summaryrefslogtreecommitdiffstats
path: root/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
diff options
context:
space:
mode:
Diffstat (limited to 'pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java')
-rw-r--r--pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java964
1 files changed, 491 insertions, 473 deletions
diff --git a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
index c79ec4ed..f8df962a 100644
--- a/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
+++ b/pki/base/silent/src/com/netscape/pkisilent/ConfigureDRM.java
@@ -1,4 +1,5 @@
package com.netscape.pkisilent;
+
// --- BEGIN COPYRIGHT BLOCK ---
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
@@ -17,7 +18,6 @@ package com.netscape.pkisilent;
// All rights reserved.
// --- END COPYRIGHT BLOCK ---
-
import java.io.BufferedInputStream;
import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
@@ -39,8 +39,7 @@ import com.netscape.pkisilent.common.ParseXML;
import com.netscape.pkisilent.http.HTTPClient;
import com.netscape.pkisilent.http.HTTPResponse;
-public class ConfigureDRM
-{
+public class ConfigureDRM {
// global constants
public static final String DEFAULT_KEY_TYPE = "RSA";
@@ -52,7 +51,7 @@ public class ConfigureDRM
// define global variables
public static HTTPClient hc = null;
-
+
public static String login_uri = "/kra/admin/console/config/login";
public static String wizard_uri = "/kra/admin/console/config/wizard";
public static String admin_uri = "/ca/admin/ca/getBySerial";
@@ -78,7 +77,7 @@ public class ConfigureDRM
public static String client_certdb_dir = null;
public static String client_certdb_pwd = null;
- // Login Panel
+ // Login Panel
public static String pin = null;
public static String domain_name = null;
@@ -160,14 +159,13 @@ public class ConfigureDRM
public static String backup_pwd = null;
public static String backup_fname = null;
- // cert subject names
+ // cert subject names
public static String drm_transport_cert_subject_name = null;
public static String drm_subsystem_cert_subject_name = null;
public static String drm_storage_cert_subject_name = null;
public static String drm_server_cert_subject_name = null;
public static String drm_audit_signing_cert_subject_name = null;
-
public static String subsystem_name = null;
// cloning
@@ -176,38 +174,32 @@ public class ConfigureDRM
public static String clone_p12_passwd = null;
public static String clone_p12_file = null;
- //for correct selection of CA to be cloned
+ // for correct selection of CA to be cloned
public static String urls;
-
- public ConfigureDRM ()
- {
+
+ public ConfigureDRM() {
// do nothing :)
}
- public void sleep_time()
- {
- try
- {
+ public void sleep_time() {
+ try {
System.out.println("Sleeping for 5 secs..");
Thread.sleep(5000);
- }
- catch(Exception e)
- {
+ } catch (Exception e) {
System.out.println("ERROR: sleep problem");
}
}
- public boolean LoginPanel()
- {
+ public boolean LoginPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "pin=" + pin + "&xml=true";
-
- hr = hc.sslConnect(cs_hostname,cs_port,login_uri,query_string);
+ String query_string = "pin=" + pin + "&xml=true";
+
+ hr = hc.sslConnect(cs_hostname, cs_port, login_uri, query_string);
System.out.println("xml returned: " + hr.getHTML());
// parse xml here - nothing to parse
@@ -215,14 +207,15 @@ public class ConfigureDRM
// get cookie
String temp = hr.getCookieValue("JSESSIONID");
- if (temp!=null) {
+ if (temp != null) {
int index = temp.indexOf(";");
- HTTPClient.j_session_id = temp.substring(0,index);
+ HTTPClient.j_session_id = temp.substring(0, index);
st = true;
}
hr = null;
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri, "p=0&op=next&xml=true");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ "p=0&op=next&xml=true");
// parse xml here
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -232,8 +225,7 @@ public class ConfigureDRM
return st;
}
- public boolean TokenChoicePanel()
- {
+ public boolean TokenChoicePanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -243,10 +235,9 @@ public class ConfigureDRM
// Software Token
if (token_name.equalsIgnoreCase("internal")) {
- query_string = "p=1" + "&op=next" + "&xml=true" +
- "&choice=" +
- URLEncoder.encode("Internal Key Storage Token");
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
+ + URLEncoder.encode("Internal Key Storage Token");
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -254,23 +245,20 @@ public class ConfigureDRM
px.prettyprintxml();
} else {
// login to hsm first
- query_string = "p=2" + "&op=next" + "&xml=true" +
- "&uTokName=" +
- URLEncoder.encode(token_name) +
- "&__uPasswd=" +
- URLEncoder.encode(token_pwd);
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ query_string = "p=2" + "&op=next" + "&xml=true" + "&uTokName="
+ + URLEncoder.encode(token_name) + "&__uPasswd="
+ + URLEncoder.encode(token_pwd);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
// choice with token name now
- query_string = "p=1" + "&op=next" + "&xml=true" +
- "&choice=" +
- URLEncoder.encode(token_name);
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ query_string = "p=1" + "&op=next" + "&xml=true" + "&choice="
+ + URLEncoder.encode(token_name);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -281,24 +269,18 @@ public class ConfigureDRM
return true;
}
- public boolean DomainPanel()
- {
+ public boolean DomainPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
+ String domain_url = "https://" + sd_hostname + ":" + sd_admin_port;
- String domain_url = "https://" + sd_hostname + ":" + sd_admin_port ;
-
- String query_string = "sdomainURL=" +
- URLEncoder.encode(domain_url) +
- "&choice=existingdomain"+
- "&p=3" +
- "&op=next" +
- "&xml=true";
+ String query_string = "sdomainURL=" + URLEncoder.encode(domain_url)
+ + "&choice=existingdomain" + "&p=3" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -309,43 +291,41 @@ public class ConfigureDRM
}
- public boolean DisplayChainPanel()
- {
+ public boolean DisplayChainPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
String query_string = null;
- query_string = "p=4" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ query_string = "p=4" + "&op=next" + "&xml=true";
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
