Misc TPS packaging tasks:

1. Make sure the new TPS packages all the applet files, like the old TPS has done.

2. Create a small new package called "pki-tps-client", which will hold ONLY the
command line utility "tpsclient" and all of its supporting libraries.

3. Move the directory pki/base/tps to pki/base/tps-client

We will do this until we can rewrite "tpclien" on the new Java TPS system.

Add package pki-tps-client.

160 files changed, 41391 insertions, 0 deletions

diff --git a/base/tps-client/apache/LICENSE-2.0 b/base/tps-client/apache/LICENSE-2.0
new file mode 100644
index 000000000..7b69c6227
--- /dev/null
+++ b/base/tps-client/apache/LICENSE-2.0
@@ -0,0 +1,678 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+
+APACHE HTTP SERVER SUBCOMPONENTS: 
+
+The Apache HTTP Server includes a number of subcomponents with
+separate copyright notices and license terms. Your use of the source
+code for the these subcomponents is subject to the terms and
+conditions of the following licenses. 
+
+For the mod_mime_magic component:
+
+/*
+ * mod_mime_magic: MIME type lookup via file magic numbers
+ * Copyright (c) 1996-1997 Cisco Systems, Inc.
+ *
+ * This software was submitted by Cisco Systems to the Apache Group in July
+ * 1997.  Future revisions and derivatives of this source code must
+ * acknowledge Cisco Systems as the original contributor of this module.
+ * All other licensing and usage conditions are those of the Apache Group.
+ *
+ * Some of this code is derived from the free version of the file command
+ * originally posted to comp.sources.unix.  Copyright info for that program
+ * is included below as required.
+ * ---------------------------------------------------------------------------
+ * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
+ *
+ * This software is not subject to any license of the American Telephone and
+ * Telegraph Company or of the Regents of the University of California.
+ *
+ * Permission is granted to anyone to use this software for any purpose on any
+ * computer system, and to alter it and redistribute it freely, subject to
+ * the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission.  Since few users ever read sources, credits
+ * must appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software.  Since few users ever read
+ * sources, credits must appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ * -------------------------------------------------------------------------
+ *
+ */
+
+
+For the  modules\mappers\mod_imap.c component:
+
+  "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com
+
+For the  server\util_md5.c component:
+
+/************************************************************************
+ * NCSA HTTPd Server
+ * Software Development Group
+ * National Center for Supercomputing Applications
+ * University of Illinois at Urbana-Champaign
+ * 605 E. Springfield, Champaign, IL 61820
+ * httpd@ncsa.uiuc.edu
+ *
+ * Copyright  (C)  1995, Board of Trustees of the University of Illinois
+ *
+ ************************************************************************
+ *
+ * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
+ *
+ *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
+ *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
+ *     University (see Copyright below).
+ *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
+ *     Research, Inc. (Bellcore) (see Copyright below).
+ *  Portions extracted from mpack, John G. Myers - jgm+@cmu.edu
+ *  Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk)
+ *
+ */
+
+
+/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
+/* (C) Copyright 1993,1994 by Carnegie Mellon University
+ * All Rights Reserved.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without
+ * fee, provided that the above copyright notice appear in all copies
+ * and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of Carnegie
+ * Mellon University not be used in advertising or publicity
+ * pertaining to distribution of the software without specific,
+ * written prior permission.  Carnegie Mellon University makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied
+ * warranty.
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
+ *
+ * Permission to use, copy, modify, and distribute this material
+ * for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice and this permission notice
+ * appear in all copies, and that the name of Bellcore not be
+ * used in advertising or publicity pertaining to this
+ * material without the specific, prior written permission
+ * of an authorized representative of Bellcore.  BELLCORE
+ * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
+ * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
+ */
+
+For the  srclib\apr\include\apr_md5.h component: 
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+For the  srclib\apr\passwd\apr_md5.c component:
+
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+/*
+ * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
+ * MD5 crypt() function, which is licenced as follows:
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.  Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+For the srclib\apr-util\crypto\apr_md4.c component:
+
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\include\apr_md4.h component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+
+For the srclib\apr-util\test\testdbm.c component:
+
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * This file came from the SDBM package (written by oz@nexus.yorku.ca).
+ * That package was under public domain. This file has been ported to
+ * APR, updated to ANSI C and other, newer idioms, and added to the Apache
+ * codebase under the above copyright and license.
+ */
+
+
+For the srclib\apr-util\test\testmd4.c component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+ * rights reserved.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\xml\expat\conftools\install-sh component:
+
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+
+For the srclib\pcre\install-sh component:
+
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+
+For the pcre component:
+
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Written by: Philip Hazel <ph10@cam.ac.uk>
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2001 University of Cambridge
+
+Permission is granted to anyone to use this software for any purpose on any
+computer system, and to redistribute it freely, subject to the following
+restrictions:
+
+1. This software is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission. In practice, this means that if you use
+   PCRE in software which you distribute to others, commercially or
+   otherwise, you must put a sentence like this
+
+     Regular expression support is provided by the PCRE library package,
+     which is open source software, written by Philip Hazel, and copyright
+     by the University of Cambridge, England.
+
+   somewhere reasonably visible in your documentation and in any relevant
+   files or online help data or similar. A reference to the ftp site for
+   the source, that is, to
+
+     ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
+
+   should also be given in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+4. If PCRE is embedded in any software that is released under the GNU
+   General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL),
+   then the terms of that licence shall supersede any condition above with
+   which it is incompatible.
+
+The documentation for PCRE, supplied in the "doc" directory, is distributed
+under the same terms as the software itself.
+
+End PCRE LICENCE
+
+
+For the test\zb.c component:
+
+/*                          ZeusBench V1.01
+			    ===============
+
+This program is Copyright (C) Zeus Technology Limited 1996.
+
+This program may be used and copied freely providing this copyright notice
+is not removed.
+
+This software is provided "as is" and any express or implied waranties, 
+including but not limited to, the implied warranties of merchantability and
+fitness for a particular purpose are disclaimed.  In no event shall 
+Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, 
+exemplary, or consequential damaged (including, but not limited to, 
+procurement of substitute good or services; loss of use, data, or profits;
+or business interruption) however caused and on theory of liability.  Whether
+in contract, strict liability or tort (including negligence or otherwise) 
+arising in any way out of the use of this software, even if advised of the
+possibility of such damage.
+
+     Written by Adam Twiss (adam@zeus.co.uk).  March 1996
+
+Thanks to the following people for their input:
+  Mike Belshe (mbelshe@netscape.com) 
+  Michael Campanella (campanella@stevms.enet.dec.com)
+
+*/
+
+For the expat xml parser component:
+
+Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
+                               and Clark Cooper
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+	
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+	
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+====================================================================
diff --git a/base/tps-client/apache/cgi-bin/demo/Enroll.html b/base/tps-client/apache/cgi-bin/demo/Enroll.html
new file mode 100755
index 000000000..79c660712
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/demo/Enroll.html
@@ -0,0 +1,81 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/demo/style.css" type="text/css">
+
+<title>Enrollment</title>
+</head>
+<script type="text/JavaScript" src="/esc/demo/util.js">
+</script>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+<table width="100%" class="logobar">
+  <tr>
+    <td>
+<img alt="" src="/pki/esc/demo/logo.jpg">
+    </td>
+    <td>
+      <p class="headerText">Veracify Investments Smartcard Enrollment</p>
+    </td>
+  </tr>
+</table>
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+       <td></td>
+    </tr>
+  </table>
+  <p class="bodyText">You have plugged in your Veracify Investments smartcard! After answering a few easy questions, you will be able to use your smartcard to securely manage your investment portfolio.
+  </p>
+  <p class="bodyText"> 
+      Now we would like you to identify yourself as a current Veracify Investments Customer.
+   </p>  
+    <table>
+      <tr>
+        <td><p >Veracify Account Name: </p></td>
+        <td> </td>
+        <td><input type="text" id="snametf"  value=""></td>
+         <td> </td>
+        <td><p>Veracify Account Number: </p></td>
+         <td> </td>
+        <td><input type="password" id="snamepwd" value=""></td>
+      </tr>
+
+      </table>
+
+      <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> 
+      <table>
+      <tr>
+        <td><p >Password:</p></td>
+        <td><input type="password" id="pintf" name="pintf" value=""></td>
+
+        <td><p >Re-Enter Password:</p></td>
+        <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Veracify Smartcard" onClick="DoEnrollCOOLKey();">
+        </td>
+      </tr>
+    </table>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/demo/enroll.cgi b/base/tps-client/apache/cgi-bin/demo/enroll.cgi
new file mode 100755
index 000000000..c0f4bcabf
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/demo/enroll.cgi
@@ -0,0 +1,183 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/base/tps-client/apache/cgi-bin/demo/index.cgi b/base/tps-client/apache/cgi-bin/demo/index.cgi
new file mode 100755
index 000000000..635057182
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/demo/index.cgi
@@ -0,0 +1,47 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/demo/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "userKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/base/tps-client/apache/cgi-bin/esc.cgi b/base/tps-client/apache/cgi-bin/esc.cgi
new file mode 100755
index 000000000..70a93c0a0
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/esc.cgi
@@ -0,0 +1,1239 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateAdminPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# We aren't doing any admin functions, before proceeding
+# on to user specific functions, make sure we have a screen name
+# and that they are subscribed to a service.
+#
+########################################################################
+
+#if (!HaveScreenName() || $gQueryAction eq "screennamepage")
+#{
+#  GenerateScreenNamePage($gQueryAction);
+#  exit 0;
+#}
+
+LoadUserDatabase("default");
+
+########################################################################
+#
+# Subscribe?
+#
+#   http://www.foo.com/esc.cgi?action=subscribe
+#
+########################################################################
+
+#if ($gQueryAction eq "subscribe")
+#{
+#  SaveSubscription();
+#  $nextAction = GetNextAction();
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation);
+#  exit 0;
+#}
+
+#if (!IsSubscriber() || $gQueryAction eq "subscriptionpage")
+#{
+#  GenerateTOSPage($gQueryAction);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Show our cookie management page?
+#
+#   http://www.foo.com/esc.cgi?action=cookiepage
+#
+########################################################################
+
+#if ($gQueryAction eq "cookiepage")
+#{
+#  GenerateCookiesPage(); 
+#  exit 0;
+#}
+
+########################################################################
+#
+# Clear cookies?
+#
+#   http://www.foo.com/esc.cgi?action=clearAllCookies
+#
+########################################################################
+
+#if ($gQueryAction eq "removeCookies")
+#{
+#  @expCookies = ();
+#  foreach $cookie (@gCookieNames)
+#  {
+#    if (defined $gQuery->param($cookie))
+#    {
+#      $expCookies[$cookieCnt++] = CreateExpiredCookie($cookie);
+#    }
+#  }
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=cookiepage&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation,
+#                          -cookie=>\@expCookies);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Bind?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bind")
+{
+  UpdateBindingsForBind();
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=bind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# Unbind?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "unbind")
+{
+  UpdateBindingsForUnbind();
+
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=unbind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# Label?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "label")
+{
+  UpdateBindingsForLabel();
+
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# ScreenName?
+#
+#
+########################################################################
+
+#if ($gQueryAction eq "screenname")
+#{
+#  $nextAction = GetNextAction();
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Check if we are displaying the label page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "labelpage")
+{
+  my $nextAction = GetNextAction();
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  my $keyType = GetKeyType();
+  my $keyId = GetKeyID();
+
+  GenerateLabelPage($keyType, $keyId, $nextAction);
+  exit 0;
+}
+
+########################################################################
+#
+# Show our enrollment page?
+#
+#   http://www.foo.com/esc.cgi?action=enrollmentpage
+#
+########################################################################
+
+if ($gQueryAction eq "enrollmentpage")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+if ($gQueryAction eq "advancepage")
+{
+  GenerateAdvancePage(); 
+  exit 0;
+}
+
+if ($gQueryAction eq "tokenmanagerpage")
+{
+  GenerateTokenManagerPage(); 
+  exit 0;
+}
+
+if($gQueryAction eq "authenticate")
+{
+
+   GenerateAuthenticationPage();
+   exit 0;
+}
+ 
+if ($gQueryAction eq "autoenroll")
+{
+  GenerateAutoEnrollmentPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# Show our ticket request page?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "ticketreqpage")
+{
+  GenerateTicketRequestPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# Show our load external url page?
+#
+#   http://www.foo.com/esc.cgi?action=loadurlpage
+#
+########################################################################
+
+
+if ($gQueryAction eq "loadurl")
+{
+  $nextAction = GetNextAction();
+  $redirectLocation = $gQuery->param('url');
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+if ($gQueryAction eq "loadurlpage")
+{
+  GenerateLoadURLPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# User is subscribed, check if we are displaying the
+# settings page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "settingspage")
+{
+  GenerateSettingsPage();
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the set label page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "setlabelpage")
+{
+  GenerateSetLabelPage();
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the bind/unbind progress page!
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindprogresspage")
+{
+  GenerateBindProgressPage("bind");
+  exit 0;
+}
+
+if ($gQueryAction eq "unbindprogresspage")
+{
+  GenerateBindProgressPage("unbind");
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the bind/unbind success page!
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindsuccesspage")
+{
+  GenerateBindSuccessPage("bind");
+  exit 0;
+}
+
+if ($gQueryAction eq "unbindsuccesspage")
+{
+  GenerateBindSuccessPage("unbind");
+  exit 0;
+}
+
+########################################################################
+#
+# XXX: Lose this code!
+# User is subscribed, check if we are displaying the
+# binding page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindpage")
+{
+  GenerateBindingConfigPage();
+  exit 0;
+}
+
+print "<html><body><H1> Unknown Query Action ";
+print $qQueryAction;
+print "</H1></body></html>";
+exit 0;
+
+########################################################################
+#
+#
+########################################################################
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateAdminPage()
+{
+  my ($l);
+
+  ExitError("Failed to load Admin Page") if (!open(ADMIN_FILE, "< ./AdminEsc.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ADMIN_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    print $l;
+  }
+  close(ADMIN_FILE);
+}
+
+sub GenerateCookiesPage()
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load TOS Page") if (!open(COOKIE_FILE, "< Cookies.html"));
+
+  print $gQuery->header();
+
+  while ($l = <COOKIE_FILE>)
+  {
+    if ($l =~ /SECURECOOL_COOKIE_LIST/)
+    {
+      my @cookies = $gQuery->cookie();
+      if (@cookies < 1)
+      {
+        print "No ASC Cookies currently defined!<br>\n";
+      }
+      else
+      {
+        my $cookieName;
+        foreach $cookieName (@cookies)
+        {
+          #
+          # Display only ASC related cookies!
+          #
+
+          if ($cookieName =~ /^asc/)
+          {
+            print "<tr><td valign=\"center\" align=\"center\"><input type=\"checkbox\" name=\"$cookieName\"></td><td>$cookieName</td><td>", $gQuery->cookie($cookieName), "</td></tr>\n";
+          }
+        }
+        print "<br>\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(COOKIE_FILE);
+}
+
+sub GenerateScreenNamePage
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load ScreenName Page") if (!open(SN_FILE, "< ScreenName.html"));
+
+  print $gQuery->header();
+
+  my $sn = GetScreenName();
+
+  while ($l = <SN_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      if ($nextPage)
+      {
+        print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n";
+        print "<input type=\"hidden\" name=\"screenname\" value=\"$sn\">\n";
+      }
+
+      if ($sn)
+      {
+        print "<script>document.getElementById('screenname').value = \"$sn\"</script>\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(SN_FILE);
+}
+
+sub GenerateTOSPage
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load TOS Page") if (!open(TOS_FILE, "< Subscribe.html"));
+
+  print $gQuery->header();
+
+  while ($l = <TOS_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      if ($nextPage)
+      {
+        print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n";
+        print "<input type=\"hidden\" name=\"screenname\" value=\"". GetScreenName() ."\">\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(TOS_FILE);
+}
+
+sub GenerateSettingsPage
+{
+  my ($l);
+
+  ExitError("Failed to load settings page!") if (!open(SETTINGS_FILE, "< SettingsEsc.html"));
+
+  print $gQuery->header();
+
+  while ($l = <SETTINGS_FILE>)
+  {
+    if ($l =~ /SECURECOOL_BINDINGS_ARRAY/)
+    {
+      my(@curBindings) = GetBindings();
+      my $arrSize = scalar(@curBindings);
+      my($i);
+
+      for ($i = 0; $i < $arrSize; $i++)
+      {
+        my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]);
+        print "  [ $keyType, \"$keyId\", \"$keyLabel\" ]";
+        print "," if ($arrSize > 1 && $i != $arrSize - 1);
+        print "\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(SETTINGS_FILE);
+}
+
+sub GenerateSetLabelPage
+{
+  my ($l);
+
+  ExitError("Failed to open label page!") if (!open(LABEL_PAGE, "< Label.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  $defLabel = $keyID;
+  $defLabel =~ s/^[0-9a-fA-F]{12}//;
+  $defLabel = "$sn-$defLabel";
+
+  print $gQuery->header();
+
+  while ($l = <LABEL_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$defLabel/g;
+    }
+    print $l;
+  }
+  close(LABEL_FILE);
+}
+
+sub GenerateBindProgressPage
+{
+  my ($action) = @_;
+  my ($l);
+
+  ExitError("Failed to open progress page!") if (!open(PROG_PAGE, "< Progress.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  my $keyLabel = "";
+
+  if ($action eq "bind")
+  {
+    $keyLabel = GetKeyLabelArg();
+    ExitError("Failed to get a valid keyLabel!") if (! $keyLabel);
+  }
+
+  print $gQuery->header();
+
+  while ($l = <PROG_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_ACTION *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_CHALLENGEDATA *-->/)
+    {
+      $challengeData = "";
+      $challengeData = "QVNDIHJvY2tzIHRoZSBwYXJ0eSE=" if ($action eq "bind");
+
+      $l =~ s/<!-- *SECURECOOL_CHALLENGEDATA *-->/$challengeData/g;
+    }
+    print $l;
+  }
+  close(PROG_PAGE);
+}
+
+sub GenerateBindSuccessPage
+{
+  my ($action) = @_;
+  my ($l);
+
+  ExitError("Failed to open progress page!") if (!open(SUCCESS_PAGE, "< BindSuccess.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  my $keyLabel = "";
+  
+  if ($action eq "bind")
+  {
+    $keyLabel = GetKeyLabelArg();
+    ExitError("Failed to get a valid keyLabel!") if (! $keyLabel);
+  }
+
+  print $gQuery->header();
+
+  while ($l = <SUCCESS_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_ACTION *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g;
+    }
+    print $l;
+  }
+  close(SUCCESS_PAGE);
+}
+
+sub GenerateBindingConfigPage
+{
+  my ($l);
+
+  ExitError("Failed to load binding page!") if (!open(BINDING_FILE, "< Bindings.html"));
+
+  print $gQuery->header();
+
+  while ($l = <BINDING_FILE>)
+  {
+    if ($l =~ /SECURECOOL_BINDINGS_ARRAY/)
+    {
+      my(@curBindings) = GetBindings();
+      my $arrSize = scalar(@curBindings);
+      my($i);
+
+      for ($i = 0; $i < $arrSize; $i++)
+      {
+        my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]);
+        print "  [ $keyType, \"$keyId\", \"$keyLabel\" ]";
+        print "," if ($arrSize > 1 && $i != $arrSize - 1);
+        print "\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(BINDING_FILE);
+}
+
+sub GetKeyLabel
+{
+  my($keyType, $keyId) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($numBindings) = scalar(@curBindings);
+
+  while($numBindings > 0)
+  {
+    --$numBindings;
+    if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/)
+    {
+      my($ktype, $id, $lbl) = split(/&/, $curBindings[$numBindings]);
+      return $lbl;
+    }
+  }
+
+  return "";
+}
+
+sub GenerateLabelPage
+{
+  my($keyType, $keyId, $nextAction) = @_;
+  my($keyLabel) = GetKeyLabel($keyType, $keyId);
+
+  return if ($keyLabel eq "");
+
+  my ($l);
+
+  ExitError("Failed to load label page!") if (!open(EDIT_LABEL_FILE, "< EditLabel.html"));
+
+  print $gQuery->header();
+
+  while ($l = <EDIT_LABEL_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextAction\">\n";
+      print "<input type=\"hidden\" name=\"keytype\" value=\"$keyType\">\n";
+      print "<input type=\"hidden\" name=\"keyid\" value=\"$keyId\">\n";
+      print "<input type=\"hidden\" name=\"keylabel\" value=\"$keyLabel\">\n";
+      print "<input type=\"hidden\" name=\"screenname\" value=\"".GetScreenName()."\">\n";
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(EDIT_LABEL_FILE);
+}
+
+sub GenerateAutoEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+sub GenerateAuthenticationPage
+{
+  my ($l); 
+  ExitError("Failed to load enrollment page!") if (!open(AUTH_FILE, "< GenericAuth.html"));
+
+  print $gQuery->header();
+
+  while ($l = <AUTH_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(AUTH_FILE);
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateAdvancePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< AdvancePopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateTokenManagerPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< TokenManager.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateTicketRequestPage
+{
+  my ($l);
+
+  ExitError("Failed to load ticket request page!") if (!open(TICKETREQ_FILE, "< Ticket.html"));
+
+  print $gQuery->header();
+
+  while ($l = <TICKETREQ_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(TICKETREQ_FILE);
+}
+
+sub GenerateLoadURLPage
+{
+  my ($l);
+
+  ExitError("Failed to load url request page!") if (!open(LOADURL_FILE, "< LoadURL.html"));
+
+  print $gQuery->header();
+
+  while ($l = <LOADURL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(LOADURL_FILE);
+}
+
+sub CreateExpiredCookie
+{
+  my($cookieName) = @_;
+  my $cookie = $gQuery->cookie(-name=>$cookieName,
+                               -value=>'',
+                               -expires=>'-2d',
+                               -path=>$gQuery->url(-absolute=>1),
+                               -domain=>$gQuery->server_name());
+  return $cookie;
+
+}
+
+sub SaveSubscription
+{
+  
+  $gUserObj{'SUBSCRIPTION'} = $gQuery->param("subscriptiontype");
+  SaveUserDatabase(GetScreenName());
+}
+
+sub GetBindings
+{
+  my $bindings = $gUserObj{'BINDINGS'};
+  return @$bindings;
+}
+
+sub BindingsArrayToString
+{
+  my(@bindings) = @_;
+  my $i;
+  my $str = "";
+
+  for ($i = 0; $i < @bindings; $i++)
+  {
+    if ($bindings[$i] ne "")
+    {
+      $str .= "&" if ($str ne "");
+      $str .= ASCUrlEncode($bindings[$i]);
+    }
+  }
+
+  return $str;
+}
+
+sub AddItemToBindings
+{
+  my($keyType, $keyId, $keyLabel) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($pos) = scalar(@curBindings);
+
+  # First check to see if the key already  exists in
+  # the  cookie! If it does, we'll just overwrite it.
+
+  my($i) = $pos;
+  while($i > 0)
+  {
+    --$i;
+    if ($curBindings[$i] =~ /^$keyType&$keyId&/)
+    {
+      $pos = $i;
+      last;
+    }
+  }
+
+  $curBindings[$pos] = "$keyType&$keyId&$keyLabel";
+
+  $gUserObj{'BINDINGS'} = \@curBindings;
+  #SaveUserDatabase(GetScreenName());
+}
+
+sub RemoveItemFromBindings
+{
+  my($keyType, $keyId) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($numBindings) = scalar(@curBindings);
+  my @newBindings;
+
+  while($numBindings > 0)
+  {
+    --$numBindings;
+    next if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/);
+    push @newBindings, $curBindings[$numBindings];
+  }
+
+  $gUserObj{'BINDINGS'} = \@newBindings;
+  #SaveUserDatabase(GetScreenName());
+}
+
+sub UpdateBindingsForBind
+{
+  return if (! defined $gQuery->param("keytype"));
+  my($keyType) = $gQuery->param("keytype");
+
+  return if (! defined $gQuery->param("keyid"));
+  my($keyId) = $gQuery->param("keyid");
+
+  return if (! defined $gQuery->param("keylabel"));
+  my($keyLabel) = $gQuery->param("keylabel");
+
+  return AddItemToBindings($keyType, $keyId, $keyLabel);
+}
+
+sub UpdateBindingsForUnbind
+{
+  return if (! defined $gQuery->param("keytype"));
+  my($keyType) = $gQuery->param("keytype");
+
+  return if (! defined $gQuery->param("keyid"));
+  my($keyId) = $gQuery->param("keyid");
+
+  return RemoveItemFromBindings($keyType, $keyId,);
+}
+
+sub UpdateBindingsForLabel
+{
+  return UpdateBindingsForBind();
+}
+
+sub ASCUrlDecode
+{
+  my($qstr) = @_;
+  $qstr =~ s/\+/ /g;
+  $qstr =~ s/%([0-9A-F]{2})/pack("C", hex($1))/eig;
+  return $qstr;
+}
+
+sub ASCUrlEncode
+{
+  my($qstr) = @_;
+  $qstr =~ s/([^a-zA-Z0-9_ ])/sprintf("%%%.2X", unpack("C", $1))/eig;
+  $qstr =~ s/ /+/g;
+  return $qstr;
+}
+
+sub LoadUserDatabase
+{
+  my($sn) = @_; 
+
+  $gUserObj{'SUBSCRIPTION'}  = "";
+
+  $gUserObj{'BINDINGS'} = "";
+  return;
+
+}
+
+sub SaveUserDatabase
+{
+  my($sn) = @_;
+  my($snfile) = "UserDatabase/$sn";
+
+  return;
+
+}
diff --git a/base/tps-client/apache/cgi-bin/home.cgi b/base/tps-client/apache/cgi-bin/home.cgi
new file mode 100755
index 000000000..5fdf5ecf8
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/home.cgi
@@ -0,0 +1,40 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://machine.fedora.redhat.com:7888/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://machine.fedora.redhat.com:7888/cgi-bin/esc.cgi";
+print "</UI>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/base/tps-client/apache/cgi-bin/home/Enroll.html b/base/tps-client/apache/cgi-bin/home/Enroll.html
new file mode 100755
index 000000000..2bcc9c1af
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/home/Enroll.html
@@ -0,0 +1,79 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/home/style.css" type="text/css">
+
+<title>Enrollment</title>
+</head>
+<script type="text/JavaScript" src="/esc/home/util.js">
+</script>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+<table width="100%" class="logobar">
+  <tr>
+    <td>
+<img alt="" src="/pki/esc/home/logo.jpg">
+    </td>
+    <td>
+      <p class="headerText">Smartcard Enrollment</p>
+    </td>
+  </tr>
+</table>
+  <table id="BindingTable" width="200px"align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+  <p class="bodyText">You have plugged in your smartcard! After answering a few easy questions, you will be able to use your smartcard.
+  </p>
+  <p class="bodyText"> 
+      Now we would like you to identify yourself.
+   </p>  
+    <table>
+      <tr>
+        <td><p >LDAP User ID: </p></td>
+        <td> </td>
+        <td><input type="text" id="snametf"  value=""></td>
+         <td> </td>
+        <td><p>LDAP Password: </p></td>
+         <td> </td>
+        <td><input type="password" id="snamepwd" value=""></td>
+      </tr>
+
+      </table>
+
+      <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> 
+      <table>
+      <tr>
+        <td><p >Password:</p></td>
+        <td><input type="password" id="pintf" name="pintf" value=""></td>
+
+        <td><p >Re-Enter Password:</p></td>
+        <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Smartcard" onClick="DoEnrollCOOLKey();">
+        </td>
+      </tr>
+    </table>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/home/cachain.cgi b/base/tps-client/apache/cgi-bin/home/cachain.cgi
new file mode 100755
index 000000000..27dc9cd6c
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/home/cachain.cgi
@@ -0,0 +1,52 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+
+use LWP::UserAgent;
+
+my $cfg = "../../conf/CS.cfg";
+my $cahostport = `grep conn.ca1.hostport $cfg | cut -c19-`;
+
+chomp($cahostport);
+
+my $url = "https://$cahostport/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert";
+
+my $agent = LWP::UserAgent->new;
+$agent->timeout(30);
+
+my $request = HTTP::Request->new('GET', $url);
+my $response = $agent->request($request);
+
+if ($response->is_success) {
+    print "Content-type: application/x-x509-ca-cert\n\n";
+    print $response->content;
+
+} else {
+   print "Content-type: text/html\n\n";
+   print "<html>";
+   print "<link rel=stylesheet href='/pki/esc/home/style.css' type='text/css'>";
+   print "<center><h2>Error Importing CA Chain Information!</h2></center>";
+   print "<center><h2>Please try again later.</h2></center>";
+   print "</html>"
+}
diff --git a/base/tps-client/apache/cgi-bin/home/enroll.cgi b/base/tps-client/apache/cgi-bin/home/enroll.cgi
new file mode 100755
index 000000000..c0f4bcabf
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/home/enroll.cgi
@@ -0,0 +1,183 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/base/tps-client/apache/cgi-bin/home/index.cgi b/base/tps-client/apache/cgi-bin/home/index.cgi
new file mode 100755
index 000000000..e347f6720
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/home/index.cgi
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "http://www.fedora.redhat.com";   # Company URL
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "userKey";
+print "</TokenType>";
+#print "<CAChainUI>";
+#print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/cachain.cgi";
+#print "</CAChainUI>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/base/tps-client/apache/cgi-bin/so/Enroll.html b/base/tps-client/apache/cgi-bin/so/Enroll.html
new file mode 100755
index 000000000..1e4f137e5
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/so/Enroll.html
@@ -0,0 +1,138 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/so/style.css" type="text/css">
+
+<title>Enrollment</title>
+</head>
+<script type="text/JavaScript" src="/esc/so/util.js">
+</script>
+
+<script type="text/javascript">
+<!--
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "http://$host:$port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  var arr = GetAvailableCOOLKeys();
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    UserSelectRowByKeyID(keyType, keyID);
+  }
+}
+
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+}
+
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+// -->
+</script>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+<table width="100%" class="logobar">
+  <tr>
+    <td>
+<!--<img alt="" src="/pki/esc/so/images/logo.gif"> -->
+    </td>
+    <td align = "center">
+      <p class="headerText">Security Officer Enrollment</p>
+    </td>
+  </tr>
+</table>
+  <div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px"align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+  </div>
+  <p class="bodyText">You have plugged in your smartcard! After answering a few easy questions, you will be able to enroll the smartcard for the Security Officer user.
+  </p>
+  <p class="bodyText"> 
+      Now we would like you to identify yourself.
+   </p>  
+    <table>
+      <tr>
+        <td><p >LDAP User ID: </p></td>
+        <td> </td>
+        <td><input type="text" id="snametf"  value=""></td>
+         <td> </td>
+        <td><p>LDAP Password: </p></td>
+         <td> </td>
+        <td><input type="password" id="snamepwd" value=""></td>
+      </tr>
+
+      </table>
+
+      <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> 
+      <table>
+      <tr>
+        <td><p >Password:</p></td>
+        <td><input type="password" id="pintf" name="pintf" value=""></td>
+
+        <td><p >Re-Enter Password:</p></td>
+        <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td>
+    </table>
+    <br>
+    <div id="ajax-pb" style="display:none;">
+       <img src="/pki/esc/so/images/indicator.gif">
+       <h2 id="progress" name="progress" value="0%" ></h2>
+    </table>
+    </div>
+
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Smartcard" onClick="toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();">
+        </td>
+      </tr>
+    </table>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/so/enroll.cgi b/base/tps-client/apache/cgi-bin/so/enroll.cgi
new file mode 100755
index 000000000..148cd78c0
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/so/enroll.cgi
@@ -0,0 +1,193 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$port/$port/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/base/tps-client/apache/cgi-bin/so/index.cgi b/base/tps-client/apache/cgi-bin/so/index.cgi
new file mode 100755
index 000000000..923d134ee
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/so/index.cgi
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/sow/welcome.cgi";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "soKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/base/tps-client/apache/cgi-bin/sow/ajax-list.cgi b/base/tps-client/apache/cgi-bin/sow/ajax-list.cgi
new file mode 100755
index 000000000..0f4ac094f
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/ajax-list.cgi
@@ -0,0 +1,79 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+[REQUIRE_CFG_PL]
+
+sub main()
+{
+
+  my $q = new CGI;
+
+  my $host = get_ldap_host();
+  my $port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $certdir = get_ldap_certdir();
+
+  my $letters = $q->param('letters');
+  if ($letters eq "") {
+    # HACK: ajax.js posts parameters into POST URL
+    $letters = $ENV{'QUERY_STRING'};
+    $letters =~ s/.*letters=//g;
+    $letters =~ s/\+/ /g;
+  }
+
+  my $result = "";
+
+  print "Content-Type: text/html\n\n";
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $host, port => $port, cert => $certdir},
+                  $secureconn);
+
+  return if (!$conn);
+
+  my $entry = $conn->search ( { base =>$basedn,
+                                scope => "sub",
+                                filter => "cn=$letters*",
+                                attrsonly => 0,
+                                attrs => qw(cn uid),
+                                sortattrs => qw(cn)}
+                            );
+
+  while ($entry) {
+    my $cn =  ($entry->getValues("cn"))[0]  || "";
+    my $uid = ($entry->getValues("uid"))[0] || "";
+    $result .= $uid . "###" . $cn . "|";
+    $entry  $conn->nextEntry();
+  }
+
+  $conn->close();
+
+  print $result;
+}
+
+&main();
diff --git a/base/tps-client/apache/cgi-bin/sow/cfg.pl b/base/tps-client/apache/cgi-bin/sow/cfg.pl
new file mode 100755
index 000000000..64e612aaa
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/cfg.pl
@@ -0,0 +1,168 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+#
+# Establish platform-dependent variables:
+#
+my $ldapsearch="/usr/bin/ldapsearch";
+
+#
+# Feel free to modify the following parameters:
+#
+my $ldapHost = "localhost";
+my $ldapPort = "389";
+my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com";
+my $port = "7888";
+my $secure_port = "7889";
+my $host = "localhost";
+
+my $cfg = "/var/lib/pki-tps/conf/CS.cfg";
+
+sub get_ldapsearch()
+{
+  return $ldapsearch;
+}
+
+sub get_ldap_host()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($ldapHost, $p) = split(/:/, $ldapport);
+  return $ldapHost;
+}
+
+sub get_ldap_port()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($p, $ldapPort) = split(/:/, $ldapport);
+  return $ldapPort;
+}
+
+sub get_base_dn()
+{
+  my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`;
+  chomp($basedn);
+  return $basedn;
+}
+
+sub get_port()
+{
+  my $port = `grep service.unsecurePort $cfg | cut -c22-`;
+  chomp($port);
+  return $port;
+}
+
+sub get_secure_port()
+{
+  my $secure_port = `grep service.securePort $cfg | cut -c20-`;
+  chomp($secure_port);
+  return $secure_port;
+}
+
+sub get_host()
+{
+  my $host = `grep service.machineName $cfg | cut -c21-`;
+  chomp($host);
+  return $host;
+}
+
+sub is_agent()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`;
+  chomp($x_hostport);
+  my ($x_host, $x_port) = split(/:/, $x_hostport);
+  my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`;
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x" .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-LLL \"(uid=" . $uid . "*)\" | wc -l";
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
+
+sub is_user()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_host = get_ldap_host();
+  $x_port = get_ldap_port();
+  my $x_basedn = get_base_dn();
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x" .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "ou=people,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-LLL \"(uid=" . $uid . "*)\" | wc -l";
+
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
diff --git a/base/tps-client/apache/cgi-bin/sow/enroll.cgi b/base/tps-client/apache/cgi-bin/sow/enroll.cgi
new file mode 100755
index 000000000..8a6431e52
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/enroll.cgi
@@ -0,0 +1,246 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+  my $ldap_host = get_ldap_host();
+  my $ldap_port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $port = get_port();
+  my $host = get_host();
+  my $secure_port = get_secure_port();
+  my $certdir = get_ldap_certdir();
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $ldap_host, port => $ldap_port, cert => $certdir},
+                  $secureconn);
+
+  ExitError("Failed to connect to the database. $msg") if (!$conn);
+
+  my $entry = $conn->search ( $basedn,
+                              "sub",
+                              "uid=$uid",
+                              0
+                            );
+
+  if (!$entry) {
+    $conn->close();
+    ExitError("User $uid not found");
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || "";
+  my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || "";
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps-client/apache/cgi-bin/sow/enroll.html b/base/tps-client/apache/cgi-bin/sow/enroll.html
new file mode 100755
index 000000000..81ec73443
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/enroll.html
@@ -0,0 +1,260 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+var officerToken = null;
+
+function UserOnDoneInitializeBindingTable()
+{
+  document.body.onkeyup = onUserKeyUp;
+  var enrollbtn = document.getElementById('enrollbtn');
+  enrollbtn.disabled = true;
+  var pintf = document.getElementById('pintf');
+  pintf.focus();
+
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  var enrollbtn = document.getElementById('enrollbtn');
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++;
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }     
+    if(isAgent == true)
+    {
+        MyAlert("You can't Enroll a card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+
+function onUserKeyUp(e)
+{
+  var pintf = document.getElementById('pintf');
+  var reenterpintf = document.getElementById('reenterpintf');
+  var enrollbtn = document.getElementById('enrollbtn');
+  if (e.keyCode == 13) {
+    if (e.target == pintf) {
+      reenterpintf.focus();
+    } else {
+      pintf.focus();
+    }
+  }
+  if (pintf.value != '' && pintf.value == reenterpintf.value) {
+    enrollbtn.disabled = false;
+  } else {
+    enrollbtn.disabled = true;
+  }
+  return e;
+}
+
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p>
+</blockquote>
+<h2><span id="keytext">Please insert new smartcard now!</span></h2>
+      <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote>
+        New Token Password:<br>
+        <input type="password" id="pintf" name="pintf" value=""><br/>
+        Re-Enter Token Password:<br>
+        <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/>
+        <input type="hidden" id="snametf"  value="$uid">
+        User Password:<br>
+        <input type="password" id="snamepwd" value="">
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+  </table>
+
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/sow/enroll_temp.cgi b/base/tps-client/apache/cgi-bin/sow/enroll_temp.cgi
new file mode 100755
index 000000000..5817039a2
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/enroll_temp.cgi
@@ -0,0 +1,246 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+  my $ldap_host = get_ldap_host();
+  my $ldap_port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $port = get_port();
