2788N/A<?
xml version="1.0" encoding="UTF-8" standalone="no"?>
2788N/A ! The contents of this file are subject to the terms of the 2788N/A ! Common Development and Distribution License, Version 1.0 only 2788N/A ! (the "License"). You may not use this file except in compliance 2788N/A ! You can obtain a copy of the license at 2788N/A ! See the License for the specific language governing permissions 2788N/A ! and limitations under the License. 2788N/A ! When distributing Covered Code, include this CDDL HEADER in each 2788N/A ! file and include the License file at 2788N/A ! add the following below this CDDL HEADER, with the fields enclosed 2788N/A ! by brackets "[]" replaced with your own identifying information: 2788N/A ! Portions Copyright [yyyy] [name of copyright owner] 5065N/A ! Copyright 2007-2010 Sun Microsystems, Inc. 2788N/A <!-- **************************************************** --> 2788N/A <!-- generate a certificate --> 2788N/A <!-- **************************************************** --> 2788N/A <
function name="genCertificate">
2788N/A This function generates a server certificate
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="dname" type="optional" default="'cn=server,O=Sun Microsystems,C=US'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
2788N/A Path for the key store file
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
2788N/A Password to protect the contents of the key store
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keypass" type="optional" default="'servercert'">
2788N/A Password to protect the private key on the key store: keypass
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
2788N/A The storetype. can be JKS or PKCS12
2788N/A </
function-
arg-
description>
3194N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </
function-
arg-
description>
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A <
call function="'runCommand'">
2788N/A { 'name' : 'Generate a Certificate',
2788N/A 'arguments' : '-genkey -alias %s -keyalg rsa -dname "%s" -keystore %s -storepass %s -keypass %s -storetype %s ' % (certAlias,dname,keystore,storepass,keypass,storetype),
3194N/A <
return>STAXResult</
return>
2788N/A <!-- **************************************************** --> 2788N/A <!-- Self signed a certificate --> 2788N/A <!-- **************************************************** --> 2788N/A <
function name="SelfSignCertificate">
2788N/A This function self-signs a certificate
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
2788N/A Path for the key store file
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
2788N/A Password to protect the contents of the key store
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keypass" type="optional" default="'servercert'">
2788N/A Password to protect the private key on the key store: keypass
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
2788N/A The storetype. can be JKS or PKCS12
2788N/A </
function-
arg-
description>
3194N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </
function-
arg-
description>
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A <
call function="'runCommand'" >
2788N/A { 'name' : 'Generate a Self-Signed Server Certificate',
2788N/A 'arguments' : '-selfcert -alias %s -keystore "%s" -keypass "%s" -storepass "%s" -storetype "%s" ' % (certAlias,keystore,keypass,storepass,storetype),
3194N/A <
return>STAXResult</
return>
2788N/A <!-- **************************************************** --> 2788N/A <!-- Export a certificate --> 2788N/A <!-- **************************************************** --> 2788N/A <
function name="ExportCertificate">
2788N/A This function exports a certificate
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
2788N/A Path for the key store file
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
2788N/A Password to protect the contents of the key store
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="format" type="optional">
2788N/A Format of the certificate. By default, it's in binary encoding
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
2788N/A The storetype. can be JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="outputfile" type="required">
2788N/A Output file to store certificate
2788N/A </
function-
arg-
description>
3194N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </
function-
arg-
description>
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A STAFCmdParams='-%s' % (format)
2788N/A <
call function="'runCommand'">
2788N/A { 'name' : 'Export a Certificate',
2788N/A 'arguments' : '-export -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s %s' % (certAlias,outputfile,keystore,storepass,storetype,STAFCmdParams),
3194N/A <
return>STAXResult</
return>
2788N/A <!-- **************************************************** --> 2788N/A <!-- Import a certificate --> 2788N/A <!-- **************************************************** --> 2788N/A <
function name="ImportCertificate">
2788N/A This function imports a certificate
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
2788N/A Path for the key store file
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
2788N/A Password to protect the contents of the key store
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storetype" type="optional" default="'JKS'">
2788N/A The storetype. can be JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="inputfile" type="required">
2788N/A </
function-
arg-
description>
3194N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </
function-
arg-
description>
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A <
call function="'runCommand'">
2788N/A { 'name' : 'Import a Certificate',
2788N/A 'arguments' : '-import -alias %s -file %s -keystore "%s" -storepass "%s" -storetype %s -noprompt' % (certAlias,inputfile,keystore,storepass,storetype),
3194N/A <
return>STAXResult</
return>
5551N/A <!-- **************************************************** --> 5551N/A <!-- List a certificate --> 5551N/A <!-- **************************************************** --> 5551N/A <
function name="ListCertificate">
5551N/A This function lists a certificate
5551N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
5551N/A </
function-
arg-
description>
5551N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
5551N/A Pathname to installation root
5551N/A </
function-
arg-
description>
5551N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
5551N/A </
function-
arg-
description>
5551N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
5551N/A Path for the key store file
5551N/A </
function-
arg-
description>
5551N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
5551N/A Password to protect the contents of the key store
5551N/A </
function-
arg-
description>
5551N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
5551N/A Expected return code value. Default value is 0.
