3567N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
3349N/A ! The contents of this file are subject to the terms of the 3349N/A ! Common Development and Distribution License, Version 1.0 only 3349N/A ! (the "License"). You may not use this file except in compliance 3349N/A ! See the License for the specific language governing permissions 3349N/A ! and limitations under the License. 3349N/A ! When distributing Covered Code, include this CDDL HEADER in each 3349N/A ! If applicable, add the following below this CDDL HEADER, with the 3349N/A ! fields enclosed by brackets "[]" replaced with your own identifying 3349N/A ! Portions Copyright [yyyy] [name of copyright owner] 3349N/A ! Copyright 2007-2010 Sun Microsystems, Inc. 3349N/A <!-- **************************************************** --> 3349N/A <!-- generate a certificate --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="genCertificate">
3349N/A This function generates a server certificate
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dname" type="optional" default="'cn=server,O=Sun Microsystems,C=US'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
3349N/A Path for the key store file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
3349N/A Password to protect the contents of the key store
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keypass" type="optional" default="'servercert'">
3349N/A Password to protect the private key on the key store: keypass
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
3349N/A The storetype. can be JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </
function-
arg-
description>
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A <
call function="'runCommand'">
3349N/A { 'name' : 'Generate a Certificate',
3349N/A 'arguments' : '-genkey -alias %s -keyalg rsa -dname "%s" -keystore %s -storepass %s -keypass %s -storetype %s ' % (certAlias,dname,keystore,storepass,keypass,storetype),
3349N/A <
return>STAXResult</
return>
3349N/A <!-- **************************************************** --> 3349N/A <!-- Self signed a certificate --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="SelfSignCertificate">
3349N/A This function self-signs a certificate
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
3349N/A Path for the key store file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
3349N/A Password to protect the contents of the key store
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keypass" type="optional" default="'servercert'">
3349N/A Password to protect the private key on the key store: keypass
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
3349N/A The storetype. can be JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </
function-
arg-
description>
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A <
call function="'runCommand'" >
3349N/A { 'name' : 'Generate a Self-Signed Server Certificate',
3349N/A 'arguments' : '-selfcert -alias %s -keystore "%s" -keypass "%s" -storepass "%s" -storetype "%s" ' % (certAlias,keystore,keypass,storepass,storetype),
3349N/A <
return>STAXResult</
return>
3349N/A <!-- **************************************************** --> 3349N/A <!-- Export a certificate --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="ExportCertificate">
3349N/A This function exports a certificate
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
3349N/A Path for the key store file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
3349N/A Password to protect the contents of the key store
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="format" type="optional">
3349N/A Format of the certificate. By default, it's in binary encoding
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
3349N/A The storetype. can be JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="outputfile" type="required">
3349N/A Output file to store certificate
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </
function-
arg-
description>
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A STAFCmdParams='-%s' % (format)
3349N/A <
call function="'runCommand'">
3349N/A { 'name' : 'Export a Certificate',
3349N/A 'arguments' : '-export -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s %s' % (certAlias,outputfile,keystore,storepass,storetype,STAFCmdParams),
3349N/A <
return>STAXResult</
return>
3349N/A <!-- **************************************************** --> 3349N/A <!-- Import a certificate --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="ImportCertificate">
3349N/A This function imports a certificate
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
3349N/A Path for the key store file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
3349N/A Password to protect the contents of the key store
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
3349N/A The storetype. can be JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="inputfile" type="required">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </
function-
arg-
description>
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A <
call function="'runCommand'">
3349N/A { 'name' : 'Import a Certificate',
3349N/A 'arguments' : '-import -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s -noprompt' % (certAlias,inputfile,keystore,storepass,storetype),
3349N/A <
return>STAXResult</
return>
3349N/A <!-- **************************************************** --> 3349N/A <!-- List a certificate --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="ListCertificate">
3349N/A This function lists a certificate
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
3349N/A Path for the key store file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
3349N/A Password to protect the contents of the key store
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </
function-
arg-
description>
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A STAFCmdParams=' '.join(STAFCmdParamsList)
3349N/A <
call function="'runCommand'">
3349N/A { 'name' : 'List a Certificate',
3349N/A 'arguments' : STAFCmdParams ,
3349N/A <
return>STAXResult</
return>
3349N/A <!-- **************************************************** --> 3349N/A <!-- Add certificate to an attribute --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="addCertificate">
3349N/A This function add certificate to an user attribute
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="user_cert_file_rfc" type="required" default="''">
3349N/A Path to certificate RFC file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="userdn" type="optional" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="ldif_path" type="required" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
call function="'getFile'">
3349N/A 'location' : STAF_REMOTE_HOSTNAME,
3349N/A 'filename' : user_cert_file_rfc
3349N/A 'Certificate contents:\n %s' % cmdResult
3349N/A <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE --> 3349N/A certList=STAXResult[1].split('\n')
3349N/A outfile = open(addCertificateldif,"w")
3349N/A <
call function="'copyFile'">
3349N/A 'location' : STAXServiceMachine,
3349N/A 'remotehost' : STAF_REMOTE_HOSTNAME
3349N/A <
call function="'modifyEntry'">
3349N/A 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
3349N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
3349N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
3349N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
3349N/A 'entryToBeModified' : ldif_path,
