Added Tomcat-based TPS instance.

The build and deployment tools have been modified to support creating
a basic Tomcat instance to run TPS. New configuration and template
files for TPS have been copied from another Tomcat subsystem. The TPS
functionality itself will be added in future patches.

Ticket #526

9 files changed, 63 insertions, 28 deletions

diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg
index b2af83857..b67b6670e 100644
--- a/base/server/etc/default.cfg
+++ b/base/server/etc/default.cfg
@@ -189,13 +189,13 @@ pki_subsystem_registry_path=%(pki_instance_registry_path)s/%(pki_subsystem_type)
 ##  Tomcat Configuration:                                                    ##
 ##                                                                           ##
 ##  Values in this section are common to PKI subsystems that run             ##
-##  as an instance of 'Tomcat' (CA, KRA, OCSP, and TKS subsystems            ##
+##  as an instance of 'Tomcat' (CA, KRA, OCSP, TKS, and TPS subsystems       ##
 ##  including 'Clones', 'Subordinate CAs', and 'External CAs'), and contain  ##
 ##  required information which MAY be overridden by users as necessary.      ##
 ##                                                                           ##
 ##  PKI CLONES:  To specify a 'CA Clone', a 'KRA Clone', an 'OCSP Clone',    ##
-##               or a 'TKS Clone', change the value of 'pki_clone'           ##
-##               from 'False' to 'True'.                                     ##
+##               a 'TKS Clone', or a 'TPS Clone', change the value of        ##
+##               'pki_clone' from 'False' to 'True'.                         ##
 ##                                                                           ##
 ##    REMINDER:  PKI CA Clones, Subordinate CAs, and External CAs            ##
 ##               are MUTUALLY EXCLUSIVE entities!!!                          ##
@@ -334,6 +334,8 @@ pki_ocsp_jar=/usr/share/java/pki/pki-ocsp.jar
 pki_ocsp_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-ocsp.jar
 pki_tks_jar=/usr/share/java/pki/pki-tks.jar
 pki_tks_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tks.jar
+pki_tps_jar=/usr/share/java/pki/pki-tps.jar
+pki_tps_jar_link=%(pki_tomcat_webapps_subsystem_webinf_lib_path)s/pki-tps.jar
 
 
 
@@ -525,6 +527,20 @@ pki_subsystem_subject_dn=cn=TKS Subsystem Certificate,o=%(pki_security_domain_na
 ##  required information which MAY be overridden by users as necessary.      ##
 ###############################################################################
 [TPS]
+pki_import_admin_cert=True
+pki_admin_email=%(pki_admin_name)s@%(pki_dns_domainname)s
+pki_admin_name=%(pki_admin_uid)s
+pki_admin_nickname=PKI Administrator for %(pki_dns_domainname)s
+pki_admin_subject_dn=cn=PKI Administrator,e=%(pki_admin_email)s,o=%(pki_security_domain_name)s
+pki_admin_uid=tpsadmin
+pki_audit_signing_nickname=auditSigningCert cert-%(pki_instance_name)s TPS
+pki_audit_signing_subject_dn=cn=TPS Audit Signing Certificate,o=%(pki_security_domain_name)s
+pki_ds_base_dn=o=%(pki_instance_name)s-TPS
+pki_ds_database=%(pki_instance_name)s-TPS
+pki_ds_hostname=%(pki_hostname)s
+pki_subsystem_name=TPS %(pki_hostname)s %(pki_https_port)s
+pki_subsystem_nickname=subsystemCert cert-%(pki_instance_name)s TPS
+pki_subsystem_subject_dn=cn=TPS Subsystem Certificate,o=%(pki_security_domain_name)s
 
 # Paths
 # These are used in the processing of pkispawn and are not supposed
diff --git a/base/server/scripts/operations b/base/server/scripts/operations
index 2a07802f8..93d3bda90 100644
--- a/base/server/scripts/operations
+++ b/base/server/scripts/operations
@@ -1080,11 +1080,13 @@ verify_symlinks()
     declare -A kra_symlinks
     declare -A ocsp_symlinks
     declare -A tks_symlinks
+    declare -A tps_symlinks
     declare -A common_jar_symlinks
     declare -A ca_jar_symlinks
     declare -A kra_jar_symlinks
     declare -A ocsp_jar_symlinks
     declare -A tks_jar_symlinks
+    declare -A tps_jar_symlinks
     declare -A systemd_symlinks
 
     # Dogtag 10 Conditional Variables
@@ -1104,6 +1106,7 @@ verify_symlinks()
     pki_kra_jar_dir="${PKI_INSTANCE_PATH}/webapps/kra/WEB-INF/lib"
     pki_ocsp_jar_dir="${PKI_INSTANCE_PATH}/webapps/ocsp/WEB-INF/lib"
     pki_tks_jar_dir="${PKI_INSTANCE_PATH}/webapps/tks/WEB-INF/lib"
+    pki_tps_jar_dir="${PKI_INSTANCE_PATH}/webapps/tps/WEB-INF/lib"
 
