3567N/A<?xml version="1.0" encoding="UTF-8" standalone="no"?>
3349N/A<!DOCTYPE stax SYSTEM "/stax.dtd">
3349N/A<!--
3349N/A ! CDDL HEADER START
3349N/A !
3349N/A ! The contents of this file are subject to the terms of the
3349N/A ! Common Development and Distribution License, Version 1.0 only
3349N/A ! (the "License"). You may not use this file except in compliance
3349N/A ! with the License.
3349N/A !
3349N/A ! You can obtain a copy of the license at legal-notices/CDDLv1_0.txt
3349N/A ! or http://forgerock.org/license/CDDLv1.0.html.
3349N/A ! See the License for the specific language governing permissions
3349N/A ! and limitations under the License.
3349N/A !
3349N/A ! When distributing Covered Code, include this CDDL HEADER in each
3349N/A ! file and include the License file at legal-notices/CDDLv1_0.txt.
3349N/A ! If applicable, add the following below this CDDL HEADER, with the
3349N/A ! fields enclosed by brackets "[]" replaced with your own identifying
3349N/A ! information:
3349N/A ! Portions Copyright [yyyy] [name of copyright owner]
3349N/A !
3349N/A ! CDDL HEADER END
3349N/A !
3349N/A ! Copyright 2007-2010 Sun Microsystems, Inc.
3349N/A ! -->
3349N/A<stax>
3349N/A <!-- **************************************************** -->
3349N/A <!-- generate a certificate -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="genCertificate">
3349N/A <function-prolog>
3349N/A This function generates a server certificate
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dname" type="optional" default="'cn=server,O=Sun Microsystems,C=US'">
3349N/A <function-arg-description>
3349N/A Certificate subject
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
3349N/A <function-arg-description>
3349N/A Path for the key store file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the contents of the key store
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keypass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the private key on the key store: keypass
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A The storetype. can be JKS or PKCS12
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="expectedRC" type="optional" default="0">
3349N/A <function-arg-description>
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A <!-- Local variables -->
3349N/A <script>
3349N/A if dsPath:
3349N/A dsConfigPath='%s/config' % (dsPath)
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A </script>
3349N/A <call function="'runCommand'">
3349N/A { 'name' : 'Generate a Certificate',
3349N/A 'location' : location,
3349N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
3349N/A 'arguments' : '-genkey -alias %s -keyalg rsa -dname "%s" -keystore %s -storepass %s -keypass %s -storetype %s ' % (certAlias,dname,keystore,storepass,keypass,storetype),
3349N/A 'path' : dsConfigPath,
3349N/A 'expectedRC': expectedRC
3349N/A }
3349N/A </call>
3349N/A <return>STAXResult</return>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A <!-- **************************************************** -->
3349N/A <!-- Self signed a certificate -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="SelfSignCertificate">
3349N/A <function-prolog>
3349N/A This function self-signs a certificate
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
3349N/A <function-arg-description>
3349N/A Path for the key store file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the contents of the key store
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keypass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the private key on the key store: keypass
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A The storetype. can be JKS or PKCS12
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="expectedRC" type="optional" default="0">
3349N/A <function-arg-description>
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A <!-- Local variables -->
3349N/A <script>
3349N/A if dsPath:
3349N/A dsConfigPath='%s/config' % (dsPath)
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A </script>
3349N/A
3349N/A <call function="'runCommand'" >
3349N/A { 'name' : 'Generate a Self-Signed Server Certificate',
3349N/A 'location' : location,
3349N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
3349N/A 'arguments' : '-selfcert -alias %s -keystore "%s" -keypass "%s" -storepass "%s" -storetype "%s" ' % (certAlias,keystore,keypass,storepass,storetype),
3349N/A 'path' : dsConfigPath,
3349N/A 'expectedRC': expectedRC
3349N/A }
3349N/A </call>
3349N/A <return>STAXResult</return>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A <!-- **************************************************** -->
3349N/A <!-- Export a certificate -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="ExportCertificate">
3349N/A <function-prolog>
3349N/A This function exports a certificate
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
3349N/A <function-arg-description>
3349N/A Path for the key store file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the contents of the key store
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="format" type="optional">
3349N/A <function-arg-description>
3349N/A Format of the certificate. By default, it's in binary encoding
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A The storetype. can be JKS or PKCS12
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="outputfile" type="required">
3349N/A <function-arg-description>
3349N/A Output file to store certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="expectedRC" type="optional" default="0">
3349N/A <function-arg-description>
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A
3349N/A <sequence>
3349N/A <!-- Local variables -->
3349N/A <script>
3349N/A if dsPath:
3349N/A dsConfigPath='%s/config' % (dsPath)
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A
3349N/A STAFCmdParams=''
3349N/A
3349N/A if format:
3349N/A STAFCmdParams='-%s' % (format)
3349N/A </script>
3349N/A
3349N/A <call function="'runCommand'">
3349N/A { 'name' : 'Export a Certificate',
3349N/A 'location' : location,
3349N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
3349N/A 'arguments' : '-export -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s %s' % (certAlias,outputfile,keystore,storepass,storetype,STAFCmdParams),