return true;
}
- public boolean SecurityDomainLoginPanel()
- {
+ public boolean SecurityDomainLoginPanel() {
try {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String kra_url = "https://" + cs_hostname + ":" + cs_port +
- "/kra/admin/console/config/wizard" +
- "?p=5&subsystem=KRA" ;
+ String kra_url = "https://" + cs_hostname + ":" + cs_port
+ + "/kra/admin/console/config/wizard" + "?p=5&subsystem=KRA";
- String query_string = "url=" + URLEncoder.encode(kra_url);
+ String query_string = "url=" + URLEncoder.encode(kra_url);
- hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_login_uri,query_string);
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_login_uri,
+ query_string);
- String query_string_1 = "uid=" + sd_admin_name +
- "&pwd=" + URLEncoder.encode(sd_admin_password) +
- "&url=" + URLEncoder.encode(kra_url) ;
+ String query_string_1 = "uid=" + sd_admin_name + "&pwd="
+ + URLEncoder.encode(sd_admin_password) + "&url="
+ + URLEncoder.encode(kra_url);
- hr = hc.sslConnect(sd_hostname,sd_admin_port,sd_get_cookie_uri,
- query_string_1);
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, sd_get_cookie_uri,
+ query_string_1);
// get session id from security domain
@@ -357,13 +337,10 @@ public class ConfigureDRM
// use session id to connect back to KRA
- String query_string_2 = "p=5" +
- "&subsystem=KRA" +
- "&session_id=" + kra_session_id +
- "&xml=true" ;
+ String query_string_2 = "p=5" + "&subsystem=KRA" + "&session_id="
+ + kra_session_id + "&xml=true";
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,
- query_string_2);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string_2);
if (clone) {
// parse urls
@@ -372,7 +349,7 @@ public class ConfigureDRM
if (indx < 0) {
throw new Exception("Invalid clone_uri");
}
- urls = urls.substring(urls.lastIndexOf("<option" , indx), indx);
+ urls = urls.substring(urls.lastIndexOf("<option", indx), indx);
urls = urls.split("\"")[1];
System.out.println("urls =" + urls);
@@ -380,14 +357,14 @@ public class ConfigureDRM
return true;
} catch (Exception e) {
- System.out.println("Exception in SecurityDomainLoginPanel(): " + e.toString());
+ System.out.println("Exception in SecurityDomainLoginPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
}
-
- public boolean SubsystemPanel()
- {
+
+ public boolean SubsystemPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -395,16 +372,15 @@ public class ConfigureDRM
String query_string = null;
if (!clone) {
query_string = "p=5" + "&op=next" + "&xml=true"
- + "&choice=newsubsystem" + "&subsystemName="
- + URLEncoder.encode(subsystem_name);
+ + "&choice=newsubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name);
} else {
query_string = "p=5" + "&op=next" + "&xml=true"
- + "&choice=clonesubsystem" + "&subsystemName="
- + URLEncoder.encode(subsystem_name)
- + "&urls=" + urls;
+ + "&choice=clonesubsystem" + "&subsystemName="
+ + URLEncoder.encode(subsystem_name) + "&urls=" + urls;
}
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
@@ -420,8 +396,8 @@ public class ConfigureDRM
ParseXML px = new ParseXML();
String query_string = "p=6" + "&op=next" + "&xml=true"
- + "&__password=" + URLEncoder.encode(clone_p12_passwd)
- + "&path=" + URLEncoder.encode(clone_p12_file) + "";
+ + "&__password=" + URLEncoder.encode(clone_p12_passwd)
+ + "&path=" + URLEncoder.encode(clone_p12_file) + "";
hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
@@ -431,33 +407,32 @@ public class ConfigureDRM
px.prettyprintxml();
return true;
} catch (Exception e) {
- System.out.println("Exception in RestoreKeyCertPanel(): " + e.toString());
+ System.out.println("Exception in RestoreKeyCertPanel(): "
+ + e.toString());
e.printStackTrace();
return false;
}
}
- public boolean LdapConnectionPanel()
- {
+ public boolean LdapConnectionPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
+ String query_string = "p=7" + "&op=next" + "&xml=true" + "&host="
+ + URLEncoder.encode(ldap_host) + "&port="
+ + URLEncoder.encode(ldap_port) + "&binddn="
+ + URLEncoder.encode(bind_dn) + "&__bindpwd="
+ + URLEncoder.encode(bind_password) + "&basedn="
+ + URLEncoder.encode(base_dn) + "&database="
+ + URLEncoder.encode(db_name) + "&display="
+ + URLEncoder.encode("$displayStr")
+ + (secure_conn.equals("true") ? "&secureConn=on" : "")
+ + (clone_start_tls.equals("true") ? "&cloneStartTLS=on" : "")
+ + (remove_data.equals("true") ? "&removeData=true" : "");
- String query_string = "p=7" + "&op=next" + "&xml=true" +
- "&host=" + URLEncoder.encode(ldap_host) +
- "&port=" + URLEncoder.encode(ldap_port) +
- "&binddn=" + URLEncoder.encode(bind_dn) +
- "&__bindpwd=" + URLEncoder.encode(bind_password) +
- "&basedn=" + URLEncoder.encode(base_dn) +
- "&database=" + URLEncoder.encode(db_name) +
- "&display=" + URLEncoder.encode("$displayStr") +
- (secure_conn.equals("true")? "&secureConn=on": "") +
- (clone_start_tls.equals("true")? "&cloneStartTLS=on": "") +
- (remove_data.equals("true")? "&removeData=true": "");
-
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -467,8 +442,7 @@ public class ConfigureDRM
return true;
}
- public boolean KeyPanel()
- {
+ public boolean KeyPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -478,56 +452,74 @@ public class ConfigureDRM
String query_string = null;
if (!clone) {
- query_string = "p=8" + "&op=next" + "&xml=true" +
- "&transport_custom_size=" + transport_key_size +
- "&storage_custom_size=" + storage_key_size +
- "&subsystem_custom_size=" + subsystem_key_size +
- "&sslserver_custom_size=" + sslserver_key_size +
- "&audit_signing_custom_size=" + key_size +
- "&custom_size=" + key_size +
- "&transport_custom_curvename=" + transport_key_curvename +
- "&storage_custom_curvename=" + storage_key_curvename +
- "&subsystem_custom_curvename=" + subsystem_key_curvename +
- "&sslserver_custom_curvename=" + sslserver_key_curvename +
- "&audit_signing_custom_curvename=" + audit_signing_key_curvename +
- "&custom_curvename=" + key_curvename +
- "&transport_keytype=" + transport_key_type +
- "&storage_keytype=" + storage_key_type +
- "&subsystem_keytype=" + subsystem_key_type +
- "&sslserver_keytype=" + sslserver_key_type +
- "&audit_signing_keytype=" + audit_signing_key_type +
- "&keytype=" + key_type +
- "&transport_choice=custom"+
