summaryrefslogtreecommitdiffstats
path: root/base/ca
diff options
context:
space:
mode:
authorMatthew Harmsen <mharmsen@redhat.com>2012-07-03 17:52:33 -0700
committerMatthew Harmsen <mharmsen@redhat.com>2012-07-19 10:15:56 -0700
commit0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4 (patch)
tree79c0152be9f49069e977d0156283dbed746e7cfb /base/ca
parent32b2670ba16084896e10ae27f7ce7b50313e375a (diff)
downloadpki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.gz
pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.tar.xz
pki-0ce6c97e4fe0e36786b78c273833b8f1dfbc12b4.zip
PKI Deployment Scriptlets
* Integration of Tomcat 7 * Introduction of dependency upon tomcatjss 7.0 * Removal of http filtering configuration mechanisms * Introduction of additional slot substitution to support revised filesystem layout * Addition of 'pkiuser' uid:gid creation methods * Inclusion of per instance '*.profile' files * Introduction of configurable 'configurationRoot' parameter * Introduction of default configuration of 'log4j' mechanism (alee) * Modify web.xml to use new Application classes to bootstrap servers (alee) * Introduction of "Wrapper" logic to support Tomcat 6 --> Tomcat 7 API change (jmagne) * Added jython helper function to allow attaching a remote java debugger (e. g. - eclipse)
Diffstat (limited to 'base/ca')
-rw-r--r--base/ca/shared/conf/CS.cfg.in145
-rw-r--r--base/ca/shared/webapps/ca/WEB-INF/web.xml139
2 files changed, 81 insertions, 203 deletions
diff --git a/base/ca/shared/conf/CS.cfg.in b/base/ca/shared/conf/CS.cfg.in
index 78c28435a..ca90d52d5 100644
--- a/base/ca/shared/conf/CS.cfg.in
+++ b/base/ca/shared/conf/CS.cfg.in
@@ -38,6 +38,7 @@ securitydomain.flushinterval=86400000
securitydomain.source=ldap
securitydomain.checkinterval=300000
instanceRoot=[PKI_INSTANCE_PATH]
+configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/
machineName=[PKI_MACHINE_NAME]
instanceId=[PKI_INSTANCE_ID]
pidDir=[PKI_PIDDIR]
@@ -180,7 +181,7 @@ auths.instance.AgentCertAuth.pluginName=AgentCertAuth
auths.instance.raCertAuth.agentGroup=Registration Manager Agents
auths.instance.raCertAuth.pluginName=AgentCertAuth
auths.instance.flatFileAuth.pluginName=FlatFileAuth
-auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/flatfile.txt
+auths.instance.flatFileAuth.fileName=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]flatfile.txt
auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
auths.revocationChecking.bufferSize=50
auths.revocationChecking.ca=ca
@@ -643,15 +644,15 @@ ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointName=
ca.crl.MasterCRL.extension.IssuingDistributionPoint.pointType=
ca.crl.MasterCRL.extension.IssuingDistributionPoint.type=CRLExtension
ca.notification.certIssued.emailSubject=Your Certificate Request
-ca.notification.certIssued.emailTemplate=[PKI_INSTANCE_PATH]/emails/certIssued_CA.html
+ca.notification.certIssued.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/certIssued_CA.html
ca.notification.certIssued.enabled=false
ca.notification.certIssued.senderEmail=
ca.notification.certRevoked.emailSubject=Your Certificate Revoked
-ca.notification.certRevoked.emailTemplate=[PKI_INSTANCE_PATH]/emails/certRevoked_CA.html
+ca.notification.certRevoked.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/certRevoked_CA.html
ca.notification.certRevoked.enabled=false
ca.notification.certRevoked.senderEmail=
ca.notification.requestInQ.emailSubject=Certificate Request in Queue
-ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/emails/reqInQueue_CA.html
+ca.notification.requestInQ.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/reqInQueue_CA.html
ca.notification.requestInQ.enabled=false
ca.notification.requestInQ.recipientEmail=
ca.notification.requestInQ.senderEmail=
@@ -793,7 +794,7 @@ dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
debug.append=true
debug.enabled=true
-debug.filename=[PKI_INSTANCE_PATH]/logs/debug
+debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug
debug.hashkeytypes=
debug.level=0
debug.showcaller=false
@@ -815,8 +816,8 @@ internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false
preop.internaldb.schema.ldif=/usr/share/pki/ca/conf/schema.ldif
-preop.internaldb.ldif=/usr/share/pki/ca/conf/database.ldif
-preop.internaldb.data_ldif=/usr/share/pki/ca/conf/db.ldif,/usr/share/pki/ca/conf/acl.ldif
+preop.internaldb.ldif=/usr/share/pki/[PKI_SUBSYSTEM_DIR]conf/database.ldif
+preop.internaldb.data_ldif=/usr/share/pki/[PKI_SUBSYSTEM_DIR]conf/db.ldif,/usr/share/pki/ca/conf/acl.ldif
preop.internaldb.index_ldif=
preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif
preop.internaldb.post_ldif=/usr/share/pki/ca/conf/index.ldif,/usr/share/pki/ca/conf/vlv.ldif,/usr/share/pki/ca/conf/vlvtasks.ldif
@@ -833,25 +834,25 @@ jobsScheduler.impl.RequestInQueueJob.class=com.netscape.cms.jobs.RequestInQueueJ
jobsScheduler.impl.UnpublishExpiredJob.class=com.netscape.cms.jobs.UnpublishExpiredJob
jobsScheduler.job.certRenewalNotifier.cron=0 3 * * 1-5
jobsScheduler.job.certRenewalNotifier.emailSubject=Certificate Renewal Notification
-jobsScheduler.job.certRenewalNotifier.emailTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1.txt
+jobsScheduler.job.certRenewalNotifier.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/rnJob1.txt
jobsScheduler.job.certRenewalNotifier.enabled=false
jobsScheduler.job.certRenewalNotifier.notifyEndOffset=30
jobsScheduler.job.certRenewalNotifier.notifyTriggerOffset=30
jobsScheduler.job.certRenewalNotifier.pluginName=RenewalNotificationJob
jobsScheduler.job.certRenewalNotifier.senderEmail=
jobsScheduler.job.certRenewalNotifier.summary.emailSubject=Certificate Renewal Notification Summary
-jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1Summary.txt
+jobsScheduler.job.certRenewalNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/rnJob1Summary.txt
jobsScheduler.job.certRenewalNotifier.summary.enabled=true
-jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/rnJob1Item.txt
+jobsScheduler.job.certRenewalNotifier.summary.itemTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/rnJob1Item.txt
jobsScheduler.job.certRenewalNotifier.summary.recipientEmail=
jobsScheduler.job.certRenewalNotifier.summary.senderEmail=
jobsScheduler.job.publishCerts.cron=0 0 * * 2
jobsScheduler.job.publishCerts.enabled=false
jobsScheduler.job.publishCerts.pluginName=PublishCertsJob
jobsScheduler.job.publishCerts.summary.emailSubject=Certs Publishing Summary
-jobsScheduler.job.publishCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/publishCerts.html
+jobsScheduler.job.publishCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/publishCerts.html
jobsScheduler.job.publishCerts.summary.enabled=true
-jobsScheduler.job.publishCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/publishCertsItem.html
+jobsScheduler.job.publishCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/publishCertsItem.html
jobsScheduler.job.publishCerts.summary.recipientEmail=
jobsScheduler.job.publishCerts.summary.senderEmail=
jobsScheduler.job.requestInQueueNotifier.cron=0 0 * * 0
@@ -859,7 +860,7 @@ jobsScheduler.job.requestInQueueNotifier.enabled=false
jobsScheduler.job.requestInQueueNotifier.pluginName=RequestInQueueJob
jobsScheduler.job.requestInQueueNotifier.subsystemId=ca
jobsScheduler.job.requestInQueueNotifier.summary.emailSubject=Requests in Queue Summary Report
-jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/riq1Summary.html
+jobsScheduler.job.requestInQueueNotifier.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/riq1Summary.html
jobsScheduler.job.requestInQueueNotifier.summary.enabled=true
jobsScheduler.job.requestInQueueNotifier.summary.recipientEmail=
jobsScheduler.job.requestInQueueNotifier.summary.senderEmail=
@@ -867,9 +868,9 @@ jobsScheduler.job.unpublishExpiredCerts.cron=0 0 * * 6
jobsScheduler.job.unpublishExpiredCerts.enabled=false
jobsScheduler.job.unpublishExpiredCerts.pluginName=UnpublishExpiredJob
jobsScheduler.job.unpublishExpiredCerts.summary.emailSubject=Expired Certs Unpublished Summary
-jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/emails/euJob1.html
+jobsScheduler.job.unpublishExpiredCerts.summary.emailTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/euJob1.html
jobsScheduler.job.unpublishExpiredCerts.summary.enabled=true
-jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/emails/euJob1Item.html
+jobsScheduler.job.unpublishExpiredCerts.summary.itemTemplate=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]emails/euJob1Item.html
jobsScheduler.job.unpublishExpiredCerts.summary.recipientEmail=
jobsScheduler.job.unpublishExpiredCerts.summary.senderEmail=
jss._000=##
@@ -897,7 +898,7 @@ log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,SECURITY_DOMAIN_UPDATE,CONFIG_SERIAL_NUMBER
log.instance.SignedAudit.expirationTime=0
-log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/ca_audit
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/ca_audit
log.instance.SignedAudit.flushInterval=5
log.instance.SignedAudit.level=1
log.instance.SignedAudit.logSigning=false
@@ -913,7 +914,7 @@ log.instance.System._002=##
log.instance.System.bufferSize=512
log.instance.System.enable=true
log.instance.System.expirationTime=0
-log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system
