summaryrefslogtreecommitdiffstats
path: root/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java')
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java1069
1 files changed, 628 insertions, 441 deletions
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
index 337bf927..9bcebea3 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureCA.java
@@ -1,4 +1,5 @@
package com.netscape.pkisilent;
+
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -17,7 +18,6 @@ package com.netscape.pkisilent;
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
-
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
@@ -41,10 +41,8 @@ import com.netscape.pkisilent.common.ParseXML;
import com.netscape.pkisilent.http.HTTPClient;
import com.netscape.pkisilent.http.HTTPResponse;
-
public class ConfigureCA {
-
// global constants
public static final String DEFAULT_KEY_TYPE = "RSA";
public static final String DEFAULT_KEY_SIZE = "2048";
@@ -57,7 +55,7 @@ public class ConfigureCA {
// define global variables
public static HTTPClient hc = null;
-
+
public static String login_uri = "/ca/admin/console/config/login";
public static String wizard_uri = "/ca/admin/console/config/wizard";
public static String admin_uri = "/ca/admin/ca/getBySerial";
@@ -77,7 +75,7 @@ public class ConfigureCA {
public static String sd_admin_name = null;
public static String sd_admin_password = null;
- // Login Panel
+ // Login Panel
public static String pin = null;
public static String domain_name = null;
@@ -162,7 +160,7 @@ public class ConfigureCA {
public static String ca_audit_signing_cert_pp = null;
public static String ca_audit_signing_cert_cert = null;
- // names
+ // names
public static String ca_sign_cert_subject_name = null;
public static String ca_subsystem_cert_subject_name = null;
public static String ca_ocsp_cert_subject_name = null;
@@ -171,7 +169,7 @@ public class ConfigureCA {
public static String subsystem_name = null;
- public static String external_ca= null;
+ public static String external_ca = null;
public static String ext_ca_cert_file = null;
public static String ext_ca_cert_chain_file = null;
public static String ext_csr_file = null;
@@ -182,10 +180,9 @@ public class ConfigureCA {
public static String clone_p12_passwd = null;
public static String clone_p12_file = null;
- //for correct selection of CA to be cloned
+ // for correct selection of CA to be cloned
public static String urls;
-
public ConfigureCA() {// do nothing :)
}
@@ -204,36 +201,35 @@ public class ConfigureCA {
return status;
}
- public boolean checkStatus(HTTPResponse hr, String name,
- String expected, String location) {
- return checkStatus(hr,name, new String[] {expected}, location);
- }
+ public boolean checkStatus(HTTPResponse hr, String name, String expected,
+ String location) {
+ return checkStatus(hr, name, new String[] { expected }, location);
+ }
- public boolean checkStatus(HTTPResponse hr, String name,
- String[] expected, String location) {
+ public boolean checkStatus(HTTPResponse hr, String name, String[] expected,
+ String location) {
String status = getStatus(hr, name);
if (status == null) {
- System.out.println("Error in " + location + ": " + name +
- " value is null");
+ System.out.println("Error in " + location + ": " + name
+ + " value is null");
return false;
- }
- for (int i=0; i< expected.length; i++) {
+ }
+ for (int i = 0; i < expected.length; i++) {
if (status.equals(expected[i])) {
return true;
}
}
- System.out.println("Error in " + location + ": " + name +
- " returns " + status);
+ System.out.println("Error in " + location + ": " + name + " returns "
+ + status);
return false;
- }
-
+ }
public boolean LoginPanel() {
try {
boolean st = false;
HTTPResponse hr = null;
- String query_string = "pin=" + pin + "&xml=true";
+ String query_string = "pin=" + pin + "&xml=true";
hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
System.out.println("xml returned: " + hr.getHTML());
@@ -250,8 +246,8 @@ public class ConfigureCA {
hr = null;
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
- "p=0&op=next&xml=true");
- if (! checkStatus(hr, "status", "display", "LoginPanel()")) {
+ "p=0&op=next&xml=true");
+ if (!checkStatus(hr, "status", "display", "LoginPanel()")) {
return false;
}
@@ -272,33 +268,40 @@ public class ConfigureCA {
// Software Token
if (token_name.equalsIgnoreCase("internal")) {
query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
- + URLEncoder.encode("Internal Key Storage Token") + "";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) {
+ + URLEncoder.encode("Internal Key Storage Token") + "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "TokenChoicePanel()")) {
return false;
}
} // HSM
else {
// login to hsm first
query_string = "p=2" + "&op=next" + "&xml=true" + "&uTokName="
- + URLEncoder.encode(token_name) + "&__uPasswd="
- + URLEncoder.encode(token_pwd) + "";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) {
+ + URLEncoder.encode(token_name) + "&__uPasswd="
+ + URLEncoder.encode(token_pwd) + "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "TokenChoicePanel()")) {
return false;
}
-
+
// choice with token name now
query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
- + URLEncoder.encode(token_name) + "";
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "TokenChoicePanel()")) {
+ + URLEncoder.encode(token_name) + "";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "TokenChoicePanel()")) {
return false;
}
}
return true;
} catch (Exception e) {
- System.out.println("Exception in TokenChoicePanel(): " + e.toString());
+ System.out.println("Exception in TokenChoicePanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -310,19 +313,20 @@ public class ConfigureCA {
String domain_url = "https://" + cs_hostname + ":" + cs_port;
String query_string = null;
- if (! clone) {
+ if (!clone) {
query_string = "sdomainURL=" + URLEncoder.encode(domain_url)
- + "&sdomainName=" + URLEncoder.encode(domain_name)
- + "&choice=newdomain" + "&p=3" + "&op=next" + "&xml=true";
+ + "&sdomainName=" + URLEncoder.encode(domain_name)
+ + "&choice=newdomain" + "&p=3" + "&op=next"
+ + "&xml=true";
} else {
- domain_url = "https://" + sd_hostname + ":" + sd_admin_port ;
+ domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
query_string = "sdomainURL=" + URLEncoder.encode(domain_url)
- + "&sdomainName="
- + "&choice=existingdomain" + "&p=3" + "&op=next" + "&xml=true";
+ + "&sdomainName=" + "&choice=existingdomain" + "&p=3"
+ + "&op=next" + "&xml=true";
}
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "DomainPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "DomainPanel()")) {
return false;
}
@@ -338,10 +342,11 @@ public class ConfigureCA {
try {
HTTPResponse hr = null;
String query_string = "p=4" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
return true;
} catch (Exception e) {
- System.out.println("Exception in DisplayCertChainPanel(): " + e.toString());
+ System.out.println("Exception in DisplayCertChainPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -352,78 +357,83 @@ public class ConfigureCA {
boolean st = false;
HTTPResponse hr = null;
- String subca_url = "https://" + cs_hostname + ":" + cs_port +
- "/ca/admin/console/config/wizard" + "?p=5&subsystem=CA" ;
+ String subca_url = "https://" + cs_hostname + ":" + cs_port
+ + "/ca/admin/console/config/wizard" + "?p=5&subsystem=CA";
String query_string = "url=" + URLEncoder.encode(subca_url);
- hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string);
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri,
+ query_string);
- String query_string_1 = "uid=" + sd_admin_name + "&pwd=" + URLEncoder.encode(sd_admin_password) +
- "&url=" + URLEncoder.encode(subca_url) ;
+ String query_string_1 = "uid=" + sd_admin_name + "&pwd="
+ + URLEncoder.encode(sd_admin_password) + "&url="
+ + URLEncoder.encode(subca_url);
- hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri,
- query_string_1);
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
// get session id from security domain
-
+
String subca_session_id = hr.getContentValue("header.session_id");
String subca_url_1 = hr.getContentValue("header.url");
-
- System.out.println("SUBCA_SESSION_ID=" + subca_session_id );
- System.out.println("SUBCA_URL=" + subca_url_1 );
+
+ System.out.println("SUBCA_SESSION_ID=" + subca_session_id);
+ System.out.println("SUBCA_URL=" + subca_url_1);
// use session id to connect back to subCA
- String query_string_2 = "p=5" + "&subsystem=CA" +
- "&session_id=" + subca_session_id + "&xml=true" ;
-
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, query_string_2);
+ String query_string_2 = "p=5" + "&subsystem=CA" + "&session_id="
+ + subca_session_id + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_2);
urls = hr.getHTML();
int indx = urls.indexOf(clone_uri);
if (indx < 0) {
throw new Exception("Invalid clone_uri");
}
- urls = urls.substring(urls.lastIndexOf("<option" , indx), indx);
+ urls = urls.substring(urls.lastIndexOf("<option", indx), indx);
urls = urls.split("\"")[1];
System.out.println("urls =" + urls);
- return true;
+ return true;
} catch (Exception e) {
- System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString());
+ System.out.println("Exception in SecurityDomainLoginPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
}
public boolean CreateCAPanel() {
- try {
+ try {
boolean st = false;
HTTPResponse hr = null;
String query_string = null;
if (!clone) {
query_string = "p=5" + "&op=next" + "&xml=true"
- + "&choice=newsubsystem" + "&subsystemName="
- + URLEncoder.encode(subsystem_name);
+ + "&choice=newsubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name);
} else {
query_string = "p=5" + "&op=next" + "&xml=true"
- + "&choice=clonesubsystem" + "&subsystemName="
- + URLEncoder.encode(subsystem_name)
- + "&urls=" + urls + "";
+ + "&choice=clonesubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name) + "&urls=" + urls
+ + "";
}
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel()")) {
return false;
}
if (clone) {
hr = null;
- query_string = "p=6" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "CreateCAPanel(2)")) {
+ query_string = "p=6" + "&op=next" + "&xml=true";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "CreateCAPanel(2)")) {
return false;
}
}
@@ -440,42 +450,44 @@ public class ConfigureCA {
try {
HTTPResponse hr = null;
- String query_string = "p=7" + "&op=next" + "&xml=true"
- + "&__password=" + URLEncoder.encode(clone_p12_passwd)
- + "&path=" + URLEncoder.encode(clone_p12_file) + "";
+ String query_string = "p=7" + "&op=next" + "&xml=true"
+ + "&__password=" + URLEncoder.encode(clone_p12_passwd)
+ + "&path=" + URLEncoder.encode(clone_p12_file) + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "RestoreKeyCertPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "RestoreKeyCertPanel()")) {
return false;
}
return true;
} catch (Exception e) {
- System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString());
+ System.out.println("Exception in RestoreKeyCertPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
}
-
public boolean HierarchyPanel() {
- try {
+ try {
boolean st = false;
HTTPResponse hr = null;
- String query_string = "p=8" + "&op=next" + "&xml=true" ;
- if (external_ca.equalsIgnoreCase("true"))
+ String query_string = "p=8" + "&op=next" + "&xml=true";
+ if (external_ca.equalsIgnoreCase("true"))
query_string += "&choice=join";
else
- query_string += "&choice=root";
+ query_string += "&choice=root";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "HierarchyPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "HierarchyPanel()")) {
return false;
}
return true;
} catch (Exception e) {
- System.out.println("Exception in HierarchyPanel(): " + e.toString());
+ System.out
+ .println("Exception in HierarchyPanel(): " + e.toString());
e.printStackTrace();
return false;
}
@@ -487,26 +499,38 @@ public class ConfigureCA {
boolean st = false;
HTTPResponse hr = null;
- String query_string = "p=9" + "&op=next" + "&xml=true" + "&host="
- + URLEncoder.encode(ldap_host) + "&port="
- + URLEncoder.encode(ldap_port) + "&binddn="
- + URLEncoder.encode(bind_dn) + "&__bindpwd="
- + URLEncoder.encode(bind_password) + "&basedn="
- + URLEncoder.encode(base_dn) + "&database="
- + URLEncoder.encode(db_name) + "&display="
- + URLEncoder.encode("$displayStr")
- + (secure_conn.equals("true")? "&secureConn=on": "")
- + (clone_start_tls.equals("true")? "&cloneStartTLS=on": "")
- + (remove_data.equals("true")? "&removeData=true": "");
+ String query_string = "p=9"
+ + "&op=next"
+ + "&xml=true"
+ + "&host="
+ + URLEncoder.encode(ldap_host)
+ + "&port="
+ + URLEncoder.encode(ldap_port)
+ + "&binddn="
+ + URLEncoder.encode(bind_dn)
+ + "&__bindpwd="
+ + URLEncoder.encode(bind_password)
+ + "&basedn="
+ + URLEncoder.encode(base_dn)
+ + "&database="
+ + URLEncoder.encode(db_name)
+ + "&display="
+ + URLEncoder.encode("$displayStr")
+ + (secure_conn.equals("true") ? "&secureConn=on" : "")
+ + (clone_start_tls.equals("true") ? "&cloneStartTLS=on"
+ : "")
+ + (remove_data.equals("true") ? "&removeData=true" : "");
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "LdapConnectionPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "LdapConnectionPanel()")) {
return false;
}
return true;
} catch (Exception e) {
- System.out.println("Exception in LdapConnectionPanel(): " + e.toString());
+ System.out.println("Exception in LdapConnectionPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -521,48 +545,70 @@ public class ConfigureCA {
ArrayList<String> al = null;
String query_string = null;
if (clone) {
- query_string = "p=10" + "&op=next" + "&xml=true"
- + "&sslserver_custom_size=" + sslserver_key_size
- + "&sslserver_custom_curvename=" + sslserver_key_curvename
- + "&sslserver_choice=custom"
- + "&sslserver_keytype=" + sslserver_key_type
- + "&choice=custom" + "&keytype=" + key_type
- + "&custom_size=" + key_size;
+ query_string = "p=10" + "&op=next" + "&xml=true"
+ + "&sslserver_custom_size=" + sslserver_key_size
+ + "&sslserver_custom_curvename="
+ + sslserver_key_curvename + "&sslserver_choice=custom"
+ + "&sslserver_keytype=" + sslserver_key_type
+ + "&choice=custom" + "&keytype=" + key_type
+ + "&custom_size=" + key_size;
} else {
query_string = "p=10" + "&op=next" + "&xml=true"
- + "&subsystem_custom_size=" + subsystem_key_size
- + "&subsystem_custom_curvename=" + subsystem_key_curvename
- + "&subsystem_keytype=" + subsystem_key_type
- + "&subsystem_choice=custom"
- + "&sslserver_custom_size=" + sslserver_key_size
- + "&sslserver_custom_curvename=" + sslserver_key_curvename
- + "&sslserver_keytype=" + sslserver_key_type
- + "&sslserver_choice=custom"
- + "&signing_custom_size=" + signing_key_size
- + "&signing_custom_curvename=" + signing_key_curvename
- + "&signing_keytype=" + signing_key_type
- + "&signing_choice=custom"
