cert_req = (String) req_list.get(i); + ocsp_subsystem_cert_cert = (String) cert_list.get(i); + } else if (temp.indexOf("auditSigningCert") >=0) { + ocsp_audit_signing_cert_req = (String) req_list.get(i); + ocsp_audit_signing_cert_cert = (String) cert_list.get(i); } else { - backup_fname = x_backup_fname.value; + server_cert_req = (String) req_list.get(i); + server_cert_cert = (String) cert_list.get(i); } - - ocsp_sign_cert_subject_name = x_ocsp_sign_cert_subject_name.value ; - ocsp_subsystem_cert_subject_name = - x_ocsp_subsystem_cert_subject_name.value; - ocsp_server_cert_subject_name = x_ocsp_server_cert_subject_name.value ; + } + } + + return true; + } + + public boolean CertificatePanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList req_list = null; + ArrayList cert_list = null; + ArrayList dn_list = null; + ArrayList pp_list = null; + + + String query_string = "p=10" + "&op=next" + "&xml=true" + + "&subsystem=" + + URLEncoder.encode(ocsp_subsystem_cert_cert) + + "&subsystem_cc=" + + "&signing=" + + URLEncoder.encode(ocsp_signing_cert_cert) + + "&signing_cc=" + + "&sslserver=" + + URLEncoder.encode(server_cert_cert) + + "&sslserver_cc=" + + "&audit_signing=" + + URLEncoder.encode(ocsp_audit_signing_cert_cert) + + "&audit_signing_cc=" + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + + System.out.println("html returned=" + hr.getHTML()); + + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean BackupPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=11" + "&op=next" + "&xml=true" + + "&choice=backupkey" + + "&__pwd=" + URLEncoder.encode(backup_pwd) + + "&__pwdagain=" + URLEncoder.encode(backup_pwd); + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean SavePKCS12Panel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = ""; + + hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string); + + // dump hr.getResponseData() to file + + try { + FileOutputStream fos = new FileOutputStream(backup_fname); + fos.write(hr.getResponseData()); + fos.close(); + + // set file to permissions 600 + String rtParams[] = { "chmod","600", backup_fname}; + Process proc = Runtime.getRuntime().exec(rtParams); + + BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); + String line = null; + while ( (line = br.readLine()) != null) + System.out.println("Error: " + line); + int exitVal = proc.waitFor(); + + // verify p12 file + + // Decode the P12 file + FileInputStream fis = new FileInputStream(backup_fname); + PFX.Template pfxt = new PFX.Template(); + PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); + System.out.println("Decoded PFX"); + + // now peruse it for interesting info + System.out.println("Version: "+pfx.getVersion()); + AuthenticatedSafes authSafes = pfx.getAuthSafes(); + SEQUENCE asSeq = authSafes.getSequence(); + System.out.println("AuthSafes has "+ + asSeq.size()+" SafeContents"); + + fis.close(); + } catch(Exception e) { + System.out.println("ERROR: Exception=" + e.getMessage()); + return false; + } + + return true; + } + + public boolean AdminCertReqPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + String admin_cert_request = null; + + + String cert_subject = "CN=ocsp-" + admin_user; + + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + agent_cert_subject, + agent_key_size, + agent_key_type); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.setTransportCert(null); + cCrypt.setDualKey(false); + cCrypt.loginDB(); + + String crmf_request = cCrypt.generateCRMFrequest(); + + if (crmf_request == null) { + System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); + return false; + } + + admin_cert_request = crmf_request; + + String query_string = "p=13" + "&op=next" + "&xml=true" + + "&cert_request_type=" + "crmf" + + "&uid=" + admin_user + + "&name=" + admin_user + + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + + "&profileId=" + "caAdminCert" + + "&email=" + + URLEncoder.encode(admin_email) + + "&cert_request=" + + URLEncoder.encode(admin_cert_request) + + "&subject=" + + URLEncoder.encode(agent_cert_subject) + + "&clone=new" + + "&import=true" + + "&securitydomain=" + + URLEncoder.encode(domain_name) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + admin_serial_number = px.getvalue("serialNumber"); + + return true; + } + + public boolean AdminCertImportPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "serialNumber=" + admin_serial_number + + "&importCert=" + "true" + + ""; + + hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string); + + // get response data + String cert_to_import = + new sun.misc.BASE64Encoder().encode(hr.getResponseData()); + System.out.println("Imported Cert=" + cert_to_import); + + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + null, + null, + null); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.loginDB(); + + String start = "-----BEGIN CERTIFICATE-----\r\n" ; + String end = "\r\n-----END CERTIFICATE-----" ; + + st = cCrypt.importCert(start+cert_to_import+end,agent_name); + if (!st) { + System.out.println("ERROR: AdminCertImportPanel() during cert import"); + return false; + } + + System.out.println("SUCCESS: imported admin user cert"); + return true; + } + + public boolean UpdateDomainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "p=14" + "&op=next" + "&xml=true" + + "&caHost=" + URLEncoder.encode(sd_hostname) + + "&caPort=" + URLEncoder.encode(sd_agent_port) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + + public boolean ConfigureOCSPInstance() + { + // 0. login to cert db + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + null, + null, + null); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.loginDB(); + + // instantiate http client + hc = new HTTPClient(); + + // 1. Login panel + boolean log_st = LoginPanel(); + if (!log_st) { + System.out.println("ERROR: ConfigureOCSP: LoginPanel() failure"); + return false; + } + + sleep_time(); + // 2. Token Choice Panel + boolean disp_token = TokenChoicePanel(); + if (!disp_token) { + System.out.println("ERROR: ConfigureOCSP: TokenChoicePanel() failure"); + return false; + } + + sleep_time(); + // 3. domain panel + boolean dom_st = DomainPanel(); + if (!dom_st) { + System.out.println("ERROR: ConfigureOCSP: DomainPanel() failure"); + return false; + } + + sleep_time(); + // 4. display cert chain panel + boolean disp_st = DisplayChainPanel(); + if (!disp_st) { + System.out.println("ERROR: ConfigureOCSP: DisplayChainPanel() failure"); + return false; + } + + sleep_time(); + // security domain login panel + boolean disp_sd = SecurityDomainLoginPanel(); + if (!disp_sd) { + System.out.println("ERROR: ConfigureOCSP: SecurityDomainLoginPanel() failure"); + return false; + } + + sleep_time(); + // subsystem panel + boolean disp_ss = SubsystemPanel(); + if (!disp_ss) { + System.out.println("ERROR: ConfigureOCSP: SubsystemPanel() failure"); + return false; + } + + sleep_time(); + // 7. ldap connection panel + boolean disp_ldap = LdapConnectionPanel(); + if (!disp_ldap) { + System.out.println("ERROR: ConfigureOCSP: LdapConnectionPanel() failure"); + return false; + } + + sleep_time(); + sleep_time(); + // 9. Key Panel + boolean disp_key = KeyPanel(); + if (!disp_key) { + System.out.println("ERROR: ConfigureOCSP: KeyPanel() failure"); + return false; + } + + sleep_time(); + // 10. Cert Subject Panel + boolean disp_csubj = CertSubjectPanel(); + if (!disp_csubj) { + System.out.println("ERROR: ConfigureOCSP: CertSubjectPanel() failure"); + return false; + } + + sleep_time(); + // 11. Certificate Panel + boolean disp_cp = CertificatePanel(); + if (!disp_cp) { + System.out.println("ERROR: ConfigureOCSP: CertificatePanel() failure"); + return false; + } + + sleep_time(); + // backup panel + boolean disp_back = BackupPanel(); + if (!disp_back) { + System.out.println("ERROR: ConfigureOCSP: BackupPanel() failure"); + return false; + } + + sleep_time(); + // save panel + boolean disp_save = SavePKCS12Panel(); + if (!disp_save) { + System.out.println("ERROR: ConfigureOCSP: SavePKCS12Panel() failure"); + return false; + } + + sleep_time(); + // 13. Admin Cert Req Panel + boolean disp_adm = AdminCertReqPanel(); + if (!disp_adm) { + System.out.println("ERROR: ConfigureOCSP: AdminCertReqPanel() failure"); + return false; + } + + sleep_time(); + // 14. Admin Cert import Panel + boolean disp_im = AdminCertImportPanel(); + if (!disp_im) { + System.out.println("ERROR: ConfigureOCSP: AdminCertImportPanel() failure"); + return false; + } + + sleep_time(); + // 15. Update Domain Panel + boolean disp_ud = UpdateDomainPanel(); + if (!disp_ud) { + System.out.println("ERROR: ConfigureOCSP: UpdateDomainPanel() failure"); + return false; + } + + sleep_time(); + return true; + } + + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + + public static void main(String args[]) + { + ConfigureOCSP ca = new ConfigureOCSP(); + + // set variables + StringHolder x_cs_hostname = new StringHolder(); + StringHolder x_cs_port = new StringHolder(); + + StringHolder x_sd_hostname = new StringHolder(); + StringHolder x_sd_ssl_port = new StringHolder(); + StringHolder x_sd_agent_port = new StringHolder(); + StringHolder x_sd_admin_port = new StringHolder(); + StringHolder x_sd_admin_name = new StringHolder(); + StringHolder x_sd_admin_password = new StringHolder(); + + StringHolder x_ca_hostname = new StringHolder(); + StringHolder x_ca_port = new StringHolder(); + StringHolder x_ca_ssl_port = new StringHolder(); + + StringHolder x_client_certdb_dir = new StringHolder(); + StringHolder x_client_certdb_pwd = new StringHolder(); + StringHolder x_preop_pin = new StringHolder(); + + StringHolder x_domain_name = new StringHolder(); + + StringHolder x_admin_user = new StringHolder(); + StringHolder x_admin_email = new StringHolder(); + StringHolder x_admin_password = new StringHolder(); + + // ldap + StringHolder x_ldap_host = new StringHolder(); + StringHolder x_ldap_port = new StringHolder(); + StringHolder x_bind_dn = new StringHolder(); + StringHolder x_bind_password = new StringHolder(); + StringHolder x_base_dn = new StringHolder(); + StringHolder x_db_name = new StringHolder(); + + // key properties (defaults) + StringHolder x_key_size = new StringHolder(); + StringHolder x_key_type = new StringHolder(); + StringHolder x_key_curvename = new StringHolder(); + StringHolder x_signing_algorithm = new StringHolder(); + + // key properties (custom - signing) + StringHolder x_signing_key_size = new StringHolder(); + StringHolder x_signing_key_type = new StringHolder(); + StringHolder x_signing_key_curvename = new StringHolder(); + StringHolder x_signing_signingalgorithm = new StringHolder(); + + // key properties (custom - audit_signing) + StringHolder x_audit_signing_key_size = new StringHolder(); + StringHolder x_audit_signing_key_type = new StringHolder(); + StringHolder x_audit_signing_key_curvename = new StringHolder(); + + // key properties (custom - subsystem) + StringHolder x_subsystem_key_size = new StringHolder(); + StringHolder x_subsystem_key_type = new StringHolder(); + StringHolder x_subsystem_key_curvename = new StringHolder(); + + // key properties (custom - sslserver) + StringHolder x_sslserver_key_size = new StringHolder(); + StringHolder x_sslserver_key_type = new StringHolder(); + StringHolder x_sslserver_key_curvename = new StringHolder(); + + StringHolder x_token_name = new StringHolder(); + StringHolder x_token_pwd = new StringHolder(); + + StringHolder x_agent_key_size = new StringHolder(); + StringHolder x_agent_key_type = new StringHolder(); + StringHolder x_agent_cert_subject = new StringHolder(); + + StringHolder x_agent_name = new StringHolder(); + StringHolder x_backup_pwd = new StringHolder(); + StringHolder x_backup_fname = new StringHolder(); + + // ca cert subject name params + StringHolder x_ocsp_sign_cert_subject_name = new StringHolder(); + StringHolder x_ocsp_subsystem_cert_subject_name = new StringHolder(); + StringHolder x_ocsp_server_cert_subject_name = new StringHolder(); + StringHolder x_ocsp_audit_signing_cert_subject_name = new StringHolder(); + + // subsystemName + StringHolder x_subsystem_name = new StringHolder(); + + // parse the args + ArgParser parser = new ArgParser("ConfigureOCSP"); + + parser.addOption ("-cs_hostname %s #CS Hostname", + x_cs_hostname); + parser.addOption ("-cs_port %s #CS SSL Admin port", + x_cs_port); + + parser.addOption ("-sd_hostname %s #Security Domain Hostname", + x_sd_hostname); + parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", + x_sd_ssl_port); + parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", + x_sd_agent_port); + parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", + x_sd_admin_port); + parser.addOption ("-sd_admin_name %s #Security Domain Admin Name", + x_sd_admin_name); + parser.addOption ("-sd_admin_password %s #Security Domain Admin password", + x_sd_admin_password); + + parser.addOption ("-ca_hostname %s #CA Hostname", + x_ca_hostname); + parser.addOption ("-ca_port %s #CA non-SSL EE port", + x_ca_port); + parser.addOption ("-ca_ssl_port %s #CA SSL EE port", + x_ca_ssl_port); + + parser.addOption ("-client_certdb_dir %s #Client CertDB dir", + x_client_certdb_dir); + parser.addOption ("-client_certdb_pwd %s #client certdb password", + x_client_certdb_pwd); + parser.addOption ("-preop_pin %s #pre op pin", + x_preop_pin); + parser.addOption ("-domain_name %s #domain name", + x_domain_name); + parser.addOption ("-admin_user %s #Admin User Name", + x_admin_user); + parser.addOption ("-admin_email %s #Admin email", + x_admin_email); + parser.addOption ("-admin_password %s #Admin password", + x_admin_password); + parser.addOption ("-agent_name %s #Agent Cert Nickname", + x_agent_name); + + parser.addOption ("-ldap_host %s #ldap host", + x_ldap_host); + parser.addOption ("-ldap_port %s #ldap port", + x_ldap_port); + parser.addOption ("-bind_dn %s #ldap bind dn", + x_bind_dn); + parser.addOption ("-bind_password %s #ldap bind password", + x_bind_password); + parser.addOption ("-base_dn %s #base dn", + x_base_dn); + parser.addOption ("-db_name %s #db name", + x_db_name); + + // key and algorithm options (default) + parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); + parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); + parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); + parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm); + + // key and algorithm options for signing certificate (overrides default) + parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); + parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); + parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename); + parser.addOption("-signing_signingalgorithm %s #Algorithm used be ocsp signing cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm); + + // key and algorithm options for audit_signing certificate (overrides default) + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); + parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + + // key and algorithm options for subsystem certificate (overrides default) + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + + // key and algorithm options for sslserver certificate (overrides default) + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + + parser.addOption ("-token_name %s #HSM/Software Token name", + x_token_name); + parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", + x_token_pwd); + + parser.addOption ("-agent_key_size %s #Agent Cert Key Size", + x_agent_key_size); + parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", + x_agent_key_type); + parser.addOption ("-agent_cert_subject %s #Agent Cert Subject", + x_agent_cert_subject); + + parser.addOption ("-backup_pwd %s #PKCS12 password", + x_backup_pwd); + + parser.addOption ( + "-ocsp_sign_cert_subject_name %s #OCSP cert subject name", + x_ocsp_sign_cert_subject_name); + parser.addOption ( + "-ocsp_subsystem_cert_subject_name %s #OCSP subsystem cert subject name", + x_ocsp_subsystem_cert_subject_name); + parser.addOption ( + "-ocsp_server_cert_subject_name %s #OCSP server cert subject name", + x_ocsp_server_cert_subject_name); + + parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-ocsp.p12", + x_backup_fname); + + parser.addOption ( + "-subsystem_name %s #OCSP subsystem name", + x_subsystem_name); + + parser.addOption( + "-ocsp_audit_signing_cert_subject_name %s #OCSP audit signing cert subject name", + x_ocsp_audit_signing_cert_subject_name); + + // and then match the arguments + String [] unmatched = null; + unmatched = parser.matchAllArgs (args,0,parser.EXIT_ON_UNMATCHED); + + if (unmatched!