3349N/A 'path' : dsConfigPath,
3349N/A 'expectedRC' : expectedRC
3349N/A }
3349N/A </call>
3349N/A <return>STAXResult</return>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A <!-- **************************************************** -->
3349N/A <!-- Import a certificate -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="ImportCertificate">
3349N/A <function-prolog>
3349N/A This function imports a certificate
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
3349N/A <function-arg-description>
3349N/A Path for the key store file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the contents of the key store
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A The storetype. can be JKS or PKCS12
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="inputfile" type="required">
3349N/A <function-arg-description>
3349N/A Certificate to import
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="expectedRC" type="optional" default="0">
3349N/A <function-arg-description>
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A
3349N/A <!-- Local variables -->
3349N/A <script>
3349N/A if dsPath:
3349N/A dsConfigPath='%s/config' % (dsPath)
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A </script>
3349N/A
3349N/A <call function="'runCommand'">
3349N/A { 'name' : 'Import a Certificate',
3349N/A 'location' : location,
3349N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
3349N/A 'arguments' : '-import -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s -noprompt' % (certAlias,inputfile,keystore,storepass,storetype),
3349N/A 'path' : dsConfigPath,
3349N/A 'expectedRC' : expectedRC
3349N/A }
3349N/A </call>
3349N/A <return>STAXResult</return>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A <!-- **************************************************** -->
3349N/A <!-- List a certificate -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="ListCertificate">
3349N/A <function-prolog>
3349N/A This function lists a certificate
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
3349N/A <function-arg-description>
3349N/A Path for the key store file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the contents of the key store
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="expectedRC" type="optional" default="0">
3349N/A <function-arg-description>
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A
3349N/A <sequence>
3349N/A <!-- Local variables -->
3349N/A <script>
3349N/A if dsPath:
3349N/A dsConfigPath='%s/config' % (dsPath)
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A
3349N/A STAFCmdParamsList=[]
3349N/A STAFCmdParams=''
3349N/A
3349N/A STAFCmdParamsList.append('-list')
3349N/A STAFCmdParamsList.append('-v')
3349N/A
3349N/A if certAlias:
3349N/A STAFCmdParamsList.append('-alias %s' % certAlias)
3349N/A
3349N/A if keystore:
3349N/A STAFCmdParamsList.append('-keystore %s' % keystore)
3349N/A
3349N/A if storepass:
3349N/A STAFCmdParamsList.append('-storepass %s' % storepass)
3349N/A
3349N/A STAFCmdParams=' '.join(STAFCmdParamsList)
3349N/A
3349N/A </script>
3349N/A
3349N/A <call function="'runCommand'">
3349N/A { 'name' : 'List a Certificate',
3349N/A 'location' : location,
3349N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
3349N/A 'arguments' : STAFCmdParams ,
3349N/A 'path' : dsConfigPath,
3349N/A 'expectedRC' : expectedRC
3349N/A }
3349N/A </call>
3349N/A <return>STAXResult</return>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A <!-- **************************************************** -->
3349N/A <!-- Add certificate to an attribute -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="addCertificate">
3349N/A <function-prolog>
3349N/A This function add certificate to an user attribute
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="user_cert_file_rfc" type="required" default="''">
3349N/A <function-arg-description>
3349N/A Path to certificate RFC file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="userdn" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A User DN to modify
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="ldif_path" type="required" default="''">
3349N/A <function-arg-description>
3349N/A Path to the ldif file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A
3349N/A <call function="'getFile'">
3349N/A {
3349N/A 'location' : STAF_REMOTE_HOSTNAME,
3349N/A 'filename' : user_cert_file_rfc
3349N/A }
3349N/A </call>
3349N/A
3349N/A <message>
3349N/A 'Certificate contents:\n %s' % cmdResult
3349N/A </message>
3349N/A
3349N/A <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
3349N/A <script>
3349N/A certList=STAXResult[1].split('\n')
3349N/A ret_str = ""
3349N/A for line in certList:
3349N/A index_cert = line.find("CERTIFICATE")
3349N/A if index_cert == -1:
3349N/A ret_str+=line.strip()
3349N/A </script>
3349N/A
3349N/A <script>
3349N/A listAttr = []
3349N/A listAttr.append('dn: %s' %userdn)
3349N/A listAttr.append('changetype: modify')
3349N/A listAttr.append('add: objectclass')
3349N/A listAttr.append('objectclass:ds-certificate-user')
3349N/A listAttr.append('-')
3349N/A listAttr.append('add: userCertificate;binary')
3349N/A listAttr.append('userCertificate;binary:: %s' % ret_str)
3349N/A </script>
3349N/A
3349N/A <message>
3349N/A 'Create %s/client.ldif' % local.temp
3349N/A </message>
3349N/A <script>
3349N/A addCertificateldif='%s/client.ldif' % local.temp
3349N/A outfile = open(addCertificateldif,"w")
3349N/A for line in listAttr:
3349N/A outfile.write("%s\n" % line)
3349N/A outfile.close()
3349N/A </script>
3349N/A
3349N/A <message>
3349N/A 'Copy %s/client.ldif to %s' % (local.temp,ldif_path)
3349N/A </message>
3349N/A <call function="'copyFile'">
3349N/A {
3349N/A 'location' : STAXServiceMachine,
3349N/A 'srcfile' : '%s/client.ldif' % local.temp,
3349N/A 'destfile' : ldif_path,
3349N/A 'remotehost' : STAF_REMOTE_HOSTNAME
3349N/A }
3349N/A </call>
3349N/A
3349N/A <call function="'modifyEntry'">
3349N/A {
3349N/A 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
3349N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
3349N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
3349N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
