'---- Generating Server Certicate -----' { 'certAlias' : 'server-cert' , 'dname' : "uid=server,%s" % (DIRECTORY_INSTANCE_SFX), 'keystore' : 'keystore', 'storepass' : SERVER_STOREPASS, 'keypass' : SERVER_KEYPASS, 'storetype' : 'JKS' } '---- Self-Signing Server Certicate ---- ' { 'certAlias' : 'server-cert' , 'storepass' : SERVER_STOREPASS, 'keypass' : SERVER_KEYPASS, 'keystore' : 'keystore', 'storetype' : 'JKS' } 'Create folder %s' % (CERT_TMP) { 'location' : DIRECTORY_INSTANCE_HOST, 'foldername' : CERT_TMP } { 'returncode' : RC , 'result' : STAXResult } '---- Generating client Certicate : %s ---- ' % (USER_1_CERT) { 'certAlias' : USER_1_CERT, 'dname' : USER_1_DN, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'keypass' : CLIENT_KEYPASS, 'storetype' : 'JKS' } '---- Self-Signing client Certificate : %s ---- ' % (USER_1_CERT) { 'certAlias' : USER_1_CERT, 'storepass' : CLIENT_STOREPASS, 'keypass' : CLIENT_KEYPASS, 'keystore' : CLIENT_KEYSTORE, 'storetype' : 'JKS' } '---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT) { 'certAlias' : USER_2_CERT, 'dname' : USER_2_DN, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'keypass' : CLIENT_KEYPASS, 'storetype' : 'JKS' } '---- Self-Signing client Certificate : %s ---- ' % (USER_2_CERT) { 'certAlias' : USER_2_CERT, 'storepass' : CLIENT_STOREPASS, 'keypass' : CLIENT_KEYPASS, 'keystore' : CLIENT_KEYSTORE, 'storetype' : 'JKS' } '---- Export the Server Certicate ----' { 'certAlias' : 'server-cert' , 'outputfile' : SERVER_CERT_FILE, 'storepass' : SERVER_STOREPASS, 'storetype' : 'JKS' } '---- Export the client certificate : : %s ---- ' % (USER_1_CERT) { 'certAlias' : USER_1_CERT, 'outputfile' : USER_1_CERT_FILE, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'storetype' : 'JKS' } '---- Export the client certificate in RFC : : %s ---- ' % (USER_1_CERT) { 'certAlias' : USER_1_CERT, 'outputfile' : USER_1_CERT_FILE_RFC, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'format' : 'rfc', 'storetype' : 'JKS' } '---- Export the client certificate : : %s ---- ' % (USER_2_CERT) { 'certAlias' : USER_2_CERT, 'outputfile' : USER_2_CERT_FILE, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'storetype' : 'JKS' } '---- Export the client certificate in RFC format : : %s ---- ' % (USER_2_CERT) { 'certAlias' : USER_2_CERT, 'outputfile' : USER_2_CERT_FILE_RFC, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'format' : 'rfc', 'storetype' : 'JKS' } '---- Import the Server Certificate under the client keystore----' { 'certAlias' : 'server-cert', 'inputfile' : SERVER_CERT_FILE, 'storepass' : CLIENT_STOREPASS, 'keystore' : CLIENT_KEYSTORE, 'storetype' : 'JKS' } '---- Import the client Certificates %s under the server keystore----' % (USER_1_CERT) { 'certAlias' : USER_1_CERT, 'inputfile' : USER_1_CERT_FILE, 'storepass' : SERVER_STOREPASS, 'storetype' : 'JKS' } '---- Import the client Certificates %s under the server keystore----' % (USER_2_CERT) { 'certAlias' : USER_2_CERT, 'inputfile' : USER_2_CERT_FILE, 'storepass' : SERVER_STOREPASS, 'storetype' : 'JKS' } '---- Configure SSL and TLS----' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'keystorePin' : SERVER_STOREPASS, 'certAlias' : 'server-cert'} 'Security: Client_auth: Searching with SSL Connection' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_SSL_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsScope' : 'base', 'dsFilter' : 'objectclass=*' , 'dsUseSSL' : ' ', 'dsTrustAll' : ' ', 'expectedRC' : 0 } 'Security: Client_auth: Searching with StartTLS Connection' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'dsBaseDN' : DIRECTORY_INSTANCE_SFX, 'dsScope' : 'base', 'dsFilter' : 'objectclass=*' , 'dsUseStartTLS' : ' ', 'dsTrustAll' : ' ', 'expectedRC' : 0 } '---- Create User entry : %s----' % USER_1_DN { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST , 'dsInstancePort' : DIRECTORY_INSTANCE_PORT , 'dsInstanceDn' : DIRECTORY_INSTANCE_DN , 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD , 'DNToAdd' : USER_1_DN, 'listAttributes' : listAttr, 'expectedRC' : 0 } { 'location' : STAF_REMOTE_HOSTNAME, 'filename' : USER_1_CERT_FILE_RFC } 'Certificate contents:\n %s' % cmdResult 'Copy ldif (%s) file to user entry %s to %s' % (localUser1LdifFile,USER_1_DN,remoteUser1LdifFile) { 'location' : STAXServiceMachine, 'srcfile' : localUser1LdifFile, 'destfile' : remoteUser1LdifFile, 'remotehost' : STAF_REMOTE_HOSTNAME } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : DIRECTORY_INSTANCE_DN, 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'entryToBeModified' : remoteUser1LdifFile, 'expectedRC' : 0 } '---- Create User entry : %s----' % USER_2_DN '---- This user contains an objectclass ds-certificate-user' { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : DIRECTORY_INSTANCE_DN, 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'DNToAdd' : USER_2_DN, 'listAttributes' : listAttr, 'expectedRC' : 0 } { 'location' : STAF_REMOTE_HOSTNAME, 'filename' : USER_2_CERT_FILE_RFC } 'Certificate contents:\n %s' % cmdResult 'Copy ldif (%s) file to user entry %s to %s' % (localUser2LdifFile,USER_2_DN,remoteUser2LdifFile) { 'location' : STAXServiceMachine, 'srcfile' : localUser2LdifFile, 'destfile' : remoteUser2LdifFile, 'remotehost' : STAF_REMOTE_HOSTNAME } { 'dsInstanceHost' : DIRECTORY_INSTANCE_HOST, 'dsInstancePort' : DIRECTORY_INSTANCE_PORT, 'dsInstanceDn' : DIRECTORY_INSTANCE_DN, 'dsInstancePswd' : DIRECTORY_INSTANCE_PSWD, 'entryToBeModified' : '%s' % remoteUser2LdifFile, 'expectedRC' : 0 }