+  my $host = get_host();
+  my $secure_port = get_secure_port();
+  my $certdir = get_ldap_certdir();
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll_temp.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $ldap_host, port => $ldap_port, cert => $certdir},
+                  $secureconn);
+
+  ExitError("Failed to connect to the database. $msg") if (!$conn);
+
+  my $entry = $conn->search ( $basedn,
+                              "sub",
+                              "uid=$uid",
+                              0
+                            );
+
+  if (!$entry) {
+    $conn->close();
+    ExitError("User $uid not found");
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $departmentNumber = ($entry->getValues("departmentNumber"))[0] || "";
+  my $employeeNumber = ($entry->getValues("employeeNumber"))[0] || "";
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps-client/apache/cgi-bin/sow/enroll_temp.html b/base/tps-client/apache/cgi-bin/sow/enroll_temp.html
new file mode 100755
index 000000000..342eddb1b
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/enroll_temp.html
@@ -0,0 +1,231 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+var officerToken = null;
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  var enrollbtn = document.getElementById('enrollbtn');
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++;
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }     
+    if(isAgent == true)
+    {
+        MyAlert("You can't Enroll a temporary card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p>
+</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+      <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote>
+        <h3>New Token Password:</h3>
+        <input type="password" id="pintf" name="pintf" value=""><br/>
+        <h3>Re-Enter Token Password:</h3>
+        <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/>
+        <input type="hidden" id="snametf"  value="$uid">
+        <h3>User Password:</h3>
+        <input type="password" id="snamepwd" value=""><br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollTempCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/sow/format.cgi b/base/tps-client/apache/cgi-bin/sow/format.cgi
new file mode 100755
index 000000000..9b310991d
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/format.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< format.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps-client/apache/cgi-bin/sow/format.html b/base/tps-client/apache/cgi-bin/sow/format.html
new file mode 100755
index 000000000..66b19a624
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/format.html
@@ -0,0 +1,236 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+var officerToken = null;
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+  }
+
+  if (arr && arr.length <= 1  )
+  {
+    toggleButton('enrollbtn','off');
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+      
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++; 
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }      
+    if(isAgent == true)
+    {
+        MyAlert("You can't Format a card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload="cleanup();">
+
+<progressmeter id="progress-id" hidden="true" align = "center"/> 
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+     <tr id="HeaderRow">
+     </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will erase the phone home URL and format the user token.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/sow/formatso.cgi b/base/tps-client/apache/cgi-bin/sow/formatso.cgi
new file mode 100755
index 000000000..d53129139
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/formatso.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< formatso.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps-client/apache/cgi-bin/sow/formatso.html b/base/tps-client/apache/cgi-bin/sow/formatso.html
new file mode 100755
index 000000000..3508d633e
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/formatso.html
@@ -0,0 +1,186 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    UserOnCOOLKeyInserted(keyType,keyID);
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") {
+    updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  } else {
+    updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  }
+  UserSelectRowByKeyID(keyType, keyID);
+   var uid = null;
+  var isUser = false;
+
+  if(keyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(keyType,keyID);
+
+    if(uid)
+    {
+        isUser = IsAgentOrUser(uid,"user");
+    }
+    if(isUser == true)
+    {
+        MyAlert("You can't Format a User card here!  Try another card.");
+
+        updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" USER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will erase the phone home URL and format the SO token, so that you can start the demonstration all over again. <br/><br/>WARNING: You will not be able to access the security officer station after this operation.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatSoCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/sow/index.cgi b/base/tps-client/apache/cgi-bin/sow/index.cgi
new file mode 100755
index 000000000..454d8ef44
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/index.cgi
@@ -0,0 +1,42 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "https://[PKI_HOSTNAME]:[PKI_SECURE_PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "https://[PKI_HOSTNAME]:[PKI_SECURE_PORT]/cgi-bin/sow/search.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/base/tps-client/apache/cgi-bin/sow/is_agent.cgi b/base/tps-client/apache/cgi-bin/sow/is_agent.cgi
new file mode 100755
index 000000000..c6b6a87f7
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/is_agent.cgi
@@ -0,0 +1,69 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoIsAgent
+{
+
+  print "Content-type: text/xml\n\n";
+  
+  if (!&authorize()) {
+    return;
+  }
+
+  my $uid = $q->param('uid');
+
+  if(&is_agent("uid=$uid"))
+  {
+      print "<response>yes</response>\n";
+  }
+  else
+  {
+      print "<response>no</response>\n";
+  }
+
+}
+
+&DoIsAgent(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/is_user.cgi b/base/tps-client/apache/cgi-bin/sow/is_user.cgi
new file mode 100755
index 000000000..d7a551421
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/is_user.cgi
@@ -0,0 +1,71 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+use CGI::Carp qw(fatalsToBrowser);
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoIsUser
+{
+
+  print "Content-type: text/xml\n\n";
+  
+  if (!&authorize()) {
+    return;
+  }
+
+  my $uid = $q->param('uid');
+
+  if(&is_user("uid=$uid"))
+  {
+      print "<response>yes</response>\n";
+  }
+  else
+  {
+      print "<response>no</response>\n";
+  }
+
+}
+
+&DoIsUser(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/main.cgi b/base/tps-client/apache/cgi-bin/sow/main.cgi
new file mode 100755
index 000000000..c6f65e42e
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/main.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< main.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/main.html b/base/tps-client/apache/cgi-bin/sow/main.html
new file mode 100755
index 000000000..897be5920
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/main.html
@@ -0,0 +1,67 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> | 
+    </div>
+  <blockquote><p>User Token Functions</p></blockquote>
+<ul style="font-size:1.2em;">
+    <a href="search.cgi">Enroll New Card</a> - enroll a new user smart card<br />
+    <a href="search_temp.cgi">Enroll Temporay Card</a> - enroll a temporary smart card<br />
+    <a href="format.cgi">Format Card</a> - format a user card<br />
+    <a href="seturl.cgi">Set Home URL</a> - set phone home URL to a user card<br />
+</ul>
+  <blockquote><p>Misc Functions</p></blockquote>
+<ul style="font-size:1.2em;">
+    <a href="formatso.cgi">Format SO Card</a> - format a SO card<br />
+</ul>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/cgi-bin/sow/noaccess.cgi b/base/tps-client/apache/cgi-bin/sow/noaccess.cgi
new file mode 100755
index 000000000..17166bcb6
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/noaccess.cgi
@@ -0,0 +1,56 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+
+  open(FILE, "< noaccess.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/noaccess.html b/base/tps-client/apache/cgi-bin/sow/noaccess.html
new file mode 100755
index 000000000..80cdd11d7
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/noaccess.html
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    </div>
+  <blockquote><p>Sorry, you do not have permission to perform the requested operation.</p></blockquote>
+<form method=post action="http://$host:$port/cgi-bin/sow/welcome.cgi">
+    <table>
+      <tr>
+      </tr>
+
+      </table>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Start Over">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/cgi-bin/sow/read.cgi b/base/tps-client/apache/cgi-bin/sow/read.cgi
new file mode 100755
index 000000000..8a5793c2b
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/read.cgi
@@ -0,0 +1,128 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+[REQUIRE_CFG_PL]
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+  my $host = get_ldap_host();
+  my $port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $certdir = get_ldap_certdir();
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+  $name = "" if !defined $name;
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $host, port => $port, cert => $certdir},
+                  $secureconn);
+
+  if (!$conn) {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Failed to connect to the database.");
+    return;
+  };
+
+  my $entry = $conn->search ( $basedn,
+                         "sub",
+                         "cn=$name",
+                         0
+                       );
+
+  if (!$entry) {
+    $conn->close();
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size)
+  my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb)
+  my $height = ($entry->getValues("height"))[0] || "";
+  my $weight = ($entry->getValues("weight"))[0] || "";
+  my $eyecolor = ($entry->getValues("eyeColor"))[0] || "";
+
+  $conn->close();
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/read.html b/base/tps-client/apache/cgi-bin/sow/read.html
new file mode 100755
index 000000000..ca1c5f9d3
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/read.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/css/style.css" type="text/css">
+
+<title>Security Officer</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+  <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote>
+  <table>
+  <tr>
+    <td>
+<script type="text/javascript">
+ if ('$departmentNumber' != '') {
+   document.writeln('<img alt="" border=0 src="$photoSmall">');
+  }
+</script>
+    </td>
+    <td>
+       <span class="heading">UID:</span> $uid<br/>
+       <span class="heading">Given Name:</span> $givenName<br/>
+       <span class="heading">Last Name:</span> $sn<br/>
+       <span class="heading">Email:</span>$mail<br/>
+       <span class="heading">Height:</span> $height<br/>
+       <span class="heading">Weight:</span> $weight<br/>
+       <span class="heading">Eye Color:</span> $eyecolor<br/>
+    </td>
+    </table>
+    <br/>
+
+  <form method=post action="enroll.cgi">
+    <input type=hidden name=uid value="$uid">
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="Enroll" value="Continue">
+        </td>
+      </tr>
+    </table>
+  </form>
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/cgi-bin/sow/read_temp.cgi b/base/tps-client/apache/cgi-bin/sow/read_temp.cgi
new file mode 100755
index 000000000..31c6fd7e3
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/read_temp.cgi
@@ -0,0 +1,125 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+use Mozilla::LDAP::Conn;
+use PKI::TPS::Common;
+
+[REQUIRE_CFG_PL]
+
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+  my $host = get_ldap_host();
+  my $port = get_ldap_port();
+  my $secureconn = get_ldap_secure();
+  my $basedn = get_base_dn();
+  my $certdir = get_ldap_certdir();
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+  $name = "" if !defined $name;
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $conn =  PKI::TPS::Common::make_connection(
+                  {host => $host, port => $port, cert => $certdir},
+                  $secureconn);
+
+
+  my $entry = $conn->search ( $basedn,
+                              "sub",
+                              "cn=$name",
+                              0
+                            );
+
+  if (!$entry) {
+    $conn->close();
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  my $givenName = ($entry->getValues("givenName"))[0] ||  "-";
+  my $cn = ($entry->getValues("cn"))[0] || "-";
+  my $sn = ($entry->getValues("sn"))[0] ||"-";
+  $uid = ($entry->getValues("uid"))[0] || "-";
+  my $mail = ($entry->getValues("mail"))[0] || "-";
+  my $phone = ($entry->getValues("telephoneNumber"))[0] || "-";
+  my $photoLarge = ($entry->getValues("photoLarge"))[0] || ""; # photo (full size)
+  my $photoSmall = ($entry->getValues("photoSmall"))[0] || ""; # photo (thumb)
+  my $height = ($entry->getValues("height"))[0] || "";
+  my $weight = ($entry->getValues("weight"))[0] || "";
+  my $eyecolor = ($entry->getValues("eyeColor"))[0] || "";
+
+  $conn->close();
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/read_temp.html b/base/tps-client/apache/cgi-bin/sow/read_temp.html
new file mode 100755
index 000000000..ca1c5f9d3
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/read_temp.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/css/style.css" type="text/css">
+
+<title>Security Officer</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+  <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote>
+  <table>
+  <tr>
+    <td>
+<script type="text/javascript">
+ if ('$departmentNumber' != '') {
+   document.writeln('<img alt="" border=0 src="$photoSmall">');
+  }
+</script>
+    </td>
+    <td>
+       <span class="heading">UID:</span> $uid<br/>
+       <span class="heading">Given Name:</span> $givenName<br/>
+       <span class="heading">Last Name:</span> $sn<br/>
+       <span class="heading">Email:</span>$mail<br/>
+       <span class="heading">Height:</span> $height<br/>
+       <span class="heading">Weight:</span> $weight<br/>
+       <span class="heading">Eye Color:</span> $eyecolor<br/>
+    </td>
+    </table>
+    <br/>
+
+  <form method=post action="enroll.cgi">
+    <input type=hidden name=uid value="$uid">
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="Enroll" value="Continue">
+        </td>
+      </tr>
+    </table>
+  </form>
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/cgi-bin/sow/search.cgi b/base/tps-client/apache/cgi-bin/sow/search.cgi
new file mode 100755
index 000000000..e681ed100
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/search.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< search.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/search.html b/base/tps-client/apache/cgi-bin/sow/search.html
new file mode 100755
index 000000000..5b66fcd48
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/search.html
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>Please locate the user who is requesting a new smart card.</p></blockquote>
+<form method=post action="read.cgi">
+<div style="font-size:0.8em;">
+    <table>
+      <tr>
+        <td><h3>Name: </h3></td>
+        <td> </td>
+        <td><input type="text" id="name" name="name" value="" autocomplete="off"></td>
+        <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td>
+         <td> </td>
+      </tr>
+
+      </table>
+</div>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/cgi-bin/sow/search_temp.cgi b/base/tps-client/apache/cgi-bin/sow/search_temp.cgi
new file mode 100755
index 000000000..5d752a49d
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/search_temp.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< search_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/search_temp.html b/base/tps-client/apache/cgi-bin/sow/search_temp.html
new file mode 100755
index 000000000..6f0096305
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/search_temp.html
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>Please locate the user who is requesting a temporary smart card.</p></blockquote>
+<form method=post action="read_temp.cgi">
+<div style="font-size:0.8em;">
+    <table>
+      <tr>
+        <td><h3>Name: </h3></td>
+        <td> </td>
+        <td><input type="text" id="name" name="name" value="" autocomplete="off"></td>
+        <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td>
+         <td> </td>
+      </tr>
+
+      </table>
+</div>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/cgi-bin/sow/seturl.cgi b/base/tps-client/apache/cgi-bin/sow/seturl.cgi
new file mode 100755
index 000000000..dfac46d8f
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/seturl.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< seturl.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/base/tps-client/apache/cgi-bin/sow/seturl.html b/base/tps-client/apache/cgi-bin/sow/seturl.html
new file mode 100755
index 000000000..f1cddb186
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/seturl.html
@@ -0,0 +1,174 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+  }
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") {
+    updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  } else {
+    updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  }
+  UserSelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will burn a phone home URL on the user token.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/pki/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoSetURLCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/base/tps-client/apache/cgi-bin/sow/welcome.cgi b/base/tps-client/apache/cgi-bin/sow/welcome.cgi
new file mode 100755
index 000000000..bc76dd3fa
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/welcome.cgi
@@ -0,0 +1,57 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< welcome.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/base/tps-client/apache/cgi-bin/sow/welcome.html b/base/tps-client/apache/cgi-bin/sow/welcome.html
new file mode 100755
index 000000000..c539f17b7
--- /dev/null
+++ b/base/tps-client/apache/cgi-bin/sow/welcome.html
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    </div>
+  <blockquote><p>Welcome to the security officer interface, you will be asked to identify yourself with your token. Please click the continue button below.</p></blockquote>
+<form method=post action="https://$host:$secure_port/cgi-bin/sow/main.cgi">
+    <table>
+      <tr>
+      </tr>
+
+      </table>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/base/tps-client/apache/conf/httpd.conf b/base/tps-client/apache/conf/httpd.conf
new file mode 100644
index 000000000..754f53a34
--- /dev/null
+++ b/base/tps-client/apache/conf/httpd.conf
@@ -0,0 +1,1076 @@
+#
+# Based upon the NCSA server configuration files originally by Rob McCool.
+#
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about
+# the directives.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# The configuration directives are grouped into three basic sections:
+#  1. Directives that control the operation of the Apache server process as a
+#     whole (the 'global environment').
+#  2. Directives that define the parameters of the 'main' or 'default' server,
+#     which responds to requests that aren't handled by a virtual host.
+#     These directives also provide default values for the settings
+#     of all virtual hosts.
+#  3. Settings for virtual hosts, which allow Web requests to be sent to
+#     different IP addresses or hostnames and have them handled by the
+#     same Apache server process.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
+# with ServerRoot set to "/export/apache" will be interpreted by the
+# server as "/export/apache/logs/foo.log".
+#
+
+### Section 1: Global Environment
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests it can handle or where it
+# can find its configuration files.
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the LockFile documentation (available
+# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+ServerRoot "[PKI_INSTANCE_PATH]"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+<IfModule !mpm_winnt.c>
+<IfModule !mpm_netware.c>
+#LockFile logs/accept.lock
+</IfModule>
+</IfModule>
+
+#
+# ScoreBoardFile: File used to store internal server process information.
+# If unspecified (the default), the scoreboard will be stored in an
+# anonymous shared memory segment, and will be unavailable to third-party
+# applications.
+# If specified, ensure that no two invocations of Apache share the same
+# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
+#
+<IfModule !mpm_netware.c>
+<IfModule !perchild.c>
+#ScoreBoardFile logs/apache_runtime_status
+</IfModule>
+</IfModule>
+
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+<IfModule !mpm_netware.c>
+PidFile /var/run/pki/tps/[PKI_INSTANCE_NAME].pid
+</IfModule>
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+##
+## Server-Pool Size Regulation (MPM specific)
+## 
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule prefork.c>
+StartServers         5
+MinSpareServers      5
+MaxSpareServers     10
+MaxClients         150
+MaxRequestsPerChild  0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MaxClients: maximum number of simultaneous client connections
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of requests a server process serves
+
+# MPM worker module is a loadable module as of 2.4
+# Module must be loaded before the configuration stanza
+LoadModule mpm_worker_module /etc/httpd/modules/mod_mpm_worker.so
+
+<IfModule worker.c>
+ServerLimit          1
+StartServers         1
+MaxClients          64
+MinSpareThreads     1
+MaxSpareThreads     75 
+ThreadsPerChild     64
+MaxRequestsPerChild  0
+</IfModule>
+
+# perchild MPM
+# NumServers: constant number of server processes
+# StartThreads: initial number of worker threads in each server process
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# MaxThreadsPerChild: maximum number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of connections per server process
+<IfModule perchild.c>
+NumServers           5
+StartThreads         5
+MinSpareThreads      5
+MaxSpareThreads     10
+MaxThreadsPerChild  20
+MaxRequestsPerChild  0
+</IfModule>
+
+# WinNT MPM
+# ThreadsPerChild: constant number of worker threads in the server process
+# MaxRequestsPerChild: maximum  number of requests a server process serves
+<IfModule mpm_winnt.c>
+ThreadsPerChild 250
+MaxRequestsPerChild  0
+</IfModule>
+
+# BeOS MPM
+# StartThreads: how many threads do we initially spawn?
+# MaxClients:   max number of threads we can have (1 thread == 1 client)
+# MaxRequestsPerThread: maximum number of requests each thread will process
+<IfModule beos.c>
+StartThreads               10
+MaxClients                 50
+MaxRequestsPerThread       10000
+</IfModule>    
+
+# NetWare MPM
+# ThreadStackSize: Stack size allocated for each worker thread
+# StartThreads: Number of worker threads launched at server startup
+# MinSpareThreads: Minimum number of idle threads, to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# MaxThreads: Maximum number of worker threads alive at the same time
+# MaxRequestsPerChild: Maximum  number of requests a thread serves. It is 
+#                      recommended that the default value of 0 be set for this
+#                      directive on NetWare.  This will allow the thread to 
+#                      continue to service requests indefinitely.                          
+<IfModule mpm_netware.c>
+ThreadStackSize      65536
+StartThreads           250
+MinSpareThreads         25
+MaxSpareThreads        250
+MaxThreads            1000
+MaxRequestsPerChild      0
+MaxMemFree             100
+</IfModule>
+
+# OS/2 MPM
+# StartServers: Number of server processes to maintain
+# MinSpareThreads: Minimum number of idle threads per process, 
+#                  to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads per process
+# MaxRequestsPerChild: Maximum number of connections per server process
+<IfModule mpmt_os2.c>
+StartServers           2
+MinSpareThreads        5
+MaxSpareThreads       10
+MaxRequestsPerChild    0
+</IfModule>
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
+#
+#Listen 12.34.56.78:80
+
+Listen [PKI_UNSECURE_PORT]
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+
+LoadModule authz_core_module /etc/httpd/modules/mod_authz_core.so
+[FORTITUDE_AUTH_MODULES]
+# Module for User and Group
+LoadModule unixd_module /etc/httpd/modules/mod_unixd.so
+# Required module for command 'UserDir':
+LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
+# Required module for command 'DirectoryIndex':
+LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so
+# Required module for command 'TypesConfig':
+LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so
+# Required module for command 'LogFormat':
+LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so
+# Required module for command 'Alias':
+LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so
+# Required module for command 'SetEnvIf':
+LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so
+# Required module for command 'IndexOptions':
+LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so
+# Required module for command 'LanguagePriority':
+LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so
+# Required module for command 'CGI Scripts':
+LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so
+# Required module for commands in nss.conf:
+[FORTITUDE_NSS_MODULES]
+# Required module for command 'TPSConfigPathFile':
+LoadModule tps_module         [FORTITUDE_MODULE]/mod_tps.so
+# Required module for command 'TokendbConfigPathFile':
+LoadModule tokendb_module     [FORTITUDE_MODULE]/mod_tokendb.so
+
+<Location /nk_service>
+    SetHandler nk_service
+</Location>
+
+<Location /tus>
+    SetHandler tus
+</Location>
+
+#
+# Load config files from the config directory "[PKI_INSTANCE_PATH]/conf".
+#
+#Include conf.d/*.conf
+Include [PKI_INSTANCE_PATH]/conf/perl.conf
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+### Section 2: 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+<IfModule !mpm_winnt.c>
+<IfModule !mpm_netware.c>
+#
+# If you wish [PKI_INSTANCE_NAME] to run as a different user or group, you must run
+# [PKI_INSTANCE_NAME] as root initially and it will switch.
+#
+# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_NAME] as.
+#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
+#  . On HPUX you may not be able to use shared memory as nobody, and the
+#    suggested workaround is to create a user www and use that user.
+#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+#  when the value of (unsigned)Group is above 60000; 
+#  don't use Group #-1 on these systems!
+#
+User [PKI_USER]
+Group [PKI_GROUP]
+#Group #-1
+</IfModule>
+</IfModule>
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin you@example.com
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If this is not set to valid DNS name for your host, server-generated
+# redirections will not work.  See also the UseCanonicalName directive.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address anyway, and this will make 
+# redirections work in a sensible way.
+#
+#ServerName www.example.com:80
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the PKI_HOSTNAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "[PKI_INSTANCE_PATH]/docroot"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories). 
+#
+# First, we configure the "default" to be a very restrictive set of 
+# features.  
+#
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "[PKI_INSTANCE_PATH]/docroot">
+
+#
+# Possible values for the Options directive are "None", "All",
+# or any combination of:
+#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+#
+# Note that "MultiViews" must be named *explicitly* --- "Options All"
+# doesn't give it to you.
+#
+# The Options directive is both complicated and important.  Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#options
+# for more information.
+#
+    Options Indexes ExecCGI FollowSymLinks
+
+#
+# AllowOverride controls what directives may be placed in .htaccess files.
+# It can be "All", "None", or any combination of the keywords:
+#   Options FileInfo AuthConfig Limit
+#
+    AllowOverride None
+
+#
+# Controls who can get stuff from this server.
+#
+    Require all granted
+
+</Directory>
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+UserDir public_html
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+#<Directory /home/*/public_html>
+#    AllowOverride FileInfo AuthConfig Limit Indexes
+#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+#    <Limit GET POST OPTIONS PROPFIND>
+#        Order allow,deny
+#        Allow from all
+#    </Limit>
+#    <LimitExcept GET POST OPTIONS PROPFIND>
+#        Order deny,allow
+#        Deny from all
+#    </LimitExcept>
+#</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+# The index.html.var file (a type-map) is used to deliver content-
+# negotiated documents.  The MultiViews Option can be used for the 
+# same purpose, but it is much slower.
+#
+DirectoryIndex index.html index.html.var
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride 
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ~ "^\.ht">
+    Require all denied
+</Files>
+
+#
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+#
+TypesConfig conf/mime.types
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+<IfModule mod_mime_magic.c>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# EnableMMAP: Control whether memory-mapping is used to deliver
+# files (assuming that the underlying OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  On some systems, turning it off (regardless of
+# filesystem) can improve performance; for details, please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
+#
+#EnableMMAP off
+
+#
+# EnableSendfile: Control whether the sendfile kernel support is 
+# used  to deliver files (assuming that the OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
+#
+#EnableSendfile off
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog logs/error_log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+#LogLevel warn
+LogLevel debug
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# You need to enable mod_logio.c to use %I and %O
+#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+#
+# The location and format of the access logfile (Common Logfile Format).
+# If you do not define any access logfiles within a <VirtualHost>
+# container, they will be logged here.  Contrariwise, if you *do*
+# define per-<VirtualHost> access logfiles, transactions will be
+# logged therein and *not* in this file.
+#
+CustomLog logs/access_log common
+
+#
+# If you would like to have agent and referer logfiles, uncomment the
+# following directives.
+#
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+#
+# If you prefer a single logfile with access, agent, and referer information
+# (Combined Logfile Format) you can use the following directive.
+#
+#CustomLog logs/access_log combined
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Prod
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory 
+# listings, mod_status and mod_info output etc., but not CGI generated 
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature Off
+
+#
+# Aliases: Add here as many aliases as you need (with no limit). The format is 
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL.  So "/icons" isn't aliased in this
+# example, only "/icons/".  If the fakename is slash-terminated, then the 
+# realname must also be slash terminated, and if the fakename omits the 
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings.  If you
+# do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "[PKI_INSTANCE_PATH]/icons/"
+
+<Directory "[PKI_INSTANCE_PATH]/icons">
+    Options Indexes MultiViews
+    AllowOverride None
+    Require all granted
+</Directory>
+
+#
+# This should be changed to the ServerRoot/manual/.  The alias provides
+# the manual, even if you choose to move your DocumentRoot.  You may comment
+# this out if you do not care for the documentation.
+#
+AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[PKI_INSTANCE_PATH]/manual$1"
+
+<Directory "[PKI_INSTANCE_PATH]/manual">
+    Options Indexes
+    AllowOverride None
+    Require all granted
+
+    <Files *.html>
+        SetHandler type-map
+    </Files>
+
+    SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
+    RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
+</Directory>
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "[PKI_INSTANCE_PATH]/cgi-bin/"
+
+<IfModule mod_cgid.c>
+#
+# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
+# for setting UNIX socket for communicating with cgid.
+#
+#Scriptsock            logs/cgisock
+</IfModule>
+
+#
+# "[PKI_INSTANCE_PATH]/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "[PKI_INSTANCE_PATH]/cgi-bin">
+    AllowOverride None
+    Options ExecCGI
+    Require all granted
+</Directory>
+
+#
+# Redirect allows you to tell clients about documents which used to exist in
+# your server's namespace, but do not anymore. This allows you to tell the
+# clients where to look for the relocated document.
+# Example:
+# Redirect permanent /foo http://www.example.com/bar
+
+#
+# Directives controlling the display of server-generated directory listings.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing VersionSort
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of 
+# a document. You can then use content negotiation to give a browser a 
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will 
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as 
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases 
+# the two character 'Language' abbreviation is not identical to 
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+#
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset ISO-8859-1  .iso8859-1  .latin1
+AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
+AddCharset ISO-8859-3  .iso8859-3  .latin3
+AddCharset ISO-8859-4  .iso8859-4  .latin4
+AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
+AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
+AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
+AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
+AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5        .Big5       .big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251   .win-1251
+AddCharset CP866       .cp866
+AddCharset KOI8-r      .koi8-r .koi8-ru
+AddCharset KOI8-ru     .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-8       .utf8
+
+# The set below does not map to a specific (iso) standard
+# but works on a fairly wide range of browsers. Note that
+# capitalization actually matters (it should not, but it
+# does for some browsers).
+#
+# See http://www.iana.org/assignments/character-sets
+# for a list of sorts. But browsers support few.
+#
+AddCharset GB2312      .gb2312 .gb 
+AddCharset utf-7       .utf7
+AddCharset utf-8       .utf8
+AddCharset big5        .big5 .b5
+AddCharset EUC-TW      .euc-tw
+AddCharset EUC-JP      .euc-jp
+AddCharset EUC-KR      .euc-kr
+AddCharset shift_jis   .sjis
+
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-tar .tgz
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have nothing
+# to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+#
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+AddHandler cgi-script .cgi
+
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
+
+#
+# For server-parsed imagemap files:
+#
+#AddHandler imap-file map
+
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+#  to be distributed in multiple languages.)
+#
+AddHandler type-map var
+
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+#AddType text/html .shtml
+#AddOutputFilter INCLUDES .shtml
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use 
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#   Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /export/apache/error/include/ files and copying them to /your/include/path/, 
+# even on a per-VirtualHost basis.  The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 30 lines.
+
+#    Alias /error/ "/export/apache/error/"
+#
+#    <Directory "/export/apache/error">
+#        AllowOverride None
+#        Options IncludesNoExec
+#        AddOutputFilter Includes html
+#        AddHandler type-map var
+#        Order allow,deny
+#        Allow from all
+#        LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+#        ForceLanguagePriority Prefer Fallback
+#    </Directory>
+#
+#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#    ErrorDocument 410 /error/HTTP_GONE.html.var
+#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#[ErrorDocument_404]
+#[ErrorDocument_500]
+
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with Microsoft WebFolders which does not appropriately handle 
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-status>
+#    SetHandler server-status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-info>
+#    SetHandler server-info
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+
+#
+# Bring in additional module-specific configurations
+#
+#<IfModule mod_ssl.c>
+#    Include conf/ssl.conf
+#</IfModule>
+Include [PKI_INSTANCE_PATH]/conf/nss.conf
+
+TPSConfigPathFile [PKI_INSTANCE_PATH]/conf/CS.cfg
+
+TokendbConfigPathFile [PKI_INSTANCE_PATH]/conf/CS.cfg
+
+### Section 3: Virtual Hosts
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at 
+# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# Use name-based virtual hosting.
+#
+#NameVirtualHost *:80
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+#<VirtualHost *:80>
+#    ServerAdmin webmaster@dummy-host.example.com
+#    DocumentRoot /www/docs/dummy-host.example.com
+#    ServerName dummy-host.example.com
+#    ErrorLog logs/dummy-host.example.com-error_log
+#    CustomLog logs/dummy-host.example.com-access_log common
+#</VirtualHost>
+
+#turn off TRACE by default
+TraceEnable Off
diff --git a/base/tps-client/apache/conf/magic b/base/tps-client/apache/conf/magic
new file mode 100644
index 000000000..0de73361f
--- /dev/null
+++ b/base/tps-client/apache/conf/magic
@@ -0,0 +1,382 @@
+# Magic data for mod_mime_magic Apache module (originally for file(1) command)
+# The module is described in /manual/mod/mod_mime_magic.html
+#
+# The format is 4-5 columns:
+#    Column #1: byte number to begin checking from, ">" indicates continuation
+#    Column #2: type of data to match
+#    Column #3: contents of data to match
+#    Column #4: MIME type of result
+#    Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff:  file(1) magic for locally observed files
+# Add any locally observed files here.
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Java
+
+0	short		0xcafe
+>2	short		0xbabe		application/java
+
+#------------------------------------------------------------------------------
+# audio:  file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0	string		.snd
+>12	belong		1		audio/basic
+>12	belong		2		audio/basic
+>12	belong		3		audio/basic
+>12	belong		4		audio/basic
+>12	belong		5		audio/basic
+>12	belong		6		audio/basic
+>12	belong		7		audio/basic
+
+>12	belong		23		audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0	lelong		0x0064732E	
+>12	lelong		1		audio/x-dec-basic
+>12	lelong		2		audio/x-dec-basic
+>12	lelong		3		audio/x-dec-basic
+>12	lelong		4		audio/x-dec-basic
+>12	lelong		5		audio/x-dec-basic
+>12	lelong		6		audio/x-dec-basic
+>12	lelong		7		audio/x-dec-basic
+#                                       compressed (G.721 ADPCM)
+>12	lelong		23		audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+#					AIFF audio data
+8	string		AIFF		audio/x-aiff	
+#					AIFF-C audio data
+8	string		AIFC		audio/x-aiff	
+#					IFF/8SVX audio data
+8	string		8SVX		audio/x-aiff	
+
+# Creative Labs AUDIO stuff
+#					Standard MIDI data
+0	string	MThd			audio/unknown	
+#>9 	byte	>0			(format %d)
+#>11	byte	>1			using %d channels
+#					Creative Music (CMF) data
+0	string	CTMF			audio/unknown	
+#					SoundBlaster instrument data
+0	string	SBI			audio/unknown	
+#					Creative Labs voice data
+0	string	Creative\ Voice\ File	audio/unknown	
+## is this next line right?  it came this way...
+#>19	byte	0x1A
+#>23	byte	>0			- version %d
+#>22	byte	>0			\b.%d
+
+# [GRR 950115:  is this also Creative Labs?  Guessing that first line
+#  should be string instead of unknown-endian long...]
+#0	long		0x4e54524b	MultiTrack sound data
+#0	string		NTRK		MultiTrack sound data
+#>4	long		x		- version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
+#					Microsoft RIFF
+0	string		RIFF		audio/unknown
+#					- WAVE format
+>8	string		WAVE		audio/x-wav
+# MPEG audio.
+0   beshort&0xfff0  0xfff0  audio/mpeg
+# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
+0   string      PSID        audio/prs.sid
+
+#------------------------------------------------------------------------------
+# c-lang:  file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0	string		/*\ XPM		image/x-xbm	7bit
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+#					C or REXX program text
+0	string		/*		text/plain
+#					C++ program text
+0	string		//		text/plain
+
+#------------------------------------------------------------------------------
+# compress:  file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+0	string		\037\235	application/octet-stream	x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+0       string          \037\213        application/octet-stream	x-gzip
+
+# According to gzip.h, this is the correct byte order for packed data.
+0	string		\037\036	application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0	short		017437		application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0	short		0x1fff		application/octet-stream
+0	string		\377\037	application/octet-stream
+# huf output
+0	short		0145405		application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats.  Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+#				Keith Waclena <keith@cerberus.uchicago.edu>
+#0	leshort		0x76FF		squeezed data (CP/M, DOS)
+#0	leshort		0x76FE		crunched data (CP/M, DOS)
+
+# Freeze
+#0	string		\037\237	Frozen file 2.1
+#0	string		\037\236	Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0	string		\037\240	LZH compressed data
+
+#------------------------------------------------------------------------------
+# frame:  file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0	string		\<MakerFile	application/x-frame
+0	string		\<MIFFile	application/x-frame
+0	string		\<MakerDictionary	application/x-frame
+0	string		\<MakerScreenFon	application/x-frame
+0	string		\<MML		application/x-frame
+0	string		\<Book		application/x-frame
+0	string		\<Maker		application/x-frame
+
+#------------------------------------------------------------------------------
+# html:  file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+# and Anna Shergold <anna@inext.co.uk>
+#
+0   string      \<!DOCTYPE\ HTML    text/html
+0   string      \<!doctype\ html    text/html
+0   string      \<HEAD      text/html
+0   string      \<head      text/html
+0   string      \<TITLE     text/html
+0   string      \<title     text/html
+0   string      \<html      text/html
+0   string      \<HTML      text/html
+0   string      \<!--       text/html
+0   string      \<h1        text/html
+0   string      \<H1        text/html
+
+# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
+0   string      \<?xml      text/xml
+
