'---- Generating Server Certicate -----' { 'certAlias' : 'server-cert' , 'dname' : "uid=server,%s" % (DIRECTORY_INSTANCE_SFX), 'keystore' : 'keystore', 'storepass' : SERVER_STOREPASS, 'keypass' : SERVER_KEYPASS, 'storetype' : 'JKS' } '---- Self-Signing Server Certicate ---- ' { 'certAlias' : 'server-cert' , 'storepass' : SERVER_STOREPASS, 'keypass' : SERVER_KEYPASS, 'keystore' : 'keystore', 'storetype' : 'JKS' } 'Create folder %s' % (CERT_TMP) { 'location' : '%s' % (DIRECTORY_INSTANCE_HOST), 'foldername' : '%s' % (CERT_TMP) } { 'returncode' : RC , 'result' : STAXResult } '---- Generating client Certicate : %s ---- ' % (USER_1_CERT) { 'certAlias' : '%s' % USER_1_CERT, 'dname' : '%s' % (USER_1_DN), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'keypass' : '%s' % (CLIENT_KEYPASS), 'storetype' : 'JKS' } '---- Self-Signing client Certificate : %s ---- ' % (USER_1_CERT) { 'certAlias' : '%s' % USER_1_CERT, 'storepass' : '%s' % (CLIENT_STOREPASS), 'keypass' : '%s' % (CLIENT_KEYPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'storetype' : 'JKS' } '---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT) { 'certAlias' : '%s' % USER_2_CERT, 'dname' : '%s' % (USER_2_DN), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'keypass' : '%s' % (CLIENT_KEYPASS), 'storetype' : 'JKS' } '---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT) { 'certAlias' : '%s' % USER_2_CERT, 'storepass' : '%s' % (CLIENT_STOREPASS), 'keypass' : '%s' % (CLIENT_KEYPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'storetype' : 'JKS' } '---- Export the Server Certicate ----' { 'certAlias' : 'server-cert' , 'outputfile' : '%s' % (SERVER_CERT_FILE), 'storepass' : SERVER_STOREPASS, 'storetype' : 'JKS' } '---- Export the client certificate : : %s ---- ' % (USER_1_CERT) { 'certAlias' : '%s' % USER_1_CERT, 'outputfile' : '%s' % (USER_1_CERT_FILE), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'storetype' : 'JKS' } '---- Export the client certificate in RFC : : %s ---- ' % (USER_1_CERT) { 'certAlias' : '%s' % USER_1_CERT, 'outputfile' : '%s' % (USER_1_CERT_FILE_RFC), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'format' : 'rfc', 'storetype' : 'JKS' } '---- Export the client certificate : : %s ---- ' % (USER_2_CERT) { 'certAlias' :'%s' % USER_2_CERT, 'outputfile' : '%s' % (USER_2_CERT_FILE), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'storetype' : 'JKS' } '---- Export the client certificate in RFC format : : %s ---- ' % (USER_2_CERT) { 'certAlias' :'%s' % USER_2_CERT, 'outputfile' : '%s' % (USER_2_CERT_FILE_RFC), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'format' : 'rfc', 'storetype' : 'JKS' } '---- Import the Server Certificate under the client keystore----' { 'certAlias' : 'server-cert' , 'inputfile' : '%s' % (SERVER_CERT_FILE), 'storepass' : '%s' % (CLIENT_STOREPASS), 'keystore' : '%s' % (CLIENT_KEYSTORE), 'storetype' : 'JKS' } '---- Import the client Certificates %s under the server keystore----' % (USER_1_CERT) { 'certAlias' : '%s' % (USER_1_CERT), 'inputfile' : '%s' % (USER_1_CERT_FILE), 'storepass' : SERVER_STOREPASS, 'storetype' : 'JKS' } '---- Import the client Certificates %s under the server keystore----' % (USER_2_CERT) { 'certAlias' : '%s' % (USER_2_CERT), 'inputfile' : '%s' % (USER_2_CERT_FILE), 'storepass' : SERVER_STOREPASS, 'storetype' : 'JKS' } '---- Configure SSL ----' 'Enabling Key Manager Provider' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeModified' : '%s/security/client_auth/setup/enable_key_mgr_provider.ldif' % (logsRemoteDataDir), 'expectedRC' : 0 } 'Enabling Trust Manager Provider' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeModified' : '%s/security/client_auth/setup/enable_trust_mgr_provider.ldif' % (logsRemoteDataDir), 'expectedRC' : 0 } 'Enabling LDAPS Connection Handler - Port number' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeModified' : '%s/security/ldaps_port.ldif' % (logsRemoteDataDir), 'expectedRC' : 0 } 'Enabling LDAPS Connection Handler - Keystore type' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeModified' : '%s/security/client_auth/setup/enable_ldaps_conn_handler.ldif' % (logsRemoteDataDir), 'expectedRC' : 0 } 'Enabling StartTLS' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeAdded' : '%s/security/client_auth/setup/enable_startTLS.ldif' % (logsRemoteDataDir), 'expectedRC' : 0 } 'Security: Client_auth: Searching with SSL Connection' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsScope' : 'base', 'dsFilter' : 'objectclass=*' , 'dsUseSSL' : ' ', 'dsTrustAll' : ' ', 'expectedRC' : 0 } 'Security: Client_auth: Searching with StartTLS Connection' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsScope' : 'base', 'dsFilter' : 'objectclass=*' , 'dsUseStartTLS' : ' ', 'dsTrustAll' : ' ', 'expectedRC' : 0 } '---- Create User entry : %s----' % USER_1_DN { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToAdd' : USER_1_DN, 'listAttributes' : listAttr, 'expectedRC' : 0 } 'Copy ldif (%s) file to user entry %s to %s' % (localUser1LdifFile,USER_1_DN,remoteUser1LdifFile) { 'location' : STAXServiceMachine, 'srcfile' : localUser1LdifFile, 'destfile' : remoteUser1LdifFile, 'remotehost' : STAF_REMOTE_HOSTNAME } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeModified' : '%s' % remoteUser1LdifFile, 'expectedRC' : 0 } '---- Create User entry : %s----' % USER_2_DN '---- This user contains an objectclass ds-certificate-user' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToAdd' : USER_2_DN, 'listAttributes' : listAttr, 'expectedRC' : 0 } 'Copy ldif (%s) file to user entry %s to %s' % (localUser2LdifFile,USER_2_DN,remoteUser2LdifFile) { 'location' : STAXServiceMachine, 'srcfile' : localUser2LdifFile, 'destfile' : remoteUser2LdifFile, 'remotehost' : STAF_REMOTE_HOSTNAME } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'entryToBeModified' : '%s' % remoteUser2LdifFile, 'expectedRC' : 0 }