- "&storage_choice=custom"+
- "&subsystem_choice=custom"+
- "&sslserver_choice=custom"+
- "&choice=custom"+
- "&audit_signing_choice=custom" +
- "&signingalgorithm=" + signing_algorithm +
- "&transport_signingalgorithm=" + transport_signingalgorithm;
+ query_string = "p=8" + "&op=next" + "&xml=true"
+ + "&transport_custom_size="
+ + transport_key_size
+ + "&storage_custom_size="
+ + storage_key_size
+ + "&subsystem_custom_size="
+ + subsystem_key_size
+ + "&sslserver_custom_size="
+ + sslserver_key_size
+ + "&audit_signing_custom_size="
+ + key_size
+ + "&custom_size="
+ + key_size
+ + "&transport_custom_curvename="
+ + transport_key_curvename
+ + "&storage_custom_curvename="
+ + storage_key_curvename
+ + "&subsystem_custom_curvename="
+ + subsystem_key_curvename
+ + "&sslserver_custom_curvename="
+ + sslserver_key_curvename
+ + "&audit_signing_custom_curvename="
+ + audit_signing_key_curvename
+ + "&custom_curvename="
+ + key_curvename
+ + "&transport_keytype="
+ + transport_key_type
+ + "&storage_keytype="
+ + storage_key_type
+ + "&subsystem_keytype="
+ + subsystem_key_type
+ + "&sslserver_keytype="
+ + sslserver_key_type
+ + "&audit_signing_keytype="
+ + audit_signing_key_type
+ + "&keytype="
+ + key_type
+ + "&transport_choice=custom"
+ + "&storage_choice=custom"
+ + "&subsystem_choice=custom"
+ + "&sslserver_choice=custom"
+ + "&choice=custom"
+ + "&audit_signing_choice=custom"
+ + "&signingalgorithm="
+ + signing_algorithm
+ + "&transport_signingalgorithm="
+ + transport_signingalgorithm;
} else {
- query_string = "p=8" + "&op=next" + "&xml=true" +
- "&sslserver_custom_size=" + sslserver_key_size +
- "&sslserver_keytype=" + sslserver_key_type +
- "&sslserver_choice=custom" +
- "&custom_size=" + key_size +
- "&keytype=" + key_type +
- "&choice=custom";
- }
+ query_string = "p=8" + "&op=next" + "&xml=true"
+ + "&sslserver_custom_size=" + sslserver_key_size
+ + "&sslserver_keytype=" + sslserver_key_type
+ + "&sslserver_choice=custom" + "&custom_size=" + key_size
+ + "&keytype=" + key_type + "&choice=custom";
+ }
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
- al = px.constructValueList("CertReqPair","DN");
+
+ al = px.constructValueList("CertReqPair", "DN");
// get ca cert subject name
if (al != null) {
- for (int i=0; i < al.size(); i++) {
- String temp = al.get(i);
+ for (int i = 0; i < al.size(); i++) {
+ String temp = al.get(i);
if (temp.indexOf("DRM Transport") > 0) {
drm_transport_cert_name = temp;
} else if (temp.indexOf("DRM Storage") > 0) {
@@ -541,23 +533,21 @@ public class ConfigureDRM
}
}
}
-
- System.out.println("default: drm_transport_cert_name=" +
- drm_transport_cert_name);
- System.out.println("default: drm_storage_cert_name=" +
- drm_storage_cert_name);
- System.out.println("default: drm_subsystem_cert_name=" +
- drm_subsystem_cert_name);
- System.out.println("default: drm_audit_signing_cert_name=" +
- drm_audit_signing_cert_name);
-
- System.out.println("default: server_cert_name=" +
- server_cert_name);
+
+ System.out.println("default: drm_transport_cert_name="
+ + drm_transport_cert_name);
+ System.out.println("default: drm_storage_cert_name="
+ + drm_storage_cert_name);
+ System.out.println("default: drm_subsystem_cert_name="
+ + drm_subsystem_cert_name);
+ System.out.println("default: drm_audit_signing_cert_name="
+ + drm_audit_signing_cert_name);
+
+ System.out.println("default: server_cert_name=" + server_cert_name);
return true;
}
- public boolean CertSubjectPanel()
- {
+ public boolean CertSubjectPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -567,69 +557,64 @@ public class ConfigureDRM
ArrayList<String> dn_list = null;
String query_string = null;
- String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port ;
+ String domain_url = "https://" + ca_hostname + ":" + ca_ssl_port;
if (!clone) {
- query_string = "p=9" + "&op=next" + "&xml=true" +
- "&subsystem=" +
- URLEncoder.encode(drm_subsystem_cert_subject_name) +
- "&transport=" +
- URLEncoder.encode(drm_transport_cert_subject_name) +
- "&storage=" +
- URLEncoder.encode(drm_storage_cert_subject_name) +
- "&sslserver=" +
- URLEncoder.encode(drm_server_cert_subject_name) +
- "&audit_signing=" +
- URLEncoder.encode(drm_audit_signing_cert_subject_name) +
- "&urls=" +
- URLEncoder.encode(domain_url);
+ query_string = "p=9" + "&op=next" + "&xml=true" + "&subsystem="
+ + URLEncoder.encode(drm_subsystem_cert_subject_name)
+ + "&transport="
+ + URLEncoder.encode(drm_transport_cert_subject_name)
+ + "&storage="
+ + URLEncoder.encode(drm_storage_cert_subject_name)
+ + "&sslserver="
+ + URLEncoder.encode(drm_server_cert_subject_name)
+ + "&audit_signing="
+ + URLEncoder.encode(drm_audit_signing_cert_subject_name)
+ + "&urls=" + URLEncoder.encode(domain_url);
} else {
- query_string = "p=9" + "&op=next" + "&xml=true" +
- "&sslserver=" +
- URLEncoder.encode(drm_server_cert_subject_name) +
- "&urls=" +
- URLEncoder.encode(domain_url);
+ query_string = "p=9" + "&op=next" + "&xml=true" + "&sslserver="
+ + URLEncoder.encode(drm_server_cert_subject_name)
+ + "&urls=" + URLEncoder.encode(domain_url);
}
-
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
- req_list = px.constructValueList("CertReqPair","Request");
- cert_list = px.constructValueList("CertReqPair","Certificate");
- dn_list = px.constructValueList("CertReqPair","Nickname");
+
+ req_list = px.constructValueList("CertReqPair", "Request");
+ cert_list = px.constructValueList("CertReqPair", "Certificate");
+ dn_list = px.constructValueList("CertReqPair", "Nickname");
if (req_list != null && cert_list != null && dn_list != null) {
- for (int i=0; i < dn_list.size(); i++) {
- String temp = dn_list.get(i);
+ for (int i = 0; i < dn_list.size(); i++) {
+ String temp = dn_list.get(i);
if (temp.indexOf("transportCert") >= 0) {
- drm_transport_cert_req = req_list.get(i);
- drm_transport_cert_cert = cert_list.get(i);
+ drm_transport_cert_req = req_list.get(i);
+ drm_transport_cert_cert = cert_list.get(i);
} else if (temp.indexOf("storageCert") >= 0) {
- drm_storage_cert_req = req_list.get(i);
- drm_storage_cert_cert = cert_list.get(i);
+ drm_storage_cert_req = req_list.get(i);
+ drm_storage_cert_cert = cert_list.get(i);
} else if (temp.indexOf("subsystemCert") >= 0) {