     # '${PKI_INSTANCE_PATH}' symlinks
     base_symlinks=(
@@ -1187,6 +1190,24 @@ verify_symlinks()
         [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
         [pki-tks.jar]=${java_dir}/pki/pki-tks.jar)
 
+    # '${PKI_INSTANCE_PATH}/tps' symlinks
+    tps_symlinks=(
+        [alias]=${PKI_INSTANCE_PATH}/alias
+        [conf]=/etc/pki/${PKI_INSTANCE_NAME}/tps
+        [logs]=/var/log/pki/${PKI_INSTANCE_NAME}/tps
+        [registry]=${pki_registry_dir}
+        [webapps]=${PKI_INSTANCE_PATH}/webapps)
+
+    # '${pki_tps_jar_dir}' symlinks
+    tps_jar_symlinks=(
+        [pki-certsrv.jar]=${java_dir}/pki/pki-certsrv.jar
+        [pki-cms.jar]=${java_dir}/pki/pki-cms.jar
+        [pki-cmsbundle.jar]=${java_dir}/pki/pki-cmsbundle.jar
+        [pki-cmscore.jar]=${java_dir}/pki/pki-cmscore.jar
+        [pki-cmsutil.jar]=${java_dir}/pki/pki-cmsutil.jar
+        [pki-nsutil.jar]=${java_dir}/pki/pki-nsutil.jar
+        [pki-tps.jar]=${java_dir}/pki/pki-tps.jar)
+
     # '${pki_common_jar_dir}' symlinks
     common_jar_symlinks=(
         [apache-commons-codec.jar]=${java_dir}/commons-codec.jar
diff --git a/base/server/src/engine/pkiconfig.py b/base/server/src/engine/pkiconfig.py
index 3a3a7df18..6a86de087 100644
--- a/base/server/src/engine/pkiconfig.py
+++ b/base/server/src/engine/pkiconfig.py
@@ -39,15 +39,15 @@ PKI_DEPLOYMENT_DEFAULT_USER = "pkiuser"
 
 PKI_SUBSYSTEMS = ["CA","KRA","OCSP","RA","TKS","TPS"]
 PKI_SIGNED_AUDIT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS","TPS"]
-PKI_APACHE_SUBSYSTEMS = ["RA","TPS"]
-PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS"]
+PKI_APACHE_SUBSYSTEMS = ["RA"]
+PKI_TOMCAT_SUBSYSTEMS = ["CA","KRA","OCSP","TKS", "TPS"]
 PKI_BASE_RESERVED_NAMES = ["alias", "bin", "ca", "common", "conf", "kra",
-                           "lib", "logs", "ocsp", "temp", "tks", "webapps",
+                           "lib", "logs", "ocsp", "temp", "tks", "tps", "webapps",
                            "work"]
 PKI_CONFIGURATION_RESERVED_NAMES = ["CA", "java", "nssdb", "rpm-gpg",
                                     "rsyslog", "tls"]
-PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra", "tps"]
-PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks"]
+PKI_APACHE_REGISTRY_RESERVED_NAMES = ["ra"]
+PKI_TOMCAT_REGISTRY_RESERVED_NAMES = ["ca", "kra", "ocsp", "tks", "tps"]
 
 PKI_INDENTATION_LEVEL_0 = {'indent' : ''}
 PKI_INDENTATION_LEVEL_1 = {'indent' : '... '}
diff --git a/base/server/src/engine/pkihelper.py b/base/server/src/engine/pkihelper.py
index 9c775f65d..8ca83be67 100644
--- a/base/server/src/engine/pkihelper.py
+++ b/base/server/src/engine/pkihelper.py
@@ -520,7 +520,7 @@ class configuration_file:
                     raise Exception(log.PKIHELPER_UNDEFINED_CONFIGURATION_FILE_ENTRY_2 % ("pki_clone_pkcs12_password",
                                                                                          master['pki_user_deployment_cfg']))
             # Verify existence of Security Domain Password File
-            # (ONLY for Clones, KRA, OCSP, TKS, or Subordinate CA)
+            # (ONLY for Clones, KRA, OCSP, TKS, TPS, or Subordinate CA)
             if config.str2bool(master['pki_clone']) or\
                not master['pki_subsystem'] == "CA" or\
                config.str2bool(master['pki_subordinate']):
@@ -3169,7 +3169,7 @@ class config_client:
            config.str2bool(master['pki_clone']) or\
            config.str2bool(master['pki_subordinate']):
             # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
-            # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
+            # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
             # Subordinate CA
             self.set_existing_security_domain(data)
         else:
@@ -3399,7 +3399,7 @@ class config_client:
            config.str2bool(master['pki_subordinate']) or\
            config.str2bool(master['pki_external']):
             # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
-            # CA Clone, KRA Clone, OCSP Clone, TKS Clone,
+            # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone,
             # Subordinate CA, or External CA
             data.issuingCA = master['pki_issuing_ca']
             if master['pki_subsystem'] == "CA"  and\
diff --git a/base/server/src/engine/pkiparser.py b/base/server/src/engine/pkiparser.py
index 8c9b6d620..340780204 100644
--- a/base/server/src/engine/pkiparser.py
+++ b/base/server/src/engine/pkiparser.py
@@ -880,9 +880,9 @@ class PKIConfigParser:
             # 'Subsystem Name'  Configuration name/value pairs
             # 'Token'           Configuration name/value pairs
             #
-            #     Apache - [RA], [TPS]
-            #     Tomcat - [CA], [KRA], [OCSP], [TKS]
-            #            - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone]
+            #     Apache - [RA]
+            #     Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS]
+            #            - [CA Clone], [KRA Clone], [OCSP Clone], [TKS Clone], [TPS Clone]
             #            - [External CA]
             #            - [Subordinate CA]
             #
@@ -932,7 +932,7 @@ class PKIConfigParser:
                config.str2bool(config.pki_master_dict['pki_clone']) or\
                config.str2bool(config.pki_master_dict['pki_subordinate']):
                 # PKI KRA, PKI OCSP, PKI RA, PKI TKS, PKI TPS,
-                # CA Clone, KRA Clone, OCSP Clone, TKS Clone, or
+                # CA Clone, KRA Clone, OCSP Clone, TKS Clone, TPS Clone, or
                 # Subordinate CA
                 config.pki_master_dict['pki_security_domain_type'] = "existing"
                 config.pki_master_dict['pki_security_domain_uri'] =\
@@ -964,8 +964,8 @@ class PKIConfigParser:
 