=null) { + System.out.println("ERROR: Argument Mismatch"); + System.exit(-1); + } + + parser.checkRequiredArgs(); + + // set variables + cs_hostname = x_cs_hostname.value; + cs_port = x_cs_port.value; + + sd_hostname = x_sd_hostname.value; + sd_ssl_port = x_sd_ssl_port.value; + sd_agent_port = x_sd_agent_port.value; + sd_admin_port = x_sd_admin_port.value; + sd_admin_name = x_sd_admin_name.value; + sd_admin_password = x_sd_admin_password.value; + + ca_hostname = x_ca_hostname.value; + ca_port = x_ca_port.value; + ca_ssl_port = x_ca_ssl_port.value; + + client_certdb_dir = x_client_certdb_dir.value; + client_certdb_pwd = x_client_certdb_pwd.value; + pin = x_preop_pin.value; + domain_name = x_domain_name.value; + + admin_user = x_admin_user.value; + admin_email = x_admin_email.value; + admin_password = x_admin_password.value; + agent_name = x_agent_name.value; + + ldap_host = x_ldap_host.value; + ldap_port = x_ldap_port.value; + bind_dn = x_bind_dn.value; + bind_password = x_bind_password.value; + base_dn = x_base_dn.value; + db_name = x_db_name.value; + + key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); + signing_key_type = set_default(x_signing_key_type.value, key_type); + audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); + subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); + sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); + + key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); + signing_key_size = set_default(x_signing_key_size.value, key_size); + audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); + subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); + sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); + + key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); + signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename); + audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); + subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); + sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); + + if (signing_key_type.equalsIgnoreCase("RSA")) { + signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); + } else { + signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); + } + signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm); + + token_name = x_token_name.value; + token_pwd = x_token_pwd.value; + + agent_key_size = x_agent_key_size.value; + agent_key_type = x_agent_key_type.value; + agent_cert_subject = x_agent_cert_subject.value; + + backup_pwd = x_backup_pwd.value; + backup_fname = set_default(x_backup_fname.value, "/root/tmp-ocsp.p12"); + + ocsp_sign_cert_subject_name = x_ocsp_sign_cert_subject_name.value ; + ocsp_subsystem_cert_subject_name = + x_ocsp_subsystem_cert_subject_name.value; + ocsp_server_cert_subject_name = x_ocsp_server_cert_subject_name.value ; ocsp_audit_signing_cert_subject_name = x_ocsp_audit_signing_cert_subject_name.value; - - subsystem_name = x_subsystem_name.value ; - - - boolean st = ca.ConfigureOCSPInstance(); - - if (!st) - { - System.out.println("ERROR: unable to create OCSP"); - System.exit(-1); - } - - System.out.println("Certificate System - OCSP Instance Configured"); - System.exit(0); - - } + + subsystem_name = x_subsystem_name.value ; + + + boolean st = ca.ConfigureOCSPInstance(); + + if (!st) { + System.out.println("ERROR: unable to create OCSP"); + System.exit(-1); + } + + System.out.println("Certificate System - OCSP Instance Configured"); + System.exit(0); + + } }; diff --git a/pki/base/silent/src/ra/ConfigureRA.java b/pki/base/silent/src/ra/ConfigureRA.java index 4a73dd1d..43ade27b 100644 --- a/pki/base/silent/src/ra/ConfigureRA.java +++ b/pki/base/silent/src/ra/ConfigureRA.java @@ -243,7 +243,7 @@ public class ConfigureRA hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + sd_admin_password + + "&pwd=" + URLEncoder.encode(sd_admin_password) + "&url=" + URLEncoder.encode(ra_url) + "" ; @@ -527,8 +527,8 @@ public class ConfigureRA URLEncoder.encode("RA Administrator") + "&email=" + URLEncoder.encode(admin_email) + - "&__pwd=" + admin_password + - "&__admin_password_again=" + admin_password + + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + "&cert_request=" + URLEncoder.encode(admin_cert_request) + "&display=0" + diff --git a/pki/base/silent/src/subca/ConfigureSubCA.java b/pki/base/silent/src/subca/ConfigureSubCA.java index f10affc0..b82ae467 100644 --- a/pki/base/silent/src/subca/ConfigureSubCA.java +++ b/pki/base/silent/src/subca/ConfigureSubCA.java @@ -47,595 +47,629 @@ import com.netscape.osutil.*; public class ConfigureSubCA { - public static Hashtable mUsedPort = new Hashtable(); - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/ca/admin/console/config/login"; - public static String wizard_uri = "/ca/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/ca/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - - public static String key_size = null; - public static String key_type = null; - public static String signing_algorithm = null; - public static String signing_signingalgorithm = null; - public static String ocsp_signing_signingalgorithm = null; - - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String ca_cert_name = null; - public static String ca_cert_req = null; - public static String ca_cert_pp = null; - public static String ca_cert_cert = null; - - public static String ocsp_cert_name = null; - public static String ocsp_cert_req = null; - public static String ocsp_cert_pp = null; - public static String ocsp_cert_cert = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String ca_subsystem_cert_name = null; - public static String ca_subsystem_cert_req = null; - public static String ca_subsystem_cert_pp = null; - public static String ca_subsystem_cert_cert = null; - - public static String ca_audit_signing_cert_name = null; - public static String ca_audit_signing_cert_req = null; - public static String ca_audit_signing_cert_pp = null; - public static String ca_audit_signing_cert_cert = null; - - public static String backup_pwd = null; - - public static String subsystem_name = null; - - // names - public static String subca_sign_cert_subject_name = null; - public static String subca_subsystem_cert_subject_name = null; - public static String subca_ocsp_cert_subject_name = null; - public static String subca_server_cert_subject_name = null; - public static String subca_audit_signing_cert_subject_name = null; - - public ConfigureSubCA () - { - // do nothing :) - } - - public void sleep_time() - { - try - { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } - catch(Exception e) - { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if(temp!=null) - { - int index = temp.indexOf(";"); - hc.j_session_id = temp.substring(0,index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - /////////////////////////////////////////////////////// - String query_string = null; - - // Software Token - if(token_name.equalsIgnoreCase("internal")) - { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token") + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else - { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name) + - "&__uPasswd=" + - URLEncoder.encode(token_pwd) + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name) + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - - return true; - } - - public boolean DomainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url) + - "&sdomainName="+ - URLEncoder.encode(domain_name) + - "&choice=existingdomain"+ - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - String query_string_1 = "p=4" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string_1); - - return true; - - } - - public boolean SecurityDomainLoginPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String subca_url = "https://" + cs_hostname + ":" + cs_port + - "/ca/admin/console/config/wizard" + - "?p=5&subsystem=CA" ; - - String query_string = "url=" + URLEncoder.encode(subca_url); - - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + sd_admin_password + - "&url=" + URLEncoder.encode(subca_url) ; - - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String subca_session_id = hr.getContentValue("header.session_id"); - String subca_url_1 = hr.getContentValue("header.url"); - - System.out.println("SUBCA_SESSION_ID=" + subca_session_id ); - System.out.println("SUBCA_URL=" + subca_url_1 ); - - // use session id to connect back to subCA - - String query_string_2 = "p=5" + - "&subsystem=CA" + - "&session_id=" + subca_session_id + - "&xml=true" ; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - query_string_2); - - return true; - - } - - public boolean DisplayChainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String query_string = null; - - query_string = "p=5" + "&op=next" + "&xml=true" + - "&choice=newsubsystem" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name) + - "&subsystemName=" + - URLEncoder.encode(subsystem_name) + - "&urls=0" ; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - } - - public boolean HierarchyPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=8" + "&op=next" + "&xml=true" + - "&choice=join" ; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - - return true; - - } - - public boolean LdapConnectionPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=9" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host) + - "&port=" + URLEncoder.encode(ldap_port) + - "&basedn=" + URLEncoder.encode(base_dn) + - "&database=" + URLEncoder.encode(db_name) + - "&binddn=" + URLEncoder.encode(bind_dn) + - "&__bindpwd=" + URLEncoder.encode(bind_password) + - "&display=" + URLEncoder.encode("$displayStr") + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList al = null; - - - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&keytype=" + key_type + - "&signingalgorithm=" + signing_algorithm + - "&choice=default"+ - "&custom_size=" + key_size + - "&signing_keytype=" + key_type + - "&signing_signingalgorithm=" + signing_signingalgorithm + - "&signing_choice=default"+ - "&signing_custom_size=" + key_size + - "&ocsp_signing_keytype=" + key_type + - "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm + - "&ocsp_signing_choice=default"+ - "&ocsp_signing_custom_size=" + key_size + - "&sslserver_keytype=" + key_type + - "&sslserver_choice=default"+ - "&sslserver_custom_size=" + key_size + - "&subsystem_keytype=" + key_type + - "&subsystem_choice=default"+ - "&subsystem_custom_size=" + key_size + - "&audit_signing_keytype=" + key_type + - "&audit_signing_choice=default" + - "&audit_signing_custom_size=" + key_size + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructvaluelist("CertReqPair","DN"); - // get ca cert subject name - if(al != null) { - for (int i=0; i < al.size(); i++) { - String temp = (String) al.get(i); - if(temp.indexOf("Certificate Authority") > 0 ) { - ca_cert_name = temp; - } else if(temp.indexOf("OCSP Signing Certificate") > 0 ) { - ocsp_cert_name = temp; - } else if(temp.indexOf("Subsystem Certificate") > 0 ) { - ca_subsystem_cert_name = temp; - } else if (temp.indexOf("Audit Signing Certificate") > 0) { - ca_audit_signing_cert_name = temp; - } else { - server_cert_name = temp; - } - } - } - - System.out.println("default: ca_cert_name=" + ca_cert_name); - System.out.println("default: ocsp_cert_name=" + ocsp_cert_name); - System.out.println("default: ca_subsystem_cert_name=" + - ca_subsystem_cert_name); - System.out.println("default: server_cert_name=" + server_cert_name); - System.out.println("default: ca_audit_signing_cert_name=" + - ca_audit_signing_cert_name); - return true; - } - - public boolean CertSubjectPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList req_list = null; - ArrayList cert_list = null; - ArrayList dn_list = null; - - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; - - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&signing=" + - URLEncoder.encode(subca_sign_cert_subject_name) + - "&ocsp_signing=" + - URLEncoder.encode(subca_ocsp_cert_subject_name) + - "&sslserver=" + - URLEncoder.encode(subca_server_cert_subject_name) + - "&subsystem=" + - URLEncoder.encode(subca_subsystem_cert_subject_name) + - "&audit_signing=" + - URLEncoder.encode(subca_audit_signing_cert_subject_name) + - "&urls=0" + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructvaluelist("CertReqPair","Request"); - cert_list = px.constructvaluelist("CertReqPair","Certificate"); - dn_list = px.constructvaluelist("CertReqPair","Nickname"); - - System.out.println("req_list_size=" + req_list.size()); - System.out.println("cert_list_size=" + cert_list.size()); - System.out.println("dn_list_size=" + dn_list.size()); - - if(req_list != null && cert_list != null && dn_list != null) { - for (int i=0; i < dn_list.size(); i++) { - String temp = (String) dn_list.get(i); - - if(temp.indexOf("caSigningCert") >= 0 ) { - ca_cert_req = (String) req_list.get(i); - ca_cert_cert = (String) cert_list.get(i); - } else if(temp.indexOf("ocspSigningCert") >= 0 ) { - ocsp_cert_req = (String) req_list.get(i); - ocsp_cert_cert = (String) cert_list.get(i); - } else if(temp.indexOf("subsystemCert") >= 0 ) { - ca_subsystem_cert_req = (String) req_list.get(i); - ca_subsystem_cert_cert = (String) cert_list.get(i); - } else if (temp.indexOf("auditSigningCert") >=0) { - ca_audit_signing_cert_req = (String) req_list.get(i); - ca_audit_signing_cert_cert = (String) cert_list.get(i); - } else { - server_cert_req = (String) req_list.get(i); - server_cert_cert = (String) cert_list.get(i); - } - } - } - - System.out.println("ca_cert_name=" + subca_sign_cert_subject_name); - System.out.println("ocsp_cert_name=" + subca_ocsp_cert_subject_name); - System.out.println("ca_subsystem_cert_name=" + - subca_subsystem_cert_subject_name); - System.out.println("server_cert_name=" + - subca_server_cert_subject_name); - System.out.println("audit_signing_cert_name=" + - subca_audit_signing_cert_subject_name); - - System.out.println("ca_cert_req=" + ca_cert_req); - System.out.println("ocsp_cert_req=" + ocsp_cert_req); - System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req); - System.out.println("server_cert_req=" + server_cert_req); - System.out.println("ca_audit_siging_cert_req=" + - ca_audit_signing_cert_req); - - System.out.println("ca_cert_cert=" + ca_cert_cert); - System.out.println("ocsp_cert_cert=" + ocsp_cert_cert); - System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert); - System.out.println("server_cert_cert=" + server_cert_cert); - System.out.println("ca_audit_signing_cert_cert=" + - ca_audit_signing_cert_cert); - - return true; - } - - public boolean CertificatePanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList req_list = null; - ArrayList cert_list = null; - ArrayList dn_list = null; - ArrayList pp_list = null; - - - String query_string = "p=12" + "&op=next" + "&xml=true" + - "&signing=" + - URLEncoder.encode(ca_cert_cert) + - "&signing_cc=" + - "&ocsp_signing=" + - URLEncoder.encode(ocsp_cert_cert) + - "&ocsp_signing_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert) + - "&sslserver_cc=" + - "&subsystem=" + - URLEncoder.encode(ca_subsystem_cert_cert) + - "&subsystem_cc=" + - "&audit_signing=" + - URLEncoder.encode(ca_audit_signing_cert_cert) + - "&audit_signing_cc=" + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + backup_pwd + - "&__pwdagain=" + backup_pwd + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } + public static Hashtable mUsedPort = new Hashtable(); + + // global constants + public static final String DEFAULT_KEY_TYPE = "RSA"; + public static final String DEFAULT_KEY_SIZE = "2048"; + public static final String DEFAULT_KEY_CURVENAME = "nistp256"; + public static final String DEFAULT_KEY_ALGORITHM_RSA = "SHA256withRSA"; + public static final String DEFAULT_KEY_ALGORITHM_ECC = "SHA256withEC"; + + // define global variables + + public static HTTPClient hc = null; + + public static String login_uri = "/ca/admin/console/config/login"; + public static String wizard_uri = "/ca/admin/console/config/wizard"; + public static String admin_uri = "/ca/admin/ca/getBySerial"; + + public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; + public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; + public static String pkcs12_uri = "/ca/admin/console/config/savepkcs12"; + + public static String cs_hostname = null; + public static String cs_port = null; + + public static String sd_hostname = null; + public static String sd_ssl_port = null; + public static String