+#------------------------------------------------------------------------------
+# images:  file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR:  TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR:  what the hell is this doing in here?]
+#0	string		xbtoa		btoa'd file
+
+# PBMPLUS
+#					PBM file
+0	string		P1		image/x-portable-bitmap	7bit
+#					PGM file
+0	string		P2		image/x-portable-greymap	7bit
+#					PPM file
+0	string		P3		image/x-portable-pixmap	7bit
+#					PBM "rawbits" file
+0	string		P4		image/x-portable-bitmap
+#					PGM "rawbits" file
+0	string		P5		image/x-portable-greymap
+#					PPM "rawbits" file
+0	string		P6		image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR:  this *must* go before TIFF]
+0	string		IIN1		image/x-niff
+
+# TIFF and friends
+#					TIFF file, big-endian
+0	string		MM		image/tiff
+#					TIFF file, little-endian
+0	string		II		image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115:  this was mine ("Zip GIF"):
+#					ZIF image (GIF+deflate alpha)
+0	string		GIF94z		image/unknown
+#
+# GRR 950115:  this is Jeremy Wohl's Free Graphics Format (better):
+#					FGF image (GIF+deflate beta)
+0	string		FGF95a		image/unknown
+#
+# GRR 950115:  this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+#					PBF image (deflate compression)
+0	string		PBF		image/unknown
+
+# GIF
+0	string		GIF		image/gif
+
+# JPEG images
+0	beshort		0xffd8		image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
+0	string		BM		image/bmp
+#>14	byte		12		(OS/2 1.x format)
+#>14	byte		64		(OS/2 2.x format)
+#>14	byte		40		(Windows 3.x format)
+#0	string		IC		icon
+#0	string		PI		pointer
+#0	string		CI		color icon
+#0	string		CP		color pointer
+#0	string		BA		bitmap array
+
+
+#------------------------------------------------------------------------------
+# lisp:  file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string	;;			text/plain	8bit
+# Emacs 18 - this is always correct, but not very magical.
+0	string	\012(			application/x-elc
+# Emacs 19
+0	string	;ELC\023\000\000\000	application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news:  file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0	string		Relay-Version: 	message/rfc822	7bit
+0	string		#!\ rnews	message/rfc822	7bit
+0	string		N#!\ rnews	message/rfc822	7bit
+0	string		Forward\ to 	message/rfc822	7bit
+0	string		Pipe\ to 	message/rfc822	7bit
+0	string		Return-Path:	message/rfc822	7bit
+0	string		Path:		message/news	8bit
+0	string		Xref:		message/news	8bit
+0	string		From:		message/rfc822	7bit
+0	string		Article 	message/news	8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0	string		\376\067\0\043			application/msword
+0	string		\333\245-\0\0\0			application/msword
+
+# disable this one because it applies also to other
+# Office/OLE documents for which msword is not correct. See PR#2608.
+#0	string		\320\317\021\340\241\261	application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer:  file(1) magic for printer-formatted files
+#
+
+# PostScript
+0	string		%!		application/postscript
+0	string		\004%!		application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0	string		%PDF-		application/pdf
+
+#------------------------------------------------------------------------------
+# sc:  file(1) magic for "sc" spreadsheet
+#
+38	string		Spreadsheet	application/x-sc
+
+#------------------------------------------------------------------------------
+# tex:  file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0	string		\367\002	application/x-dvi
+#0	string		\367\203	TeX generic font data
+#0	string		\367\131	TeX packed font data
+#0	string		\367\312	TeX virtual font data
+#0	string		This\ is\ TeX,	TeX transcript text	
+#0	string		This\ is\ METAFONT,	METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data.  The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+#2	string		\000\021	TeX font metric data
+#2	string		\000\022	TeX font metric data
+#>34	string		>\0		(%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+#0	string		\\input\ texinfo	Texinfo source text
+#0	string		This\ is\ Info\ file	GNU Info text
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0	leshort		0x02f7		application/x-dvi
+
+# RTF - Rich Text Format
+0	string		{\\rtf		application/rtf
+
+#------------------------------------------------------------------------------
+# animation:  file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+#						MPEG file
+0	string		\000\000\001\263	video/mpeg
+#
+# The contributor claims:
+#   I couldn't find a real magic number for these, however, this
+#   -appears- to work.  Note that it might catch other files, too,
+#   so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+#						DL file version 1 , medium format (160x100, 4 images/screen)
+0	byte		1			video/unknown
+0	byte		2			video/unknown
+# Quicktime video, from Linus Walleij <triad@df.lth.se>
+# from Apple quicktime file format documentation.
+4   string      moov        video/quicktime
+4   string      mdat        video/quicktime
+
diff --git a/base/tps-client/apache/conf/mime.types b/base/tps-client/apache/conf/mime.types
new file mode 100644
index 000000000..3485692d1
--- /dev/null
+++ b/base/tps-client/apache/conf/mime.types
@@ -0,0 +1,592 @@
+# This is a comment. I love comments.
+
+# This file controls what Internet media types are sent to the client for
+# given file extension(s).  Sending the correct media type to the client
+# is important so they know how to handle the content of the file.
+# Extra types can either be added here or by using an AddType directive
+# in your config files. For more information about Internet media types,
+# please read RFC 2045, 2046, 2047, 2048, and 2077.  The Internet media type
+# registry is at <http://www.iana.org/assignments/media-types/>.
+
+# MIME type			Extensions
+application/activemessage
+application/andrew-inset	ez
+application/applefile
+application/atom+xml		atom
+application/atomicmail
+application/batch-smtp
+application/beep+xml
+application/cals-1840
+application/cnrp+xml
+application/commonground
+application/cpl+xml
+application/cybercash
+application/dca-rft
+application/dec-dx
+application/dvcs
+application/edi-consent
+application/edifact
+application/edi-x12
+application/eshop
+application/font-tdpfr
+application/http
+application/hyperstudio
+application/iges
+application/index
+application/index.cmd
+application/index.obj
+application/index.response
+application/index.vnd
+application/iotp
+application/ipp
+application/isup
+application/mac-binhex40	hqx
+application/mac-compactpro	cpt
+application/macwriteii
+application/marc
+application/mathematica
+application/mathml+xml		mathml
+application/msword		doc
+application/news-message-id
+application/news-transmission
+application/ocsp-request
+application/ocsp-response
+application/octet-stream	bin dms lha lzh exe class so dll dmg
+application/oda			oda
+application/ogg			ogg
+application/parityfec
+application/pdf			pdf
+application/pgp-encrypted
+application/pgp-keys
+application/pgp-signature
+application/pkcs10
+application/pkcs7-mime
+application/pkcs7-signature
+application/pkix-cert
+application/pkix-crl
+application/pkixcmp
+application/postscript		ai eps ps
+application/prs.alvestrand.titrax-sheet
+application/prs.cww
+application/prs.nprend
+application/prs.plucker
+application/qsig
+application/rdf+xml		rdf
+application/reginfo+xml
+application/remote-printing
+application/riscos
+application/rtf
+application/sdp
+application/set-payment
+application/set-payment-initiation
+application/set-registration
+application/set-registration-initiation
+application/sgml
+application/sgml-open-catalog
+application/sieve
+application/slate
+application/smil		smi smil
+application/srgs		gram
+application/srgs+xml		grxml
+application/timestamp-query
+application/timestamp-reply
+application/tve-trigger
+application/vemmi
+application/vnd.3gpp.pic-bw-large
+application/vnd.3gpp.pic-bw-small
+application/vnd.3gpp.pic-bw-var
+application/vnd.3gpp.sms
+application/vnd.3m.post-it-notes
+application/vnd.accpac.simply.aso
+application/vnd.accpac.simply.imp
+application/vnd.acucobol
+application/vnd.acucorp
+application/vnd.adobe.xfdf
+application/vnd.aether.imp
+application/vnd.amiga.ami
+application/vnd.anser-web-certificate-issue-initiation
+application/vnd.anser-web-funds-transfer-initiation
+application/vnd.audiograph
+application/vnd.blueice.multipass
+application/vnd.bmi
+application/vnd.businessobjects
+application/vnd.canon-cpdl
+application/vnd.canon-lips
+application/vnd.cinderella
+application/vnd.claymore
+application/vnd.commerce-battelle
+application/vnd.commonspace
+application/vnd.contact.cmsg
+application/vnd.cosmocaller
+application/vnd.criticaltools.wbs+xml
+application/vnd.ctc-posml
+application/vnd.cups-postscript
+application/vnd.cups-raster
+application/vnd.cups-raw
+application/vnd.curl
+application/vnd.cybank
+application/vnd.data-vision.rdz
+application/vnd.dna
+application/vnd.dpgraph
+application/vnd.dreamfactory
+application/vnd.dxr
+application/vnd.ecdis-update
+application/vnd.ecowin.chart
+application/vnd.ecowin.filerequest
+application/vnd.ecowin.fileupdate
+application/vnd.ecowin.series
+application/vnd.ecowin.seriesrequest
+application/vnd.ecowin.seriesupdate
+application/vnd.enliven
+application/vnd.epson.esf
+application/vnd.epson.msf
+application/vnd.epson.quickanime
+application/vnd.epson.salt
+application/vnd.epson.ssf
+application/vnd.ericsson.quickcall
+application/vnd.eudora.data
+application/vnd.fdf
+application/vnd.ffsns
+application/vnd.fints
+application/vnd.flographit
+application/vnd.framemaker
+application/vnd.fsc.weblaunch
+application/vnd.fujitsu.oasys
+application/vnd.fujitsu.oasys2
+application/vnd.fujitsu.oasys3
+application/vnd.fujitsu.oasysgp
+application/vnd.fujitsu.oasysprs
+application/vnd.fujixerox.ddd
+application/vnd.fujixerox.docuworks
+application/vnd.fujixerox.docuworks.binder
+application/vnd.fut-misnet
+application/vnd.grafeq
+application/vnd.groove-account
+application/vnd.groove-help
+application/vnd.groove-identity-message
+application/vnd.groove-injector
+application/vnd.groove-tool-message
+application/vnd.groove-tool-template
+application/vnd.groove-vcard
+application/vnd.hbci
+application/vnd.hhe.lesson-player
+application/vnd.hp-hpgl
+application/vnd.hp-hpid
+application/vnd.hp-hps
+application/vnd.hp-pcl
+application/vnd.hp-pclxl
+application/vnd.httphone
+application/vnd.hzn-3d-crossword
+application/vnd.ibm.afplinedata
+application/vnd.ibm.electronic-media
+application/vnd.ibm.minipay
+application/vnd.ibm.modcap
+application/vnd.ibm.rights-management
+application/vnd.ibm.secure-container
+application/vnd.informix-visionary
+application/vnd.intercon.formnet
+application/vnd.intertrust.digibox
+application/vnd.intertrust.nncp
+application/vnd.intu.qbo
+application/vnd.intu.qfx
+application/vnd.irepository.package+xml
+application/vnd.is-xpr
+application/vnd.japannet-directory-service
+application/vnd.japannet-jpnstore-wakeup
+application/vnd.japannet-payment-wakeup
+application/vnd.japannet-registration
+application/vnd.japannet-registration-wakeup
+application/vnd.japannet-setstore-wakeup
+application/vnd.japannet-verification
+application/vnd.japannet-verification-wakeup
+application/vnd.jisp
+application/vnd.kde.karbon
+application/vnd.kde.kchart
+application/vnd.kde.kformula
+application/vnd.kde.kivio
+application/vnd.kde.kontour
+application/vnd.kde.kpresenter
+application/vnd.kde.kspread
+application/vnd.kde.kword
+application/vnd.kenameaapp
+application/vnd.koan
+application/vnd.liberty-request+xml
+application/vnd.llamagraphics.life-balance.desktop
+application/vnd.llamagraphics.life-balance.exchange+xml
+application/vnd.lotus-1-2-3
+application/vnd.lotus-approach
+application/vnd.lotus-freelance
+application/vnd.lotus-notes
+application/vnd.lotus-organizer
+application/vnd.lotus-screencam
+application/vnd.lotus-wordpro
+application/vnd.mcd
+application/vnd.mediastation.cdkey
+application/vnd.meridian-slingshot
+application/vnd.micrografx.flo
+application/vnd.micrografx.igx
+application/vnd.mif		mif
+application/vnd.minisoft-hp3000-save
+application/vnd.mitsubishi.misty-guard.trustweb
+application/vnd.mobius.daf
+application/vnd.mobius.dis
+application/vnd.mobius.mbk
+application/vnd.mobius.mqy
+application/vnd.mobius.msl
+application/vnd.mobius.plc
+application/vnd.mobius.txf
+application/vnd.mophun.application
+application/vnd.mophun.certificate
+application/vnd.motorola.flexsuite
+application/vnd.motorola.flexsuite.adsi
+application/vnd.motorola.flexsuite.fis
+application/vnd.motorola.flexsuite.gotap
+application/vnd.motorola.flexsuite.kmr
+application/vnd.motorola.flexsuite.ttc
+application/vnd.motorola.flexsuite.wem
+application/vnd.mozilla.xul+xml	xul
+application/vnd.ms-artgalry
+application/vnd.ms-asf
+application/vnd.ms-excel	xls
+application/vnd.ms-lrm
+application/vnd.ms-powerpoint	ppt
+application/vnd.ms-project
+application/vnd.ms-tnef
+application/vnd.ms-works
+application/vnd.ms-wpl
+application/vnd.mseq
+application/vnd.msign
+application/vnd.music-niff
+application/vnd.musician
+application/vnd.netfpx
+application/vnd.noblenet-directory
+application/vnd.noblenet-sealer
+application/vnd.noblenet-web
+application/vnd.novadigm.edm
+application/vnd.novadigm.edx
+application/vnd.novadigm.ext
+application/vnd.obn
+application/vnd.osa.netdeploy
+application/vnd.palm
+application/vnd.pg.format
+application/vnd.pg.osasli
+application/vnd.powerbuilder6
+application/vnd.powerbuilder6-s
+application/vnd.powerbuilder7
+application/vnd.powerbuilder7-s
+application/vnd.powerbuilder75
+application/vnd.powerbuilder75-s
+application/vnd.previewsystems.box
+application/vnd.publishare-delta-tree
+application/vnd.pvi.ptid1
+application/vnd.pwg-multiplexed
+application/vnd.pwg-xhtml-print+xml
+application/vnd.quark.quarkxpress
+application/vnd.rapid
+application/vnd.s3sms
+application/vnd.sealed.net
+application/vnd.seemail
+application/vnd.shana.informed.formdata
+application/vnd.shana.informed.formtemplate
+application/vnd.shana.informed.interchange
+application/vnd.shana.informed.package
+application/vnd.smaf
+application/vnd.sss-cod
+application/vnd.sss-dtf
+application/vnd.sss-ntf
+application/vnd.street-stream
+application/vnd.svd
+application/vnd.swiftview-ics
+application/vnd.triscape.mxs
+application/vnd.trueapp
+application/vnd.truedoc
+application/vnd.ufdl
+application/vnd.uplanet.alert
+application/vnd.uplanet.alert-wbxml
+application/vnd.uplanet.bearer-choice
+application/vnd.uplanet.bearer-choice-wbxml
+application/vnd.uplanet.cacheop
+application/vnd.uplanet.cacheop-wbxml
+application/vnd.uplanet.channel
+application/vnd.uplanet.channel-wbxml
+application/vnd.uplanet.list
+application/vnd.uplanet.list-wbxml
+application/vnd.uplanet.listcmd
+application/vnd.uplanet.listcmd-wbxml
+application/vnd.uplanet.signal
+application/vnd.vcx
+application/vnd.vectorworks
+application/vnd.vidsoft.vidconference
+application/vnd.visio
+application/vnd.visionary
+application/vnd.vividence.scriptfile
+application/vnd.vsf
+application/vnd.wap.sic
+application/vnd.wap.slc
+application/vnd.wap.wbxml	wbxml
+application/vnd.wap.wmlc	wmlc
+application/vnd.wap.wmlscriptc	wmlsc
+application/vnd.webturbo
+application/vnd.wrq-hp3000-labelled
+application/vnd.wt.stf
+application/vnd.wv.csp+wbxml
+application/vnd.xara
+application/vnd.xfdl
+application/vnd.yamaha.hv-dic
+application/vnd.yamaha.hv-script
+application/vnd.yamaha.hv-voice
+application/vnd.yellowriver-custom-menu
+application/voicexml+xml	vxml
+application/watcherinfo+xml
+application/whoispp-query
+application/whoispp-response
+application/wita
+application/wordperfect5.1
+application/x-bcpio		bcpio
+application/x-cdlink		vcd
+application/x-chess-pgn		pgn
+application/x-compress
+application/x-cpio		cpio
+application/x-csh		csh
+application/x-director		dcr dir dxr
+application/x-dvi		dvi
+application/x-futuresplash	spl
+application/x-gtar		gtar
+application/x-gzip
+application/x-hdf		hdf
+application/x-javascript	js
+application/x-koan		skp skd skt skm
+application/x-latex		latex
+application/x-netcdf		nc cdf
+application/x-sh		sh
+application/x-shar		shar
+application/x-shockwave-flash	swf
+application/x-stuffit		sit
+application/x-sv4cpio		sv4cpio
+application/x-sv4crc		sv4crc
+application/x-tar		tar
+application/x-tcl		tcl
+application/x-tex		tex
+application/x-texinfo		texinfo texi
+application/x-troff		t tr roff
+application/x-troff-man		man
+application/x-troff-me		me
+application/x-troff-ms		ms
+application/x-ustar		ustar
+application/x-wais-source	src
+application/x400-bp
+application/xhtml+xml		xhtml xht
+application/xslt+xml		xslt
+application/xml			xml xsl
+application/xml-dtd		dtd
+application/xml-external-parsed-entity
+application/zip			zip
+audio/32kadpcm
+audio/amr
+audio/amr-wb
+audio/basic			au snd
+audio/cn
+audio/dat12
+audio/dsr-es201108
+audio/dvi4
+audio/evrc
+audio/evrc0
+audio/g722
+audio/g.722.1
+audio/g723
+audio/g726-16
+audio/g726-24
+audio/g726-32
+audio/g726-40
+audio/g728
+audio/g729
+audio/g729D
+audio/g729E
+audio/gsm
+audio/gsm-efr
+audio/l8
+audio/l16
+audio/l20
+audio/l24
+audio/lpc
+audio/midi			mid midi kar
+audio/mpa
+audio/mpa-robust
+audio/mp4a-latm
+audio/mpeg			mpga mp2 mp3
+audio/parityfec
+audio/pcma
+audio/pcmu
+audio/prs.sid
+audio/qcelp
+audio/red
+audio/smv
+audio/smv0
+audio/telephone-event
+audio/tone
+audio/vdvi
+audio/vnd.3gpp.iufp
+audio/vnd.cisco.nse
+audio/vnd.cns.anp1
+audio/vnd.cns.inf1
+audio/vnd.digital-winds
+audio/vnd.everad.plj
+audio/vnd.lucent.voice
+audio/vnd.nortel.vbk
+audio/vnd.nuera.ecelp4800
+audio/vnd.nuera.ecelp7470
+audio/vnd.nuera.ecelp9600
+audio/vnd.octel.sbc
+audio/vnd.qcelp
+audio/vnd.rhetorex.32kadpcm
+audio/vnd.vmx.cvsd
+audio/x-aiff			aif aiff aifc
+audio/x-alaw-basic
+audio/x-mpegurl			m3u
+audio/x-pn-realaudio		ram ra
+audio/x-pn-realaudio-plugin
+application/vnd.rn-realmedia	rm
+audio/x-wav			wav
+chemical/x-pdb			pdb
+chemical/x-xyz			xyz
+image/bmp			bmp
+image/cgm			cgm
+image/g3fax
+image/gif			gif
+image/ief			ief
+image/jpeg			jpeg jpg jpe
+image/naplps
+image/png			png
+image/prs.btif
+image/prs.pti
+image/svg+xml			svg
+image/t38
+image/tiff			tiff tif
+image/tiff-fx
+image/vnd.cns.inf2
+image/vnd.djvu			djvu djv
+image/vnd.dwg
+image/vnd.dxf
+image/vnd.fastbidsheet
+image/vnd.fpx
+image/vnd.fst
+image/vnd.fujixerox.edmics-mmr
+image/vnd.fujixerox.edmics-rlc
+image/vnd.globalgraphics.pgb
+image/vnd.mix
+image/vnd.ms-modi
+image/vnd.net-fpx
+image/vnd.svf
+image/vnd.wap.wbmp		wbmp
+image/vnd.xiff
+image/x-cmu-raster		ras
+image/x-icon			ico
+image/x-portable-anymap		pnm
+image/x-portable-bitmap		pbm
+image/x-portable-graymap	pgm
+image/x-portable-pixmap		ppm
+image/x-rgb			rgb
+image/x-xbitmap			xbm
+image/x-xpixmap			xpm
+image/x-xwindowdump		xwd
+message/delivery-status
+message/disposition-notification
+message/external-body
+message/http
+message/news
+message/partial
+message/rfc822
+message/s-http
+message/sip
+message/sipfrag
+model/iges			igs iges
+model/mesh			msh mesh silo
+model/vnd.dwf
+model/vnd.flatland.3dml
+model/vnd.gdl
+model/vnd.gs-gdl
+model/vnd.gtw
+model/vnd.mts
+model/vnd.parasolid.transmit.binary
+model/vnd.parasolid.transmit.text
+model/vnd.vtu
+model/vrml			wrl vrml
+multipart/alternative
+multipart/appledouble
+multipart/byteranges
+multipart/digest
+multipart/encrypted
+multipart/form-data
+multipart/header-set
+multipart/mixed
+multipart/parallel
+multipart/related
+multipart/report
+multipart/signed
+multipart/voice-message
+text/calendar			ics ifb
+text/css			css
+text/directory
+text/enriched
+text/html			html htm
+text/parityfec
+text/plain			asc txt
+text/prs.lines.tag
+text/rfc822-headers
+text/richtext			rtx
+text/rtf			rtf
+text/sgml			sgml sgm
+text/t140
+text/tab-separated-values	tsv
+text/uri-list
+text/vnd.abc
+text/vnd.curl
+text/vnd.dmclientscript
+text/vnd.fly
+text/vnd.fmi.flexstor
+text/vnd.in3d.3dml
+text/vnd.in3d.spot
+text/vnd.iptc.nitf
+text/vnd.iptc.newsml
+text/vnd.latex-z
+text/vnd.motorola.reflex
+text/vnd.ms-mediapackage
+text/vnd.net2phone.commcenter.command
+text/vnd.sun.j2me.app-descriptor
+text/vnd.wap.si
+text/vnd.wap.sl
+text/vnd.wap.wml		wml
+text/vnd.wap.wmlscript		wmls
+text/x-setext			etx
+text/xml
+text/xml-external-parsed-entity
+video/bmpeg
+video/bt656
+video/celb
+video/dv
+video/h261
+video/h263
+video/h263-1998
+video/h263-2000
+video/jpeg
+video/mp1s
+video/mp2p
+video/mp2t
+video/mp4v-es
+video/mpv
+video/mpeg			mpeg mpg mpe
+video/nv
+video/parityfec
+video/pointer
+video/quicktime			qt mov
+video/smpte292m
+video/vnd.fvt
+video/vnd.motorola.video
+video/vnd.motorola.videop
+video/vnd.mpegurl		mxu m4u
+video/vnd.nokia.interleaved-multimedia
+video/vnd.objectvideo
+video/vnd.vivo
+video/x-msvideo			avi
+video/x-sgi-movie		movie
+x-conference/x-cooltalk		ice
diff --git a/base/tps-client/apache/conf/nss.conf b/base/tps-client/apache/conf/nss.conf
new file mode 100644
index 000000000..2f7c4d91a
--- /dev/null
+++ b/base/tps-client/apache/conf/nss.conf
@@ -0,0 +1,280 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+#
+Listen [PKI_SECURE_PORT]
+
+Listen [NON_CLIENTAUTH_SECURE_PORT]
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+#NSSPassPhraseDialog  builtin
+NSSPassPhraseDialog  defer:[PKI_INSTANCE_PATH]/conf/password.conf
+
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/share/pki/tps/scripts/nss_pcache
+
+#   Configure the SSL Session Cache. 
+#   SSLSessionCacheSize is the number of entries in the cache.
+#   SSLSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:[PKI_SECURE_PORT]>
+
+#   General setup for the virtual host
+#DocumentRoot "/htdocs"
+#ServerName [Server_Name]:[Secure_Port]
+#ServerAdmin you@example.com
+
+# Configure OCSP checking of client certs
+
+#NSSOCSP on
+#NSSOCSPDefaultResponder on
+
+# URL of the ocsp service
+#
+#   Example of the built in ocsp service of the  CS CA
+
+#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp
+
+# Nickname of ocsp signing cert
+#
+#    Below is sufficient if using built in CS CA ocsp service
+#    If using outboard ocsp, make sure the cert listed below
+#    is imported into the local cert database.
+
+#NSSOCSPDefaultName caCert 
+
+
+# mod_ssl logs to separate log files, you can choose to do that if you'd like
+ErrorLog [PKI_INSTANCE_PATH]/logs/error_log
+TransferLog [PKI_INSTANCE_PATH]/logs/access_log
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   FIPS Switch:
+#   Enable/Disable FIPS mode
+#   NSSFIPS on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+#   SSL cipher suite in FIPS mode:
+#   NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the server certificate you are going to use.
+NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]"
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase  [PKI_INSTANCE_PATH]/alias
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient require
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog [PKI_INSTANCE_PATH]/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
+<VirtualHost _default_:[NON_CLIENTAUTH_SECURE_PORT]>
+
+#   General setup for the virtual host
+#DocumentRoot "/htdocs"
+#ServerName [Server_Name]:[Non_Clientauth_Secure_Port]
+#ServerAdmin you@example.com
+
+# mod_ssl logs to separate log files, you can choose to do that if you'd like
+ErrorLog [PKI_INSTANCE_PATH]/logs/error_log
+TransferLog [PKI_INSTANCE_PATH]/logs/access_log
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   FIPS Switch:
+#   Enable/Disable FIPS mode
+#   NSSFIPS on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+#   SSL cipher suite in FIPS mode:
+#   NSSCipherSuite +rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the server certificate you are going to use.
+NSSNickname "Server-Cert cert-[PKI_INSTANCE_NAME]"
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase  [PKI_INSTANCE_PATH]/alias
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient none
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog [PKI_INSTANCE_PATH]/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
diff --git a/base/tps-client/apache/conf/perl.conf b/base/tps-client/apache/conf/perl.conf
new file mode 100644
index 000000000..60b502285
--- /dev/null
+++ b/base/tps-client/apache/conf/perl.conf
@@ -0,0 +1,68 @@
+#
+# Mod_perl incorporates a Perl interpreter into the Apache web server,
+# so that the Apache web server can directly execute Perl code.
+# Mod_perl links the Perl runtime library into the Apache web server
+# and provides an object-oriented Perl interface for Apache's C
+# language API.  The end result is a quicker CGI script turnaround
+# process, since no external Perl interpreter has to be started.
+#
+
+LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so
+
+# Uncomment this line to globally enable warnings, which will be
+# written to the server's error log.  Warnings should be enabled
+# during the development process, but should be disabled on a
+# production server as they affect performance.
+#
+#PerlWarn On
+
+# Uncomment this line to enable taint checking globally.  When Perl is
+# running in taint mode various checks are performed to reduce the
+# risk of insecure data being passed to a subshell or being used to
+# modify the filesystem.  Unfortunatly many Perl modules are not
+# taint-safe, so you should exercise care before enabling it on a
+# production server.
+#
+#PerlTaintCheck On
+
+# This will allow execution of mod_perl to compile your scripts to
+# subroutines which it will execute directly, avoiding the costly
+# compile process for most requests.
+#
+#Alias /perl /var/www/perl
+#<Directory /var/www/perl>
+#    SetHandler perl-script
+#    PerlResponseHandler ModPerl::Registry
+#    PerlOptions +ParseHeaders
+#    Options +ExecCGI
+#</Directory>
+
+# This will allow remote server configuration reports, with the URL of
+#  http://servername/perl-status
+# Change the ".your-domain.com" to match your domain to enable.
+#
+#PerlModule Apache::compat
+#<Location /perl-status>
+#    SetHandler perl-script
+#    PerlResponseHandler Apache::Status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .your-domain.com
+#</Location>
+
+PerlModule ModPerl::Registry
+PerlModule [FORTITUDE_APACHE]::compat
+PerlModule PKI::TPS::wizard
+PerlSetEnv PKI_DOCROOT [PKI_INSTANCE_PATH]/docroot
+PerlSetEnv PKI_ROOT [PKI_INSTANCE_PATH]
+<Location /tps/admin/console/config/wizard>
+   SetHandler perl-script
+   PerlHandler PKI::TPS::Wizard
+   Require all granted
+</Location>
+
+<Location /tps/admin/console/config/login>
+   SetHandler perl-script
+   PerlHandler PKI::TPS::Login
+   Require all granted
+</Location>
diff --git a/base/tps-client/apache/docroot/404.html b/base/tps-client/apache/docroot/404.html
new file mode 100755
index 000000000..01a0832c9
--- /dev/null
+++ b/base/tps-client/apache/docroot/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>TPS 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TPS Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/base/tps-client/apache/docroot/500.html b/base/tps-client/apache/docroot/500.html
new file mode 100755
index 000000000..94ff29712
--- /dev/null
+++ b/base/tps-client/apache/docroot/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>TPS 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/pki/images/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TPS Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/base/tps-client/apache/docroot/esc/AdminEsc.html b/base/tps-client/apache/docroot/esc/AdminEsc.html
new file mode 100755
index 000000000..f17e8c472
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/AdminEsc.html
@@ -0,0 +1,57 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<head>
+<title>Enterprise Security Administration Page</title>
+
+<link rel=stylesheet href="/pki/esc/style.css" type="text/css">
+
+</head>
+<body>
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="/pki/esc/images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+<br>
+<br>
+<table width=100%>
+<tr>
+  <td class="bodyText">
+Welcome to the Enterprise Security Administration Page.
+</p>
+<p>Below are some useful links that take you directly to some of 
+<br>the useful pages provided by the Enterprise Security program.
+</p>
+  </td>
+ </tr>
+</table>
+<br>
+<li><a class=linkText href="esc.cgi?action=enrollmentpage&screenname=">Key Enrollment Page</a></li>
+<li><a class=linkText href="esc.cgi?action=advancepage&screenname=">Advanced Function Page</a></li>
+<li><a class=linkText href="esc.cgi?action=tokenmanagerpage&screenname=">Token Manager Page</a></li>
+<li><a class=linkText href="esc.cgi?action=settingspage&screenname=">Settings Page</a></li>
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/AdvancePopup.html b/base/tps-client/apache/docroot/esc/AdvancePopup.html
new file mode 100755
index 000000000..4606539c6
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/AdvancePopup.html
@@ -0,0 +1,1713 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+<head>
+<link rel=stylesheet href="/pki/esc/style.css" type="text/css">
+
+<script language="JavaScript">
+
+//
+// initialize netkey globals
+var netkey;
+var isMSHTML;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+
+"Operation Completed Successfully.",
+    "Server Error.",
+    "Problem communicating with the token.",
+    "Problem communicating with the token.",
+    "Problem resetting token's pin.",
+    "Internal Server Error.",
+    "Internal Server Error",
+    "Token Enrollment Error.",
+    "Problem communicating with the token.",
+    "Internal Server Error",
+    "Error communicating with the Certificate Authority, try again later.",
+    "Internal Server Error.",
+    "Error resetting the token's pin.",
+    "Internal Server Error.",
+    "Authentication Failure, Try Again.",
+    "Internal Server Error",
+    "Token is disabled, contact technical support.",
+    "Problem communicating with the token.",
+    "Internal Server Error.",
+    "Cannot upgrade token software.",
+    "Internal Server Error.",
+    "Problem communicating with the token.",
+    "Invalid token type.",
+    "Invalid token type",
+    "Cannot publish.",
+    "Cannot communicate with token database, try again later.",
+    "Token is disabled, contact techincal support.",
+    "Cannot reset pin value for the token, contact technical support.",
+    "Connection to server lost.",
+    "Cannot create entry for token in database, contact technical support.",
+    "No such token state, contact technical support.",
+    "Invalid lost token reason, contact technical support.",
+    "Token unusable due to compromise,contact technical support.",
+    "No such inactive token, contact technical support.",
+    "Cannot process more than one active token.",
+    "Internal Server Error,contact technical support.",
+    "Key Recovery has been processed.",
+    "Key Recovery failed, contact technical support.",
+    "Cannot operate on token reported lost, contact technical support.",
+    "Key archival error, contact technical support.",
+    "Problem connecting to the TKS, contact technical support.",
+    "Failed to update token database, contact technical support.",
+    "Internal certificate revocation error,contact technical support.",
+    "User does not own this token, contact technical support."
+);
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                if(!isMSHTML)
+                {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                }
+
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+  if(!isMSHTML)
+    {
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+    }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+  if(!isMSHTML)
+  {
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              alert("Error Setting data values: " + e);
+          }
+
+      }
+
+  }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCoolKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCoolKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function ChallengeCOOLKey(keyType, keyID, data)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return ConvertVariantArrayToJScriptArray(netkey.ChallengeCoolKey(keyType, keyID, data));
+  } catch(e) {
+    ReportException("netkey.ChallengeCoolKey() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.ResetCoolKeyPIN(keyType, keyID, screenname, pin,screennamepwd);
+  } catch(e) {
+    ReportException("netkey.ResetCoolKeyPIN() failed! Make sure token is properly Enrolled.", e);
+    return false;
+  }
+  return true;
+}
+function FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.FormatCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function RequestServiceTicket(screenName, serviceName)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.RequestServiceTicket(screenName, serviceName);
+  } catch(e) {
+    ReportException("netkey..RequestServiceTicket() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.cells(index);
+  } else {
+    cell = row.cells[index];
+  }
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+  if (isMSHTML) {
+    node = parent.childNodes(index);
+  } else {
+    node = parent.childNodes[index];
+  }
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+ // cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+  //cell.appendChild(document.createTextNode(reqAuth));
+
+  //cell = GetCell(row,3);
+  //RemoveAllChildNodes(cell);
+  //cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function GetKeyStatusForKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return "UNKNOWN";
+
+  var cell = GetCell(row,1);
+  return GetNode(cell,0).data;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+ // document.getElementById("snametf").value = gScreenName;
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gKeyEnrollmentType == "deviceKey")
+  {
+  //  document.getElementById("snametf").disabled = true;
+  //  document.getElementById("pintf").disabled = true;
+   // document.getElementById("reenterpintf").disabled = true;
+  //  document.getElementById("snamepwd").disabled = true;
+  }
+  else
+  {
+ //   document.getElementById("snametf").disabled = false;
+  //  document.getElementById("pintf").disabled = false;
+  //  document.getElementById("reenterpintf").disabled = false;
+  //  document.getElementById("snamepwd").disabled = false;
+  }
+
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetKeyStatusForKeyID(keyType, keyID);
+
+    var validKey = (keyStatus == "NETKEY" || keyStatus == "HOUSEKEY");
+  //  document.getElementById("challengebtn").disabled = !validKey;
+    document.getElementById("blinkbtn").disabled = false;
+    //document.getElementById("enrollbtn").disabled = false;
+ //   document.getElementById("formatbtn").disabled = false;
+//    document.getElementById("resetpinbtn").disabled = !((keyStatus == "NETKEY") && (gKeyEnrollmentType == "userKey"));
+document.getElementById("resetpinbtn").disabled = !((gKeyEnrollmentType == "userKey"));
+  }
+  else
+  {
+    //document.getElementById("enrollbtn").disabled = true;
+    document.getElementById("resetpinbtn").disabled = true;
+  //  document.getElementById("formatbtn").disabled = true;
+   // document.getElementById("challengebtn").disabled = true;
+    document.getElementById("blinkbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = FindRow(window.event.srcElement);
+  } else {
+    row = FindRow(event.parentNode);
+  }
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+ 
+  if (isMSHTML) {
+     row.onclick = DoSelectRow;
+  }
+
+  // Create the key ID cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  // Create the is auth'ed cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(isAuthed));
+
+  // Create the status bar cell
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    alert("You must provide a valid screen name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    alert("You must provide a valid PIN!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    alert("The PIN values you entered don't match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       alert("You must provide a valid User Password!");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+  {
+    alert("Please select a key.");
+    return;
+  }
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = GetPINValue();
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  null; //GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd = null; // GetScreenNamePwd();
+
+
+    tokencode = GetTokenCode();
+
+    SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+  else
+    SetStatusMessage("Enrolling DeviceKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = GetPINValue() ;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+  else
+  {
+
+      alert("Your key must be enrolled before attempting a Pin Reset.");
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    alert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  alert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  alert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Enrollment for \"" + KeyToUIString(keyType, keyID) + "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("PIN Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Server Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key (" + keyIDStr + ") failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key (" + keyIDStr + ") canceled.";
+
+  alert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var pin = null;
+
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+</script>
+
+</head>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="/pki/esc/images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+  <br>
+  <table id="BindingTable" width="100%"><tbody>
+    <tr id="HeaderRow">
+      <th><p class="titleText">Key ID</p></th>
+      <th><p class="titleText">Key Status</p></th>
+<!--    <th><p class="titleText">Requires Auth</p></th>
+      <th><p class="titleText">Did Auth</p></th>
+-->
+      <th width="100"><p class="titleText">Progress</p></th>
+    </tr>
+  </tbody></table>
+  <form action="esc.cgi">
+    <input type="hidden" id="action" name="action" value="bind"> 
+    <input type="hidden" id="screenname" name="screenname" value="">
+    <input type="hidden" id="challengedata" name="challengedata" value="QVNDIHJvY2tzIHRoZSBwYXJ0eSE="> 
+    <input type="hidden" id="signedchallenge" name="signedchallenge" value="">
+    <input type="hidden" id="signedchallengelength" name="signedchallengelength" value=""> 
+    <input type="hidden" id="nonce" name="nonce" value="">
+    <input type="hidden" id="noncelength" name="noncelength" value=""> 
+    <input type="hidden" id="keytype" name="keytype" value="">
+    <input type="hidden" id="keyid" name="keyid" value="">
+    <input type="hidden" id="keylabel" name="keylabel" value=""> 
+    <table width=100%>
+      <tr> 
+        <td class="bodyText"> 
+          Select enrollment type: <input checked type="radio" id="keytype" name="keytype" value="userKey" onClick="SetEnrollmentType('userKey');">UserKey
+        </td> 
+      </tr> 
+    </table>
+    <table>
+      <tr> 
+        <td><p class="bodyText">Token PIN:</p></td>
+        <td><input type="password" id="pintf" id="pintf" name="pintf" value=""></td>
+        <td><p class="bodyText">Re-Enter PIN:</p></td>
+        <td><input type="password" id="reenterpintf" id="reenterpintf" name="reenterpintf" value=""></td>
+      </tr>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td valign="center" align="left">
+          <input type="button" id="resetpinbtn" name="resetpinbtn" value="Reset PIN" onClick="DoResetSelectedCOOLKeyPIN();">
+        <!--  <input type="button" id="formatbtn" name="formatbtn" value="Format" onClick="DoFormatCOOLKey();"> -->
+      <!--    <input type="button" id="challengebtn" name="challengebtn" value="Challenge" onClick="DoChallengeSelectedKey();"> --> 
+          <input type="button" id="blinkbtn" name="blinkbtn" value="Blink" onClick="DoBlinkCOOLKey();"> 
+          <input type="button" id="canclebtn" name="canclebtn" value="Cancel" onClick="DoCancelOperation();">
+
+        <!--  <input type="button" id="helpbtn" name="helpbtn" value="Help" onClick="DoHelp();"> -->
+        </td>
+      </tr>
+    </table>
+    <table width="100%">
+      <tr>
+      <!--  <td valign="center" align="right">
+          <h5><a href="esc.cgi?">Enterprise Security  Admin Page</a></h5>
+        </td> -->
+      </tr>
+    </table>
+  </form>
+  <table width="100%">
+    <tr>
+      <td valign="center" align="left" style="width: 200px;">
+        <div id="cylon1" class="cylon" style="width: 200px; height: 10px;">
+          <div id="eye1" class="cylonEye" style="top: 0px; left: 0px; width: 28px; height: 8px; visibility: hidden;"></div>
+        </div>
+      </td>
+      <td valign="center" align="left" id="statusMsg"></td>
+    </tr>
+  </table>
+</body></html>
diff --git a/base/tps-client/apache/docroot/esc/EnrollPopup.html b/base/tps-client/apache/docroot/esc/EnrollPopup.html
new file mode 100755
index 000000000..02ed47305
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/EnrollPopup.html
@@ -0,0 +1,1717 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+<head>
+<link rel=stylesheet href="/pki/esc/style.css" type="text/css">
+
+<script language="JavaScript">
+
+//
+// initialize netkey globals
+var netkey;
+var isMSHTML;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+"Operation Completed Successfully.",
+    "Server Error.",
+    "Problem communicating with the token.",
+    "Problem communicating with the token.",
+    "Problem resetting token's pin.",
+    "Internal Server Error.",
+    "Internal Server Error",
+    "Token Enrollment Error.",
+    "Problem communicating with the token.",
+    "Internal Server Error",
+    "Error communicating with the Certificate Authority, try again later.",
+    "Internal Server Error.",
+    "Error resetting the token's pin.",
+    "Internal Server Error.",
+    "Authentication Failure, Try Again.",
+    "Internal Server Error",
+    "Token is disabled, contact technical support.",
+    "Problem communicating with the token.",
+    "Internal Server Error.",
+    "Cannot upgrade token software.",
+    "Internal Server Error.",
+    "Problem communicating with the token.",
+    "Invalid token type.",
+    "Invalid token type",
+    "Cannot publish.",
+    "Cannot communicate with token database, try again later.",
+    "Token is disabled, contact techincal support.",
+    "Cannot reset pin value for the token, contact technical support.",
+    "Connection to server lost.",
+    "Cannot create entry for token in database, contact technical support.",
+    "No such token state, contact technical support.",
+    "Invalid lost token reason, contact technical support.",
+    "Token unusable due to compromise,contact technical support.",
+    "No such inactive token, contact technical support.",
+    "Cannot process more than one active token.",
+    "Internal Server Error,contact technical support.",
+    "Key Recovery has been processed.",
+    "Key Recovery failed, contact technical support.",
+    "Cannot operate on token reported lost, contact technical support.",
+    "Key archival error, contact technical support.",
+    "Problem connecting to the TKS, contact technical support.",
+    "Failed to update token database, contact technical support.",
+    "Internal certificate revocation error,contact technical support.",
+    "User does not own this token, contact technical support." 
+);    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                if(!isMSHTML)
+                {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                }
+
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+  if(!isMSHTML)
+    {
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+    }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+  if(!isMSHTML)
+  {
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              alert("Error Setting data values: " + e);
+          }
+
+      }
+