5551N/A Wildcard 'noCheck' to not check the RC
5551N/A </
function-
arg-
description>
5551N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
5551N/A STAFCmdParams=' '.join(STAFCmdParamsList)
5551N/A <
call function="'runCommand'">
5551N/A { 'name' : 'List a Certificate',
5551N/A 'arguments' : STAFCmdParams ,
5551N/A <
return>STAXResult</
return>
2788N/A <!-- **************************************************** --> 5065N/A <!-- Add certificate to an attribute --> 5065N/A <!-- **************************************************** --> 5065N/A <
function name="addCertificate">
5065N/A This function add certificate to an user attribute
5065N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
def name="user_cert_file_rfc" type="required" default="''">
5065N/A Path to certificate RFC file
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
def name="userdn" type="optional" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
def name="ldif_path" type="required" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
call function="'getFile'">
5073N/A 'location' : STAF_REMOTE_HOSTNAME,
5073N/A 'filename' : user_cert_file_rfc
5073N/A 'Certificate contents:\n %s' % cmdResult
5073N/A <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE --> 5073N/A certList=STAXResult[1].split('\n')
5073N/A outfile = open(addCertificateldif,"w")
5073N/A <
call function="'copyFile'">
5073N/A 'location' : STAXServiceMachine,
5073N/A 'remotehost' : STAF_REMOTE_HOSTNAME
5065N/A <
call function="'modifyEntry'">
5073N/A 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST,
5073N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT,
5073N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN,
5073N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD,
5098N/A 'entryToBeModified' : ldif_path,
5065N/A <!-- **************************************************** --> 2788N/A <!-- get MD5 and SHA1 values --> 2788N/A <!-- **************************************************** --> 2788N/A <
function name="getFingerprint">
2788N/A This function returns the fingerprint MD5 or SHA1
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystore" type="optional" default="'keystore'">
2788N/A Path for the key store file
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="storepass" type="optional" default="'servercert'">
2788N/A Password to protect the contents of the key store
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="fingerprint" type="optional" default="'MD5'">
2788N/A fingerprint. can be MD5 or SHA1
2788N/A </
function-
arg-
description>
3194N/A <
function-
arg-
def name="expectedRC" type="optional" default="0">
3194N/A Expected return code value. Default value is 0.
