Edit D:\app\Administrator\product\11.2.0\dbhome_1\sysman\admin\scripts\SecureGenKeystore.pm
# # $Header: SecureGenKeystore.pm 02-dec-2004.01:44:58 shianand Exp $ # # # Copyright (c) 2003, 2004, Oracle. All rights reserved. # # NAME # SecureGenKeystore.pm # # DESCRIPTION # # NOTES # # MODIFIED (MM/DD/YY) # shianand 12/01/04 - Bug fix 3440956 # rpinnama 08/23/04 - Add DEBUG flags # rpinnama 08/20/04 - # aaitghez 06/08/04 - bug 3656322. Cleanup perl warnings # gan 03/11/04 - bug 3499151 # rpinnama 04/01/04 - Import bug 3499151 # rpinnama 04/01/04 - Replace EMD_KEYSTORE_PASSWORD also # dsahrawa 01/23/04 - windows portability changes # rzazueta 12/03/03 - Fix 3290080: Check before adding attributes to # http-web-site.xml # jpyang 11/11/03 - set shared=true for secure dbconsole mode # rpinnama 10/06/03 - Use proper EM home for dbconsole # rpinnama 09/22/03 - # rpinnama 09/22/03 - Generate separate key store for dbconsole # rpinnama 08/26/03 - Use getConsoleClassPath # caroy 08/18/03 - change from phaos.jar to ojpse_2_1_5.jar # rpinnama 08/13/03 - support configuring emd website # rpinnama 08/05/03 - Use common routines # rpinnama 07/30/03 - Fix em jar file # rpinnama 07/24/03 - grabtrans 'rpinnama_fix_2996670' # mbhoopat 06/02/03 - fix tempDir issue with nt # ggilchri 04/11/03 - ggilchri_sb_sta_sll # ggilchri 04/10/03 - create # use English; use strict; use Secure; package SecureGenKeystore; my $ORACLE_HOME = $ENV{ORACLE_HOME}; my $EMDROOT = $ENV{EMDROOT}; my $JAVA_HOME = $ENV{JAVA_HOME}; my $IS_WINDOWS =""; my $tempDir = "/tmp"; my $redirectStderr = "2>&1"; my $emWalletsDir = "$ORACLE_HOME/sysman/wallets"; my $OSNAME = $^O; my $initialKeystorePassword; # added for random em keystore password for dbconsole if( ($OSNAME eq "MSWin32") or ($OSNAME eq "Windows_NT") ) { $IS_WINDOWS="TRUE"; $tempDir = $ENV{TEMP}; $redirectStderr = ""; } else { $IS_WINDOWS="FALSE"; } # [] ----------------------------------------------------------------- [] sub secureGenKeystore { my $securelog = $_[0]; my $emConsoleMode = $_[1]; my $thisDNSHost = $_[2]; my $rootKeyPassword = $_[3]; my $useOMSRootKey = $_[4]; my $execStr; my $javaStr; my $rc; my $rootKeyDir; #my $initialKeystorePassword = "welcome"; my $endDate = "010110"; my $validityDays = "360"; my $keySize = "512"; my $debug = $ENV{EM_SECURE_VERBOSE}; my $rootKeyCertFile = ""; my $classPath = &Secure::getConsoleClassPath($emConsoleMode); my $oc4jHome = &Secure::getOC4JHome($emConsoleMode); my $emHome = &Secure::getEMHome($emConsoleMode); my $emLibDir = "$ORACLE_HOME/sysman/webapps/emd/WEB-INF/lib"; my $cpSep = ":"; #my $keystorePasswd = "$JAVA_HOME/bin/java ". # "-cp $DEFAULT_CLASSPATH". # "$cpSep$emLibDir/emd.jar ". # "oracle.sysman.util.crypt.Verifier -genPassword"; my $keystorePasswd = "$JAVA_HOME/bin/java ". "-cp $classPath". "$cpSep$emLibDir/emd.jar ". "oracle.sysman.util.crypt.Verifier -genPassword"; my $keystorePasswdKey = `$keystorePasswd`; $keystorePasswdKey =~ s/^\s+|\s+$//; Secure::DEBUG (2, $securelog, "Key Store Password = $keystorePasswdKey "); #Secure::DEBUG (0, $securelog, "Key Store Password = $keystorePasswdKey "); $initialKeystorePassword = $keystorePasswdKey; my $keystoreDir = "$oc4jHome/config/server"; if ($debug ne "") { $debug = "true"; } else { $debug = "false"; } Secure::RMRF ($keystoreDir); Secure::MKDIRP ($keystoreDir); if ($useOMSRootKey eq "") { # # The assumed password for root wallet is always 'root'. The root wallet # is only used for signing the certificate in the default # keystore.test file # $rootKeyPassword = "root"; $rootKeyCertFile = "$keystoreDir/b64certificate.txt"; # # Make a new root wallet in KEYSTORE_DIR. used to sign # the certificate in keystore.test. # Secure::DEBUG (1, $securelog, "Creating root wallet for non-OMS mode"); $execStr = "$ORACLE_HOME/bin/mkwallet ". "-R $rootKeyPassword $keystoreDir ". "cn=$thisDNSHost $keySize $endDate >> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing ... " . $execStr); $rc = 0xffff & system($execStr); $rc >>= 8; if ( $rc eq 0 ) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed rc = $rc"); return $rc; } } else { # # use the downloaded root cert and rely on the secure OMS for certificate # generation. # $rootKeyCertFile = "$emHome/sysman/config/b64LocalCertificate.txt"; Secure::DEBUG (1, $securelog, "Not creating root wallet, using $rootKeyCertFile"); } my $serverDN = "cn=$thisDNSHost, o=Oracle"; my $keystoreFile = "$keystoreDir/keystore.test"; my $serverCertReqFile = "$keystoreDir/server.csr"; my $serverCertFile = "$keystoreDir/server.cer"; my $serverKeyAlg = "RSA"; my $serverKeyPassword = "$initialKeystorePassword"; my $serverStorePassword = "$initialKeystorePassword"; # # Generate key.. # Secure::DEBUG (1, $securelog, "Key Generation ....\n"); $execStr = "$JAVA_HOME/bin/keytool -genkey ". "-dname \"$serverDN\" ". "-keyalg $serverKeyAlg ". "-keystore $keystoreFile ". "-storepass $serverStorePassword ". "-keypass $serverKeyPassword ". "-validity $validityDays ". ">> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing ... $execStr"); $rc = 0xffff & system($execStr); $rc >>= 8; if ( $rc eq 0 ) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed rc = $rc"); return $rc; } # # Request for certificate.. # Secure::DEBUG (1, $securelog, "Request for certificate..."); $execStr = "$JAVA_HOME/bin/keytool -certreq ". "-keyalg $serverKeyAlg ". "-file $serverCertReqFile ". "-keystore $keystoreFile ". "-storepass $serverStorePassword ". ">> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing ... $execStr"); $rc = 0xffff & system($execStr); $rc >>= 8; if ( $rc eq 0 ) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed rc = $rc"); return $rc; } Secure::DEBUG (1, $securelog, "Certificate Generation ..."); if ($useOMSRootKey eq "") { Secure::DEBUG (1, $securelog, "OMS root key is NULL"); $execStr = "$ORACLE_HOME/bin/mkwallet -c ". "$rootKeyPassword $keystoreDir ". "$serverCertReqFile $serverCertFile >> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing ... $execStr"); $rc = 0xffff & system($execStr); $rc >>= 8; if ( $rc eq 0 ) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed rc = $rc"); return $rc; } } else { Secure::DEBUG (1, $securelog, "Using OMS root key $useOMSRootKey"); Secure::CATFILE ($serverCertReqFile); $rootKeyDir = "$emWalletsDir/ca.$thisDNSHost"; $javaStr = "$JAVA_HOME/bin/java ". " -cp $classPath ". "-DemConsoleMode=$emConsoleMode ". " -Ddebug=$debug ". "-DrootKeyDir=$rootKeyDir ". "-DORACLE_HOME=$ORACLE_HOME ". "-DrepositoryPropertiesFile=$emHome/sysman/config/emoms.properties ". "oracle.sysman.eml.sec.WalletUtil ". "-gencert $serverCertReqFile $serverCertFile $rootKeyPassword ". ">> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing .. $javaStr"); $rc = 0xffff & system($javaStr); $rc >>= 8; if ($rc eq 0) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed to Generate Certificate. rc = $rc"); return $rc } } Secure::DEBUG (1, $securelog, "Certificate obtained:\n"); Secure::CATFILE ($serverCertFile); # Import Root certificate. Secure::DEBUG (1, $securelog, "Importing Root certificate ...\n"); $execStr = "$JAVA_HOME/bin/keytool -import ". "-alias testrootca ". "-file $rootKeyCertFile ". "-keystore $keystoreFile ". "-storepass $serverStorePassword ". "-noprompt ". ">> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing ... $execStr"); $rc = 0xffff & system($execStr); $rc >>= 8; if ( $rc eq 0 ) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed rc = $rc"); return $rc; } # Import the certificate response to keystore Secure::DEBUG (1, $securelog, "Importing Certificate Response ..."); $execStr = "$JAVA_HOME/bin/keytool -import ". "-trustcacerts ". "-keyalg $serverKeyAlg ". "-file $serverCertFile ". "-keystore $keystoreFile ". "-storepass $serverStorePassword ". ">> $securelog $redirectStderr"; Secure::DEBUG (2, $securelog, "Executing ... $execStr"); $rc = 0xffff & system($execStr); $rc >>= 8; if ( $rc eq 0 ) { Secure::DEBUG (1, $securelog, "Done"); } else { Secure::DEBUG (1, $securelog, "Failed rc = $rc"); return $rc; } Secure::RMRF ($serverCertReqFile); Secure::RMRF ($serverCertFile); return 0; } # [] ----------------------------------------------------------------- [] sub configureEMKeyStore { my $securelog = $_[0]; my $emConsoleMode = $_[1]; my @linesRead; my $rc = 0; my $oc4jHome = &Secure::getOC4JHome($emConsoleMode); my $emWebSiteFile = "$oc4jHome/config/http-web-site.xml"; Secure::DEBUG (1, $securelog, "Configuring key store in $emWebSiteFile"); Secure::CP("$emWebSiteFile", "$emWebSiteFile.$$"); open(FILE, $emWebSiteFile) or die "Can not read $emWebSiteFile"; @linesRead = <FILE>; close(FILE); my $endTagFound = 0; ;# Walk the lines, and write to new file if ( open(FILE,">" . $emWebSiteFile) ) { foreach $_ (@linesRead) { if (/<web-site /) { if (/secure\s*=\s*".*"/) { s/secure\s*=\s*".*"/secure="TRUE"/; } else { s/>/ secure="TRUE">/; } } if (/<web-app application="em" /){ if (/shared\s*=\s*".*"/) { s/shared\s*=\s*".*"/shared="true"/; } else { s/\/>/ shared="true" \/>/; } } if (/<ssl-config needs-client-auth=/) { my $change_key_line = "\t<ssl-config needs-client-auth=\"false\" keystore=\"server/keystore.test\" keystore-password=\"$initialKeystorePassword\" />\n"; $_=$change_key_line; $endTagFound = 1; } if (/<\/web-site>/) { if ($endTagFound == 0) { my $change_key_line = "\t<ssl-config needs-client-auth=\"false\" keystore=\"server/keystore.test\" keystore-password=\"$initialKeystorePassword\" />\n<\/web-site>\n"; $_=$change_key_line; #print (FILE "\t<ssl-config needs-client-auth=\"false\" keystore=\"server/keystore.test\" keystore-password=\"welcome\" />\n"); } } ;# Print the property line print(FILE $_); } close(FILE); } else { die "Can not write $emWebSiteFile"; } Secure::DEBUG (1, $securelog, " Done.\n"); return 0; } # [] ----------------------------------------------------------------- [] sub configureEMDKeyStore { my $securelog = $_[0]; my $emHTTPSPort = $_[1]; my $emSecureEnabled = $_[2]; my $rc = 0; my $emShipHomeStart; my $emShipHomeEnd; Secure::DEBUG (2, $securelog, "IN_VOB = $EmctlCommon::IN_VOB"); if ($EmctlCommon::IN_VOB eq "TRUE") { $emShipHomeStart = " "; $emShipHomeEnd = " "; } else { $emShipHomeStart = "-->"; $emShipHomeEnd = "<!--"; } Secure::DEBUG (1, $securelog, "Configuring key store... "); my $emdWebSiteTemplateFile = "$ORACLE_HOME/sysman/j2ee/config/emd-web-site.xml.template"; my $emdWebSiteFile = "$ORACLE_HOME/sysman/j2ee/config/emd-web-site.xml"; # Get the port being used.. $emHTTPSPort = &getCurrentWebSitePort($emdWebSiteFile); my @var_names = ('%EM_IAS_CONSOLE_PORT%', '%EMD_SECURE%', '%EMD_KEYSTORE_FILE%', '%EMD_KEYSTORE_PASSWORD%', '%EM_SHIPHOME_ONLY_START%', '%EM_SHIPHOME_ONLY_END%', '%EM_SSL_ENABLE_START%', '%EM_SSL_ENABLE_END%'); my @var_values =("$emHTTPSPort", "$emSecureEnabled", "keystore.test", "$initialKeystorePassword", $emShipHomeStart, $emShipHomeEnd, '-->', '<!--'); $rc = Secure::REPLACE($emdWebSiteTemplateFile, $emdWebSiteFile, \@var_names, \@var_values); if ($rc eq 0) { Secure::DEBUG (1, $securelog, " Done.\n"); } else { Secure::DEBUG (1, $securelog, " Failed rc = $rc.\n"); } return $rc; } sub getCurrentWebSitePort { my (@args) = @_; my $websiteConfigFile = $args[0]; my $portLine = ""; my $websitePort = ""; if (open(WEBSITECONFIG, "<$websiteConfigFile")) { while(<WEBSITECONFIG>) { if(/port/) { (undef, $portLine) = split /port="/,$_; ($websitePort, undef) = split /"/,$portLine; } } # Loop till the end of the file to swizzle out any $_ variables... close (WEBSITECONFIG); } else { die "Unable to determine website port. $websiteConfigFile does not exists"; } return $websitePort; } sub displaySecureGenKeystore { print "Help!\n"; } 1;
Ms-Dos/Windows
Unix
Write backup
jsp File Browser version 1.2 by
www.vonloesch.de