+  }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function ChallengeCOOLKey(keyType, keyID, data)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return ConvertVariantArrayToJScriptArray(netkey.ChallengeCoolKey(keyType, keyID, data));
+  } catch(e) {
+    ReportException("netkey.ChallengeCoolKey() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.ResetCoolKeyPIN(keyType, keyID, screenname, pin,screennamepwd);
+  } catch(e) {
+    ReportException("netkey.ResetCoolKeyPIN() failed! Make sure token is properly Enrolled.", e);
+    return false;
+  }
+  return true;
+}
+function FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.FormatCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function RequestServiceTicket(screenName, serviceName)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.RequestServiceTicket(screenName, serviceName);
+  } catch(e) {
+    ReportException("netkey..RequestServiceTicket() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.cells(index);
+  } else {
+    cell = row.cells[index];
+  }
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+  if (isMSHTML) {
+    node = parent.childNodes(index);
+  } else {
+    node = parent.childNodes[index];
+  }
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function GetKeyStatusForKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return "UNKNOWN";
+
+  var cell = GetCell(row,1);
+  return GetNode(cell,0).data;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+ // document.getElementById("snametf").value = gScreenName;
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gKeyEnrollmentType == "deviceKey")
+  {
+  //  document.getElementById("snametf").disabled = true;
+  //  document.getElementById("pintf").disabled = true;
+   // document.getElementById("reenterpintf").disabled = true;
+  //  document.getElementById("snamepwd").disabled = true;
+  }
+  else
+  {
+ //   document.getElementById("snametf").disabled = false;
+  //  document.getElementById("pintf").disabled = false;
+  //  document.getElementById("reenterpintf").disabled = false;
+  //  document.getElementById("snamepwd").disabled = false;
+  }
+
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetKeyStatusForKeyID(keyType, keyID);
+
+    var validKey = (keyStatus == "NETKEY" || keyStatus == "HOUSEKEY");
+  //  document.getElementById("challengebtn").disabled = !validKey;
+   // document.getElementById("blinkbtn").disabled = false;
+    document.getElementById("enrollbtn").disabled = false;
+    //document.getElementById("formatbtn").disabled = false;
+//    document.getElementById("resetpinbtn").disabled = !((keyStatus == "NETKEY") && (gKeyEnrollmentType == "userKey"));
+//document.getElementById("resetpinbtn").disabled = !((gKeyEnrollmentType == "userKey"));
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+    //document.getElementById("resetpinbtn").disabled = true;
+    //document.getElementById("formatbtn").disabled = true;
+   // document.getElementById("challengebtn").disabled = true;
+    //document.getElementById("blinkbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = FindRow(window.event.srcElement);
+  } else {
+    row = FindRow(event.parentNode);
+  }
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+ 
+  if (isMSHTML) {
+     row.onclick = DoSelectRow;
+  }
+
+  // Create the key ID cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  // Create the is auth'ed cell.
+ // cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(isAuthed));
+
+  // Create the status bar cell
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    alert("You must provide a valid screen name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    alert("You must provide a valid Token PIN!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    alert("The PIN values you entered don't match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       alert("You must provide a valid User Password!");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    alert("Please select a key.");
+    return;
+  }
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  null; //GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd = null; // GetScreenNamePwd();
+
+
+    tokencode = GetTokenCode();
+
+    SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+  else
+    SetStatusMessage("Enrolling DeviceKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    alert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  alert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  alert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Enrollment for \"" + KeyToUIString(keyType, keyID) + "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("PIN Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Server Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key (" + keyIDStr + ") failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key (" + keyIDStr + ") canceled.";
+
+  alert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+//    screenname = GetScreenNameValue();
+//    if (! screenname)
+ //     return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+//    screennamepwd = GetScreenNamePwd();
+
+//    if(! screennamepwd)
+ //       return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+</script>
+
+</head>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+<table width="100%">
+  <tr>
+    <td>
+<img src="/pki/esc/images/logo.gif">
+    </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+  <br>
+  <table id="BindingTable" width="100%"><tbody>
+    <tr id="HeaderRow">
+      <th><p class="titleText">Key ID</p></th>
+      <th><p class="titleText">Key Status</p></th>
+<!--      <th><p class="titleText">Requires Auth</p></th>
+      <th><p class="titleText">Did Auth</p></th>
+-->
+      <th width="100"><p class="titleText">Progress</p></th>
+    </tr>
+  </tbody></table>
+  <form action="esc.cgi">
+    <input type="hidden" id="action" name="action" value="bind"> 
+    <input type="hidden" id="screenname" name="screenname" value="">
+    <input type="hidden" id="challengedata" name="challengedata" value="QVNDIHJvY2tzIHRoZSBwYXJ0eSE="> 
+    <input type="hidden" id="signedchallenge" name="signedchallenge" value="">
+    <input type="hidden" id="signedchallengelength" name="signedchallengelength" value=""> 
+    <input type="hidden" id="nonce" name="nonce" value="">
+    <input type="hidden" id="noncelength" name="noncelength" value=""> 
+    <input type="hidden" id="keytype" name="keytype" value="">
+    <input type="hidden" id="keyid" name="keyid" value="">
+    <input type="hidden" id="keylabel" name="keylabel" value=""> 
+    <table width=100%>
+      <tr> 
+        <td class="bodyText"> 
+          Select enrollment type: <input checked type="radio" id="keytype" name="keytype" value="userKey" onClick="SetEnrollmentType('userKey');">UserKey
+        </td> 
+      </tr> 
+    </table>
+    <table>
+      <tr> 
+        <td><p class="bodyText">Token PIN:</p></td>
+        <td><input type="password" id="pintf" id="pintf" name="pintf" value=""></td>
+        <td><p class="bodyText">Re-Enter PIN:</p></td>
+        <td><input type="password" id="reenterpintf" id="reenterpintf" name="reenterpintf" value=""></td>
+      </tr>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td valign="center" align="left">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll" onClick="DoEnrollCOOLKey();">
+          <input type="button" id="canclebtn" name="canclebtn" value="Cancel" onClick="DoCancelOperation();">
+        </td>
+      </tr>
+    </table>
+    <table width="100%">
+      <tr>
+      <!--  <td valign="center" align="right">
+          <h5><a href="esc.cgi?">Enterprise Security  Admin Page</a></h5>
+        </td> -->
+      </tr>
+    </table>
+  </form>
+  <table width="100%">
+    <tr>
+      <td valign="center" align="left" style="width: 200px;">
+        <div id="cylon1" class="cylon" style="width: 200px; height: 10px;">
+          <div id="eye1" class="cylonEye" style="top: 0px; left: 0px; width: 28px; height: 8px; visibility: hidden;"></div>
+        </div>
+      </td>
+      <td valign="center" align="left" id="statusMsg"></td>
+    </tr>
+  </table>
+</body></html>
diff --git a/base/tps-client/apache/docroot/esc/GenericAuth.html b/base/tps-client/apache/docroot/esc/GenericAuth.html
new file mode 100755
index 000000000..dc8b88e3f
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/GenericAuth.html
@@ -0,0 +1,536 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(/pki/esc/images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/SettingsEsc.html b/base/tps-client/apache/docroot/esc/SettingsEsc.html
new file mode 100755
index 000000000..7bc1efc79
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/SettingsEsc.html
@@ -0,0 +1,737 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<head>
+
+<link rel=stylesheet href="/pki/esc/style.css" type="text/css">
+
+<script lang="JavaScript">
+//
+// initialize netkey globals
+var netkey;
+var gNotify = null;
+var isMSHTML;
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+
+    gNotify = new jsNotify;
+
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+
+////////////////////////////////////////////////////////////////
+//
+// Host will be responsible for generating the gBindingsArray.
+//
+////////////////////////////////////////////////////////////////
+
+var gBindingsArray = [
+  <!-- SECURECOOL_BINDINGS_ARRAY -->
+];
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+var gKeyBusyArray = [ ];
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function LoadBindingsIntoTable()
+{
+  var table = document.getElementById("KeyTable");
+
+  if (table)
+  {
+    var i;
+    for (i=0; i < gBindingsArray.length; i++)
+    {
+      CreateTableRow(table, gBindingsArray[i][0], gBindingsArray[i][1], false,
+                     gBindingsArray[i][2], true);
+    }
+  }
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("KeyTable");
+    if (table)
+    {
+      // The assumption here is that if the key isn't already
+      // listed in the table, then it must be a new unbound key!
+
+      row = CreateTableRow(table, keyType, keyID, true, keyID, false);
+    }
+
+    if (!row)
+      return null;
+  }
+  else if (IsKeyBound(keyType, keyID))
+    SetKeyIsVisible(row, true);
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+}
+
+function InitializeBindingTable()
+{
+  LoadBindingsIntoTable();
+  UpdateBindingTableAvailability();
+}
+
+function IsKeyBound(keyType, keyID)
+{
+  
+  for (i=0; i < gBindingsArray.length; i++)
+  {
+    if (keyType == gBindingsArray[i][0] && keyID == gBindingsArray[i][1])
+      return true;
+  }
+
+  return false;
+}
+
+function COOLKeyIsBusy(keyType, keyID)
+{
+  for (i=0; i < gKeyBusyArray.length; i++)
+  {
+    if (keyType == gKeyBusyArray[i][0] && keyID == gKeyBusyArray[i][1])
+      return true;
+  }
+
+  return false;
+}
+
+function AddKeyToBusyArray(keyType, keyID)
+{
+  // If key is already in our array, nothing to do.
+  if (COOLKeyIsBusy(keyType, keyID))
+    return;
+
+  gKeyBusyArray.push(new Array(keyType, keyID));
+}
+
+function RemoveKeyFromBusyArray(keyType, keyID)
+{
+  for (i=0; i < gKeyBusyArray.length; i++)
+  {
+    if (keyType == gKeyBusyArray[i][0] && keyID == gKeyBusyArray[i][1])
+      gKeyBusyArray.splice(i, 1);
+  }
+}
+
+function SetKeyIsVisible(row, isVisible)
+{
+  if (!row) return;
+  var cell = row.cells(0);
+  if (!cell) return;
+
+  var v = "inherit";
+  if (!isVisible)
+    v = "hidden";
+  cell.firstChild.style.visibility = v;
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+function CreateTableRow(table, keyType, keyID, isAvailable, label, isSecured)
+{
+  
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (label == keyID)
+    label = keyIDStr;
+
+  // Add a tooltip to the row so that it displays more info.
+  var title = keyType + " - " + keyIDStr;
+  if (isSecured && label)
+    title += " - " + label;
+  row.setAttribute("title", title);
+
+  // Create the isAvailable cell:
+  cell = InsertCell(row);
+  cell.setAttribute("align", "center");
+  var a = document.createElement("a");
+  a.setAttribute("href", "javascript:DoBlinkCOOLKey(" + keyType + ", '" + keyID + "');");
+  if (! isAvailable)
+    a.style.visibility = "hidden";
+  var img = document.createElement("img");
+  img.setAttribute("src", "/pki/esc/images/NetKey-Small.gif");
+  a.appendChild(img);
+  cell.appendChild(a);
+
+  // Create the label cell. Make sure we truncate long
+  // labels so that they fit nicely into the window.
+  cell = InsertCell(row);
+  if (label.length > 24)
+    label = label.substr(0, 24) + "...";
+  cell.appendChild(document.createTextNode(label));
+
+  // Create the action cell:
+  cell = InsertCell(row);
+  a = document.createElement("a");
+  if (isSecured)
+  {
+  //  a.setAttribute("href", "javascript:UnbindCOOLKey(" + keyType + ", '" + keyID + "');");
+    a.appendChild(document.createTextNode("Release"));
+  }
+  else
+  {
+  //  a.setAttribute("href", "javascript:BindCOOLKey(" + keyType + ", '" + keyID + "');");
+    a.appendChild(document.createTextNode("Secure"));
+  }
+  cell.appendChild(a);
+
+  // Create the secured cell:
+  cell = InsertCell(row);
+  cell.setAttribute("align", "center");
+  img = document.createElement("img");
+  img.setAttribute("src", "/pki/esc/images/PadLock.gif");
+  if (!isSecured)
+  img.style.visibility = "hidden";
+  cell.appendChild(img);
+
+  return row;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.GetCOOLKeyStatus(keyType, keyID)
+//
+//       - Returns an integer describing the status of the COOLKey. Possible
+//         values are:
+//
+//           0 // Unavailable
+//           1 // AppletNotFound
+//           2 // Uninitialized
+//           3 // Unknown
+//           4 // Available
+//           5 // EnrollmentInProgress
+//           6 // UnblockInProgress
+//           7 // PINResetInProgress
+//           8 // RenewInProgress
+//           9 // FormatInProgress
+//          10 // BlinkInProgress
+//
+//     netkey.GetCOOLKeyPolicy(keyType, keyID)
+//
+//       - Retrieves the Certificate Policy Extension Object Identifier (OID)
+//         as a string. This can be useful for distinguishing between types of
+//         COOLKeys. The list of currently defined OIDS are:
+//
+//             Bronze Member - Phase 1:     OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1
+//             Silver Member - Phase 2:     OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2
+//             Gold Associate - Phase 2:    OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3
+//             Platinum MyDoctor - Phase 2: OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4
+//
+//     netkey.GetCOOLKeyRequiresAuthentication(keyType, keyID)
+//
+//       - Returns a bool value that indicates whether or not the COOLKey
+//         requires a PIN to access crypto functionality.
+//
+//     netkey.AuthenticateCOOLKey(keyType, keyID, pin)
+//
+//       - Attempts to authenticates to the COOLKey using the supplied
+//         pin string.
+//
+//     netkey.InitCOOLKey(keyType, keyID, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass null values for both screenName and pin, otherwise, the key.
+//         is formatted as a NetKey.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+//     netkey.RequestServiceTicket(screenName, serviceName)
+//
+//       - Makes an async ticket request for a specific service.
+//         The ticket is returned via the OnTicketRequestSuccess()
+//         callback.
+//
+//     netkey.CancelServiceTicketRequest(screenName, serviceName)
+//
+//       - Cancels a specific service ticket request that may be pending.
+//
+////////////////////////////////////////////////////////////////
+
+function BindCOOLKey(keyType, keyID)
+{
+  if (COOLKeyIsBusy(keyType, keyID))
+  {
+    alert("COOLKey '" + keyID + "' is busy!");
+    return;
+  }
+
+  document.forms[0].action.value = "setlabelpage";
+  document.forms[0].keytype.value = keyType;
+  document.forms[0].keyid.value = keyID;
+  document.forms[0].submit();
+}
+
+function UnbindCOOLKey(keyType, keyID)
+{
+  if (COOLKeyIsBusy(keyType, keyID))
+  {
+    alert("COOLKey '" + keyID + "' is busy!");
+    return;
+  }
+
+  document.forms[0].action.value = "unbindprogresspage";
+  document.forms[0].keytype.value = keyType;
+  document.forms[0].keyid.value = keyID;
+  document.forms[0].submit();
+}
+
+function PurchaseMoreKeys()
+{
+}
+
+function LoadHelp()
+{
+  alert("- Click on the key icon for a specific key to make it blink.\n");
+}
+
+function DoBlinkCOOLKey(keyType, keyID)
+{
+  if (!keyID)
+    return;
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+}
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  refresh();
+}
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("KeyTable");
+  if (row && table)
+  {
+    if (IsKeyBound(keyType, keyID))
+      SetKeyIsVisible(row, false);
+    else
+      RemoveRow(table, row)
+  }
+
+  refresh();
+}
+
+function OnCOOLKeyBusyStart(keyType, keyID)
+{
+  AddKeyToBusyArray(keyType, keyID);
+}
+
+function OnCOOLKeyBusyEnd(keyType, keyID)
+{
+  RemoveKeyFromBusyArray(keyType, keyID);
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+////////////////////////////////////////////////////////////////////////////
+//
+// Notification functions called directly from ASC native code. These
+// functions will only be called if they exist in the current running
+// JavaScript context.
+//
+//   OnCOOLKeyStateChange(keyType, keyID, keyState, data)
+//
+//     - Called when the state of the COOLKey changes. Values for key
+//
+//     keyState   Description             data
+//     -------------------------------------------------------
+//       1000     Key Inserted            <none>
+//       1001     Key Removed             <none>
+//       1002     Enrollment Start        <0=Phase1, 1=Phase2>
+//       1003     Enrollment Complete     <none>
+//       1004     Enrollment Error        Integer Error Code
+//       1005     Unblock Start           <none>
+//       1006     Unblock Complete        <none>
+//       1007     Unblock Error           Integer Error Code
+//       1008     PIN Reset Start         <none>
+//       1009     PIN Reset Complete      <none>
+//       1010     PIN Reset Error         Integer Error Code
+//       1011     Renew Start             <none>
+//       1012     Renew Complete          <none>
+//       1013     Renew Error             Integer Error Code
+//       1014     Format Start            <none>
+//       1015     Format Complete         <none>
+//       1016     Format Error            Integer Error Code
+//       1017     Blink Start             <none>
+//       1018     Blink Complete          <none>
+//       1019     Blink Error             Integer Error Code
+//       1020     Operation Cancelled     Integer Error Code
+//
+//    OnTicketRequestSuccess(serviceName, ticket, authenticator)
+//
+//      - Called when a service ticket request made with 
+//        netkey.RequestServiceTicket() completes successfully.
+//        ticket is the Base64 encoded Kerberos ticket. authenticator
+//        is the Base64 encoded authenticator.
+//
+//    OnTicketRequestException(serviceName, errCode, errSubSystem, errMsg)
+//
+//      - Called when a service ticket request made with
+//        netkey.RequestServiceTicket() fails. serviceName is the service
+//        name used when the request was made. errCode is the error code
+//        defined by CLC. errSubSystem is the sub system defined by CLC.
+//        errMsg is the string containing the error message to display. This
+//        string is provided by UAS or CLC.
+//
+////////////////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data)
+{
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+    case 1005: // UnblockStart
+    case 1008: // PINResetStart
+    case 1011: // RenewStart
+    case 1014: // FormatStart
+      OnCOOLKeyBusyStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+    case 1004: // EnrollmentError
+    case 1006: // UnblockComplete
+    case 1007: // UnblockError
+    case 1009: // PINResetComplete
+    case 1010: // PINResetError
+    case 1012: // RenewComplete
+    case 1013: // RenewError
+    case 1015: // FormatComplete
+    case 1016: // FormatError
+      OnCOOLKeyBusyEnd(keyType, keyID);
+      break;
+  }
+}
+
+</script>
+</head>
+<body onLoad="InitializeBindingTable();" onUnload="cleanup();">
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="/pki/esc/images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+<form method="post" action="esc.cgi">
+<input type="hidden" name="action" value="settingspage">
+<input type="hidden" name="screenname" value="<!-- SECURECOOL_SCREENNAME -->">
+<input type="hidden" name="keytype" value="">
+<input type="hidden" name="keyid" value="">
+<table class="PageHeader">
+</table>
+<table class="ContentTable">
+<tbody>
+<tr><td colspan="2">
+<b>Coolkey</b> (Enterprise Security Key) helps users perform various cryptographic operations.
+<br>
+Your Coolkey(s) and any other Coolkey(s) plugged into this computer are shown here. 
+<br>
+<br>
+<div class="TableTitle">Coolkey(s)   <!-- SECURECOOL_SCREENNAME --></div>
+</td></tr>
+<tr>
+  <td width="55%" valign="top">
+  <table id="KeyTable">
+  <tbody>
+    <tr class="KeyTableHeader">
+      <th></th>
+      <th><p class="titleText">Name</p></th>
+      <th></th>
+      <th><p class="titleText">Secured</p></th>
+    </tr>
+  </tbody>
+  </table>
+  </td>
+</tr>
+</tbody>
+</table>
+</form>
+</body>
+</html>
+
diff --git a/base/tps-client/apache/docroot/esc/TokenManager.html b/base/tps-client/apache/docroot/esc/TokenManager.html
new file mode 100755
index 000000000..010c21ac9
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/TokenManager.html
@@ -0,0 +1,1705 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+<head>
+<link rel=stylesheet href="/pki/esc/style.css" type="text/css">
+
+<script language="JavaScript">
+
+//
+// initialize netkey globals
+var netkey;
+var isMSHTML;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+
+"Operation Completed Successfully.",
+    "Server Error.",
+    "Problem communicating with the token.",
+    "Problem communicating with the token.",
+    "Problem resetting token's pin.",
+    "Internal Server Error.",
+    "Internal Server Error",
+    "Token Enrollment Error.",
+    "Problem communicating with the token.",
+    "Internal Server Error",
+    "Error communicating with the Certificate Authority, try again later.",
+    "Internal Server Error.",
+    "Error resetting the token's pin.",
+    "Internal Server Error.",
+    "Authentication Failure, Try Again.",
+    "Internal Server Error",
+    "Token is disabled, contact technical support.",
+    "Problem communicating with the token.",
+    "Internal Server Error.",
+    "Cannot upgrade token software.",
+    "Internal Server Error.",
+    "Problem communicating with the token.",
+    "Invalid token type.",
+    "Invalid token type",
+    "Cannot publish.",
+    "Cannot communicate with token database, try again later.",
+    "Token is disabled, contact techincal support.",
+    "Cannot reset pin value for the token, contact technical support.",
+    "Connection to server lost.",
+    "Cannot create entry for token in database, contact technical support.",
+    "No such token state, contact technical support.",
+    "Invalid lost token reason, contact technical support.",
+    "Token unusable due to compromise,contact technical support.",
+    "No such inactive token, contact technical support.",
+    "Cannot process more than one active token.",
+    "Internal Server Error,contact technical support.",
+    "Key Recovery has been processed.",
+    "Key Recovery failed, contact technical support.",
+    "Cannot operate on token reported lost, contact technical support.",
+    "Key archival error, contact technical support.",
+    "Problem connecting to the TKS, contact technical support.",
+    "Failed to update token database, contact technical support.",
+    "Internal certificate revocation error,contact technical support.",
+    "User does not own this token, contact technical support."
+);
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                if(!isMSHTML)
+                {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                }
+
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+  if(!isMSHTML)
+    {
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+    }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+  if(!isMSHTML)
+  {
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              alert("Error Setting data values: " + e);
+          }
+
+      }
+
+  }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetESCKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetESCKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetESCKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetESCKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableESCKeys() failed!", e);
+    return [];
+  }
+}
+
+function ChallengeCOOLKey(keyType, keyID, data)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return ConvertVariantArrayToJScriptArray(netkey.ChallengeCoolKey(keyType, keyID, data));
+  } catch(e) {
+    ReportException("netkey.ChallengeESCKey() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollESCKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetESCKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.ResetCoolKeyPIN(keyType, keyID, screenname, pin,screennamepwd);
+  } catch(e) {
+    ReportException("netkey.ResetESCKeyPIN() failed! Make sure token is properly Enrolled.", e);
+    return false;
+  }
+  return true;
+}
+function FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.FormatESCKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelESCKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkESCKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function RequestServiceTicket(screenName, serviceName)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.RequestServiceTicket(screenName, serviceName);
+  } catch(e) {
+    ReportException("netkey..RequestServiceTicket() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.cells(index);
+  } else {
+    cell = row.cells[index];
+  }
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+  if (isMSHTML) {
+    node = parent.childNodes(index);
+  } else {
+    node = parent.childNodes[index];
+  }
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+ // cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  //cell = GetCell(row,3);
+  //RemoveAllChildNodes(cell);
+  //cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function GetKeyStatusForKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return "UNKNOWN";
+
+  var cell = GetCell(row,1);
+  return GetNode(cell,0).data;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+ // document.getElementById("snametf").value = gScreenName;
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gKeyEnrollmentType == "deviceKey")
+  {
+  //  document.getElementById("snametf").disabled = true;
+  //  document.getElementById("pintf").disabled = true;
+   // document.getElementById("reenterpintf").disabled = true;
+  //  document.getElementById("snamepwd").disabled = true;
+  }
+  else
+  {
+ //   document.getElementById("snametf").disabled = false;
+  //  document.getElementById("pintf").disabled = false;
+  //  document.getElementById("reenterpintf").disabled = false;
+  //  document.getElementById("snamepwd").disabled = false;
+  }
+
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetKeyStatusForKeyID(keyType, keyID);
+
+    var validKey = (keyStatus == "NETKEY" || keyStatus == "HOUSEKEY");
+  //  document.getElementById("challengebtn").disabled = !validKey;
+    document.getElementById("blinkbtn").disabled = false;
+//    document.getElementById("enrollbtn").disabled = false;
+    document.getElementById("formatbtn").disabled = false;
+//    document.getElementById("resetpinbtn").disabled = !((keyStatus == "NETKEY") && (gKeyEnrollmentType == "userKey"));
+//document.getElementById("resetpinbtn").disabled = !((gKeyEnrollmentType == "userKey"));
+  }
+  else
+  {
+    //document.getElementById("enrollbtn").disabled = true;
+   // document.getElementById("resetpinbtn").disabled = true;
+    document.getElementById("formatbtn").disabled = true;
+   // document.getElementById("challengebtn").disabled = true;
+    document.getElementById("blinkbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = FindRow(window.event.srcElement);
+  } else {
+    row = FindRow(event.parentNode);
+  }
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+ 
+  if (isMSHTML) {
+     row.onclick = DoSelectRow;
+  }
+
+  // Create the key ID cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(reqAuth));
+
+  // Create the is auth'ed cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(isAuthed));
+
+  // Create the status bar cell
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    alert("You must provide a valid screen name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    alert("You must provide a valid PIN!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    alert("The PIN values you entered don't match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       alert("You must provide a valid User Password!");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+  {
+    alert("Please select a key.");
+    return;
+  }
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  null; //GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd = null; // GetScreenNamePwd();
+
+
+    tokencode = GetTokenCode();
+
+    SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+  else
+    SetStatusMessage("Enrolling DeviceKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+ // if(!Validate())
+  //   return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+ // if(!Validate())
+  //   return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    alert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  alert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  alert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Enrollment for \"" + KeyToUIString(keyType, keyID) + "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("PIN Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Server Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key (" + keyIDStr + ") failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key (" + keyIDStr + ") canceled.";
+
+  alert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+//    screenname = GetScreenNameValue();
+//    if (! screenname)
+ //     return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+//    screennamepwd = GetScreenNamePwd();
+
+//    if(! screennamepwd)
+ //       return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+</script>
+
+</head>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="/pki/esc/images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+  <br>
+  <table id="BindingTable" width="100%"><tbody>
+    <tr id="HeaderRow">
+      <th><p class="titleText">Key ID</p></th>
+      <th><p class="titleText">Key Status</p></th>
+<!--      <th><p class="titleText">Requires Auth</p></th>
+      <th><p class="titleText">Did Auth</p></th>
+
+-->
+      <th width="100"><p class="titleText">Progress</p></th>
+    </tr>
+  </tbody></table>
+  <form action="esc.cgi">
+    <input type="hidden" id="action" name="action" value="bind"> 
+    <input type="hidden" id="screenname" name="screenname" value="">
+    <input type="hidden" id="challengedata" name="challengedata" value="QVNDIHJvY2tzIHRoZSBwYXJ0eSE="> 
+    <input type="hidden" id="signedchallenge" name="signedchallenge" value="">
+    <input type="hidden" id="signedchallengelength" name="signedchallengelength" value=""> 
+    <input type="hidden" id="nonce" name="nonce" value="">
+    <input type="hidden" id="noncelength" name="noncelength" value=""> 
+    <input type="hidden" id="keytype" name="keytype" value="">
+    <input type="hidden" id="keyid" name="keyid" value="">
+    <input type="hidden" id="keylabel" name="keylabel" value=""> 
+    <br>
+    <table width="100%">
+      <tr>
+        <td valign="center" align="left">
+          <input type="button" id="formatbtn" name="formatbtn" value="Format" onClick="DoFormatCOOLKey();">
+      <!--    <input type="button" id="challengebtn" name="challengebtn" value="Challenge" onClick="DoChallengeSelectedKey();"> --> 
+          <input type="button" id="blinkbtn" name="blinkbtn" value="Blink" onClick="DoBlinkCOOLKey();">  
+
+          <input type="button" id="canclebtn" name="canclebtn" value="Cancel" onClick="DoCancelOperation();">
+
+
+        <!--  <input type="button" id="helpbtn" name="helpbtn" value="Help" onClick="DoHelp();"> -->
+        </td>
+      </tr>
+    </table>
+    <table width="100%">
+      <tr>
+      <!--  <td valign="center" align="right">
+          <h5><a href="esc.cgi?">Enterprise Security  Admin Page</a></h5>
+        </td> -->
+      </tr>
+    </table>
+  </form>
+  <table width="100%">
+    <tr>
+      <td valign="center" align="left" style="width: 200px;">
+        <div id="cylon1" class="cylon" style="width: 200px; height: 10px;">
+          <div id="eye1" class="cylonEye" style="top: 0px; left: 0px; width: 28px; height: 8px; visibility: hidden;"></div>
+        </div>
+      </td>
+      <td valign="center" align="left" id="statusMsg"></td>
+    </tr>
+  </table>
+</body></html>
diff --git a/base/tps-client/apache/docroot/esc/TokenPin.html b/base/tps-client/apache/docroot/esc/TokenPin.html
new file mode 100755
index 000000000..54bb8e8c0
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/TokenPin.html
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<style>
+body {
+  background-color: rgb(32%,71%,75%);
+  font-family: "Arial";
+  font-size: 8pt; }
+</style>
+
+<script language = "Javascript">
+function DoSubmitData()
+{
+    var pin = document.getElementById("tokenpin").value;
+
+    var pin_confirm = document.getElementById("tokenpincf").value;
+
+    if(!pin || !pin_confirm )
+    {
+        alert("Please Enter Valid  Token Pin and confirmation value!");
+
+        return;
+    }
+    var parent = window.opener;
+
+    if(parent)
+    {
+        parent.COOLKeySetTokenPin(pin);
+
+    }
+    window.close();
+}
+</script>
+</head>
+<body>
+<b>Please Enter Your Token Pin:</b>
+<form>
+<table>
+<TR>
+<TD align="left">
+<font size=-2>Token Pin:</font><BR>
+<INPUT input type="password" id="tokenpin"  name="tokenpin" value="" size=25><BR>
+</TD>
+</TR>
+<TR>
+<TD align="left">
+<font size=-2>Token Pin:(Confirm)</font><br>
+<INPUT type="password"  id="tokenpincf"  name="tokenpincf" value="" size=25><BR>
+</TD>
+</TR>
+<BR>
+<TR>
+<TD>
+<INPUT type ="button" id="Submit" value="Submit" onClick="DoSubmitData();"
+</TD>
+</TR>
+</table>
+</form>
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/demo/EnrollSuccess.html b/base/tps-client/apache/docroot/esc/demo/EnrollSuccess.html
new file mode 100644
index 000000000..7c95a5568
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/demo/EnrollSuccess.html
@@ -0,0 +1,51 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/pki/esc/demo/style.css" type="text/css">
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body  leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
+<table width="100%" border="0" cellspacing="0" cellpadding="0" class="logobar">
+  <tr> 
+    <td bgcolor="#000000">&nbsp;&nbsp;&nbsp;<img src="/pki/esc/demo/logo.jpg" width="250" height="50"></td>
+  </tr>
+</table>
+
+<p class="bodyText" >
+Congratulations! You have successfully Enrolled your Veracity Investments Security Smartcard! Now that you have enrolled, you will be able to use your smartcard to allow you and only you to log onto the Vercacity Investments On-Line Account Manager. 
+
+</p>
+<p class="bodyText">
+
+Begin your journey into the world of safe and secure account access by logging on to the Veracity Investments On-Line Account Manager.
+
+</p>
+
+<!--
+<a href="https://veracity.test.com/login.cgi?">Veracity Investments Account Manager</a></p>
+
+-->
+ 
+</body>
+
+</html>
+
diff --git a/base/tps-client/apache/docroot/esc/demo/GenericAuth.html b/base/tps-client/apache/docroot/esc/demo/GenericAuth.html
new file mode 100755
index 000000000..dad83a001
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/demo/GenericAuth.html
@@ -0,0 +1,537 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(/pki/esc/images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/demo/util.js b/base/tps-client/apache/docroot/esc/demo/util.js
new file mode 100755
index 000000000..d5707e0f4
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/demo/util.js
@@ -0,0 +1,1503 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact Veracify Investments Technical Support at 1-555-555-VERACI";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Veracify Investments");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid Veracify Account Name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Veracify Key Password!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Veracify Key Password values you entered do not match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid Veracify Account Number !");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/demo/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
diff --git a/base/tps-client/apache/docroot/esc/home/EnrollSuccess.html b/base/tps-client/apache/docroot/esc/home/EnrollSuccess.html
new file mode 100644
index 000000000..2dd6b72e5
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/home/EnrollSuccess.html
@@ -0,0 +1,46 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/pki/esc/home/style.css" type="text/css">
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body  leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
+<table width="100%" border="0" cellspacing="0" cellpadding="0" class="logobar">
+  <tr> 
+    <td bgcolor="#000000">&nbsp;&nbsp;&nbsp;<img src="/pki/esc/home/logo.jpg" width="250" height="50"></td>
+  </tr>
+</table>
+
+<p class="bodyText" >
+Congratulations! You have successfully Enrolled your Smartcard! Now that you have enrolled, you will be able to use your smartcard to allow you and only you to log onto the available Smartcard-protected services.
+
+</p>
+<p class="bodyText">
+
+Begin your journey into the world of safe and secure account access by logging on to the available Smartcard-protected services.
+
+</p>
+
+</body>
+
+</html>
+
diff --git a/base/tps-client/apache/docroot/esc/home/GenericAuth.html b/base/tps-client/apache/docroot/esc/home/GenericAuth.html
new file mode 100755
index 000000000..219f9a6ad
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/home/GenericAuth.html
@@ -0,0 +1,538 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(/pki/esc/images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/home/util.js b/base/tps-client/apache/docroot/esc/home/util.js
new file mode 100755
index 000000000..6e03a94af
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/home/util.js
@@ -0,0 +1,1502 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact your Technical Support";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Smart Card Manager");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid LDAP User ID!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Key Password!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Key Password values you entered do not match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid LDAP User ID !");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/home/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
diff --git a/base/tps-client/apache/docroot/esc/so/EnrollSuccess.html b/base/tps-client/apache/docroot/esc/so/EnrollSuccess.html
new file mode 100644
index 000000000..4c9f3deca
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/so/EnrollSuccess.html
@@ -0,0 +1,46 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/pki/esc/so/style.css" type="text/css">
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body  leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
+<div id="header">
+  <div id="logo">
+      <center><h3><!--<img align=bottom src="/pki/esc/sow/images/logo.gif">-->Security Officer Station</h3></center>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+<blockquote><strong>Congratulations!</strong> You have successfully Enrolled your Security Officer Smartcard! Now that you have enrolled, you will be able to access the Security Officer Workstation.</blockquote>
+<br/>
+
+</div>
+</div>
+</body>
+
+</html>
+
diff --git a/base/tps-client/apache/docroot/esc/so/GenericAuth.html b/base/tps-client/apache/docroot/esc/so/GenericAuth.html
new file mode 100755
index 000000000..219f9a6ad
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/so/GenericAuth.html
@@ -0,0 +1,538 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(/pki/esc/images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/so/util.js b/base/tps-client/apache/docroot/esc/so/util.js
new file mode 100755
index 000000000..ccd81ee84
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/so/util.js
@@ -0,0 +1,1513 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact your Technical Support";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "soKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Smart Card Manager");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+  if (UserOnDoneInitializeBindingTable) {
+    UserOnDoneInitializeBindingTable();
+  }
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid LDAP User ID!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Key Password!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Key Password values you entered do not match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid LDAP User ID !");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "soKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  if (UserOnCOOLKeyStateError) {
+    UserOnCOOLKeyStateError(); // call user-level
+  }
+
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "soKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      if(UserOnCOOLKeyStatusUpdate)
+          UserOnCOOLKeyStatusUpdate(data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/so/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
diff --git a/base/tps-client/apache/docroot/esc/sow/EnrollSuccess.html b/base/tps-client/apache/docroot/esc/sow/EnrollSuccess.html
new file mode 100644
index 000000000..41f7b565f
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/EnrollSuccess.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/pki/esc/sow/style.css" type="text/css">
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="stylesheet" href="/pki/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+
+<div id="header">
+  <div id="logo">
+      <center><h3><!--<img align=bottom src="/pki/esc/sow/images/logo.gif">-->Security Officer Station</h3></center>
+  </div>
+</div>
+
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+<blockquote><strong>Congratulations!</strong> This user has successfully enrolled the Smartcard! Now that this user has enrolled, he/she will be able to use the smartcard to log onto all available Smartcard-protected services.</blockquote>
+<br/>
+
+</div>
+</div>
+
+</body>
+
+</html>
diff --git a/base/tps-client/apache/docroot/esc/sow/GenericAuth.html b/base/tps-client/apache/docroot/esc/sow/GenericAuth.html
new file mode 100755
index 000000000..219f9a6ad
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/GenericAuth.html
@@ -0,0 +1,538 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(/pki/esc/images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/esc/sow/js/ajax-dynamic-list.js b/base/tps-client/apache/docroot/esc/sow/js/ajax-dynamic-list.js
new file mode 100755
index 000000000..4c89ede8a
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/js/ajax-dynamic-list.js
@@ -0,0 +1,288 @@
+/************************************************************************************************************