3349N/A <!-- **************************************************** --> 3349N/A <!-- get MD5 and SHA1 values --> 3349N/A <!-- **************************************************** --> 3349N/A <
function name="getFingerprint">
3349N/A This function returns the fingerprint MD5 or SHA1
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
3349N/A Path for the key store file
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
3349N/A Password to protect the contents of the key store
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="fingerprint" type="optional" default="'MD5'">
3349N/A fingerprint. can be MD5 or SHA1
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </
function-
arg-
description>
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A <
call function="'runCommand'">
3349N/A { 'name' : 'getFingerprint',
3349N/A 'arguments' : ' -list -v -keystore "%s" -storepass "%s" -alias "%s"' % (keystore,storepass,certAlias),
3349N/A <
return>STAXResult</
return>
3349N/A <!-- ################################################## --> 3349N/A <!-- ################################################## --> 3349N/A <
function name="configureSSL">
3349N/A This function makes the configuration changes for SSL
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="filepath"/>
3349N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
3349N/A Directory server hostname or IP address
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A Directory server admin port number
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="Port number"/>
3349N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="DN"/>
3349N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
3349N/A Keystore type : JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="keystorePin" type="optional" default="'servercert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="customKeyMgr" type="optional" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="customTrustMgr" type="optional" default="''">
3349N/A Name for a new trust manager
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="extraParams" type="optional">
3349N/A Optional extra parameters for specific test cases
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <!--- configure Key Manager Provider --> 3349N/A 'Configure Key Manager Provider'
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-key-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : customKeyMgr ,
3349N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-key-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : keystoreType,
3349N/A 'optionsString' : '--set key-store-file:
config/
keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
3349N/A <!--- configure Trust Manager Provider --> 3349N/A 'Configure Trust Manager Provider'
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-trust-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : customTrustMgr ,
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : 'Blind Trust',
3349N/A 'optionsString' : '--set enabled:true' ,
3349N/A <!--- Enable LDAPS Connection Handler --> 3349N/A 'Enabling LDAPS Connection Handler - Keystore type'
3349N/A option1='--set ssl-cert-nickname:%s' % certAlias
3349N/A option2='--set trust-manager-provider:"%s"' % (customTrustMgr)
3349N/A option2='--set trust-manager-provider:"Blind Trust"'
3349N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
3349N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
3349N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
3349N/A option5='--set enabled:true --set use-ssl:true'
3349N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-connection-handler-prop',
3349N/A 'objectType' : 'handler-name' ,
3349N/A 'objectName' : 'LDAPS Connection Handler',
3349N/A 'optionsString' : optionsString,
3349N/A <!-- ################################################## --> 3349N/A <!-- ################################################## --> 3349N/A <
function name="configureTLS">
3349N/A This function makes the configuration changes for startTLS
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="filepath"/>
3349N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
3349N/A Directory server hostname or IP address
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A Directory server admin port number
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="Port number"/>
3349N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="DN"/>
3349N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="keystorePin" type="optional" default="'servercert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="customKeyMgr" type="optional" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
3349N/A Keystore type : JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="extraParams" type="optional">
3349N/A Optional extra parameters for specific test cases
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <!--- configure Key Manager Provider --> 3349N/A 'Configure Key Manager Provider'
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-key-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : customKeyMgr ,
3349N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3349N/A 'dsInstanceDn' : dsInstanceDn,
3349N/A 'dsInstancePswd' : dsInstancePswd,
3349N/A 'subcommand' : 'set-key-manager-provider-prop',
3349N/A 'objectType' : 'provider-name',
3349N/A 'objectName' : keystoreType,
3349N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
3349N/A <!--- configure Trust Manager Provider --> 3349N/A 'Configure Trust Manager Provider'
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3349N/A 'dsInstanceDn' : dsInstanceDn,
3349N/A 'dsInstancePswd' : dsInstancePswd,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop',
3349N/A 'objectType' : 'provider-name',
3349N/A 'objectName' : 'Blind Trust',
3349N/A 'optionsString' : '--set enabled:true',
3349N/A option1='--set ssl-cert-nickname:%s' % certAlias
3349N/A option2='--set trust-manager-provider:"Blind Trust" '
3349N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
3349N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
3349N/A option4='--set allow-start-tls:true'
3349N/A optionsString='%s %s %s %s' % (option1,option2,option3,option4)
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3349N/A 'dsInstanceDn' : dsInstanceDn,
3349N/A 'dsInstancePswd' : dsInstancePswd,
3349N/A 'subcommand' : 'set-connection-handler-prop',
3349N/A 'objectType' : 'handler-name',
3349N/A 'objectName' : 'LDAP Connection Handler',
3349N/A 'optionsString' : optionsString,
3349N/A <!-- ################################################## --> 3349N/A <!-- ################################################## --> 3349N/A <
function name="configureSASL">
3349N/A This function makes the configuration changes for SASL
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="filepath"/>
3349N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
3349N/A Directory server hostname or IP address
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A Directory server admin port number
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="Port number"/>
3349N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="DN"/>
3349N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="keystorePin" type="optional" default="'keystorepass'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
3349N/A Keystore type : JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="createTrustMgr" type="optional" default="False">
3349N/A Create or enable custom key Manager.