- drm_subsystem_cert_req = req_list.get(i);
- drm_subsystem_cert_cert = cert_list.get(i);
- } else if (temp.indexOf("auditSigningCert") >=0) {
- drm_audit_signing_cert_req = req_list.get(i);
- drm_audit_signing_cert_cert = cert_list.get(i);
+ drm_subsystem_cert_req = req_list.get(i);
+ drm_subsystem_cert_cert = cert_list.get(i);
+ } else if (temp.indexOf("auditSigningCert") >= 0) {
+ drm_audit_signing_cert_req = req_list.get(i);
+ drm_audit_signing_cert_cert = cert_list.get(i);
} else {
- server_cert_req = req_list.get(i);
- server_cert_cert = cert_list.get(i);
+ server_cert_req = req_list.get(i);
+ server_cert_cert = cert_list.get(i);
}
}
}
-
+
return true;
}
- public boolean CertificatePanel()
- {
+ public boolean CertificatePanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
@@ -639,68 +624,56 @@ public class ConfigureDRM
ArrayList<String> dn_list = null;
ArrayList<String> pp_list = null;
+ String query_string = "p=10" + "&op=next" + "&xml=true" + "&subsystem="
+ + URLEncoder.encode(drm_subsystem_cert_cert) + "&subsystem_cc="
+ + "&transport=" + URLEncoder.encode(drm_transport_cert_cert)
+ + "&transport_cc=" + "&storage="
+ + URLEncoder.encode(drm_storage_cert_cert) + "&storage_cc="
+ + "&sslserver=" + URLEncoder.encode(server_cert_cert)
+ + "&sslserver_cc=" + "&audit_signing="
+ + URLEncoder.encode(drm_audit_signing_cert_cert)
+ + "&audit_signing_cc=";
- String query_string = "p=10" + "&op=next" + "&xml=true" +
- "&subsystem=" +
- URLEncoder.encode(drm_subsystem_cert_cert) +
- "&subsystem_cc=" +
- "&transport=" +
- URLEncoder.encode(drm_transport_cert_cert) +
- "&transport_cc=" +
- "&storage=" +
- URLEncoder.encode(drm_storage_cert_cert) +
- "&storage_cc=" +
- "&sslserver=" +
- URLEncoder.encode(server_cert_cert) +
- "&sslserver_cc=" +
- "&audit_signing=" +
- URLEncoder.encode(drm_audit_signing_cert_cert) +
- "&audit_signing_cc=";
-
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
return true;
}
- public boolean BackupPanel()
- {
+ public boolean BackupPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
+ String query_string = "p=11" + "&op=next" + "&xml=true"
+ + "&choice=backupkey" + "&__pwd="
+ + URLEncoder.encode(backup_pwd) + "&__pwdagain="
+ + URLEncoder.encode(backup_pwd);
- String query_string = "p=11" + "&op=next" + "&xml=true" +
- "&choice=backupkey" +
- "&__pwd=" + URLEncoder.encode(backup_pwd) +
- "&__pwdagain=" + URLEncoder.encode(backup_pwd);
-
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
return true;
}
- public boolean SavePKCS12Panel()
- {
+ public boolean SavePKCS12Panel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
+ String query_string = "";
- String query_string = "";
-
- hr = hc.sslConnect(cs_hostname,cs_port,pkcs12_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, pkcs12_uri, query_string);
// dump hr.getResponseData() to file
try {
@@ -709,17 +682,18 @@ public class ConfigureDRM
fos.close();
// set file to permissions 600
- String rtParams[] = { "chmod","600", backup_fname};
+ String rtParams[] = { "chmod", "600", backup_fname };
Process proc = Runtime.getRuntime().exec(rtParams);
- BufferedReader br = new BufferedReader(new InputStreamReader(proc.getErrorStream()));
+ BufferedReader br = new BufferedReader(new InputStreamReader(
+ proc.getErrorStream()));
String line = null;
- while ( (line = br.readLine()) != null)
- System.out.println("Error: " + line);
+ while ((line = br.readLine()) != null)
+ System.out.println("Error: " + line);
int exitVal = proc.waitFor();
-
+
// verify p12 file
-
+
// Decode the P12 file
FileInputStream fis = new FileInputStream(backup_fname);
PFX.Template pfxt = new PFX.Template();
@@ -727,17 +701,18 @@ public class ConfigureDRM
System.out.println("Decoded PFX");
// now peruse it for interesting info
- System.out.println("Version: "+pfx.getVersion());
+ System.out.println("Version: " + pfx.getVersion());
AuthenticatedSafes authSafes = pfx.getAuthSafes();
SEQUENCE asSeq = authSafes.getSequence();
- System.out.println("AuthSafes has "+
- asSeq.size()+" SafeContents");
+ System.out.println("AuthSafes has " + asSeq.size()
+ + " SafeContents");
fis.close();
if (clone) {
query_string = "p=12" + "&op=next" + "&xml=true";
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri,
+ query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
@@ -752,19 +727,15 @@ public class ConfigureDRM
return true;
}
- public boolean AdminCertReqPanel()
- {
+ public boolean AdminCertReqPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
String admin_cert_request = null;
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
- client_certdb_pwd,
- agent_cert_subject,
- agent_key_size,
- agent_key_type);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
+ agent_cert_subject, agent_key_size, agent_key_type);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
cCrypt.setTransportCert(null);
@@ -774,76 +745,67 @@ public class ConfigureDRM
String crmf_request = cCrypt.generateCRMFrequest();
if (crmf_request == null) {
- System.out.println("ERROR: AdminCertReqPanel() cert req gen failed");
- return false;
+ System.out
+ .println("ERROR: AdminCertReqPanel() cert req gen failed");
+ return false;
}
admin_cert_request = crmf_request;
- String query_string = "p=13" + "&op=next" + "&xml=true" +
- "&cert_request_type=" + "crmf" +
- "&uid=" + admin_user +
- "&name=" + admin_user +
- "&__pwd=" + URLEncoder.encode(admin_password) +
- "&__admin_password_again=" + URLEncoder.encode(admin_password) +
- "&profileId=" + "caAdminCert" +
- "&email=" +
- URLEncoder.encode(admin_email) +
- "&cert_request=" +
- URLEncoder.encode(admin_cert_request) +
- "&subject=" +
- URLEncoder.encode(agent_cert_subject) +
- "&clone=new" +
- "&import=true" +
- "&securitydomain=" +
- URLEncoder.encode(domain_name);
-
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ String query_string = "p=13" + "&op=next" + "&xml=true"
+ + "&cert_request_type=" + "crmf" + "&uid=" + admin_user
+ + "&name=" + admin_user + "&__pwd="
+ + URLEncoder.encode(admin_password)
+ + "&__admin_password_again="
+ + URLEncoder.encode(admin_password) + "&profileId="
+ + "caAdminCert" + "&email=" + URLEncoder.encode(admin_email)
+ + "&cert_request=" + URLEncoder.encode(admin_cert_request)
+ + "&subject=" + URLEncoder.encode(agent_cert_subject)
