From c895fae6e5be1cd7c5e20267b42975953c1f3fa3 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 25 Feb 2025 22:06:25 -0600 Subject: [PATCH 1/2] Split tpsclient into libpki-tps.so Most of the code in tpsclient has been moved into libpki-tps.so (i.e. reverting commit 65d1a36e6dcddf8ab2bf24ad072bbd26753c4a4e) such that it can be reused by other tools. The main() function itself has been moved into tpsclient.cpp. --- .../src/main/native/tpsclient/CMakeLists.txt | 103 +--------------- .../main/native/tpsclient/src/CMakeLists.txt | 110 ++++++++++++++++++ .../raclient => src/include/main}/RA_Client.h | 4 +- .../raclient => src/include/main}/RA_Conn.h | 2 +- .../raclient => src/include/main}/RA_Token.h | 0 .../raclient => src/main}/RA_Client.cpp | 75 +----------- .../{tools/raclient => src/main}/RA_Conn.cpp | 2 +- .../{tools/raclient => src/main}/RA_Token.cpp | 2 +- .../native/tpsclient/tools/CMakeLists.txt | 1 + .../tpsclient/tools/raclient/CMakeLists.txt | 36 ++++++ .../tpsclient/tools/raclient/tpsclient.cpp | 93 +++++++++++++++ build.sh | 3 +- pki.spec | 1 + 13 files changed, 254 insertions(+), 178 deletions(-) create mode 100644 base/tools/src/main/native/tpsclient/src/CMakeLists.txt rename base/tools/src/main/native/tpsclient/{tools/raclient => src/include/main}/RA_Client.h (97%) rename base/tools/src/main/native/tpsclient/{tools/raclient => src/include/main}/RA_Conn.h (98%) rename base/tools/src/main/native/tpsclient/{tools/raclient => src/include/main}/RA_Token.h (100%) rename base/tools/src/main/native/tpsclient/{tools/raclient => src/main}/RA_Client.cpp (96%) rename base/tools/src/main/native/tpsclient/{tools/raclient => src/main}/RA_Conn.cpp (99%) rename base/tools/src/main/native/tpsclient/{tools/raclient => src/main}/RA_Token.cpp (99%) create mode 100644 base/tools/src/main/native/tpsclient/tools/CMakeLists.txt create mode 100644 base/tools/src/main/native/tpsclient/tools/raclient/CMakeLists.txt create mode 100644 base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp diff --git a/base/tools/src/main/native/tpsclient/CMakeLists.txt b/base/tools/src/main/native/tpsclient/CMakeLists.txt index 4804c7f674c..0c10188d312 100644 --- a/base/tools/src/main/native/tpsclient/CMakeLists.txt +++ b/base/tools/src/main/native/tpsclient/CMakeLists.txt @@ -36,99 +36,8 @@ SET(CMAKE_INSTALL_RPATH "${LIB_INSTALL_DIR}/tps") # which point to directories outside the build tree to the install RPATH SET(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) -set(TPS_INCLUDE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/src/include) - -set(TPS_PUBLIC_INCLUDE_DIRS - ${CMAKE_CURRENT_BINARY_DIR} - ${CMAKE_CURRENT_SOURCE_DIR} - ${TPS_INCLUDE_DIR} - CACHE INTERNAL "TPS public include directories" -) - -set(TPS_PRIVATE_INCLUDE_DIRS - ${TPS_PUBLIC_INCLUDE_DIRS} - ${CMAKE_BINARY_DIR} - ${NSPR_INCLUDE_DIRS} - ${NSS_INCLUDE_DIRS} - ${APR_INCLUDE_DIRS} - ${LDAP_INCLUDE_DIRS} -) - -set(tpsclient_SRCS - src/main/Buffer.cpp - src/main/NameValueSet.cpp - src/main/Util.cpp - src/main/RA_Msg.cpp - src/main/Memory.cpp - src/main/AuthParams.cpp - src/apdu/APDU.cpp - src/apdu/Unblock_Pin_APDU.cpp - src/apdu/Create_Object_APDU.cpp - src/apdu/Set_Pin_APDU.cpp - src/apdu/Set_IssuerInfo_APDU.cpp - src/apdu/Get_IssuerInfo_APDU.cpp - src/apdu/Create_Pin_APDU.cpp - src/apdu/List_Pins_APDU.cpp - src/apdu/Initialize_Update_APDU.cpp - src/apdu/Get_Version_APDU.cpp - src/apdu/Get_Status_APDU.cpp - src/apdu/Get_Data_APDU.cpp - src/apdu/External_Authenticate_APDU.cpp - src/apdu/Generate_Key_APDU.cpp - src/apdu/Generate_Key_ECC_APDU.cpp - src/apdu/Read_Buffer_APDU.cpp - src/apdu/Read_Object_APDU.cpp - src/apdu/Write_Object_APDU.cpp - src/apdu/Put_Key_APDU.cpp - src/apdu/Select_APDU.cpp - src/apdu/Delete_File_APDU.cpp - src/apdu/Install_Applet_APDU.cpp - src/apdu/Format_Muscle_Applet_APDU.cpp - src/apdu/Load_File_APDU.cpp - src/apdu/Install_Load_APDU.cpp - src/apdu/Lifecycle_APDU.cpp - src/apdu/List_Objects_APDU.cpp - src/apdu/Import_Key_APDU.cpp - src/apdu/Import_Key_Enc_APDU.cpp - src/apdu/APDU_Response.cpp - src/apdu/Get_Lifecycle_APDU.cpp - src/msg/RA_Begin_Op_Msg.cpp - src/msg/RA_End_Op_Msg.cpp - src/msg/RA_Login_Request_Msg.cpp - src/msg/RA_Login_Response_Msg.cpp - src/msg/RA_SecureId_Request_Msg.cpp - src/msg/RA_SecureId_Response_Msg.cpp - src/msg/RA_ASQ_Request_Msg.cpp - src/msg/RA_ASQ_Response_Msg.cpp - src/msg/RA_New_Pin_Request_Msg.cpp - src/msg/RA_New_Pin_Response_Msg.cpp - src/msg/RA_Token_PDU_Request_Msg.cpp - src/msg/RA_Token_PDU_Response_Msg.cpp - src/msg/RA_Status_Update_Request_Msg.cpp - src/msg/RA_Status_Update_Response_Msg.cpp - src/msg/RA_Extended_Login_Request_Msg.cpp - src/msg/RA_Extended_Login_Response_Msg.cpp - tools/raclient/RA_Client.cpp - tools/raclient/RA_Conn.cpp - tools/raclient/RA_Token.cpp -) - -set(TPS_EXECUTABLE - tpsclient - CACHE INTERNAL "tpsclient executable" -) - -set(TPS_LINK_LIBRARIES - ${NSPR_LIBRARIES} - ${NSS_LIBRARIES} - ${APR_LIBRARIES} - ${LDAP_LIBRARIES} -) - -include_directories(${TPS_PRIVATE_INCLUDE_DIRS}) - -add_executable(${TPS_EXECUTABLE} ${tpsclient_SRCS}) -target_link_libraries(${TPS_EXECUTABLE} ${TPS_LINK_LIBRARIES}) +add_subdirectory(src) +add_subdirectory(tools) add_custom_target(tpsclient-man ALL COMMENT "Creating PKI server manuals") @@ -139,14 +48,6 @@ add_custom_command( COMMAND go-md2man -in ${CMAKE_SOURCE_DIR}/docs/manuals/man1/tpsclient.1.md -out man/man1/tpsclient.1 ) -install( - TARGETS - ${TPS_EXECUTABLE} - RUNTIME DESTINATION ${BIN_INSTALL_DIR} - LIBRARY DESTINATION ${LIB_INSTALL_DIR}/tps - ARCHIVE DESTINATION ${LIB_INSTALL_DIR}/tps -) - install( DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/man/ diff --git a/base/tools/src/main/native/tpsclient/src/CMakeLists.txt b/base/tools/src/main/native/tpsclient/src/CMakeLists.txt new file mode 100644 index 00000000000..0729806252a --- /dev/null +++ b/base/tools/src/main/native/tpsclient/src/CMakeLists.txt @@ -0,0 +1,110 @@ +project(tps_library CXX) + +set(TPS_INCLUDE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/include) + +set(TPS_PUBLIC_INCLUDE_DIRS + ${CMAKE_CURRENT_BINARY_DIR} + ${CMAKE_CURRENT_SOURCE_DIR} + ${TPS_INCLUDE_DIR} + CACHE INTERNAL "TPS public include directories" +) + +set(TPS_PRIVATE_INCLUDE_DIRS + ${TPS_PUBLIC_INCLUDE_DIRS} + ${CMAKE_BINARY_DIR} + ${JNI_INCLUDE_DIRS} + ${NSS_INCLUDE_DIRS} + ${NSPR_INCLUDE_DIRS} + ${APR_INCLUDE_DIRS} + ${LDAP_INCLUDE_DIRS} +) + +set(TPS_SHARED_LIBRARY + tps_library + CACHE INTERNAL "TPS shared library" +) + +set(TPS_LINK_LIBRARIES + ${NSPR_LIBRARIES} + ${NSS_LIBRARIES} + ${APR_LIBRARIES} + ${LDAP_LIBRARIES} +) + +set(tps_library_SRCS + main/Buffer.cpp + main/NameValueSet.cpp + main/Util.cpp + main/RA_Client.cpp + main/RA_Conn.cpp + main/RA_Msg.cpp + main/RA_Token.cpp + main/Memory.cpp + main/AuthParams.cpp + apdu/APDU.cpp + apdu/Unblock_Pin_APDU.cpp + apdu/Create_Object_APDU.cpp + apdu/Set_Pin_APDU.cpp + apdu/Set_IssuerInfo_APDU.cpp + apdu/Get_IssuerInfo_APDU.cpp + apdu/Create_Pin_APDU.cpp + apdu/List_Pins_APDU.cpp + apdu/Initialize_Update_APDU.cpp + apdu/Get_Version_APDU.cpp + apdu/Get_Status_APDU.cpp + apdu/Get_Data_APDU.cpp + apdu/External_Authenticate_APDU.cpp + apdu/Generate_Key_APDU.cpp + apdu/Generate_Key_ECC_APDU.cpp + apdu/Read_Buffer_APDU.cpp + apdu/Read_Object_APDU.cpp + apdu/Write_Object_APDU.cpp + apdu/Put_Key_APDU.cpp + apdu/Select_APDU.cpp + apdu/Delete_File_APDU.cpp + apdu/Install_Applet_APDU.cpp + apdu/Format_Muscle_Applet_APDU.cpp + apdu/Load_File_APDU.cpp + apdu/Install_Load_APDU.cpp + apdu/Lifecycle_APDU.cpp + apdu/List_Objects_APDU.cpp + apdu/Import_Key_APDU.cpp + apdu/Import_Key_Enc_APDU.cpp + apdu/APDU_Response.cpp + apdu/Get_Lifecycle_APDU.cpp + msg/RA_Begin_Op_Msg.cpp + msg/RA_End_Op_Msg.cpp + msg/RA_Login_Request_Msg.cpp + msg/RA_Login_Response_Msg.cpp + msg/RA_SecureId_Request_Msg.cpp + msg/RA_SecureId_Response_Msg.cpp + msg/RA_ASQ_Request_Msg.cpp + msg/RA_ASQ_Response_Msg.cpp + msg/RA_New_Pin_Request_Msg.cpp + msg/RA_New_Pin_Response_Msg.cpp + msg/RA_Token_PDU_Request_Msg.cpp + msg/RA_Token_PDU_Response_Msg.cpp + msg/RA_Status_Update_Request_Msg.cpp + msg/RA_Status_Update_Response_Msg.cpp + msg/RA_Extended_Login_Request_Msg.cpp + msg/RA_Extended_Login_Response_Msg.cpp +) + +include_directories(${TPS_PRIVATE_INCLUDE_DIRS}) + +add_library(${TPS_SHARED_LIBRARY} SHARED ${tps_library_SRCS}) +target_link_libraries(${TPS_SHARED_LIBRARY} ${TPS_LINK_LIBRARIES}) + +set_target_properties( + ${TPS_SHARED_LIBRARY} + PROPERTIES + OUTPUT_NAME + pki-tps +) + +install( + TARGETS + ${TPS_SHARED_LIBRARY} + LIBRARY DESTINATION ${LIB_INSTALL_DIR} +) + diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Client.h b/base/tools/src/main/native/tpsclient/src/include/main/RA_Client.h similarity index 97% rename from base/tools/src/main/native/tpsclient/tools/raclient/RA_Client.h rename to base/tools/src/main/native/tpsclient/src/include/main/RA_Client.h index 6ab2ecf97e0..a9061ec3356 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Client.h +++ b/base/tools/src/main/native/tpsclient/src/include/main/RA_Client.h @@ -39,8 +39,8 @@ #include "prthread.h" #include "main/NameValueSet.h" -#include "RA_Conn.h" -#include "RA_Token.h" +#include "main/RA_Conn.h" +#include "main/RA_Token.h" enum RequestType { OP_CLIENT_ENROLL = 0, diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Conn.h b/base/tools/src/main/native/tpsclient/src/include/main/RA_Conn.h similarity index 98% rename from base/tools/src/main/native/tpsclient/tools/raclient/RA_Conn.h rename to base/tools/src/main/native/tpsclient/src/include/main/RA_Conn.h index 307166eaf87..ee8d2b42d47 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Conn.h +++ b/base/tools/src/main/native/tpsclient/src/include/main/RA_Conn.h @@ -39,7 +39,7 @@ #include #include "prio.h" -#include "RA_Token.h" +#include "main/RA_Token.h" #include "main/RA_Msg.h" #include "main/Buffer.h" #include "apdu/APDU.h" diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Token.h b/base/tools/src/main/native/tpsclient/src/include/main/RA_Token.h similarity index 100% rename from base/tools/src/main/native/tpsclient/tools/raclient/RA_Token.h rename to base/tools/src/main/native/tpsclient/src/include/main/RA_Token.h diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Client.cpp b/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp similarity index 96% rename from base/tools/src/main/native/tpsclient/tools/raclient/RA_Client.cpp rename to base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp index 752da2be853..1dd8e07a0d5 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Client.cpp +++ b/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp @@ -21,18 +21,21 @@ #include #include #include -#include "prinrval.h" +#include "prinrval.h" #include "prmem.h" #include "prsystem.h" #include "plstr.h" #include "prio.h" #include "prprf.h" #include "pk11func.h" +#include "nss.h" #include "main/NameValueSet.h" #include "main/Util.h" +#include "main/RA_Client.h" #include "main/RA_Msg.h" +#include "main/RA_Token.h" #include "authentication/AuthParams.h" #include "apdu/APDU_Response.h" #include "apdu/Initialize_Update_APDU.h" @@ -54,10 +57,6 @@ #include "msg/RA_ASQ_Response_Msg.h" #include "msg/RA_Status_Update_Request_Msg.h" #include "msg/RA_Status_Update_Response_Msg.h" -#include "RA_Token.h" -#include "RA_Client.h" - -#include "nss.h" static PRFileDesc *m_fd_debug = (PRFileDesc *) NULL; PRBool old_style = PR_TRUE; @@ -1632,69 +1631,3 @@ RA_Client::Execute () } } } /* Execute */ - -char * -ownPasswd (PK11SlotInfo * slot, PRBool retry, void *arg) -{ - return PL_strdup ("password"); -} - -/** - * User certutil -d . -N to create a database. - * The database should have 'password' as the password. - */ -int -main (int argc, char *argv[]) -{ - char buffer[513]; - SECStatus rv; - PK11SlotInfo *slot = NULL; - PRUint32 flags = 0; - // char *newpw = NULL; - - /* Initialize NSPR & NSS */ - PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); - PK11_SetPasswordFunc (ownPasswd); - rv = NSS_Initialize (".", "", "", "", flags); - if (rv != SECSuccess) - { - PR_GetErrorText (buffer); - fprintf (stderr, "unable to initialize NSS library (%d - '%s')\n", - PR_GetError (), buffer); - exit (0); - } - slot = PK11_GetInternalKeySlot (); - if (PK11_NeedUserInit (slot)) - { - rv = PK11_InitPin (slot, (char *) NULL, (char *) "password"); - if (rv != SECSuccess) - { - PR_GetErrorText (buffer); - fprintf (stderr, "unable to set new PIN (%d - '%s')\n", - PR_GetError (), buffer); - exit (0); - } - - } - if (PK11_NeedLogin (slot)) - { - rv = PK11_Authenticate (slot, PR_TRUE, NULL); - if (rv != SECSuccess) - { - PR_GetErrorText (buffer); - fprintf (stderr, "unable to authenticate (%d - '%s')\n", - PR_GetError (), buffer); - exit (0); - } - } - - /* Start RA Client */ - RA_Client client; - client.Execute (); - - /* Shutdown NSS and NSPR */ - NSS_Shutdown (); - PR_Cleanup (); - - return 1; -} diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Conn.cpp b/base/tools/src/main/native/tpsclient/src/main/RA_Conn.cpp similarity index 99% rename from base/tools/src/main/native/tpsclient/tools/raclient/RA_Conn.cpp rename to base/tools/src/main/native/tpsclient/src/main/RA_Conn.cpp index 25588333fbe..e91a9b4514e 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Conn.cpp +++ b/base/tools/src/main/native/tpsclient/src/main/RA_Conn.cpp @@ -25,7 +25,7 @@ #include "plstr.h" #include "main/NameValueSet.h" #include "main/Util.h" -#include "RA_Conn.h" +#include "main/RA_Conn.h" #include "apdu/APDU_Response.h" #include "apdu/List_Objects_APDU.h" #include "apdu/Create_Object_APDU.h" diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Token.cpp b/base/tools/src/main/native/tpsclient/src/main/RA_Token.cpp similarity index 99% rename from base/tools/src/main/native/tpsclient/tools/raclient/RA_Token.cpp rename to base/tools/src/main/native/tpsclient/src/main/RA_Token.cpp index fb6e90da33e..793a09153af 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/RA_Token.cpp +++ b/base/tools/src/main/native/tpsclient/src/main/RA_Token.cpp @@ -21,7 +21,7 @@ #include "cryptohi.h" #include "plstr.h" #include "main/Util.h" -#include "RA_Token.h" +#include "main/RA_Token.h" #include "apdu/APDU_Response.h" #include "apdu/Initialize_Update_APDU.h" #include "apdu/Generate_Key_APDU.h" diff --git a/base/tools/src/main/native/tpsclient/tools/CMakeLists.txt b/base/tools/src/main/native/tpsclient/tools/CMakeLists.txt new file mode 100644 index 00000000000..6ed05c43d88 --- /dev/null +++ b/base/tools/src/main/native/tpsclient/tools/CMakeLists.txt @@ -0,0 +1 @@ +add_subdirectory(raclient) diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/CMakeLists.txt b/base/tools/src/main/native/tpsclient/tools/raclient/CMakeLists.txt new file mode 100644 index 00000000000..5877c77e910 --- /dev/null +++ b/base/tools/src/main/native/tpsclient/tools/raclient/CMakeLists.txt @@ -0,0 +1,36 @@ +project(tpsclient CXX) + +set(TPS_PRIVATE_INCLUDE_DIRS + ${TPS_PUBLIC_INCLUDE_DIRS} + ${CMAKE_BINARY_DIR} + ${NSPR_INCLUDE_DIRS} + ${NSS_INCLUDE_DIRS} +) + +set(TPS_EXECUTABLE + tpsclient + CACHE INTERNAL "tpsclient executable" +) + +set(TPS_LINK_LIBRARIES + ${TPS_SHARED_LIBRARY} + ${NSPR_LIBRARIES} + ${NSS_LIBRARIES} +) + +set(tpsclient_SRCS + tpsclient.cpp +) + +include_directories(${TPS_PRIVATE_INCLUDE_DIRS}) + +add_executable(${TPS_EXECUTABLE} ${tpsclient_SRCS}) +target_link_libraries(${TPS_EXECUTABLE} ${TPS_LINK_LIBRARIES}) + +install( + TARGETS + ${TPS_EXECUTABLE} + RUNTIME DESTINATION ${BIN_INSTALL_DIR} + LIBRARY DESTINATION ${LIB_INSTALL_DIR} + ARCHIVE DESTINATION ${LIB_INSTALL_DIR} +) diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp b/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp new file mode 100644 index 00000000000..604e60fa020 --- /dev/null +++ b/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp @@ -0,0 +1,93 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This library is free software; you can redistribute it and/or +// modify it under the terms of the GNU Lesser General Public +// License as published by the Free Software Foundation; +// version 2.1 of the License. +// +// This library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +// Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public +// License along with this library; if not, write to the Free Software +// Foundation, Inc., 51 Franklin Street, Fifth Floor, +// Boston, MA 02110-1301 USA +// +// Copyright (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +#include +#include +#include + +#include "pk11func.h" +#include "nss.h" + +#include "main/RA_Client.h" + +char * +ownPasswd (PK11SlotInfo * slot, PRBool retry, void *arg) +{ + return PL_strdup ("password"); +} + +/** + * User certutil -d . -N to create a database. + * The database should have 'password' as the password. + */ +int +main (int argc, char *argv[]) +{ + char buffer[513]; + SECStatus rv; + PK11SlotInfo *slot = NULL; + PRUint32 flags = 0; + + /* Initialize NSPR & NSS */ + PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); + PK11_SetPasswordFunc (ownPasswd); + rv = NSS_Initialize (".", "", "", "", flags); + if (rv != SECSuccess) + { + PR_GetErrorText (buffer); + fprintf (stderr, "unable to initialize NSS library (%d - '%s')\n", + PR_GetError (), buffer); + exit (0); + } + slot = PK11_GetInternalKeySlot (); + if (PK11_NeedUserInit (slot)) + { + rv = PK11_InitPin (slot, (char *) NULL, (char *) "password"); + if (rv != SECSuccess) + { + PR_GetErrorText (buffer); + fprintf (stderr, "unable to set new PIN (%d - '%s')\n", + PR_GetError (), buffer); + exit (0); + } + + } + if (PK11_NeedLogin (slot)) + { + rv = PK11_Authenticate (slot, PR_TRUE, NULL); + if (rv != SECSuccess) + { + PR_GetErrorText (buffer); + fprintf (stderr, "unable to authenticate (%d - '%s')\n", + PR_GetError (), buffer); + exit (0); + } + } + + /* Start RA Client */ + RA_Client client; + client.Execute (); + + /* Shutdown NSS and NSPR */ + NSS_Shutdown (); + PR_Cleanup (); + + return 1; +} diff --git a/build.sh b/build.sh index bca80e4fe31..06427c97a8e 100755 --- a/build.sh +++ b/build.sh @@ -785,7 +785,8 @@ if [ "$BUILD_TARGET" = "dist" ] ; then echo " $WORK_DIR/base/tools/src/main/native/pistool/src/pistool" echo " $WORK_DIR/base/tools/src/main/native/setpin/setpin" echo " $WORK_DIR/base/tools/src/main/native/tkstool/tkstool" - echo " $WORK_DIR/base/tools/src/main/native/tpsclient/tpsclient" + echo " $WORK_DIR/base/tools/src/main/native/tpsclient/src/libpki-tps.so" + echo " $WORK_DIR/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient" echo "- documentation:" echo " $WORK_DIR/base/common/python/man" diff --git a/pki.spec b/pki.spec index 3c9bc879452..09921457e04 100644 --- a/pki.spec +++ b/pki.spec @@ -1729,6 +1729,7 @@ fi %{_bindir}/TokenInfo %{_datadir}/pki/tools/ %{_datadir}/pki/lib/p11-kit-trust.so +%{_libdir}/libpki-tps.so %{_mandir}/man1/AtoB.1.gz %{_mandir}/man1/AuditVerify.1.gz %{_mandir}/man1/BtoA.1.gz From f13bb309301f359478840302f736a36492a701f2 Mon Sep 17 00:00:00 2001 From: "Endi S. Dewata" Date: Tue, 25 Feb 2025 23:39:10 -0600 Subject: [PATCH 2/2] Add pki tps-client The pki tps-client has been added to replace tpsclient to make it easier to maintain TPS client code and to troubleshoot TPS issues. Currently it will simply reuse libpki-tps.so but in the future the native code will gradually be converted to Java. The