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="enum">
3349N/A <
function-
arg-
property-
description>
3349N/A This argument can only have boolean values
3349N/A </
function-
arg-
property-
description>
3349N/A <
function-
arg-
property-
data type="choice" value="True"/>
3349N/A <
function-
arg-
property-
data type="choice" value="False"/>
3349N/A <
function-
arg-
def name="createKeyMgr" type="optional" default="False">
3349N/A Create or enable custom key Manager.
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="enum">
3349N/A <
function-
arg-
property-
description>
3349N/A This argument can only have boolean values
3349N/A </
function-
arg-
property-
description>
3349N/A <
function-
arg-
property-
data type="choice" value="True"/>
3349N/A <
function-
arg-
property-
data type="choice" value="False"/>
3349N/A <
function-
arg-
def name="KeyMgr" type="optional" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="trustMgr" type="optional" default="''">
3349N/A Name for a new trust manager
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="truststoreType" type="optional" default="'JKS'">
3349N/A Truststore type : JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="truststorePin" type="optional" default="'truststorepass'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="certMapper" type="optional" default="'Subject Equals DN'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="handlerName" type="optional" default="'EXTERNAL'">
3349N/A SASL mechanism handler name
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="optionSaSL" type="optional" default="''">
3349N/A SASL mechanism handler options
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="optionMapper" type="optional" default="''">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="extraParams" type="optional">
3349N/A Optional extra parameters for specific test cases
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <!--- configure Key Manager Provider --> 3349N/A 'Configure Key Manager Provider'
3349N/A <
if expr="createKeyMgr == True">
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-key-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'optionsString' : '--set key-store-file:%s --set key-store-pin:%s --set key-store-type:%s --type file-based --set enabled:true --no-prompt ' % (keystoreFile,keystorePin,truststoreType),
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-key-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
3349N/A <!--- configure Trust Manager Provider --> 3349N/A 'Configure Trust Manager Provider'
3349N/A <
if expr="createTrustMgr == True">
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-trust-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --type file-based --set trust-store-type:%s --set enabled:true ' %(truststoreFile,truststorePin,truststoreType),
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --set enabled:true' %(truststoreFile,truststorePin),
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : 'Blind Trust',
3349N/A 'optionsString' : '--set enabled:true' ,
3349N/A <!--- Enable LDAPS Connection Handler --> 3349N/A 'Enabling LDAPS Connection Handler - Keystore type'
3349N/A option1='--set ssl-cert-nickname:%s' % certAlias
3349N/A option2='--set trust-manager-provider:"%s"' % (trustMgr)
3349N/A option2='--set trust-manager-provider:"Blind Trust"'
3349N/A option3='--set key-manager-provider:"%s"' % (KeyMgr)
3349N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
3349N/A option5='--set enabled:true --set use-ssl:true --set ssl-client-auth-policy:required'
3349N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-connection-handler-prop',
3349N/A 'objectType' : 'handler-name' ,
3349N/A 'objectName' : 'LDAPS Connection Handler',
3349N/A 'optionsString' : optionsString,
3349N/A <!--- Setting the mapper --> 3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-certificate-mapper-prop',
3349N/A 'objectType' : 'mapper-name' ,
3349N/A 'optionsString' : '--set enabled:true --no-prompt %s'%optionMapper,
3349N/A <!--- Setting the sasl mechanism --> 3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-sasl-mechanism-handler-prop',
3349N/A 'objectType' : 'handler-name' ,
3349N/A 'objectName' : handlerName,
3349N/A 'optionsString' : '--set certificate-mapper:"%s" --set enabled:true --no-prompt %s'%(certMapper,optionSaSL),
3349N/A <!-- ################################################## --> 3349N/A <!-- configure SSL and TLS --> 3349N/A <!-- ################################################## --> 3349N/A <
function name="configureSSL_TLS">
3349N/A This function makes the configuration changes for SSL and TLS
3349N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
3349N/A Pathname to installation root
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="filepath"/>
3349N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
3349N/A Directory server hostname or IP address
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="hostname"/>
3349N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A Directory server admin port number
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="Port number"/>
3349N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="DN"/>
3349N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
3349N/A Keystore type : JKS or PKCS12
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
def name="keystorePin" type="optional" default="'servercert'">
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <
function-
arg-
def name="extraParams" type="optional">
3349N/A Optional extra parameters for specific test cases
3349N/A </
function-
arg-
description>
3349N/A <
function-
arg-
property name="type" value="string"/>
3349N/A <!--- configure Key Manager Provider --> 3349N/A 'Configure Key Manager Provider'
3349N/A <
call function="'dsconfig'">
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-key-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : keystoreType,
3349N/A 'optionsString' : '--set key-store-file:
config/
keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
3349N/A <!--- configure Trust Manager Provider --> 'Configure Trust Manager Provider'
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-trust-manager-provider-prop' ,
'objectType' : 'provider-name' ,
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:true' ,
<!--- Enable LDAPS Connection Handler --> 'Enabling LDAPS Connection Handler - Keystore type'
option1='--set ssl-cert-nickname:%s' % certAlias
option2='--set trust-manager-provider:"Blind Trust"'
option3='--set key-manager-provider:"%s"' % (keystoreType)
option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
option5='--set enabled:true --set use-ssl:true'
optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAPS Connection Handler',
'optionsString' : optionsString,
<!--- Enable StartTLS --> option1='--set ssl-cert-nickname:%s' % certAlias
option2='--set trust-manager-provider:"Blind Trust" '
option3='--set key-manager-provider:"%s"' % (keystoreType)
option4='--set allow-start-tls:true'
optionsString='%s %s %s %s' % (option1,option2,option3,option4)
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAP Connection Handler',
'optionsString' : optionsString,
<!-- ################################################## --> <!-- ################################################## --> <
function name="unconfigureSSL">
This function reverses the configuration changes for SSL
<
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
<
function-
arg-
description>
Pathname to installation root
</
function-
arg-
description>
<
function-
arg-
property name="type" value="filepath"/>
<
function-
arg-
def name="dsInstanceHost" type="optional">
<
function-
arg-
description>
Directory server hostname or IP address
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
<
function-
arg-
description>
Directory server admin port number
</
function-
arg-
description>
<
function-
arg-
property name="type" value="Port number"/>
<
function-
arg-
def name="dsInstanceDn" type="optional">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="DN"/>
<
function-
arg-
def name="dsInstancePswd" type="optional">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
<
function-
arg-
description>
Keystore type : JKS or PKCS12
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="customKeyMgr" type="optional" default="''">
<
function-
arg-
description>
Name for a new key manager
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="customTrustMgr" type="optional" default="''">
<
function-
arg-
description>
Name for a new trust manager
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="extraParams" type="optional">
<
function-
arg-
description>
Optional extra parameters for specific test cases
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<!--- Disable LDAPS Connection Handler --> 'Disabling LDAPS Connection Handler'
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAPS Connection Handler',
'optionsString' : '--set enabled:false --set use-ssl:false',
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAPS Connection Handler',
'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
<!--- Disable SSL Trust Manager Provider --> 'Disabling SSL Trust Manager Provider'
<
call function="'dsconfig'">
{ 'location' : location ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'delete-trust-manager-provider' ,
'objectType' : 'provider-name' ,
'objectName' : customTrustMgr ,
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-trust-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:false',
<!--- Disable Key Manager Provider --> 'Disabling Key Manager Provider'
<
call function="'dsconfig'">
{ 'location' : location ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'delete-key-manager-provider' ,
'objectType' : 'provider-name' ,
'objectName' : customKeyMgr ,
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-key-manager-provider-prop' ,
'objectType' : 'provider-name' ,
'objectName' : keystoreType,
'optionsString' : '--set enabled:false',
<!-- ################################################## --> <!-- ################################################## --> <
function name="unconfigureTLS">
This function reverses the configuration changes for startTLS
<
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
<
function-
arg-
description>
Pathname to installation root
</
function-
arg-
description>
<
function-
arg-
property name="type" value="filepath"/>
<
function-
arg-
def name="dsInstanceHost" type="optional">
<
function-
arg-
description>
Directory server hostname or IP address
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
<
function-
arg-
description>
Directory server admin port number
</
function-
arg-
description>
<
function-
arg-
property name="type" value="Port number"/>
<
function-
arg-
def name="dsInstanceDn" type="optional">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="DN"/>
<
function-
arg-