- + "&signing_keyalgorithm=" + key_algorithm
- + "&signing_signingalgorithm=" + signing_signingalgorithm
- + "&ocsp_signing_custom_size=" + ocsp_signing_key_size
- + "&ocsp_signing_custom_curvename=" + ocsp_signing_key_curvename
- + "&ocsp_signing_keytype=" + ocsp_signing_key_type
- + "&ocsp_signing_choice=custom"
- + "&ocsp_signing_signingalgorithm=" + ocsp_signing_signingalgorithm
- + "&audit_signing_custom_size=" + audit_signing_key_size
- + "&audit_signing_custom_curvename=" + audit_signing_key_curvename
- + "&audit_signing_keytype=" + audit_signing_key_type
- + "&audit_signing_choice=custom"
- + "&custom_size=" + key_size
- + "&custom_curvename=" + key_curvename
- + "&keytype=" + key_type
- + "&choice=custom"
- + "&signingalgorithm=" + signing_algorithm
- + "&keyalgorithm=" + key_algorithm;
+ + "&subsystem_custom_size="
+ + subsystem_key_size
+ + "&subsystem_custom_curvename="
+ + subsystem_key_curvename
+ + "&subsystem_keytype="
+ + subsystem_key_type
+ + "&subsystem_choice=custom"
+ + "&sslserver_custom_size="
+ + sslserver_key_size
+ + "&sslserver_custom_curvename="
+ + sslserver_key_curvename
+ + "&sslserver_keytype="
+ + sslserver_key_type
+ + "&sslserver_choice=custom"
+ + "&signing_custom_size="
+ + signing_key_size
+ + "&signing_custom_curvename="
+ + signing_key_curvename
+ + "&signing_keytype="
+ + signing_key_type
+ + "&signing_choice=custom"
+ + "&signing_keyalgorithm="
+ + key_algorithm
+ + "&signing_signingalgorithm="
+ + signing_signingalgorithm
+ + "&ocsp_signing_custom_size="
+ + ocsp_signing_key_size
+ + "&ocsp_signing_custom_curvename="
+ + ocsp_signing_key_curvename
+ + "&ocsp_signing_keytype="
+ + ocsp_signing_key_type
+ + "&ocsp_signing_choice=custom"
+ + "&ocsp_signing_signingalgorithm="
+ + ocsp_signing_signingalgorithm
+ + "&audit_signing_custom_size="
+ + audit_signing_key_size
+ + "&audit_signing_custom_curvename="
+ + audit_signing_key_curvename
+ + "&audit_signing_keytype="
+ + audit_signing_key_type
+ + "&audit_signing_choice=custom"
+ + "&custom_size="
+ + key_size
+ + "&custom_curvename="
+ + key_curvename
+ + "&keytype="
+ + key_type
+ + "&choice=custom"
+ + "&signingalgorithm="
+ + signing_algorithm
+ + "&keyalgorithm=" + key_algorithm;
}
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "KeyPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "KeyPanel()")) {
return false;
}
@@ -574,7 +620,7 @@ public class ConfigureCA {
// get ca cert subject name
if (al != null) {
for (int i = 0; i < al.size(); i++) {
- String temp = al.get(i);
+ String temp = al.get(i);
if (temp.indexOf("Certificate Authority") > 0) {
ca_cert_name = temp;
@@ -589,13 +635,13 @@ public class ConfigureCA {
}
}
}
-
+
System.out.println("default: ca_cert_name=" + ca_cert_name);
System.out.println("default: ocsp_cert_name=" + ocsp_cert_name);
- System.out.println(
- "default: ca_subsystem_cert_name=" + ca_subsystem_cert_name);
- System.out.println(
- "default: ca_audit_signing_cert_name=" + ca_audit_signing_cert_name);
+ System.out.println("default: ca_subsystem_cert_name="
+ + ca_subsystem_cert_name);
+ System.out.println("default: ca_audit_signing_cert_name="
+ + ca_audit_signing_cert_name);
System.out.println("default: server_cert_name=" + server_cert_name);
return true;
} catch (Exception e) {
@@ -619,28 +665,33 @@ public class ConfigureCA {
// use subject names provided as input
if (!clone) {
- query_string = "p=11" + "&op=next" + "&xml=true" + "&subsystem="
- + URLEncoder.encode(ca_subsystem_cert_subject_name)
- + "&ocsp_signing="
- + URLEncoder.encode(ca_ocsp_cert_subject_name) + "&signing="
- + URLEncoder.encode(ca_sign_cert_subject_name) + "&sslserver="
- + URLEncoder.encode(ca_server_cert_subject_name) + "&audit_signing="
- + URLEncoder.encode(ca_audit_signing_cert_subject_name) + "&urls=0"
- + "";
+ query_string = "p=11" + "&op=next" + "&xml=true"
+ + "&subsystem="
+ + URLEncoder.encode(ca_subsystem_cert_subject_name)
+ + "&ocsp_signing="
+ + URLEncoder.encode(ca_ocsp_cert_subject_name)
+ + "&signing="
+ + URLEncoder.encode(ca_sign_cert_subject_name)
+ + "&sslserver="
+ + URLEncoder.encode(ca_server_cert_subject_name)
+ + "&audit_signing="
+ + URLEncoder.encode(ca_audit_signing_cert_subject_name)
+ + "&urls=0" + "";
} else {
- query_string = "p=11" + "&op=next" + "&xml=true" + "&sslserver="
- + URLEncoder.encode(ca_server_cert_subject_name) + "&urls=0"
- + "";
- }
+ query_string = "p=11" + "&op=next" + "&xml=true"
+ + "&sslserver="
+ + URLEncoder.encode(ca_server_cert_subject_name)
+ + "&urls=0" + "";
+ }
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "CertSubjectPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CertSubjectPanel()")) {
return false;
}
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
-
+
req_list = px.constructValueList("CertReqPair", "Request");
cert_list = px.constructValueList("CertReqPair", "Certificate");
dn_list = px.constructValueList("CertReqPair", "Nickname");
@@ -652,47 +703,50 @@ public class ConfigureCA {
if (external_ca.equalsIgnoreCase("true")) {
if ((req_list != null) && (dn_list != null)) {
for (int i = 0; i < dn_list.size(); i++) {
- String temp = dn_list.get(i);
+ String temp = dn_list.get(i);
if (temp.indexOf("caSigningCert") >= 0) {
- ca_cert_req = req_list.get(i);
+ ca_cert_req = req_list.get(i);
}
}
}
if (ext_ca_cert_file == null) {
- try {
- FileOutputStream fos = new FileOutputStream(ext_csr_file);
- PrintStream p = new PrintStream( fos );
+ try {
+ FileOutputStream fos = new FileOutputStream(
+ ext_csr_file);
+ PrintStream p = new PrintStream(fos);
p.println(ca_cert_req);
p.close();
return true;
} catch (Exception e) {
- System.out.println("CertSubjectPanel: Unable to write CSR for external CA to "+ ext_csr_file);
+ System.out
+ .println("CertSubjectPanel: Unable to write CSR for external CA to "
+ + ext_csr_file);
System.out.println(e.toString());
- return false;
- }
- }
- else {
- try {
+ return false;
+ }
+ } else {
+ try {
ca_cert_cert = "";
- FileInputStream fis = new FileInputStream(ext_ca_cert_file);
+ FileInputStream fis = new FileInputStream(
+ ext_ca_cert_file);
DataInputStream in = new DataInputStream(fis);
- while (in.available() !=0) {
+ while (in.available() != 0) {
ca_cert_cert += in.readLine();
}
in.close();
-
+
signing_cc = "";
fis = new FileInputStream(ext_ca_cert_chain_file);
in = new DataInputStream(fis);
- while (in.available() !=0) {
+ while (in.available() != 0) {
signing_cc += in.readLine();
}
in.close();
return true;
- }
- catch (Exception e) {
- System.out.println("CertSubjectPanel: Unable to read in external approved CA cert or certificate chain.");
+ } catch (Exception e) {
+ System.out
+ .println("CertSubjectPanel: Unable to read in external approved CA cert or certificate chain.");
System.out.println(e.toString());
return false;
}
@@ -701,52 +755,59 @@ public class ConfigureCA {
if (req_list != null && cert_list != null && dn_list != null) {
for (int i = 0; i < dn_list.size(); i++) {
- String temp = dn_list.get(i);
-
+ String temp = dn_list.get(i);
+
if (temp.indexOf("caSigningCert") >= 0) {
- ca_cert_req = req_list.get(i);
- ca_cert_cert = cert_list.get(i);
+ ca_cert_req = req_list.get(i);
+ ca_cert_cert = cert_list.get(i);
} else if (temp.indexOf("ocspSigningCert") >= 0) {
- ocsp_cert_req = req_list.get(i);
- ocsp_cert_cert = cert_list.get(i);
+ ocsp_cert_req = req_list.get(i);
+ ocsp_cert_cert = cert_list.get(i);
} else if (temp.indexOf("subsystemCert") >= 0) {
