Stand-alone DRM

* TRAC Ticket #667 - provide option for ca-less drm install
author: Matthew Harmsen <mharmsen@redhat.com> 2013-10-15 17:55:05 -0700
committer: Matthew Harmsen <mharmsen@redhat.com> 2013-10-15 17:59:23 -0700
commit: 47c77a67d67cb443070137fd9b8d64955d499089 (patch)
tree: 12b7588f34a80a74c000e77b19017ec941ad5231 /base/ca/shared/profiles
parent: 618be8bd7e9488a325789232c94aad109f9b6803 (diff)
download: pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.gz
pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.xz
pki-47c77a67d67cb443070137fd9b8d64955d499089.zip
3 files changed, 256 insertions, 0 deletions
diff --git a/base/ca/shared/profiles/ca/AdminCert.cfg b/base/ca/shared/profiles/ca/AdminCert.cfg
new file mode 100644
index 000000000..a54a1b755
--- /dev/null
+++ b/base/ca/shared/profiles/ca/AdminCert.cfg
@@ -0,0 +1,86 @@
+desc=This certificate profile is for enrolling Administrator's certificates suitable for use by clients such as browsers.
+visible=true
+enable=true
+enableBy=admin
+auth.instance_id=
+name=Manual Administrator Certificate Enrollment
+input.list=i1,i2,i3
+input.i1.class_id=certReqInputImpl
+input.i2.class_id=submitterInfoInputImpl
+input.i3.class_id=subjectDNInputImpl
+output.list=o1
+output.o1.class_id=certOutputImpl
+policyset.list=adminCertSet
+policyset.adminCertSet.list=1,2,3,4,5,6,7,8
+policyset.adminCertSet.1.constraint.class_id=subjectNameConstraintImpl
+policyset.adminCertSet.1.constraint.name=Subject Name Constraint
+policyset.adminCertSet.1.constraint.params.pattern=.*
+policyset.adminCertSet.1.constraint.params.accept=true
+policyset.adminCertSet.1.default.class_id=userSubjectNameDefaultImpl
+policyset.adminCertSet.1.default.name=Subject Name Default
+policyset.adminCertSet.1.default.params.name=
+policyset.adminCertSet.2.constraint.class_id=validityConstraintImpl
+policyset.adminCertSet.2.constraint.name=Validity Constraint
+policyset.adminCertSet.2.constraint.params.range=365
+policyset.adminCertSet.2.constraint.params.notBeforeCheck=false
+policyset.adminCertSet.2.constraint.params.notAfterCheck=false
+policyset.adminCertSet.2.default.class_id=validityDefaultImpl
+policyset.adminCertSet.2.default.name=Validity Default
+policyset.adminCertSet.2.default.params.range=365
+policyset.adminCertSet.2.default.params.startTime=0
+policyset.adminCertSet.3.constraint.class_id=keyConstraintImpl
+policyset.adminCertSet.3.constraint.name=Key Constraint
+policyset.adminCertSet.3.constraint.params.keyType=RSA
+policyset.adminCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.adminCertSet.3.default.class_id=userKeyDefaultImpl
+policyset.adminCertSet.3.default.name=Key Default
+policyset.adminCertSet.4.constraint.class_id=noConstraintImpl
+policyset.adminCertSet.4.constraint.name=No Constraint
+policyset.adminCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
+policyset.adminCertSet.4.default.name=Authority Key Identifier Default
+policyset.adminCertSet.5.constraint.class_id=noConstraintImpl
+policyset.adminCertSet.5.constraint.name=No Constraint
+policyset.adminCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
+policyset.adminCertSet.5.default.name=AIA Extension Default
