2788N/A<?xml version="1.0" encoding="UTF-8" standalone="no"?>
2886N/A<!DOCTYPE stax SYSTEM "/stax.dtd">
2788N/A<!--
2788N/A ! CDDL HEADER START
2788N/A !
2788N/A ! The contents of this file are subject to the terms of the
2788N/A ! Common Development and Distribution License, Version 1.0 only
2788N/A ! (the "License"). You may not use this file except in compliance
2788N/A ! with the License.
2788N/A !
2788N/A ! You can obtain a copy of the license at
2788N/A ! trunk/opends/resource/legal-notices/OpenDS.LICENSE
2788N/A ! or https://OpenDS.dev.java.net/OpenDS.LICENSE.
2788N/A ! See the License for the specific language governing permissions
2788N/A ! and limitations under the License.
2788N/A !
2788N/A ! When distributing Covered Code, include this CDDL HEADER in each
2788N/A ! file and include the License file at
2788N/A ! trunk/opends/resource/legal-notices/OpenDS.LICENSE. If applicable,
2788N/A ! add the following below this CDDL HEADER, with the fields enclosed
2788N/A ! by brackets "[]" replaced with your own identifying information:
2788N/A ! Portions Copyright [yyyy] [name of copyright owner]
2788N/A !
2788N/A ! CDDL HEADER END
2788N/A !
5065N/A ! Copyright 2007-2010 Sun Microsystems, Inc.
2788N/A ! -->
2788N/A<stax>
2788N/A <!-- **************************************************** -->
2788N/A <!-- generate a certificate -->
2788N/A <!-- **************************************************** -->
2788N/A <function name="genCertificate">
2788N/A <function-prolog>
2788N/A This function generates a server certificate
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dname" type="optional" default="'cn=server,O=Sun Microsystems,C=US'">
2788N/A <function-arg-description>
2788N/A Certificate subject
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
2788N/A <function-arg-description>
2788N/A Path for the key store file
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the contents of the key store
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keypass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the private key on the key store: keypass
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A The storetype. can be JKS or PKCS12
2788N/A </function-arg-description>
2788N/A </function-arg-def>
3194N/A <function-arg-def name="expectedRC" type="optional" default="0">
3194N/A <function-arg-description>
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </function-arg-description>
3194N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!-- Local variables -->
2788N/A <script>
2788N/A if dsPath:
2788N/A dsConfigPath='%s/config' % (dsPath)
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A </script>
2788N/A <call function="'runCommand'">
2788N/A { 'name' : 'Generate a Certificate',
2788N/A 'location' : location,
2788N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
2788N/A 'arguments' : '-genkey -alias %s -keyalg rsa -dname "%s" -keystore %s -storepass %s -keypass %s -storetype %s ' % (certAlias,dname,keystore,storepass,keypass,storetype),
3194N/A 'path' : dsConfigPath,
3194N/A 'expectedRC': expectedRC
2788N/A }
2788N/A </call>
3194N/A <return>STAXResult</return>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- **************************************************** -->
2788N/A <!-- Self signed a certificate -->
2788N/A <!-- **************************************************** -->
2788N/A <function name="SelfSignCertificate">
2788N/A <function-prolog>
2788N/A This function self-signs a certificate
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
2788N/A <function-arg-description>
2788N/A Path for the key store file
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the contents of the key store
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keypass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the private key on the key store: keypass
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A The storetype. can be JKS or PKCS12
2788N/A </function-arg-description>
2788N/A </function-arg-def>
3194N/A <function-arg-def name="expectedRC" type="optional" default="0">
3194N/A <function-arg-description>
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </function-arg-description>
3194N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!-- Local variables -->
2788N/A <script>
2788N/A if dsPath:
2788N/A dsConfigPath='%s/config' % (dsPath)
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A </script>
2788N/A
2788N/A <call function="'runCommand'" >
2788N/A { 'name' : 'Generate a Self-Signed Server Certificate',
2788N/A 'location' : location,
2788N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
2788N/A 'arguments' : '-selfcert -alias %s -keystore "%s" -keypass "%s" -storepass "%s" -storetype "%s" ' % (certAlias,keystore,keypass,storepass,storetype),
3194N/A 'path' : dsConfigPath,
3194N/A 'expectedRC': expectedRC
2788N/A }
2788N/A </call>
3194N/A <return>STAXResult</return>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- **************************************************** -->
2788N/A <!-- Export a certificate -->
2788N/A <!-- **************************************************** -->
2788N/A <function name="ExportCertificate">
2788N/A <function-prolog>
2788N/A This function exports a certificate
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
2788N/A <function-arg-description>
2788N/A Path for the key store file
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the contents of the key store
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="format" type="optional">
2788N/A <function-arg-description>
2788N/A Format of the certificate. By default, it's in binary encoding
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A The storetype. can be JKS or PKCS12
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="outputfile" type="required">
2788N/A <function-arg-description>
2788N/A Output file to store certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
3194N/A <function-arg-def name="expectedRC" type="optional" default="0">
3194N/A <function-arg-description>
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </function-arg-description>
3194N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A
2788N/A <sequence>
2788N/A <!-- Local variables -->
2788N/A <script>
2788N/A if dsPath:
2788N/A dsConfigPath='%s/config' % (dsPath)
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A
2788N/A STAFCmdParams=''
2788N/A
2788N/A if format:
2788N/A STAFCmdParams='-%s' % (format)
2788N/A </script>
2788N/A
2788N/A <call function="'runCommand'">
2788N/A { 'name' : 'Export a Certificate',
2788N/A 'location' : location,
2788N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