+ + "&clone=new" + "&import=true" + "&securitydomain="
+ + URLEncoder.encode(domain_name);
+
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
- admin_serial_number = px.getvalue("serialNumber");
+
+ admin_serial_number = px.getvalue("serialNumber");
return true;
}
- public boolean AdminCertImportPanel()
- {
+ public boolean AdminCertImportPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "serialNumber=" + admin_serial_number +
- "&importCert=" + "true";
+ String query_string = "serialNumber=" + admin_serial_number
+ + "&importCert=" + "true";
+
+ hr = hc.sslConnect(sd_hostname, sd_admin_port, admin_uri, query_string);
- hr = hc.sslConnect(sd_hostname,sd_admin_port,admin_uri,query_string);
-
// get response data
- // String cert_to_import =
- // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
- String cert_to_import =
- OSUtil.BtoA(hr.getResponseData());
+ // String cert_to_import =
+ // new sun.misc.BASE64Encoder().encode(hr.getResponseData());
+ String cert_to_import = OSUtil.BtoA(hr.getResponseData());
System.out.println("Imported Cert=" + cert_to_import);
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
- client_certdb_pwd,
- null,
- null,
- null);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
+ null, null, null);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
cCrypt.loginDB();
- String start = "-----BEGIN CERTIFICATE-----\r\n" ;
- String end = "\r\n-----END CERTIFICATE-----" ;
+ String start = "-----BEGIN CERTIFICATE-----\r\n";
+ String end = "\r\n-----END CERTIFICATE-----";
- st = cCrypt.importCert(start+cert_to_import+end,agent_name);
+ st = cCrypt.importCert(start + cert_to_import + end, agent_name);
if (!st) {
- System.out.println("ERROR: AdminCertImportPanel() during cert import");
+ System.out
+ .println("ERROR: AdminCertImportPanel() during cert import");
return false;
}
@@ -851,35 +813,30 @@ public class ConfigureDRM
return true;
}
- public boolean UpdateDomainPanel()
- {
+ public boolean UpdateDomainPanel() {
boolean st = false;
HTTPResponse hr = null;
ByteArrayInputStream bais = null;
ParseXML px = new ParseXML();
- String query_string = "p=14" + "&op=next" + "&xml=true" +
- "&caHost=" + URLEncoder.encode(sd_hostname) +
- "&caPort=" + URLEncoder.encode(sd_agent_port);
+ String query_string = "p=14" + "&op=next" + "&xml=true" + "&caHost="
+ + URLEncoder.encode(sd_hostname) + "&caPort="
+ + URLEncoder.encode(sd_agent_port);
- hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string);
+ hr = hc.sslConnect(cs_hostname, cs_port, wizard_uri, query_string);
// parse xml
bais = new ByteArrayInputStream(hr.getHTML().getBytes());
px.parse(bais);
px.prettyprintxml();
-
+
return true;
}
- public boolean ConfigureDRMInstance()
- {
+ public boolean ConfigureDRMInstance() {
// 0. login to cert db
- ComCrypto cCrypt = new ComCrypto(client_certdb_dir,
- client_certdb_pwd,
- null,
- null,
- null);
+ ComCrypto cCrypt = new ComCrypto(client_certdb_dir, client_certdb_pwd,
+ null, null, null);
cCrypt.setDebug(true);
cCrypt.setGenerateRequest(true);
cCrypt.loginDB();
@@ -898,7 +855,8 @@ public class ConfigureDRM
// 2. Token Choice Panel
boolean disp_token = TokenChoicePanel();
if (!disp_token) {
- System.out.println("ERROR: ConfigureDRM: TokenChoicePanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: TokenChoicePanel() failure");
return false;
}
@@ -914,7 +872,8 @@ public class ConfigureDRM
// 4. display cert chain panel
boolean disp_st = DisplayChainPanel();
if (!disp_st) {
- System.out.println("ERROR: ConfigureDRM: DisplayChainPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: DisplayChainPanel() failure");
return false;
}
@@ -922,7 +881,8 @@ public class ConfigureDRM
// security domain login panel
boolean disp_sd = SecurityDomainLoginPanel();
if (!disp_sd) {
- System.out.println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: SecurityDomainLoginPanel() failure");
return false;
}
@@ -939,7 +899,8 @@ public class ConfigureDRM
if (clone) {
boolean restore_st = RestoreKeyCertPanel();
if (!restore_st) {
- System.out.println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
+ System.out
+ .println("ERROR: ConfigureCA: RestoreKeyCertPanel() failure");
return false;
}
}
@@ -948,7 +909,8 @@ public class ConfigureDRM
// 7. ldap connection panel
boolean disp_ldap = LdapConnectionPanel();
if (!disp_ldap) {
- System.out.println("ERROR: ConfigureDRM: LdapConnectionPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: LdapConnectionPanel() failure");
return false;
}
@@ -965,7 +927,8 @@ public class ConfigureDRM
// 10. Cert Subject Panel
boolean disp_csubj = CertSubjectPanel();
if (!disp_csubj) {
- System.out.println("ERROR: ConfigureDRM: CertSubjectPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: CertSubjectPanel() failure");
return false;
}
@@ -973,7 +936,8 @@ public class ConfigureDRM
// 11. Certificate Panel
boolean disp_cp = CertificatePanel();
if (!disp_cp) {
- System.out.println("ERROR: ConfigureDRM: CertificatePanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: CertificatePanel() failure");
return false;
}
@@ -989,7 +953,8 @@ public class ConfigureDRM
// save panel
boolean disp_save = SavePKCS12Panel();
if (!disp_save) {
- System.out.println("ERROR: ConfigureDRM: SavePKCS12Panel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: SavePKCS12Panel() failure");
return false;
}
@@ -1002,7 +967,8 @@ public class ConfigureDRM
// 13. Admin Cert Req Panel
boolean disp_adm = AdminCertReqPanel();
if (!disp_adm) {
- System.out.println("ERROR: ConfigureDRM: AdminCertReqPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: AdminCertReqPanel() failure");
return false;
}
@@ -1010,7 +976,8 @@ public class ConfigureDRM
// 14. Admin Cert import Panel
boolean disp_im = AdminCertImportPanel();
if (!disp_im) {
- System.out.println("ERROR: ConfigureDRM: AdminCertImportPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: AdminCertImportPanel() failure");
return false;
}
@@ -1018,7 +985,8 @@ public class ConfigureDRM
// 15. Update Domain Panel
boolean disp_ud = UpdateDomainPanel();
if (!disp_ud) {
- System.out.println("ERROR: ConfigureDRM: UpdateDomainPanel() failure");
+ System.out
+ .println("ERROR: ConfigureDRM: UpdateDomainPanel() failure");
return false;
}