3349N/A 'entryToBeModified' : ldif_path,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A
3349N/A
3349N/A
3349N/A
3349N/A
3349N/A <!-- **************************************************** -->
3349N/A <!-- get MD5 and SHA1 values -->
3349N/A <!-- **************************************************** -->
3349N/A <function name="getFingerprint">
3349N/A <function-prolog>
3349N/A This function returns the fingerprint MD5 or SHA1
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
3349N/A <function-arg-description>
3349N/A Path for the key store file
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Password to protect the contents of the key store
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="fingerprint" type="optional" default="'MD5'">
3349N/A <function-arg-description>
3349N/A fingerprint. can be MD5 or SHA1
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="expectedRC" type="optional" default="0">
3349N/A <function-arg-description>
3349N/A Expected return code value. Default value is 0.
3349N/A Wildcard 'noCheck' to not check the RC
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A <!-- Local variables -->
3349N/A <script>
3349N/A if dsPath:
3349N/A dsConfigPath='%s/config' % (dsPath)
3349N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
3349N/A </script>
3349N/A <call function="'runCommand'">
3349N/A { 'name' : 'getFingerprint',
3349N/A 'location' : location,
3349N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
3349N/A 'arguments' : ' -list -v -keystore "%s" -storepass "%s" -alias "%s"' % (keystore,storepass,certAlias),
3349N/A 'path' : dsConfigPath,
3349N/A 'expectedRC': expectedRC
3349N/A }
3349N/A </call>
3349N/A <return>STAXResult</return>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A <!-- ################################################## -->
3349N/A <!-- configure SSL -->
3349N/A <!-- ################################################## -->
3349N/A <function name="configureSSL">
3349N/A <function-prolog>
3349N/A This function makes the configuration changes for SSL
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="filepath"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceHost" type="optional">
3349N/A <function-arg-description>
3349N/A Directory server hostname or IP address
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A <function-arg-description>
3349N/A Directory server admin port number
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="Port number"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceDn" type="optional">
3349N/A <function-arg-description>
3349N/A Bind DN
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="DN"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstancePswd" type="optional">
3349N/A <function-arg-description>
3349N/A Bind password
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreFile" type="optional" default="'config/keystore'">
3349N/A <function-arg-description>
3349N/A Keystore File
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A Keystore type : JKS or PKCS12
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystorePin" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Keystore pin
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="customKeyMgr" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Name for a new key manager
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="customTrustMgr" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Name for a new trust manager
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="extraParams" type="optional">
3349N/A <function-arg-description>
3349N/A Optional extra parameters for specific test cases
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A
3349N/A <!--- configure Key Manager Provider -->
3349N/A <message>
3349N/A 'Configure Key Manager Provider'
3349N/A </message>
3349N/A
3349N/A <if expr="len(customKeyMgr.strip()) != 0">
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-key-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : customKeyMgr ,
3349N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A <else>
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-key-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : keystoreType,
3349N/A 'optionsString' : '--set key-store-file:config/keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </else>
3349N/A </if>
3349N/A
3349N/A <!--- configure Trust Manager Provider -->
3349N/A <message>
3349N/A 'Configure Trust Manager Provider'
3349N/A </message>
3349N/A
3349N/A <if expr="len(customTrustMgr.strip()) != 0">
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-trust-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : customTrustMgr ,
3349N/A 'optionsString' : '--type blind --set enabled:true --set java-class:org.opends.server.extensions.BlindTrustManagerProvider' ,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A <else>
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : 'Blind Trust',
3349N/A 'optionsString' : '--set enabled:true' ,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </else>
3349N/A </if>
3349N/A
3349N/A
3349N/A <!--- Enable LDAPS Connection Handler -->
3349N/A <message>
3349N/A 'Enabling LDAPS Connection Handler - Keystore type'
3349N/A </message>
3349N/A
3349N/A <script>
3349N/A option1='--set ssl-cert-nickname:%s' % certAlias
3349N/A if customTrustMgr:
3349N/A option2='--set trust-manager-provider:"%s"' % (customTrustMgr)
3349N/A else:
3349N/A option2='--set trust-manager-provider:"Blind Trust"'
3349N/A if customKeyMgr:
3349N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
3349N/A else:
3349N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
3349N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
3349N/A option5='--set enabled:true --set use-ssl:true'
3349N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
3349N/A </script>
3349N/A
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-connection-handler-prop',
3349N/A 'objectType' : 'handler-name' ,
3349N/A 'objectName' : 'LDAPS Connection Handler',
3349N/A 'optionsString' : optionsString,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A <!-- ################################################## -->
3349N/A <!-- configureTLS -->
3349N/A <!-- ################################################## -->