sd_agent_port = null; + public static String sd_admin_port = null; + public static String sd_admin_name = null; + public static String sd_admin_password = null; + + public static String ca_hostname = null; + public static String ca_port = null; + public static String ca_ssl_port = null; + + public static String client_certdb_dir = null; + public static String client_certdb_pwd = null; + + // Login Panel + public static String pin = null; + + public static String domain_name = null; + + public static String admin_user = null; + public static String admin_email = null; + public static String admin_password = null; + public static String admin_serial_number = null; + public static String agent_name = null; + + public static String ldap_host = null; + public static String ldap_port = null; + public static String bind_dn = null; + public static String bind_password = null; + public static String base_dn = null; + public static String db_name = null; + + public static String key_type = null; + public static String key_size = null; + public static String key_curvename = null; + public static String key_algorithm = null; + public static String signing_algorithm = null; + + public static String signing_key_type = null; + public static String signing_key_size = null; + public static String signing_key_curvename = null; + public static String signing_signingalgorithm = null; + + public static String ocsp_signing_key_type = null; + public static String ocsp_signing_key_size = null; + public static String ocsp_signing_key_curvename = null; + public static String ocsp_signing_signingalgorithm = null; + + public static String subsystem_key_type = null; + public static String subsystem_key_size = null; + public static String subsystem_key_curvename = null; + + public static String audit_signing_key_type = null; + public static String audit_signing_key_size = null; + public static String audit_signing_key_curvename = null; + + public static String sslserver_key_type = null; + public static String sslserver_key_size = null; + public static String sslserver_key_curvename = null; + + public static String token_name = null; + public static String token_pwd = null; + + public static String agent_key_size = null; + public static String agent_key_type = null; + public static String agent_cert_subject = null; + + public static String ca_cert_name = null; + public static String ca_cert_req = null; + public static String ca_cert_pp = null; + public static String ca_cert_cert = null; + + public static String ocsp_cert_name = null; + public static String ocsp_cert_req = null; + public static String ocsp_cert_pp = null; + public static String ocsp_cert_cert = null; + + public static String server_cert_name = null; + public static String server_cert_req = null; + public static String server_cert_pp = null; + public static String server_cert_cert = null; + + public static String ca_subsystem_cert_name = null; + public static String ca_subsystem_cert_req = null; + public static String ca_subsystem_cert_pp = null; + public static String ca_subsystem_cert_cert = null; + + public static String ca_audit_signing_cert_name = null; + public static String ca_audit_signing_cert_req = null; + public static String ca_audit_signing_cert_pp = null; + public static String ca_audit_signing_cert_cert = null; + + public static String backup_pwd = null; + + public static String subsystem_name = null; + + // names + public static String subca_sign_cert_subject_name = null; + public static String subca_subsystem_cert_subject_name = null; + public static String subca_ocsp_cert_subject_name = null; + public static String subca_server_cert_subject_name = null; + public static String subca_audit_signing_cert_subject_name = null; + + public ConfigureSubCA () + { + // do nothing :) + } + + public void sleep_time() + { + try + { + System.out.println("Sleeping for 5 secs.."); + Thread.sleep(5000); + } + catch(Exception e) + { + System.out.println("ERROR: sleep problem"); + } + + } + + public boolean LoginPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "pin=" + pin + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); + System.out.println("xml returned: " + hr.getHTML()); + + // parse xml here - nothing to parse + + // get cookie + String temp = hr.getCookieValue("JSESSIONID"); + + if (temp!=null) + { + int index = temp.indexOf(";"); + hc.j_session_id = temp.substring(0,index); + st = true; + } + + hr = null; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, + "p=0&op=next&xml=true"); + + // parse xml here + + bais = new ByteArrayInputStream( + hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return st; + } + + public boolean TokenChoicePanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + /////////////////////////////////////////////////////// + String query_string = null; + + // Software Token + if (token_name.equalsIgnoreCase("internal")) + { + query_string = "p=1" + "&op=next" + "&xml=true" + + "&choice=" + + URLEncoder.encode("Internal Key Storage Token") + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + } + // HSM + else + { + // login to hsm first + query_string = "p=2" + "&op=next" + "&xml=true" + + "&uTokName=" + + URLEncoder.encode(token_name) + + "&__uPasswd=" + + URLEncoder.encode(token_pwd) + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + // choice with token name now + query_string = "p=1" + "&op=next" + "&xml=true" + + "&choice=" + + URLEncoder.encode(token_name) + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + } + + return true; + } + + public boolean DomainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; + + String query_string = "sdomainURL=" + + URLEncoder.encode(domain_url) + + "&sdomainName="+ + URLEncoder.encode(domain_name) + + "&choice=existingdomain"+ + "&p=3" + + "&op=next" + + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + String query_string_1 = "p=4" + + "&op=next" + + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string_1); + + return true; + + } + + public boolean SecurityDomainLoginPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String subca_url = "https://" + cs_hostname + ":" + cs_port + + "/ca/admin/console/config/wizard" + + "?p=5&subsystem=CA" ; + + String query_string = "url=" + URLEncoder.encode(subca_url); + + hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); + + String query_string_1 = "uid=" + sd_admin_name + + "&pwd=" + URLEncoder.encode(sd_admin_password) + + "&url=" + URLEncoder.encode(subca_url) ; + + hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, + query_string_1); + + // get session id from security domain + + String subca_session_id = hr.getContentValue("header.session_id"); + String subca_url_1 = hr.getContentValue("header.url"); + + System.out.println("SUBCA_SESSION_ID=" + subca_session_id ); + System.out.println("SUBCA_URL=" + subca_url_1 ); + + // use session id to connect back to subCA + + String query_string_2 = "p=5" + + "&subsystem=CA" + + "&session_id=" + subca_session_id + + "&xml=true" ; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, + query_string_2); + + return true; + + } + + public boolean DisplayChainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + String query_string = null; + + query_string = "p=5" + "&op=next" + "&xml=true" + + "&choice=newsubsystem" + + "&subsystemName=" + + URLEncoder.encode(subsystem_name) + + "&subsystemName=" + + URLEncoder.encode(subsystem_name) + + "&urls=0" ; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + // px.parse(bais); + // px.prettyprintxml(); + + return true; + } + + public boolean HierarchyPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=8" + "&op=next" + "&xml=true" + + "&choice=join" ; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + + return true; + + } + + public boolean LdapConnectionPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=9" + "&op=next" + "&xml=true" + + "&host=" + URLEncoder.encode(ldap_host) + + "&port=" + URLEncoder.encode(ldap_port) + + "&basedn=" + URLEncoder.encode(base_dn) + + "&database=" + URLEncoder.encode(db_name) + + "&binddn=" + URLEncoder.encode(bind_dn) + + "&__bindpwd=" + URLEncoder.encode(bind_password) + + "&display=" + URLEncoder.encode("$displayStr") + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean KeyPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList al = null; + + String query_string = "p=10" + "&op=next" + "&xml=true" + + "&subsystem_custom_size=" + subsystem_key_size + + "&subsystem_custom_curvename=" + subsystem_key_curvename + + "&subsystem_keytype=" + subsystem_key_type + + "&subsystem_choice=custom" + + "&sslserver_custom_size=" + sslserver_key_size + + "&sslserver_custom_curvename=" + sslserver_key_curvename + + "&sslserver_keytype=" + sslserver_key_type + + "&sslserver_choice=custom" + + "&signing_custom_size=" + signing_key_size + + "&signing_custom_curvename=" + signing_key_curvename + + "&signing_keytype=" + signing_key_type + + "&signing_choice=custom" + + "&signing_keyalgorithm=" + key_algorithm + + "&signing_signingalgorithm=" + signing_signingalgorithm + + "&ocsp_signing_custom_size=" + ocsp_signing_key_size + + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename + + "&ocsp_signing_keytype=" + ocsp_signing_key_type + + "&ocsp_signing_choice=custom" + + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm + + "&audit_signing_custom_size=" + audit_signing_key_size + + "&audit_signing_custom_curvename=" + audit_signing_key_curvename + + "&audit_signing_keytype=" + audit_signing_key_type + + "&audit_signing_choice=custom" + + "&custom_size=" + key_size + + "&custom_curvename=" + key_curvename + + "&keytype=" + key_type + + "&choice=custom" + + "&signingalgorithm=" + signing_algorithm + + "&keyalgorithm=" + key_algorithm; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + al = px.constructvaluelist("CertReqPair","DN"); + // get ca cert subject name + if (al != null) { + for (int i=0; i < al.size(); i++) { + String temp = (String) al.get(i); + if (temp.indexOf("Certificate Authority") > 0 ) { + ca_cert_name = temp; + } else if (temp.indexOf("OCSP Signing Certificate") > 0 ) { + ocsp_cert_name = temp; + } else if (temp.indexOf("Subsystem Certificate") > 0 ) { + ca_subsystem_cert_name = temp; + } else if (temp.indexOf("Audit Signing Certificate") > 0) { + ca_audit_signing_cert_name = temp; + } else { + server_cert_name = temp; + } + } + } + + System.out.println("default: ca_cert_name=" + ca_cert_name); + System.out.println("default: ocsp_cert_name=" + ocsp_cert_name); + System.out.println("default: ca_subsystem_cert_name=" + + ca_subsystem_cert_name); + System.out.println("default: server_cert_name=" + server_cert_name); + System.out.println("default: ca_audit_signing_cert_name=" + + ca_audit_signing_cert_name); + return true; + } + + public boolean CertSubjectPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList req_list = null; + ArrayList cert_list = null; + ArrayList dn_list = null; + + String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; + + + String query_string = "p=11" + "&op=next" + "&xml=true" + + "&signing=" + + URLEncoder.encode(subca_sign_cert_subject_name) + + "&ocsp_signing=" + + URLEncoder.encode(subca_ocsp_cert_subject_name) + + "&sslserver=" + + URLEncoder.encode(subca_server_cert_subject_name) + + "&subsystem=" + + URLEncoder.encode(subca_subsystem_cert_subject_name) + + "&audit_signing=" + + URLEncoder.encode(subca_audit_signing_cert_subject_name) + + "&urls=0" + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + req_list = px.constructvaluelist("CertReqPair","Request"); + cert_list = px.constructvaluelist("CertReqPair","Certificate"); + dn_list = px.constructvaluelist("CertReqPair","Nickname"); + + System.out.println("req_list_size=" + req_list.size()); + System.out.println("cert_list_size=" + cert_list.size()); + System.out.println("dn_list_size=" + dn_list.size()); + + if (req_list != null && cert_list != null && dn_list != null) { + for (int i=0; i < dn_list.size(); i++) { + String temp = (String) dn_list.get(i); + + if (temp.indexOf("caSigningCert") >= 0 ) { + ca_cert_req = (String) req_list.get(i); + ca_cert_cert = (String) cert_list.get(i); + } else if (temp.indexOf("ocspSigningCert") >= 0 ) { + ocsp_cert_req = (String) req_list.get(i); + ocsp_cert_cert = (String) cert_list.get(i); + } else if (temp.indexOf("subsystemCert") >= 0 ) { + ca_subsystem_cert_req = (String) req_list.get(i); + ca_subsystem_cert_cert = (String) cert_list.get(i); + } else if (temp.indexOf("auditSigningCert") >=0) { + ca_audit_signing_cert_req = (String) req_list.get(i); + ca_audit_signing_cert_cert = (String) cert_list.get(i); + } else { + server_cert_req = (String) req_list.get(i); + server_cert_cert = (String) cert_list.get(i); + } + } + } + + System.out.println("ca_cert_name=" + subca_sign_cert_subject_name); + System.out.println("ocsp_cert_name=" + subca_ocsp_cert_subject_name); + System.out.println("ca_subsystem_cert_name=" + + subca_subsystem_cert_subject_name); + System.out.println("server_cert_name=" + + subca_server_cert_subject_name); + System.out.println("audit_signing_cert_name=" + + subca_audit_signing_cert_subject_name); + + System.out.println("ca_cert_req=" + ca_cert_req); + System.out.println("ocsp_cert_req=" + ocsp_cert_req); + System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req); + System.out.println("server_cert_req=" + server_cert_req); + System.out.println("ca_audit_siging_cert_req=" + + ca_audit_signing_cert_req); + + System.out.println("ca_cert_cert=" + ca_cert_cert); + System.out.println("ocsp_cert_cert=" + ocsp_cert_cert); + System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert); + System.out.println("server_cert_cert=" + server_cert_cert); + System.out.println("ca_audit_signing_cert_cert=" + + ca_audit_signing_cert_cert); + + return true; + } + + public boolean CertificatePanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList req_list = null; + ArrayList cert_list = null; + ArrayList dn_list = null; + ArrayList pp_list = null; + + + String query_string = "p=12" + "&op=next" + "&xml=true" + + "&signing=" + + URLEncoder.encode(ca_cert_cert) + + "&signing_cc=" + + "&ocsp_signing=" + + URLEncoder.encode(ocsp_cert_cert) + + "&ocsp_signing_cc=" + + "&sslserver=" + + URLEncoder.encode(server_cert_cert) + + "&sslserver_cc=" + + "&subsystem=" + + URLEncoder.encode(ca_subsystem_cert_cert) + + "&subsystem_cc=" + + "&audit_signing=" + + URLEncoder.encode(ca_audit_signing_cert_cert) + + "&audit_signing_cc=" + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean BackupPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=13" + "&op=next" + "&xml=true" + + "&choice=backupkey" + + "&__pwd=" + URLEncoder.encode(backup_pwd) + + "&__pwdagain=" + URLEncoder.encode(backup_pwd); + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } public boolean ImportCACertPanel() { try { @@ -650,7 +684,7 @@ public class ConfigureSubCA px.parse(bais); px.prettyprintxml(); - return true; + return true; } catch (Exception e) { System.out.println("Exception in ImportCACertPanel(): " + e.toString()); e.printStackTrace(); @@ -658,551 +692,607 @@ public class ConfigureSubCA } } - public boolean AdminCertReqPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - - String cert_subject = "CN=" + "subca-" + admin_user; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if(crmf_request == null) - { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=16" + "&op=next" + "&xml=true" + - "&uid=" + admin_user + - "&name=" + URLEncoder.encode( agent_name ) + - "&email=" + - URLEncoder.encode(admin_email) + - "&__pwd=" + admin_password + - "&__admin_password_again=" + admin_password + - "&cert_request=" + - URLEncoder.encode(admin_cert_request) + - "&display=" + URLEncoder.encode("$displayStr") + - "&profileId=" + "caAdminCert" + - "&cert_request_type=" + "crmf" + - "&import=true" + - "&uid=" + admin_user + - "&securitydomain=" + - URLEncoder.encode( domain_name ) + - "&subject=" + - URLEncoder.encode(agent_cert_subject) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,admin_uri,query_string); - - // get response data - String cert_to_import = - new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n" ; - String end = "\r\n-----END CERTIFICATE-----" ; - - st = cCrypt.importCert(start+cert_to_import+end,agent_name); - if(!st) - { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert: " + agent_name); - - return true; - } - - public boolean UpdateDomainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=17" + - "&serialNumber=" + admin_serial_number + - "&caHost=" + URLEncoder.encode(sd_hostname) + - "&caPort=" + URLEncoder.encode(sd_admin_port) + - "&importCert=" + "true" + - "&op=next" + "&xml=true" + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - String caHost = px.getvalue("host"); - String caPort = px.getvalue("port"); - String systemType = px.getvalue("systemType"); - - System.out.println("caHost=" + caHost); - System.out.println("caPort=" + caPort); - System.out.println("systemType=" + systemType); - - return true; - } - - public boolean ConfigureSubCAInstance() - { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - sleep_time(); - // 0. Login panel - boolean log_st = LoginPanel(); - if(!log_st) - { - System.out.println("ERROR: ConfigureSubCA: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 1. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if(!disp_token) - { - System.out.println("ERROR: ConfigureSubCA: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 2. domain panel - boolean dom_st = DomainPanel(); - if(!dom_st) - { - System.out.println("ERROR: ConfigureSubCA: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean sd_st = SecurityDomainLoginPanel(); - if(!sd_st) - { - System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if(!disp_st) - { - System.out.println("ERROR: ConfigureSubCA: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // 6. hierarchy panel - boolean disp_h = HierarchyPanel(); - if(!disp_h) - { - System.out.println("ERROR: ConfigureSubCA: HierarchyPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if(!disp_ldap) - { - System.out.println("ERROR: ConfigureSubCA: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 10. Key Panel - boolean disp_key = KeyPanel(); - if(!disp_key) - { - System.out.println("ERROR: ConfigureSubCA: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 11. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if(!disp_csubj) - { - System.out.println("ERROR: ConfigureSubCA: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 12. Certificate Panel - boolean disp_cp = CertificatePanel(); - if(!disp_cp) - { - System.out.println("ERROR: ConfigureSubCA: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // 13. Backup Panel - boolean disp_back = BackupPanel(); - if(!disp_back) - { - System.out.println("ERROR: ConfigureSubCA: BackupPanel() failure"); - return false; - } - - sleep_time(); - // 15. Import CA Certificate Panel - boolean disp_cert = ImportCACertPanel(); - if(!disp_cert) - { - System.out.println("ERROR: ConfigureSubCA: ImportCACertPanel() failure"); - return false; - } - - sleep_time(); - // 16. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if(!disp_adm) - { - System.out.println("ERROR: ConfigureSubCA: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - boolean disp_im = AdminCertImportPanel(); - if(!disp_im) - { - System.out.println("ERROR: ConfigureSubCA: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 17. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if(!disp_ud) - { - System.out.println("ERROR: ConfigureSubCA: UpdateDomainPanel() failure"); - return false; - } - - return true; - } - - public static void main(String args[]) - { - ConfigureSubCA ca = new ConfigureSubCA(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - - // key size - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_signing_algorithm = new StringHolder(); - StringHolder x_signing_signingalgorithm = new StringHolder(); - StringHolder x_ocsp_signing_signingalgorithm = new StringHolder(); - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - - // subsystem name - StringHolder x_subsystem_name = new StringHolder(); - - // subject names - StringHolder x_subca_sign_cert_subject_name = new StringHolder(); - StringHolder x_subca_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_subca_ocsp_cert_subject_name = new StringHolder(); - StringHolder x_subca_server_cert_subject_name = new StringHolder(); + public boolean AdminCertReqPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + String admin_cert_request = null; + + + String cert_subject = "CN=" + "subca-" + admin_user; + + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + agent_cert_subject, + agent_key_size, + agent_key_type); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.setTransportCert(null); + cCrypt.setDualKey(false); + cCrypt.loginDB(); + + String crmf_request = cCrypt.generateCRMFrequest(); + + if (crmf_request == null) { + System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); + return false; + } + + admin_cert_request = crmf_request; + + String query_string = "p=16" + "&op=next" + "&xml=true" + + "&uid=" + admin_user + + "&name=" + URLEncoder.encode( agent_name ) + + "&email=" + + URLEncoder.encode(admin_email) + + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + + "&cert_request=" + + URLEncoder.encode(admin_cert_request) + + "&display=" + URLEncoder.encode("$displayStr") + + "&profileId=" + "caAdminCert" + + "&cert_request_type=" + "crmf" + + "&import=true" + + "&uid=" + admin_user + + "&securitydomain=" + + URLEncoder.encode( domain_name ) + + "&subject=" + + URLEncoder.encode(agent_cert_subject) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + admin_serial_number = px.getvalue("serialNumber"); + + return true; + } + + public boolean AdminCertImportPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "serialNumber=" + admin_serial_number + + "&importCert=" + "true" + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,admin_uri,query_string); + + // get response data + String cert_to_import = + new sun.misc.BASE64Encoder().encode(hr.getResponseData()); + System.out.println("Imported Cert=" + cert_to_import); + + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + null, + null, + null); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.loginDB(); + + String start = "-----BEGIN CERTIFICATE-----\r\n" ; + String end = "\r\n-----END CERTIFICATE-----" ; + + st = cCrypt.importCert(start+cert_to_import+end,agent_name); + if (!st) + { + System.out.println("ERROR: AdminCertImportPanel() during cert import"); + return false; + } + + System.out.println("SUCCESS: imported admin user cert: " + agent_name); + + return true; + } + + public boolean UpdateDomainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "p=17" + + "&serialNumber=" + admin_serial_number + + "&caHost=" + URLEncoder.encode(sd_hostname) + + "&caPort=" + URLEncoder.encode(sd_admin_port) + + "&importCert=" + "true" + + "&op=next" + "&xml=true" + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + String caHost = px.getvalue("host"); + String caPort = px.getvalue("port"); + String systemType = px.getvalue("systemType"); + + System.out.println("caHost=" + caHost); + System.out.println("caPort=" + caPort); + System.out.println("systemType=" + systemType); + + return true; + } + + public boolean ConfigureSubCAInstance() + { + // 0. login to cert db + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + null, + null, + null); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.loginDB(); + + // instantiate http client + hc = new HTTPClient(); + + sleep_time(); + // 0. Login panel + boolean log_st = LoginPanel(); + if (!log_st) { + System.out.println("ERROR: ConfigureSubCA: LoginPanel() failure"); + return false; + } + + sleep_time(); + // 1. Token Choice Panel + boolean disp_token = TokenChoicePanel(); + if (!disp_token) { + System.out.println("ERROR: ConfigureSubCA: TokenChoicePanel() failure"); + return false; + } + + sleep_time(); + // 2. domain panel + boolean dom_st = DomainPanel(); + if (!dom_st) { + System.out.println("ERROR: ConfigureSubCA: DomainPanel() failure"); + return false; + } + + sleep_time(); + // 3. domain panel + boolean sd_st = SecurityDomainLoginPanel(); + if (!sd_st) { + System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure"); + return false; + } + + sleep_time(); + // 4. display cert chain panel + boolean disp_st = DisplayChainPanel(); + if (!disp_st) { + System.out.println("ERROR: ConfigureSubCA: DisplayChainPanel() failure"); + return false; + } + + sleep_time(); + // 6. hierarchy panel + boolean disp_h = HierarchyPanel(); + if (!disp_h) { + System.out.println("ERROR: ConfigureSubCA: HierarchyPanel() failure"); + return false; + } + + sleep_time(); + // 7. ldap connection panel + boolean disp_ldap = LdapConnectionPanel(); + if (!disp_ldap) { + System.out.println("ERROR: ConfigureSubCA: LdapConnectionPanel() failure"); + return false; + } + + sleep_time(); + sleep_time(); + // 10. Key Panel + boolean disp_key = KeyPanel(); + if (!disp_key) { + System.out.println("ERROR: ConfigureSubCA: KeyPanel() failure"); + return false; + } + + sleep_time(); + // 11. Cert Subject Panel + boolean disp_csubj = CertSubjectPanel(); + if (!disp_csubj) { + System.out.println("ERROR: ConfigureSubCA: CertSubjectPanel() failure"); + return false; + } + + sleep_time(); + // 12. Certificate Panel + boolean disp_cp = CertificatePanel(); + if (!disp_cp) { + System.out.println("ERROR: ConfigureSubCA: CertificatePanel() failure"); + return false; + } + + sleep_time(); + // 13. Backup Panel + boolean disp_back = BackupPanel(); + if (!disp_back) { + System.out.println("ERROR: ConfigureSubCA: BackupPanel() failure"); + return false; + } + + sleep_time(); + // 15. Import CA Certificate Panel + boolean disp_cert = ImportCACertPanel(); + if (!disp_cert) { + System.out.println("ERROR: ConfigureSubCA: ImportCACertPanel() failure"); + return false; + } + + sleep_time(); + // 16. Admin Cert Req Panel + boolean disp_adm = AdminCertReqPanel(); + if (!disp_adm) { + System.out.println("ERROR: ConfigureSubCA: AdminCertReqPanel() failure"); + return false; + } + + sleep_time(); + boolean disp_im = AdminCertImportPanel(); + if (!disp_im) { + System.out.println("ERROR: ConfigureSubCA: AdminCertImportPanel() failure"); + return false; + } + + sleep_time(); + // 17. Update Domain Panel + boolean disp_ud = UpdateDomainPanel(); + if (!disp_ud) { + System.out.println("ERROR: ConfigureSubCA: UpdateDomainPanel() failure"); + return false; + } + + return true; + } + + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + + public static void main(String args[]) + { + ConfigureSubCA ca = new ConfigureSubCA(); + + // set variables + StringHolder x_cs_hostname = new StringHolder(); + StringHolder x_cs_port = new StringHolder(); + + StringHolder x_sd_hostname = new StringHolder(); + StringHolder x_sd_ssl_port = new StringHolder(); + StringHolder x_sd_agent_port = new StringHolder(); + StringHolder x_sd_admin_port = new StringHolder(); + StringHolder x_sd_admin_name = new StringHolder(); + StringHolder x_sd_admin_password = new StringHolder(); + + StringHolder x_ca_hostname = new StringHolder(); + StringHolder x_ca_port = new StringHolder(); + StringHolder x_ca_ssl_port = new StringHolder(); + + StringHolder x_client_certdb_dir = new StringHolder(); + StringHolder x_client_certdb_pwd = new StringHolder(); + StringHolder x_preop_pin = new StringHolder(); + + StringHolder x_domain_name = new StringHolder(); + + StringHolder x_admin_user = new StringHolder(); + StringHolder x_admin_email = new StringHolder(); + StringHolder x_admin_password = new StringHolder(); + + // ldap + StringHolder x_ldap_host = new StringHolder(); + StringHolder x_ldap_port = new StringHolder(); + StringHolder x_bind_dn = new StringHolder(); + StringHolder x_bind_password = new StringHolder(); + StringHolder x_base_dn = new StringHolder(); + StringHolder x_db_name = new StringHolder(); + + // key properties (defaults) + StringHolder x_key_size = new StringHolder(); + StringHolder x_key_type = new StringHolder(); + StringHolder x_key_curvename = new StringHolder(); + StringHolder x_key_algorithm = new StringHolder(); + StringHolder x_signing_algorithm = new StringHolder(); + + // key properties (custom - signing) + StringHolder x_signing_key_size = new StringHolder(); + StringHolder x_signing_key_type = new StringHolder(); + StringHolder x_signing_key_curvename = new StringHolder(); + StringHolder x_signing_signingalgorithm = new StringHolder(); + + // key properties (custom - ocsp_signing) + StringHolder x_ocsp_signing_key_size = new StringHolder(); + StringHolder x_ocsp_signing_key_type = new StringHolder(); + StringHolder x_ocsp_signing_key_curvename = new StringHolder(); + StringHolder x_ocsp_signing_signingalgorithm = new StringHolder(); + + // key properties (custom - audit_signing) + StringHolder x_audit_signing_key_size = new StringHolder(); + StringHolder x_audit_signing_key_type = new StringHolder(); + StringHolder x_audit_signing_key_curvename = new StringHolder(); + + // key properties (custom - subsystem) + StringHolder x_subsystem_key_size = new StringHolder(); + StringHolder x_subsystem_key_type = new StringHolder(); + StringHolder x_subsystem_key_curvename = new StringHolder(); + + // key properties (custom - sslserver) + StringHolder x_sslserver_key_size = new StringHolder(); + StringHolder x_sslserver_key_type = new StringHolder(); + StringHolder x_sslserver_key_curvename = new StringHolder(); + + StringHolder x_token_name = new StringHolder(); + StringHolder x_token_pwd = new StringHolder(); + + StringHolder x_agent_key_size = new StringHolder(); + StringHolder x_agent_key_type = new StringHolder(); + StringHolder x_agent_cert_subject = new StringHolder(); + + StringHolder x_agent_name = new StringHolder(); + StringHolder x_backup_pwd = new StringHolder(); + + // subsystem name + StringHolder x_subsystem_name = new StringHolder(); + + // subject names + StringHolder x_subca_sign_cert_subject_name = new StringHolder(); + StringHolder x_subca_subsystem_cert_subject_name = new StringHolder(); + StringHolder x_subca_ocsp_cert_subject_name = new StringHolder(); + StringHolder x_subca_server_cert_subject_name = new StringHolder(); StringHolder x_subca_audit_signing_cert_subject_name = new StringHolder(); - // parse the args - ArgParser parser = new ArgParser("ConfigureSubCA"); - - parser.addOption ("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption ("-cs_port %s #CS SSL port", - x_cs_port); - - parser.addOption ("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption ("-sd_admin_name %s #Security Domain admin name", - x_sd_admin_name); - parser.addOption ("-sd_admin_password %s #Security Domain admin password", - x_sd_admin_password); - - parser.addOption ("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption ("-ca_port %s #CA non-SSL port", - x_ca_port); - parser.addOption ("-ca_ssl_port %s #CA SSL port", - x_ca_ssl_port); - - parser.addOption ("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption ("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption ("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption ("-domain_name %s #domain name", - x_domain_name); - parser.addOption ("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption ("-admin_email %s #Admin email", - x_admin_email); - parser.addOption ("-admin_password %s #Admin password", - x_admin_password); - parser.addOption ("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption ("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption ("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption ("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption ("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption ("-base_dn %s #base dn", - x_base_dn); - parser.addOption ("-db_name %s #db name", - x_db_name); - - parser.addOption ("-key_size %s #Key Size", - x_key_size); - parser.addOption ("-key_type %s #Key type [RSA,ECC]", - x_key_type); - parser.addOption("-signing_algorithm %s #Signing algorithm", x_signing_algorithm); - parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional)", x_signing_signingalgorithm); - parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional)", x_ocsp_signing_signingalgorithm); - - parser.addOption ("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption ("-token_pwd %s #HSM/Software Token password (optional - required for HSM)", - x_token_pwd); - - parser.addOption ("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption ("-agent_cert_subject %s #Agent Cert Subject", - x_agent_cert_subject); - - parser.addOption ("-backup_pwd %s #PKCS12 backup password", - x_backup_pwd); - - parser.addOption ("-subsystem_name %s #Subsystem name", - x_subsystem_name); - - parser.addOption ( - "-subca_sign_cert_subject_name %s #subCA cert subject name", - x_subca_sign_cert_subject_name); - parser.addOption ( - "-subca_subsystem_cert_subject_name %s #subCA subsystem cert subject