Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments . . .

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1915 c9f7a03b-bd48-0410-a16d-cbbf54688b0b

6 files changed, 74 insertions, 77 deletions

diff --git a/pki/base/ca/shared/conf/CS.cfg.in b/pki/base/ca/shared/conf/CS.cfg.in
index df2dfd6f9..90eeb5077 100644
--- a/pki/base/ca/shared/conf/CS.cfg.in
+++ b/pki/base/ca/shared/conf/CS.cfg.in
@@ -1,7 +1,6 @@
-#
-#cs.state=0 (pre-operational)
-#cs.state=1 (running)
-#
+_000=##
+_001=## Certificate Authority (CA) Configuration File
+_002=##
 pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
 pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
 pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
@@ -21,6 +20,10 @@ preop.product.name=CS
 preop.product.version=@VERSION@
 preop.system.name=CA
 preop.system.fullname=Certificate Authority
+cs.state._000=##
+cs.state._001=## cs.state=0 (pre-operational)
+cs.state._002=## cs.state=1 (running)
+cs.state._003=##
 cs.state=0
 cs.type=CA
 authType=pwd
@@ -206,16 +209,24 @@ ca.maxNumberOfNonces=100
 ca.reqdbInc=20
 ca.transitMaxRecords=1000000
 ca.transitRecordPageSize=200
-# maxSearchReturns - limits number of search results returned by SearchReqs and SrchCerts
-# ca.maxSearchReturns=1000
+ca.maxSearchReturns._000=##
+ca.maxSearchReturns._001=## limits number of search results
+ca.maxSearchReturns._002=## returned by SearchReqs and SrchCerts
+ca.maxSearchReturns._003=##
+ca.maxSearchReturns=1000
+ca.scep._000=##
+ca.scep._001=## Enable the following parameters to enable SCEP requests
+ca.scep._002=## to be signed by a separate key pair:
+ca.scep._003=##
+ca.scep._004=##     ca.scep.nickname=
+ca.scep._005=##     ca.scep.tokenname=
+ca.scep._006=##
 ca.scep.enable=false
 ca.scep.hashAlgorithm=SHA1
 ca.scep.allowedHashAlgorithms=SHA1,SHA256,SHA512
 ca.scep.encryptionAlgorithm=DES3
 ca.scep.allowedEncryptionAlgorithms=DES3
 ca.scep.nonceSizeLimit=16
-## ca.scep.nickname=
-## ca.scep.tokenname=
 ca.Policy._000=##
 ca.Policy._001=## Certificate Policy Framework (deprecated)
 ca.Policy._002=##
diff --git a/pki/base/kra/shared/conf/CS.cfg.in b/pki/base/kra/shared/conf/CS.cfg.in
index 66fcf3d33..00635c18d 100644
--- a/pki/base/kra/shared/conf/CS.cfg.in
+++ b/pki/base/kra/shared/conf/CS.cfg.in
@@ -1,3 +1,6 @@
+_000=##
+_001=## Data Recovery Manager (DRM) Configuration File
+_002=##
 pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
 pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
 pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
diff --git a/pki/base/ocsp/shared/conf/CS.cfg.in b/pki/base/ocsp/shared/conf/CS.cfg.in
index d04fde395..59eea87b4 100644
--- a/pki/base/ocsp/shared/conf/CS.cfg.in
+++ b/pki/base/ocsp/shared/conf/CS.cfg.in
@@ -1,8 +1,6 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2006 Red Hat, Inc.
-# All rights reserved.
-# --- END COPYRIGHT BLOCK ---
-#
+_000=##
+_001=## Online Certificate Status Protocol (OCSP) Responder Configuration File
+_002=##
 pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
 pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
 pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
diff --git a/pki/base/ra/doc/CS.cfg.in b/pki/base/ra/doc/CS.cfg.in
index 4fea4674f..498db843f 100644
--- a/pki/base/ra/doc/CS.cfg.in
+++ b/pki/base/ra/doc/CS.cfg.in
@@ -1,21 +1,6 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; version 2 of the License.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License along
-# with this program; if not, write to the Free Software Foundation, Inc.,
-# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
-#
-# Copyright (C) 2007 Red Hat, Inc.
-# All rights reserved.
-# --- END COPYRIGHT BLOCK ---
-#
+_000=##
+_001=## Registration Authority (RA) Configuration File
+_002=##
 pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
 pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
 pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
diff --git a/pki/base/tks/shared/conf/CS.cfg.in b/pki/base/tks/shared/conf/CS.cfg.in
index 55728356e..2ac14eedc 100644
--- a/pki/base/tks/shared/conf/CS.cfg.in
+++ b/pki/base/tks/shared/conf/CS.cfg.in
@@ -1,10 +1,5 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2006 Red Hat, Inc.
-# All rights reserved.
-# --- END COPYRIGHT BLOCK ---
-#
 _000=##
-_001=## File Created On     : Mon Oct 10 15:57:03 PDT 2005
+_001=## Token Key Service (TKS) Configuration File
 _002=##
 pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
 pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
diff --git a/pki/base/tps/doc/CS.cfg.in b/pki/base/tps/doc/CS.cfg.in
index 2bbf81077..7ec1e2876 100644
--- a/pki/base/tps/doc/CS.cfg.in
+++ b/pki/base/tps/doc/CS.cfg.in
@@ -1,23 +1,6 @@
-# --- BEGIN COPYRIGHT BLOCK ---
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation;
-# version 2.1 of the License.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor,
-# Boston, MA  02110-1301  USA
-#
-# Copyright (C) 2007 Red Hat, Inc.
-# All rights reserved.
-# --- END COPYRIGHT BLOCK ---
-#
+_000=##
+_001=## Token Processing System (TPS) Configuration File
+_002=##
 pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
 pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
 pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
@@ -363,11 +346,17 @@ channel.encryption=true
 channel.blocksize=248
 channel.defKeyVersion=0
 channel.defKeyIndex=0
-#Config the size of memory managed memory in the applet
-#Default is 5000, try not go get close to the instanceSize
-#Which defaults to 18000
-#channel.instanceSize=18000
-#channel.appletMemorySize=5000
+# NOTE:  Since the following comments will be 'scrubbed' from any TPS
+#        instance's configuration file, they will ONLY be viewable in
+#        the '/usr/share/pki/tps/conf/CS.cfg' TPS subsystem template!
+#
+#        Config the size of memory managed memory in the applet
+#        Default is 5000, try not go get close to the instanceSize
+#        which defaults to 18000:
+#
+#            * channel.instanceSize=18000
+#            * channel.appletMemorySize=5000
+#
 preop.pin=[PKI_RANDOM_NUMBER]
 preop.product.version=@VERSION@
 preop.cert._000=#########################################
@@ -649,12 +638,20 @@ op.enroll.userKey._074=#
 op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary.
 op.enroll.userKey._076=# Make sure the profile specified by the profileId to have
 op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate.
-op.enroll.userKey._078=#########################################
+op.enroll.userKey._078=#
+op.enroll.userKey._079=# The three recovery schemes supported are:
+op.enroll.userKey._080=#
+op.enroll.userKey._081=# * GenerateNewKey               - Generate a new
+op.enroll.userKey._082=#                                  cert for the
+op.enroll.userKey._083=#                                  encryption cert.
+op.enroll.userKey._084=# * RecoverLast                  - Recover the most
+op.enroll.userKey._085=#                                  recent cert for the
+op.enroll.userKey._086=#                                  encryption cert.
+op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND
+op.enroll.userKey._088=#                                  recover last for
+op.enroll.userKey._089=#                                  encryption cert.
+op.enroll.userKey._090=#########################################
 op.enroll.allowUnknownToken=true
-#The three recovery schemes supported are:
-# GenerateNewKey - Generate a new cert for the encryption cert.
-# RecoverLast - Recover the most recent cert for the encryption cert.
-# GenerateNewKeyandRecoverLast - Generate new cert AND recover last for encryption cert.
 op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
 op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2
 op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing
@@ -937,28 +934,36 @@ op.enroll.userKeyTemporary.tks.conn=tks1
 op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000
 op.enroll.userKeyTemporary.auth.id=ldap1
 op.enroll.userKeyTemporary.auth.enable=true
-# Token Renewal.
-# For each token in TPS UI set the following:
-#     RENEW=YES
-# To trigger renewal operations.
+op.enroll.userKey.renewal._000=#########################################
+op.enroll.userKey.renewal._001=# Token Renewal.
+op.enroll.userKey.renewal._002=#
+op.enroll.userKey.renewal._003=# For each token in TPS UI, set the
+op.enroll.userKey.renewal._004=# following to trigger renewal
+op.enroll.userKey.renewal._005=# operations:
+op.enroll.userKey.renewal._006=#
+op.enroll.userKey.renewal._007=#     RENEW=YES
+op.enroll.userKey.renewal._008=#
+op.enroll.userKey.renewal._009=# Optional grace period enforcement
+op.enroll.userKey.renewal._010=# must coincide exactly with what
+op.enroll.userKey.renewal._011=# the CA enforces.
+op.enroll.userKey.renewal._012=#
+op.enroll.userKey.renewal._013=# In case of renewal, encryption certId
+op.enroll.userKey.renewal._014=# values are for completeness only, server
+op.enroll.userKey.renewal._015=# code calculates actual values used.
+op.enroll.userKey.renewal._016=#
+op.enroll.userKey.renewal._017=#########################################
 op.enroll.userKey.renewal.keyType.num=2
 op.enroll.userKey.renewal.keyType.value.0=signing
 op.enroll.userKey.renewal.keyType.value.1=encryption
 op.enroll.userKey.renewal.signing.enable=true
-#optional grace period enforcement
-#must coincide exactly with what the CA enforces
 op.enroll.userKey.renewal.signing.gracePeriod.enable=false
 op.enroll.userKey.renewal.signing.gracePeriod.before=30
 op.enroll.userKey.renewal.signing.gracePeriod.after=30
 op.enroll.userKey.renewal.signing.certId=C1
-#in case of renewal, encryption certId values for completeness only
-#server code calculates actual values used.
 op.enroll.userKey.renewal.encryption.certId=C2
 op.enroll.userKey.renewal.signing.certAttrId=c1
 op.enroll.userKey.renewal.encryption.certAttrId=c2
 op.enroll.userKey.renewal.encryption.enable=true
-#optional grace period enforcement
-#must coincide exactly with what the CA enforces
 op.enroll.userKey.renewal.encryption.gracePeriod.enable=false
 op.enroll.userKey.renewal.encryption.gracePeriod.before=30
 op.enroll.userKey.renewal.encryption.gracePeriod.after=30