3194N/A Wildcard 'noCheck' to not check the RC
3194N/A </
function-
arg-
description>
2788N/A dsBinPath='%s/%s' % (dsPath,fileFolder)
2788N/A <
call function="'runCommand'">
2788N/A { 'name' : 'getFingerprint',
2788N/A 'arguments' : ' -list -v -keystore "%s" -storepass "%s" -alias "%s"' % (keystore,storepass,certAlias),
3194N/A <
return>STAXResult</
return>
2788N/A <!-- ################################################## --> 2788N/A <!-- ################################################## --> 2788N/A <
function name="configureSSL">
2788N/A This function makes the configuration changes for SSL
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
4153N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="filepath"/>
2788N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
2788N/A Directory server hostname or IP address
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
3853N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3853N/A Directory server admin port number
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="Port number"/>
2788N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="DN"/>
2788N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
2788N/A Keystore type : JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystorePin" type="optional" default="'servercert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="customKeyMgr" type="optional" default="''">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="customTrustMgr" type="optional" default="''">
2788N/A Name for a new trust manager
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="extraParams" type="optional">
2788N/A Optional extra parameters for specific test cases
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <!--- configure Key Manager Provider --> 2788N/A 'Configure Key Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'create-key-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customKeyMgr ,
5065N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-key-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set key-store-file:
config/
keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
2788N/A <!--- configure Trust Manager Provider --> 2788N/A 'Configure Trust Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'create-trust-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customTrustMgr ,
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:true' ,
2788N/A <!--- Enable LDAPS Connection Handler --> 2788N/A 'Enabling LDAPS Connection Handler - Keystore type'
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"%s"' % (customTrustMgr)
2788N/A option2='--set trust-manager-provider:"Blind Trust"'
2788N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
2788N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
2788N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
2788N/A option5='--set enabled:true --set use-ssl:true'
2788N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A <!-- ################################################## --> 2788N/A <!-- ################################################## --> 2788N/A <
function name="configureTLS">
2788N/A This function makes the configuration changes for startTLS
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
4153N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="filepath"/>
2788N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
2788N/A Directory server hostname or IP address
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
3853N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3853N/A Directory server admin port number
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="Port number"/>
2788N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="DN"/>
2788N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystorePin" type="optional" default="'servercert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="customKeyMgr" type="optional" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
2788N/A Keystore type : JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="extraParams" type="optional">
2788N/A Optional extra parameters for specific test cases
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <!--- configure Key Manager Provider --> 2788N/A 'Configure Key Manager Provider'
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'create-key-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : customKeyMgr ,
5065N/A 'optionsString' : '--type file-based --set enabled:true --set key-store-file:%s --set key-store-pin:%s --set key-store-type:JKS' % (keystoreFile,keystorePin),
5065N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-key-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : keystoreType,
5065N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
2788N/A <!--- configure Trust Manager Provider --> 2788N/A 'Configure Trust Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:true',
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"Blind Trust" '
5065N/A option3='--set key-manager-provider:"%s"' % (customKeyMgr)
5065N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
5065N/A option4='--set allow-start-tls:true'
5065N/A optionsString='%s %s %s %s' % (option1,option2,option3,option4)
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : optionsString,
5065N/A <!-- ################################################## --> 5065N/A <!-- ################################################## --> 5065N/A <
function name="configureSASL">
5065N/A This function makes the configuration changes for SASL
5065N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="hostname"/>
5065N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_DIR,OPENDSNAME)">
5065N/A Pathname to installation root
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="filepath"/>
5065N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
5065N/A Directory server hostname or IP address
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="hostname"/>
5065N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
5065N/A Directory server admin port number
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="Port number"/>
5065N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
def name="certAlias" type="optional" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="DN"/>
5065N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="keystorePin" type="optional" default="'keystorepass'">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
5065N/A Keystore type : JKS or PKCS12
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="createTrustMgr" type="optional" default="False">
5065N/A Create or enable custom key Manager.
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="enum">
5065N/A <
function-
arg-
property-
description>
5065N/A This argument can only have boolean values
5065N/A </
function-
arg-
property-
description>
5065N/A <
function-
arg-
property-
data type="choice" value="True"/>
5065N/A <
function-
arg-
property-
data type="choice" value="False"/>
5065N/A <
function-
arg-
def name="createKeyMgr" type="optional" default="False">
5065N/A Create or enable custom key Manager.