tpsclient has been deprecated and will be removed in the future. The basic TPS test has been updated to test both pki tps-client and tpsclient. --- .github/workflows/tps-basic-test.yml | 93 +++++++++++++------ .../com/netscape/cmstools/tps/TPSCLI.java | 1 + .../netscape/cmstools/tps/TPSClientCLI.java | 46 +++++++++ .../native/tpsclient/src/main/RA_Client.cpp | 9 ++ .../tpsclient/tools/raclient/tpsclient.cpp | 2 + base/tps/auth/ds/example.ldif | 22 +++++ base/tps/bin/pki-tps-enroll | 24 +++-- base/tps/bin/pki-tps-format | 24 +++-- docs/changes/v11.7.0/Tools-Changes.adoc | 5 + 9 files changed, 184 insertions(+), 42 deletions(-) create mode 100644 base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java create mode 100644 docs/changes/v11.7.0/Tools-Changes.adoc diff --git a/.github/workflows/tps-basic-test.yml b/.github/workflows/tps-basic-test.yml index 6ade3d4cf04..1f077d3db8d 100644 --- a/.github/workflows/tps-basic-test.yml +++ b/.github/workflows/tps-basic-test.yml @@ -33,20 +33,18 @@ jobs: tests/bin/ds-create.sh \ --image=${{ env.DS_IMAGE }} \ --hostname=ds.example.com \ + --network=example \ + --network-alias=ds.example.com \ --password=Secret.123 \ ds - - name: Connect DS container to network - run: docker network connect example ds --alias ds.example.com - - name: Set up PKI container run: | - tests/bin/runner-init.sh pki - env: - HOSTNAME: pki.example.com - - - name: Connect PKI container to network - run: docker network connect example pki --alias pki.example.com + tests/bin/runner-init.sh \ + --hostname=pki.example.com \ + --network=example \ + --network-alias=pki.example.com \ + pki - name: Install CA run: | @@ -304,7 +302,7 @@ jobs: # restart TPS subsystem docker exec pki pki-server tps-redeploy --wait - - name: Add token + - name: Add token for testuser1 run: | hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom > cuid CUID=$(cat cuid) @@ -316,11 +314,11 @@ jobs: docker exec pki pki -n caadmin tps-cert-find --token $CUID - - name: Format token + - name: Format testuser1 token using pki tps-client run: | CUID=$(cat cuid) docker exec pki /usr/share/pki/tps/bin/pki-tps-format \ - --user=testuser \ + --user=testuser1 \ --password=Secret.123 \ $CUID @@ -331,11 +329,11 @@ jobs: docker exec pki pki -n caadmin tps-cert-find --token $CUID - - name: Enroll token + - name: Enroll testuser1 token using pki tps-client run: | CUID=$(cat cuid) docker exec pki /usr/share/pki/tps/bin/pki-tps-enroll \ - --user=testuser \ + --user=testuser1 \ --password=Secret.123 \ $CUID @@ -346,21 +344,67 @@ jobs: docker exec pki pki -n caadmin tps-cert-find --token $CUID - - name: KRA key find + - name: Find testuser1 key in KRA run: | CUID=$(cat cuid | tr [:lower:] [:upper:]) - USER="testuser" + USER="testuser1" echo $CUID:$USER > expected docker exec pki pki -n caadmin kra-key-find --owner $CUID:$USER | tee output sed -n 's/\s*Owner:\s\+\(\S\+\)\s*/\1/p' output > actual diff expected actual - - name: Gather artifacts - if: always() + - name: Add token for testuser2 + run: | + hexdump -v -n "10" -e '1/1 "%02x"' /dev/urandom > cuid + CUID=$(cat cuid) + docker exec pki pki -n caadmin tps-token-add $CUID | tee output + + echo "UNFORMATTED" > expected + sed -n 's/\s*Status:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual + + docker exec pki pki -n caadmin tps-cert-find --token $CUID + + - name: Format testuser2 token using tpsclient + run: | + CUID=$(cat cuid) + docker exec pki /usr/share/pki/tps/bin/pki-tps-format \ + --client=tpsclient \ + --user=testuser2 \ + --password=Secret.123 \ + $CUID + + echo "FORMATTED" > expected + docker exec pki pki -n caadmin tps-token-show $CUID | tee output + sed -n 's/\s*Status:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual + + docker exec pki pki -n caadmin tps-cert-find --token $CUID + + - name: Enroll testuser2 token using tpsclient + run: | + CUID=$(cat