name", - x_subca_subsystem_cert_subject_name); - parser.addOption ( - "-subca_ocsp_cert_subject_name %s #subCA ocsp cert subject name", - x_subca_ocsp_cert_subject_name); - parser.addOption ( - "-subca_server_cert_subject_name %s #subCA server cert subject name", - x_subca_server_cert_subject_name); + // parse the args + ArgParser parser = new ArgParser("ConfigureSubCA"); + + parser.addOption ("-cs_hostname %s #CS Hostname", + x_cs_hostname); + parser.addOption ("-cs_port %s #CS SSL port", + x_cs_port); + + parser.addOption ("-sd_hostname %s #Security Domain Hostname", + x_sd_hostname); + parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", + x_sd_ssl_port); + parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", + x_sd_agent_port); + parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", + x_sd_admin_port); + parser.addOption ("-sd_admin_name %s #Security Domain admin name", + x_sd_admin_name); + parser.addOption ("-sd_admin_password %s #Security Domain admin password", + x_sd_admin_password); + + parser.addOption ("-ca_hostname %s #CA Hostname", + x_ca_hostname); + parser.addOption ("-ca_port %s #CA non-SSL port", + x_ca_port); + parser.addOption ("-ca_ssl_port %s #CA SSL port", + x_ca_ssl_port); + + parser.addOption ("-client_certdb_dir %s #Client CertDB dir", + x_client_certdb_dir); + parser.addOption ("-client_certdb_pwd %s #client certdb password", + x_client_certdb_pwd); + parser.addOption ("-preop_pin %s #pre op pin", + x_preop_pin); + parser.addOption ("-domain_name %s #domain name", + x_domain_name); + parser.addOption ("-admin_user %s #Admin User Name", + x_admin_user); + parser.addOption ("-admin_email %s #Admin email", + x_admin_email); + parser.addOption ("-admin_password %s #Admin password", + x_admin_password); + parser.addOption ("-agent_name %s #Agent Cert Nickname", + x_agent_name); + + parser.addOption ("-ldap_host %s #ldap host", + x_ldap_host); + parser.addOption ("-ldap_port %s #ldap port", + x_ldap_port); + parser.addOption ("-bind_dn %s #ldap bind dn", + x_bind_dn); + parser.addOption ("-bind_password %s #ldap bind password", + x_bind_password); + parser.addOption ("-base_dn %s #base dn", + x_base_dn); + parser.addOption ("-db_name %s #db name", + x_db_name); + + // key and algorithm options (default) + parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); + parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); + parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); + parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm); + parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm); + + // key and algorithm options for signing certificate (overrides default) + parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type); + parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size); + parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename); + parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm); + + // key and algorithm options for ocsp_signing certificate (overrides default) + parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type); + parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size); + parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename); + parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm); + + // key and algorithm options for audit_signing certificate (overrides default) + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); + parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + + // key and algorithm options for subsystem certificate (overrides default) + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + + // key and algorithm options for sslserver certificate (overrides default) + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + + parser.addOption ("-token_name %s #HSM/Software Token name", + x_token_name); + parser.addOption ("-token_pwd %s #HSM/Software Token password (optional - required for HSM)", + x_token_pwd); + + parser.addOption ("-agent_key_size %s #Agent Cert Key Size", + x_agent_key_size); + parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", + x_agent_key_type); + parser.addOption ("-agent_cert_subject %s #Agent Cert Subject", + x_agent_cert_subject); + + parser.addOption ("-backup_pwd %s #PKCS12 backup password", + x_backup_pwd); + + parser.addOption ("-subsystem_name %s #Subsystem name", + x_subsystem_name); + + parser.addOption ( + "-subca_sign_cert_subject_name %s #subCA cert subject name", + x_subca_sign_cert_subject_name); + parser.addOption ( + "-subca_subsystem_cert_subject_name %s #subCA subsystem cert subject name", + x_subca_subsystem_cert_subject_name); + parser.addOption ( + "-subca_ocsp_cert_subject_name %s #subCA ocsp cert subject name", + x_subca_ocsp_cert_subject_name); + parser.addOption ( + "-subca_server_cert_subject_name %s #subCA server cert subject name", + x_subca_server_cert_subject_name); parser.addOption( "-subca_audit_signing_cert_subject_name %s #CA audit signing cert subject name", x_subca_audit_signing_cert_subject_name); - // and then match the arguments - String [] unmatched = null; - unmatched = parser.matchAllArgs (args,0,parser.EXIT_ON_UNMATCHED); - - if(unmatched!=null) - { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - - key_size = x_key_size.value; - key_type = x_key_type.value; - if ((x_signing_algorithm.value == null) || (x_signing_algorithm.equals(""))) { - signing_algorithm = "SHA256withRSA"; - } else { - signing_algorithm = x_signing_algorithm.value; - } - if ((x_ocsp_signing_signingalgorithm.value == null) || (x_ocsp_signing_signingalgorithm.equals(""))) { - ocsp_signing_signingalgorithm = signing_algorithm; - } else { - ocsp_signing_signingalgorithm = x_ocsp_signing_signingalgorithm.value; - } + // and then match the arguments + String [] unmatched = null; + unmatched = parser.matchAllArgs (args,0,parser.EXIT_ON_UNMATCHED); - if ((x_signing_signingalgorithm.value == null) || (x_signing_signingalgorithm.equals(""))) { - signing_signingalgorithm = signing_algorithm; - } else { - signing_signingalgorithm = x_signing_signingalgorithm.value; - } + if (unmatched!=null) { + System.out.println("ERROR: Argument Mismatch"); + System.exit(-1); + } + + parser.checkRequiredArgs(); + + // set variables + cs_hostname = x_cs_hostname.value; + cs_port = x_cs_port.value; + + sd_hostname = x_sd_hostname.value; + sd_ssl_port = x_sd_ssl_port.value; + sd_agent_port = x_sd_agent_port.value; + sd_admin_port = x_sd_admin_port.value; + sd_admin_name = x_sd_admin_name.value; + sd_admin_password = x_sd_admin_password.value; + + ca_hostname = x_ca_hostname.value; + ca_port = x_ca_port.value; + ca_ssl_port = x_ca_ssl_port.value; + + client_certdb_dir = x_client_certdb_dir.value; + client_certdb_pwd = x_client_certdb_pwd.value; + pin = x_preop_pin.value; + domain_name = x_domain_name.value; + admin_user = x_admin_user.value; + admin_email = x_admin_email.value; + admin_password = x_admin_password.value; + agent_name = x_agent_name.value; + + ldap_host = x_ldap_host.value; + ldap_port = x_ldap_port.value; + bind_dn = x_bind_dn.value; + bind_password = x_bind_password.value; + base_dn = x_base_dn.value; + db_name = x_db_name.value; + + key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); + signing_key_type = set_default(x_signing_key_type.value, key_type); + ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type); + audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); + subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); + sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); + + key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); + signing_key_size = set_default(x_signing_key_size.value, key_size); + ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size); + audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); + subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); + sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); + + key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); + signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename); + ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename); + audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); + subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); + sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); + + if (signing_key_type.equalsIgnoreCase("RSA")) { + key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA); + } else { + key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC); + } - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - subsystem_name = x_subsystem_name.value; - - subca_sign_cert_subject_name = x_subca_sign_cert_subject_name.value ; - subca_subsystem_cert_subject_name = - x_subca_subsystem_cert_subject_name.value; - subca_ocsp_cert_subject_name = x_subca_ocsp_cert_subject_name.value ; - subca_server_cert_subject_name = x_subca_server_cert_subject_name.value ; - subca_audit_signing_cert_subject_name = x_subca_audit_signing_cert_subject_name.value; - - boolean st = ca.ConfigureSubCAInstance(); - - if (!st) - { - System.out.println("ERROR: unable to create Subordinate CA"); - System.exit(-1); - } - - System.out.println("Certificate System - Subordinate CA Instance Configured."); - System.exit(0); - - } + signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm); + signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm); + ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm); + + token_name = x_token_name.value; + token_pwd = x_token_pwd.value; + + agent_key_size = x_agent_key_size.value; + agent_key_type = x_agent_key_type.value; + agent_cert_subject = x_agent_cert_subject.value; + + backup_pwd = x_backup_pwd.value; + subsystem_name = x_subsystem_name.value; + + subca_sign_cert_subject_name = x_subca_sign_cert_subject_name.value ; + subca_subsystem_cert_subject_name = + x_subca_subsystem_cert_subject_name.value; + subca_ocsp_cert_subject_name = x_subca_ocsp_cert_subject_name.value ; + subca_server_cert_subject_name = x_subca_server_cert_subject_name.value ; + subca_audit_signing_cert_subject_name = x_subca_audit_signing_cert_subject_name.value; + + boolean st = ca.ConfigureSubCAInstance(); + + if (!st) { + System.out.println("ERROR: unable to create Subordinate CA"); + System.exit(-1); + } + + System.out.println("Certificate System - Subordinate CA Instance Configured."); + System.exit(0); + + } }; diff --git a/pki/base/silent/src/tks/ConfigureTKS.java b/pki/base/silent/src/tks/ConfigureTKS.java index 2bf935fe..c91d55ab 100644 --- a/pki/base/silent/src/tks/ConfigureTKS.java +++ b/pki/base/silent/src/tks/ConfigureTKS.java @@ -47,1100 +47,1125 @@ import com.netscape.osutil.*; public class ConfigureTKS { - public static Hashtable mUsedPort = new Hashtable(); - - // define global variables - - public static HTTPClient hc = null; - - public static String login_uri = "/tks/admin/console/config/login"; - public static String wizard_uri = "/tks/admin/console/config/wizard"; - public static String admin_uri = "/ca/admin/ca/getBySerial"; - - public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; - public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; - public static String pkcs12_uri = "/tks/admin/console/config/savepkcs12"; - - public static String cs_hostname = null; - public static String cs_port = null; - - public static String sd_hostname = null; - public static String sd_ssl_port = null; - public static String sd_agent_port = null; - public static String sd_admin_port = null; - public static String sd_admin_name = null; - public static String sd_admin_password = null; - - public static String ca_hostname = null; - public static String ca_port = null; - public static String ca_ssl_port = null; - - public static String client_certdb_dir = null; - public static String client_certdb_pwd = null; - - // Login Panel - public static String pin = null; - - public static String domain_name = null; - - public static String admin_user = null; - public static String admin_email = null; - public static String admin_password = null; - public static String admin_serial_number = null; - public static String agent_name = null; - - public static String ldap_host = null; - public static String ldap_port = null; - public static String bind_dn = null; - public static String bind_password = null; - public static String base_dn = null; - public static String db_name = null; - - public static String key_size = null; - public static String key_type = null; - public static String token_name = null; - public static String token_pwd = null; - - public static String agent_key_size = null; - public static String agent_key_type = null; - public static String agent_cert_subject = null; - - public static String server_cert_name = null; - public static String server_cert_req = null; - public static String server_cert_pp = null; - public static String server_cert_cert = null; - - public static String tks_subsystem_cert_name = null; - public static String tks_subsystem_cert_req = null; - public static String tks_subsystem_cert_pp = null; - public static String tks_subsystem_cert_cert = null; - - public static String tks_audit_signing_cert_name = null; - public static String tks_audit_signing_cert_req = null; - public static String tks_audit_signing_cert_pp = null; - public static String tks_audit_signing_cert_cert = null; + public static Hashtable mUsedPort = new Hashtable(); + + public static final String DEFAULT_KEY_TYPE = "RSA"; + public static final String DEFAULT_KEY_SIZE = "2048"; + public static final String DEFAULT_KEY_CURVENAME = "nistp256"; + + // define global variables + + public static HTTPClient hc = null; + + public static String login_uri = "/tks/admin/console/config/login"; + public static String wizard_uri = "/tks/admin/console/config/wizard"; + public static String admin_uri = "/ca/admin/ca/getBySerial"; + + public static String sd_login_uri = "/ca/admin/ca/securityDomainLogin"; + public static String sd_get_cookie_uri = "/ca/admin/ca/getCookie"; + public static String pkcs12_uri = "/tks/admin/console/config/savepkcs12"; + + public static String cs_hostname = null; + public static String cs_port = null; + + public static String sd_hostname = null; + public static String sd_ssl_port = null; + public static String sd_agent_port = null; + public static String sd_admin_port = null; + public static String sd_admin_name = null; + public static String sd_admin_password = null; + + public static String ca_hostname = null; + public static String ca_port = null; + public static String ca_ssl_port = null; + + public static String client_certdb_dir = null; + public static String client_certdb_pwd = null; + + // Login Panel + public static String pin = null; + + public static String domain_name = null; + + public static String admin_user = null; + public static String admin_email = null; + public static String admin_password = null; + public static String admin_serial_number = null; + public static String agent_name = null; + + public static String ldap_host = null; + public static String ldap_port = null; + public static String bind_dn = null; + public static String bind_password = null; + public static String base_dn = null; + public static String db_name = null; + + public static String key_type = null; + public static String key_size = null; + public static String key_curvename = null; + + public static String subsystem_key_type = null; + public static String subsystem_key_size = null; + public static String subsystem_key_curvename = null; + + public static String audit_signing_key_type = null; + public static String audit_signing_key_size = null; + public static String audit_signing_key_curvename = null; + + public static String sslserver_key_type = null; + public static String sslserver_key_size = null; + public static String sslserver_key_curvename = null; + + public static String token_name = null; + public static String token_pwd = null; + + public static String agent_key_size = null; + public static String agent_key_type = null; + public static String agent_cert_subject = null; + + public static String server_cert_name = null; + public static String server_cert_req = null; + public static String server_cert_pp = null; + public static String server_cert_cert = null; + + public static String tks_subsystem_cert_name = null; + public static String tks_subsystem_cert_req = null; + public static String tks_subsystem_cert_pp = null; + public static String tks_subsystem_cert_cert = null; + + public static String tks_audit_signing_cert_name = null; + public static String tks_audit_signing_cert_req = null; + public static String tks_audit_signing_cert_pp = null; + public static String tks_audit_signing_cert_cert = null; - public static String backup_pwd = null; - public static String backup_fname = null; - - // names - public static String tks_subsystem_cert_subject_name = null; - public static String tks_server_cert_subject_name = null; - public static String subsystem_name = null; - public static String tks_audit_signing_cert_subject_name = null; - - public ConfigureTKS () - { - // do nothing :) - } - - public void sleep_time() - { - try - { - System.out.println("Sleeping for 5 secs.."); - Thread.sleep(5000); - } - catch(Exception e) - { - System.out.println("ERROR: sleep problem"); - } - - } - - public boolean LoginPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "pin=" + pin + "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); - System.out.println("xml returned: " + hr.getHTML()); - - // parse xml here - nothing to parse - - // get cookie - String temp = hr.getCookieValue("JSESSIONID"); - - if(temp!