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="enum">
5065N/A <
function-
arg-
property-
description>
5065N/A This argument can only have boolean values
5065N/A </
function-
arg-
property-
description>
5065N/A <
function-
arg-
property-
data type="choice" value="True"/>
5065N/A <
function-
arg-
property-
data type="choice" value="False"/>
5065N/A <
function-
arg-
def name="KeyMgr" type="optional" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="trustMgr" type="optional" default="''">
5065N/A Name for a new trust manager
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="truststoreType" type="optional" default="'JKS'">
5065N/A Truststore type : JKS or PKCS12
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="truststorePin" type="optional" default="'truststorepass'">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="certMapper" type="optional" default="'Subject Equals DN'">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="handlerName" type="optional" default="'EXTERNAL'">
5065N/A SASL mechanism handler name
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="optionSaSL" type="optional" default="''">
5065N/A SASL mechanism handler options
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="optionMapper" type="optional" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="extraParams" type="optional">
5065N/A Optional extra parameters for specific test cases
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <!--- configure Key Manager Provider --> 5065N/A 'Configure Key Manager Provider'
5065N/A <
if expr="createKeyMgr == True">
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'create-key-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'optionsString' : '--set key-store-file:%s --set key-store-pin:%s --set key-store-type:%s --type file-based --set enabled:true --no-prompt ' % (keystoreFile,keystorePin,truststoreType),
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-key-manager-provider-prop' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'optionsString' : '--set key-store-file:%s --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % (keystoreFile,keystorePin),
5065N/A <!--- configure Trust Manager Provider --> 5065N/A 'Configure Trust Manager Provider'
5065N/A <
if expr="createTrustMgr == True">
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'create-trust-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --type file-based --set trust-store-type:%s --set enabled:true ' %(truststoreFile,truststorePin,truststoreType),
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'optionsString' : '--set trust-store-file:%s --set trust-store-pin:%s --set enabled:true' %(truststoreFile,truststorePin),
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : 'Blind Trust',
5065N/A 'optionsString' : '--set enabled:true' ,
5065N/A <!--- Enable LDAPS Connection Handler --> 5065N/A 'Enabling LDAPS Connection Handler - Keystore type'
5065N/A option1='--set ssl-cert-nickname:%s' % certAlias
5065N/A option2='--set trust-manager-provider:"%s"' % (trustMgr)
5065N/A option2='--set trust-manager-provider:"Blind Trust"'
5065N/A option3='--set key-manager-provider:"%s"' % (KeyMgr)
5065N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
5065N/A option5='--set enabled:true --set use-ssl:true --set ssl-client-auth-policy:required'
5065N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-connection-handler-prop',
5065N/A 'objectType' : 'handler-name' ,
5065N/A 'objectName' : 'LDAPS Connection Handler',
5065N/A 'optionsString' : optionsString,
5065N/A <!--- Setting the mapper --> 5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-certificate-mapper-prop',
5065N/A 'objectType' : 'mapper-name' ,
5065N/A 'optionsString' : '--set enabled:true --no-prompt %s'%optionMapper,
5065N/A <!--- Setting the sasl mechanism --> 5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-sasl-mechanism-handler-prop',
5065N/A 'objectType' : 'handler-name' ,
5065N/A 'objectName' : handlerName,
5065N/A 'optionsString' : '--set certificate-mapper:"%s" --set enabled:true --no-prompt %s'%(certMapper,optionSaSL),
2788N/A <!-- ################################################## --> 2788N/A <!-- configure SSL and TLS --> 2788N/A <!-- ################################################## --> 2788N/A <
function name="configureSSL_TLS">
2788N/A This function makes the configuration changes for SSL and TLS
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
4153N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="filepath"/>
2788N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
2788N/A Directory server hostname or IP address
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
3853N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' % DIRECTORY_INSTANCE_ADMIN_PORT">
3853N/A Directory server admin port number
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="Port number"/>
2788N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="DN"/>
2788N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
2788N/A Keystore type : JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="certAlias" type="optional" default="'server-cert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
def name="keystorePin" type="optional" default="'servercert'">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="extraParams" type="optional">
2788N/A Optional extra parameters for specific test cases
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <!--- configure Key Manager Provider --> 2788N/A 'Configure Key Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3853N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
3853N/A 'subcommand' : 'set-key-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set key-store-file:
config/