+policyset.adminCertSet.5.default.params.authInfoAccessADEnable_0=true
+policyset.adminCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
+policyset.adminCertSet.5.default.params.authInfoAccessADLocation_0=
+policyset.adminCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+policyset.adminCertSet.5.default.params.authInfoAccessCritical=false
+policyset.adminCertSet.5.default.params.authInfoAccessNumADs=1
+policyset.adminCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
+policyset.adminCertSet.6.constraint.name=Key Usage Extension Constraint
+policyset.adminCertSet.6.constraint.params.keyUsageCritical=true
+policyset.adminCertSet.6.constraint.params.keyUsageDigitalSignature=true
+policyset.adminCertSet.6.constraint.params.keyUsageNonRepudiation=true
+policyset.adminCertSet.6.constraint.params.keyUsageDataEncipherment=true
+policyset.adminCertSet.6.constraint.params.keyUsageKeyEncipherment=true
+policyset.adminCertSet.6.constraint.params.keyUsageKeyAgreement=false
+policyset.adminCertSet.6.constraint.params.keyUsageKeyCertSign=false
+policyset.adminCertSet.6.constraint.params.keyUsageCrlSign=false
+policyset.adminCertSet.6.constraint.params.keyUsageEncipherOnly=false
+policyset.adminCertSet.6.constraint.params.keyUsageDecipherOnly=false
+policyset.adminCertSet.6.default.class_id=keyUsageExtDefaultImpl
+policyset.adminCertSet.6.default.name=Key Usage Default
+policyset.adminCertSet.6.default.params.keyUsageCritical=true
+policyset.adminCertSet.6.default.params.keyUsageDigitalSignature=true
+policyset.adminCertSet.6.default.params.keyUsageNonRepudiation=true
+policyset.adminCertSet.6.default.params.keyUsageDataEncipherment=true
+policyset.adminCertSet.6.default.params.keyUsageKeyEncipherment=true
+policyset.adminCertSet.6.default.params.keyUsageKeyAgreement=false
+policyset.adminCertSet.6.default.params.keyUsageKeyCertSign=false
+policyset.adminCertSet.6.default.params.keyUsageCrlSign=false
+policyset.adminCertSet.6.default.params.keyUsageEncipherOnly=false
+policyset.adminCertSet.6.default.params.keyUsageDecipherOnly=false
+policyset.adminCertSet.7.constraint.class_id=noConstraintImpl
+policyset.adminCertSet.7.constraint.name=No Constraint
+policyset.adminCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
+policyset.adminCertSet.7.default.name=Extended Key Usage Extension Default
+policyset.adminCertSet.7.default.params.exKeyUsageCritical=false
+policyset.adminCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4
+policyset.adminCertSet.8.constraint.class_id=signingAlgConstraintImpl
+policyset.adminCertSet.8.constraint.name=No Constraint
+policyset.adminCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.adminCertSet.8.default.class_id=signingAlgDefaultImpl
+policyset.adminCertSet.8.default.name=Signing Alg
+policyset.adminCertSet.8.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caStorageCert.cfg b/base/ca/shared/profiles/ca/caStorageCert.cfg
new file mode 100644
index 000000000..3d99883cd
--- /dev/null
+++ b/base/ca/shared/profiles/ca/caStorageCert.cfg
@@ -0,0 +1,85 @@
+desc=This certificate profile is for enrolling Data Recovery Manager storage certificates.