log.instance.System.flushInterval=5
log.instance.System.level=3
log.instance.System.maxFileSize=2000
@@ -926,15 +927,15 @@ log.instance.Transactions._002=##
log.instance.Transactions.bufferSize=512
log.instance.Transactions.enable=true
log.instance.Transactions.expirationTime=0
-log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions
log.instance.Transactions.flushInterval=5
log.instance.Transactions.level=1
log.instance.Transactions.maxFileSize=2000
log.instance.Transactions.pluginName=file
log.instance.Transactions.rolloverInterval=2592000
log.instance.Transactions.type=transaction
-logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access
-logError.fileName=[PKI_INSTANCE_PATH]/logs/error
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error
oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
@@ -956,106 +957,106 @@ oidmap.subject_info_access.oid=1.3.6.1.5.5.7.1.11
os.userid=nobody
profile.list=caUserCert,caECUserCert,caUserSMIMEcapCert,caDualCert,caECDualCert,caSignedLogCert,caTPSCert,caRARouterCert,caRouterCert,caServerCert,caOtherCert,caCACert,caInstallCACert,caRACert,caOCSPCert,caTransportCert,caDirUserCert,caAgentServerCert,caAgentFileSigning,caCMCUserCert,caFullCMCUserCert,caSimpleCMCUserCert,caTokenDeviceKeyEnrollment,caTokenUserEncryptionKeyEnrollment,caTokenUserSigningKeyEnrollment,caTempTokenDeviceKeyEnrollment,caTempTokenUserEncryptionKeyEnrollment,caTempTokenUserSigningKeyEnrollment,caAdminCert,caInternalAuthServerCert,caInternalAuthTransportCert,caInternalAuthDRMstorageCert,caInternalAuthSubsystemCert,caInternalAuthOCSPCert,caInternalAuthAuditSigningCert,DomainController,caDualRAuserCert,caRAagentCert,caRAserverCert,caUUIDdeviceCert,caSSLClientSelfRenewal,caDirUserRenewal,caManualRenewal,caTokenMSLoginEnrollment,caTokenUserSigningKeyRenewal,caTokenUserEncryptionKeyRenewal,caJarSigningCert,caIPAserviceCert,caEncUserCert,caEncECUserCert
profile.caUUIDdeviceCert.class_id=caEnrollImpl
-profile.caUUIDdeviceCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUUIDdeviceCert.cfg
+profile.caUUIDdeviceCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caUUIDdeviceCert.cfg
profile.caManualRenewal.class_id=caEnrollImpl
-profile.caManualRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caManualRenewal.cfg
+profile.caManualRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caManualRenewal.cfg
profile.caDirUserRenewal.class_id=caEnrollImpl
-profile.caDirUserRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caDirUserRenewal.cfg
+profile.caDirUserRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDirUserRenewal.cfg
profile.caSSLClientSelfRenewal.class_id=caEnrollImpl
-profile.caSSLClientSelfRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caSSLClientSelfRenewal.cfg
+profile.caSSLClientSelfRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caSSLClientSelfRenewal.cfg
profile.DomainController.class_id=caEnrollImpl
-profile.DomainController.config=[PKI_INSTANCE_PATH]/profiles/ca/DomainController.cfg
+profile.DomainController.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/DomainController.cfg
profile.caAgentFileSigning.class_id=caEnrollImpl
-profile.caAgentFileSigning.config=[PKI_INSTANCE_PATH]/profiles/ca/caAgentFileSigning.cfg
+profile.caAgentFileSigning.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caAgentFileSigning.cfg
profile.caAgentServerCert.class_id=caEnrollImpl
-profile.caAgentServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caAgentServerCert.cfg
+profile.caAgentServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caAgentServerCert.cfg
profile.caRAserverCert.class_id=caEnrollImpl
-profile.caRAserverCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRAserverCert.cfg
+profile.caRAserverCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRAserverCert.cfg
profile.caCACert.class_id=caEnrollImpl
-profile.caCACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caCACert.cfg
+profile.caCACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caCACert.cfg
profile.caInstallCACert.class_id=caEnrollImpl
-profile.caInstallCACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInstallCACert.cfg
+profile.caInstallCACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInstallCACert.cfg
profile.caCMCUserCert.class_id=caEnrollImpl
-profile.caCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caCMCUserCert.cfg
+profile.caCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caCMCUserCert.cfg
profile.caDirUserCert.class_id=caEnrollImpl
-profile.caDirUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDirUserCert.cfg
+profile.caDirUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDirUserCert.cfg