2788N/A 'arguments' : '-export -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s %s' % (certAlias,outputfile,keystore,storepass,storetype,STAFCmdParams),
3194N/A 'path' : dsConfigPath,
3194N/A 'expectedRC' : expectedRC
2788N/A }
2788N/A </call>
3194N/A <return>STAXResult</return>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- **************************************************** -->
2788N/A <!-- Import a certificate -->
2788N/A <!-- **************************************************** -->
2788N/A <function name="ImportCertificate">
2788N/A <function-prolog>
2788N/A This function imports a certificate
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
2788N/A <function-arg-description>
2788N/A Path for the key store file
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the contents of the key store
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storetype" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A The storetype. can be JKS or PKCS12
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="inputfile" type="required">
2788N/A <function-arg-description>
2788N/A Certificate to import
2788N/A </function-arg-description>
2788N/A </function-arg-def>
3194N/A <function-arg-def name="expectedRC" type="optional" default="0">
3194N/A <function-arg-description>
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </function-arg-description>
3194N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A
2788N/A <!-- Local variables -->
2788N/A <script>
2788N/A if dsPath:
2788N/A dsConfigPath='%s/config' % (dsPath)
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A </script>
2788N/A
2788N/A <call function="'runCommand'">
2788N/A { 'name' : 'Import a Certificate',
2788N/A 'location' : location,
2788N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
2788N/A 'arguments' : '-import -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s -noprompt' % (certAlias,inputfile,keystore,storepass,storetype),
3194N/A 'path' : dsConfigPath,
3194N/A 'expectedRC' : expectedRC
2788N/A }
2788N/A </call>
3194N/A <return>STAXResult</return>
2788N/A </sequence>
2788N/A </function>
5551N/A
5551N/A <!-- **************************************************** -->
5551N/A <!-- List a certificate -->
5551N/A <!-- **************************************************** -->
5551N/A <function name="ListCertificate">
5551N/A <function-prolog>
5551N/A This function lists a certificate
5551N/A </function-prolog>
5551N/A <function-map-args>
5551N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
5551N/A <function-arg-description>
5551N/A Location of target host
5551N/A </function-arg-description>
5551N/A </function-arg-def>
5551N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
5551N/A <function-arg-description>
5551N/A Pathname to installation root
5551N/A </function-arg-description>
5551N/A </function-arg-def>
5551N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
5551N/A <function-arg-description>
5551N/A Alias certificate
5551N/A </function-arg-description>
5551N/A </function-arg-def>
5551N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
5551N/A <function-arg-description>
5551N/A Path for the key store file
5551N/A </function-arg-description>
5551N/A </function-arg-def>
5551N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
5551N/A <function-arg-description>
5551N/A Password to protect the contents of the key store
5551N/A </function-arg-description>
5551N/A </function-arg-def>
5551N/A <function-arg-def name="expectedRC" type="optional" default="0">
5551N/A <function-arg-description>
5551N/A Expected return code value. Default value is 0.
5551N/A Wildcard 'noCheck' to not check the RC
5551N/A </function-arg-description>
5551N/A </function-arg-def>
5551N/A </function-map-args>
5551N/A
5551N/A <sequence>
5551N/A <!-- Local variables -->
5551N/A <script>
5551N/A if dsPath:
5551N/A dsConfigPath='%s/config' % (dsPath)
5551N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
5551N/A
5551N/A STAFCmdParamsList=[]
5551N/A STAFCmdParams=''
5551N/A
5551N/A STAFCmdParamsList.append('-list')
5551N/A STAFCmdParamsList.append('-v')
5551N/A
5551N/A if certAlias:
5551N/A STAFCmdParamsList.append('-alias %s' % certAlias)
5551N/A
5551N/A if keystore:
5551N/A STAFCmdParamsList.append('-keystore %s' % keystore)
5551N/A
5551N/A if storepass:
5551N/A STAFCmdParamsList.append('-storepass %s' % storepass)
5551N/A
5551N/A STAFCmdParams=' '.join(STAFCmdParamsList)
5551N/A
5551N/A </script>
5551N/A
5551N/A <call function="'runCommand'">
5551N/A { 'name' : 'List a Certificate',
5551N/A 'location' : location,
5551N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
5551N/A 'arguments' : STAFCmdParams ,
5551N/A 'path' : dsConfigPath,
5551N/A 'expectedRC' : expectedRC
5551N/A }
5551N/A </call>
5551N/A <return>STAXResult</return>
5551N/A </sequence>
5551N/A </function>
2788N/A
2788N/A <!-- **************************************************** -->
5065N/A <!-- Add certificate to an attribute -->
5065N/A <!-- **************************************************** -->
5065N/A <function name="addCertificate">
5065N/A <function-prolog>
5065N/A This function add certificate to an user attribute
5065N/A </function-prolog>
5065N/A <function-map-args>
5065N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
5065N/A <function-arg-description>
5065N/A Location of target host
5065N/A </function-arg-description>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="user_cert_file_rfc" type="required" default="''">
5065N/A <function-arg-description>
5065N/A Path to certificate RFC file
5065N/A </function-arg-description>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="userdn" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A User DN to modify
5065N/A </function-arg-description>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="ldif_path" type="required" default="''">
5065N/A <function-arg-description>
5065N/A Path to the ldif file
5065N/A </function-arg-description>
5065N/A </function-arg-def>
5065N/A </function-map-args>
5065N/A <sequence>
5065N/A
5065N/A <call function="'getFile'">
5073N/A {
5073N/A 'location' : STAF_REMOTE_HOSTNAME,
5073N/A 'filename' : user_cert_file_rfc
5073N/A }
5065N/A </call>
5065N/A
5065N/A <message>
5073N/A 'Certificate contents:\n %s' % cmdResult
5065N/A </message>
5065N/A
5073N/A <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
5065N/A <script>
5073N/A certList=STAXResult[1].split('\n')
5073N/A ret_str = ""
5073N/A for line in certList:
5073N/A index_cert = line.find("CERTIFICATE")
5073N/A if index_cert == -1:
5073N/A ret_str+=line.strip()
5065N/A </script>
5065N/A
5065N/A <script>