+visible=true
+enable=true
+enableBy=admin
+auth.class.id=
+name=Manual Data Recovery Manager Storage Certificate Enrollment
+input.list=i1,i2
+input.i1.class_id=certReqInputImpl
+input.i2.class_id=submitterInfoInputImpl
+output.list=o1
+output.o1.class_id=certOutputImpl
+policyset.list=drmStorageCertSet
+policyset.drmStorageCertSet.list=1,2,3,4,5,6,7,9
+policyset.drmStorageCertSet.1.constraint.class_id=subjectNameConstraintImpl
+policyset.drmStorageCertSet.1.constraint.name=Subject Name Constraint
+policyset.drmStorageCertSet.1.constraint.params.pattern=CN=.*
+policyset.drmStorageCertSet.1.constraint.params.accept=true
+policyset.drmStorageCertSet.1.default.class_id=userSubjectNameDefaultImpl
+policyset.drmStorageCertSet.1.default.name=Subject Name Default
+policyset.drmStorageCertSet.1.default.params.name=
+policyset.drmStorageCertSet.2.constraint.class_id=validityConstraintImpl
+policyset.drmStorageCertSet.2.constraint.name=Validity Constraint
+policyset.drmStorageCertSet.2.constraint.params.range=720
+policyset.drmStorageCertSet.2.constraint.params.notBeforeCheck=false
+policyset.drmStorageCertSet.2.constraint.params.notAfterCheck=false
+policyset.drmStorageCertSet.2.default.class_id=validityDefaultImpl
+policyset.drmStorageCertSet.2.default.name=Validity Default
+policyset.drmStorageCertSet.2.default.params.range=720
+policyset.drmStorageCertSet.2.default.params.startTime=0
+policyset.drmStorageCertSet.3.constraint.class_id=keyConstraintImpl
+policyset.drmStorageCertSet.3.constraint.name=Key Constraint
+policyset.drmStorageCertSet.3.constraint.params.keyType=RSA
+policyset.drmStorageCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.drmStorageCertSet.3.default.class_id=userKeyDefaultImpl
+policyset.drmStorageCertSet.3.default.name=Key Default
+policyset.drmStorageCertSet.4.constraint.class_id=noConstraintImpl
+policyset.drmStorageCertSet.4.constraint.name=No Constraint
+policyset.drmStorageCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
+policyset.drmStorageCertSet.4.default.name=Authority Key Identifier Default
+policyset.drmStorageCertSet.5.constraint.class_id=noConstraintImpl
+policyset.drmStorageCertSet.5.constraint.name=No Constraint
+policyset.drmStorageCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
+policyset.drmStorageCertSet.5.default.name=AIA Extension Default
+policyset.drmStorageCertSet.5.default.params.authInfoAccessADEnable_0=true
+policyset.drmStorageCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
+policyset.drmStorageCertSet.5.default.params.authInfoAccessADLocation_0=
+policyset.drmStorageCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+policyset.drmStorageCertSet.5.default.params.authInfoAccessCritical=false
+policyset.drmStorageCertSet.5.default.params.authInfoAccessNumADs=1
+policyset.drmStorageCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
+policyset.drmStorageCertSet.6.constraint.name=Key Usage Extension Constraint
+policyset.drmStorageCertSet.6.constraint.params.keyUsageCritical=true
+policyset.drmStorageCertSet.6.constraint.params.keyUsageDigitalSignature=true
+policyset.drmStorageCertSet.6.constraint.params.keyUsageNonRepudiation=true
+policyset.drmStorageCertSet.6.constraint.params.keyUsageDataEncipherment=true
+policyset.drmStorageCertSet.6.constraint.params.keyUsageKeyEncipherment=true
+policyset.drmStorageCertSet.6.constraint.params.keyUsageKeyAgreement=false
+policyset.drmStorageCertSet.6.constraint.params.keyUsageKeyCertSign=false
+policyset.drmStorageCertSet.6.constraint.params.keyUsageCrlSign=false
+policyset.drmStorageCertSet.6.constraint.params.keyUsageEncipherOnly=false
+policyset.drmStorageCertSet.6.constraint.params.keyUsageDecipherOnly=false
+policyset.drmStorageCertSet.6.default.class_id=keyUsageExtDefaultImpl