=null) - { - int index = temp.indexOf(";"); - hc.j_session_id = temp.substring(0,index); - st = true; - } - - hr = null; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - "p=0&op=next&xml=true"); - - // parse xml here - - bais = new ByteArrayInputStream( - hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return st; - } - - public boolean TokenChoicePanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = null; - - // Software Token - if(token_name.equalsIgnoreCase("internal")) - { - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode("Internal Key Storage Token") + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - } - // HSM - else - { - // login to hsm first - query_string = "p=2" + "&op=next" + "&xml=true" + - "&uTokName=" + - URLEncoder.encode(token_name) + - "&__uPasswd=" + - URLEncoder.encode(token_pwd) + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - // choice with token name now - query_string = "p=1" + "&op=next" + "&xml=true" + - "&choice=" + - URLEncoder.encode(token_name) + - ""; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - } - - return true; - } - - public boolean DomainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; - - String query_string = "sdomainURL=" + - URLEncoder.encode(domain_url) + - "&choice=existingdomain"+ - "&p=3" + - "&op=next" + - "&xml=true"; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - - } - - public boolean DisplayChainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String query_string = null; - - query_string = "p=4" + "&op=next" + "&xml=true"; - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SecurityDomainLoginPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String tks_url = "https://" + cs_hostname + ":" + cs_port + - "/tks/admin/console/config/wizard" + - "?p=5&subsystem=TKS" ; - - String query_string = "url=" + URLEncoder.encode(tks_url); - - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); - - String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + sd_admin_password + - "&url=" + URLEncoder.encode(tks_url) ; - - hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, - query_string_1); - - // get session id from security domain - - String tks_session_id = hr.getContentValue("header.session_id"); - String tks_url_1 = hr.getContentValue("header.url"); - - System.out.println("TKS_SESSION_ID=" + tks_session_id ); - System.out.println("TKS_URL=" + tks_url_1 ); - - // use session id to connect back to TKS - - String query_string_2 = "p=5" + - "&subsystem=TKS" + - "&session_id=" + tks_session_id + - "&xml=true" ; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, - query_string_2); - - // parse xml - // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - // px.parse(bais); - // px.prettyprintxml(); - - return true; - - } - - public boolean SubsystemPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=5" + "&op=next" + "&xml=true" + - "&subsystemName=" + - URLEncoder.encode(subsystem_name) + - "&choice=newsubsystem" ; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean LdapConnectionPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=7" + "&op=next" + "&xml=true" + - "&host=" + URLEncoder.encode(ldap_host) + - "&port=" + URLEncoder.encode(ldap_port) + - "&binddn=" + URLEncoder.encode(bind_dn) + - "&__bindpwd=" + URLEncoder.encode(bind_password) + - "&basedn=" + URLEncoder.encode(base_dn) + - "&database=" + URLEncoder.encode(db_name) + - "&display=" + URLEncoder.encode("$displayStr") + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean KeyPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList al = null; - - - String query_string = "p=8" + "&op=next" + "&xml=true" + - "&subsystem_custom_size=" + key_size + - "&sslserver_custom_size=" + key_size + - "&custom_size=" + key_size + - "&audit_signing_custom_size=" + key_size + - "&subsystem_keytype=" + key_type + - "&sslserver_keytype=" + key_type + - "&keytype=" + key_type + - "&audit_signing_keytype=" + key_type + - "&subsystem_choice=default"+ - "&sslserver_choice=default"+ - "&audit_signing_choice=default" + - "&choice=default"+ - ""; - - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - al = px.constructvaluelist("CertReqPair","DN"); - // get ca cert subject name - if(al != null) - { - for (int i=0; i < al.size(); i++) - { - String temp = (String) al.get(i); - if(temp.indexOf("TKS Subsystem") > 0 ) - { - tks_subsystem_cert_name = temp; - } - else if(temp.indexOf("Audit Signing Certificate") > 0) - { - tks_audit_signing_cert_name = temp; - } - else - { - server_cert_name = temp; - } - } - } - - System.out.println("default: tks_subsystem_cert_name=" + - tks_subsystem_cert_name); - System.out.println("default: server_cert_name=" + - server_cert_name); + public static String backup_pwd = null; + public static String backup_fname = null; + + // names + public static String tks_subsystem_cert_subject_name = null; + public static String tks_server_cert_subject_name = null; + public static String subsystem_name = null; + public static String tks_audit_signing_cert_subject_name = null; + + public ConfigureTKS () + { + // do nothing :) + } + + public void sleep_time() + { + try { + System.out.println("Sleeping for 5 secs.."); + Thread.sleep(5000); + } catch(Exception e) { + System.out.println("ERROR: sleep problem"); + } + } + + public boolean LoginPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "pin=" + pin + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string); + System.out.println("xml returned: " + hr.getHTML()); + + // parse xml here - nothing to parse + + // get cookie + String temp = hr.getCookieValue("JSESSIONID"); + + if (temp!=null) { + int index = temp.indexOf(";"); + hc.j_session_id = temp.substring(0,index); + st = true; + } + + hr = null; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, + "p=0&op=next&xml=true"); + + // parse xml here + + bais = new ByteArrayInputStream( + hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return st; + } + + public boolean TokenChoicePanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = null; + + // Software Token + if (token_name.equalsIgnoreCase("internal")) { + query_string = "p=1" + "&op=next" + "&xml=true" + + "&choice=" + + URLEncoder.encode("Internal Key Storage Token") + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + } + // HSM + else { + // login to hsm first + query_string = "p=2" + "&op=next" + "&xml=true" + + "&uTokName=" + + URLEncoder.encode(token_name) + + "&__uPasswd=" + + URLEncoder.encode(token_pwd) + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + // choice with token name now + query_string = "p=1" + "&op=next" + "&xml=true" + + "&choice=" + + URLEncoder.encode(token_name) + + ""; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + } + + return true; + } + + public boolean DomainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ; + + String query_string = "sdomainURL=" + + URLEncoder.encode(domain_url) + + "&choice=existingdomain"+ + "&p=3" + + "&op=next" + + "&xml=true"; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + + } + + public boolean DisplayChainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + String query_string = null; + + query_string = "p=4" + "&op=next" + "&xml=true"; + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + // px.parse(bais); + // px.prettyprintxml(); + + return true; + + } + + public boolean SecurityDomainLoginPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String tks_url = "https://" + cs_hostname + ":" + cs_port + + "/tks/admin/console/config/wizard" + + "?p=5&subsystem=TKS" ; + + String query_string = "url=" + URLEncoder.encode(tks_url); + + hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); + + String query_string_1 = "uid=" + sd_admin_name + + "&pwd=" + URLEncoder.encode(sd_admin_password) + + "&url=" + URLEncoder.encode(tks_url) ; + + hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri, + query_string_1); + + // get session id from security domain + + String tks_session_id = hr.getContentValue("header.session_id"); + String tks_url_1 = hr.getContentValue("header.url"); + + System.out.println("TKS_SESSION_ID=" + tks_session_id ); + System.out.println("TKS_URL=" + tks_url_1 ); + + // use session id to connect back to TKS + + String query_string_2 = "p=5" + + "&subsystem=TKS" + + "&session_id=" + tks_session_id + + "&xml=true" ; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, + query_string_2); + + // parse xml + // bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + // px.parse(bais); + // px.prettyprintxml(); + + return true; + + } + + public boolean SubsystemPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "p=5" + "&op=next" + "&xml=true" + + "&subsystemName=" + + URLEncoder.encode(subsystem_name) + + "&choice=newsubsystem" ; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean LdapConnectionPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=7" + "&op=next" + "&xml=true" + + "&host=" + URLEncoder.encode(ldap_host) + + "&port=" + URLEncoder.encode(ldap_port) + + "&binddn=" + URLEncoder.encode(bind_dn) + + "&__bindpwd=" + URLEncoder.encode(bind_password) + + "&basedn=" + URLEncoder.encode(base_dn) + + "&database=" + URLEncoder.encode(db_name) + + "&display=" + URLEncoder.encode("$displayStr") + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean KeyPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList al = null; + + + String query_string = "p=8" + "&op=next" + "&xml=true" + + "&subsystem_custom_size=" + subsystem_key_size + + "&sslserver_custom_size=" + sslserver_key_size + + "&audit_signing_custom_size=" + audit_signing_key_size + + "&custom_size=" + key_size + + "&subsystem_custom_curvename=" + subsystem_key_curvename + + "&sslserver_custom_curvename=" + sslserver_key_curvename + + "&audit_signing_custom_curvename=" + audit_signing_key_curvename + + "&custom_curvename=" + key_curvename + + "&subsystem_keytype=" + subsystem_key_type + + "&sslserver_keytype=" + sslserver_key_type + + "&audit_signing_keytype=" + audit_signing_key_type + + "&keytype=" + key_type + + "&subsystem_choice=custom"+ + "&sslserver_choice=custom"+ + "&audit_signing_choice=custom" + + "&choice=custom"; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + al = px.constructvaluelist("CertReqPair","DN"); + // get ca cert subject name + if (al != null) { + for (int i=0; i < al.size(); i++) { + String temp = (String) al.get(i); + if (temp.indexOf("TKS Subsystem") > 0 ) { + tks_subsystem_cert_name = temp; + } else if (temp.indexOf("Audit Signing Certificate") > 0) { + tks_audit_signing_cert_name = temp; + } else { + server_cert_name = temp; + } + } + } + + System.out.println("default: tks_subsystem_cert_name=" + + tks_subsystem_cert_name); + System.out.println("default: server_cert_name=" + + server_cert_name); System.out.println("default: tks_audit_signing_cert_name=" + tks_audit_signing_cert_name); - return true; - } - - public boolean CertSubjectPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList req_list = null; - ArrayList cert_list = null; - ArrayList dn_list = null; - - String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; - - String query_string = "p=9" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(tks_subsystem_cert_subject_name) + - "&sslserver=" + - URLEncoder.encode(tks_server_cert_subject_name) + - "&audit_signing=" + - URLEncoder.encode(tks_audit_signing_cert_subject_name) + - "&urls=" + - URLEncoder.encode(domain_url) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - req_list = px.constructvaluelist("CertReqPair","Request"); - cert_list = px.constructvaluelist("CertReqPair","Certificate"); - dn_list = px.constructvaluelist("CertReqPair","Nickname"); - - if(req_list != null && cert_list != null && dn_list != null) - { - for (int i=0; i < dn_list.size(); i++) - { - String temp = (String) dn_list.get(i); - - if(temp.indexOf("subsystemCert") >= 0 ) - { - tks_subsystem_cert_req = (String) req_list.get(i); - tks_subsystem_cert_cert = (String) cert_list.get(i); - } - else if (temp.indexOf("auditSigningCert") >=0) { - tks_audit_signing_cert_req = (String) req_list.get(i); - tks_audit_signing_cert_cert = (String) cert_list.get(i); - } - else - { - server_cert_req = (String) req_list.get(i); - server_cert_cert = (String) cert_list.get(i); - } - } - } - - return true; - } - - public boolean CertificatePanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - ArrayList req_list = null; - ArrayList cert_list = null; - ArrayList dn_list = null; - ArrayList pp_list = null; - - - String query_string = "p=10" + "&op=next" + "&xml=true" + - "&subsystem=" + - URLEncoder.encode(tks_subsystem_cert_cert) + - "&subsystem_cc=" + - "&sslserver=" + - URLEncoder.encode(server_cert_cert) + - "&sslserver_cc=" + - "&audit_signing=" + - URLEncoder.encode(tks_audit_signing_cert_cert) + - "&audit_signing_cc=" + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean BackupPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = "p=11" + "&op=next" + "&xml=true" + - "&choice=backupkey" + - "&__pwd=" + backup_pwd + - "&__pwdagain=" + backup_pwd + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - public boolean SavePKCS12Panel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - - String query_string = ""; - - hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string); - - // dump hr.getResponseData() to file - - try - { - FileOutputStream fos = new FileOutputStream(backup_fname); - fos.write(hr.getResponseData()); - fos.close(); - - // set file to permissions 600 - String rtParams[] = { "chmod","600", backup_fname}; - Process proc = Runtime.getRuntime().exec(rtParams); - - BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); - String line = null; - while ( (line = br.readLine()) != null) - System.out.println("Error: " + line); - int exitVal = proc.waitFor(); - - // verify p12 file - - // Decode the P12 file - FileInputStream fis = new FileInputStream(backup_fname); - PFX.Template pfxt = new PFX.Template(); - PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); - System.out.println("Decoded PFX"); - - // now peruse it for interesting info - System.out.println("Version: "+pfx.getVersion()); - AuthenticatedSafes authSafes = pfx.getAuthSafes(); - SEQUENCE asSeq = authSafes.getSequence(); - System.out.println("AuthSafes has "+ - asSeq.size()+" SafeContents"); - - fis.close(); - } - catch(Exception e) - { - System.out.println("ERROR: Exception=" + e.getMessage()); - return false; - } - - return true; - } - - public boolean AdminCertReqPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - String admin_cert_request = null; - - - String cert_subject = "CN=tks-" + admin_user; - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - agent_cert_subject, - agent_key_size, - agent_key_type); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.setTransportCert(null); - cCrypt.setDualKey(false); - cCrypt.loginDB(); - - String crmf_request = cCrypt.generateCRMFrequest(); - - if(crmf_request == null) - { - System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); - return false; - } - - admin_cert_request = crmf_request; - - String query_string = "p=13" + "&op=next" + "&xml=true" + - "&cert_request_type=" + "crmf" + - "&uid=" + admin_user + - "&name=" + admin_user + - "&__pwd=" + admin_password + - "&__admin_password_again=" + admin_password + - "&profileId=" + "caAdminCert" + - "&email=" + - URLEncoder.encode(admin_email) + - "&cert_request=" + - URLEncoder.encode(admin_cert_request) + - "&subject=" + - URLEncoder.encode(agent_cert_subject) + - "&clone=new" + - "&import=true" + - "&securitydomain=" + - URLEncoder.encode(domain_name) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - admin_serial_number = px.getvalue("serialNumber"); - - return true; - } - - public boolean AdminCertImportPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "serialNumber=" + admin_serial_number + - "&importCert=" + "true" + - ""; - - hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string); - - // get response data - String cert_to_import = - new sun.misc.BASE64Encoder().encode(hr.getResponseData()); - System.out.println("Imported Cert=" + cert_to_import); - - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - String start = "-----BEGIN CERTIFICATE-----\r\n" ; - String end = "\r\n-----END CERTIFICATE-----" ; - - st = cCrypt.importCert(start+cert_to_import+end,agent_name); - if(!st) - { - System.out.println("ERROR: AdminCertImportPanel() during cert import"); - return false; - } - - System.out.println("SUCCESS: imported admin user cert"); - return true; - } - - public boolean UpdateDomainPanel() - { - boolean st = false; - HTTPResponse hr = null; - ByteArrayInputStream bais = null; - ParseXML px = new ParseXML(); - - String query_string = "p=14" + "&op=next" + "&xml=true" + - "&caHost=" + URLEncoder.encode(sd_hostname) + - "&caPort=" + URLEncoder.encode(sd_agent_port) + - ""; - - hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); - - // parse xml - bais = new ByteArrayInputStream(hr.getHTML().getBytes()); - px.parse(bais); - px.prettyprintxml(); - - return true; - } - - - public boolean ConfigureTKSInstance() - { - // 0. login to cert db - ComCrypto cCrypt = new ComCrypto(client_certdb_dir, - client_certdb_pwd, - null, - null, - null); - cCrypt.setDebug(true); - cCrypt.setGenerateRequest(true); - cCrypt.loginDB(); - - // instantiate http client - hc = new HTTPClient(); - - sleep_time(); - // 1. Login panel - boolean log_st = LoginPanel(); - if(!log_st) - { - System.out.println("ERROR: ConfigureTKS: LoginPanel() failure"); - return false; - } - - sleep_time(); - // 2. Token Choice Panel - boolean disp_token = TokenChoicePanel(); - if(!disp_token) - { - System.out.println("ERROR: ConfigureTKS: TokenChoicePanel() failure"); - return false; - } - - sleep_time(); - // 3. domain panel - boolean dom_st = DomainPanel(); - if(!dom_st) - { - System.out.println("ERROR: ConfigureTKS: DomainPanel() failure"); - return false; - } - - sleep_time(); - // 4. display cert chain panel - boolean disp_st = DisplayChainPanel(); - if(!disp_st) - { - System.out.println("ERROR: ConfigureTKS: DisplayChainPanel() failure"); - return false; - } - - sleep_time(); - // security domain login panel - boolean disp_sd = SecurityDomainLoginPanel(); - if(!disp_sd) - { - System.out.println("ERROR: ConfigureTKS: SecurityDomainLoginPanel() failure"); - return false; - } - - sleep_time(); - // subsystem panel - boolean disp_ss = SubsystemPanel(); - if(!disp_ss) - { - System.out.println("ERROR: ConfigureTKS: SubsystemPanel() failure"); - return false; - } - - sleep_time(); - // 7. ldap connection panel - boolean disp_ldap = LdapConnectionPanel(); - if(!disp_ldap) - { - System.out.println("ERROR: ConfigureTKS: LdapConnectionPanel() failure"); - return false; - } - - sleep_time(); - sleep_time(); - // 9. Key Panel - boolean disp_key = KeyPanel(); - if(!disp_key) - { - System.out.println("ERROR: ConfigureTKS: KeyPanel() failure"); - return false; - } - - sleep_time(); - // 10. Cert Subject Panel - boolean disp_csubj = CertSubjectPanel(); - if(!disp_csubj) - { - System.out.println("ERROR: ConfigureTKS: CertSubjectPanel() failure"); - return false; - } - - sleep_time(); - // 11. Certificate Panel - boolean disp_cp = CertificatePanel(); - if(!disp_cp) - { - System.out.println("ERROR: ConfigureTKS: CertificatePanel() failure"); - return false; - } - - sleep_time(); - // backup panel - boolean disp_back = BackupPanel(); - if(!disp_back) - { - System.out.println("ERROR: ConfigureTKS: BackupPanel() failure"); - return false; - } - - sleep_time(); - // save panel - boolean disp_save = SavePKCS12Panel(); - if(!disp_save) - { - System.out.println("ERROR: ConfigureTKS: SavePKCS12Panel() failure"); - return false; - } - - sleep_time(); - // 13. Admin Cert Req Panel - boolean disp_adm = AdminCertReqPanel(); - if(!disp_adm) - { - System.out.println("ERROR: ConfigureTKS: AdminCertReqPanel() failure"); - return false; - } - - sleep_time(); - // 14. Admin Cert import Panel - boolean disp_im = AdminCertImportPanel(); - if(!disp_im) - { - System.out.println("ERROR: ConfigureTKS: AdminCertImportPanel() failure"); - return false; - } - - sleep_time(); - // 15. Update Domain Panel - boolean disp_ud = UpdateDomainPanel(); - if(!disp_ud) - { - System.out.println("ERROR: ConfigureTKS: UpdateDomainPanel() failure"); - return false; - } - - sleep_time(); - return true; - } - - public static void main(String args[]) - { - ConfigureTKS ca = new ConfigureTKS(); - - // set variables - StringHolder x_cs_hostname = new StringHolder(); - StringHolder x_cs_port = new StringHolder(); - - StringHolder x_sd_hostname = new StringHolder(); - StringHolder x_sd_ssl_port = new StringHolder(); - StringHolder x_sd_agent_port = new StringHolder(); - StringHolder x_sd_admin_port = new StringHolder(); - StringHolder x_sd_admin_name = new StringHolder(); - StringHolder x_sd_admin_password = new StringHolder(); - - StringHolder x_ca_hostname = new StringHolder(); - StringHolder x_ca_port = new StringHolder(); - StringHolder x_ca_ssl_port = new StringHolder(); - - StringHolder x_client_certdb_dir = new StringHolder(); - StringHolder x_client_certdb_pwd = new StringHolder(); - StringHolder x_preop_pin = new StringHolder(); - - StringHolder x_domain_name = new StringHolder(); - - StringHolder x_admin_user = new StringHolder(); - StringHolder x_admin_email = new StringHolder(); - StringHolder x_admin_password = new StringHolder(); - - // ldap - - StringHolder x_ldap_host = new StringHolder(); - StringHolder x_ldap_port = new StringHolder(); - StringHolder x_bind_dn = new StringHolder(); - StringHolder x_bind_password = new StringHolder(); - StringHolder x_base_dn = new StringHolder(); - StringHolder x_db_name = new StringHolder(); - - // key size - StringHolder x_key_size = new StringHolder(); - StringHolder x_key_type = new StringHolder(); - StringHolder x_token_name = new StringHolder(); - StringHolder x_token_pwd = new StringHolder(); - - StringHolder x_agent_key_size = new StringHolder(); - StringHolder x_agent_key_type = new StringHolder(); - StringHolder x_agent_cert_subject = new StringHolder(); - - StringHolder x_agent_name = new StringHolder(); - StringHolder x_backup_pwd = new StringHolder(); - StringHolder x_backup_fname = new StringHolder(); - - // tks cert subject name params - StringHolder x_tks_subsystem_cert_subject_name = new StringHolder(); - StringHolder x_tks_server_cert_subject_name = new StringHolder(); - StringHolder x_tks_audit_signing_cert_subject_name = new StringHolder(); - - // subsystemName - StringHolder x_subsystem_name = new StringHolder(); - - // parse the args - ArgParser parser = new ArgParser("ConfigureTKS"); - - parser.addOption ("-cs_hostname %s #CS Hostname", - x_cs_hostname); - parser.addOption ("-cs_port %s #CS SSL Admin port", - x_cs_port); - - parser.addOption ("-sd_hostname %s #Security Domain Hostname", - x_sd_hostname); - parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", - x_sd_ssl_port); - parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", - x_sd_agent_port); - parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", - x_sd_admin_port); - parser.addOption ("-sd_admin_name %s #Security Domain Admin Name", - x_sd_admin_name); - parser.addOption ("-sd_admin_password %s #Security Domain Admin password", - x_sd_admin_password); - - parser.addOption ("-ca_hostname %s #CA Hostname", - x_ca_hostname); - parser.addOption ("-ca_port %s #CA non-SSL EE port", - x_ca_port); - parser.addOption ("-ca_ssl_port %s #CA SSL EE port", - x_ca_ssl_port); - - parser.addOption ("-client_certdb_dir %s #Client CertDB dir", - x_client_certdb_dir); - parser.addOption ("-client_certdb_pwd %s #client certdb password", - x_client_certdb_pwd); - parser.addOption ("-preop_pin %s #pre op pin", - x_preop_pin); - parser.addOption ("-domain_name %s #domain name", - x_domain_name); - parser.addOption ("-admin_user %s #Admin User Name", - x_admin_user); - parser.addOption ("-admin_email %s #Admin email", - x_admin_email); - parser.addOption ("-admin_password %s #Admin password", - x_admin_password); - parser.addOption ("-agent_name %s #Agent Cert Nickname", - x_agent_name); - - parser.addOption ("-ldap_host %s #ldap host", - x_ldap_host); - parser.addOption ("-ldap_port %s #ldap port", - x_ldap_port); - parser.addOption ("-bind_dn %s #ldap bind dn", - x_bind_dn); - parser.addOption ("-bind_password %s #ldap bind password", - x_bind_password); - parser.addOption ("-base_dn %s #base dn", - x_base_dn); - parser.addOption ("-db_name %s #db name", - x_db_name); - - parser.addOption ("-key_size %s #Key Size", - x_key_size); - parser.addOption ("-key_type %s #Key type [RSA,ECC]", - x_key_type); - parser.addOption ("-token_name %s #HSM/Software Token name", - x_token_name); - parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", - x_token_pwd); - - parser.addOption ("-agent_key_size %s #Agent Cert Key Size", - x_agent_key_size); - parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", - x_agent_key_type); - parser.addOption ("-agent_cert_subject %s #Agent Cert Subject", - x_agent_cert_subject); - - parser.addOption ("-backup_pwd %s #PKCS12 password", - x_backup_pwd); - - parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-tks.p12", - x_backup_fname); - - parser.addOption ( - "-tks_subsystem_cert_subject_name %s #TKS subsystem cert subject name", - x_tks_subsystem_cert_subject_name); - parser.addOption ( - "-tks_server_cert_subject_name %s #TKS server cert subject name", - x_tks_server_cert_subject_name); - - parser.addOption ( - "-subsystem_name %s #CA subsystem name", - x_subsystem_name); - - parser.addOption( - "-tks_audit_signing_cert_subject_name %s #TKS audit signing cert subject name", - x_tks_audit_signing_cert_subject_name); - - // and then match the arguments - String [] unmatched = null; - unmatched = parser.matchAllArgs (args,0,parser.EXIT_ON_UNMATCHED); - - if(unmatched!=null) - { - System.out.println("ERROR: Argument Mismatch"); - System.exit(-1); - } - - parser.checkRequiredArgs(); - - // set variables - cs_hostname = x_cs_hostname.value; - cs_port = x_cs_port.value; - - sd_hostname = x_sd_hostname.value; - sd_ssl_port = x_sd_ssl_port.value; - sd_agent_port = x_sd_agent_port.value; - sd_admin_port = x_sd_admin_port.value; - sd_admin_name = x_sd_admin_name.value; - sd_admin_password = x_sd_admin_password.value; - - ca_hostname = x_ca_hostname.value; - ca_port = x_ca_port.value; - ca_ssl_port = x_ca_ssl_port.value; - - client_certdb_dir = x_client_certdb_dir.value; - client_certdb_pwd = x_client_certdb_pwd.value; - pin = x_preop_pin.value; - domain_name = x_domain_name.value; - - admin_user = x_admin_user.value; - admin_email = x_admin_email.value; - admin_password = x_admin_password.value; - agent_name = x_agent_name.value; - - ldap_host = x_ldap_host.value; - ldap_port = x_ldap_port.value; - bind_dn = x_bind_dn.value; - bind_password = x_bind_password.value; - base_dn = x_base_dn.value; - db_name = x_db_name.value; - - key_size = x_key_size.value; - key_type = x_key_type.value; - token_name = x_token_name.value; - token_pwd = x_token_pwd.value; - - agent_key_size = x_agent_key_size.value; - agent_key_type = x_agent_key_type.value; - agent_cert_subject = x_agent_cert_subject.value; - - backup_pwd = x_backup_pwd.value; - if ((x_backup_fname.value == null) || (x_backup_fname.equals(""))) { - backup_fname = "/root/tmp-tks.p12"; + return true; + } + + public boolean CertSubjectPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList req_list = null; + ArrayList cert_list = null; + ArrayList dn_list = null; + + String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ; + + String query_string = "p=9" + "&op=next" + "&xml=true" + + "&subsystem=" + + URLEncoder.encode(tks_subsystem_cert_subject_name) + + "&sslserver=" + + URLEncoder.encode(tks_server_cert_subject_name) + + "&audit_signing=" + + URLEncoder.encode(tks_audit_signing_cert_subject_name) + + "&urls=" + + URLEncoder.encode(domain_url) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + req_list = px.constructvaluelist("CertReqPair","Request"); + cert_list = px.constructvaluelist("CertReqPair","Certificate"); + dn_list = px.constructvaluelist("CertReqPair","Nickname"); + + if (req_list != null && cert_list != null && dn_list != null) { + for (int i=0; i < dn_list.size(); i++) { + String temp = (String) dn_list.get(i); + + if (temp.indexOf("subsystemCert") >= 0 ) { + tks_subsystem_cert_req = (String) req_list.get(i); + tks_subsystem_cert_cert = (String) cert_list.get(i); + } else if (temp.indexOf("auditSigningCert") >=0) { + tks_audit_signing_cert_req = (String) req_list.get(i); + tks_audit_signing_cert_cert = (String) cert_list.get(i); } else { - backup_fname = x_backup_fname.value; + server_cert_req = (String) req_list.get(i); + server_cert_cert = (String) cert_list.get(i); } - - tks_subsystem_cert_subject_name = - x_tks_subsystem_cert_subject_name.value; - tks_server_cert_subject_name = - x_tks_server_cert_subject_name.value ; - - subsystem_name = x_subsystem_name.value ; - tks_audit_signing_cert_subject_name = x_tks_audit_signing_cert_subject_name.value; - - - - boolean st = ca.ConfigureTKSInstance(); - - if (!st) - { - System.out.println("ERROR: unable to create TKS"); - System.exit(-1); - } - - System.out.println("Certificate System - TKS Instance Configured."); - System.exit(0); - - } + } + } + + return true; + } + + public boolean CertificatePanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + ArrayList req_list = null; + ArrayList cert_list = null; + ArrayList dn_list = null; + ArrayList pp_list = null; + + + String query_string = "p=10" + "&op=next" + "&xml=true" + + "&subsystem=" + + URLEncoder.encode(tks_subsystem_cert_cert) + + "&subsystem_cc=" + + "&sslserver=" + + URLEncoder.encode(server_cert_cert) + + "&sslserver_cc=" + + "&audit_signing=" + + URLEncoder.encode(tks_audit_signing_cert_cert) + + "&audit_signing_cc=" + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean BackupPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = "p=11" + "&op=next" + "&xml=true" + + "&choice=backupkey" + + "&__pwd=" + URLEncoder.encode(backup_pwd) + + "&__pwdagain=" + URLEncoder.encode(backup_pwd); + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + public boolean SavePKCS12Panel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + + String query_string = ""; + + hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string); + + // dump hr.getResponseData() to file + + try + { + FileOutputStream fos = new FileOutputStream(backup_fname); + fos.write(hr.getResponseData()); + fos.close(); + + // set file to permissions 600 + String rtParams[] = { "chmod","600", backup_fname}; + Process proc = Runtime.getRuntime().exec(rtParams); + + BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream())); + String line = null; + while ( (line = br.readLine()) != null) + System.out.println("Error: " + line); + int exitVal = proc.waitFor(); + + // verify p12 file + + // Decode the P12 file + FileInputStream fis = new FileInputStream(backup_fname); + PFX.Template pfxt = new PFX.Template(); + PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048)); + System.out.println("Decoded PFX"); + + // now peruse it for interesting info + System.out.println("Version: "+pfx.getVersion()); + AuthenticatedSafes authSafes = pfx.getAuthSafes(); + SEQUENCE asSeq = authSafes.getSequence(); + System.out.println("AuthSafes has "+ + asSeq.size()+" SafeContents"); + + fis.close(); + } catch(Exception e) { + System.out.println("ERROR: Exception=" + e.getMessage()); + return false; + } + + return true; + } + + public boolean AdminCertReqPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + String admin_cert_request = null; + + + String cert_subject = "CN=tks-" + admin_user; + + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + agent_cert_subject, + agent_key_size, + agent_key_type); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.setTransportCert(null); + cCrypt.setDualKey(false); + cCrypt.loginDB(); + + String