5073N/A listAttr = []
5073N/A listAttr.append('dn: %s' %userdn)
5073N/A listAttr.append('changetype: modify')
5073N/A listAttr.append('add: objectclass')
5073N/A listAttr.append('objectclass:ds-certificate-user')
5073N/A listAttr.append('-')
5073N/A listAttr.append('add: userCertificate;binary')
5073N/A listAttr.append('userCertificate;binary:: %s' % ret_str)
5073N/A </script>
5073N/A
5098N/A <message>
5098N/A 'Create %s/client.ldif' % local.temp
5098N/A </message>
5073N/A <script>
5073N/A addCertificateldif='%s/client.ldif' % local.temp
5073N/A outfile = open(addCertificateldif,"w")
5073N/A for line in listAttr:
5073N/A outfile.write("%s\n" % line)
5073N/A outfile.close()
5065N/A </script>
5065N/A
5098N/A <message>
5098N/A 'Copy %s/client.ldif to %s' % (local.temp,ldif_path)
5098N/A </message>
5073N/A <call function="'copyFile'">
5073N/A {
5073N/A 'location' : STAXServiceMachine,
5098N/A 'srcfile' : '%s/client.ldif' % local.temp,
5073N/A 'destfile' : ldif_path,
5073N/A 'remotehost' : STAF_REMOTE_HOSTNAME
5073N/A }
5073N/A </call>
5065N/A
5065N/A <call function="'modifyEntry'">
5073N/A {
5073N/A 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5073N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
5073N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5073N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5098N/A 'entryToBeModified' : ldif_path,
5073N/A 'expectedRC' : 0
5073N/A }
5065N/A </call>
5065N/A </sequence>
5065N/A </function>
5065N/A
5065N/A
5065N/A
5065N/A
5065N/A
5065N/A
5065N/A
5065N/A <!-- **************************************************** -->
2788N/A <!-- get MD5 and SHA1 values -->
2788N/A <!-- **************************************************** -->
2788N/A <function name="getFingerprint">
2788N/A <function-prolog>
2788N/A This function returns the fingerprint MD5 or SHA1
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystore" type="optional" default="'keystore'">
2788N/A <function-arg-description>
2788N/A Path for the key store file
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="storepass" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Password to protect the contents of the key store
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="fingerprint" type="optional" default="'MD5'">
2788N/A <function-arg-description>
2788N/A fingerprint. can be MD5 or SHA1
2788N/A </function-arg-description>
2788N/A </function-arg-def>
3194N/A <function-arg-def name="expectedRC" type="optional" default="0">
3194N/A <function-arg-description>
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </function-arg-description>
3194N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!-- Local variables -->
2788N/A <script>
2788N/A if dsPath:
2788N/A dsConfigPath='%s/config' % (dsPath)
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A </script>
2788N/A <call function="'runCommand'">
2788N/A { 'name' : 'getFingerprint',
2788N/A 'location' : location,
2788N/A 'command' : '%s/bin/keytool' % JAVA_HOME,
2788N/A 'arguments' : ' -list -v -keystore "%s" -storepass "%s" -alias "%s"' % (keystore,storepass,certAlias),
3194N/A 'path' : dsConfigPath,
3194N/A 'expectedRC': expectedRC
2788N/A }
2788N/A </call>
3194N/A <return>STAXResult</return>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- ################################################## -->
2788N/A <!-- configure SSL -->
2788N/A <!-- ################################################## -->
2788N/A <function name="configureSSL">
2788N/A <function-prolog>
2788N/A This function makes the configuration changes for SSL
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
4153N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="filepath"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceHost" type="optional">
2788N/A <function-arg-description>
2788N/A Directory server hostname or IP address
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
3853N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
2788N/A <function-arg-description>
3853N/A Directory server admin port number
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="Port number"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceDn" type="optional">
2788N/A <function-arg-description>
2788N/A Bind DN
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="DN"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstancePswd" type="optional">
2788N/A <function-arg-description>
2788N/A Bind password
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
5065N/A <function-arg-def name="keystoreFile" type="optional" default="'config/keystore'">
5065N/A <function-arg-description>
5065N/A Keystore File
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
2788N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A Keystore type : JKS or PKCS12
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystorePin" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Keystore pin
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="customKeyMgr" type="optional" default="''">
2788N/A <function-arg-description>
2788N/A Name for a new key manager
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="customTrustMgr" type="optional" default="''">
2788N/A <function-arg-description>
2788N/A Name for a new trust manager
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="extraParams" type="optional">
2788N/A <function-arg-description>
2788N/A Optional extra parameters for specific test cases
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A
2788N/A <!--- configure Key Manager Provider -->
2788N/A <message>
2788N/A 'Configure Key Manager Provider'
2788N/A </message>
2788N/A
2788N/A <if expr="len(customKeyMgr.strip()) != 0">
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'create-key-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customKeyMgr ,
5065N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A <else>
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-key-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set key-store-file:config/keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </else>
2788N/A </if>
2788N/A
2788N/A <!--- configure Trust Manager Provider -->
2788N/A <message>
2788N/A 'Configure Trust Manager Provider'
2788N/A </message>
2788N/A
2788N/A <if expr="len(customTrustMgr.strip()) != 0">
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'create-trust-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customTrustMgr ,
2788N/A 'optionsString' : '--type blind --set enabled:true --set java-class:org.opends.server.extensions.BlindTrustManagerProvider' ,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A <else>