cuid) + docker exec pki /usr/share/pki/tps/bin/pki-tps-enroll \ + --client=tpsclient \ + --user=testuser2 \ + --password=Secret.123 \ + $CUID + + echo "ACTIVE" > expected + docker exec pki pki -n caadmin tps-token-show $CUID | tee output + sed -n 's/\s*Status:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual + + docker exec pki pki -n caadmin tps-cert-find --token $CUID + + - name: Find testuser2 key in KRA run: | - tests/bin/ds-artifacts-save.sh ds - tests/bin/pki-artifacts-save.sh pki - continue-on-error: true + CUID=$(cat cuid | tr [:lower:] [:upper:]) + USER="testuser2" + echo $CUID:$USER > expected + docker exec pki pki -n caadmin kra-key-find --owner $CUID:$USER | tee output + sed -n 's/\s*Owner:\s\+\(\S\+\)\s*/\1/p' output > actual + diff expected actual - name: Remove TPS run: docker exec pki pkidestroy -s TPS -v @@ -484,10 +528,3 @@ jobs: if: always() run: | docker exec pki find /var/lib/pki/pki-tomcat/logs/tps -name "debug.*" -exec cat {} \; - - - name: Upload artifacts - if: always() - uses: actions/upload-artifact@v4 - with: - name: tps-basic - path: /tmp/artifacts diff --git a/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java index aa28a84a78a..6df29e0e997 100644 --- a/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java +++ b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSCLI.java @@ -58,6 +58,7 @@ public TPSCLI(MainCLI mainCLI) { addModule(new SelfTestCLI(this)); addModule(new TokenCLI(this)); addModule(new UserCLI(this)); + addModule(new TPSClientCLI(this)); } @Override diff --git a/base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java new file mode 100644 index 00000000000..8a58d445f92 --- /dev/null +++ b/base/tools/src/main/java/com/netscape/cmstools/tps/TPSClientCLI.java @@ -0,0 +1,46 @@ +// +// Copyright Red Hat, Inc. +// +// SPDX-License-Identifier: GPL-2.0-or-later +// +package com.netscape.cmstools.tps; + +import org.apache.commons.cli.CommandLine; +import org.dogtagpki.cli.CommandCLI; + +import com.netscape.cmstools.cli.MainCLI; + +/** + * @author Endi S. Dewata + */ +public class TPSClientCLI extends CommandCLI { + + public static org.slf4j.Logger logger = org.slf4j.LoggerFactory.getLogger(TPSClientCLI.class); + + static { + System.loadLibrary("pki-tps"); + } + + public TPSCLI tpsCLI; + + public TPSClientCLI(TPSCLI tpsCLI) { + super("client", "TPS client", tpsCLI); + this.tpsCLI = tpsCLI; + } + + @Override + public void printHelp() { + formatter.printHelp(getFullName() + " [OPTIONS...]", options); + } + + public native void execute() throws Exception; + + @Override + public void execute(CommandLine cmd) throws Exception { + + MainCLI mainCLI = (MainCLI) getRoot(); + mainCLI.init(); + + execute(); + } +} diff --git a/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp b/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp index 1dd8e07a0d5..c4187d6d862 100644 --- a/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp +++ b/base/tools/src/main/native/tpsclient/src/main/RA_Client.cpp @@ -21,6 +21,7 @@ #include #include #include +#include #include "prinrval.h" #include "prmem.h" @@ -1631,3 +1632,11 @@ RA_Client::Execute () } } } /* Execute */ + +extern "C" JNIEXPORT void JNICALL +Java_com_netscape_cmstools_tps_TPSClientCLI_execute +(JNIEnv* env, jclass clazz) +{ + RA_Client client; + client.Execute(); +} diff --git a/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp b/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp index 604e60fa020..511dca54ed7 100644 --- a/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp +++ b/base/tools/src/main/native/tpsclient/tools/raclient/tpsclient.cpp @@ -45,6 +45,8 @@ main (int argc, char *argv[]) PK11SlotInfo *slot = NULL; PRUint32 flags = 0; + fprintf(stderr, "WARNING: tpsclient has been deprecated. Use pki tps-client instead.