3349N/A <function name="configureTLS">
3349N/A <function-prolog>
3349N/A This function makes the configuration changes for startTLS
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="filepath"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceHost" type="optional">
3349N/A <function-arg-description>
3349N/A Directory server hostname or IP address
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A <function-arg-description>
3349N/A Directory server admin port number
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="Port number"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceDn" type="optional">
3349N/A <function-arg-description>
3349N/A Bind DN
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="DN"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstancePswd" type="optional">
3349N/A <function-arg-description>
3349N/A Bind password
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystorePin" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Keystore pin
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreFile" type="optional" default="'config/keystore'">
3349N/A <function-arg-description>
3349N/A Keystore file path
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="customKeyMgr" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Name for a new key manager
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A Keystore type : JKS or PKCS12
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="extraParams" type="optional">
3349N/A <function-arg-description>
3349N/A Optional extra parameters for specific test cases
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A <!--- configure Key Manager Provider -->
3349N/A <message>
3349N/A 'Configure Key Manager Provider'
3349N/A </message>
3349N/A
3349N/A <if expr="len(customKeyMgr.strip()) != 0">
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-key-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : customKeyMgr ,
3349N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A <else>
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location,
3349N/A 'dsPath' : dsPath,
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3349N/A 'dsInstanceDn' : dsInstanceDn,
3349N/A 'dsInstancePswd' : dsInstancePswd,
3349N/A 'subcommand' : 'set-key-manager-provider-prop',
3349N/A 'objectType' : 'provider-name',
3349N/A 'objectName' : keystoreType,
3349N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </else>
3349N/A </if>
3349N/A
3349N/A <!--- configure Trust Manager Provider -->
3349N/A <message>
3349N/A 'Configure Trust Manager Provider'
3349N/A </message>
3349N/A
3349N/A
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location,
3349N/A 'dsPath' : dsPath,
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3349N/A 'dsInstanceDn' : dsInstanceDn,
3349N/A 'dsInstancePswd' : dsInstancePswd,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop',
3349N/A 'objectType' : 'provider-name',
3349N/A 'objectName' : 'Blind Trust',
3349N/A 'optionsString' : '--set enabled:true',
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A
3349N/A <!--- Enable StartTLS -->
3349N/A <message>
3349N/A 'Enabling StartTLS'
3349N/A </message>
3349N/A
3349N/A <script>
3349N/A option1='--set ssl-cert-nickname:%s' % certAlias
3349N/A option2='--set trust-manager-provider:"Blind Trust" '
3349N/A if customKeyMgr:
3349N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
3349N/A else:
3349N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
3349N/A option4='--set allow-start-tls:true'
3349N/A optionsString='%s %s %s %s' % (option1,option2,option3,option4)
3349N/A </script>
3349N/A
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location,
3349N/A 'dsPath' : dsPath,
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3349N/A 'dsInstanceDn' : dsInstanceDn,
3349N/A 'dsInstancePswd' : dsInstancePswd,
3349N/A 'subcommand' : 'set-connection-handler-prop',
3349N/A 'objectType' : 'handler-name',
3349N/A 'objectName' : 'LDAP Connection Handler',
3349N/A 'optionsString' : optionsString,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A
3349N/A <!-- ################################################## -->
3349N/A <!-- configure SASL-->
3349N/A <!-- ################################################## -->
3349N/A <function name="configureSASL">
3349N/A <function-prolog>
3349N/A This function makes the configuration changes for SASL
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="filepath"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceHost" type="optional">
3349N/A <function-arg-description>
3349N/A Directory server hostname or IP address
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A <function-arg-description>
3349N/A Directory server admin port number
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="Port number"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceDn" type="optional">
3349N/A <function-arg-description>
3349N/A Bind DN
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="DN"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstancePswd" type="optional">
3349N/A <function-arg-description>
3349N/A Bind password
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreFile" type="optional" default="'config/keystore'">
3349N/A <function-arg-description>
3349N/A Keystore File
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystorePin" type="optional" default="'keystorepass'">
3349N/A <function-arg-description>
3349N/A Keystore pin
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A Keystore type : JKS or PKCS12
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="createTrustMgr" type="optional" default="False">
3349N/A <function-arg-description>
3349N/A Create or enable custom key Manager.
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="enum">
3349N/A <function-arg-property-description>
3349N/A This argument can only have boolean values
3349N/A </function-arg-property-description>
3349N/A <function-arg-property-data type="choice" value="True"/>
3349N/A <function-arg-property-data type="choice" value="False"/>
3349N/A </function-arg-property>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="createKeyMgr" type="optional" default="False">
3349N/A <function-arg-description>
3349N/A Create or enable custom key Manager.
