diff options
author | Endi S. Dewata <edewata@redhat.com> | 2013-05-16 13:06:14 -0500 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2013-06-10 13:35:22 -0400 |
commit | 0812c8d7583250d9ccbfbc3439083d1d2296b2f5 (patch) | |
tree | ed22e7a39a37ee87a36257170b00da7db11eca54 /base/server | |
parent | e4656ce3f71f5cc0ba124ed5082a264e2689140b (diff) | |
download | pki-0812c8d7583250d9ccbfbc3439083d1d2296b2f5.tar.gz pki-0812c8d7583250d9ccbfbc3439083d1d2296b2f5.tar.xz pki-0812c8d7583250d9ccbfbc3439083d1d2296b2f5.zip |
Added Tomcat-based TPS instance.
The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.
Ticket #526
Diffstat (limited to 'base/server')
-rw-r--r-- | base/server/etc/default.cfg | 22 | ||||
-rw-r--r-- | base/server/scripts/operations | 21 | ||||
-rw-r--r-- | base/server/src/engine/pkiconfig.py | 10 | ||||
-rw-r--r-- | base/server/src/engine/pkihelper.py | 6 | ||||
-rw-r--r-- | base/server/src/engine/pkiparser.py | 12 | ||||
-rwxr-xr-x | base/server/src/pkidestroy | 4 | ||||
-rwxr-xr-x | base/server/src/pkispawn | 4 | ||||
-rw-r--r-- | base/server/src/scriptlets/configuration.py | 9 | ||||
-rw-r--r-- | base/server/src/scriptlets/webapp_deployment.py | 3 |
9 files changed, 63 insertions, 28 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index b2af83857..b67b6670e 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -189,13 +189,13 @@ pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type) ## Tomcat Configuration: ## ## ## ## Values in this section are common to PKI subsystems that run ## -## as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems ## +## as an instance of 'Tomcat' (CA, KRA, OCSP, TKS, and TPS subsystems ## ## including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain ## ## required information which MAY be overridden by users as necessary. ## ## ## ## PKI CLONES: To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone', ## -## or a 'TKS Clone', change the value of 'pki_clone' ## -## from 'False' to 'True'. ## +## a 'TKS Clone', or a 'TPS Clone', change the value of ## +## 'pki_clone' from 'False' to 'True'. ## ## ## ## REMINDER: PKI CA Clones, Subordinate CAs, and External CAs ## ## are MUTUALLY EXCLUSIVE entities!!! ## @@ -334,6 +334,8 @@ pki_ocsp_jar=/usr/share/java/pki/pki-ocsp.jar pki_ocsp_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-ocsp.jar pki_tks_jar=/usr/share/java/pki/pki-tks.jar pki_tks_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tks.jar +pki_tps_jar=/usr/share/java/pki/pki-tps.jar +pki_tps_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tps.jar @@ -525,6 +527,20 @@ pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_na ## required information which MAY be overridden by users as necessary. ## ############################################################################### [TPS] +pki_import_admin_cert=True +pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s +pki_admin_name=%(pki_admin_uid)s +pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s +pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s +pki_admin_uid=tpsadmin +pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TPS +pki_audit_signing_subject_dn=cn=TPS Audit Signing Certificate,o=%(pki_security_domain_name)s +pki_ds_base_dn=o=%(pki_instance_name)s-TPS +pki_ds_database=%(pki_instance_name)s-TPS +pki_ds_hostname=%(pki_hostname)s +pki_subsystem_name=TPS %(pki_hostname)s %(pki_https_port)s +pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s TPS +pki_subsystem_subject_dn=cn=TPS Subsystem Certificate,o=%(pki_security_domain_name)s # Paths # These are used in the processing of pkispawn and are not supposed diff --git a/base/server/scripts/operations b/base/server/scripts/operations index 2a07802f8..93d3bda90 100644 --- a/base/server/scripts/operations +++ b/base/server/scripts/operations @@ -1080,11 +1080,13 @@ verify_symlinks() declare -A kra_symlinks declare -A ocsp_symlinks declare -A tks_symlinks + declare -A tps_symlinks declare -A common_jar_symlinks declare -A ca_jar_symlinks declare -A kra_jar_symlinks declare -A ocsp_jar_symlinks declare -A tks_jar_symlinks + declare -A tps_jar_symlinks declare -A systemd_symlinks # Dogtag 10 Conditional Variables @@ -1104,6 +1106,7 @@ verify_symlinks() pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib" pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib" pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib" + pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib" # '${PKI_INSTANCE_PATH}' symlinks base_symlinks=( @@ -1187,6 +1190,24 @@ verify_symlinks() [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar [pki-tks.jar]=${java_dir}/pki/pki-tks.jar) + # '${PKI_INSTANCE_PATH}/tps' symlinks + tps_symlinks=( + [alias]=${PKI_INSTANCE_PATH}/alias + [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps + [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps + [registry]=${pki_registry_dir} + [webapps]=${PKI_INSTANCE_PATH}/webapps) + + # '${pki_tps_jar_dir}' symlinks + tps_jar_symlinks=( + [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar + [pki-cms.jar]=${java_dir}/pki/pki-cms.jar + [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar + [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar + [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar + [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar + [pki-tps.jar]=${java_dir}/pki/pki-tps.jar) + # '${pki_common_jar_dir}' symlinks common_jar_symlinks=( [apache-commons-codec.jar]=${java_dir}/commons-codec.jar diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py index 3a3a7df18..6a86de087 100644 --- a/base/server/src/engine/pkiconfig.py +++ b/base/server/src/engine/pkiconfig.py @@ -39,15 +39,15 @@ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser" PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"] PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"] -PKI_APACHE_SUBSYSTEMS = ["RA","TPS"] -PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"] +PKI_APACHE_SUBSYSTEMS = ["RA"] +PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS", "TPS"] PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra", - "lib", "logs", "ocsp", "temp", "tks", "webapps", + "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps", "work"] PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg", "rsyslog", "tls"] -PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"] -PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"] +PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"] +PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"] PKI_INDENTATION_LEVEL_0 = {'indent' : ''} PKI_INDENTATION_LEVEL_1 = {'indent' : '... '} diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py index 9c775f65d..8ca83be67 100644 --- a/base/server/src/engine/pkihelper.py +++ b/base/server/src/engine/pkihelper.py @@ -520,7 +520,7 @@ class configuration_file: raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password", master['pki_user_deployment_cfg'])) # Verify existence of Security Domain Password File - # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA) + # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA) if config.str2bool(master['pki_clone']) or\ not master['pki_subsystem'] == "CA" or\ config.str2bool(master['pki_subordinate']): @@ -3169,7 +3169,7 @@ class config_client: config.str2bool(master['pki_clone']) or\ config.str2bool(master['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or + # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA self.set_existing_security_domain(data) else: @@ -3399,7 +3399,7 @@ class config_client: config.str2bool(master['pki_subordinate']) or\ config.str2bool(master['pki_external']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, + # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, # Subordinate CA, or External CA data.issuingCA = master['pki_issuing_ca'] if master['pki_subsystem'] == "CA" and\ diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py index 8c9b6d620..340780204 100644 --- a/base/server/src/engine/pkiparser.py +++ b/base/server/src/engine/pkiparser.py @@ -880,9 +880,9 @@ class PKIConfigParser: # 'Subsystem Name' Configuration name/value pairs # 'Token' Configuration name/value pairs # - # Apache - [RA], [TPS] - # Tomcat - [CA], [KRA], [OCSP], [TKS] - # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone] + # Apache - [RA] + # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] + # - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], [TPS Clone] # - [External CA] # - [Subordinate CA] # @@ -932,7 +932,7 @@ class PKIConfigParser: config.str2bool(config.pki_master_dict['pki_clone']) or\ config.str2bool(config.pki_master_dict['pki_subordinate']): # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS, - # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or + # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or # Subordinate CA config.pki_master_dict['pki_security_domain_type'] = "existing" config.pki_master_dict['pki_security_domain_uri'] =\ @@ -964,8 +964,8 @@ class PKIConfigParser: # 'Backup' Configuration name/value pairs # - # Apache - [RA], [TPS] - # Tomcat - [CA], [KRA], [OCSP], [TKS] + # Apache - [RA] + # Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS] # - [External CA] # - [Subordinate CA] # diff --git a/base/server/src/pkidestroy b/base/server/src/pkidestroy index 4e23445f1..1e3f7f578 100755 --- a/base/server/src/pkidestroy +++ b/base/server/src/pkidestroy @@ -129,8 +129,8 @@ def main(argv): # -s <subsystem> if args.pki_subsystem is None: interactive = True - config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)', - options=['CA', 'KRA', 'OCSP', 'TKS'], + config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', + options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], default='CA', caseSensitive=False).upper() else: config.pki_subsystem = str(args.pki_subsystem).strip('[\']') diff --git a/base/server/src/pkispawn b/base/server/src/pkispawn index 65ee17f50..b05db4760 100755 --- a/base/server/src/pkispawn +++ b/base/server/src/pkispawn @@ -129,8 +129,8 @@ def main(argv): interactive = True parser.indent = 0 - config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)', - options=['CA', 'KRA', 'OCSP', 'TKS'], + config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)', + options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'], default='CA', caseSensitive=False).upper() print else: diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py index 43f8c16cd..c13e7eba2 100644 --- a/base/server/src/scriptlets/configuration.py +++ b/base/server/src/scriptlets/configuration.py @@ -113,14 +113,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, master['pki_subsystem'], extra=config.PKI_INDENTATION_LEVEL_2) - return rv - elif master['pki_subsystem'] == "TPS": - config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1, - master['pki_subsystem'], - extra=config.PKI_INDENTATION_LEVEL_2) - return rv + return self.rv elif master['pki_instance_type'] == "Tomcat": - # CA, KRA, OCSP, or TKS + # CA, KRA, OCSP, TKS, or TPS data = config_client.construct_pki_configuration_data() # Configure the substem diff --git a/base/server/src/scriptlets/webapp_deployment.py b/base/server/src/scriptlets/webapp_deployment.py index 4fdcc8614..aa52009fb 100644 --- a/base/server/src/scriptlets/webapp_deployment.py +++ b/base/server/src/scriptlets/webapp_deployment.py @@ -152,6 +152,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): elif master['pki_subsystem'] == "TKS": util.symlink.create(master['pki_tks_jar'], master['pki_tks_jar_link']) + elif master['pki_subsystem'] == "TPS": + util.symlink.create(master['pki_tps_jar'], + master['pki_tps_jar_link']) # set ownerships, permissions, and acls util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path']) return self.rv |