profile.caDualCert.class_id=caEnrollImpl
-profile.caDualCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDualCert.cfg
+profile.caDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDualCert.cfg
profile.caECDualCert.class_id=caEnrollImpl
-profile.caECDualCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caECDualCert.cfg
+profile.caECDualCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caECDualCert.cfg
profile.caDualRAuserCert.class_id=caEnrollImpl
-profile.caDualRAuserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caDualRAuserCert.cfg
+profile.caDualRAuserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caDualRAuserCert.cfg
profile.caRAagentCert.class_id=caEnrollImpl
-profile.caRAagentCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRAagentCert.cfg
+profile.caRAagentCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRAagentCert.cfg
profile.caFullCMCUserCert.class_id=caEnrollImpl
-profile.caFullCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caFullCMCUserCert.cfg
+profile.caFullCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caFullCMCUserCert.cfg
profile.caInternalAuthOCSPCert.class_id=caEnrollImpl
-profile.caInternalAuthOCSPCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthOCSPCert.cfg
+profile.caInternalAuthOCSPCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthOCSPCert.cfg
profile.caInternalAuthAuditSigningCert.class_id=caEnrollImpl
-profile.caInternalAuthAuditSigningCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthAuditSigningCert.cfg
+profile.caInternalAuthAuditSigningCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthAuditSigningCert.cfg
profile.caInternalAuthServerCert.class_id=caEnrollImpl
-profile.caInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthServerCert.cfg
+profile.caInternalAuthServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthServerCert.cfg
profile.caInternalAuthSubsystemCert.class_id=caEnrollImpl
-profile.caInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthSubsystemCert.cfg
+profile.caInternalAuthSubsystemCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthSubsystemCert.cfg
profile.caInternalAuthDRMstorageCert.class_id=caEnrollImpl
-profile.caInternalAuthDRMstorageCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthDRMstorageCert.cfg
+profile.caInternalAuthDRMstorageCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthDRMstorageCert.cfg
profile.caInternalAuthTransportCert.class_id=caEnrollImpl
-profile.caInternalAuthTransportCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caInternalAuthTransportCert.cfg
+profile.caInternalAuthTransportCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caInternalAuthTransportCert.cfg
profile.caOCSPCert.class_id=caEnrollImpl
-profile.caOCSPCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caOCSPCert.cfg
+profile.caOCSPCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caOCSPCert.cfg
profile.caOtherCert.class_id=caEnrollImpl
-profile.caOtherCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caOtherCert.cfg
+profile.caOtherCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caOtherCert.cfg
profile.caRACert.class_id=caEnrollImpl
-profile.caRACert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRACert.cfg
+profile.caRACert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRACert.cfg
profile.caRARouterCert.class_id=caEnrollImpl
-profile.caRARouterCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRARouterCert.cfg
+profile.caRARouterCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRARouterCert.cfg
profile.caRouterCert.class_id=caEnrollImpl
-profile.caRouterCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caRouterCert.cfg
+profile.caRouterCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caRouterCert.cfg
profile.caServerCert.class_id=caEnrollImpl
-profile.caServerCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caServerCert.cfg
+profile.caServerCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caServerCert.cfg
profile.caSignedLogCert.class_id=caEnrollImpl
-profile.caSignedLogCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caSignedLogCert.cfg
+profile.caSignedLogCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caSignedLogCert.cfg
profile.caSimpleCMCUserCert.class_id=caEnrollImpl
-profile.caSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caSimpleCMCUserCert.cfg
+profile.caSimpleCMCUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caSimpleCMCUserCert.cfg
profile.caTPSCert.class_id=caEnrollImpl
-profile.caTPSCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caTPSCert.cfg