- ca_subsystem_cert_req = req_list.get(i);
- ca_subsystem_cert_cert = cert_list.get(i);
- } else if (temp.indexOf("auditSigningCert") >=0) {
- ca_audit_signing_cert_req = req_list.get(i);
- ca_audit_signing_cert_cert = cert_list.get(i);
+ ca_subsystem_cert_req = req_list.get(i);
+ ca_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ ca_audit_signing_cert_req = req_list.get(i);
+ ca_audit_signing_cert_cert = cert_list.get(i);
} else {
- server_cert_req = req_list.get(i);
- server_cert_cert = cert_list.get(i);
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
}
}
}
-
- // print out subject names
+
+ // print out subject names
System.out.println("ca_cert_name=" + ca_sign_cert_subject_name);
System.out.println("ocsp_cert_name=" + ca_ocsp_cert_subject_name);
- System.out.println(
- "ca_subsystem_cert_name=" + ca_subsystem_cert_subject_name);
- System.out.println("server_cert_name=" + ca_server_cert_subject_name);
- System.out.println("audit_signing_cert_name=" + ca_audit_signing_cert_subject_name);
+ System.out.println("ca_subsystem_cert_name="
+ + ca_subsystem_cert_subject_name);
+ System.out.println("server_cert_name="
+ + ca_server_cert_subject_name);
+ System.out.println("audit_signing_cert_name="
+ + ca_audit_signing_cert_subject_name);
// print out requests
System.out.println("ca_cert_req=" + ca_cert_req);
System.out.println("ocsp_cert_req=" + ocsp_cert_req);
- System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
+ System.out
+ .println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
System.out.println("server_cert_req=" + server_cert_req);
- System.out.println("ca_audit_siging_cert_req=" + ca_audit_signing_cert_req);
+ System.out.println("ca_audit_siging_cert_req="
+ + ca_audit_signing_cert_req);
// print out certs
System.out.println("ca_cert_cert=" + ca_cert_cert);
System.out.println("ocsp_cert_cert=" + ocsp_cert_cert);
- System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert);
+ System.out.println("ca_subsystem_cert_cert="
+ + ca_subsystem_cert_cert);
System.out.println("server_cert_cert=" + server_cert_cert);
- System.out.println("ca_audit_signing_cert_cert=" + ca_audit_signing_cert_cert);
+ System.out.println("ca_audit_signing_cert_cert="
+ + ca_audit_signing_cert_cert);
return true;
} catch (Exception e) {
- System.out.println("Exception in CertSubjectPanel(): " + e.toString());
+ System.out.println("Exception in CertSubjectPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -758,24 +819,26 @@ public class ConfigureCA {
boolean st = false;
HTTPResponse hr = null;
- String query_string = "p=12" + "&op=next" + "&xml=true" + "&subsystem="
- + URLEncoder.encode(ca_subsystem_cert_cert) + "&subsystem_cc="
- + "&ocsp_signing=" + URLEncoder.encode(ocsp_cert_cert)
- + "&ocsp_signing_cc=" + "&signing="
- + URLEncoder.encode(ca_cert_cert) + "&signing_cc="
- + "&audit_signing=" + URLEncoder.encode(ca_audit_signing_cert_cert)
- + "&audit_signing_cc="
- + "&sslserver=" + URLEncoder.encode(server_cert_cert)
- + "&sslserver_cc=" + "";
+ String query_string = "p=12" + "&op=next" + "&xml=true"
+ + "&subsystem=" + URLEncoder.encode(ca_subsystem_cert_cert)
+ + "&subsystem_cc=" + "&ocsp_signing="
+ + URLEncoder.encode(ocsp_cert_cert) + "&ocsp_signing_cc="
+ + "&signing=" + URLEncoder.encode(ca_cert_cert)
+ + "&signing_cc=" + "&audit_signing="
+ + URLEncoder.encode(ca_audit_signing_cert_cert)
+ + "&audit_signing_cc=" + "&sslserver="
+ + URLEncoder.encode(server_cert_cert) + "&sslserver_cc="
+ + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanel()")) {
return false;
}
return true;
} catch (Exception e) {
- System.out.println("Exception in CertificatePanel(): " + e.toString());
+ System.out.println("Exception in CertificatePanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -794,19 +857,19 @@ public class ConfigureCA {
ArrayList<String> pp_list = null;
String genString = "...certificate be generated internally...";
- String query_string = "p=12" + "&op=apply" + "&xml=true" + "&subsystem="
- + URLEncoder.encode(genString) + "&subsystem_cc="
- + "&ocsp_signing=" + URLEncoder.encode(genString)
- + "&ocsp_signing_cc=" + "&signing="
- + URLEncoder.encode(ca_cert_cert) + "&signing_cc="
- + URLEncoder.encode(signing_cc)
- + "&audit_signing=" + URLEncoder.encode(genString)
- + "&audit_signing_cc="
- + "&sslserver=" + URLEncoder.encode(genString)
- + "&sslserver_cc=" + "";
+ String query_string = "p=12" + "&op=apply" + "&xml=true"
+ + "&subsystem=" + URLEncoder.encode(genString)
+ + "&subsystem_cc=" + "&ocsp_signing="
+ + URLEncoder.encode(genString) + "&ocsp_signing_cc="
+ + "&signing=" + URLEncoder.encode(ca_cert_cert)
+ + "&signing_cc=" + URLEncoder.encode(signing_cc)
+ + "&audit_signing=" + URLEncoder.encode(genString)
+ + "&audit_signing_cc=" + "&sslserver="
+ + URLEncoder.encode(genString) + "&sslserver_cc=" + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "CertificatePanelExternal()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "CertificatePanelExternal()")) {
return false;
}
@@ -824,23 +887,23 @@ public class ConfigureCA {
if (req_list != null && cert_list != null && dn_list != null) {
for (int i = 0; i < dn_list.size(); i++) {
- String temp = dn_list.get(i);
+ String temp = dn_list.get(i);
if (temp.indexOf("caSigningCert") >= 0) {
- ca_cert_req = req_list.get(i);
- ca_cert_cert = cert_list.get(i);
+ ca_cert_req = req_list.get(i);
+ ca_cert_cert = cert_list.get(i);
} else if (temp.indexOf("ocspSigningCert") >= 0) {
- ocsp_cert_req = req_list.get(i);
- ocsp_cert_cert = cert_list.get(i);
+ ocsp_cert_req = req_list.get(i);
+ ocsp_cert_cert = cert_list.get(i);
} else if (temp.indexOf("subsystemCert") >= 0) {
- ca_subsystem_cert_req = req_list.get(i);
- ca_subsystem_cert_cert = cert_list.get(i);
+ ca_subsystem_cert_req = req_list.get(i);
+ ca_subsystem_cert_cert = cert_list.get(i);
} else if (temp.indexOf("auditSigningCert") >= 0) {
- ca_audit_signing_cert_req = req_list.get(i);
- ca_audit_signing_cert_cert = cert_list.get(i);
+ ca_audit_signing_cert_req = req_list.get(i);
+ ca_audit_signing_cert_cert = cert_list.get(i);
} else {
- server_cert_req = req_list.get(i);
- server_cert_cert = cert_list.get(i);
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
}
}
}
@@ -848,29 +911,35 @@ public class ConfigureCA {
// print out subject name
System.out.println("ca_cert_name=" + ca_sign_cert_subject_name);
System.out.println("ocsp_cert_name=" + ca_ocsp_cert_subject_name);
- System.out.println(
- "ca_subsystem_cert_name=" + ca_subsystem_cert_subject_name);
- System.out.println("server_cert_name=" + ca_server_cert_subject_name);
- System.out.println(
- "ca_audit_signing_cert_name=" + ca_audit_signing_cert_subject_name);
+ System.out.println("ca_subsystem_cert_name="
+ + ca_subsystem_cert_subject_name);
+ System.out.println("server_cert_name="
+ + ca_server_cert_subject_name);
+ System.out.println("ca_audit_signing_cert_name="
+ + ca_audit_signing_cert_subject_name);
// print out requests
System.out.println("ca_cert_req=" + ca_cert_req);
System.out.println("ocsp_cert_req=" + ocsp_cert_req);
- System.out.println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
+ System.out
+ .println("ca_subsystem_cert_req=" + ca_subsystem_cert_req);
System.out.println("server_cert_req=" + server_cert_req);
- System.out.println("ca_audit_signing_cert_req=" + ca_audit_signing_cert_req);
+ System.out.println("ca_audit_signing_cert_req="
+ + ca_audit_signing_cert_req);
// print out certs