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="enum">
3349N/A <function-arg-property-description>
3349N/A This argument can only have boolean values
3349N/A </function-arg-property-description>
3349N/A <function-arg-property-data type="choice" value="True"/>
3349N/A <function-arg-property-data type="choice" value="False"/>
3349N/A </function-arg-property>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="KeyMgr" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Name for a new key manager
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="trustMgr" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Name for a new trust manager
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="truststoreFile" type="optional" default="'config/truststore'">
3349N/A <function-arg-description>
3349N/A Truststore File
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="truststoreType" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A Truststore type : JKS or PKCS12
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="truststorePin" type="optional" default="'truststorepass'">
3349N/A <function-arg-description>
3349N/A Truststore pin
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certMapper" type="optional" default="'Subject Equals DN'">
3349N/A <function-arg-description>
3349N/A Certificate mapper name
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="handlerName" type="optional" default="'EXTERNAL'">
3349N/A <function-arg-description>
3349N/A SASL mechanism handler name
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="optionSaSL" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A SASL mechanism handler options
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="optionMapper" type="optional" default="''">
3349N/A <function-arg-description>
3349N/A Mapping options
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="extraParams" type="optional">
3349N/A <function-arg-description>
3349N/A Optional extra parameters for specific test cases
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A
3349N/A <sequence>
3349N/A
3349N/A <!--- configure Key Manager Provider -->
3349N/A <message>
3349N/A 'Configure Key Manager Provider'
3349N/A </message>
3349N/A
3349N/A <if expr="createKeyMgr == True">
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-key-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : KeyMgr ,
3349N/A 'optionsString' : '--set key-store-file:%s --set key-store-pin:%s --set key-store-type:%s --type file-based --set enabled:true --no-prompt ' % (keystoreFile,keystorePin,truststoreType),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A <else>
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-key-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : KeyMgr,
3349N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </else>
3349N/A </if>
3349N/A
3349N/A <!--- configure Trust Manager Provider -->
3349N/A <message>
3349N/A 'Configure Trust Manager Provider'
3349N/A </message>
3349N/A
3349N/A <if expr="len(trustMgr.strip()) != 0">
3349N/A <if expr="createTrustMgr == True">
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'create-trust-manager-provider' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : trustMgr ,
3349N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --type file-based --set trust-store-type:%s --set enabled:true ' %(truststoreFile,truststorePin,truststoreType),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A <else>
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : trustMgr ,
3349N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --set enabled:true' %(truststoreFile,truststorePin),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </else>
3349N/A </if>
3349N/A <else>
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : 'Blind Trust',
3349N/A 'optionsString' : '--set enabled:true' ,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </else>
3349N/A </if>
3349N/A
3349N/A
3349N/A <!--- Enable LDAPS Connection Handler -->
3349N/A <message>
3349N/A 'Enabling LDAPS Connection Handler - Keystore type'
3349N/A </message>
3349N/A
3349N/A <script>
3349N/A option1='--set ssl-cert-nickname:%s' % certAlias
3349N/A if trustMgr:
3349N/A option2='--set trust-manager-provider:"%s"' % (trustMgr)
3349N/A else:
3349N/A option2='--set trust-manager-provider:"Blind Trust"'
3349N/A option3='--set key-manager-provider:"%s"' % (KeyMgr)
3349N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
3349N/A option5='--set enabled:true --set use-ssl:true --set ssl-client-auth-policy:required'
3349N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
3349N/A </script>
3349N/A
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-connection-handler-prop',
3349N/A 'objectType' : 'handler-name' ,
3349N/A 'objectName' : 'LDAPS Connection Handler',
3349N/A 'optionsString' : optionsString,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A
3349N/A <!--- Setting the mapper -->
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-certificate-mapper-prop',
3349N/A 'objectType' : 'mapper-name' ,
3349N/A 'objectName' : certMapper,
3349N/A 'optionsString' : '--set enabled:true --no-prompt %s'%optionMapper,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A
3349N/A <!--- Setting the sasl mechanism -->
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location ,
3349N/A 'dsPath' : dsPath ,
3349N/A 'dsInstanceHost' : dsInstanceHost ,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-sasl-mechanism-handler-prop',
3349N/A 'objectType' : 'handler-name' ,
3349N/A 'objectName' : handlerName,
3349N/A 'optionsString' : '--set certificate-mapper:"%s" --set enabled:true --no-prompt %s'%(certMapper,optionSaSL),
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A </sequence>
3349N/A </function>
3349N/A
3349N/A <!-- ################################################## -->