+Ajax dynamic list

+Copyright (C) 2006  DTHMLGoodies.com, Alf Magne Kalleland

+

+This library is free software; you can redistribute it and/or

+modify it under the terms of the GNU Lesser General Public

+License as published by the Free Software Foundation; either

+version 2.1 of the License, or (at your option) any later version.

+

+This library is distributed in the hope that it will be useful,

+but WITHOUT ANY WARRANTY; without even the implied warranty of

+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU

+Lesser General Public License for more details.

+

+You should have received a copy of the GNU Lesser General Public

+License along with this library; if not, write to the Free Software

+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA

+

+Dhtmlgoodies.com., hereby disclaims all copyright interest in this script

+written by Alf Magne Kalleland.

+

+Alf Magne Kalleland, 2006

+Owner of DHTMLgoodies.com

+	

+************************************************************************************************************/	

+

+	var ajaxBox_offsetX = 0;

+	var ajaxBox_offsetY = 0;

+	var ajax_list_externalFile = 'ajax-list.cgi';	// Path to external file

+	var minimumLettersBeforeLookup = 1;	// Number of letters entered before a lookup is performed.

+	

+	var ajax_list_objects = new Array();

+	var ajax_list_cachedLists = new Array();

+	var ajax_list_activeInput = false;

+	var ajax_list_activeItem;

+	var ajax_list_optionDivFirstItem = false;

+	var ajax_list_currentLetters = new Array();

+	var ajax_optionDiv = false;

+	var ajax_optionDiv_iframe = false;

+

+	var ajax_list_MSIE = false;

+	if(navigator.userAgent.indexOf('MSIE')>=0 && navigator.userAgent.indexOf('Opera')<0)ajax_list_MSIE=true;

+	

+	var currentListIndex = 0;

+	

+	function ajax_getTopPos(inputObj)

+	{

+		

+	  var returnValue = inputObj.offsetTop;

+	  while((inputObj = inputObj.offsetParent) != null){

+	  	returnValue += inputObj.offsetTop;

+	  }

+	  return returnValue;

+	}

+	function ajax_list_cancelEvent()

+	{

+		return false;

+	}

+	

+	function ajax_getLeftPos(inputObj)

+	{

+	  var returnValue = inputObj.offsetLeft;

+	  while((inputObj = inputObj.offsetParent) != null)returnValue += inputObj.offsetLeft;

+	  

+	  return returnValue;

+	}

+	

+	function ajax_option_setValue(e,inputObj)

+	{

+		if(!inputObj)inputObj=this;

+		var tmpValue = inputObj.innerHTML;

+		if(ajax_list_MSIE)tmpValue = inputObj.innerText;else tmpValue = inputObj.textContent;

+		if(!tmpValue)tmpValue = inputObj.innerHTML;

+		ajax_list_activeInput.value = tmpValue;

+		if(document.getElementById(ajax_list_activeInput.name + '_hidden'))document.getElementById(ajax_list_activeInput.name + '_hidden').value = inputObj.id; 

+		ajax_options_hide();

+	}

+	

+	function ajax_options_hide()

+	{

+		ajax_optionDiv.style.display='none';	

+		if(ajax_optionDiv_iframe)ajax_optionDiv_iframe.style.display='none';

+	}

+

+	function ajax_options_rollOverActiveItem(item,fromKeyBoard)

+	{

+		if(ajax_list_activeItem)ajax_list_activeItem.className='optionDiv';

+		item.className='optionDivSelected';

+		ajax_list_activeItem = item;

+		

+		if(fromKeyBoard){

+			if(ajax_list_activeItem.offsetTop>ajax_optionDiv.offsetHeight){

+				ajax_optionDiv.scrollTop = ajax_list_activeItem.offsetTop - ajax_optionDiv.offsetHeight + ajax_list_activeItem.offsetHeight + 2 ;

+			}

+			if(ajax_list_activeItem.offsetTop<ajax_optionDiv.scrollTop)

+			{

+				ajax_optionDiv.scrollTop = 0;	

+			}

+		}

+	}

+	

+	function ajax_option_list_buildList(letters,paramToExternalFile)

+	{

+		

+		ajax_optionDiv.innerHTML = '';

+		ajax_list_activeItem = false;

+		if(ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()].length<=1){

+			ajax_options_hide();

+			return;			

+		}

+		

+		

+		

+		ajax_list_optionDivFirstItem = false;

+		var optionsAdded = false;

+		for(var no=0;no<ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()].length;no++){

+			if(ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()][no].length==0)continue;

+			optionsAdded = true;

+			var div = document.createElement('DIV');

+			var items = ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()][no].split(/###/gi);

+			

+			if(ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()].length==1 && ajax_list_activeInput.value == items[0]){

+				ajax_options_hide();

+				return;						

+			}

+			

+			

+			div.innerHTML = items[items.length-1];

+			div.id = items[0];

+			div.className='optionDiv';

+			div.onmouseover = function(){ ajax_options_rollOverActiveItem(this,false) }

+			div.onclick = ajax_option_setValue;

+			if(!ajax_list_optionDivFirstItem)ajax_list_optionDivFirstItem = div;

+			ajax_optionDiv.appendChild(div);

+		}	

+		if(optionsAdded){

+			ajax_optionDiv.style.display='block';

+			if(ajax_optionDiv_iframe)ajax_optionDiv_iframe.style.display='';

+		}

+					

+	}

+	

+	function ajax_option_list_showContent(ajaxIndex,inputObj,paramToExternalFile,whichIndex)

+	{

+		if(whichIndex!=currentListIndex)return;

+		var letters = inputObj.value;

+		var content = ajax_list_objects[ajaxIndex].response;

+		var elements = content.split('|');

+		ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()] = elements;

+		ajax_option_list_buildList(letters,paramToExternalFile);

+		

+	}

+	

+	function ajax_option_resize(inputObj)

+	{

+		ajax_optionDiv.style.top = (ajax_getTopPos(inputObj) + inputObj.offsetHeight + ajaxBox_offsetY) + 'px';

+		ajax_optionDiv.style.left = (ajax_getLeftPos(inputObj) + ajaxBox_offsetX) + 'px';

+		if(ajax_optionDiv_iframe){

+			ajax_optionDiv_iframe.style.left = ajax_optionDiv.style.left;

+			ajax_optionDiv_iframe.style.top = ajax_optionDiv.style.top;			

+		}		

+		

+	}

+	

+	function ajax_showOptions(inputObj,paramToExternalFile,e)

+	{

+		if(e.keyCode==13 || e.keyCode==9)return;

+		if(ajax_list_currentLetters[inputObj.name]==inputObj.value)return;

+		if(!ajax_list_cachedLists[paramToExternalFile])ajax_list_cachedLists[paramToExternalFile] = new Array();

+		ajax_list_currentLetters[inputObj.name] = inputObj.value;

+		if(!ajax_optionDiv){

+			ajax_optionDiv = document.createElement('DIV');

+			ajax_optionDiv.id = 'ajax_listOfOptions';	

+			document.body.appendChild(ajax_optionDiv);

+			

+			if(ajax_list_MSIE){

+				ajax_optionDiv_iframe = document.createElement('IFRAME');

+				ajax_optionDiv_iframe.border='0';

+				ajax_optionDiv_iframe.style.width = ajax_optionDiv.clientWidth + 'px';

+				ajax_optionDiv_iframe.style.height = ajax_optionDiv.clientHeight + 'px';

+				ajax_optionDiv_iframe.id = 'ajax_listOfOptions_iframe';

+				

+				document.body.appendChild(ajax_optionDiv_iframe);

+			}

+			

+			var allInputs = document.getElementsByTagName('INPUT');

+			for(var no=0;no<allInputs.length;no++){

+				if(!allInputs[no].onkeyup)allInputs[no].onfocus = ajax_options_hide;

+			}			

+			var allSelects = document.getElementsByTagName('SELECT');

+			for(var no=0;no<allSelects.length;no++){

+				allSelects[no].onfocus = ajax_options_hide;

+			}

+

+			var oldonkeydown=document.body.onkeydown;

+			if(typeof oldonkeydown!='function'){

+				document.body.onkeydown=ajax_option_keyNavigation;

+			}else{

+				document.body.onkeydown=function(){

+					oldonkeydown();

+				ajax_option_keyNavigation() ;}

+			}

+			var oldonresize=document.body.onresize;

+			if(typeof oldonresize!='function'){

+				document.body.onresize=function() {ajax_option_resize(inputObj); };

+			}else{

+				document.body.onresize=function(){oldonresize();

+				ajax_option_resize(inputObj) ;}

+			}

+				

+		}

+		

+		if(inputObj.value.length<minimumLettersBeforeLookup){

+			ajax_options_hide();