System.out.println("ca_cert_cert=" + ca_cert_cert);
System.out.println("ocsp_cert_cert=" + ocsp_cert_cert);
- System.out.println("ca_subsystem_cert_cert=" + ca_subsystem_cert_cert);
+ System.out.println("ca_subsystem_cert_cert="
+ + ca_subsystem_cert_cert);
System.out.println("server_cert_cert=" + server_cert_cert);
- System.out.println("ca_audit_signing_cert_cert=" + ca_audit_signing_cert_cert);
+ System.out.println("ca_audit_signing_cert_cert="
+ + ca_audit_signing_cert_cert);
return true;
} catch (Exception e) {
- System.out.println("Exception in CertificatePanelExternal(): " + e.toString());
+ System.out.println("Exception in CertificatePanelExternal(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -884,17 +953,20 @@ public class ConfigureCA {
if (save_p12.equalsIgnoreCase("true")) {
String query_string = "p=13" + "&op=next" + "&xml=true"
- + "&choice=backupkey" + "&__pwd=" + URLEncoder.encode(backup_pwd)
- + "&__pwdagain=" + URLEncoder.encode(backup_pwd);
+ + "&choice=backupkey" + "&__pwd="
+ + URLEncoder.encode(backup_pwd) + "&__pwdagain="
+ + URLEncoder.encode(backup_pwd);
- hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "BackupPanel()")) {
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string);
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "BackupPanel()")) {
return false;
}
- query_string = "";
+ query_string = "";
- hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri,
+ query_string);
// dump hr.getResponseData() to file
@@ -905,20 +977,22 @@ public class ConfigureCA {
fos.close();
// set file to permissions 600
- String rtParams[] = { "chmod","600", backup_fname};
+ String rtParams[] = { "chmod", "600", backup_fname };
Process proc = Runtime.getRuntime().exec(rtParams);
- BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ BufferedReader br = new BufferedReader(
+ new InputStreamReader(proc.getErrorStream()));
String line = null;
- while ( (line = br.readLine()) != null)
- System.out.println("Error: " + line);
+ while ((line = br.readLine()) != null)
+ System.out.println("Error: " + line);
int exitVal = proc.waitFor();
// verify p12 file
// Decode the P12 file
FileInputStream fis = new FileInputStream(backup_fname);
PFX.Template pfxt = new PFX.Template();
- PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis, 2048));
+ PFX pfx = (PFX) pfxt.decode(new BufferedInputStream(fis,
+ 2048));
System.out.println("Decoded PFX");
@@ -927,8 +1001,8 @@ public class ConfigureCA {
AuthenticatedSafes authSafes = pfx.getAuthSafes();
SEQUENCE asSeq = authSafes.getSequence();
- System.out.println(
- "AuthSafes has " + asSeq.size() + " SafeContents");
+ System.out.println("AuthSafes has " + asSeq.size()
+ + " SafeContents");
fis.close();
} catch (Exception e) {
@@ -950,14 +1024,16 @@ public class ConfigureCA {
HTTPResponse hr = null;
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
- "p=14&op=next&xml=true");
- if (! checkStatus(hr, "updateStatus", SUCCESS, "BackupContinuePanel()")) {
+ "p=14&op=next&xml=true");
+ if (!checkStatus(hr, "updateStatus", SUCCESS,
+ "BackupContinuePanel()")) {
return false;
}
- return true;
+ return true;
} catch (Exception e) {
- System.out.println("Exception in BackupContinuePanel(): " + e.toString());
+ System.out.println("Exception in BackupContinuePanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -968,14 +1044,15 @@ public class ConfigureCA {
HTTPResponse hr = null;
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
- "p=15&op=next&xml=true");
- if (! checkStatus(hr, "updateStatus", SUCCESS, "ImportCACertPanel()")) {
+ "p=15&op=next&xml=true");
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "ImportCACertPanel()")) {
return false;
}
- return true;
+ return true;
} catch (Exception e) {
- System.out.println("Exception in ImportCACertPanel(): " + e.toString());
+ System.out.println("Exception in ImportCACertPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -989,8 +1066,9 @@ public class ConfigureCA {
ParseXML px = new ParseXML();
String admin_cert_request = null;
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
- agent_cert_subject, agent_key_size, agent_key_type);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd, agent_cert_subject, agent_key_size,
+ agent_key_type);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
@@ -1001,37 +1079,41 @@ public class ConfigureCA {
String crmf_request = cCrypt.generateCRMFrequest();
if (crmf_request == null) {
- System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
+ System.out
+ .println("ERROR: AdminCertReqPanel() cert req gen failed");
return false;
}
admin_cert_request = crmf_request;
String query_string = "p=16" + "&op=next" + "&xml=true"
- + "&cert_request_type=" + "crmf" + "&uid=" + admin_user
- + "&name=" + admin_user + "&__pwd=" + URLEncoder.encode(admin_password)
- + "&__admin_password_again=" + URLEncoder.encode(admin_password) + "&profileId="
- + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email)
- + "&cert_request=" + URLEncoder.encode(admin_cert_request)
- + "&subject=" + URLEncoder.encode(agent_cert_subject)
- + "&clone=new"
- + "&import=true" + "&securitydomain="
- + URLEncoder.encode(domain_name) + "";
+ + "&cert_request_type=" + "crmf" + "&uid=" + admin_user
+ + "&name=" + admin_user + "&__pwd="
+ + URLEncoder.encode(admin_password)
+ + "&__admin_password_again="
+ + URLEncoder.encode(admin_password) + "&profileId="
+ + "caAdminCert" + "&email="
+ + URLEncoder.encode(admin_email) + "&cert_request="
+ + URLEncoder.encode(admin_cert_request) + "&subject="
+ + URLEncoder.encode(agent_cert_subject) + "&clone=new"
+ + "&import=true" + "&securitydomain="
+ + URLEncoder.encode(domain_name) + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "AdminCertReqPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "AdminCertReqPanel()")) {
return false;
}
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
-
+
admin_serial_number = px.getvalue("serialNumber");
return true;
} catch (Exception e) {
- System.out.println("Exception in AdminCertReqPanel(): " + e.toString());
+ System.out.println("Exception in AdminCertReqPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -1045,15 +1127,15 @@ public class ConfigureCA {
String cert_to_import = null;
String query_string = "&serialNumber=" + admin_serial_number
- + "&importCert=true" + "";
+ + "&importCert=true" + "";
hr = hc.sslConnect(cs_hostname, cs_port, admin_uri, query_string);
-
+
try {
// get response data
// Convert a byte array to base64 string
// cert_to_import = new sun.misc.BASE64Encoder().encode(
- // hr.getResponseData());
+ // hr.getResponseData());
cert_to_import = OSUtil.BtoA(hr.getResponseData());
// Convert base64 string to a byte array
@@ -1065,8 +1147,8 @@ public class ConfigureCA {
}
System.out.println("Cert to Import =" + cert_to_import);
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
- null, null, null);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
+ client_certdb_pwd, null, null, null);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
@@ -1077,15 +1159,16 @@ public class ConfigureCA {
st = cCrypt.importCert(start + cert_to_import + end, agent_name);
if (!st) {
- System.out.println(
- "ERROR: AdminCertImportPanel() during cert import");
+ System.out
+ .println("ERROR: AdminCertImportPanel() during cert import");
return false;
}
System.out.println("SUCCESS: imported admin user cert");
return true;
} catch (Exception e) {