keystore --reset key-store-pin-file --set key-store-pin:%s --set enabled:true' % keystorePin,
2788N/A <!--- configure Trust Manager Provider --> 2788N/A 'Configure Trust Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
3853N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
3853N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:true' ,
2788N/A <!--- Enable LDAPS Connection Handler --> 2788N/A 'Enabling LDAPS Connection Handler - Keystore type'
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"Blind Trust"'
2788N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
2788N/A option4='--set listen-port:%s' % DIRECTORY_INSTANCE_SSL_PORT
2788N/A option5='--set enabled:true --set use-ssl:true'
2788N/A optionsString='%s %s %s %s %s' % (option1,option2,option3,option4,option5)
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3853N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
3853N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A option1='--set ssl-cert-nickname:%s' % certAlias
2788N/A option2='--set trust-manager-provider:"Blind Trust" '
2788N/A option3='--set key-manager-provider:"%s"' % (keystoreType)
2788N/A option4='--set allow-start-tls:true'
2788N/A optionsString='%s %s %s %s' % (option1,option2,option3,option4)
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : optionsString,
2788N/A <!-- ################################################## --> 2788N/A <!-- ################################################## --> 2788N/A <
function name="unconfigureSSL">
2788N/A This function reverses the configuration changes for SSL
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
4153N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="filepath"/>
2788N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
2788N/A Directory server hostname or IP address
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
3853N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
3853N/A Directory server admin port number
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="Port number"/>
2788N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="DN"/>
2788N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
2788N/A Keystore type : JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="customKeyMgr" type="optional" default="''">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="customTrustMgr" type="optional" default="''">
2788N/A Name for a new trust manager
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="extraParams" type="optional">
2788N/A Optional extra parameters for specific test cases
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <!--- Disable LDAPS Connection Handler --> 2788N/A 'Disabling LDAPS Connection Handler'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop' ,
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : '--set enabled:false --set use-ssl:false',
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop' ,
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
2788N/A <!--- Disable SSL Trust Manager Provider --> 2788N/A 'Disabling SSL Trust Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'delete-trust-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customTrustMgr ,
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:false',
2788N/A <!--- Disable Key Manager Provider --> 2788N/A 'Disabling Key Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'delete-key-manager-provider' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : customKeyMgr ,
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-key-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set enabled:false',
2788N/A <!-- ################################################## --> 2788N/A <!-- ################################################## --> 2788N/A <
function name="unconfigureTLS">
2788N/A This function reverses the configuration changes for startTLS
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
4153N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="filepath"/>
2788N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
2788N/A Directory server hostname or IP address
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
3853N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
3853N/A Directory server admin port number
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="Port number"/>
2788N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="DN"/>
2788N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
5065N/A <
function-
arg-
def name="customKeyMgr" type="optional" default="''">
5065N/A </
function-
arg-
description>
5065N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
2788N/A Keystore type : JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="extraParams" type="optional">
2788N/A Optional extra parameters for specific test cases
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : ' --set allow-start-tls:false',
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'set-connection-handler-prop' ,
5065N/A 'objectType' : 'handler-name' ,
5065N/A 'objectName' : 'LDAP Connection Handler',
5065N/A 'optionsString' : '--reset key-manager-provider --reset trust-manager-provider --reset ssl-cert-nickname',
2788N/A <!--- Disable SSL Trust Manager Provider --> 2788N/A 'Disabling SSL Trust Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:false',
2788N/A <!--- Disable Key Manager Provider --> 2788N/A 'Disabling Key Manager Provider'
5065N/A <
call function="'dsconfig'">
5065N/A 'dsInstanceHost' : dsInstanceHost ,
5065N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
5065N/A 'dsInstanceDn' : dsInstanceDn ,
5065N/A 'dsInstancePswd' : dsInstancePswd ,
5065N/A 'subcommand' : 'delete-key-manager-provider' ,
5065N/A 'objectType' : 'provider-name' ,
5065N/A 'objectName' : customKeyMgr ,