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:true' ,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </else>
2788N/A </if>
2788N/A
2788N/A
2788N/A <!--- Enable LDAPS Connection Handler -->
2788N/A <message>
2788N/A 'Enabling LDAPS Connection Handler - Keystore type'
2788N/A </message>
2788N/A
2788N/A <script>
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A if customTrustMgr:
2788N/A option2='--set trust-manager-provider:"%s"' % (customTrustMgr)
2788N/A else:
2788N/A option2='--set trust-manager-provider:"Blind Trust"'
2788N/A if customKeyMgr:
2788N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
2788N/A else:
2788N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
2788N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
2788N/A option5='--set enabled:true --set use-ssl:true'
2788N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
2788N/A </script>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- ################################################## -->
2788N/A <!-- configureTLS -->
2788N/A <!-- ################################################## -->
2788N/A <function name="configureTLS">
2788N/A <function-prolog>
2788N/A This function makes the configuration changes for startTLS
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
4153N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="filepath"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceHost" type="optional">
2788N/A <function-arg-description>
2788N/A Directory server hostname or IP address
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
3853N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
2788N/A <function-arg-description>
3853N/A Directory server admin port number
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="Port number"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceDn" type="optional">
2788N/A <function-arg-description>
2788N/A Bind DN
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="DN"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstancePswd" type="optional">
2788N/A <function-arg-description>
2788N/A Bind password
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystorePin" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Keystore pin
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
5065N/A <function-arg-def name="keystoreFile" type="optional" default="'config/keystore'">
5065N/A <function-arg-description>
5065N/A Keystore file path
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="customKeyMgr" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A Name for a new key manager
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A Keystore type : JKS or PKCS12
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="extraParams" type="optional">
2788N/A <function-arg-description>
2788N/A Optional extra parameters for specific test cases
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!--- configure Key Manager Provider -->
2788N/A <message>
2788N/A 'Configure Key Manager Provider'
2788N/A </message>
5065N/A
5065N/A <if expr="len(customKeyMgr.strip()) != 0">
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'create-key-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : customKeyMgr ,
5065N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A <else>
5065N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-key-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : keystoreType,
5065N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
2788N/A 'expectedRC' : 0
2788N/A }
5065N/A </call>
5065N/A </else>
5065N/A </if>
2788N/A
2788N/A <!--- configure Trust Manager Provider -->
2788N/A <message>
2788N/A 'Configure Trust Manager Provider'
2788N/A </message>
2788N/A
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:true',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Enable StartTLS -->
2788N/A <message>
2788N/A 'Enabling StartTLS'
2788N/A </message>
2788N/A
2788N/A <script>
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"Blind Trust" '
5065N/A if customKeyMgr:
5065N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
5065N/A else:
5065N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
5065N/A option4='--set allow-start-tls:true'
5065N/A optionsString='%s %s %s %s' % (option1,option2,option3,option4)
2788N/A </script>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
5065N/A <!-- ################################################## -->
5065N/A <!-- configure SASL-->
5065N/A <!-- ################################################## -->
5065N/A <function name="configureSASL">
5065N/A <function-prolog>
5065N/A This function makes the configuration changes for SASL
5065N/A </function-prolog>
5065N/A <function-map-args>
5065N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
5065N/A <function-arg-description>
5065N/A Location of target host
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="hostname"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
5065N/A <function-arg-description>
5065N/A Pathname to installation root
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="filepath"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="dsInstanceHost" type="optional">
5065N/A <function-arg-description>
5065N/A Directory server hostname or IP address
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="hostname"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
5065N/A <function-arg-description>
5065N/A Directory server admin port number
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="Port number"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="dsInstanceDn" type="optional">
5065N/A <function-arg-description>
5065N/A Bind DN
5065N/A </function-arg-description>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="certAlias" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A Alias certificate
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="DN"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="dsInstancePswd" type="optional">
5065N/A <function-arg-description>
5065N/A Bind password
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="keystoreFile" type="optional" default="'config/keystore'">
5065N/A <function-arg-description>
5065N/A Keystore File
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="keystorePin" type="optional" default="'keystorepass'">
5065N/A <function-arg-description>
5065N/A Keystore pin
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
5065N/A <function-arg-description>
5065N/A Keystore type : JKS or PKCS12
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="createTrustMgr" type="optional" default="False">
5065N/A <function-arg-description>
5065N/A Create or enable custom key Manager.