- System.out.println("Exception in AdminCertImportPanel(): " + e.toString());
+ System.out.println("Exception in AdminCertImportPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -1098,19 +1181,19 @@ public class ConfigureCA {
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "p=17" + "&op=next" + "&xml=true" + "&caHost="
- + URLEncoder.encode("/") + "&caPort=" + URLEncoder.encode("/")
- + "";
+ String query_string = "p=17" + "&op=next" + "&xml=true"
+ + "&caHost=" + URLEncoder.encode("/") + "&caPort="
+ + URLEncoder.encode("/") + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
- if (! checkStatus(hr, "updateStatus", SUCCESS, "UpdateDomainPanel()")) {
+ if (!checkStatus(hr, "updateStatus", SUCCESS, "UpdateDomainPanel()")) {
return false;
}
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
-
+
String caHost = px.getvalue("host");
String caPort = px.getvalue("port");
String systemType = px.getvalue("systemType");
@@ -1118,10 +1201,11 @@ public class ConfigureCA {
System.out.println("caHost=" + caHost);
System.out.println("caPort=" + caPort);
System.out.println("systemType=" + systemType);
-
+
return true;
} catch (Exception e) {
- System.out.println("Exception in UpdateDomainPanel(): " + e.toString());
+ System.out.println("Exception in UpdateDomainPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
@@ -1158,7 +1242,8 @@ public class ConfigureCA {
boolean disp_token = TokenChoicePanel();
if (!disp_token) {
- System.out.println("ERROR: ConfigureCA: TokenChoicePanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: TokenChoicePanel() failure");
return false;
}
@@ -1173,15 +1258,16 @@ public class ConfigureCA {
// 4. display cert chain panel and security domain login
if (clone) {
boolean disp_st = DisplayCertChainPanel();
- if(!disp_st) {
- System.out.println("ERROR: ConfigureCA: DisplayCertChainPanel() failure");
+ if (!disp_st) {
+ System.out
+ .println("ERROR: ConfigureCA: DisplayCertChainPanel() failure");
return false;
}
boolean sd_st = SecurityDomainLoginPanel();
- if(! sd_st)
- {
- System.out.println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure");
+ if (!sd_st) {
+ System.out
+ .println("ERROR: ConfigureSubCA: SecurityDomainLoginPanel() failure");
return false;
}
@@ -1199,17 +1285,19 @@ public class ConfigureCA {
if (clone) {
boolean restore_st = RestoreKeyCertPanel();
if (!restore_st) {
- System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
return false;
}
}
// 7. hierarchy panel
- if (! clone) {
+ if (!clone) {
boolean disp_h = HierarchyPanel();
if (!disp_h) {
- System.out.println("ERROR: ConfigureCA: HierarchyPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: HierarchyPanel() failure");
return false;
}
}
@@ -1218,8 +1306,8 @@ public class ConfigureCA {
boolean disp_ldap = LdapConnectionPanel();
if (!disp_ldap) {
- System.out.println(
- "ERROR: ConfigureCA: LdapConnectionPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: LdapConnectionPanel() failure");
return false;
}
@@ -1235,7 +1323,8 @@ public class ConfigureCA {
boolean disp_csubj = CertSubjectPanel();
if (!disp_csubj) {
- System.out.println("ERROR: ConfigureCA: CertSubjectPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: CertSubjectPanel() failure");
return false;
}
@@ -1248,22 +1337,26 @@ public class ConfigureCA {
disp_cp = CertificatePanelExternal();
if (!disp_cp) {
- System.out.println("ERROR: ConfigureCA: CertificatePanelExternal() failure");
+ System.out
+ .println("ERROR: ConfigureCA: CertificatePanelExternal() failure");
return false;
}
- }
- else {
- // first pass - cacert file not defined
- System.out.println("A Certificate Request has been generated and stored in " + ext_csr_file);
- System.out.println("Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain");
- return true;
+ } else {
+ // first pass - cacert file not defined
+ System.out
+ .println("A Certificate Request has been generated and stored in "
+ + ext_csr_file);
+ System.out
+ .println("Please submit this CSR to your external CA and obtain the CA Cert and CA Cert Chain");
+ return true;
}
}
disp_cp = CertificatePanel();
if (!disp_cp) {
- System.out.println("ERROR: ConfigureCA: CertificatePanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: CertificatePanel() failure");
return false;
}
@@ -1279,30 +1372,31 @@ public class ConfigureCA {
boolean disp_back_cont = BackupContinuePanel();
if (!disp_back_cont) {
- System.out.println("ERROR: ConfigureCA: BackupContinuePanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: BackupContinuePanel() failure");
return false;
}
-
// 15. Import CA Cert panel
boolean disp_import_cacert = ImportCACertPanel();
if (!disp_import_cacert) {
- System.out.println("ERROR: ConfigureCA: ImportCACertPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: ImportCACertPanel() failure");
return false;
}
-
- if (clone) {
+
+ if (clone) {
// no other panels required for clone
return true;
}
-
// 16. Admin Cert Req Panel
boolean disp_adm = AdminCertReqPanel();
if (!disp_adm) {
- System.out.println("ERROR: ConfigureCA: AdminCertReqPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: AdminCertReqPanel() failure");
return false;
}
@@ -1310,8 +1404,8 @@ public class ConfigureCA {
boolean disp_im = AdminCertImportPanel();
if (!disp_im) {
- System.out.println(
- "ERROR: ConfigureCA: AdminCertImportPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: AdminCertImportPanel() failure");
return false;
}
@@ -1319,7 +1413,8 @@ public class ConfigureCA {
boolean disp_ud = UpdateDomainPanel();
if (!disp_ud) {
- System.out.println("ERROR: ConfigureCA: UpdateDomainPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: UpdateDomainPanel() failure");
return false;
}
@@ -1350,7 +1445,7 @@ public class ConfigureCA {
StringHolder x_admin_email = new StringHolder();
StringHolder x_admin_password = new StringHolder();
- // ldap
+ // ldap
StringHolder x_ldap_host = new StringHolder();
StringHolder x_ldap_port = new StringHolder();
StringHolder x_bind_dn = new StringHolder();
@@ -1379,7 +1474,7 @@ public class ConfigureCA {
StringHolder x_ocsp_signing_key_type = new StringHolder();
StringHolder x_ocsp_signing_key_curvename = new StringHolder();
StringHolder x_ocsp_signing_signingalgorithm = new StringHolder();
-
+
// key properties (custom - audit_signing)
StringHolder x_audit_signing_key_size = new StringHolder();
StringHolder x_audit_signing_key_type = new StringHolder();
@@ -1421,17 +1516,17 @@ public class ConfigureCA {
// external CA cert
StringHolder x_external_ca = new StringHolder();
- StringHolder x_ext_ca_cert_file = new StringHolder();
- StringHolder x_ext_ca_cert_chain_file = new StringHolder();
- StringHolder x_ext_csr_file = new StringHolder();
+ StringHolder x_ext_ca_cert_file = new StringHolder();
+ StringHolder x_ext_ca_cert_chain_file = new StringHolder();
+ StringHolder x_ext_csr_file = new StringHolder();
- //clone parameters
+ // clone parameters
StringHolder x_clone = new StringHolder();
StringHolder x_clone_uri = new StringHolder();
StringHolder x_clone_p12_file = new StringHolder();
StringHolder x_clone_p12_passwd = new StringHolder();
- //security domain
+ // security domain
StringHolder x_sd_hostname = new StringHolder();
StringHolder x_sd_ssl_port = new StringHolder();
StringHolder x_sd_agent_port = new StringHolder();
@@ -1439,124 +1534,204 @@ public class ConfigureCA {
StringHolder x_sd_admin_name = new StringHolder();
StringHolder x_sd_admin_password = new StringHolder();