3349N/A <!-- configure SSL and TLS -->
3349N/A <!-- ################################################## -->
3349N/A <function name="configureSSL_TLS">
3349N/A <function-prolog>
3349N/A This function makes the configuration changes for SSL and TLS
3349N/A </function-prolog>
3349N/A <function-map-args>
3349N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
3349N/A <function-arg-description>
3349N/A Location of target host
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
3349N/A <function-arg-description>
3349N/A Pathname to installation root
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="filepath"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceHost" type="optional">
3349N/A <function-arg-description>
3349N/A Directory server hostname or IP address
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="hostname"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3349N/A <function-arg-description>
3349N/A Directory server admin port number
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="Port number"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstanceDn" type="optional">
3349N/A <function-arg-description>
3349N/A Bind DN
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="DN"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="dsInstancePswd" type="optional">
3349N/A <function-arg-description>
3349N/A Bind password
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
3349N/A <function-arg-description>
3349N/A Keystore type : JKS or PKCS12
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
3349N/A <function-arg-description>
3349N/A Alias certificate
3349N/A </function-arg-description>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="keystorePin" type="optional" default="'servercert'">
3349N/A <function-arg-description>
3349N/A Keystore pin
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A <function-arg-def name="extraParams" type="optional">
3349N/A <function-arg-description>
3349N/A Optional extra parameters for specific test cases
3349N/A </function-arg-description>
3349N/A <function-arg-property name="type" value="string"/>
3349N/A </function-arg-def>
3349N/A </function-map-args>
3349N/A <sequence>
3349N/A <!--- configure Key Manager Provider -->
3349N/A <message>
3349N/A 'Configure Key Manager Provider'
3349N/A </message>
3349N/A
3349N/A <call function="'dsconfig'">
3349N/A { 'location' : location,
3349N/A 'dsPath' : dsPath,
3349N/A 'dsInstanceHost' : dsInstanceHost,
3349N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3349N/A 'dsInstanceDn' : dsInstanceDn ,
3349N/A 'dsInstancePswd' : dsInstancePswd ,
3349N/A 'subcommand' : 'set-key-manager-provider-prop' ,
3349N/A 'objectType' : 'provider-name' ,
3349N/A 'objectName' : keystoreType,
3349N/A 'optionsString' : '--set key-store-file:config/keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
3349N/A 'expectedRC' : 0
3349N/A }
3349N/A </call>
3349N/A
3349N/A <!--- configure Trust Manager Provider -->
3349N/A <message>
'Configure Trust Manager Provider'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-trust-manager-provider-prop' ,
'objectType' : 'provider-name' ,
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:true' ,
'expectedRC' : 0
}
</call>
<!--- Enable LDAPS Connection Handler -->
<message>
'Enabling LDAPS Connection Handler - Keystore type'
</message>
<script>
option1='--set ssl-cert-nickname:%s' % certAlias
option2='--set trust-manager-provider:"Blind Trust"'
option3='--set key-manager-provider:"%s"' % (keystoreType)
option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
option5='--set enabled:true --set use-ssl:true'
optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
</script>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAPS Connection Handler',
'optionsString' : optionsString,
'expectedRC' : 0
}
</call>
<!--- Enable StartTLS -->
<message>
'Enabling StartTLS'
</message>
<script>
option1='--set ssl-cert-nickname:%s' % certAlias
option2='--set trust-manager-provider:"Blind Trust" '
option3='--set key-manager-provider:"%s"' % (keystoreType)
option4='--set allow-start-tls:true'
optionsString='%s %s %s %s' % (option1,option2,option3,option4)
</script>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAP Connection Handler',
'optionsString' : optionsString,
'expectedRC' : 0
}
</call>
</sequence>
</function>
<!-- ################################################## -->
<!-- Unconfigure SSL -->
<!-- ################################################## -->
<function name="unconfigureSSL">
<function-prolog>
This function reverses the configuration changes for SSL
</function-prolog>
<function-map-args>
<function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
<function-arg-description>
Location of target host
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
<function-arg-description>
Pathname to installation root
</function-arg-description>
<function-arg-property name="type" value="filepath"/>
</function-arg-def>
<function-arg-def name="dsInstanceHost" type="optional">
<function-arg-description>
Directory server hostname or IP address
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
<function-arg-description>
Directory server admin port number
</function-arg-description>
<function-arg-property name="type" value="Port number"/>
</function-arg-def>
<function-arg-def name="dsInstanceDn" type="optional">
<function-arg-description>
Bind DN
</function-arg-description>
<function-arg-property name="type" value="DN"/>
</function-arg-def>
<function-arg-def name="dsInstancePswd" type="optional">
<function-arg-description>
Bind password
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="keystoreType" type="optional" default="'JKS'">
<function-arg-description>
Keystore type : JKS or PKCS12
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="customKeyMgr" type="optional" default="''">