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="enum">
5065N/A <function-arg-property-description>
5065N/A This argument can only have boolean values
5065N/A </function-arg-property-description>
5065N/A <function-arg-property-data type="choice" value="True"/>
5065N/A <function-arg-property-data type="choice" value="False"/>
5065N/A </function-arg-property>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="createKeyMgr" type="optional" default="False">
5065N/A <function-arg-description>
5065N/A Create or enable custom key Manager.
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="enum">
5065N/A <function-arg-property-description>
5065N/A This argument can only have boolean values
5065N/A </function-arg-property-description>
5065N/A <function-arg-property-data type="choice" value="True"/>
5065N/A <function-arg-property-data type="choice" value="False"/>
5065N/A </function-arg-property>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="KeyMgr" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A Name for a new key manager
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="trustMgr" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A Name for a new trust manager
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="truststoreFile" type="optional" default="'config/truststore'">
5065N/A <function-arg-description>
5065N/A Truststore File
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="truststoreType" type="optional" default="'JKS'">
5065N/A <function-arg-description>
5065N/A Truststore type : JKS or PKCS12
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="truststorePin" type="optional" default="'truststorepass'">
5065N/A <function-arg-description>
5065N/A Truststore pin
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="certMapper" type="optional" default="'Subject Equals DN'">
5065N/A <function-arg-description>
5065N/A Certificate mapper name
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="handlerName" type="optional" default="'EXTERNAL'">
5065N/A <function-arg-description>
5065N/A SASL mechanism handler name
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="optionSaSL" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A SASL mechanism handler options
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="optionMapper" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A Mapping options
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A <function-arg-def name="extraParams" type="optional">
5065N/A <function-arg-description>
5065N/A Optional extra parameters for specific test cases
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
5065N/A </function-map-args>
5065N/A
5065N/A <sequence>
5065N/A
5065N/A <!--- configure Key Manager Provider -->
5065N/A <message>
5065N/A 'Configure Key Manager Provider'
5065N/A </message>
5065N/A
5065N/A <if expr="createKeyMgr == True">
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'create-key-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : KeyMgr ,
5065N/A 'optionsString' : '--set key-store-file:%s --set key-store-pin:%s --set key-store-type:%s --type file-based --set enabled:true --no-prompt ' % (keystoreFile,keystorePin,truststoreType),
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A <else>
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-key-manager-provider-prop' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : KeyMgr,
5065N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A </else>
5065N/A </if>
5065N/A
5065N/A <!--- configure Trust Manager Provider -->
5065N/A <message>
5065N/A 'Configure Trust Manager Provider'
5065N/A </message>
5065N/A
5065N/A <if expr="len(trustMgr.strip()) != 0">
5065N/A <if expr="createTrustMgr == True">
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'create-trust-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : trustMgr ,
5065N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --type file-based --set trust-store-type:%s --set enabled:true ' %(truststoreFile,truststorePin,truststoreType),
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A <else>
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : trustMgr ,
5065N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --set enabled:true' %(truststoreFile,truststorePin),
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A </else>
5065N/A </if>
5065N/A <else>
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : 'Blind Trust',
5065N/A 'optionsString' : '--set enabled:true' ,
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A </else>
5065N/A </if>
5065N/A
5065N/A
5065N/A <!--- Enable LDAPS Connection Handler -->
5065N/A <message>
5065N/A 'Enabling LDAPS Connection Handler - Keystore type'
5065N/A </message>
5065N/A
5065N/A <script>
5065N/A option1='--set ssl-cert-nickname:%s' % certAlias
5065N/A if trustMgr:
5065N/A option2='--set trust-manager-provider:"%s"' % (trustMgr)
5065N/A else:
5065N/A option2='--set trust-manager-provider:"Blind Trust"'
5065N/A option3='--set key-manager-provider:"%s"' % (KeyMgr)
5065N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
5065N/A option5='--set enabled:true --set use-ssl:true --set ssl-client-auth-policy:required'
5065N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
5065N/A </script>
5065N/A
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-connection-handler-prop',
5065N/A 'objectType' : 'handler-name' ,
5065N/A 'objectName' : 'LDAPS Connection Handler',
5065N/A 'optionsString' : optionsString,
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A
5065N/A <!--- Setting the mapper -->
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-certificate-mapper-prop',
5065N/A 'objectType' : 'mapper-name' ,
5065N/A 'objectName' : certMapper,
5065N/A 'optionsString' : '--set enabled:true --no-prompt %s'%optionMapper,
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A
5065N/A <!--- Setting the sasl mechanism -->
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-sasl-mechanism-handler-prop',
5065N/A 'objectType' : 'handler-name' ,
5065N/A 'objectName' : handlerName,
