Index: base/silent/src/tks/ConfigureTKS.java =================================================================== --- base/silent/src/tks/ConfigureTKS.java (revision 2625) +++ base/silent/src/tks/ConfigureTKS.java (working copy) @@ -1121,7 +1121,7 @@ x_subsystem_name); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for TKS Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for TKS Instance Creation (optional but recommended for IP Port Separation)", x_ca_domain_url); parser.addOption( @@ -1209,7 +1209,7 @@ subsystem_name = x_subsystem_name.value ; tks_audit_signing_cert_subject_name = x_tks_audit_signing_cert_subject_name.value; - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); boolean st = ca.ConfigureTKSInstance(); Index: base/silent/src/drm/ConfigureDRM.java =================================================================== --- base/silent/src/drm/ConfigureDRM.java (revision 2625) +++ base/silent/src/drm/ConfigureDRM.java (working copy) @@ -1298,7 +1298,7 @@ x_subsystem_name); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for DRM Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for DRM Instance Creation (optional but recommended for IP Port Separation)", x_ca_domain_url); parser.addOption( @@ -1407,7 +1407,7 @@ subsystem_name = x_subsystem_name.value; - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); if ((x_clone.value != null) && (x_clone.value.equalsIgnoreCase("true"))) { clone = true; Index: base/silent/src/ra/ConfigureRA.java =================================================================== --- base/silent/src/ra/ConfigureRA.java (revision 2625) +++ base/silent/src/ra/ConfigureRA.java (working copy) @@ -802,6 +802,14 @@ return true; } + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + public static void main(String args[]) { ConfigureRA ca = new ConfigureRA(); @@ -947,11 +955,11 @@ x_subsystem_name); parser.addOption ( - "-ca_issuance_url %s #URL to CA used to Issue Certificates", + "-ca_issuance_url %s #URL to CA used to Issue Certificates (optional but recommended if used with IP Port Separated CA)", x_ca_issuance_url); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for RA Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for RA Instance Creation (optional but recommended if used with IP Port Separated CA)", x_ca_domain_url); // and then match the arguments @@ -1012,9 +1020,9 @@ subsystem_name = x_subsystem_name.value ; - ca_issuance_url = x_ca_issuance_url.value; + ca_issuance_url = set_default(x_ca_issuance_url.value, "empty"); - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); Index: base/silent/src/ca/ConfigureCA.java =================================================================== --- base/silent/src/ca/ConfigureCA.java (revision 2625) +++ base/silent/src/ca/ConfigureCA.java (working copy) @@ -1652,7 +1652,7 @@ x_subsystem_name); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for CA Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for CA Instance Creation (optional but recommended for IP Port Separation)", x_ca_domain_url); parser.addOption("-external %s #Subordinate to external CA [true,false] (optional, default false)", @@ -1763,7 +1763,7 @@ subsystem_name = x_subsystem_name.value; - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); external_ca = set_default(x_external_ca.value, "false"); ext_ca_cert_file = x_ext_ca_cert_file.value; Index: base/silent/src/ocsp/ConfigureOCSP.java =================================================================== --- base/silent/src/ocsp/ConfigureOCSP.java (revision 2625) +++ base/silent/src/ocsp/ConfigureOCSP.java (working copy) @@ -1170,7 +1170,7 @@ x_subsystem_name); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for OCSP Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for OCSP Instance Creation (optional but recommended for IP Port Separation)", x_ca_domain_url); parser.addOption( @@ -1268,7 +1268,7 @@ subsystem_name = x_subsystem_name.value ; - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); boolean st = ca.ConfigureOCSPInstance(); Index: base/silent/src/tps/ConfigureTPS.java =================================================================== --- base/silent/src/tps/ConfigureTPS.java (revision 2625) +++ base/silent/src/tps/ConfigureTPS.java (working copy) @@ -81,11 +81,15 @@ public static String drm_agent_hostname = null; public static String drm_agent_port = null; + public static String drm_hostname = null; + public static String drm_ssl_port = null; public static String drm_admin_hostname = null; public static String drm_admin_port = null; public static String tks_agent_hostname = null; public static String tks_agent_port = null; + public static String tks_hostname = null; + public static String tks_ssl_port = null; public static String tks_admin_hostname = null; public static String tks_admin_port = null; @@ -389,27 +393,43 @@ sleep_time(); // TKS choice panel + // + // Use the following precedence: + // + // (1) tks_url set to tks_key_management_url, or + // (2) tks_url set to tks_agent_host and tks_agent_port, or + // (3) original query_string (no tks_url) + // String tks_url = null; if ( ( tks_key_management_url != null ) && ( !tks_key_management_url.equals( "" ) ) && ( !tks_key_management_url.equals( "empty" ) ) ) { tks_url = tks_key_management_url; - } else { + } else if ( ( tks_agent_hostname != null ) && + ( !tks_agent_hostname.equals( "" ) ) && + ( !tks_agent_hostname.equals( "empty" ) ) ) { // Use the TKS Agent hostname and the TKS Agent port tks_url = "https://" + tks_agent_hostname + ":" + tks_agent_port; } - System.out.println("SubsystemPanel() tks_url='" + - tks_url + "'."); - query_string = "p=7" + - "&urls=" + - URLEncoder.encode(tks_url) + - "&adminhost=" + - URLEncoder.encode(tks_admin_hostname) + - "&adminport=" + - tks_admin_port + - "&op=next" + - "&xml=true" ; + if ( tks_url != null ) { + System.out.println("SubsystemPanel() tks_url='" + + tks_url + "'."); + query_string = "p=7" + + "&urls=" + + URLEncoder.encode(tks_url) + + "&adminhost=" + + URLEncoder.encode(tks_admin_hostname) + + "&adminport=" + + tks_admin_port + + "&op=next" + + "&xml=true" ; + } else { + query_string = "p=7" + + "&urls=0" + + "&op=next" + + "&xml=true" ; + } hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); // parse xml @@ -425,28 +445,44 @@ ss_keygen = "keygen"; } + // Use the following precedence: + // + // (1) drm_url set to drm_server_side_keygen_url, or + // (2) drm_url set to drm_agent_host and drm_agent_port, or + // (3) original query_string (no drm_url) + // String drm_url = null; if ( ( drm_server_side_keygen_url != null ) && ( !drm_server_side_keygen_url.equals( "" ) ) && ( !drm_server_side_keygen_url.equals( "empty" ) ) ) { drm_url = drm_server_side_keygen_url; - } else { + } else if ( ( drm_agent_hostname != null ) && + ( !drm_agent_hostname.equals( "" ) ) && + ( !drm_agent_hostname.equals( "empty" ) ) ) { // Use the DRM Agent hostname and the DRM Agent port drm_url = "https://" + drm_agent_hostname + ":" + drm_agent_port; } - System.out.println("SubsystemPanel() drm_url='" + - drm_url + "'."); - query_string = "p=8" + - "&choice=" + ss_keygen + - "&urls=" + - URLEncoder.encode(drm_url) + - "&adminhost=" + - URLEncoder.encode(drm_admin_hostname) + - "&adminport=" + - drm_admin_port + - "&op=next" + - "&xml=true" ; + if ( drm_url != null ) { + System.out.println("SubsystemPanel() drm_url='" + + drm_url + "'."); + query_string = "p=8" + + "&choice=" + ss_keygen + + "&urls=" + + URLEncoder.encode(drm_url) + + "&adminhost=" + + URLEncoder.encode(drm_admin_hostname) + + "&adminport=" + + drm_admin_port + + "&op=next" + + "&xml=true" ; + } else { + query_string = "p=8" + + "&choice=" + ss_keygen + + "&urls=0" + + "&op=next" + + "&xml=true" ; + } hr = hc.sslConnect(cs_hostname,cs_port,wizard_uri,query_string); // parse xml @@ -999,6 +1035,14 @@ return true; } + private static String set_default(String val, String def) { + if ((val == null) || (val.equals(""))) { + return def; + } else { + return val; + } + } + public static void main(String args[]) { ConfigureTPS ca = new ConfigureTPS(); @@ -1023,11 +1067,15 @@ StringHolder x_drm_agent_hostname = new StringHolder(); StringHolder x_drm_agent_port = new StringHolder(); + StringHolder x_drm_hostname = new StringHolder(); + StringHolder x_drm_ssl_port = new StringHolder(); StringHolder x_drm_admin_hostname = new StringHolder(); StringHolder x_drm_admin_port = new StringHolder(); StringHolder x_tks_agent_hostname = new StringHolder(); StringHolder x_tks_agent_port = new StringHolder(); + StringHolder x_tks_hostname = new StringHolder(); + StringHolder x_tks_ssl_port = new StringHolder(); StringHolder x_tks_admin_hostname = new StringHolder(); StringHolder x_tks_admin_port = new StringHolder(); @@ -1136,24 +1184,32 @@ parser.addOption ("-ca_admin_port %s #CA SSL Admin port", x_ca_admin_port); - parser.addOption ("-drm_agent_hostname %s #DRM Agent Hostname", + parser.addOption ("-drm_agent_hostname %s #DRM Agent Hostname (optional but recommended if used with IP Port Separated DRM)", x_drm_agent_hostname); - parser.addOption ("-drm_agent_port %s #DRM Agent SSL port", + parser.addOption ("-drm_agent_port %s #DRM Agent SSL port (optional but recommended if used with IP Port Separated DRM)", x_drm_agent_port); + parser.addOption ("-drm_hostname %s #DRM Hostname (unused & deprecated - replaced by optional '-drm_agent_hostname')", + x_drm_hostname); + parser.addOption ("-drm_ssl_port %s #DRM SSL port (unused & deprecated - replaced by optional '-drm_agent_port')", + x_drm_ssl_port); parser.addOption ("-ss_keygen %s #Enable Server Side Keygen [true,false]", x_ss_keygen); - parser.addOption ("-drm_admin_hostname %s #DRM Admin Hostname", + parser.addOption ("-drm_admin_hostname %s #DRM Admin Hostname (optional but recommended if used with IP Port Separated DRM)", x_drm_admin_hostname); - parser.addOption ("-drm_admin_port %s #DRM SSL Admin port", + parser.addOption ("-drm_admin_port %s #DRM SSL Admin port (optional but recommended if used with IP Port Separated DRM)", x_drm_admin_port); - parser.addOption ("-tks_agent_hostname %s #TKS Agent Hostname", + parser.addOption ("-tks_agent_hostname %s #TKS Agent Hostname (optional but recommended if used with IP Port Separated TKS)", x_tks_agent_hostname); - parser.addOption ("-tks_agent_port %s #TKS Agent SSL port", + parser.addOption ("-tks_agent_port %s #TKS Agent SSL port (optional but recommended if used with IP Port Separated TKS)", x_tks_agent_port); - parser.addOption ("-tks_admin_hostname %s #TKS Admin Hostname", + parser.addOption ("-tks_hostname %s #TKS Agent Hostname (unused & deprecated - replaced by optional '-tks_agent_hostname')", + x_tks_hostname); + parser.addOption ("-tks_ssl_port %s #TKS Agent SSL port (unused & deprecated - replaced by optional '-tks_agent_port')", + x_tks_ssl_port); + parser.addOption ("-tks_admin_hostname %s #TKS Admin Hostname (optional but recommended if used with IP Port Separated