<function-arg-description>
Name for a new key manager
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="customTrustMgr" type="optional" default="''">
<function-arg-description>
Name for a new trust manager
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="extraParams" type="optional">
<function-arg-description>
Optional extra parameters for specific test cases
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
</function-map-args>
<sequence>
<!--- Disable LDAPS Connection Handler -->
<message>
'Disabling LDAPS Connection Handler'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAPS Connection Handler',
'optionsString' : '--set enabled:false --set use-ssl:false',
'expectedRC' : 0
}
</call>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAPS Connection Handler',
'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
'expectedRC' : 0
}
</call>
<!--- Disable SSL Trust Manager Provider -->
<message>
'Disabling SSL Trust Manager Provider'
</message>
<if expr="len(customTrustMgr.strip()) != 0">
<call function="'dsconfig'">
{ 'location' : location ,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'delete-trust-manager-provider' ,
'objectType' : 'provider-name' ,
'objectName' : customTrustMgr ,
'expectedRC' : 0
}
</call>
<else>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-trust-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:false',
'expectedRC' : 0
}
</call>
</else>
</if>
<!--- Disable Key Manager Provider -->
<message>
'Disabling Key Manager Provider'
</message>
<if expr="len(customKeyMgr.strip()) != 0">
<call function="'dsconfig'">
{ 'location' : location ,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'delete-key-manager-provider' ,
'objectType' : 'provider-name' ,
'objectName' : customKeyMgr ,
'expectedRC' : 0
}
</call>
<else>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-key-manager-provider-prop' ,
'objectType' : 'provider-name' ,
'objectName' : keystoreType,
'optionsString' : '--set enabled:false',
'expectedRC' : 0
}
</call>
</else>
</if>
</sequence>
</function>
<!-- ################################################## -->
<!-- unconfigureTLS -->
<!-- ################################################## -->
<function name="unconfigureTLS">
<function-prolog>
This function reverses the configuration changes for startTLS
</function-prolog>
<function-map-args>
<function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
<function-arg-description>
Location of target host
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
<function-arg-description>
Pathname to installation root
</function-arg-description>
<function-arg-property name="type" value="filepath"/>
</function-arg-def>
<function-arg-def name="dsInstanceHost" type="optional">
<function-arg-description>
Directory server hostname or IP address
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
<function-arg-description>
Directory server admin port number
</function-arg-description>
<function-arg-property name="type" value="Port number"/>
</function-arg-def>
<function-arg-def name="dsInstanceDn" type="optional">
<function-arg-description>
Bind DN
</function-arg-description>
<function-arg-property name="type" value="DN"/>
</function-arg-def>
<function-arg-def name="dsInstancePswd" type="optional">
<function-arg-description>
Bind password
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="customKeyMgr" type="optional" default="''">
<function-arg-description>
Name for the key manager
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="keystoreType" type="optional" default="'JKS'">
<function-arg-description>
Keystore type : JKS or PKCS12
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="extraParams" type="optional">
<function-arg-description>
Optional extra parameters for specific test cases
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
</function-map-args>
<sequence>
<!--- Disable StartTLS -->
<message>
'Disabling StartTLS'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAP Connection Handler',
'optionsString' : ' --set allow-start-tls:false',
'expectedRC' : 0
}
</call>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAP Connection Handler',
'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
'expectedRC' : 0
}
</call>
<!--- Disable SSL Trust Manager Provider -->
<message>
'Disabling SSL Trust Manager Provider'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-trust-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:false',
'expectedRC' : 0
}
</call>
<!--- Disable Key Manager Provider -->
<message>
'Disabling Key Manager Provider'
</message>
<if expr="len(customKeyMgr.strip()) != 0">
<call function="'dsconfig'">
{ 'location' : location ,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'delete-key-manager-provider' ,
'objectType' : 'provider-name' ,
'objectName' : customKeyMgr ,
'expectedRC' : 0
}
</call>
<else>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-key-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : keystoreType,
'optionsString' : '--set enabled:false',
'expectedRC' : 0
}
</call>
</else>
</if>
</sequence>
</function>
<!-- ################################################## -->
<!-- Unconfigure SSL and TLS -->
<!-- ################################################## -->
<function name="unconfigureSSL_TLS">
<function-prolog>
This function reverses the configuration changes for SSL and TLS
</function-prolog>
<function-map-args>
<function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
<function-arg-description>
Location of target host
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
<function-arg-description>
Pathname to installation root
</function-arg-description>
<function-arg-property name="type" value="filepath"/>
</function-arg-def>
<function-arg-def name="dsInstanceHost" type="optional">
<function-arg-description>