5065N/A 'optionsString' : '--set certificate-mapper:"%s" --set enabled:true --no-prompt %s'%(certMapper,optionSaSL),
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A </sequence>
5065N/A </function>
5065N/A
2788N/A <!-- ################################################## -->
2788N/A <!-- configure SSL and TLS -->
2788N/A <!-- ################################################## -->
2788N/A <function name="configureSSL_TLS">
2788N/A <function-prolog>
2788N/A This function makes the configuration changes for SSL and TLS
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
4153N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="filepath"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceHost" type="optional">
2788N/A <function-arg-description>
2788N/A Directory server hostname or IP address
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
3853N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
2788N/A <function-arg-description>
3853N/A Directory server admin port number
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="Port number"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceDn" type="optional">
2788N/A <function-arg-description>
2788N/A Bind DN
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="DN"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstancePswd" type="optional">
2788N/A <function-arg-description>
2788N/A Bind password
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A Keystore type : JKS or PKCS12
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="certAlias" type="optional" default="'server-cert'">
2788N/A <function-arg-description>
2788N/A Alias certificate
2788N/A </function-arg-description>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystorePin" type="optional" default="'servercert'">
2788N/A <function-arg-description>
2788N/A Keystore pin
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="extraParams" type="optional">
2788N/A <function-arg-description>
2788N/A Optional extra parameters for specific test cases
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!--- configure Key Manager Provider -->
2788N/A <message>
2788N/A 'Configure Key Manager Provider'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3853N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
3853N/A 'subcommand' : 'set-key-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set key-store-file:config/keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- configure Trust Manager Provider -->
2788N/A <message>
2788N/A 'Configure Trust Manager Provider'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3853N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
3853N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:true' ,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A
2788N/A <!--- Enable LDAPS Connection Handler -->
2788N/A <message>
2788N/A 'Enabling LDAPS Connection Handler - Keystore type'
2788N/A </message>
2788N/A
2788N/A <script>
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"Blind Trust"'
2788N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
2788N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
2788N/A option5='--set enabled:true --set use-ssl:true'
2788N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
2788N/A </script>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3853N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
3853N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Enable StartTLS -->
2788N/A <message>
2788N/A 'Enabling StartTLS'
2788N/A </message>
2788N/A
2788N/A <script>
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"Blind Trust" '
2788N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
2788N/A option4='--set allow-start-tls:true'
2788N/A optionsString='%s %s %s %s' % (option1,option2,option3,option4)
2788N/A </script>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- ################################################## -->
2788N/A <!-- Unconfigure SSL -->
2788N/A <!-- ################################################## -->
2788N/A <function name="unconfigureSSL">
2788N/A <function-prolog>
2788N/A This function reverses the configuration changes for SSL
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
4153N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="filepath"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceHost" type="optional">
2788N/A <function-arg-description>
2788N/A Directory server hostname or IP address
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
3853N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
2788N/A <function-arg-description>
3853N/A Directory server admin port number
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="Port number"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceDn" type="optional">
2788N/A <function-arg-description>
2788N/A Bind DN
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="DN"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstancePswd" type="optional">
2788N/A <function-arg-description>
2788N/A Bind password
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A Keystore type : JKS or PKCS12
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="customKeyMgr" type="optional" default="''">
2788N/A <function-arg-description>
2788N/A Name for a new key manager
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="customTrustMgr" type="optional" default="''">
2788N/A <function-arg-description>
2788N/A Name for a new trust manager
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="extraParams" type="optional">
2788N/A <function-arg-description>
2788N/A Optional extra parameters for specific test cases
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!--- Disable LDAPS Connection Handler -->
2788N/A <message>
2788N/A 'Disabling LDAPS Connection Handler'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop' ,
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : '--set enabled:false --set use-ssl:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop' ,
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Disable SSL Trust Manager Provider -->