5065N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
3853N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
3853N/A 'subcommand' : 'set-key-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : keystoreType,
3853N/A 'optionsString' : '--set enabled:false',
2788N/A <!-- ################################################## --> 2788N/A <!-- Unconfigure SSL and TLS --> 2788N/A <!-- ################################################## --> 2788N/A <
function name="unconfigureSSL_TLS">
2788N/A This function reverses the configuration changes for SSL and TLS
2788N/A <
function-
arg-
def name="location" type="optional" default="STAF_REMOTE_HOSTNAME">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
4153N/A <
function-
arg-
def name="dsPath" type="optional" default="'%s/%s' % (DIRECTORY_INSTANCE_BIN,OPENDSNAME)">
2788N/A Pathname to installation root
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="filepath"/>
2788N/A <
function-
arg-
def name="dsInstanceHost" type="optional">
2788N/A Directory server hostname or IP address
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="hostname"/>
3853N/A <
function-
arg-
def name="dsInstanceAdminPort" type="optional" default="'%s' %DIRECTORY_INSTANCE_ADMIN_PORT">
3853N/A Directory server admin port number
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="Port number"/>
2788N/A <
function-
arg-
def name="dsInstanceDn" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="DN"/>
2788N/A <
function-
arg-
def name="dsInstancePswd" type="optional">
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="keystoreType" type="optional" default="'JKS'">
2788N/A Keystore type : JKS or PKCS12
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <
function-
arg-
def name="extraParams" type="optional">
2788N/A Optional extra parameters for specific test cases
2788N/A </
function-
arg-
description>
2788N/A <
function-
arg-
property name="type" value="string"/>
2788N/A <!--- Disable LDAPS Connection Handler --> 2788N/A 'Disabling LDAPS Connection Handler'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-connection-handler-prop',
2788N/A 'objectType' : 'handler-name',
2788N/A 'objectName' : 'LDAPS Connection Handler',
2788N/A 'optionsString' : '--set enabled:false --set use-ssl:false',
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost ,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort ,
2788N/A 'dsInstanceDn' : dsInstanceDn ,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-connection-handler-prop' ,
2788N/A 'objectType' : 'handler-name' ,
2788N/A 'objectName' : 'LDAP Connection Handler',
2788N/A 'optionsString' : ' --set allow-start-tls:false',
2788N/A <!--- Disable SSL Trust Manager Provider --> 2788N/A 'Disabling SSL Trust Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd ,
2788N/A 'subcommand' : 'set-trust-manager-provider-prop' ,
2788N/A 'objectType' : 'provider-name' ,
2788N/A 'objectName' : 'Blind Trust',
2788N/A 'optionsString' : '--set enabled:false' ,
2788N/A <!--- Disable Key Manager Provider --> 2788N/A 'Disabling Key Manager Provider'
2788N/A <
call function="'dsconfig'">
2788N/A 'dsInstanceHost' : dsInstanceHost,
3853N/A 'dsInstanceAdminPort' : dsInstanceAdminPort,
2788N/A 'dsInstanceDn' : dsInstanceDn,
2788N/A 'dsInstancePswd' : dsInstancePswd,
2788N/A 'subcommand' : 'set-key-manager-provider-prop',
2788N/A 'objectType' : 'provider-name',
2788N/A 'objectName' : keystoreType,
2788N/A 'optionsString' : '--set enabled:false',
5873N/A <
function name="createStrongUserEntries" scope="local">
5873N/A This creates strongAuthenticationUser entries with userCertificates
5873N/A <
function-
arg-
def name="location" type="required">
5873N/A </
function-
arg-
description>
5873N/A <
function-
arg-
property name="type" value="hostname"/>
5873N/A <
function-
arg-
def name="certificate" type="required">
5873N/A </
function-
arg-
description>
5873N/A <
function-
arg-
property name="type" value="string"/>
5873N/A <
function-
arg-
def name="filename" type="required">
5873N/A </
function-
arg-
description>
5873N/A <
function-
arg-
property name="type" value="filename"/>
5873N/A <
function-
arg-
def name="userdn" type="required">
5873N/A </
function-
arg-
description>
5873N/A <
function-
arg-
property name="type" value="DN"/>
5873N/A <
function-
arg-
def name="localLdifFile" type="required">
5873N/A </
function-
arg-
description>
5873N/A <
function-
arg-
property name="type" value="filename"/>
5873N/A <
function-
arg-
def name="remoteLdifFile" type="required">
5873N/A </
function-
arg-
description>
5873N/A <
function-
arg-
property name="type" value="filename"/>
5873N/A <!-- Get a certificate from a file in PEM format --> 5873N/A <
call function="'getFile'">
5873N/A 'Certificate contents:\n %s' % cmdResult
5873N/A <!-- Extract BEGIN CERTIFICATE and END CERTIFICATE --> 5873N/A certList=STAXResult[1].split('\n')
5873N/A <!-- Create ldif for users entries and add userCertificate --> 5873N/A <
message> '---- Create User entry : %s----' % userdn</
message>
5873N/A <!-- Write out the ldif of users entry--> 5873N/A outfile = open(localLdifFile,"w")
5873N/A <!-- Copy the ldif file containing userCertificate to remote host --> 5873N/A 'Copy ldif (%s) file to user entry %s to %s' % (localLdifFile,userdn,remoteLdifFile)
5873N/A <
call function="'copyFile'">
5873N/A { 'location' : STAXServiceMachine,
5873N/A 'destfile' : remoteLdifFile,
5873N/A <!-- Add the users entry into the LDAP server --> 5873N/A <
call function="'ldapModifyWithScript'">
5873N/A 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST ,
5873N/A 'dsInstancePort' : DIRECTORY_INSTANCE_PORT ,
5873N/A 'dsInstanceDn' : DIRECTORY_INSTANCE_DN ,
5873N/A 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD ,
5873N/A 'dsFilename' : remoteLdifFile