@@ -1034,8 +1002,7 @@ public class ConfigureDRM
}
}
- public static void main(String args[])
- {
+ public static void main(String args[]) {
ConfigureDRM ca = new ConfigureDRM();
// set variables
@@ -1063,7 +1030,7 @@ public class ConfigureDRM
StringHolder x_admin_email = new StringHolder();
StringHolder x_admin_password = new StringHolder();
- // ldap
+ // ldap
StringHolder x_ldap_host = new StringHolder();
StringHolder x_ldap_port = new StringHolder();
StringHolder x_bind_dn = new StringHolder();
@@ -1127,7 +1094,7 @@ public class ConfigureDRM
// subsystemName
StringHolder x_subsystem_name = new StringHolder();
- //clone parameters
+ // clone parameters
StringHolder x_clone = new StringHolder();
StringHolder x_clone_uri = new StringHolder();
StringHolder x_clone_p12_file = new StringHolder();
@@ -1136,145 +1103,187 @@ public class ConfigureDRM
// parse the args
ArgParser parser = new ArgParser("ConfigureDRM");
- parser.addOption ("-cs_hostname %s #CS Hostname",
- x_cs_hostname);
- parser.addOption ("-cs_port %s #CS SSL Admin port",
- x_cs_port);
-
- parser.addOption ("-sd_hostname %s #Security Domain Hostname",
- x_sd_hostname);
- parser.addOption ("-sd_ssl_port %s #Security Domain SSL EE port",
- x_sd_ssl_port);
- parser.addOption ("-sd_agent_port %s #Security Domain SSL Agent port",
- x_sd_agent_port);
- parser.addOption ("-sd_admin_port %s #Security Domain SSL Admin port",
- x_sd_admin_port);
- parser.addOption ("-sd_admin_name %s #Security Domain username",
- x_sd_admin_name);
- parser.addOption ("-sd_admin_password %s #Security Domain password",
- x_sd_admin_password);
-
- parser.addOption ("-ca_hostname %s #CA Hostname",
- x_ca_hostname);
- parser.addOption ("-ca_port %s #CA non-SSL EE port",
- x_ca_port);
- parser.addOption ("-ca_ssl_port %s #CA SSL EE port",
- x_ca_ssl_port);
-
- parser.addOption ("-client_certdb_dir %s #Client CertDB dir",
- x_client_certdb_dir);
- parser.addOption ("-client_certdb_pwd %s #client certdb password",
- x_client_certdb_pwd);
- parser.addOption ("-preop_pin %s #pre op pin",
- x_preop_pin);
- parser.addOption ("-domain_name %s #domain name",
- x_domain_name);
- parser.addOption ("-admin_user %s #Admin User Name",
- x_admin_user);
- parser.addOption ("-admin_email %s #Admin email",
- x_admin_email);
- parser.addOption ("-admin_password %s #Admin password",
- x_admin_password);
- parser.addOption ("-agent_name %s #Agent Cert Nickname",
- x_agent_name);
-
- parser.addOption ("-ldap_host %s #ldap host",
- x_ldap_host);
- parser.addOption ("-ldap_port %s #ldap port",
- x_ldap_port);
- parser.addOption ("-bind_dn %s #ldap bind dn",
- x_bind_dn);
- parser.addOption ("-bind_password %s #ldap bind password",
- x_bind_password);
- parser.addOption ("-base_dn %s #base dn",
- x_base_dn);
- parser.addOption ("-db_name %s #db name",
- x_db_name);
- parser.addOption("-secure_conn %s #use ldaps port (optional, default is false)", x_secure_conn);
- parser.addOption("-remove_data %s #remove existing data under base_dn (optional, default is false) ", x_remove_data);
- parser.addOption("-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)", x_clone_start_tls);
+ parser.addOption("-cs_hostname %s #CS Hostname", x_cs_hostname);
+ parser.addOption("-cs_port %s #CS SSL Admin port", x_cs_port);
+
+ parser.addOption("-sd_hostname %s #Security Domain Hostname",
+ x_sd_hostname);
+ parser.addOption("-sd_ssl_port %s #Security Domain SSL EE port",
+ x_sd_ssl_port);
+ parser.addOption("-sd_agent_port %s #Security Domain SSL Agent port",
+ x_sd_agent_port);
+ parser.addOption("-sd_admin_port %s #Security Domain SSL Admin port",
+ x_sd_admin_port);
+ parser.addOption("-sd_admin_name %s #Security Domain username",
+ x_sd_admin_name);
+ parser.addOption("-sd_admin_password %s #Security Domain password",
+ x_sd_admin_password);
+
+ parser.addOption("-ca_hostname %s #CA Hostname", x_ca_hostname);
+ parser.addOption("-ca_port %s #CA non-SSL EE port", x_ca_port);
+ parser.addOption("-ca_ssl_port %s #CA SSL EE port", x_ca_ssl_port);
+
+ parser.addOption("-client_certdb_dir %s #Client CertDB dir",
+ x_client_certdb_dir);
+ parser.addOption("-client_certdb_pwd %s #client certdb password",
+ x_client_certdb_pwd);
+ parser.addOption("-preop_pin %s #pre op pin", x_preop_pin);
+ parser.addOption("-domain_name %s #domain name", x_domain_name);
+ parser.addOption("-admin_user %s #Admin User Name", x_admin_user);
+ parser.addOption("-admin_email %s #Admin email", x_admin_email);
+ parser.addOption("-admin_password %s #Admin password", x_admin_password);
+ parser.addOption("-agent_name %s #Agent Cert Nickname", x_agent_name);
+
+ parser.addOption("-ldap_host %s #ldap host", x_ldap_host);
+ parser.addOption("-ldap_port %s #ldap port", x_ldap_port);
+ parser.addOption("-bind_dn %s #ldap bind dn", x_bind_dn);
+ parser.addOption("-bind_password %s #ldap bind password",
+ x_bind_password);
+ parser.addOption("-base_dn %s #base dn", x_base_dn);
+ parser.addOption("-db_name %s #db name", x_db_name);
+ parser.addOption(
+ "-secure_conn %s #use ldaps port (optional, default is false)",
+ x_secure_conn);
+ parser.addOption(
+ "-remove_data %s #remove existing data under base_dn (optional, default is false) ",
+ x_remove_data);
+ parser.addOption(
+ "-clone_start_tls %s #use startTLS for cloning replication agreement (optional, default is false)",
+ x_clone_start_tls);
// key and algorithm options (default)
- parser.addOption("-key_type %s #Key type [RSA,ECC] (optional, default is RSA)", x_key_type);
- parser.addOption("-key_size %s #Key Size (optional, for RSA default is 2048)", x_key_size);
- parser.addOption("-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)", x_key_curvename);
- parser.addOption("-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)", x_signing_algorithm);
+ parser.addOption(
+ "-key_type %s #Key type [RSA,ECC] (optional, default is RSA)",
+ x_key_type);
+ parser.addOption(
+ "-key_size %s #Key Size (optional, for RSA default is 2048)",
+ x_key_size);
+ parser.addOption(
+ "-key_curvename %s #Key Curve Name (optional, for ECC default is nistp256)",
+ x_key_curvename);
+ parser.addOption(
+ "-signing_algorithm %s #Signing algorithm (optional, default is SHA256withRSA for RSA and SHA256withEC for ECC)",
+ x_signing_algorithm);