2788N/A <message>
2788N/A 'Disabling SSL Trust Manager Provider'
2788N/A </message>
2788N/A <if expr="len(customTrustMgr.strip()) != 0">
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'delete-trust-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customTrustMgr ,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A <else>
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </else>
2788N/A </if>
2788N/A
2788N/A <!--- Disable Key Manager Provider -->
2788N/A <message>
2788N/A 'Disabling Key Manager Provider'
2788N/A </message>
2788N/A
2788N/A <if expr="len(customKeyMgr.strip()) != 0">
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'delete-key-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customKeyMgr ,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A <else>
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-key-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set enabled:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </else>
2788N/A </if>
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- ################################################## -->
2788N/A <!-- unconfigureTLS -->
2788N/A <!-- ################################################## -->
2788N/A <function name="unconfigureTLS">
2788N/A <function-prolog>
2788N/A This function reverses the configuration changes for startTLS
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
4153N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="filepath"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceHost" type="optional">
2788N/A <function-arg-description>
2788N/A Directory server hostname or IP address
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
3853N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
2788N/A <function-arg-description>
3853N/A Directory server admin port number
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="Port number"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceDn" type="optional">
2788N/A <function-arg-description>
2788N/A Bind DN
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="DN"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstancePswd" type="optional">
2788N/A <function-arg-description>
2788N/A Bind password
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
5065N/A <function-arg-def name="customKeyMgr" type="optional" default="''">
5065N/A <function-arg-description>
5065N/A Name for the key manager
5065N/A </function-arg-description>
5065N/A <function-arg-property name="type" value="string"/>
5065N/A </function-arg-def>
2788N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A Keystore type : JKS or PKCS12
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="extraParams" type="optional">
2788N/A <function-arg-description>
2788N/A Optional extra parameters for specific test cases
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!--- Disable StartTLS -->
2788N/A <message>
2788N/A 'Disabling StartTLS'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : ' --set allow-start-tls:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
5065N/A
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-connection-handler-prop' ,
5065N/A 'objectType' : 'handler-name' ,
5065N/A 'objectName' : 'LDAP Connection Handler',
5065N/A 'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
2788N/A
2788N/A <!--- Disable SSL Trust Manager Provider -->
2788N/A <message>
2788N/A 'Disabling SSL Trust Manager Provider'
2788N/A </message>
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Disable Key Manager Provider -->
2788N/A <message>
2788N/A 'Disabling Key Manager Provider'
2788N/A </message>
5065N/A
5065N/A <if expr="len(customKeyMgr.strip()) != 0">
5065N/A <call function="'dsconfig'">
5065N/A { 'location' : location ,
5065N/A 'dsPath' : dsPath ,
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'delete-key-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : customKeyMgr ,
5065N/A 'expectedRC' : 0
5065N/A }
5065N/A </call>
5065N/A <else>
5065N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3853N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
3853N/A 'subcommand' : 'set-key-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : keystoreType,
3853N/A 'optionsString' : '--set enabled:false',
2788N/A 'expectedRC' : 0
2788N/A }
5065N/A </call>
5065N/A </else>
5065N/A </if>
5065N/A
2788N/A </sequence>
2788N/A </function>
2788N/A
2788N/A
2788N/A <!-- ################################################## -->
2788N/A <!-- Unconfigure SSL and TLS -->
2788N/A <!-- ################################################## -->
2788N/A <function name="unconfigureSSL_TLS">
2788N/A <function-prolog>
2788N/A This function reverses the configuration changes for SSL and TLS
2788N/A </function-prolog>
2788N/A <function-map-args>
2788N/A <function-arg-def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A <function-arg-description>
2788N/A Location of target host
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
4153N/A <function-arg-def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A <function-arg-description>
2788N/A Pathname to installation root
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="filepath"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceHost" type="optional">
2788N/A <function-arg-description>
2788N/A Directory server hostname or IP address
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="hostname"/>
2788N/A </function-arg-def>
3853N/A <function-arg-def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
2788N/A <function-arg-description>
3853N/A Directory server admin port number
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="Port number"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstanceDn" type="optional">
2788N/A <function-arg-description>
2788N/A Bind DN
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="DN"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="dsInstancePswd" type="optional">
2788N/A <function-arg-description>
2788N/A Bind password
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="keystoreType" type="optional" default="'JKS'">