+policyset.drmStorageCertSet.6.default.name=Key Usage Default
+policyset.drmStorageCertSet.6.default.params.keyUsageCritical=true
+policyset.drmStorageCertSet.6.default.params.keyUsageDigitalSignature=true
+policyset.drmStorageCertSet.6.default.params.keyUsageNonRepudiation=true
+policyset.drmStorageCertSet.6.default.params.keyUsageDataEncipherment=true
+policyset.drmStorageCertSet.6.default.params.keyUsageKeyEncipherment=true
+policyset.drmStorageCertSet.6.default.params.keyUsageKeyAgreement=false
+policyset.drmStorageCertSet.6.default.params.keyUsageKeyCertSign=false
+policyset.drmStorageCertSet.6.default.params.keyUsageCrlSign=false
+policyset.drmStorageCertSet.6.default.params.keyUsageEncipherOnly=false
+policyset.drmStorageCertSet.6.default.params.keyUsageDecipherOnly=false
+policyset.drmStorageCertSet.7.constraint.class_id=noConstraintImpl
+policyset.drmStorageCertSet.7.constraint.name=No Constraint
+policyset.drmStorageCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
+policyset.drmStorageCertSet.7.default.name=Extended Key Usage Extension Default
+policyset.drmStorageCertSet.7.default.params.exKeyUsageCritical=false
+policyset.drmStorageCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
+policyset.drmStorageCertSet.9.constraint.class_id=signingAlgConstraintImpl
+policyset.drmStorageCertSet.9.constraint.name=No Constraint
+policyset.drmStorageCertSet.9.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.drmStorageCertSet.9.default.class_id=signingAlgDefaultImpl
+policyset.drmStorageCertSet.9.default.name=Signing Alg
+policyset.drmStorageCertSet.9.default.params.signingAlg=-
diff --git a/base/ca/shared/profiles/ca/caSubsystemCert.cfg b/base/ca/shared/profiles/ca/caSubsystemCert.cfg
new file mode 100644
index 000000000..41a710fc7
--- /dev/null
+++ b/base/ca/shared/profiles/ca/caSubsystemCert.cfg
@@ -0,0 +1,85 @@
+desc=This certificate profile is for enrolling subsystem certificates.
+visible=true
+enable=true
+enableBy=admin
+auth.class_id=
+name=Manual Subsystem Certificate Enrollment
+input.list=i1,i2
+input.i1.class_id=certReqInputImpl
+input.i2.class_id=submitterInfoInputImpl
+output.list=o1
+output.o1.class_id=certOutputImpl
+policyset.list=serverCertSet
+policyset.serverCertSet.list=1,2,3,4,5,6,7,8
+policyset.serverCertSet.1.constraint.class_id=subjectNameConstraintImpl
+policyset.serverCertSet.1.constraint.name=Subject Name Constraint
+policyset.serverCertSet.1.constraint.params.pattern=CN=.*
+policyset.serverCertSet.1.constraint.params.accept=true
+policyset.serverCertSet.1.default.class_id=userSubjectNameDefaultImpl
+policyset.serverCertSet.1.default.name=Subject Name Default
+policyset.serverCertSet.1.default.params.name=
+policyset.serverCertSet.2.constraint.class_id=validityConstraintImpl
+policyset.serverCertSet.2.constraint.name=Validity Constraint
+policyset.serverCertSet.2.constraint.params.range=720
+policyset.serverCertSet.2.constraint.params.notBeforeCheck=false
+policyset.serverCertSet.2.constraint.params.notAfterCheck=false
+policyset.serverCertSet.2.default.class_id=validityDefaultImpl
+policyset.serverCertSet.2.default.name=Validity Default
+policyset.serverCertSet.2.default.params.range=720
+policyset.serverCertSet.2.default.params.startTime=0
+policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
+policyset.serverCertSet.3.constraint.name=Key Constraint
+policyset.serverCertSet.3.constraint.params.keyType=-
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521
+policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
+policyset.serverCertSet.3.default.name=Key Default
+policyset.serverCertSet.4.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.4.constraint.name=No Constraint
+policyset.serverCertSet.4.default.class_id=authorityKeyIdentifierExtDefaultImpl