- // key and algorithm options for transport certificate (overrides default)
- parser.addOption("-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_transport_key_type);
- parser.addOption("-transport_key_size %s #Key Size (optional, for RSA default is key_size)", x_transport_key_size);
- parser.addOption("-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_transport_key_curvename);
- parser.addOption("-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)", x_transport_signingalgorithm);
+ // key and algorithm options for transport certificate (overrides
+ // default)
+ parser.addOption(
+ "-transport_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_transport_key_type);
+ parser.addOption(
+ "-transport_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_transport_key_size);
+ parser.addOption(
+ "-transport_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_transport_key_curvename);
+ parser.addOption(
+ "-transport_signingalgorithm %s #Algorithm used by the transport cert to sign objects (optional, default is signing_algorithm)",
+ x_transport_signingalgorithm);
// key and algorithm options for storage certificate (overrides default)
- parser.addOption("-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_storage_key_type);
- parser.addOption("-storage_key_size %s #Key Size (optional, for RSA default is key_size)", x_storage_key_size);
- parser.addOption("-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_storage_key_curvename);
-
- // key and algorithm options for audit_signing certificate (overrides default)
- parser.addOption("-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_audit_signing_key_type);
- parser.addOption("-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)", x_audit_signing_key_size);
- parser.addOption("-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_audit_signing_key_curvename);
-
- // key and algorithm options for subsystem certificate (overrides default)
- parser.addOption("-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_subsystem_key_type);
- parser.addOption("-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)", x_subsystem_key_size);
- parser.addOption("-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_subsystem_key_curvename);
-
- // key and algorithm options for sslserver certificate (overrides default)
- parser.addOption("-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)", x_sslserver_key_type);
- parser.addOption("-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)", x_sslserver_key_size);
- parser.addOption("-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)", x_sslserver_key_curvename);
-
- parser.addOption ("-token_name %s #HSM/Software Token name",
- x_token_name);
- parser.addOption ("-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
- x_token_pwd);
-
- parser.addOption ("-agent_key_size %s #Agent Cert Key Size",
- x_agent_key_size);
- parser.addOption ("-agent_key_type %s #Agent Cert Key type [rsa]",
- x_agent_key_type);
- parser.addOption ("-agent_cert_subject %s #Agent Cert Subject ",
- x_agent_cert_subject);
-
- parser.addOption ("-backup_pwd %s #PKCS12 password",
- x_backup_pwd);
-
- parser.addOption("-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)",
- x_backup_fname);
-
- parser.addOption (
- "-drm_transport_cert_subject_name %s #DRM transport cert subject name",
- x_drm_transport_cert_subject_name);
- parser.addOption (
- "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name",
- x_drm_subsystem_cert_subject_name);
- parser.addOption (
- "-drm_storage_cert_subject_name %s #DRM storage cert subject name",
- x_drm_storage_cert_subject_name);
- parser.addOption (
- "-drm_server_cert_subject_name %s #DRM server cert subject name",
- x_drm_server_cert_subject_name);
-
- parser.addOption (
- "-subsystem_name %s #CA subsystem name",
- x_subsystem_name);
+ parser.addOption(
+ "-storage_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_storage_key_type);
+ parser.addOption(
+ "-storage_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_storage_key_size);
+ parser.addOption(
+ "-storage_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_storage_key_curvename);
+
+ // key and algorithm options for audit_signing certificate (overrides
+ // default)
+ parser.addOption(
+ "-audit_signing_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_audit_signing_key_type);
+ parser.addOption(
+ "-audit_signing_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_audit_signing_key_size);
+ parser.addOption(
+ "-audit_signing_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_audit_signing_key_curvename);
+
+ // key and algorithm options for subsystem certificate (overrides
+ // default)
+ parser.addOption(
+ "-subsystem_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_subsystem_key_type);
+ parser.addOption(
+ "-subsystem_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_subsystem_key_size);
+ parser.addOption(
+ "-subsystem_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_subsystem_key_curvename);
+
+ // key and algorithm options for sslserver certificate (overrides
+ // default)
+ parser.addOption(
+ "-sslserver_key_type %s #Key type [RSA,ECC] (optional, default is key_type)",
+ x_sslserver_key_type);
+ parser.addOption(
+ "-sslserver_key_size %s #Key Size (optional, for RSA default is key_size)",
+ x_sslserver_key_size);
+ parser.addOption(
+ "-sslserver_key_curvename %s #Key Curve Name (optional, for ECC default is key_curvename)",
+ x_sslserver_key_curvename);
+ parser.addOption("-token_name %s #HSM/Software Token name",
+ x_token_name);
parser.addOption(
- "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name",
- x_drm_audit_signing_cert_subject_name);
+ "-token_pwd %s #HSM/Software Token password (optional, required for HSM)",
+ x_token_pwd);
- parser.addOption("-clone %s #Clone of another KRA [true, false] (optional, default false)", x_clone);
- parser.addOption("-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)", x_clone_uri);
- parser.addOption("-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)", x_clone_p12_file);
- parser.addOption("-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)", x_clone_p12_passwd);
+ parser.addOption("-agent_key_size %s #Agent Cert Key Size",