2788N/A <function-arg-description>
2788N/A Keystore type : JKS or PKCS12
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A <function-arg-def name="extraParams" type="optional">
2788N/A <function-arg-description>
2788N/A Optional extra parameters for specific test cases
2788N/A </function-arg-description>
2788N/A <function-arg-property name="type" value="string"/>
2788N/A </function-arg-def>
2788N/A </function-map-args>
2788N/A <sequence>
2788N/A <!--- Disable LDAPS Connection Handler -->
2788N/A <message>
2788N/A 'Disabling LDAPS Connection Handler'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : '--set enabled:false --set use-ssl:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Disable StartTLS -->
2788N/A <message>
2788N/A 'Disabling StartTLS'
2788N/A </message>
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location ,
2788N/A 'dsPath' : dsPath ,
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop' ,
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : ' --set allow-start-tls:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Disable SSL Trust Manager Provider -->
2788N/A <message>
2788N/A 'Disabling SSL Trust Manager Provider'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:false' ,
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A
2788N/A <!--- Disable Key Manager Provider -->
2788N/A <message>
2788N/A 'Disabling Key Manager Provider'
2788N/A </message>
2788N/A
2788N/A <call function="'dsconfig'">
2788N/A { 'location' : location,
2788N/A 'dsPath' : dsPath,
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-key-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set enabled:false',
2788N/A 'expectedRC' : 0
2788N/A }
2788N/A </call>
2788N/A </sequence>
2788N/A </function>
5873N/A
5873N/A <function name="createStrongUserEntries" scope="local">
5873N/A <function-prolog>
5873N/A This creates strongAuthenticationUser entries with userCertificates
5873N/A </function-prolog>
5873N/A <function-map-args>
5873N/A <function-arg-def name="location" type="required">
5873N/A <function-arg-description>
5873N/A Location of target host
5873N/A </function-arg-description>
5873N/A <function-arg-property name="type" value="hostname"/>
5873N/A </function-arg-def>
5873N/A <function-arg-def name="certificate" type="required">
5873N/A <function-arg-description>
5873N/A Certificate
5873N/A </function-arg-description>
5873N/A <function-arg-property name="type" value="string"/>
5873N/A </function-arg-def>
5873N/A <function-arg-def name="filename" type="required">
5873N/A <function-arg-description>
5873N/A Certificate filename
5873N/A </function-arg-description>
5873N/A <function-arg-property name="type" value="filename"/>
5873N/A </function-arg-def>
5873N/A <function-arg-def name="userdn" type="required">
5873N/A <function-arg-description>
5873N/A User DN
5873N/A </function-arg-description>
5873N/A <function-arg-property name="type" value="DN"/>
5873N/A </function-arg-def>
5873N/A <function-arg-def name="localLdifFile" type="required">
5873N/A <function-arg-description>
5873N/A Local ldif file
5873N/A </function-arg-description>
5873N/A <function-arg-property name="type" value="filename"/>
5873N/A </function-arg-def>
5873N/A <function-arg-def name="remoteLdifFile" type="required">
5873N/A <function-arg-description>
5873N/A Remote ldif file
5873N/A </function-arg-description>
5873N/A <function-arg-property name="type" value="filename"/>
5873N/A </function-arg-def>
5873N/A </function-map-args>
5873N/A
5873N/A <sequence>
5873N/A
5873N/A <!-- Get a certificate from a file in PEM format -->
5873N/A <call function="'getFile'">
5873N/A { 'location' : location,
5873N/A 'filename' : filename
5873N/A }
5873N/A </call>
5873N/A
5873N/A <message>
5873N/A 'Certificate contents:\n %s' % cmdResult
5873N/A </message>
5873N/A
5873N/A <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE -->
5873N/A <script>
5873N/A certList=STAXResult[1].split('\n')
5873N/A ret_str = ""
5873N/A for line in certList:
5873N/A index_cert = line.find("CERTIFICATE")
5873N/A if index_cert == -1:
5873N/A ret_str+=line.strip()
5873N/A </script>
5873N/A
5873N/A <!-- Create ldif for users entries and add userCertificate -->
5873N/A <message> '---- Create User entry : %s----' % userdn</message>
5873N/A <script>
5873N/A listAttr = []
5873N/A listAttr.append('dn: %s' % userdn)
5873N/A listAttr.append('objectclass:top')
5873N/A listAttr.append('objectclass:organizationalperson')
5873N/A listAttr.append('objectclass:inetorgperson')
5873N/A listAttr.append('objectclass:person')
5873N/A listAttr.append('objectclass:ds-certificate-user')
5873N/A listAttr.append('objectclass:strongAuthenticationUser')
5873N/A listAttr.append('userCertificate;binary:: %s' % ret_str)
5873N/A listAttr.append('givenname:%s' % certificate)
5873N/A listAttr.append('sn:%s' % certificate)
5873N/A listAttr.append('cn:%s' % certificate)
5873N/A </script>
5873N/A
5873N/A <!-- Write out the ldif of users entry-->
5873N/A <script>
5873N/A outfile = open(localLdifFile,"w")
5873N/A for line in listAttr:
5873N/A outfile.write("%s\n" % line)
5873N/A outfile.close()
5873N/A </script>
5873N/A
5873N/A <!-- Copy the ldif file containing userCertificate to remote host -->
5873N/A <message>
5873N/A 'Copy ldif (%s) file to user entry %s to %s' % (localLdifFile,userdn,remoteLdifFile)
5873N/A </message>
5873N/A
5873N/A <call function="'copyFile'">
5873N/A { 'location' : STAXServiceMachine,
5873N/A 'srcfile' : localLdifFile,
5873N/A 'destfile' : remoteLdifFile,
5873N/A 'remotehost' : location
5873N/A }
5873N/A </call>
5873N/A
5873N/A <!-- Add the users entry into the LDAP server -->
5873N/A <call function="'ldapModifyWithScript'">
5873N/A {
5873N/A 'dsAdd' : 'True' ,
5873N/A 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5873N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5873N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5873N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5873N/A 'dsFilename' : remoteLdifFile
5873N/A }
5873N/A </call>
5873N/A
5873N/A </sequence>
5873N/A </function>
2788N/A</stax>