+			return;

+		}

+				

+

+		ajax_optionDiv.style.top = (ajax_getTopPos(inputObj) + inputObj.offsetHeight + ajaxBox_offsetY) + 'px';

+		ajax_optionDiv.style.left = (ajax_getLeftPos(inputObj) + ajaxBox_offsetX) + 'px';

+		if(ajax_optionDiv_iframe){

+			ajax_optionDiv_iframe.style.left = ajax_optionDiv.style.left;

+			ajax_optionDiv_iframe.style.top = ajax_optionDiv.style.top;			

+		}

+		

+		ajax_list_activeInput = inputObj;

+		ajax_optionDiv.onselectstart =  ajax_list_cancelEvent;

+		currentListIndex++;

+		if(ajax_list_cachedLists[paramToExternalFile][inputObj.value.toLowerCase()]){

+			ajax_option_list_buildList(inputObj.value,paramToExternalFile,currentListIndex);			

+		}else{

+			ajax_optionDiv.innerHTML = '';

+			var ajaxIndex = ajax_list_objects.length;

+			ajax_list_objects[ajaxIndex] = new sack();

+			var url = ajax_list_externalFile + '?' + paramToExternalFile + '=1&letters=' + inputObj.value.replace(" ","+");

+			ajax_list_objects[ajaxIndex].requestFile = url;	// Specifying which file to get

+			ajax_list_objects[ajaxIndex].onCompletion = function(){ ajax_option_list_showContent(ajaxIndex,inputObj,paramToExternalFile,currentListIndex); };	// Specify function that will be executed after file has been found

+			ajax_list_objects[ajaxIndex].runAJAX();		// Execute AJAX function		

+		}

+		

+			

+	}

+	

+	function ajax_option_keyNavigation(e)

+	{

+		if(document.all)e = event;

+		

+		if(!ajax_optionDiv)return;

+		if(ajax_optionDiv.style.display=='none')return;

+		

+		if(e.keyCode==38){	// Up arrow

+			if(!ajax_list_activeItem)return;

+			if(ajax_list_activeItem && !ajax_list_activeItem.previousSibling)return;

+			ajax_options_rollOverActiveItem(ajax_list_activeItem.previousSibling,true);

+		}

+		

+		if(e.keyCode==40){	// Down arrow

+			if(!ajax_list_activeItem){

+				ajax_options_rollOverActiveItem(ajax_list_optionDivFirstItem,true);

+			}else{

+				if(!ajax_list_activeItem.nextSibling)return;

+				ajax_options_rollOverActiveItem(ajax_list_activeItem.nextSibling,true);

+			}

+		}

+		

+		if(e.keyCode==13 || e.keyCode==9){	// Enter key or tab key

+			if(ajax_list_activeItem && ajax_list_activeItem.className=='optionDivSelected')ajax_option_setValue(false,ajax_list_activeItem);

+			if(e.keyCode==13)return false; else return true;

+		}

+		if(e.keyCode==27){	// Escape key

+			ajax_options_hide();			

+		}

+	}

+	

+	

+	document.documentElement.onclick = autoHideList;

+	

+	function autoHideList(e)

+	{

+		if(document.all)e = event;

+		

+		if (e.target) source = e.target;

+			else if (e.srcElement) source = e.srcElement;

+			if (source.nodeType == 3) // defeat Safari bug

+				source = source.parentNode;		

+		if(source.tagName.toLowerCase()!='input' && source.tagName.toLowerCase()!='textarea')ajax_options_hide();

+		

+	}

diff --git a/base/tps-client/apache/docroot/esc/sow/js/ajax.js b/base/tps-client/apache/docroot/esc/sow/js/ajax.js
new file mode 100755
index 000000000..fc342fdd1
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/js/ajax.js
@@ -0,0 +1,193 @@
+/* Simple AJAX Code-Kit (SACK) v1.6.1 */

+/* ©2005 Gregory Wild-Smith */

+/* www.twilightuniverse.com */

+/* Software licenced under a modified X11 licence,

+   see documentation or authors website for more details */

+

+function sack(file) {

+	this.xmlhttp = null;

+

+	this.resetData = function() {

+		this.method = "POST";

+  		this.queryStringSeparator = "?";

+		this.argumentSeparator = "&";

+		this.URLString = "";

+		this.encodeURIString = true;

+  		this.execute = false;

+  		this.element = null;

+		this.elementObj = null;

+		this.requestFile = file;

+		this.vars = new Object();

+		this.responseStatus = new Array(2);

+  	};

+

+	this.resetFunctions = function() {

+  		this.onLoading = function() { };

+  		this.onLoaded = function() { };

+  		this.onInteractive = function() { };

+  		this.onCompletion = function() { };

+  		this.onError = function() { };

+		this.onFail = function() { };

+	};

+

+	this.reset = function() {

+		this.resetFunctions();

+		this.resetData();

+	};

+

+	this.createAJAX = function() {

+		try {

+			this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");

+		} catch (e1) {

+			try {

+				this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");

+			} catch (e2) {

+				this.xmlhttp = null;

+			}

+		}

+

+		if (! this.xmlhttp) {

+			if (typeof XMLHttpRequest != "undefined") {

+				this.xmlhttp = new XMLHttpRequest();

+			} else {

+				this.failed = true;

+			}

+		}

+	};

+

+	this.setVar = function(name, value){

+		this.vars[name] = Array(value, false);

+	};

+

+	this.encVar = function(name, value, returnvars) {

+		if (true == returnvars) {

+			return Array(encodeURIComponent(name), encodeURIComponent(value));

+		} else {

+			this.vars[encodeURIComponent(name)] = Array(encodeURIComponent(value), true);

+		}

+	}

+

+	this.processURLString = function(string, encode) {

+		encoded = encodeURIComponent(this.argumentSeparator);

+		regexp = new RegExp(this.argumentSeparator + "|" + encoded);

+		varArray = string.split(regexp);

+		for (i = 0; i < varArray.length; i++){

+			urlVars = varArray[i].split("=");

+			if (true == encode){

+				this.encVar(urlVars[0], urlVars[1]);

+			} else {

+				this.setVar(urlVars[0], urlVars[1]);

+			}

+		}

+	}

+

+	this.createURLString = function(urlstring) {

+		if (this.encodeURIString && this.URLString.length) {

+			this.processURLString(this.URLString, true);

+		}

+

+		if (urlstring) {

+			if (this.URLString.length) {

+				this.URLString += this.argumentSeparator + urlstring;

+			} else {

+				this.URLString = urlstring;

+			}

+		}

+

+		// prevents caching of URLString

+		this.setVar("rndval", new Date().getTime());

+

+		urlstringtemp = new Array();

+		for (key in this.vars) {

+			if (false == this.vars[key][1] && true == this.encodeURIString) {

+				encoded = this.encVar(key, this.vars[key][0], true);

+				delete this.vars[key];

+				this.vars[encoded[0]] = Array(encoded[1], true);

+				key = encoded[0];

+			}

+

+			urlstringtemp[urlstringtemp.length] = key + "=" + this.vars[key][0];

+		}

+		if (urlstring){

+			this.URLString += this.argumentSeparator + urlstringtemp.join(this.argumentSeparator);

+		} else {

+			this.URLString += urlstringtemp.join(this.argumentSeparator);

+		}

+	}

+

+	this.runResponse = function() {

+		eval(this.response);

+	}

+

+	this.runAJAX = function(urlstring) {

+		if (this.failed) {

+			this.onFail();

+		} else {

+			this.createURLString(urlstring);

+			if (this.element) {

+				this.elementObj = document.getElementById(this.element);

+			}

+			if (this.xmlhttp) {

+				var self = this;

+				if (this.method == "GET") {

+					totalurlstring = this.requestFile + this.queryStringSeparator + this.URLString;

+					this.xmlhttp.open(this.method, totalurlstring, true);

+				} else {

+					this.xmlhttp.open(this.method, this.requestFile, true);

+					try {

+						this.xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")

+					} catch (e) { }

+				}

+

+				this.xmlhttp.onreadystatechange = function() {

+					switch (self.xmlhttp.readyState) {

+						case 1:

+							self.onLoading();

+							break;

+						case 2:

+							self.onLoaded();

+							break;

+						case 3:

+							self.onInteractive();

+							break;

+						case 4:

+							self.response = self.xmlhttp.responseText;

+							self.responseXML = self.xmlhttp.responseXML;

+							self.responseStatus[0] = self.xmlhttp.status;

+							self.responseStatus[1] = self.xmlhttp.statusText;

+

+							if (self.execute) {

+								self.runResponse();

+							}

+

+							if (self.elementObj) {

+								elemNodeName = self.elementObj.nodeName;

+								elemNodeName.toLowerCase();

+								if (elemNodeName == "input"

+								|| elemNodeName == "select"

+								|| elemNodeName == "option"

+								|| elemNodeName == "textarea") {

+									self.elementObj.value = self.response;

+								} else {

+									self.elementObj.innerHTML = self.response;

+								}

+							}

+							if (self.responseStatus[0] == "200") {

+								self.onCompletion();

+							} else {

+								self.onError();

+							}

+

+							self.URLString = "";

+							break;

+					}

+				};

+

+				this.xmlhttp.send(this.URLString);

+			}

+		}

+	};

+

+	this.reset();

+	this.createAJAX();

+}

diff --git a/base/tps-client/apache/docroot/esc/sow/js/effects.js b/base/tps-client/apache/docroot/esc/sow/js/effects.js
new file mode 100755
index 000000000..d3940a82b
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/js/effects.js
@@ -0,0 +1,903 @@
+// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// Contributors:
+//  Justin Palmer (http://encytemedia.com/)
+//  Mark Pilgrim (http://diveintomark.org/)
+//  Martin Bialasinki
+// 
+// See scriptaculous.js for full license.  
+
+/* ------------- element ext -------------- */  
+ 
+// converts rgb() and #xxx to #xxxxxx format,  
+// returns self (or first argument) if not convertable  
+String.prototype.parseColor = function() {  
+  var color = '#';  
+  if(this.slice(0,4) == 'rgb(') {  
+    var cols = this.slice(4,this.length-1).split(',');  
+    var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3);  
+  } else {  
+    if(this.slice(0,1) == '#') {  
+      if(this.length==4) for(var i=1;i<4;i++) color += (this.charAt(i) + this.charAt(i)).toLowerCase();  
+      if(this.length==7) color = this.toLowerCase();  
+    }  
+  }  
+  return(color.length==7 ? color : (arguments[0] || this));  
+}
+
+Element.collectTextNodes = function(element) {  
+  return $A($(element).childNodes).collect( function(node) {
+    return (node.nodeType==3 ? node.nodeValue : 
+      (node.hasChildNodes() ? Element.collectTextNodes(node) : ''));
+  }).flatten().join('');
+}
+
+Element.collectTextNodesIgnoreClass = function(element, className) {  
+  return $A($(element).childNodes).collect( function(node) {
+    return (node.nodeType==3 ? node.nodeValue : 
+      ((node.hasChildNodes() && !Element.hasClassName(node,className)) ? 
+        Element.collectTextNodes(node) : ''));
+  }).flatten().join('');
+}
+
+Element.setStyle = function(element, style) {
+  element = $(element);
+  for(k in style) element.style[k.camelize()] = style[k];
+}
+
+Element.setContentZoom = function(element, percent) {  
+  Element.setStyle(element, {fontSize: (percent/100) + 'em'});   
+  if(navigator.appVersion.indexOf('AppleWebKit')>0) window.scrollBy(0,0);  
+}
+
+Element.getOpacity = function(element){  
+  var opacity;
+  if (opacity = Element.getStyle(element, 'opacity'))  
+    return parseFloat(opacity);  
+  if (opacity = (Element.getStyle(element, 'filter') || '').match(/alpha\(opacity=(.*)\)/))  
+    if(opacity[1]) return parseFloat(opacity[1]) / 100;  
+  return 1.0;  
+}
+
+Element.setOpacity = function(element, value){  
+  element= $(element);  
+  if (value == 1){
+    Element.setStyle(element, { opacity: 
+      (/Gecko/.test(navigator.userAgent) && !/Konqueror|Safari|KHTML/.test(navigator.userAgent)) ? 
+      0.999999 : null });
+    if(/MSIE/.test(navigator.userAgent))  
+      Element.setStyle(element, {filter: Element.getStyle(element,'filter').replace(/alpha\([^\)]*\)/gi,'')});  
+  } else {  
+    if(value < 0.00001) value = 0;  
+    Element.setStyle(element, {opacity: value});
+    if(/MSIE/.test(navigator.userAgent))  
+     Element.setStyle(element, 
+       { filter: Element.getStyle(element,'filter').replace(/alpha\([^\)]*\)/gi,'') +
+                 'alpha(opacity='+value*100+')' });  
+  }   
+}  
+ 
+Element.getInlineOpacity = function(element){  
+  return $(element).style.opacity || '';
+}  
+
+Element.childrenWithClassName = function(element, className) {  
+  return $A($(element).getElementsByTagName('*')).select(
+    function(c) { return Element.hasClassName(c, className) });
+}
+
+Array.prototype.call = function() {
+  var args = arguments;
+  this.each(function(f){ f.apply(this, args) });
+}
+
+/*--------------------------------------------------------------------------*/
+
+var Effect = {
+  tagifyText: function(element) {
+    var tagifyStyle = 'position:relative';
+    if(/MSIE/.test(navigator.userAgent)) tagifyStyle += ';zoom:1';
+    element = $(element);
+    $A(element.childNodes).each( function(child) {
+      if(child.nodeType==3) {
+        child.nodeValue.toArray().each( function(character) {
+          element.insertBefore(
+            Builder.node('span',{style: tagifyStyle},
+              character == ' ' ? String.fromCharCode(160) : character), 
+              child);
+        });
+        Element.remove(child);
+      }
+    });
+  },
+  multiple: function(element, effect) {
+    var elements;
+    if(((typeof element == 'object') || 
+        (typeof element == 'function')) && 
+       (element.length))
+      elements = element;
+    else
+      elements = $(element).childNodes;
+      
+    var options = Object.extend({
+      speed: 0.1,
+      delay: 0.0
+    }, arguments[2] || {});
+    var masterDelay = options.delay;
+
+    $A(elements).each( function(element, index) {
+      new effect(element, Object.extend(options, { delay: index * options.speed + masterDelay }));
+    });
+  },
+  PAIRS: {
+    'slide':  ['SlideDown','SlideUp'],
+    'blind':  ['BlindDown','BlindUp'],
+    'appear': ['Appear','Fade']
+  },
+  toggle: function(element, effect) {
+    element = $(element);
+    effect = (effect || 'appear').toLowerCase();
+    var options = Object.extend({
+      queue: { position:'end', scope:(element.id || 'global') }
+    }, arguments[2] || {});
+    Effect[Element.visible(element) ? 
+      Effect.PAIRS[effect][1] : Effect.PAIRS[effect][0]](element, options);
+  }
+};
+
+var Effect2 = Effect; // deprecated
+
+/* ------------- transitions ------------- */
+
+Effect.Transitions = {}
+
+Effect.Transitions.linear = function(pos) {
+  return pos;
+}
+Effect.Transitions.sinoidal = function(pos) {
+  return (-Math.cos(pos*Math.PI)/2) + 0.5;
+}
+Effect.Transitions.reverse  = function(pos) {
+  return 1-pos;
+}
+Effect.Transitions.flicker = function(pos) {
+  return ((-Math.cos(pos*Math.PI)/4) + 0.75) + Math.random()/4;
+}
+Effect.Transitions.wobble = function(pos) {
+  return (-Math.cos(pos*Math.PI*(9*pos))/2) + 0.5;
+}
+Effect.Transitions.pulse = function(pos) {
+  return (Math.floor(pos*10) % 2 == 0 ? 
+    (pos*10-Math.floor(pos*10)) : 1-(pos*10-Math.floor(pos*10)));
+}
+Effect.Transitions.none = function(pos) {
+  return 0;
+}
+Effect.Transitions.full = function(pos) {
+  return 1;
+}
+
+/* ------------- core effects ------------- */
+
+Effect.ScopedQueue = Class.create();
+Object.extend(Object.extend(Effect.ScopedQueue.prototype, Enumerable), {
+  initialize: function() {
+    this.effects  = [];
+    this.interval = null;
+  },
+  _each: function(iterator) {
+    this.effects._each(iterator);
+  },
+  add: function(effect) {
+    var timestamp = new Date().getTime();
+    
+    var position = (typeof effect.options.queue == 'string') ? 
+      effect.options.queue : effect.options.queue.position;
+    
+    switch(position) {
+      case 'front':
+        // move unstarted effects after this effect  
+        this.effects.findAll(function(e){ return e.state=='idle' }).each( function(e) {
+            e.startOn  += effect.finishOn;
+            e.finishOn += effect.finishOn;
+          });
+        break;
+      case 'end':
+        // start effect after last queued effect has finished
+        timestamp = this.effects.pluck('finishOn').max() || timestamp;
+        break;
+    }
+    
+    effect.startOn  += timestamp;
+    effect.finishOn += timestamp;
+    this.effects.push(effect);
+    if(!this.interval) 
+      this.interval = setInterval(this.loop.bind(this), 40);
+  },
+  remove: function(effect) {
+    this.effects = this.effects.reject(function(e) { return e==effect });
+    if(this.effects.length == 0) {
+      clearInterval(this.interval);
+      this.interval = null;
+    }
+  },
+  loop: function() {
+    var timePos = new Date().getTime();
+    this.effects.invoke('loop', timePos);
+  }
+});
+
+Effect.Queues = {
+  instances: $H(),
+  get: function(queueName) {
+    if(typeof queueName != 'string') return queueName;
+    
+    if(!this.instances[queueName])
+      this.instances[queueName] = new Effect.ScopedQueue();
+      
+    return this.instances[queueName];
+  }
+}
+Effect.Queue = Effect.Queues.get('global');
+
+Effect.DefaultOptions = {
+  transition: Effect.Transitions.sinoidal,
+  duration:   1.0,   // seconds
+  fps:        25.0,  // max. 25fps due to Effect.Queue implementation
+  sync:       false, // true for combining
+  from:       0.0,
+  to:         1.0,
+  delay:      0.0,
+  queue:      'parallel'
+}
+
+Effect.Base = function() {};
+Effect.Base.prototype = {
+  position: null,
+  start: function(options) {
+    this.options      = Object.extend(Object.extend({},Effect.DefaultOptions), options || {});
+    this.currentFrame = 0;
+    this.state        = 'idle';
+    this.startOn      = this.options.delay*1000;
+    this.finishOn     = this.startOn + (this.options.duration*1000);
+    this.event('beforeStart');
+    if(!this.options.sync)
+      Effect.Queues.get(typeof this.options.queue == 'string' ? 
+        'global' : this.options.queue.scope).add(this);
+  },
+  loop: function(timePos) {
+    if(timePos >= this.startOn) {
+      if(timePos >= this.finishOn) {
+        this.render(1.0);
+        this.cancel();
+        this.event('beforeFinish');
+        if(this.finish) this.finish(); 
+        this.event('afterFinish');
+        return;  
+      }
+      var pos   = (timePos - this.startOn) / (this.finishOn - this.startOn);
+      var frame = Math.round(pos * this.options.fps * this.options.duration);
+      if(frame > this.currentFrame) {
+        this.render(pos);
+        this.currentFrame = frame;
+      }
+    }
+  },
+  render: function(pos) {
+    if(this.state == 'idle') {
+      this.state = 'running';
+      this.event('beforeSetup');
+      if(this.setup) this.setup();
+      this.event('afterSetup');
+    }
+    if(this.state == 'running') {
+      if(this.options.transition) pos = this.options.transition(pos);
+      pos *= (this.options.to-this.options.from);
+      pos += this.options.from;
+      this.position = pos;
+      this.event('beforeUpdate');
+      if(this.update) this.update(pos);
+      this.event('afterUpdate');
+    }
+  },
+  cancel: function() {
+    if(!this.options.sync)
+      Effect.Queues.get(typeof this.options.queue == 'string' ? 
+        'global' : this.options.queue.scope).remove(this);
+    this.state = 'finished';
+  },
+  event: function(eventName) {
+    if(this.options[eventName + 'Internal']) this.options[eventName + 'Internal'](this);
+    if(this.options[eventName]) this.options[eventName](this);
+  },
+  inspect: function() {
+    return '#<Effect:' + $H(this).inspect() + ',options:' + $H(this.options).inspect() + '>';
+  }
+}
+
+Effect.Parallel = Class.create();
+Object.extend(Object.extend(Effect.Parallel.prototype, Effect.Base.prototype), {
+  initialize: function(effects) {
+    this.effects = effects || [];
+    this.start(arguments[1]);
+  },
+  update: function(position) {
+    this.effects.invoke('render', position);
+  },
+  finish: function(position) {
+    this.effects.each( function(effect) {
+      effect.render(1.0);
+      effect.cancel();
+      effect.event('beforeFinish');
+      if(effect.finish) effect.finish(position);
+      effect.event('afterFinish');
+    });
+  }
+});
+
+Effect.Opacity = Class.create();
+Object.extend(Object.extend(Effect.Opacity.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    // make this work on IE on elements without 'layout'
+    if(/MSIE/.test(navigator.userAgent) && (!this.element.hasLayout))
+      Element.setStyle(this.element, {zoom: 1});
+    var options = Object.extend({
+      from: Element.getOpacity(this.element) || 0.0,
+      to:   1.0
+    }, arguments[1] || {});
+    this.start(options);
+  },
+  update: function(position) {
+    Element.setOpacity(this.element, position);
+  }
+});
+
+Effect.Move = Class.create();
+Object.extend(Object.extend(Effect.Move.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    var options = Object.extend({
+      x:    0,
+      y:    0,
+      mode: 'relative'
+    }, arguments[1] || {});
+    this.start(options);
+  },
+  setup: function() {
+    // Bug in Opera: Opera returns the "real" position of a static element or
+    // relative element that does not have top/left explicitly set.
+    // ==> Always set top and left for position relative elements in your stylesheets 
+    // (to 0 if you do not need them) 
+    Element.makePositioned(this.element);
+    this.originalLeft = parseFloat(Element.getStyle(this.element,'left') || '0');
+    this.originalTop  = parseFloat(Element.getStyle(this.element,'top')  || '0');
+    if(this.options.mode == 'absolute') {
+      // absolute movement, so we need to calc deltaX and deltaY
+      this.options.x = this.options.x - this.originalLeft;
+      this.options.y = this.options.y - this.originalTop;
+    }
+  },
+  update: function(position) {
+    Element.setStyle(this.element, {
+      left: this.options.x  * position + this.originalLeft + 'px',
+      top:  this.options.y  * position + this.originalTop  + 'px'
+    });
+  }
+});
+
+// for backwards compatibility
+Effect.MoveBy = function(element, toTop, toLeft) {
+  return new Effect.Move(element, 
+    Object.extend({ x: toLeft, y: toTop }, arguments[3] || {}));
+};
+
+Effect.Scale = Class.create();
+Object.extend(Object.extend(Effect.Scale.prototype, Effect.Base.prototype), {
+  initialize: function(element, percent) {
+    this.element = $(element)
+    var options = Object.extend({
+      scaleX: true,
+      scaleY: true,
+      scaleContent: true,
+      scaleFromCenter: false,
+      scaleMode: 'box',        // 'box' or 'contents' or {} with provided values
+      scaleFrom: 100.0,
+      scaleTo:   percent
+    }, arguments[2] || {});
+    this.start(options);
+  },
+  setup: function() {
+    this.restoreAfterFinish = this.options.restoreAfterFinish || false;
+    this.elementPositioning = Element.getStyle(this.element,'position');
+    
+    this.originalStyle = {};
+    ['top','left','width','height','fontSize'].each( function(k) {
+      this.originalStyle[k] = this.element.style[k];
+    }.bind(this));
+      
+    this.originalTop  = this.element.offsetTop;
+    this.originalLeft = this.element.offsetLeft;
+    
+    var fontSize = Element.getStyle(this.element,'font-size') || '100%';
+    ['em','px','%'].each( function(fontSizeType) {
+      if(fontSize.indexOf(fontSizeType)>0) {
+        this.fontSize     = parseFloat(fontSize);
+        this.fontSizeType = fontSizeType;
+      }
+    }.bind(this));
+    
+    this.factor = (this.options.scaleTo - this.options.scaleFrom)/100;
+    
+    this.dims = null;
+    if(this.options.scaleMode=='box')
+      this.dims = [this.element.offsetHeight, this.element.offsetWidth];
+    if(/^content/.test(this.options.scaleMode))
+      this.dims = [this.element.scrollHeight, this.element.scrollWidth];
+    if(!this.dims)
+      this.dims = [this.options.scaleMode.originalHeight,
+                   this.options.scaleMode.originalWidth];
+  },
+  update: function(position) {
+    var currentScale = (this.options.scaleFrom/100.0) + (this.factor * position);
+    if(this.options.scaleContent && this.fontSize)
+      Element.setStyle(this.element, {fontSize: this.fontSize * currentScale + this.fontSizeType });
+    this.setDimensions(this.dims[0] * currentScale, this.dims[1] * currentScale);
+  },
+  finish: function(position) {
+    if (this.restoreAfterFinish) Element.setStyle(this.element, this.originalStyle);
+  },
+  setDimensions: function(height, width) {
+    var d = {};
+    if(this.options.scaleX) d.width = width + 'px';
+    if(this.options.scaleY) d.height = height + 'px';
+    if(this.options.scaleFromCenter) {
+      var topd  = (height - this.dims[0])/2;
+      var leftd = (width  - this.dims[1])/2;
+      if(this.elementPositioning == 'absolute') {
+        if(this.options.scaleY) d.top = this.originalTop-topd + 'px';
+        if(this.options.scaleX) d.left = this.originalLeft-leftd + 'px';
+      } else {
+        if(this.options.scaleY) d.top = -topd + 'px';
+        if(this.options.scaleX) d.left = -leftd + 'px';
+      }
+    }
+    Element.setStyle(this.element, d);
+  }
+});
+
+Effect.Highlight = Class.create();
+Object.extend(Object.extend(Effect.Highlight.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    var options = Object.extend({ startcolor: '#ffff99' }, arguments[1] || {});
+    this.start(options);
+  },
+  setup: function() {
+    // Prevent executing on elements not in the layout flow
+    if(Element.getStyle(this.element, 'display')=='none') { this.cancel(); return; }
+    // Disable background image during the effect
+    this.oldStyle = {
+      backgroundImage: Element.getStyle(this.element, 'background-image') };
+    Element.setStyle(this.element, {backgroundImage: 'none'});
+    if(!this.options.endcolor)
+      this.options.endcolor = Element.getStyle(this.element, 'background-color').parseColor('#ffffff');
+    if(!this.options.restorecolor)
+      this.options.restorecolor = Element.getStyle(this.element, 'background-color');
+    // init color calculations
+    this._base  = $R(0,2).map(function(i){ return parseInt(this.options.startcolor.slice(i*2+1,i*2+3),16) }.bind(this));
+    this._delta = $R(0,2).map(function(i){ return parseInt(this.options.endcolor.slice(i*2+1,i*2+3),16)-this._base[i] }.bind(this));
+  },
+  update: function(position) {
+    Element.setStyle(this.element,{backgroundColor: $R(0,2).inject('#',function(m,v,i){
+      return m+(Math.round(this._base[i]+(this._delta[i]*position)).toColorPart()); }.bind(this)) });
+  },
+  finish: function() {
+    Element.setStyle(this.element, Object.extend(this.oldStyle, {
+      backgroundColor: this.options.restorecolor
+    }));
+  }
+});
+
+Effect.ScrollTo = Class.create();
+Object.extend(Object.extend(Effect.ScrollTo.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    this.start(arguments[1] || {});
+  },
+  setup: function() {
+    Position.prepare();
+    var offsets = Position.cumulativeOffset(this.element);
+    if(this.options.offset) offsets[1] += this.options.offset;
+    var max = window.innerHeight ? 
+      window.height - window.innerHeight :
+      document.body.scrollHeight - 
+        (document.documentElement.clientHeight ? 
+          document.documentElement.clientHeight : document.body.clientHeight);
+    this.scrollStart = Position.deltaY;
+    this.delta = (offsets[1] > max ? max : offsets[1]) - this.scrollStart;
+  },
+  update: function(position) {
+    Position.prepare();
+    window.scrollTo(Position.deltaX, 
+      this.scrollStart + (position*this.delta));
+  }
+});
+
+/* ------------- combination effects ------------- */
+
+Effect.Fade = function(element) {
+  var oldOpacity = Element.getInlineOpacity(element);
+  var options = Object.extend({
+  from: Element.getOpacity(element) || 1.0,
+  to:   0.0,
+  afterFinishInternal: function(effect) { with(Element) { 
+    if(effect.options.to!=0) return;
+    hide(effect.element);
+    setStyle(effect.element, {opacity: oldOpacity}); }}
+  }, arguments[1] || {});
+  return new Effect.Opacity(element,options);
+}
+
+Effect.Appear = function(element) {
+  var options = Object.extend({
+  from: (Element.getStyle(element, 'display') == 'none' ? 0.0 : Element.getOpacity(element) || 0.0),
+  to:   1.0,
+  beforeSetup: function(effect) { with(Element) {
+    setOpacity(effect.element, effect.options.from);
+    show(effect.element); }}
+  }, arguments[1] || {});
+  return new Effect.Opacity(element,options);
+}
+
+Effect.Puff = function(element) {
+  element = $(element);
+  var oldStyle = { opacity: Element.getInlineOpacity(element), position: Element.getStyle(element, 'position') };
+  return new Effect.Parallel(
+   [ new Effect.Scale(element, 200, 
+      { sync: true, scaleFromCenter: true, scaleContent: true, restoreAfterFinish: true }), 
+     new Effect.Opacity(element, { sync: true, to: 0.0 } ) ], 
+     Object.extend({ duration: 1.0, 
+      beforeSetupInternal: function(effect) { with(Element) {
+        setStyle(effect.effects[0].element, {position: 'absolute'}); }},
+      afterFinishInternal: function(effect) { with(Element) {
+         hide(effect.effects[0].element);
+         setStyle(effect.effects[0].element, oldStyle); }}
+     }, arguments[1] || {})
+   );
+}
+
+Effect.BlindUp = function(element) {
+  element = $(element);
+  Element.makeClipping(element);
+  return new Effect.Scale(element, 0, 
+    Object.extend({ scaleContent: false, 
+      scaleX: false, 
+      restoreAfterFinish: true,
+      afterFinishInternal: function(effect) { with(Element) {
+        [hide, undoClipping].call(effect.element); }} 
+    }, arguments[1] || {})
+  );
+}
+
+Effect.BlindDown = function(element) {
+  element = $(element);
+  var oldHeight = Element.getStyle(element, 'height');
+  var elementDimensions = Element.getDimensions(element);
+  return new Effect.Scale(element, 100, 
+    Object.extend({ scaleContent: false, 
+      scaleX: false,
+      scaleFrom: 0,
+      scaleMode: {originalHeight: elementDimensions.height, originalWidth: elementDimensions.width},
+      restoreAfterFinish: true,
+      afterSetup: function(effect) { with(Element) {
+        makeClipping(effect.element);
+        setStyle(effect.element, {height: '0px'});
+        show(effect.element); 
+      }},  
+      afterFinishInternal: function(effect) { with(Element) {
+        undoClipping(effect.element);
+        setStyle(effect.element, {height: oldHeight});
+      }}
+    }, arguments[1] || {})
+  );
+}
+
+Effect.SwitchOff = function(element) {
+  element = $(element);
+  var oldOpacity = Element.getInlineOpacity(element);
+  return new Effect.Appear(element, { 
+    duration: 0.4,
+    from: 0,
+    transition: Effect.Transitions.flicker,
+    afterFinishInternal: function(effect) {
+      new Effect.Scale(effect.element, 1, { 
+        duration: 0.3, scaleFromCenter: true,
+        scaleX: false, scaleContent: false, restoreAfterFinish: true,
+        beforeSetup: function(effect) { with(Element) {
+          [makePositioned,makeClipping].call(effect.element);
+        }},
+        afterFinishInternal: function(effect) { with(Element) {
+          [hide,undoClipping,undoPositioned].call(effect.element);
+          setStyle(effect.element, {opacity: oldOpacity});
+        }}
+      })
+    }
+  });
+}
+
+Effect.DropOut = function(element) {
+  element = $(element);
+  var oldStyle = {
+    top: Element.getStyle(element, 'top'),
+    left: Element.getStyle(element, 'left'),
+    opacity: Element.getInlineOpacity(element) };
+  return new Effect.Parallel(
+    [ new Effect.Move(element, {x: 0, y: 100, sync: true }), 
+      new Effect.Opacity(element, { sync: true, to: 0.0 }) ],
+    Object.extend(
+      { duration: 0.5,
+        beforeSetup: function(effect) { with(Element) {
+          makePositioned(effect.effects[0].element); }},
+        afterFinishInternal: function(effect) { with(Element) {
+          [hide, undoPositioned].call(effect.effects[0].element);
+          setStyle(effect.effects[0].element, oldStyle); }} 
+      }, arguments[1] || {}));
+}
+
+Effect.Shake = function(element) {
+  element = $(element);
+  var oldStyle = {
+    top: Element.getStyle(element, 'top'),
+    left: Element.getStyle(element, 'left') };
+	  return new Effect.Move(element, 
+	    { x:  20, y: 0, duration: 0.05, afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x: -40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x:  40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x: -40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x:  40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x: -20, y: 0, duration: 0.05, afterFinishInternal: function(effect) { with(Element) {
+        undoPositioned(effect.element);
+        setStyle(effect.element, oldStyle);
+  }}}) }}) }}) }}) }}) }});
+}
+
+Effect.SlideDown = function(element) {
+  element = $(element);
+  Element.cleanWhitespace(element);
+  // SlideDown need to have the content of the element wrapped in a container element with fixed height!
+  var oldInnerBottom = Element.getStyle(element.firstChild, 'bottom');
+  var elementDimensions = Element.getDimensions(element);
+  return new Effect.Scale(element, 100, Object.extend({ 
+    scaleContent: false, 
+    scaleX: false, 
+    scaleFrom: 0,
+    scaleMode: {originalHeight: elementDimensions.height, originalWidth: elementDimensions.width},
+    restoreAfterFinish: true,
+    afterSetup: function(effect) { with(Element) {
+      makePositioned(effect.element);
+      makePositioned(effect.element.firstChild);
+      if(window.opera) setStyle(effect.element, {top: ''});
+      makeClipping(effect.element);
+      setStyle(effect.element, {height: '0px'});
+      show(element); }},
+    afterUpdateInternal: function(effect) { with(Element) {
+      setStyle(effect.element.firstChild, {bottom:
+        (effect.dims[0] - effect.element.clientHeight) + 'px' }); }},
+    afterFinishInternal: function(effect) { with(Element) {
+      undoClipping(effect.element); 
+      undoPositioned(effect.element.firstChild);
+      undoPositioned(effect.element);
+      setStyle(effect.element.firstChild, {bottom: oldInnerBottom}); }}
+    }, arguments[1] || {})
+  );
+}
+  
+Effect.SlideUp = function(element) {
+  element = $(element);
+  Element.cleanWhitespace(element);
+  var oldInnerBottom = Element.getStyle(element.firstChild, 'bottom');
+  return new Effect.Scale(element, 0, 
+   Object.extend({ scaleContent: false, 
+    scaleX: false, 
+    scaleMode: 'box',
+    scaleFrom: 100,
+    restoreAfterFinish: true,
+    beforeStartInternal: function(effect) { with(Element) {
+      makePositioned(effect.element);
+      makePositioned(effect.element.firstChild);
+      if(window.opera) setStyle(effect.element, {top: ''});
+      makeClipping(effect.element);
+      show(element); }},  
+    afterUpdateInternal: function(effect) { with(Element) {
+      setStyle(effect.element.firstChild, {bottom:
+        (effect.dims[0] - effect.element.clientHeight) + 'px' }); }},
+    afterFinishInternal: function(effect) { with(Element) {
+        [hide, undoClipping].call(effect.element); 
+        undoPositioned(effect.element.firstChild);
+        undoPositioned(effect.element);
+        setStyle(effect.element.firstChild, {bottom: oldInnerBottom}); }}
+   }, arguments[1] || {})
+  );
+}
+
+// Bug in opera makes the TD containing this element expand for a instance after finish 
+Effect.Squish = function(element) {
+  return new Effect.Scale(element, window.opera ? 1 : 0, 
+    { restoreAfterFinish: true,
+      beforeSetup: function(effect) { with(Element) {
+        makeClipping(effect.element); }},  
+      afterFinishInternal: function(effect) { with(Element) {
+        hide(effect.element); 
+        undoClipping(effect.element); }}
+  });
+}
+
+Effect.Grow = function(element) {
+  element = $(element);
+  var options = Object.extend({
+    direction: 'center',
+    moveTransistion: Effect.Transitions.sinoidal,
+    scaleTransition: Effect.Transitions.sinoidal,
+    opacityTransition: Effect.Transitions.full
+  }, arguments[1] || {});
+  var oldStyle = {
+    top: element.style.top,
+    left: element.style.left,
+    height: element.style.height,
+    width: element.style.width,
+    opacity: Element.getInlineOpacity(element) };
+
+  var dims = Element.getDimensions(element);    
+  var initialMoveX, initialMoveY;
+  var moveX, moveY;
+  
+  switch (options.direction) {
+    case 'top-left':
+      initialMoveX = initialMoveY = moveX = moveY = 0; 
+      break;
+    case 'top-right':
+      initialMoveX = dims.width;
+      initialMoveY = moveY = 0;
+      moveX = -dims.width;
+      break;
+    case 'bottom-left':
+      initialMoveX = moveX = 0;
+      initialMoveY = dims.height;
+      moveY = -dims.height;
+      break;
+    case 'bottom-right':
+      initialMoveX = dims.width;
+      initialMoveY = dims.height;
+      moveX = -dims.width;
+      moveY = -dims.height;
+      break;
+    case 'center':
+      initialMoveX = dims.width / 2;
+      initialMoveY = dims.height / 2;
+      moveX = -dims.width / 2;
+      moveY = -dims.height / 2;
+      break;
+  }
+  
+  return new Effect.Move(element, {
+    x: initialMoveX,
+    y: initialMoveY,
+    duration: 0.01, 
+    beforeSetup: function(effect) { with(Element) {
+      hide(effect.element);
+      makeClipping(effect.element);
+      makePositioned(effect.element);
+    }},
+    afterFinishInternal: function(effect) {
+      new Effect.Parallel(
+        [ new Effect.Opacity(effect.element, { sync: true, to: 1.0, from: 0.0, transition: options.opacityTransition }),
+          new Effect.Move(effect.element, { x: moveX, y: moveY, sync: true, transition: options.moveTransition }),
+          new Effect.Scale(effect.element, 100, {
+            scaleMode: { originalHeight: dims.height, originalWidth: dims.width }, 
+            sync: true, scaleFrom: window.opera ? 1 : 0, transition: options.scaleTransition, restoreAfterFinish: true})
+        ], Object.extend({
+             beforeSetup: function(effect) { with(Element) {
+               setStyle(effect.effects[0].element, {height: '0px'});
+               show(effect.effects[0].element); }},
+             afterFinishInternal: function(effect) { with(Element) {
+               [undoClipping, undoPositioned].call(effect.effects[0].element); 
+               setStyle(effect.effects[0].element, oldStyle); }}
+           }, options)
+      )
+    }
+  });
+}
+
+Effect.Shrink = function(element) {
+  element = $(element);
+  var options = Object.extend({
+    direction: 'center',
+    moveTransistion: Effect.Transitions.sinoidal,
+    scaleTransition: Effect.Transitions.sinoidal,
+    opacityTransition: Effect.Transitions.none
+  }, arguments[1] || {});
+  var oldStyle = {
+    top: element.style.top,
+    left: element.style.left,
+    height: element.style.height,
+    width: element.style.width,
+    opacity: Element.getInlineOpacity(element) };
+
+  var dims = Element.getDimensions(element);
+  var moveX, moveY;
+  
+  switch (options.direction) {
+    case 'top-left':
+      moveX = moveY = 0;
+      break;
+    case 'top-right':
+      moveX = dims.width;
+      moveY = 0;
+      break;
+    case 'bottom-left':
+      moveX = 0;
+      moveY = dims.height;
+      break;
+    case 'bottom-right':
+      moveX = dims.width;
+      moveY = dims.height;
+      break;
+    case 'center':  
+      moveX = dims.width / 2;
+      moveY = dims.height / 2;
+      break;
+  }
+  
+  return new Effect.Parallel(
+    [ new Effect.Opacity(element, { sync: true, to: 0.0, from: 1.0, transition: options.opacityTransition }),
+      new Effect.Scale(element, window.opera ? 1 : 0, { sync: true, transition: options.scaleTransition, restoreAfterFinish: true}),
+      new Effect.Move(element, { x: moveX, y: moveY, sync: true, transition: options.moveTransition })
+    ], Object.extend({            
+         beforeStartInternal: function(effect) { with(Element) {
+           [makePositioned, makeClipping].call(effect.effects[0].element) }},
+         afterFinishInternal: function(effect) { with(Element) {
+           [hide, undoClipping, undoPositioned].call(effect.effects[0].element);
+           setStyle(effect.effects[0].element, oldStyle); }}
+       }, options)
+  );
+}
+
+Effect.Pulsate = function(element) {
+  element = $(element);
+  var options    = arguments[1] || {};
+  var oldOpacity = Element.getInlineOpacity(element);
+  var transition = options.transition || Effect.Transitions.sinoidal;
+  var reverser   = function(pos){ return transition(1-Effect.Transitions.pulse(pos)) };
+  reverser.bind(transition);
+  return new Effect.Opacity(element, 
+    Object.extend(Object.extend({  duration: 3.0, from: 0,
+      afterFinishInternal: function(effect) { Element.setStyle(effect.element, {opacity: oldOpacity}); }
+    }, options), {transition: reverser}));
+}
+
+Effect.Fold = function(element) {
+  element = $(element);
+  var oldStyle = {
+    top: element.style.top,
+    left: element.style.left,
+    width: element.style.width,
+    height: element.style.height };
+  Element.makeClipping(element);
+  return new Effect.Scale(element, 5, Object.extend({   
+    scaleContent: false,
+    scaleX: false,
+    afterFinishInternal: function(effect) {
+    new Effect.Scale(element, 1, { 
+      scaleContent: false, 
+      scaleY: false,
+      afterFinishInternal: function(effect) { with(Element) {
+        [hide, undoClipping].call(effect.element); 
+        setStyle(effect.element, oldStyle);
+      }} });
+  }}, arguments[1] || {}));
+}
diff --git a/base/tps-client/apache/docroot/esc/sow/js/lightbox.js b/base/tps-client/apache/docroot/esc/sow/js/lightbox.js
new file mode 100755
index 000000000..11856b208
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/js/lightbox.js
@@ -0,0 +1,689 @@
+// -----------------------------------------------------------------------------------