+ x_agent_key_size);
+ parser.addOption("-agent_key_type %s #Agent Cert Key type [rsa]",
+ x_agent_key_type);
+ parser.addOption("-agent_cert_subject %s #Agent Cert Subject ",
+ x_agent_cert_subject);
+
+ parser.addOption("-backup_pwd %s #PKCS12 password", x_backup_pwd);
+
+ parser.addOption(
+ "-backup_fname %s #Backup File for p12, (optional, default /root/tmp-kra.p12)",
+ x_backup_fname);
+
+ parser.addOption(
+ "-drm_transport_cert_subject_name %s #DRM transport cert subject name",
+ x_drm_transport_cert_subject_name);
+ parser.addOption(
+ "-drm_subsystem_cert_subject_name %s #DRM subsystem cert subject name",
+ x_drm_subsystem_cert_subject_name);
+ parser.addOption(
+ "-drm_storage_cert_subject_name %s #DRM storage cert subject name",
+ x_drm_storage_cert_subject_name);
+ parser.addOption(
+ "-drm_server_cert_subject_name %s #DRM server cert subject name",
+ x_drm_server_cert_subject_name);
+
+ parser.addOption("-subsystem_name %s #CA subsystem name",
+ x_subsystem_name);
+
+ parser.addOption(
+ "-drm_audit_signing_cert_subject_name %s #DRM audit signing cert subject name",
+ x_drm_audit_signing_cert_subject_name);
+
+ parser.addOption(
+ "-clone %s #Clone of another KRA [true, false] (optional, default false)",
+ x_clone);
+ parser.addOption(
+ "-clone_uri %s #URL of Master KRA to clone. It must have the form https://<hostname>:<EE port> (optional, required if -clone=true)",
+ x_clone_uri);
+ parser.addOption(
+ "-clone_p12_file %s #File containing pk12 keys of Master KRA (optional, required if -clone=true)",
+ x_clone_p12_file);
+ parser.addOption(
+ "-clone_p12_password %s #Password for pk12 file (optional, required if -clone=true)",
+ x_clone_p12_passwd);
// and then match the arguments
- String [] unmatched = null;
- unmatched = parser.matchAllArgs (args,0,ArgParser.EXIT_ON_UNMATCHED);
+ String[] unmatched = null;
+ unmatched = parser.matchAllArgs(args, 0, ArgParser.EXIT_ON_UNMATCHED);
- if (unmatched!=null) {
+ if (unmatched != null) {
System.out.println("ERROR: Argument Mismatch");
System.exit(-1);
}
@@ -1319,31 +1328,42 @@ public class ConfigureDRM
key_type = set_default(x_key_type.value, DEFAULT_KEY_TYPE);
transport_key_type = set_default(x_transport_key_type.value, key_type);
storage_key_type = set_default(x_storage_key_type.value, key_type);
- audit_signing_key_type = set_default(x_audit_signing_key_type.value, key_type);
+ audit_signing_key_type = set_default(x_audit_signing_key_type.value,
+ key_type);
subsystem_key_type = set_default(x_subsystem_key_type.value, key_type);
sslserver_key_type = set_default(x_sslserver_key_type.value, key_type);
key_size = set_default(x_key_size.value, DEFAULT_KEY_SIZE);
transport_key_size = set_default(x_transport_key_size.value, key_size);
storage_key_size = set_default(x_storage_key_size.value, key_size);
- audit_signing_key_size = set_default(x_audit_signing_key_size.value, key_size);
+ audit_signing_key_size = set_default(x_audit_signing_key_size.value,
+ key_size);
subsystem_key_size = set_default(x_subsystem_key_size.value, key_size);
sslserver_key_size = set_default(x_sslserver_key_size.value, key_size);
- key_curvename = set_default(x_key_curvename.value, DEFAULT_KEY_CURVENAME);
- transport_key_curvename = set_default(x_transport_key_curvename.value, key_curvename);
- storage_key_curvename = set_default(x_storage_key_curvename.value, key_curvename);
- audit_signing_key_curvename = set_default(x_audit_signing_key_curvename.value, key_curvename);
- subsystem_key_curvename = set_default(x_subsystem_key_curvename.value, key_curvename);
- sslserver_key_curvename = set_default(x_sslserver_key_curvename.value, key_curvename);
+ key_curvename = set_default(x_key_curvename.value,
+ DEFAULT_KEY_CURVENAME);
+ transport_key_curvename = set_default(x_transport_key_curvename.value,
+ key_curvename);
+ storage_key_curvename = set_default(x_storage_key_curvename.value,
+ key_curvename);
+ audit_signing_key_curvename = set_default(
+ x_audit_signing_key_curvename.value, key_curvename);
+ subsystem_key_curvename = set_default(x_subsystem_key_curvename.value,
+ key_curvename);
+ sslserver_key_curvename = set_default(x_sslserver_key_curvename.value,
+ key_curvename);
if (transport_key_type.equalsIgnoreCase("RSA")) {
- signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_RSA);
+ signing_algorithm = set_default(x_signing_algorithm.value,
+ DEFAULT_KEY_ALGORITHM_RSA);
} else {
- signing_algorithm = set_default(x_signing_algorithm.value, DEFAULT_KEY_ALGORITHM_ECC);
+ signing_algorithm = set_default(x_signing_algorithm.value,
+ DEFAULT_KEY_ALGORITHM_ECC);
}
- transport_signingalgorithm = set_default(x_transport_signingalgorithm.value, signing_algorithm);
+ transport_signingalgorithm = set_default(
+ x_transport_signingalgorithm.value, signing_algorithm);
token_name = x_token_name.value;
token_pwd = x_token_pwd.value;
@@ -1354,15 +1374,13 @@ public class ConfigureDRM
backup_pwd = x_backup_pwd.value;
backup_fname = set_default(x_backup_fname.value, "/root/tmp-kra.p12");
-
- drm_transport_cert_subject_name =
- x_drm_transport_cert_subject_name.value ;
- drm_subsystem_cert_subject_name =
- x_drm_subsystem_cert_subject_name.value;
- drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value ;
- drm_server_cert_subject_name = x_drm_server_cert_subject_name.value ;
- drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value;
-
+
+ drm_transport_cert_subject_name = x_drm_transport_cert_subject_name.value;
+ drm_subsystem_cert_subject_name = x_drm_subsystem_cert_subject_name.value;
+ drm_storage_cert_subject_name = x_drm_storage_cert_subject_name.value;
+ drm_server_cert_subject_name = x_drm_server_cert_subject_name.value;
+ drm_audit_signing_cert_subject_name = x_drm_audit_signing_cert_subject_name.value;
+
subsystem_name = x_subsystem_name.value;
if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) {
@@ -1375,12 +1393,12 @@ public class ConfigureDRM
clone_p12_passwd = x_clone_p12_passwd.value;
boolean st = ca.ConfigureDRMInstance();
-
+
if (!st) {
System.out.println("ERROR: unable to create DRM");
System.exit(-1);
}
-
+
System.out.println("Certificate System - DRM Instance Configured");
System.exit(0);
}
generated by cgit (git 2.34.1) at 2024-05-05 08:43:01 +0000