             # 'Backup' Configuration name/value pairs
             #
-            #     Apache - [RA], [TPS]
-            #     Tomcat - [CA], [KRA], [OCSP], [TKS]
+            #     Apache - [RA]
+            #     Tomcat - [CA], [KRA], [OCSP], [TKS], [TPS]
             #            - [External CA]
             #            - [Subordinate CA]
             #
diff --git a/base/server/src/pkidestroy b/base/server/src/pkidestroy
index 4e23445f1..1e3f7f578 100755
--- a/base/server/src/pkidestroy
+++ b/base/server/src/pkidestroy
@@ -129,8 +129,8 @@ def main(argv):
         # -s <subsystem>
         if args.pki_subsystem is None:
             interactive = True
-            config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)',
-                options=['CA', 'KRA', 'OCSP', 'TKS'],
+            config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)',
+                options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'],
                 default='CA', caseSensitive=False).upper()
         else:
             config.pki_subsystem = str(args.pki_subsystem).strip('[\']')
diff --git a/base/server/src/pkispawn b/base/server/src/pkispawn
index 65ee17f50..b05db4760 100755
--- a/base/server/src/pkispawn
+++ b/base/server/src/pkispawn
@@ -129,8 +129,8 @@ def main(argv):
             interactive = True
             parser.indent = 0
 
-            config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS)',
-                options=['CA', 'KRA', 'OCSP', 'TKS'],
+            config.pki_subsystem = parser.read_text('Subsystem (CA/KRA/OCSP/TKS/TPS)',
+                options=['CA', 'KRA', 'OCSP', 'TKS', 'TPS'],
                 default='CA', caseSensitive=False).upper()
             print
         else:
diff --git a/base/server/src/scriptlets/configuration.py b/base/server/src/scriptlets/configuration.py
index 43f8c16cd..c13e7eba2 100644
--- a/base/server/src/scriptlets/configuration.py
+++ b/base/server/src/scriptlets/configuration.py
@@ -113,14 +113,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
                 config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1,
                     master['pki_subsystem'],
                     extra=config.PKI_INDENTATION_LEVEL_2)
-                return rv
-        elif master['pki_subsystem'] == "TPS":
-                config.pki_log.info(log.PKI_CONFIG_NOT_YET_IMPLEMENTED_1,
-                    master['pki_subsystem'],
-                    extra=config.PKI_INDENTATION_LEVEL_2)
-                return rv
+                return self.rv
         elif master['pki_instance_type'] == "Tomcat":
-            # CA, KRA, OCSP, or TKS
+            # CA, KRA, OCSP, TKS, or TPS
             data = config_client.construct_pki_configuration_data()
         
         # Configure the substem
diff --git a/base/server/src/scriptlets/webapp_deployment.py b/base/server/src/scriptlets/webapp_deployment.py
index 4fdcc8614..aa52009fb 100644
--- a/base/server/src/scriptlets/webapp_deployment.py
+++ b/base/server/src/scriptlets/webapp_deployment.py
@@ -152,6 +152,9 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet):
             elif master['pki_subsystem'] == "TKS":
                 util.symlink.create(master['pki_tks_jar'],
                                     master['pki_tks_jar_link'])
+            elif master['pki_subsystem'] == "TPS":
+                util.symlink.create(master['pki_tps_jar'],
+                                    master['pki_tps_jar_link'])
             # set ownerships, permissions, and acls
             util.directory.set_mode(master['pki_tomcat_webapps_subsystem_path'])
         return self.rv