crmf_request = cCrypt.generateCRMFrequest(); + + if (crmf_request == null) + { + System.out.println("ERROR: AdminCertReqPanel() cert req gen failed"); + return false; + } + + admin_cert_request = crmf_request; + + String query_string = "p=13" + "&op=next" + "&xml=true" + + "&cert_request_type=" + "crmf" + + "&uid=" + admin_user + + "&name=" + admin_user + + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + + "&profileId=" + "caAdminCert" + + "&email=" + + URLEncoder.encode(admin_email) + + "&cert_request=" + + URLEncoder.encode(admin_cert_request) + + "&subject=" + + URLEncoder.encode(agent_cert_subject) + + "&clone=new" + + "&import=true" + + "&securitydomain=" + + URLEncoder.encode(domain_name) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + admin_serial_number = px.getvalue("serialNumber"); + + return true; + } + + public boolean AdminCertImportPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "serialNumber=" + admin_serial_number + + "&importCert=" + "true" + + ""; + + hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string); + + // get response data + String cert_to_import = + new sun.misc.BASE64Encoder().encode(hr.getResponseData()); + System.out.println("Imported Cert=" + cert_to_import); + + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + null, + null, + null); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.loginDB(); + + String start = "-----BEGIN CERTIFICATE-----\r\n" ; + String end = "\r\n-----END CERTIFICATE-----" ; + + st = cCrypt.importCert(start+cert_to_import+end,agent_name); + if (!st) { + System.out.println("ERROR: AdminCertImportPanel() during cert import"); + return false; + } + + System.out.println("SUCCESS: imported admin user cert"); + return true; + } + + public boolean UpdateDomainPanel() + { + boolean st = false; + HTTPResponse hr = null; + ByteArrayInputStream bais = null; + ParseXML px = new ParseXML(); + + String query_string = "p=14" + "&op=next" + "&xml=true" + + "&caHost=" + URLEncoder.encode(sd_hostname) + + "&caPort=" + URLEncoder.encode(sd_agent_port) + + ""; + + hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); + + // parse xml + bais = new ByteArrayInputStream(hr.getHTML().getBytes()); + px.parse(bais); + px.prettyprintxml(); + + return true; + } + + + public boolean ConfigureTKSInstance() + { + // 0. login to cert db + ComCrypto cCrypt = new ComCrypto(client_certdb_dir, + client_certdb_pwd, + null, + null, + null); + cCrypt.setDebug(true); + cCrypt.setGenerateRequest(true); + cCrypt.loginDB(); + + // instantiate http client + hc = new HTTPClient(); + + sleep_time(); + // 1. Login panel + boolean log_st = LoginPanel(); + if (!log_st) { + System.out.println("ERROR: ConfigureTKS: LoginPanel() failure"); + return false; + } + + sleep_time(); + // 2. Token Choice Panel + boolean disp_token = TokenChoicePanel(); + if (!disp_token) { + System.out.println("ERROR: ConfigureTKS: TokenChoicePanel() failure"); + return false; + } + + sleep_time(); + // 3. domain panel + boolean dom_st = DomainPanel(); + if (!dom_st) { + System.out.println("ERROR: ConfigureTKS: DomainPanel() failure"); + return false; + } + + sleep_time(); + // 4. display cert chain panel + boolean disp_st = DisplayChainPanel(); + if (!disp_st) { + System.out.println("ERROR: ConfigureTKS: DisplayChainPanel() failure"); + return false; + } + + sleep_time(); + // security domain login panel + boolean disp_sd = SecurityDomainLoginPanel(); + if (!disp_sd) { + System.out.println("ERROR: ConfigureTKS: SecurityDomainLoginPanel() failure"); + return false; + } + + sleep_time(); + // subsystem panel + boolean disp_ss = SubsystemPanel(); + if (!disp_ss) { + System.out.println("ERROR: ConfigureTKS: SubsystemPanel() failure"); + return false; + } + + sleep_time(); + // 7. ldap connection panel + boolean disp_ldap = LdapConnectionPanel(); + if (!disp_ldap) { + System.out.println("ERROR: ConfigureTKS: LdapConnectionPanel() failure"); + return false; + } + + sleep_time(); + sleep_time(); + // 9. Key Panel + boolean disp_key = KeyPanel(); + if (!disp_key) { + System.out.println("ERROR: ConfigureTKS: KeyPanel() failure"); + return false; + } + + sleep_time(); + // 10. Cert Subject Panel + boolean disp_csubj = CertSubjectPanel(); + if (!disp_csubj) { + System.out.println("ERROR: ConfigureTKS: CertSubjectPanel() failure"); + return false; + } + + sleep_time(); + // 11. Certificate Panel + boolean disp_cp = CertificatePanel(); + if (!disp_cp) { + System.out.println("ERROR: ConfigureTKS: CertificatePanel() failure"); + return false; + } + + sleep_time(); + // backup panel + boolean disp_back = BackupPanel(); + if (!disp_back) { + System.out.println("ERROR: ConfigureTKS: BackupPanel() failure"); + return false; + } + + sleep_time(); + // save panel + boolean disp_save = SavePKCS12Panel(); + if (!disp_save) { + System.out.println("ERROR: ConfigureTKS: SavePKCS12Panel() failure"); + return false; + } + + sleep_time(); + // 13. Admin Cert Req Panel + boolean disp_adm = AdminCertReqPanel(); + if (!disp_adm) { + System.out.println("ERROR: ConfigureTKS: AdminCertReqPanel() failure"); + return false; + } + + sleep_time(); + // 14. Admin Cert import Panel + boolean disp_im = AdminCertImportPanel(); + if (!disp_im) { + System.out.println("ERROR: ConfigureTKS: AdminCertImportPanel() failure"); + return false; + } + + sleep_time(); + // 15. Update Domain Panel + boolean disp_ud = UpdateDomainPanel(); + if (!disp_ud) { + System.out.println("ERROR: ConfigureTKS: UpdateDomainPanel() failure"); + return false; + } + + sleep_time(); + return true; + } + + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + + public static void main(String args[]) + { + ConfigureTKS ca = new ConfigureTKS(); + + // set variables + StringHolder x_cs_hostname = new StringHolder(); + StringHolder x_cs_port = new StringHolder(); + + StringHolder x_sd_hostname = new StringHolder(); + StringHolder x_sd_ssl_port = new StringHolder(); + StringHolder x_sd_agent_port = new StringHolder(); + StringHolder x_sd_admin_port = new StringHolder(); + StringHolder x_sd_admin_name = new StringHolder(); + StringHolder x_sd_admin_password = new StringHolder(); + + StringHolder x_ca_hostname = new StringHolder(); + StringHolder x_ca_port = new StringHolder(); + StringHolder x_ca_ssl_port = new StringHolder(); + + StringHolder x_client_certdb_dir = new StringHolder(); + StringHolder x_client_certdb_pwd = new StringHolder(); + StringHolder x_preop_pin = new StringHolder(); + + StringHolder x_domain_name = new StringHolder(); + + StringHolder x_admin_user = new StringHolder(); + StringHolder x_admin_email = new StringHolder(); + StringHolder x_admin_password = new StringHolder(); + + // ldap + StringHolder x_ldap_host = new StringHolder(); + StringHolder x_ldap_port = new StringHolder(); + StringHolder x_bind_dn = new StringHolder(); + StringHolder x_bind_password = new StringHolder(); + StringHolder x_base_dn = new StringHolder(); + StringHolder x_db_name = new StringHolder(); + + // key properties (defaults) + StringHolder x_key_size = new StringHolder(); + StringHolder x_key_type = new StringHolder(); + StringHolder x_key_curvename = new StringHolder(); + + // key properties (custom - audit_signing) + StringHolder x_audit_signing_key_size = new StringHolder(); + StringHolder x_audit_signing_key_type = new StringHolder(); + StringHolder x_audit_signing_key_curvename = new StringHolder(); + + // key properties (custom - subsystem) + StringHolder x_subsystem_key_size = new StringHolder(); + StringHolder x_subsystem_key_type = new StringHolder(); + StringHolder x_subsystem_key_curvename = new StringHolder(); + + // key properties (custom - sslserver) + StringHolder x_sslserver_key_size = new StringHolder(); + StringHolder x_sslserver_key_type = new StringHolder(); + StringHolder x_sslserver_key_curvename = new StringHolder(); + + StringHolder x_token_name = new StringHolder(); + StringHolder x_token_pwd = new StringHolder(); + + StringHolder x_agent_key_size = new StringHolder(); + StringHolder x_agent_key_type = new StringHolder(); + StringHolder x_agent_cert_subject = new StringHolder(); + + StringHolder x_agent_name = new StringHolder(); + StringHolder x_backup_pwd = new StringHolder(); + StringHolder x_backup_fname = new StringHolder(); + + // tks cert subject name params + StringHolder x_tks_subsystem_cert_subject_name = new StringHolder(); + StringHolder x_tks_server_cert_subject_name = new StringHolder(); + StringHolder x_tks_audit_signing_cert_subject_name = new StringHolder(); + + // subsystemName + StringHolder x_subsystem_name = new StringHolder(); + + // parse the args + ArgParser parser = new ArgParser("ConfigureTKS"); + + parser.addOption ("-cs_hostname %s #CS Hostname", + x_cs_hostname); + parser.addOption ("-cs_port %s #CS SSL Admin port", + x_cs_port); + + parser.addOption ("-sd_hostname %s #Security Domain Hostname", + x_sd_hostname); + parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port", + x_sd_ssl_port); + parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port", + x_sd_agent_port); + parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port", + x_sd_admin_port); + parser.addOption ("-sd_admin_name %s #Security Domain Admin Name", + x_sd_admin_name); + parser.addOption ("-sd_admin_password %s #Security Domain Admin password", + x_sd_admin_password); + + parser.addOption ("-ca_hostname %s #CA Hostname", + x_ca_hostname); + parser.addOption ("-ca_port %s #CA non-SSL EE port", + x_ca_port); + parser.addOption ("-ca_ssl_port %s #CA SSL EE port", + x_ca_ssl_port); + + parser.addOption ("-client_certdb_dir %s #Client CertDB dir", + x_client_certdb_dir); + parser.addOption ("-client_certdb_pwd %s #client certdb password", + x_client_certdb_pwd); + parser.addOption ("-preop_pin %s #pre op pin", + x_preop_pin); + parser.addOption ("-domain_name %s #domain name", + x_domain_name); + parser.addOption ("-admin_user %s #Admin User Name", + x_admin_user); + parser.addOption ("-admin_email %s #Admin email", + x_admin_email); + parser.addOption ("-admin_password %s #Admin password", + x_admin_password); + parser.addOption ("-agent_name %s #Agent Cert Nickname", + x_agent_name); + + parser.addOption ("-ldap_host %s #ldap host", + x_ldap_host); + parser.addOption ("-ldap_port %s #ldap port", + x_ldap_port); + parser.addOption ("-bind_dn %s #ldap bind dn", + x_bind_dn); + parser.addOption ("-bind_password %s #ldap bind password", + x_bind_password); + parser.addOption ("-base_dn %s #base dn", + x_base_dn); + parser.addOption ("-db_name %s #db name", + x_db_name); + + // key and algorithm options (default) + parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type); + parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size); + parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename); + + // key and algorithm options for audit_signing certificate (overrides default) + parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type); + parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size); + parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename); + + // key and algorithm options for subsystem certificate (overrides default) + parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type); + parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size); + parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename); + + // key and algorithm options for sslserver certificate (overrides default) + parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type); + parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size); + parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename); + + parser.addOption ("-token_name %s #HSM/Software Token name", + x_token_name); + parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)", + x_token_pwd); + + parser.addOption ("-agent_key_size %s #Agent Cert Key Size", + x_agent_key_size); + parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]", + x_agent_key_type); + parser.addOption ("-agent_cert_subject %s #Agent Cert Subject", + x_agent_cert_subject); + + parser.addOption ("-backup_pwd %s #PKCS12 password", + x_backup_pwd); + + parser.addOption ( + "-tks_subsystem_cert_subject_name %s #TKS subsystem cert subject name", + x_tks_subsystem_cert_subject_name); + parser.addOption ( + "-tks_server_cert_subject_name %s #TKS server cert subject name", + x_tks_server_cert_subject_name); + + parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-tks.p12", + x_backup_fname); + + parser.addOption ( + "-subsystem_name %s #CA subsystem name", + x_subsystem_name); + + parser.addOption( + "-tks_audit_signing_cert_subject_name %s #TKS audit signing cert subject name", + x_tks_audit_signing_cert_subject_name); + + // and then match the arguments + String [] unmatched = null; + unmatched = parser.matchAllArgs (args,0,parser.EXIT_ON_UNMATCHED); + + if (unmatched!=null) { + System.out.println("ERROR: Argument Mismatch"); + System.exit(-1); + } + + parser.checkRequiredArgs(); + + // set variables + cs_hostname = x_cs_hostname.value; + cs_port = x_cs_port.value; + + sd_hostname = x_sd_hostname.value; + sd_ssl_port = x_sd_ssl_port.value; + sd_agent_port = x_sd_agent_port.value; + sd_admin_port = x_sd_admin_port.value; + sd_admin_name = x_sd_admin_name.value; + sd_admin_password = x_sd_admin_password.value; + + ca_hostname = x_ca_hostname.value; + ca_port = x_ca_port.value; + ca_ssl_port = x_ca_ssl_port.value; + + client_certdb_dir = x_client_certdb_dir.value; + client_certdb_pwd = x_client_certdb_pwd.value; + pin = x_preop_pin.value; + domain_name = x_domain_name.value; + + admin_user = x_admin_user.value; + admin_email = x_admin_email.value; + admin_password = x_admin_password.value; + agent_name = x_agent_name.value; + + ldap_host = x_ldap_host.value; + ldap_port = x_ldap_port.value; + bind_dn = x_bind_dn.value; + bind_password = x_bind_password.value; + base_dn = x_base_dn.value; + db_name = x_db_name.value; + + key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE); + audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type); + subsystem_key_type = set_default(x_subsystem_key_type.value, key_type); + sslserver_key_type = set_default(x_sslserver_key_type.value, key_type); + + key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE); + audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size); + subsystem_key_size = set_default(x_subsystem_key_size.value, key_size); + sslserver_key_size = set_default(x_sslserver_key_size.value, key_size); + + key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME); + audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename); + subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename); + sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename); + + token_name = x_token_name.value; + token_pwd = x_token_pwd.value; + + agent_key_size = x_agent_key_size.value; + agent_key_type = x_agent_key_type.value; + agent_cert_subject = x_agent_cert_subject.value; + + backup_pwd = x_backup_pwd.value; + backup_fname = set_default(x_backup_fname.value, "/root/tmp-tks.p12"); + + tks_subsystem_cert_subject_name = + x_tks_subsystem_cert_subject_name.value; + tks_server_cert_subject_name = + x_tks_server_cert_subject_name.value ; + + subsystem_name = x_subsystem_name.value ; + tks_audit_signing_cert_subject_name = x_tks_audit_signing_cert_subject_name.value; + + boolean st = ca.ConfigureTKSInstance(); + + if (!st) { + System.out.println("ERROR: unable to create TKS"); + System.exit(-1); + } + + System.out.println("Certificate System - TKS Instance Configured."); + System.exit(0); + + } }; diff --git a/pki/base/silent/src/tps/ConfigureTPS.java b/pki/base/silent/src/tps/ConfigureTPS.java index 880b0dd0..c783923b 100644 --- a/pki/base/silent/src/tps/ConfigureTPS.java +++ b/pki/base/silent/src/tps/ConfigureTPS.java @@ -279,7 +279,7 @@ public class ConfigureTPS hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string); String query_string_1 = "uid=" + sd_admin_name + - "&pwd=" + sd_admin_password + + "&pwd=" + URLEncoder.encode(sd_admin_password) + "&url=" + URLEncoder.encode(tps_url) + "" ; @@ -660,8 +660,8 @@ public class ConfigureTPS URLEncoder.encode("TPS Administrator") + "&email=" + URLEncoder.encode(admin_email) + - "&__pwd=" + admin_password + - "&__admin_password_again=" + admin_password + + "&__pwd=" + URLEncoder.encode(admin_password) + + "&__admin_password_again=" + URLEncoder.encode(admin_password) + "&cert_request=" + URLEncoder.encode(admin_cert_request) + "&display=0" + |