-
// parse the args
ArgParser parser = new ArgParser("ConfigureCA");
- parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname);
- parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port);
+ parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port);
parser.addOption("-client_certdb_dir %s #Client CertDB dir",
- x_client_certdb_dir);
+ x_client_certdb_dir);
parser.addOption("-client_certdb_pwd %s #client certdb password",
- x_client_certdb_pwd);
- parser.addOption("-preop_pin %s #pre op pin", x_preop_pin);
- parser.addOption("-domain_name %s #domain name", x_domain_name);
- parser.addOption("-admin_user %s #Admin User Name", x_admin_user);
- parser.addOption("-admin_email %s #Admin email", x_admin_email);
- parser.addOption("-admin_password %s #Admin password", x_admin_password);
- parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name);
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin", x_preop_pin);
+ parser.addOption("-domain_name %s #domain name", x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name", x_admin_user);
+ parser.addOption("-admin_email %s #Admin email", x_admin_email);
+ parser.addOption("-admin_password %s #Admin password", x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name);
parser.addOption("-agent_key_size %s #Agent Cert Key size",
- x_agent_key_size);
+ x_agent_key_size);
parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
- x_agent_key_type);
+ x_agent_key_type);
parser.addOption("-agent_cert_subject %s #Agent Certificate Subject",
- x_agent_cert_subject);
+ x_agent_cert_subject);
- parser.addOption("-ldap_host %s #ldap host", x_ldap_host);
- parser.addOption("-ldap_port %s #ldap port", x_ldap_port);
- parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn);
+ parser.addOption("-ldap_host %s #ldap host", x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port", x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn);
parser.addOption("-bind_password %s #ldap bind password",
- x_bind_password);
- parser.addOption("-base_dn %s #base dn", x_base_dn);
- parser.addOption("-db_name %s #db name", x_db_name);
- parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn", x_base_dn);
+ parser.addOption("-db_name %s #db name", x_db_name);
+ parser.addOption(
+ "-secure_conn %s #use ldaps port (optional, default is false)",
+ x_secure_conn);
+ parser.addOption(
+ "-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
- parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
- parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
- parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
- parser.addOption("-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_key_algorithm);
- parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)", x_signing_algorithm);
+ parser.addOption(
+ "-key_type %s #Key type [RSA,ECC] (optional, default is RSA)",
+ x_key_type);
+ parser.addOption(
+ "-key_size %s #Key Size (optional, for RSA default is 2048)",
+ x_key_size);
+ parser.addOption(
+ "-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)",
+ x_key_curvename);
+ parser.addOption(
+ "-key_algorithm %s #Key algorithm of the CA certificate (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_key_algorithm);
+ parser.addOption(
+ "-signing_algorithm %s #Signing algorithm (optional, default is key_algorithm)",
+ x_signing_algorithm);
// key and algorithm options for signing certificate (overrides default)
- parser.addOption("-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_signing_key_type);
- parser.addOption("-signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_signing_key_size);
- parser.addOption("-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_signing_key_curvename);
- parser.addOption("-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)", x_signing_signingalgorithm);
-
- // key and algorithm options for ocsp_signing certificate (overrides default)
- parser.addOption("-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_ocsp_signing_key_type);
- parser.addOption("-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_ocsp_signing_key_size);
- parser.addOption("-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_ocsp_signing_key_curvename);
- parser.addOption("-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)", x_ocsp_signing_signingalgorithm);
-
- // key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
-
- // key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
-
- // key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
-
- parser.addOption("-token_name %s #HSM/Software Token name", x_token_name);
- parser.addOption("-token_pwd %s #HSM/Software Token password (optional - only required for HSM)",
- x_token_pwd);
+ parser.addOption(
+ "-signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_signing_key_type);
+ parser.addOption(
+ "-signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_signing_key_size);
+ parser.addOption(
+ "-signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_signing_key_curvename);
+ parser.addOption(
+ "-signing_signingalgorithm %s #Algorithm used be CA cert to sign objects (optional, default is signing_algorithm)",
+ x_signing_signingalgorithm);
+
+ // key and algorithm options for ocsp_signing certificate (overrides
+ // default)
+ parser.addOption(
+ "-ocsp_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_ocsp_signing_key_type);
+ parser.addOption(
+ "-ocsp_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_ocsp_signing_key_size);
+ parser.addOption(
+ "-ocsp_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_ocsp_signing_key_curvename);
+ parser.addOption(
+ "-ocsp_signing_signingalgorithm %s #Algorithm used by the OCSP signing cert to sign objects (optional, default is signing_algorithm)",
+ x_ocsp_signing_signingalgorithm);
+
+ // key and algorithm options for audit_signing certificate (overrides
+ // default)
+ parser.addOption(
+ "-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption(
+ "-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides
+ // default)
+ parser.addOption(
+ "-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption(
+ "-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption(
+ "-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides
+ // default)
+ parser.addOption(
+ "-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption(
+ "-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption(
+ "-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
+ parser.addOption(
+ "-token_pwd %s #HSM/Software Token password (optional - only required for HSM)",
+ x_token_pwd);
parser.addOption("-save_p12 %s #Enable/Disable p12 Export[true,false]",
- x_save_p12);
- parser.addOption("-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)", x_backup_pwd);
- parser.addOption("-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)", x_backup_fname);
+ x_save_p12);
+ parser.addOption(
+ "-backup_pwd %s #Backup Password for p12 (optional, only required if -save_p12 = true)",
+ x_backup_pwd);
+ parser.addOption(
+ "-backup_fname %s #Backup File for p12, (optional, default is /root/tmp-ca.p12)",
+ x_backup_fname);
parser.addOption("-ca_sign_cert_subject_name %s #CA cert subject name",
x_ca_sign_cert_subject_name);
parser.addOption(
"-ca_subsystem_cert_subject_name %s #CA subsystem cert subject name",
- x_ca_subsystem_cert_subject_name);
+ x_ca_subsystem_cert_subject_name);
parser.addOption(
