summaryrefslogtreecommitdiffstats
path: root/base/ca/shared/webapps/ca/WEB-INF
diff options
context:
space:
mode:
authorChristina Fu <cfu@redhat.com>2017-06-26 18:09:55 -0700
committerChristina Fu <cfu@redhat.com>2017-07-07 16:51:22 -0700
commit65b1242cd139e6306fb3e039193a3a6b223ea9b1 (patch)
treef192920abad6f9c9546503ad07521c5a9e2aca4d /base/ca/shared/webapps/ca/WEB-INF
parent876d13c6d20e7e1235b9efbd601b47315debb492 (diff)
downloadpki-65b1242cd139e6306fb3e039193a3a6b223ea9b1.tar.gz
pki-65b1242cd139e6306fb3e039193a3a6b223ea9b1.tar.xz
pki-65b1242cd139e6306fb3e039193a3a6b223ea9b1.zip
Ticket #2757 CMC enrollment profiles for system certificates
This patch supports CMC-based system certificate requests. This patch contains the following: * The code in CMCAuth (agent-based) to check ssl client auth cert against the CMC signing cert * The cmc-based system enrollment profiles: caCMCauditSigningCert.cfg caCMCcaCert.cfg caCMCkraStorageCert.cfg caCMCkraTransportCert.cfg caCMCocspCert.cfg caCMCserverCert.cfg caCMCsubsystemCert.cfg * new URI's in web.xml as new access points Usage example can be found here: http://pki.fedoraproject.org/wiki/PKI_10.4_CMC_Feature_Update_(RFC5272)#Examples_.28System_Certificates.29
Diffstat (limited to 'base/ca/shared/webapps/ca/WEB-INF')
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/web.xml196
1 files changed, 196 insertions, 0 deletions
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index a55014215..266604985 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -1553,6 +1553,167 @@
</servlet>
<servlet>
+ <servlet-name> caProfileSubmitCMCFullCACert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCcaCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name> caProfileSubmitCMCFullServerCert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCserverCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name> caProfileSubmitCMCFullOCSPCert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCocspCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name> caProfileSubmitCMCFullSubsystemCert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCsubsystemCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name> caProfileSubmitCMCFullAuditSigningCert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCauditSigningCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name> caProfileSubmitCMCFullKRATransportCert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCkraTransportCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
+ <servlet-name> caProfileSubmitCMCFullKRAstorageCert </servlet-name>
+ <servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
+ <init-param><param-name> GetClientCert </param-name>
+ <param-value> false </param-value> </init-param>
+ <init-param><param-name> cert_request_type </param-name>
+ <param-value> cmc </param-value> </init-param>
+ <init-param><param-name> profileId </param-name>
+ <param-value> caCMCkraStorageCert </param-value> </init-param>
+ <init-param><param-name> AuthzMgr </param-name>
+ <param-value> BasicAclAuthz </param-value> </init-param>
+ <init-param><param-name> authorityId </param-name>
+ <param-value> ca </param-value> </init-param>
+ <init-param><param-name> ID </param-name>
+ <param-value> caProfileSubmitCMCFull </param-value> </init-param>
+ <init-param><param-name> templatePath </param-name>
+ <param-value> /ee/ca/ProfileSubmit.template </param-value> </init-param>
+ <init-param><param-name> resourceID </param-name>
+ <param-value> certServer.ee.profile </param-value> </init-param>
+ <init-param><param-name> interface </param-name>
+ <param-value> ee </param-value> </init-param>
+ </servlet>
+
+ <servlet>
<servlet-name> caProfileSubmitUserSignedCMCFull </servlet-name>
<servlet-class> com.netscape.cms.servlet.profile.ProfileSubmitCMCServlet </servlet-class>
<init-param><param-name> GetClientCert </param-name>
@@ -2303,6 +2464,41 @@
</servlet-mapping>
<servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullCACert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullCACert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullServerCert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullServerCert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullOCSPCert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullOCSPCert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullSubsystemCert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullSubsystemCert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullAuditSigningCert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullAuditSigningCert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullKRATransportCert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullKRAtransportCert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
+ <servlet-name> caProfileSubmitCMCFullKRAstorageCert </servlet-name>
+ <url-pattern> /ee/ca/profileSubmitCMCFullKRAstorageCert </url-pattern>
+ </servlet-mapping>
+
+ <servlet-mapping>
<servlet-name> caProfileSubmitUserSignedCMCFull </servlet-name>
<url-pattern> /ee/ca/profileSubmitUserSignedCMCFull </url-pattern>
</servlet-mapping>
generated by cgit (git 2.34.1) at 2024-06-07 21:36:07 +0000