Directory server hostname or IP address
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
<function-arg-description>
Directory server admin port number
</function-arg-description>
<function-arg-property name="type" value="Port number"/>
</function-arg-def>
<function-arg-def name="dsInstanceDn" type="optional">
<function-arg-description>
Bind DN
</function-arg-description>
<function-arg-property name="type" value="DN"/>
</function-arg-def>
<function-arg-def name="dsInstancePswd" type="optional">
<function-arg-description>
Bind password
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="keystoreType" type="optional" default="'JKS'">
<function-arg-description>
Keystore type : JKS or PKCS12
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="extraParams" type="optional">
<function-arg-description>
Optional extra parameters for specific test cases
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
</function-map-args>
<sequence>
<!--- Disable LDAPS Connection Handler -->
<message>
'Disabling LDAPS Connection Handler'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-connection-handler-prop',
'objectType' : 'handler-name',
'objectName' : 'LDAPS Connection Handler',
'optionsString' : '--set enabled:false --set use-ssl:false',
'expectedRC' : 0
}
</call>
<!--- Disable StartTLS -->
<message>
'Disabling StartTLS'
</message>
<call function="'dsconfig'">
{ 'location' : location ,
'dsPath' : dsPath ,
'dsInstanceHost' : dsInstanceHost ,
'dsInstanceAdminPort' : dsInstanceAdminPort ,
'dsInstanceDn' : dsInstanceDn ,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-connection-handler-prop' ,
'objectType' : 'handler-name' ,
'objectName' : 'LDAP Connection Handler',
'optionsString' : ' --set allow-start-tls:false',
'expectedRC' : 0
}
</call>
<!--- Disable SSL Trust Manager Provider -->
<message>
'Disabling SSL Trust Manager Provider'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd ,
'subcommand' : 'set-trust-manager-provider-prop' ,
'objectType' : 'provider-name' ,
'objectName' : 'Blind Trust',
'optionsString' : '--set enabled:false' ,
'expectedRC' : 0
}
</call>
<!--- Disable Key Manager Provider -->
<message>
'Disabling Key Manager Provider'
</message>
<call function="'dsconfig'">
{ 'location' : location,
'dsPath' : dsPath,
'dsInstanceHost' : dsInstanceHost,
'dsInstanceAdminPort' : dsInstanceAdminPort,
'dsInstanceDn' : dsInstanceDn,
'dsInstancePswd' : dsInstancePswd,
'subcommand' : 'set-key-manager-provider-prop',
'objectType' : 'provider-name',
'objectName' : keystoreType,
'optionsString' : '--set enabled:false',
'expectedRC' : 0
}
</call>
</sequence>
</function>
<function name="createStrongUserEntries" scope="local">
<function-prolog>
This creates strongAuthenticationUser entries with userCertificates
</function-prolog>
<function-map-args>
<function-arg-def name="location" type="required">
<function-arg-description>
Location of target host
</function-arg-description>
<function-arg-property name="type" value="hostname"/>
</function-arg-def>
<function-arg-def name="certificate" type="required">
<function-arg-description>
Certificate
</function-arg-description>
<function-arg-property name="type" value="string"/>
</function-arg-def>
<function-arg-def name="filename" type="required">
<function-arg-description>
Certificate filename
</function-arg-description>
<function-arg-property name="type" value="filename"/>
</function-arg-def>
<function-arg-def name="userdn" type="required">
<function-arg-description>
User DN
</function-arg-description>
<function-arg-property name="type" value="DN"/>
</function-arg-def>
<function-arg-def name="localLdifFile" type="required">
<function-arg-description>
Local ldif file
</function-arg-description>
<function-arg-property name="type" value="filename"/>
</function-arg-def>
<function-arg-def name="remoteLdifFile" type="required">
<function-arg-description>
Remote ldif file
</function-arg-description>
<function-arg-property name="type" value="filename"/>
</function-arg-def>
</function-map-args>
<sequence>
<!-- Get a certificate from a file in PEM format -->
<call function="'getFile'">
{ 'location' : location,
'filename' : filename
}
</call>
<message>
'Certificate contents:\n %s' % cmdResult
</message>
<!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
<script>
certList=STAXResult[1].split('\n')
ret_str = ""
for line in certList:
index_cert = line.find("CERTIFICATE")
if index_cert == -1:
ret_str+=line.strip()
</script>
<!-- Create ldif for users entries and add userCertificate -->
<message> '---- Create User entry : %s----' % userdn</message>
<script>
listAttr = []
listAttr.append('dn: %s' % userdn)
listAttr.append('objectclass:top')
listAttr.append('objectclass:organizationalperson')
listAttr.append('objectclass:inetorgperson')
listAttr.append('objectclass:person')
listAttr.append('objectclass:ds-certificate-user')
listAttr.append('objectclass:strongAuthenticationUser')
listAttr.append('userCertificate;binary:: %s' % ret_str)
listAttr.append('givenname:%s' % certificate)
listAttr.append('sn:%s' % certificate)
listAttr.append('cn:%s' % certificate)
</script>
<!-- Write out the ldif of users entry-->
<script>
outfile = open(localLdifFile,"w")
for line in listAttr:
outfile.write("%s\n" % line)
outfile.close()
</script>
<!-- Copy the ldif file containing userCertificate to remote host -->
<message>
'Copy ldif (%s) file to user entry %s to %s' % (localLdifFile,userdn,remoteLdifFile)
</message>
<call function="'copyFile'">
{ 'location' : STAXServiceMachine,
'srcfile' : localLdifFile,
'destfile' : remoteLdifFile,
'remotehost' : location
}
</call>
<!-- Add the users entry into the LDAP server -->
<call function="'ldapModifyWithScript'">
{
'dsAdd' : 'True' ,
'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
'dsFilename' : remoteLdifFile
}
</call>
</sequence>
</function>
</stax>