TKS)", x_tks_admin_hostname); - parser.addOption ("-tks_admin_port %s #TKS SSL Admin port", + parser.addOption ("-tks_admin_port %s #TKS SSL Admin port (optional but recommended if used with IP Port Separated TKS)", x_tks_admin_port); parser.addOption ("-client_certdb_dir %s #Client CertDB dir", @@ -1245,7 +1301,7 @@ x_subsystem_name); parser.addOption ( - "-ca_issuance_url %s #URL to CA used to Issue Certificates", + "-ca_issuance_url %s #URL to CA used to Issue Certificates (optional but recommended if used with IP Port Separated CA", x_ca_issuance_url); parser.addOption ( @@ -1257,7 +1313,7 @@ x_drm_server_side_keygen_url); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for TPS Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for TPS Instance Creation (optional but recommended if used with IP Port Separated CA)", x_ca_domain_url); @@ -1291,15 +1347,19 @@ ca_ssl_port = x_ca_ssl_port.value; ca_admin_port = x_ca_admin_port.value; - tks_agent_hostname = x_tks_agent_hostname.value; - tks_agent_port = x_tks_agent_port.value; - tks_admin_hostname = x_tks_admin_hostname.value; - tks_admin_port = x_tks_admin_port.value; + tks_agent_hostname = set_default(x_tks_agent_hostname.value, "empty"); + tks_agent_port = set_default(x_tks_agent_port.value, "13443"); + tks_hostname = set_default(x_tks_hostname.value, tks_agent_hostname); + tks_ssl_port = set_default(x_tks_ssl_port.value, tks_agent_port); + tks_admin_hostname = set_default(x_tks_admin_hostname.value, "empty"); + tks_admin_port = set_default(x_tks_admin_port.value, "13445"); - drm_agent_hostname = x_drm_agent_hostname.value; - drm_agent_port = x_drm_agent_port.value; - drm_admin_hostname = x_drm_admin_hostname.value; - drm_admin_port = x_drm_admin_port.value; + drm_agent_hostname = set_default(x_drm_agent_hostname.value, "empty"); + drm_agent_port = set_default(x_drm_agent_port.value, "10443"); + drm_hostname = set_default(x_drm_hostname.value, drm_agent_hostname); + drm_ssl_port = set_default(x_drm_ssl_port.value, drm_agent_port); + drm_admin_hostname = set_default(x_drm_admin_hostname.value, "empty"); + drm_admin_port = set_default(x_drm_admin_port.value, "10445"); client_certdb_dir = x_client_certdb_dir.value; client_token_name = x_client_token_name.value; @@ -1358,13 +1418,13 @@ subsystem_name = x_subsystem_name.value ; - ca_issuance_url = x_ca_issuance_url.value; + ca_issuance_url = set_default(x_ca_issuance_url.value, "empty"); - tks_key_management_url = x_tks_key_management_url.value; + tks_key_management_url = set_default(x_tks_key_management_url.value, "empty"); - drm_server_side_keygen_url = x_drm_server_side_keygen_url.value; + drm_server_side_keygen_url = set_default(x_drm_server_side_keygen_url.value, "empty"); - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); Index: base/silent/src/subca/ConfigureSubCA.java =================================================================== --- base/silent/src/subca/ConfigureSubCA.java (revision 2625) +++ base/silent/src/subca/ConfigureSubCA.java (working copy) @@ -1219,7 +1219,7 @@ x_subsystem_name); parser.addOption ( - "-ca_domain_url %s #URL to CA used to Issue Certificates for SubCA Instance Creation", + "-ca_domain_url %s #URL to CA used to Issue Certificates for SubCA Instance Creation (optional but recommended for IP Port Separation)", x_ca_domain_url); parser.addOption ( @@ -1326,7 +1326,7 @@ backup_pwd = x_backup_pwd.value; subsystem_name = x_subsystem_name.value; - ca_domain_url = x_ca_domain_url.value; + ca_domain_url = set_default(x_ca_domain_url.value, "empty"); subca_sign_cert_subject_name = x_subca_sign_cert_subject_name.value ; subca_subsystem_cert_subject_name =