\n"); + /* Initialize NSPR & NSS */ PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1); PK11_SetPasswordFunc (ownPasswd); diff --git a/base/tps/auth/ds/example.ldif b/base/tps/auth/ds/example.ldif index 943c464604a..2c0e1da2e62 100644 --- a/base/tps/auth/ds/example.ldif +++ b/base/tps/auth/ds/example.ldif @@ -8,3 +8,25 @@ cn: Test User sn: User givenName: Test userPassword: Secret.123 + +dn: uid=testuser1,ou=people,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: testuser1 +cn: Test User 1 +sn: User 1 +givenName: Test +userPassword: Secret.123 + +dn: uid=testuser2,ou=people,dc=example,dc=com +objectClass: top +objectClass: person +objectClass: organizationalPerson +objectClass: inetOrgPerson +uid: testuser2 +cn: Test User 2 +sn: User 2 +givenName: Test +userPassword: Secret.123 diff --git a/base/tps/bin/pki-tps-enroll b/base/tps/bin/pki-tps-enroll index 8191b5931c0..7c9e703c63b 100755 --- a/base/tps/bin/pki-tps-enroll +++ b/base/tps/bin/pki-tps-enroll @@ -1,5 +1,6 @@ #!/bin/bash +TPS_CLIENT="pki tps-client" TPS_HOSTNAME=$HOSTNAME TPS_PORT=8080 TPS_PATH=/tps/tps @@ -28,6 +29,9 @@ while getopts v-: arg ; do LONG_OPTARG="${OPTARG#*=}" case $OPTARG in + client=?*) + TPS_CLIENT="$LONG_OPTARG" + ;; hostname=?*) TPS_HOSTNAME="$LONG_OPTARG" ;; @@ -43,7 +47,7 @@ while getopts v-: arg ; do '') break # "--" terminates argument processing ;; - hostname* | port* | user* | password*) + client* | hostname* | port* | user* | password*) echo "ERROR: Missing argument for --$OPTARG option" >&2 exit 1 ;; @@ -64,7 +68,7 @@ shift $((OPTIND-1)) CUID=$1 -tpsclient << EOF +$TPS_CLIENT << EOF op=var_set name=ra_host value=$TPS_HOSTNAME op=var_set name=ra_port value=$TPS_PORT op=var_set name=ra_uri value=$TPS_PATH @@ -80,11 +84,17 @@ op=ra_enroll uid=$USERNAME pwd=$PASSWORD num_threads=$THREADS extensions=$EXTENS op=exit EOF -# tpsclient returns 1 on success and 0 on failure, -# so the return code needs to be inverted +rc=$? + +if [ "$TPS_CLIENT" == "tpsclient" ]; then + # tpsclient returns 1 on success and 0 on failure, + # so the return code needs to be inverted + + if [ "$rc" == "0" ]; then + exit 1 + fi -if [ "$?" == "0" ]; then - exit 1 + exit 0 fi -exit 0 +exit $rc diff --git a/base/tps/bin/pki-tps-format b/base/tps/bin/pki-tps-format index b0a5ebc1f5f..5991bf07c03 100755 --- a/base/tps/bin/pki-tps-format +++ b/base/tps/bin/pki-tps-format @@ -1,5 +1,6 @@ #!/bin/bash +TPS_CLIENT="pki tps-client" TPS_HOSTNAME=$HOSTNAME TPS_PORT=8080 TPS_PATH=/tps/tps @@ -26,6 +27,9 @@ while getopts v-: arg ; do LONG_OPTARG="${OPTARG#*=}" case $OPTARG in + client=?*) + TPS_CLIENT="$LONG_OPTARG" + ;; hostname=?*) TPS_HOSTNAME="$LONG_OPTARG" ;; @@ -41,7 +45,7 @@ while getopts v-: arg ; do '') break # "--" terminates argument processing ;; - hostname* | port* | user* | password*) + client* | hostname* | port* | user* | password*) echo "ERROR: Missing argument for --$OPTARG option" >&2 exit 1 ;; @@ -62,7 +66,7 @@ shift $((OPTIND-1)) CUID=$1 -tpsclient << EOF +$TPS_CLIENT << EOF op=var_set name=ra_host value=$TPS_HOSTNAME op=var_set name=ra_port value=$TPS_PORT op=var_set name=ra_uri value=$TPS_PATH @@ -78,11 +82,17 @@ op=ra_format uid=$USERNAME pwd=$PASSWORD num_threads=$THREADS extensions=$EXTENS op=exit EOF -# tpsclient returns 1 on success and 0 on failure, -# so the return code needs to be inverted +rc=$? + +if [ "$TPS_CLIENT" == "tpsclient" ]; then + # tpsclient returns 1 on success and 0 on failure, + # so the return code needs to be inverted + + if [ "$rc" == "0" ]; then + exit 1 + fi -if [ "$?" == "0" ]; then - exit 1 + exit 0 fi -exit 0 +exit $rc diff --git a/docs/changes/v11.7.0/Tools-Changes.adoc b/docs/changes/v11.7.0/Tools-Changes.adoc new file mode 100644 index 00000000000..9390b766187 --- /dev/null +++ b/docs/changes/v11.7.0/Tools-Changes.adoc @@ -0,0 +1,5 @@ += Tools Changes = + +== Deprecate tpsclient == + +`tpsclient` has been deprecated. Use `pki tps-client` instead.