+profile.caTPSCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTPSCert.cfg
profile.caAdminCert.class_id=caEnrollImpl
-profile.caAdminCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caAdminCert.cfg
+profile.caAdminCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caAdminCert.cfg
profile.caTempTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
-profile.caTempTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
+profile.caTempTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
profile.caTempTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
-profile.caTempTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
+profile.caTempTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
profile.caTokenUserEncryptionKeyRenewal.class_id=caUserCertEnrollImpl
-profile.caTokenUserEncryptionKeyRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
+profile.caTokenUserEncryptionKeyRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
profile.caTempTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
-profile.caTempTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
+profile.caTempTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
profile.caTokenUserSigningKeyRenewal.class_id=caUserCertEnrollImpl
-profile.caTokenUserSigningKeyRenewal.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserSigningKeyRenewal.cfg
+profile.caTokenUserSigningKeyRenewal.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserSigningKeyRenewal.cfg
profile.caTokenDeviceKeyEnrollment.class_id=caUserCertEnrollImpl
-profile.caTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenDeviceKeyEnrollment.cfg
+profile.caTokenDeviceKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenDeviceKeyEnrollment.cfg
profile.caTokenUserEncryptionKeyEnrollment.class_id=caUserCertEnrollImpl
-profile.caTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
+profile.caTokenUserEncryptionKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
profile.caTokenUserSigningKeyEnrollment.class_id=caUserCertEnrollImpl
-profile.caTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
+profile.caTokenUserSigningKeyEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenUserSigningKeyEnrollment.cfg
profile.caTokenMSLoginEnrollment.class_id=caUserCertEnrollImpl
-profile.caTokenMSLoginEnrollment.config=[PKI_INSTANCE_PATH]/profiles/ca/caTokenMSLoginEnrollment.cfg
+profile.caTokenMSLoginEnrollment.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTokenMSLoginEnrollment.cfg
profile.caTransportCert.class_id=caEnrollImpl
-profile.caTransportCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caTransportCert.cfg
+profile.caTransportCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caTransportCert.cfg
profile.caUserCert.class_id=caEnrollImpl
-profile.caUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUserCert.cfg
+profile.caUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caUserCert.cfg
profile.caECUserCert.class_id=caEnrollImpl
-profile.caECUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caECUserCert.cfg
+profile.caECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caECUserCert.cfg
profile.caUserSMIMEcapCert.class_id=caEnrollImpl
-profile.caUserSMIMEcapCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caUserSMIMEcapCert.cfg
+profile.caUserSMIMEcapCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caUserSMIMEcapCert.cfg
profile.caJarSigningCert.class_id=caEnrollImpl
-profile.caJarSigningCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caJarSigningCert.cfg
+profile.caJarSigningCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caJarSigningCert.cfg
profile.caIPAserviceCert.class_id=caEnrollImpl
-profile.caIPAserviceCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caIPAserviceCert.cfg
+profile.caIPAserviceCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caIPAserviceCert.cfg
profile.caEncUserCert.class_id=caEnrollImpl
-profile.caEncUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caEncUserCert.cfg
+profile.caEncUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caEncUserCert.cfg
profile.caEncECUserCert.class_id=caEnrollImpl
-profile.caEncECUserCert.config=[PKI_INSTANCE_PATH]/profiles/ca/caEncECUserCert.cfg
-registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
+profile.caEncECUserCert.config=[PKI_INSTANCE_PATH]/[PKI_SUBSYSTEM_DIR]profiles/ca/caEncECUserCert.cfg
+registry.file=[PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]registry.cfg
processor.caProfileProcess.getClientCert=true
processor.caProfileProcess.authzMgr=BasicAclAuthz
processor.caProfileProcess.authorityId=ca
@@ -1096,7 +1097,7 @@ selftests.container.logger.bufferSize=512
selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
selftests.container.logger.enable=true
selftests.container.logger.expirationTime=0
-selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log
+selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log
selftests.container.logger.flushInterval=5
selftests.container.logger.level=1
selftests.container.logger.maxFileSize=2000
diff --git a/base/ca/shared/webapps/ca/WEB-INF/web.xml b/base/ca/shared/webapps/ca/WEB-INF/web.xml
index 692cb4898..8471d6cd4 100644
--- a/base/ca/shared/webapps/ca/WEB-INF/web.xml
+++ b/base/ca/shared/webapps/ca/WEB-INF/web.xml
@@ -3,90 +3,6 @@
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "file:///usr/share/pki/setup/web-app_2_3.dtd">
<web-app>
- <filter>
- <filter-name>AgentRequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.AgentRequestFilter</filter-class>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_AGENT_SECURE_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
- <filter>
- <filter-name>AdminRequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.AdminRequestFilter</filter-class>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_ADMIN_SECURE_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
- <filter>
- <filter-name>EERequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.EERequestFilter</filter-class>
- <init-param>
- <param-name>http_port</param-name>
- <param-value>[PKI_UNSECURE_PORT]</param-value>
- </init-param>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_EE_SECURE_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
- <init-param>
- <param-name>proxy_http_port</param-name>
- <param-value>[PKI_PROXY_UNSECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
- <filter>
- <filter-name>EEClientAuthRequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.EEClientAuthRequestFilter</filter-class>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_EE_SECURE_CLIENT_AUTH_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
<servlet>
<servlet-name>csadmin-wizard</servlet-name>
<servlet-class>com.netscape.cms.servlet.wizard.WizardServlet</servlet-class>
@@ -415,7 +331,7 @@
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> cfgPath </param-name>
- <param-value> [PKI_INSTANCE_PATH]/conf/CS.cfg </param-value> </init-param>
+ <param-value> [PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]CS.cfg </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> castart </param-value> </init-param>
<load-on-startup> 1 </load-on-startup>
@@ -1900,10 +1816,9 @@
<param-value> /agent/ca/doRevoke </param-value> </init-param>
</servlet>
- <context-param>
- <param-name>resteasy.scan</param-name>
- <param-value>true</param-value>
- </context-param>
+ <listener>
+ <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
+ </listener>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
@@ -1920,50 +1835,12 @@
<servlet>
<servlet-name>Resteasy</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>com.netscape.ca.CertificateAuthorityApplication</param-value>
+ </init-param>
</servlet>
-[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT]
- <filter-mapping>
- <filter-name> AgentRequestFilter </filter-name>
- <url-pattern> /agent/* </url-pattern>
- <url-pattern> /ca/getCertFromRequest </url-pattern>
- <url-pattern> /ca/getBySerial </url-pattern>
- <url-pattern> /ca/connector </url-pattern>
- <url-pattern> /ca/displayCertFromRequest </url-pattern>
- <url-pattern> /doRevoke </url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name> AdminRequestFilter </filter-name>
- <url-pattern> /admin/* </url-pattern>
- <url-pattern> /auths </url-pattern>
- <url-pattern> /acl </url-pattern>
- <url-pattern> /server </url-pattern>
- <url-pattern> /caadmin </url-pattern>
- <url-pattern> /caprofile </url-pattern>
- <url-pattern> /jobsScheduler </url-pattern>
- <url-pattern> /capublisher </url-pattern>
- <url-pattern> /log </url-pattern>
- <url-pattern> /ug </url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name> EEClientAuthRequestFilter </filter-name>
- <url-pattern> /eeca/* </url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name> EERequestFilter </filter-name>
- <url-pattern> /ee/* </url-pattern>
- <url-pattern> /renewal </url-pattern>
- <url-pattern> /certbasedenrollment </url-pattern>
- <url-pattern> /ocsp </url-pattern>
- <url-pattern> /enrollment </url-pattern>
- <url-pattern> /profileSubmit </url-pattern>
- <url-pattern> /cgi-bin/pkiclient.exe </url-pattern>
- </filter-mapping>
-[PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT]
-
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
<url-pattern>/pki/*</url-pattern>