"-ca_ocsp_cert_subject_name %s #CA ocsp cert subject name",
- x_ca_ocsp_cert_subject_name);
+ x_ca_ocsp_cert_subject_name);
parser.addOption(
"-ca_server_cert_subject_name %s #CA server cert subject name",
- x_ca_server_cert_subject_name);
+ x_ca_server_cert_subject_name);
parser.addOption(
"-ca_audit_signing_cert_subject_name %s #CA audit signing cert subject name",
- x_ca_audit_signing_cert_subject_name);
+ x_ca_audit_signing_cert_subject_name);
parser.addOption("-subsystem_name %s #CA subsystem name",
- x_subsystem_name);
-
- parser.addOption("-external %s #Subordinate to external CA [true,false] (optional, default false)",
- x_external_ca);
- parser.addOption("-ext_ca_cert_file %s #File with CA cert from external CA (optional)",
- x_ext_ca_cert_file);
- parser.addOption("-ext_ca_cert_chain_file %s #File with CA cert from external CA (optional)",
+ x_subsystem_name);
+
+ parser.addOption(
+ "-external %s #Subordinate to external CA [true,false] (optional, default false)",
+ x_external_ca);
+ parser.addOption(
+ "-ext_ca_cert_file %s #File with CA cert from external CA (optional)",
+ x_ext_ca_cert_file);
+ parser.addOption(
+ "-ext_ca_cert_chain_file %s #File with CA cert from external CA (optional)",
x_ext_ca_cert_chain_file);
- parser.addOption("-ext_csr_file %s #File to save the CSR for submission to an external CA (optional)",
+ parser.addOption(
+ "-ext_csr_file %s #File to save the CSR for submission to an external CA (optional)",
x_ext_csr_file);
- parser.addOption("-clone %s #Clone of another CA [true, false] (optional, default false)", x_clone);
- parser.addOption("-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri);
- parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)", x_clone_p12_file);
- parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd);
-
- parser.addOption ("-sd_hostname %s #Security Domain Hostname (optional, required if -clone=true)", x_sd_hostname);
- parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)", x_sd_ssl_port);
- parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)", x_sd_agent_port);
- parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)", x_sd_admin_port);
- parser.addOption ("-sd_admin_name %s #Security Domain admin name (optional, required if -clone=true)",
- x_sd_admin_name);
- parser.addOption ("-sd_admin_password %s #Security Domain admin password (optional, required if -clone=true)",
- x_sd_admin_password);
+ parser.addOption(
+ "-clone %s #Clone of another CA [true, false] (optional, default false)",
+ x_clone);
+ parser.addOption(
+ "-clone_uri %s #URL of Master CA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
+ x_clone_uri);
+ parser.addOption(
+ "-clone_p12_file %s #File containing pk12 keys of Master CA (optional, required if -clone=true)",
+ x_clone_p12_file);
+ parser.addOption(
+ "-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
+ x_clone_p12_passwd);
+ parser.addOption(
+ "-sd_hostname %s #Security Domain Hostname (optional, required if -clone=true)",
+ x_sd_hostname);
+ parser.addOption(
+ "-sd_ssl_port %s #Security Domain SSL EE port (optional, required if -clone=true)",
+ x_sd_ssl_port);
+ parser.addOption(
+ "-sd_agent_port %s #Security Domain SSL Agent port (optional, required if -clone=true)",
+ x_sd_agent_port);
+ parser.addOption(
+ "-sd_admin_port %s #Security Domain SSL Admin port (optional, required if -clone=true)",
+ x_sd_admin_port);
+ parser.addOption(
+ "-sd_admin_name %s #Security Domain admin name (optional, required if -clone=true)",
+ x_sd_admin_name);
+ parser.addOption(
+ "-sd_admin_password %s #Security Domain admin password (optional, required if -clone=true)",
+ x_sd_admin_password);
// and then match the arguments
String[] unmatched = null;
@@ -1594,35 +1769,50 @@ public class ConfigureCA {
key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
signing_key_type = set_default(x_signing_key_type.value, key_type);
- ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value, key_type);
- audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ ocsp_signing_key_type = set_default(x_ocsp_signing_key_type.value,
+ key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value,
+ key_type);
subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
signing_key_size = set_default(x_signing_key_size.value, key_size);
- ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value, key_size);
- audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ ocsp_signing_key_size = set_default(x_ocsp_signing_key_size.value,
+ key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value,
+ key_size);
subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
- key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
- signing_key_curvename = set_default(x_signing_key_curvename.value, key_curvename);
- ocsp_signing_key_curvename = set_default(x_ocsp_signing_key_curvename.value, key_curvename);
- audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
- subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
- sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+ key_curvename = set_default(x_key_curvename.value,
+ DEFAULT_KEY_CURVENAME);
+ signing_key_curvename = set_default(x_signing_key_curvename.value,
+ key_curvename);
+ ocsp_signing_key_curvename = set_default(
+ x_ocsp_signing_key_curvename.value, key_curvename);
+ audit_signing_key_curvename = set_default(
+ x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value,
+ key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value,
+ key_curvename);
if (signing_key_type.equalsIgnoreCase("RSA")) {
- key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
+ key_algorithm = set_default(x_key_algorithm.value,
+ DEFAULT_KEY_ALGORITHM_RSA);
} else {
- key_algorithm = set_default(x_key_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
+ key_algorithm = set_default(x_key_algorithm.value,
+ DEFAULT_KEY_ALGORITHM_ECC);
}
-
- signing_algorithm = set_default(x_signing_algorithm.value, key_algorithm);
- signing_signingalgorithm = set_default(x_signing_signingalgorithm.value, signing_algorithm);
- ocsp_signing_signingalgorithm = set_default(x_ocsp_signing_signingalgorithm.value, signing_algorithm);
-
+
+ signing_algorithm = set_default(x_signing_algorithm.value,
+ key_algorithm);
+ signing_signingalgorithm = set_default(
+ x_signing_signingalgorithm.value, signing_algorithm);
+ ocsp_signing_signingalgorithm = set_default(
+ x_ocsp_signing_signingalgorithm.value, signing_algorithm);
+
token_name = x_token_name.value;
token_pwd = x_token_pwd.value;
save_p12 = x_save_p12.value;
@@ -1638,9 +1828,9 @@ public class ConfigureCA {
ca_ocsp_cert_subject_name = x_ca_ocsp_cert_subject_name.value;
ca_server_cert_subject_name = x_ca_server_cert_subject_name.value;
ca_audit_signing_cert_subject_name = x_ca_audit_signing_cert_subject_name.value;
-
+
subsystem_name = x_subsystem_name.value;
-
+
external_ca = set_default(x_external_ca.value, "false");
ext_ca_cert_file = x_ext_ca_cert_file.value;
ext_ca_cert_chain_file = x_ext_ca_cert_chain_file.value;
@@ -1663,18 +1853,15 @@ public class ConfigureCA {
sd_admin_password = x_sd_admin_password.value;
boolean st = ca.ConfigureCAInstance();
-
+
if (!st) {
System.out.println("ERROR: unable to create CA");
System.exit(-1);
}
-
+
System.out.println("Certificate System - CA Instance Configured.");
System.exit(0);
-
- }
-
-}
+ }
-;
+};
generated by cgit (git 2.34.1) at 2024-05-05 10:44:08 +0000