+//

+//	Lightbox v2.02

+//	by Lokesh Dhakar - http://www.huddletogether.com

+//	3/31/06

+//

+//	For more information on this script, visit:

+//	http://huddletogether.com/projects/lightbox2/

+//

+//	Licensed under the Creative Commons Attribution 2.5 License - http://creativecommons.org/licenses/by/2.5/

+//	

+//	Credit also due to those who have helped, inspired, and made their code available to the public.

+//	Including: Scott Upton(uptonic.com), Peter-Paul Koch(quirksmode.org), Thomas Fuchs(mir.aculo.us), and others.

+//

+//

+// -----------------------------------------------------------------------------------

+/*

+

+	Table of Contents

+	-----------------

+	Configuration

+	Global Variables

+

+	Extending Built-in Objects	

+	- Object.extend(Element)

+	- Array.prototype.removeDuplicates()

+	- Array.prototype.empty()

+

+	Lightbox Class Declaration

+	- initialize()

+	- start()

+	- changeImage()

+	- resizeImageContainer()

+	- showImage()

+	- updateDetails()

+	- updateNav()

+	- enableKeyboardNav()

+	- disableKeyboardNav()

+	- keyboardAction()

+	- preloadNeighborImages()

+	- end()

+	

+	Miscellaneous Functions

+	- getPageScroll()

+	- getPageSize()

+	- getKey()

+	- listenKey()

+	- showSelectBoxes()

+	- hideSelectBoxes()

+	- pause()

+	- initLightbox()

+	

+	Function Calls

+	- addLoadEvent(initLightbox)

+	

+*/

+// -----------------------------------------------------------------------------------

+

+//

+//	Configuration

+//

+var fileLoadingImage = "/sow/images/loading.gif";		

+var fileBottomNavCloseImage = "/sow/images/closelabel.gif";

+

+var resizeSpeed = 7;	// controls the speed of the image resizing (1=slowest and 10=fastest)

+

+var borderSize = 10;	//if you adjust the padding in the CSS, you will need to update this variable

+

+// -----------------------------------------------------------------------------------

+

+//

+//	Global Variables

+//

+var imageArray = new Array;

+var activeImage;

+

+if(resizeSpeed > 10){ resizeSpeed = 10;}

+if(resizeSpeed < 1){ resizeSpeed = 1;}

+resizeDuration = (11 - resizeSpeed) * 0.15;

+

+// -----------------------------------------------------------------------------------

+

+//

+//	Additional methods for Element added by SU, Couloir

+//	- further additions by Lokesh Dhakar (huddletogether.com)

+//

+Object.extend(Element, {

+	getWidth: function(element) {

+	   	element = $(element);

+	   	return element.offsetWidth; 

+	},

+	setWidth: function(element,w) {

+	   	element = $(element);

+    	element.style.width = w +"px";

+	},

+	setHeight: function(element,h) {

+   		element = $(element);

+    	element.style.height = h +"px";

+	},

+	setTop: function(element,t) {

+	   	element = $(element);

+    	element.style.top = t +"px";

+	},

+	setSrc: function(element,src) {

+    	element = $(element);

+    	element.src = src; 

+	},

+	setHref: function(element,href) {

+    	element = $(element);

+    	element.href = href; 

+	},

+	setInnerHTML: function(element,content) {

+		element = $(element);

+		element.innerHTML = content;

+	}

+});

+

+// -----------------------------------------------------------------------------------

+

+//

+//	Extending built-in Array object

+//	- array.removeDuplicates()

+//	- array.empty()

+//

+Array.prototype.removeDuplicates = function () {

+	for(i = 1; i < this.length; i++){

+		if(this[i][0] == this[i-1][0]){

+			this.splice(i,1);

+		}

+	}

+}

+

+// -----------------------------------------------------------------------------------

+

+Array.prototype.empty = function () {

+	for(i = 0; i <= this.length; i++){

+		this.shift();

+	}

+}

+

+// -----------------------------------------------------------------------------------

+

+//

+//	Lightbox Class Declaration

+//	- initialize()

+//	- start()

+//	- changeImage()

+//	- resizeImageContainer()

+//	- showImage()

+//	- updateDetails()

+//	- updateNav()

+//	- enableKeyboardNav()

+//	- disableKeyboardNav()

+//	- keyboardNavAction()

+//	- preloadNeighborImages()

+//	- end()

+//

+//	Structuring of code inspired by Scott Upton (http://www.uptonic.com/)

+//

+var Lightbox = Class.create();

+

+Lightbox.prototype = {

+	

+	// initialize()

+	// Constructor runs on completion of the DOM loading. Loops through anchor tags looking for 

+	// 'lightbox' references and applies onclick events to appropriate links. The 2nd section of

+	// the function inserts html at the bottom of the page which is used to display the shadow 

+	// overlay and the image container.

+	//

+	initialize: function() {	

+		if (!document.getElementsByTagName){ return; }

+		var anchors = document.getElementsByTagName('a');

+

+		// loop through all anchor tags

+		for (var i=0; i<anchors.length; i++){

+			var anchor = anchors[i];

+			

+			var relAttribute = String(anchor.getAttribute('rel'));

+			

+			// use the string.match() method to catch 'lightbox' references in the rel attribute

+			if (anchor.getAttribute('href') && (relAttribute.toLowerCase().match('lightbox'))){

+				anchor.onclick = function () {myLightbox.start(this); return false;}

+			}

+		}

+

+		// The rest of this code inserts html at the bottom of the page that looks similar to this:

+		//

+		//	<div id="overlay"></div>

+		//	<div id="lightbox">

+		//		<div id="outerImageContainer">

+		//			<div id="imageContainer">

+		//				<img id="lightboxImage">

+		//				<div style="" id="hoverNav">

+		//					<a href="#" id="prevLink"></a>

+		//					<a href="#" id="nextLink"></a>

+		//				</div>

+		//				<div id="loading">

+		//					<a href="#" id="loadingLink">

+		//						<img src="images/loading.gif">

+		//					</a>

+		//				</div>

+		//			</div>

+		//		</div>

+		//		<div id="imageDataContainer">

+		//			<div id="imageData">

+		//				<div id="imageDetails">

+		//					<span id="caption"></span>

+		//					<span id="numberDisplay"></span>

+		//				</div>

+		//				<div id="bottomNav">

+		//					<a href="#" id="bottomNavClose">

+		//						<img src="images/close.gif">

+		//					</a>

+		//				</div>

+		//			</div>

+		//		</div>

+		//	</div>

+

+

+		var objBody = document.getElementsByTagName("body").item(0);

+		

+		var objOverlay = document.createElement("div");

+		objOverlay.setAttribute('id','overlay');

+		objOverlay.style.display = 'none';

+		objOverlay.onclick = function() { myLightbox.end(); return false; }

+		objBody.appendChild(objOverlay);

+		

+		var objLightbox = document.createElement("div");

+		objLightbox.setAttribute('id','lightbox');

+		objLightbox.style.display = 'none';

+		objBody.appendChild(objLightbox);

+	

+		var objOuterImageContainer = document.createElement("div");

+		objOuterImageContainer.setAttribute('id','outerImageContainer');

+		objLightbox.appendChild(objOuterImageContainer);

+

+		var objImageContainer = document.createElement("div");

+		objImageContainer.setAttribute('id','imageContainer');

+		objOuterImageContainer.appendChild(objImageContainer);

+	

+		var objLightboxImage = document.createElement("img");

+		objLightboxImage.setAttribute('id','lightboxImage');

+		objImageContainer.appendChild(objLightboxImage);

+	

+		var objHoverNav = document.createElement("div");

+		objHoverNav.setAttribute('id','hoverNav');

+		objImageContainer.appendChild(objHoverNav);

+	

+		var objPrevLink = document.createElement("a");

+		objPrevLink.setAttribute('id','prevLink');

+		objPrevLink.setAttribute('href','#');

+		objHoverNav.appendChild(objPrevLink);

+		

+		var objNextLink = document.createElement("a");

+		objNextLink.setAttribute('id','nextLink');

+		objNextLink.setAttribute('href','#');

+		objHoverNav.appendChild(objNextLink);

+	

+		var objLoading = document.createElement("div");

+		objLoading.setAttribute('id','loading');

+		objImageContainer.appendChild(objLoading);

+	

+		var objLoadingLink = document.createElement("a");

+		objLoadingLink.setAttribute('id','loadingLink');

+		objLoadingLink.setAttribute('href','#');

+		objLoadingLink.onclick = function() { myLightbox.end(); return false; }

+		objLoading.appendChild(objLoadingLink);

+	

+		var objLoadingImage = document.createElement("img");

+		objLoadingImage.setAttribute('src', fileLoadingImage);

+		objLoadingLink.appendChild(objLoadingImage);

+

+		var objImageDataContainer = document.createElement("div");

+		objImageDataContainer.setAttribute('id','imageDataContainer');

+		objImageDataContainer.className = 'clearfix';

+		objLightbox.appendChild(objImageDataContainer);

+

+		var objImageData = document.createElement("div");

+		objImageData.setAttribute('id','imageData');

+		objImageDataContainer.appendChild(objImageData);

+	

+		var objImageDetails = document.createElement("div");

+		objImageDetails.setAttribute('id','imageDetails');

+		objImageData.appendChild(objImageDetails);

+	

+		var objCaption = document.createElement("span");

+		objCaption.setAttribute('id','caption');

+		objImageDetails.appendChild(objCaption);

+	

+		var objNumberDisplay = document.createElement("span");

+		objNumberDisplay.setAttribute('id','numberDisplay');

+		objImageDetails.appendChild(objNumberDisplay);

+		

+		var objBottomNav = document.createElement("div");

+		objBottomNav.setAttribute('id','bottomNav');

+		objImageData.appendChild(objBottomNav);

+	

+		var objBottomNavCloseLink = document.createElement("a");

+		objBottomNavCloseLink.setAttribute('id','bottomNavClose');

+		objBottomNavCloseLink.setAttribute('href','#');

+		objBottomNavCloseLink.onclick = function() { myLightbox.end(); return false; }

+		objBottomNav.appendChild(objBottomNavCloseLink);

+	

+		var objBottomNavCloseImage = document.createElement("img");

+		objBottomNavCloseImage.setAttribute('src', fileBottomNavCloseImage);

+		objBottomNavCloseLink.appendChild(objBottomNavCloseImage);

+	},

+	

+	//

+	//	start()

+	//	Display overlay and lightbox. If image is part of a set, add siblings to imageArray.

+	//

+	start: function(imageLink) {	

+

+		hideSelectBoxes();

+

+		// stretch overlay to fill page and fade in

+		var arrayPageSize = getPageSize();

+		Element.setHeight('overlay', arrayPageSize[1]);

+		new Effect.Appear('overlay', { duration: 0.2, from: 0.0, to: 0.8 });

+

+		imageArray = [];

+		imageNum = 0;		

+

+		if (!document.getElementsByTagName){ return; }

+		var anchors = document.getElementsByTagName('a');

+

+		// if image is NOT part of a set..

+		if((imageLink.getAttribute('rel') == 'lightbox')){

+			// add single image to imageArray

+			imageArray.push(new Array(imageLink.getAttribute('href'), imageLink.getAttribute('title')));			

+		} else {

+		// if image is part of a set..

+

+			// loop through anchors, find other images in set, and add them to imageArray

+			for (var i=0; i<anchors.length; i++){

+				var anchor = anchors[i];

+				if (anchor.getAttribute('href') && (anchor.getAttribute('rel') == imageLink.getAttribute('rel'))){

+					imageArray.push(new Array(anchor.getAttribute('href'), anchor.getAttribute('title')));

+				}

+			}

+			imageArray.removeDuplicates();

+			while(imageArray[imageNum][0] != imageLink.getAttribute('href')) { imageNum++;}

+		}

+

+		// calculate top offset for the lightbox and display 

+		var arrayPageSize = getPageSize();

+		var arrayPageScroll = getPageScroll();

+		var lightboxTop = arrayPageScroll[1] + (arrayPageSize[3] / 15);

+

+		Element.setTop('lightbox', lightboxTop);

+		Element.show('lightbox');

+		

+		this.changeImage(imageNum);

+	},

+

+	//

+	//	changeImage()

+	//	Hide most elements and preload image in preparation for resizing image container.

+	//

+	changeImage: function(imageNum) {	

+		

+		activeImage = imageNum;	// update global var

+

+		// hide elements during transition

+		Element.show('loading');

+		Element.hide('lightboxImage');

+		Element.hide('hoverNav');

+		Element.hide('prevLink');

+		Element.hide('nextLink');

+		Element.hide('imageDataContainer');

+		Element.hide('numberDisplay');		

+		

+		imgPreloader = new Image();

+		

+		// once image is preloaded, resize image container

+		imgPreloader.onload=function(){

+			Element.setSrc('lightboxImage', imageArray[activeImage][0]);

+			myLightbox.resizeImageContainer(imgPreloader.width, imgPreloader.height);

+		}

+		imgPreloader.src = imageArray[activeImage][0];

+	},

+

+	//

+	//	resizeImageContainer()

+	//

+	resizeImageContainer: function( imgWidth, imgHeight) {

+

+		// get current height and width

+		this.wCur = Element.getWidth('outerImageContainer');

+		this.hCur = Element.getHeight('outerImageContainer');

+

+		// scalars based on change from old to new

+		this.xScale = ((imgWidth  + (borderSize * 2)) / this.wCur) * 100;

+		this.yScale = ((imgHeight  + (borderSize * 2)) / this.hCur) * 100;

+

+		// calculate size difference between new and old image, and resize if necessary

+		wDiff = (this.wCur - borderSize * 2) - imgWidth;

+		hDiff = (this.hCur - borderSize * 2) - imgHeight;

+

+		if(!( hDiff == 0)){ new Effect.Scale('outerImageContainer', this.yScale, {scaleX: false, duration: resizeDuration, queue: 'front'}); }

+		if(!( wDiff == 0)){ new Effect.Scale('outerImageContainer', this.xScale, {scaleY: false, delay: resizeDuration, duration: resizeDuration}); }

+

+		// if new and old image are same size and no scaling transition is necessary, 

+		// do a quick pause to prevent image flicker.

+		if((hDiff == 0) && (wDiff == 0)){

+			if (navigator.appVersion.indexOf("MSIE")!=-1){ pause(250); } else { pause(100);} 

+		}

+

+		Element.setHeight('prevLink', imgHeight);

+		Element.setHeight('nextLink', imgHeight);

+		Element.setWidth( 'imageDataContainer', imgWidth + (borderSize * 2));

+

+		this.showImage();

+	},

+	

+	//

+	//	showImage()

+	//	Display image and begin preloading neighbors.

+	//

+	showImage: function(){

+		Element.hide('loading');

+		new Effect.Appear('lightboxImage', { duration: 0.5, queue: 'end', afterFinish: function(){	myLightbox.updateDetails(); } });

+		this.preloadNeighborImages();

+	},

+

+	//

+	//	updateDetails()

+	//	Display caption, image number, and bottom nav.

+	//

+	updateDetails: function() {

+	

+		Element.show('caption');

+		Element.setInnerHTML( 'caption', imageArray[activeImage][1]);

+		

+		// if image is part of set display 'Image x of x' 

+		if(imageArray.length > 1){

+			Element.show('numberDisplay');

+			Element.setInnerHTML( 'numberDisplay', "Image " + eval(activeImage + 1) + " of " + imageArray.length);

+		}

+

+		new Effect.Parallel(

+			[ new Effect.SlideDown( 'imageDataContainer', { sync: true, duration: resizeDuration + 0.25, from: 0.0, to: 1.0 }), 

+			  new Effect.Appear('imageDataContainer', { sync: true, duration: 1.0 }) ], 

+			{ duration: 0.65, afterFinish: function() { myLightbox.updateNav();} } 

+		);

+	},

+

+	//

+	//	updateNav()

+	//	Display appropriate previous and next hover navigation.

+	//

+	updateNav: function() {

+

+		Element.show('hoverNav');				

+

+		// if not first image in set, display prev image button

+		if(activeImage != 0){

+			Element.show('prevLink');

+			document.getElementById('prevLink').onclick = function() {

+				myLightbox.changeImage(activeImage - 1); return false;

+			}

+		}

+

+		// if not last image in set, display next image button

+		if(activeImage != (imageArray.length - 1)){

+			Element.show('nextLink');

+			document.getElementById('nextLink').onclick = function() {

+				myLightbox.changeImage(activeImage + 1); return false;

+			}

+		}

+		

+		this.enableKeyboardNav();

+	},

+

+	//

+	//	enableKeyboardNav()

+	//

+	enableKeyboardNav: function() {

+		document.onkeydown = this.keyboardAction; 

+	},

+

+	//

+	//	disableKeyboardNav()

+	//

+	disableKeyboardNav: function() {

+		document.onkeydown = '';

+	},

+

+	//

+	//	keyboardAction()

+	//

+	keyboardAction: function(e) {

+		if (e == null) { // ie

+			keycode = event.keyCode;

+		} else { // mozilla

+			keycode = e.which;

+		}

+

+		key = String.fromCharCode(keycode).toLowerCase();

+		

+		if((key == 'x') || (key == 'o') || (key == 'c')){	// close lightbox

+			myLightbox.end();

+		} else if(key == 'p'){	// display previous image

+			if(activeImage != 0){

+				myLightbox.disableKeyboardNav();

+				myLightbox.changeImage(activeImage - 1);

+			}

+		} else if(key == 'n'){	// display next image

+			if(activeImage != (imageArray.length - 1)){

+				myLightbox.disableKeyboardNav();

+				myLightbox.changeImage(activeImage + 1);

+			}

+		}

+

+

+	},

+

+	//

+	//	preloadNeighborImages()

+	//	Preload previous and next images.

+	//

+	preloadNeighborImages: function(){

+

+		if((imageArray.length - 1) > activeImage){

+			preloadNextImage = new Image();

+			preloadNextImage.src = imageArray[activeImage + 1][0];

+		}

+		if(activeImage > 0){

+			preloadPrevImage = new Image();

+			preloadPrevImage.src = imageArray[activeImage - 1][0];

+		}

+	

+	},

+

+	//

+	//	end()

+	//

+	end: function() {

+		this.disableKeyboardNav();

+		Element.hide('lightbox');

+		new Effect.Fade('overlay', { duration: 0.2});

+		showSelectBoxes();

+	}

+}

+

+// -----------------------------------------------------------------------------------

+

+//

+// getPageScroll()

+// Returns array with x,y page scroll values.

+// Core code from - quirksmode.org

+//

+function getPageScroll(){

+

+	var yScroll;

+

+	if (self.pageYOffset) {

+		yScroll = self.pageYOffset;

+	} else if (document.documentElement && document.documentElement.scrollTop){	 // Explorer 6 Strict

+		yScroll = document.documentElement.scrollTop;

+	} else if (document.body) {// all other Explorers

+		yScroll = document.body.scrollTop;

+	}

+

+	arrayPageScroll = new Array('',yScroll) 

+	return arrayPageScroll;

+}

+

+// -----------------------------------------------------------------------------------

+

+//

+// getPageSize()

+// Returns array with page width, height and window width, height

+// Core code from - quirksmode.org

+// Edit for Firefox by pHaez

+//

+function getPageSize(){

+	

+	var xScroll, yScroll;

+	

+	if (window.innerHeight && window.scrollMaxY) {	

+		xScroll = document.body.scrollWidth;

+		yScroll = window.innerHeight + window.scrollMaxY;

+	} else if (document.body.scrollHeight > document.body.offsetHeight){ // all but Explorer Mac

+		xScroll = document.body.scrollWidth;

+		yScroll = document.body.scrollHeight;

+	} else { // Explorer Mac...would also work in Explorer 6 Strict, Mozilla and Safari

+		xScroll = document.body.offsetWidth;

+		yScroll = document.body.offsetHeight;

+	}

+	

+	var windowWidth, windowHeight;

+	if (self.innerHeight) {	// all except Explorer

+		windowWidth = self.innerWidth;

+		windowHeight = self.innerHeight;

+	} else if (document.documentElement && document.documentElement.clientHeight) { // Explorer 6 Strict Mode

+		windowWidth = document.documentElement.clientWidth;

+		windowHeight = document.documentElement.clientHeight;

+	} else if (document.body) { // other Explorers

+		windowWidth = document.body.clientWidth;

+		windowHeight = document.body.clientHeight;

+	}	

+	

+	// for small pages with total height less then height of the viewport

+	if(yScroll < windowHeight){

+		pageHeight = windowHeight;

+	} else { 

+		pageHeight = yScroll;

+	}

+

+	// for small pages with total width less then width of the viewport

+	if(xScroll < windowWidth){	

+		pageWidth = windowWidth;

+	} else {

+		pageWidth = xScroll;

+	}

+

+

+	arrayPageSize = new Array(pageWidth,pageHeight,windowWidth,windowHeight) 

+	return arrayPageSize;

+}

+

+// -----------------------------------------------------------------------------------

+

+//

+// getKey(key)

+// Gets keycode. If 'x' is pressed then it hides the lightbox.

+//

+function getKey(e){

+	if (e == null) { // ie

+		keycode = event.keyCode;

+	} else { // mozilla

+		keycode = e.which;

+	}

+	key = String.fromCharCode(keycode).toLowerCase();

+	

+	if(key == 'x'){

+	}

+}

+

+// -----------------------------------------------------------------------------------

+

+//

+// listenKey()

+//

+function listenKey () {	document.onkeypress = getKey; }

+	

+// ---------------------------------------------------

+

+function showSelectBoxes(){

+	selects = document.getElementsByTagName("select");

+	for (i = 0; i != selects.length; i++) {

+		selects[i].style.visibility = "visible";

+	}

+}

+

+// ---------------------------------------------------

+

+function hideSelectBoxes(){

+	selects = document.getElementsByTagName("select");

+	for (i = 0; i != selects.length; i++) {

+		selects[i].style.visibility = "hidden";

+	}

+}

+

+// ---------------------------------------------------

+

+//

+// pause(numberMillis)

+// Pauses code execution for specified time. Uses busy code, not good.