+policyset.serverCertSet.4.default.name=Authority Key Identifier Default
+policyset.serverCertSet.5.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.5.constraint.name=No Constraint
+policyset.serverCertSet.5.default.class_id=authInfoAccessExtDefaultImpl
+policyset.serverCertSet.5.default.name=AIA Extension Default
+policyset.serverCertSet.5.default.params.authInfoAccessADEnable_0=true
+policyset.serverCertSet.5.default.params.authInfoAccessADLocationType_0=URIName
+policyset.serverCertSet.5.default.params.authInfoAccessADLocation_0=
+policyset.serverCertSet.5.default.params.authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1
+policyset.serverCertSet.5.default.params.authInfoAccessCritical=false
+policyset.serverCertSet.5.default.params.authInfoAccessNumADs=1
+policyset.serverCertSet.6.constraint.class_id=keyUsageExtConstraintImpl
+policyset.serverCertSet.6.constraint.name=Key Usage Extension Constraint
+policyset.serverCertSet.6.constraint.params.keyUsageCritical=true
+policyset.serverCertSet.6.constraint.params.keyUsageDigitalSignature=true
+policyset.serverCertSet.6.constraint.params.keyUsageNonRepudiation=true
+policyset.serverCertSet.6.constraint.params.keyUsageDataEncipherment=true
+policyset.serverCertSet.6.constraint.params.keyUsageKeyEncipherment=true
+policyset.serverCertSet.6.constraint.params.keyUsageKeyAgreement=false
+policyset.serverCertSet.6.constraint.params.keyUsageKeyCertSign=false
+policyset.serverCertSet.6.constraint.params.keyUsageCrlSign=false
+policyset.serverCertSet.6.constraint.params.keyUsageEncipherOnly=false
+policyset.serverCertSet.6.constraint.params.keyUsageDecipherOnly=false
+policyset.serverCertSet.6.default.class_id=keyUsageExtDefaultImpl
+policyset.serverCertSet.6.default.name=Key Usage Default
+policyset.serverCertSet.6.default.params.keyUsageCritical=true
+policyset.serverCertSet.6.default.params.keyUsageDigitalSignature=true
+policyset.serverCertSet.6.default.params.keyUsageNonRepudiation=true
+policyset.serverCertSet.6.default.params.keyUsageDataEncipherment=true
+policyset.serverCertSet.6.default.params.keyUsageKeyEncipherment=true
+policyset.serverCertSet.6.default.params.keyUsageKeyAgreement=false
+policyset.serverCertSet.6.default.params.keyUsageKeyCertSign=false
+policyset.serverCertSet.6.default.params.keyUsageCrlSign=false
+policyset.serverCertSet.6.default.params.keyUsageEncipherOnly=false
+policyset.serverCertSet.6.default.params.keyUsageDecipherOnly=false
+policyset.serverCertSet.7.constraint.class_id=noConstraintImpl
+policyset.serverCertSet.7.constraint.name=No Constraint
+policyset.serverCertSet.7.default.class_id=extendedKeyUsageExtDefaultImpl
+policyset.serverCertSet.7.default.name=Extended Key Usage Extension Default
+policyset.serverCertSet.7.default.params.exKeyUsageCritical=false
+policyset.serverCertSet.7.default.params.exKeyUsageOIDs=1.3.6.1.5.5.7.3.2
+policyset.serverCertSet.8.constraint.class_id=signingAlgConstraintImpl
+policyset.serverCertSet.8.constraint.name=No Constraint
+policyset.serverCertSet.8.constraint.params.signingAlgsAllowed=SHA1withRSA,SHA256withRSA,SHA512withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC
+policyset.serverCertSet.8.default.class_id=signingAlgDefaultImpl
+policyset.serverCertSet.8.default.name=Signing Alg
+policyset.serverCertSet.8.default.params.signingAlg=-
author	Matthew Harmsen <mharmsen@redhat.com>	2013-10-15 17:55:05 -0700
committer	Matthew Harmsen <mharmsen@redhat.com>	2013-10-15 17:59:23 -0700
commit	47c77a67d67cb443070137fd9b8d64955d499089 (patch)
tree	12b7588f34a80a74c000e77b19017ec941ad5231 /base/ca/shared/profiles
parent	618be8bd7e9488a325789232c94aad109f9b6803 (diff)
download	pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.gz pki-47c77a67d67cb443070137fd9b8d64955d499089.tar.xz pki-47c77a67d67cb443070137fd9b8d64955d499089.zip