def name="dsInstancePswd" type="optional">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="customKeyMgr" type="optional" default="''">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
<
function-
arg-
description>
Keystore type : JKS or PKCS12
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="extraParams" type="optional">
<
function-
arg-
description>
Optional extra parameters for specific test cases
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<!--- Disable StartTLS --> <
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAP Connection Handler',
'optionsString' : ' --set allow-start-tls:false',
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAP Connection Handler',
'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
<!--- Disable SSL Trust Manager Provider --> 'Disabling SSL Trust Manager Provider'
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-trust-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:false',
<!--- Disable Key Manager Provider --> 'Disabling Key Manager Provider'
<
call function="'dsconfig'">
{ 'location' : location ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'delete-key-manager-provider' ,
'objectType' : 'provider-name' ,
'objectName' : customKeyMgr ,
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-key-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : keystoreType,
'optionsString' : '--set enabled:false',
<!-- ################################################## --> <!-- Unconfigure SSL and TLS --> <!-- ################################################## --> <
function name="unconfigureSSL_TLS">
This function reverses the configuration changes for SSL and TLS
<
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
<
function-
arg-
description>
Pathname to installation root
</
function-
arg-
description>
<
function-
arg-
property name="type" value="filepath"/>
<
function-
arg-
def name="dsInstanceHost" type="optional">
<
function-
arg-
description>
Directory server hostname or IP address
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
<
function-
arg-
description>
Directory server admin port number
</
function-
arg-
description>
<
function-
arg-
property name="type" value="Port number"/>
<
function-
arg-
def name="dsInstanceDn" type="optional">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="DN"/>
<
function-
arg-
def name="dsInstancePswd" type="optional">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
<
function-
arg-
description>
Keystore type : JKS or PKCS12
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="extraParams" type="optional">
<
function-
arg-
description>
Optional extra parameters for specific test cases
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<!--- Disable LDAPS Connection Handler --> 'Disabling LDAPS Connection Handler'
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAPS Connection Handler',
'optionsString' : '--set enabled:false --set use-ssl:false',
<!--- Disable StartTLS --> <
call function="'dsconfig'">
{ 'location' : location ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAP Connection Handler',
'optionsString' : ' --set allow-start-tls:false',
<!--- Disable SSL Trust Manager Provider --> 'Disabling SSL Trust Manager Provider'
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-trust-manager-provider-prop' ,
'objectType' : 'provider-name' ,
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:false' ,
<!--- Disable Key Manager Provider --> 'Disabling Key Manager Provider'
<
call function="'dsconfig'">
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-key-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : keystoreType,
'optionsString' : '--set enabled:false',
<
function name="createStrongUserEntries" scope="local">
This creates strongAuthenticationUser entries with userCertificates
<
function-
arg-
def name="location" type="required">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="hostname"/>
<
function-
arg-
def name="certificate" type="required">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="string"/>
<
function-
arg-
def name="filename" type="required">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="filename"/>
<
function-
arg-
def name="userdn" type="required">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="DN"/>
<
function-
arg-
def name="localLdifFile" type="required">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="filename"/>
<
function-
arg-
def name="remoteLdifFile" type="required">
<
function-
arg-
description>
</
function-
arg-
description>
<
function-
arg-
property name="type" value="filename"/>
<!-- Get a certificate from a file in PEM format --> <
call function="'getFile'">
'Certificate contents:\n %s' % cmdResult
<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE --> certList=STAXResult[1].split('\n')
<!-- Create ldif for users entries and add userCertificate --> <
message> '---- Create User entry : %s----' % userdn</
message>
<!-- Write out the ldif of users entry--> outfile = open(localLdifFile,"w")
<!-- Copy the ldif file containing userCertificate to remote host --> 'Copy ldif (%s) file to user entry %s to %s' % (localLdifFile,userdn,remoteLdifFile)
<
call function="'copyFile'">
{ 'location' : STAXServiceMachine,
'srcfile' : localLdifFile,
'destfile' : remoteLdifFile,
<!-- Add the users entry into the LDAP server --> <
call function="'ldapModifyWithScript'">
'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsFilename' : remoteLdifFile