+// Code from http://www.faqts.com/knowledge_base/view.phtml/aid/1602

+//

+function pause(numberMillis) {

+	var now = new Date();

+	var exitTime = now.getTime() + numberMillis;

+	while (true) {

+		now = new Date();

+		if (now.getTime() > exitTime)

+			return;

+	}

+}

+

+// ---------------------------------------------------

+

+

+

+function initLightbox() { myLightbox = new Lightbox(); }

+Event.observe(window, 'load', initLightbox, false);

diff --git a/base/tps-client/apache/docroot/esc/sow/js/prototype.js b/base/tps-client/apache/docroot/esc/sow/js/prototype.js
new file mode 100755
index 000000000..e9ccd3c88
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/js/prototype.js
@@ -0,0 +1,1785 @@
+/*  Prototype JavaScript framework, version 1.4.0
+ *  (c) 2005 Sam Stephenson <sam@conio.net>
+ *
+ *  THIS FILE IS AUTOMATICALLY GENERATED. When sending patches, please diff
+ *  against the source tree, available from the Prototype darcs repository.
+ *
+ *  Prototype is freely distributable under the terms of an MIT-style license.
+ *
+ *  For details, see the Prototype web site: http://prototype.conio.net/
+ *
+/*--------------------------------------------------------------------------*/
+
+var Prototype = {
+  Version: '1.4.0',
+  ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)',
+
+  emptyFunction: function() {},
+  K: function(x) {return x}
+}
+
+var Class = {
+  create: function() {
+    return function() {
+      this.initialize.apply(this, arguments);
+    }
+  }
+}
+
+var Abstract = new Object();
+
+Object.extend = function(destination, source) {
+  for (property in source) {
+    destination[property] = source[property];
+  }
+  return destination;
+}
+
+Object.inspect = function(object) {
+  try {
+    if (object == undefined) return 'undefined';
+    if (object == null) return 'null';
+    return object.inspect ? object.inspect() : object.toString();
+  } catch (e) {
+    if (e instanceof RangeError) return '...';
+    throw e;
+  }
+}
+
+Function.prototype.bind = function() {
+  var __method = this, args = $A(arguments), object = args.shift();
+  return function() {
+    return __method.apply(object, args.concat($A(arguments)));
+  }
+}
+
+Function.prototype.bindAsEventListener = function(object) {
+  var __method = this;
+  return function(event) {
+    return __method.call(object, event || window.event);
+  }
+}
+
+Object.extend(Number.prototype, {
+  toColorPart: function() {
+    var digits = this.toString(16);
+    if (this < 16) return '0' + digits;
+    return digits;
+  },
+
+  succ: function() {
+    return this + 1;
+  },
+
+  times: function(iterator) {
+    $R(0, this, true).each(iterator);
+    return this;
+  }
+});
+
+var Try = {
+  these: function() {
+    var returnValue;
+
+    for (var i = 0; i < arguments.length; i++) {
+      var lambda = arguments[i];
+      try {
+        returnValue = lambda();
+        break;
+      } catch (e) {}
+    }
+
+    return returnValue;
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+var PeriodicalExecuter = Class.create();
+PeriodicalExecuter.prototype = {
+  initialize: function(callback, frequency) {
+    this.callback = callback;
+    this.frequency = frequency;
+    this.currentlyExecuting = false;
+
+    this.registerCallback();
+  },
+
+  registerCallback: function() {
+    setInterval(this.onTimerEvent.bind(this), this.frequency * 1000);
+  },
+
+  onTimerEvent: function() {
+    if (!this.currentlyExecuting) {
+      try {
+        this.currentlyExecuting = true;
+        this.callback();
+      } finally {
+        this.currentlyExecuting = false;
+      }
+    }
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+function $() {
+  var elements = new Array();
+
+  for (var i = 0; i < arguments.length; i++) {
+    var element = arguments[i];
+    if (typeof element == 'string')
+      element = document.getElementById(element);
+
+    if (arguments.length == 1)
+      return element;
+
+    elements.push(element);
+  }
+
+  return elements;
+}
+Object.extend(String.prototype, {
+  stripTags: function() {
+    return this.replace(/<\/?[^>]+>/gi, '');
+  },
+
+  stripScripts: function() {
+    return this.replace(new RegExp(Prototype.ScriptFragment, 'img'), '');
+  },
+
+  extractScripts: function() {
+    var matchAll = new RegExp(Prototype.ScriptFragment, 'img');
+    var matchOne = new RegExp(Prototype.ScriptFragment, 'im');
+    return (this.match(matchAll) || []).map(function(scriptTag) {
+      return (scriptTag.match(matchOne) || ['', ''])[1];
+    });
+  },
+
+  evalScripts: function() {
+    return this.extractScripts().map(eval);
+  },
+
+  escapeHTML: function() {
+    var div = document.createElement('div');
+    var text = document.createTextNode(this);
+    div.appendChild(text);
+    return div.innerHTML;
+  },
+
+  unescapeHTML: function() {
+    var div = document.createElement('div');
+    div.innerHTML = this.stripTags();
+    return div.childNodes[0] ? div.childNodes[0].nodeValue : '';
+  },
+
+  toQueryParams: function() {
+    var pairs = this.match(/^\??(.*)$/)[1].split('&');
+    return pairs.inject({}, function(params, pairString) {
+      var pair = pairString.split('=');
+      params[pair[0]] = pair[1];
+      return params;
+    });
+  },
+
+  toArray: function() {
+    return this.split('');
+  },
+
+  camelize: function() {
+    var oStringList = this.split('-');
+    if (oStringList.length == 1) return oStringList[0];
+
+    var camelizedString = this.indexOf('-') == 0
+      ? oStringList[0].charAt(0).toUpperCase() + oStringList[0].substring(1)
+      : oStringList[0];
+
+    for (var i = 1, len = oStringList.length; i < len; i++) {
+      var s = oStringList[i];
+      camelizedString += s.charAt(0).toUpperCase() + s.substring(1);
+    }
+
+    return camelizedString;
+  },
+
+  inspect: function() {
+    return "'" + this.replace('\\', '\\\\').replace("'", '\\\'') + "'";
+  }
+});
+
+String.prototype.parseQuery = String.prototype.toQueryParams;
+
+var $break    = new Object();
+var $continue = new Object();
+
+var Enumerable = {
+  each: function(iterator) {
+    var index = 0;
+    try {
+      this._each(function(value) {
+        try {
+          iterator(value, index++);
+        } catch (e) {
+          if (e != $continue) throw e;
+        }
+      });
+    } catch (e) {
+      if (e != $break) throw e;
+    }
+  },
+
+  all: function(iterator) {
+    var result = true;
+    this.each(function(value, index) {
+      result = result && !!(iterator || Prototype.K)(value, index);
+      if (!result) throw $break;
+    });
+    return result;
+  },
+
+  any: function(iterator) {
+    var result = true;
+    this.each(function(value, index) {
+      if (result = !!(iterator || Prototype.K)(value, index))
+        throw $break;
+    });
+    return result;
+  },
+
+  collect: function(iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      results.push(iterator(value, index));
+    });
+    return results;
+  },
+
+  detect: function (iterator) {
+    var result;
+    this.each(function(value, index) {
+      if (iterator(value, index)) {
+        result = value;
+        throw $break;
+      }
+    });
+    return result;
+  },
+
+  findAll: function(iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      if (iterator(value, index))
+        results.push(value);
+    });
+    return results;
+  },
+
+  grep: function(pattern, iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      var stringValue = value.toString();
+      if (stringValue.match(pattern))
+        results.push((iterator || Prototype.K)(value, index));
+    })
+    return results;
+  },
+
+  include: function(object) {
+    var found = false;
+    this.each(function(value) {
+      if (value == object) {
+        found = true;
+        throw $break;
+      }
+    });
+    return found;
+  },
+
+  inject: function(memo, iterator) {
+    this.each(function(value, index) {
+      memo = iterator(memo, value, index);
+    });
+    return memo;
+  },
+
+  invoke: function(method) {
+    var args = $A(arguments).slice(1);
+    return this.collect(function(value) {
+      return value[method].apply(value, args);
+    });
+  },
+
+  max: function(iterator) {
+    var result;
+    this.each(function(value, index) {
+      value = (iterator || Prototype.K)(value, index);
+      if (value >= (result || value))
+        result = value;
+    });
+    return result;
+  },
+
+  min: function(iterator) {
+    var result;
+    this.each(function(value, index) {
+      value = (iterator || Prototype.K)(value, index);
+      if (value <= (result || value))
+        result = value;
+    });
+    return result;
+  },
+
+  partition: function(iterator) {
+    var trues = [], falses = [];
+    this.each(function(value, index) {
+      ((iterator || Prototype.K)(value, index) ?
+        trues : falses).push(value);
+    });
+    return [trues, falses];
+  },
+
+  pluck: function(property) {
+    var results = [];
+    this.each(function(value, index) {
+      results.push(value[property]);
+    });
+    return results;
+  },
+
+  reject: function(iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      if (!iterator(value, index))
+        results.push(value);
+    });
+    return results;
+  },
+
+  sortBy: function(iterator) {
+    return this.collect(function(value, index) {
+      return {value: value, criteria: iterator(value, index)};
+    }).sort(function(left, right) {
+      var a = left.criteria, b = right.criteria;
+      return a < b ? -1 : a > b ? 1 : 0;
+    }).pluck('value');
+  },
+
+  toArray: function() {
+    return this.collect(Prototype.K);
+  },
+
+  zip: function() {
+    var iterator = Prototype.K, args = $A(arguments);
+    if (typeof args.last() == 'function')
+      iterator = args.pop();
+
+    var collections = [this].concat(args).map($A);
+    return this.map(function(value, index) {
+      iterator(value = collections.pluck(index));
+      return value;
+    });
+  },
+
+  inspect: function() {
+    return '#<Enumerable:' + this.toArray().inspect() + '>';
+  }
+}
+
+Object.extend(Enumerable, {
+  map:     Enumerable.collect,
+  find:    Enumerable.detect,
+  select:  Enumerable.findAll,
+  member:  Enumerable.include,
+  entries: Enumerable.toArray
+});
+var $A = Array.from = function(iterable) {
+  if (!iterable) return [];
+  if (iterable.toArray) {
+    return iterable.toArray();
+  } else {
+    var results = [];
+    for (var i = 0; i < iterable.length; i++)
+      results.push(iterable[i]);
+    return results;
+  }
+}
+
+Object.extend(Array.prototype, Enumerable);
+
+Array.prototype._reverse = Array.prototype.reverse;
+
+Object.extend(Array.prototype, {
+  _each: function(iterator) {
+    for (var i = 0; i < this.length; i++)
+      iterator(this[i]);
+  },
+
+  clear: function() {
+    this.length = 0;
+    return this;
+  },
+
+  first: function() {
+    return this[0];
+  },
+
+  last: function() {
+    return this[this.length - 1];
+  },
+
+  compact: function() {
+    return this.select(function(value) {
+      return value != undefined || value != null;
+    });
+  },
+
+  flatten: function() {
+    return this.inject([], function(array, value) {
+      return array.concat(value.constructor == Array ?
+        value.flatten() : [value]);
+    });
+  },
+
+  without: function() {
+    var values = $A(arguments);
+    return this.select(function(value) {
+      return !values.include(value);
+    });
+  },
+
+  indexOf: function(object) {
+    for (var i = 0; i < this.length; i++)
+      if (this[i] == object) return i;
+    return -1;
+  },
+
+  reverse: function(inline) {
+    return (inline !== false ? this : this.toArray())._reverse();
+  },
+
+  shift: function() {
+    var result = this[0];
+    for (var i = 0; i < this.length - 1; i++)
+      this[i] = this[i + 1];
+    this.length--;
+    return result;
+  },
+
+  inspect: function() {
+    return '[' + this.map(Object.inspect).join(', ') + ']';
+  }
+});
+var Hash = {
+  _each: function(iterator) {
+    for (key in this) {
+      var value = this[key];
+      if (typeof value == 'function') continue;
+
+      var pair = [key, value];
+      pair.key = key;
+      pair.value = value;
+      iterator(pair);
+    }
+  },
+
+  keys: function() {
+    return this.pluck('key');
+  },
+
+  values: function() {
+    return this.pluck('value');
+  },
+
+  merge: function(hash) {
+    return $H(hash).inject($H(this), function(mergedHash, pair) {
+      mergedHash[pair.key] = pair.value;
+      return mergedHash;
+    });
+  },
+
+  toQueryString: function() {
+    return this.map(function(pair) {
+      return pair.map(encodeURIComponent).join('=');
+    }).join('&');
+  },
+
+  inspect: function() {
+    return '#<Hash:{' + this.map(function(pair) {
+      return pair.map(Object.inspect).join(': ');
+    }).join(', ') + '}>';
+  }
+}
+
+function $H(object) {
+  var hash = Object.extend({}, object || {});
+  Object.extend(hash, Enumerable);
+  Object.extend(hash, Hash);
+  return hash;
+}
+ObjectRange = Class.create();
+Object.extend(ObjectRange.prototype, Enumerable);
+Object.extend(ObjectRange.prototype, {
+  initialize: function(start, end, exclusive) {
+    this.start = start;
+    this.end = end;
+    this.exclusive = exclusive;
+  },
+
+  _each: function(iterator) {
+    var value = this.start;
+    do {
+      iterator(value);
+      value = value.succ();
+    } while (this.include(value));
+  },
+
+  include: function(value) {
+    if (value < this.start)
+      return false;
+    if (this.exclusive)
+      return value < this.end;
+    return value <= this.end;
+  }
+});
+
+var $R = function(start, end, exclusive) {
+  return new ObjectRange(start, end, exclusive);
+}
+
+var Ajax = {
+  getTransport: function() {
+    return Try.these(
+      function() {return new ActiveXObject('Msxml2.XMLHTTP')},
+      function() {return new ActiveXObject('Microsoft.XMLHTTP')},
+      function() {return new XMLHttpRequest()}
+    ) || false;
+  },
+
+  activeRequestCount: 0
+}
+
+Ajax.Responders = {
+  responders: [],
+
+  _each: function(iterator) {
+    this.responders._each(iterator);
+  },
+
+  register: function(responderToAdd) {
+    if (!this.include(responderToAdd))
+      this.responders.push(responderToAdd);
+  },
+
+  unregister: function(responderToRemove) {
+    this.responders = this.responders.without(responderToRemove);
+  },
+
+  dispatch: function(callback, request, transport, json) {
+    this.each(function(responder) {
+      if (responder[callback] && typeof responder[callback] == 'function') {
+        try {
+          responder[callback].apply(responder, [request, transport, json]);
+        } catch (e) {}
+      }
+    });
+  }
+};
+
+Object.extend(Ajax.Responders, Enumerable);
+
+Ajax.Responders.register({
+  onCreate: function() {
+    Ajax.activeRequestCount++;
+  },
+
+  onComplete: function() {
+    Ajax.activeRequestCount--;
+  }
+});
+
+Ajax.Base = function() {};
+Ajax.Base.prototype = {
+  setOptions: function(options) {
+    this.options = {
+      method:       'post',
+      asynchronous: true,
+      parameters:   ''
+    }
+    Object.extend(this.options, options || {});
+  },
+
+  responseIsSuccess: function() {
+    return this.transport.status == undefined
+        || this.transport.status == 0
+        || (this.transport.status >= 200 && this.transport.status < 300);
+  },
+
+  responseIsFailure: function() {
+    return !this.responseIsSuccess();
+  }
+}
+
+Ajax.Request = Class.create();
+Ajax.Request.Events =
+  ['Uninitialized', 'Loading', 'Loaded', 'Interactive', 'Complete'];
+
+Ajax.Request.prototype = Object.extend(new Ajax.Base(), {
+  initialize: function(url, options) {
+    this.transport = Ajax.getTransport();
+    this.setOptions(options);
+    this.request(url);
+  },
+
+  request: function(url) {
+    var parameters = this.options.parameters || '';
+    if (parameters.length > 0) parameters += '&_=';
+
+    try {
+      this.url = url;
+      if (this.options.method == 'get' && parameters.length > 0)
+        this.url += (this.url.match(/\?/) ? '&' : '?') + parameters;
+
+      Ajax.Responders.dispatch('onCreate', this, this.transport);
+
+      this.transport.open(this.options.method, this.url,
+        this.options.asynchronous);
+
+      if (this.options.asynchronous) {
+        this.transport.onreadystatechange = this.onStateChange.bind(this);
+        setTimeout((function() {this.respondToReadyState(1)}).bind(this), 10);
+      }
+
+      this.setRequestHeaders();
+
+      var body = this.options.postBody ? this.options.postBody : parameters;
+      this.transport.send(this.options.method == 'post' ? body : null);
+
+    } catch (e) {
+      this.dispatchException(e);
+    }
+  },
+
+  setRequestHeaders: function() {
+    var requestHeaders =
+      ['X-Requested-With', 'XMLHttpRequest',
+       'X-Prototype-Version', Prototype.Version];
+
+    if (this.options.method == 'post') {
+      requestHeaders.push('Content-type',
+        'application/x-www-form-urlencoded');
+
+      /* Force "Connection: close" for Mozilla browsers to work around
+       * a bug where XMLHttpReqeuest sends an incorrect Content-length
+       * header. See Mozilla Bugzilla #246651.
+       */
+      if (this.transport.overrideMimeType)
+        requestHeaders.push('Connection', 'close');
+    }
+
+    if (this.options.requestHeaders)
+      requestHeaders.push.apply(requestHeaders, this.options.requestHeaders);
+
+    for (var i = 0; i < requestHeaders.length; i += 2)
+      this.transport.setRequestHeader(requestHeaders[i], requestHeaders[i+1]);
+  },
+
+  onStateChange: function() {
+    var readyState = this.transport.readyState;
+    if (readyState != 1)
+      this.respondToReadyState(this.transport.readyState);
+  },
+
+  header: function(name) {
+    try {
+      return this.transport.getResponseHeader(name);
+    } catch (e) {}
+  },
+
+  evalJSON: function() {
+    try {
+      return eval(this.header('X-JSON'));
+    } catch (e) {}
+  },
+
+  evalResponse: function() {
+    try {
+      return eval(this.transport.responseText);
+    } catch (e) {
+      this.dispatchException(e);
+    }
+  },
+
+  respondToReadyState: function(readyState) {
+    var event = Ajax.Request.Events[readyState];
+    var transport = this.transport, json = this.evalJSON();
+
+    if (event == 'Complete') {
+      try {
+        (this.options['on' + this.transport.status]
+         || this.options['on' + (this.responseIsSuccess() ? 'Success' : 'Failure')]
+         || Prototype.emptyFunction)(transport, json);
+      } catch (e) {
+        this.dispatchException(e);
+      }
+
+      if ((this.header('Content-type') || '').match(/^text\/javascript/i))
+        this.evalResponse();
+    }
+
+    try {
+      (this.options['on' + event] || Prototype.emptyFunction)(transport, json);
+      Ajax.Responders.dispatch('on' + event, this, transport, json);
+    } catch (e) {
+      this.dispatchException(e);
+    }
+
+    /* Avoid memory leak in MSIE: clean up the oncomplete event handler */
+    if (event == 'Complete')
+      this.transport.onreadystatechange = Prototype.emptyFunction;
+  },
+
+  dispatchException: function(exception) {
+    (this.options.onException || Prototype.emptyFunction)(this, exception);
+    Ajax.Responders.dispatch('onException', this, exception);
+  }
+});
+
+Ajax.Updater = Class.create();
+
+Object.extend(Object.extend(Ajax.Updater.prototype, Ajax.Request.prototype), {
+  initialize: function(container, url, options) {
+    this.containers = {
+      success: container.success ? $(container.success) : $(container),
+      failure: container.failure ? $(container.failure) :
+        (container.success ? null : $(container))
+    }
+
+    this.transport = Ajax.getTransport();
+    this.setOptions(options);
+
+    var onComplete = this.options.onComplete || Prototype.emptyFunction;
+    this.options.onComplete = (function(transport, object) {
+      this.updateContent();
+      onComplete(transport, object);
+    }).bind(this);
+
+    this.request(url);
+  },
+
+  updateContent: function() {
+    var receiver = this.responseIsSuccess() ?
+      this.containers.success : this.containers.failure;
+    var response = this.transport.responseText;
+
+    if (!this.options.evalScripts)
+      response = response.stripScripts();
+
+    if (receiver) {
+      if (this.options.insertion) {
+        new this.options.insertion(receiver, response);
+      } else {
+        Element.update(receiver, response);
+      }
+    }
+
+    if (this.responseIsSuccess()) {
+      if (this.onComplete)
+        setTimeout(this.onComplete.bind(this), 10);
+    }
+  }
+});
+
+Ajax.PeriodicalUpdater = Class.create();
+Ajax.PeriodicalUpdater.prototype = Object.extend(new Ajax.Base(), {
+  initialize: function(container, url, options) {
+    this.setOptions(options);
+    this.onComplete = this.options.onComplete;
+
+    this.frequency = (this.options.frequency || 2);
+    this.decay = (this.options.decay || 1);
+
+    this.updater = {};
+    this.container = container;
+    this.url = url;
+
+    this.start();
+  },
+
+  start: function() {
+    this.options.onComplete = this.updateComplete.bind(this);
+    this.onTimerEvent();
+  },
+
+  stop: function() {
+    this.updater.onComplete = undefined;
+    clearTimeout(this.timer);
+    (this.onComplete || Prototype.emptyFunction).apply(this, arguments);
+  },
+
+  updateComplete: function(request) {
+    if (this.options.decay) {
+      this.decay = (request.responseText == this.lastText ?
+        this.decay * this.options.decay : 1);
+
+      this.lastText = request.responseText;
+    }
+    this.timer = setTimeout(this.onTimerEvent.bind(this),
+      this.decay * this.frequency * 1000);
+  },
+
+  onTimerEvent: function() {
+    this.updater = new Ajax.Updater(this.container, this.url, this.options);
+  }
+});
+document.getElementsByClassName = function(className, parentElement) {
+  var children = ($(parentElement) || document.body).getElementsByTagName('*');
+  return $A(children).inject([], function(elements, child) {
+    if (child.className.match(new RegExp("(^|\\s)" + className + "(\\s|$)")))
+      elements.push(child);
+    return elements;
+  });
+}
+
+/*--------------------------------------------------------------------------*/
+
+if (!window.Element) {
+  var Element = new Object();
+}
+
+Object.extend(Element, {
+  visible: function(element) {
+    return $(element).style.display != 'none';
+  },
+
+  toggle: function() {
+    for (var i = 0; i < arguments.length; i++) {
+      var element = $(arguments[i]);
+      Element[Element.visible(element) ? 'hide' : 'show'](element);
+    }
+  },
+
+  hide: function() {
+    for (var i = 0; i < arguments.length; i++) {
+      var element = $(arguments[i]);
+      element.style.display = 'none';
+    }
+  },
+
+  show: function() {
+    for (var i = 0; i < arguments.length; i++) {
+      var element = $(arguments[i]);
+      element.style.display = '';
+    }
+  },
+
+  remove: function(element) {
+    element = $(element);
+    element.parentNode.removeChild(element);
+  },
+
+  update: function(element, html) {
+    $(element).innerHTML = html.stripScripts();
+    setTimeout(function() {html.evalScripts()}, 10);
+  },
+
+  getHeight: function(element) {
+    element = $(element);
+    return element.offsetHeight;
+  },
+
+  classNames: function(element) {
+    return new Element.ClassNames(element);
+  },
+
+  hasClassName: function(element, className) {
+    if (!(element = $(element))) return;
+    return Element.classNames(element).include(className);
+  },
+
+  addClassName: function(element, className) {
+    if (!(element = $(element))) return;
+    return Element.classNames(element).add(className);
+  },
+
+  removeClassName: function(element, className) {
+    if (!(element = $(element))) return;
+    return Element.classNames(element).remove(className);
+  },
+
+  // removes whitespace-only text node children
+  cleanWhitespace: function(element) {
+    element = $(element);
+    for (var i = 0; i < element.childNodes.length; i++) {
+      var node = element.childNodes[i];
+      if (node.nodeType == 3 && !/\S/.test(node.nodeValue))
+        Element.remove(node);
+    }
+  },
+
+  empty: function(element) {
+    return $(element).innerHTML.match(/^\s*$/);
+  },
+
+  scrollTo: function(element) {
+    element = $(element);
+    var x = element.x ? element.x : element.offsetLeft,
+        y = element.y ? element.y : element.offsetTop;
+    window.scrollTo(x, y);
+  },
+
+  getStyle: function(element, style) {
+    element = $(element);
+    var value = element.style[style.camelize()];
+    if (!value) {
+      if (document.defaultView && document.defaultView.getComputedStyle) {
+        var css = document.defaultView.getComputedStyle(element, null);
+        value = css ? css.getPropertyValue(style) : null;
+      } else if (element.currentStyle) {
+        value = element.currentStyle[style.camelize()];
+      }
+    }
+
+    if (window.opera && ['left', 'top', 'right', 'bottom'].include(style))
+      if (Element.getStyle(element, 'position') == 'static') value = 'auto';
+
+    return value == 'auto' ? null : value;
+  },
+
+  setStyle: function(element, style) {
+    element = $(element);
+    for (name in style)
+      element.style[name.camelize()] = style[name];
+  },
+
+  getDimensions: function(element) {
+    element = $(element);
+    if (Element.getStyle(element, 'display') != 'none')
+      return {width: element.offsetWidth, height: element.offsetHeight};
+
+    // All *Width and *Height properties give 0 on elements with display none,
+    // so enable the element temporarily
+    var els = element.style;
+    var originalVisibility = els.visibility;
+    var originalPosition = els.position;
+    els.visibility = 'hidden';
+    els.position = 'absolute';
+    els.display = '';
+    var originalWidth = element.clientWidth;
+    var originalHeight = element.clientHeight;
+    els.display = 'none';
+    els.position = originalPosition;
+    els.visibility = originalVisibility;
+    return {width: originalWidth, height: originalHeight};
+  },
+
+  makePositioned: function(element) {
+    element = $(element);
+    var pos = Element.getStyle(element, 'position');
+    if (pos == 'static' || !pos) {
+      element._madePositioned = true;
+      element.style.position = 'relative';
+      // Opera returns the offset relative to the positioning context, when an
+      // element is position relative but top and left have not been defined
+      if (window.opera) {
+        element.style.top = 0;
+        element.style.left = 0;
+      }
+    }
+  },
+
+  undoPositioned: function(element) {
+    element = $(element);
+    if (element._madePositioned) {
+      element._madePositioned = undefined;
+      element.style.position =
+        element.style.top =
+        element.style.left =
+        element.style.bottom =
+        element.style.right = '';
+    }
+  },
+
+  makeClipping: function(element) {
+    element = $(element);
+    if (element._overflow) return;
+    element._overflow = element.style.overflow;
+    if ((Element.getStyle(element, 'overflow') || 'visible') != 'hidden')
+      element.style.overflow = 'hidden';
+  },
+
+  undoClipping: function(element) {
+    element = $(element);
+    if (element._overflow) return;
+    element.style.overflow = element._overflow;
+    element._overflow = undefined;
+  }
+});
+
+var Toggle = new Object();
+Toggle.display = Element.toggle;
+
+/*--------------------------------------------------------------------------*/
+
+Abstract.Insertion = function(adjacency) {
+  this.adjacency = adjacency;
+}
+
+Abstract.Insertion.prototype = {
+  initialize: function(element, content) {
+    this.element = $(element);
+    this.content = content.stripScripts();
+
+    if (this.adjacency && this.element.insertAdjacentHTML) {
+      try {
+        this.element.insertAdjacentHTML(this.adjacency, this.content);
+      } catch (e) {
+        if (this.element.tagName.toLowerCase() == 'tbody') {
+          this.insertContent(this.contentFromAnonymousTable());
+        } else {
+          throw e;
+        }
+      }
+    } else {
+      this.range = this.element.ownerDocument.createRange();
+      if (this.initializeRange) this.initializeRange();
+      this.insertContent([this.range.createContextualFragment(this.content)]);
+    }
+
+    setTimeout(function() {content.evalScripts()}, 10);
+  },
+
+  contentFromAnonymousTable: function() {
+    var div = document.createElement('div');
+    div.innerHTML = '<table><tbody>' + this.content + '</tbody></table>';
+    return $A(div.childNodes[0].childNodes[0].childNodes);
+  }
+}
+
+var Insertion = new Object();
+
+Insertion.Before = Class.create();
+Insertion.Before.prototype = Object.extend(new Abstract.Insertion('beforeBegin'), {
+  initializeRange: function() {
+    this.range.setStartBefore(this.element);
+  },
+
+  insertContent: function(fragments) {
+    fragments.each((function(fragment) {
+      this.element.parentNode.insertBefore(fragment, this.element);
+    }).bind(this));
+  }
+});
+
+Insertion.Top = Class.create();
+Insertion.Top.prototype = Object.extend(new Abstract.Insertion('afterBegin'), {
+  initializeRange: function() {
+    this.range.selectNodeContents(this.element);
+    this.range.collapse(true);
+  },
+
+  insertContent: function(fragments) {
+    fragments.reverse(false).each((function(fragment) {
+      this.element.insertBefore(fragment, this.element.firstChild);
+    }).bind(this));
+  }
+});
+
+Insertion.Bottom = Class.create();
+Insertion.Bottom.prototype = Object.extend(new Abstract.Insertion('beforeEnd'), {
+  initializeRange: function() {
+    this.range.selectNodeContents(this.element);
+    this.range.collapse(this.element);
+  },
+
+  insertContent: function(fragments) {
+    fragments.each((function(fragment) {
+      this.element.appendChild(fragment);
+    }).bind(this));
+  }
+});
+
+Insertion.After = Class.create();
+Insertion.After.prototype = Object.extend(new Abstract.Insertion('afterEnd'), {
+  initializeRange: function() {
+    this.range.setStartAfter(this.element);
+  },
+
+  insertContent: function(fragments) {
+    fragments.each((function(fragment) {
+      this.element.parentNode.insertBefore(fragment,
+        this.element.nextSibling);
+    }).bind(this));
+  }
+});
+
+/*--------------------------------------------------------------------------*/
+
+Element.ClassNames = Class.create();
+Element.ClassNames.prototype = {
+  initialize: function(element) {
+    this.element = $(element);
+  },
+
+  _each: function(iterator) {
+    this.element.className.split(/\s+/).select(function(name) {
+      return name.length > 0;
+    })._each(iterator);
+  },
+
+  set: function(className) {
+    this.element.className = className;
+  },
+
+  add: function(classNameToAdd) {
+    if (this.include(classNameToAdd)) return;
+    this.set(this.toArray().concat(classNameToAdd).join(' '));
+  },
+
+  remove: function(classNameToRemove) {
+    if (!this.include(classNameToRemove)) return;
+    this.set(this.select(function(className) {
+      return className != classNameToRemove;
+    }).join(' '));
+  },
+
+  toString: function() {
+    return this.toArray().join(' ');
+  }
+}
+
+Object.extend(Element.ClassNames.prototype, Enumerable);
+var Field = {
+  clear: function() {
+    for (var i = 0; i < arguments.length; i++)
+      $(arguments[i]).value = '';
+  },
+
+  focus: function(element) {
+    $(element).focus();
+  },
+
+  present: function() {
+    for (var i = 0; i < arguments.length; i++)
+      if ($(arguments[i]).value == '') return false;
+    return true;
+  },
+
+  select: function(element) {
+    $(element).select();
+  },
+
+  activate: function(element) {
+    element = $(element);
+    element.focus();
+    if (element.select)
+      element.select();
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+var Form = {
+  serialize: function(form) {
+    var elements = Form.getElements($(form));
+    var queryComponents = new Array();
+
+    for (var i = 0; i < elements.length; i++) {
+      var queryComponent = Form.Element.serialize(elements[i]);
+      if (queryComponent)
+        queryComponents.push(queryComponent);
+    }
+
+    return queryComponents.join('&');
+  },
+
+  getElements: function(form) {
+    form = $(form);
+    var elements = new Array();
+
+    for (tagName in Form.Element.Serializers) {
+      var tagElements = form.getElementsByTagName(tagName);
+      for (var j = 0; j < tagElements.length; j++)
+        elements.push(tagElements[j]);
+    }
+    return elements;
+  },
+
+  getInputs: function(form, typeName, name) {
+    form = $(form);
+    var inputs = form.getElementsByTagName('input');
+
+    if (!typeName && !name)
+      return inputs;
+
+    var matchingInputs = new Array();
+    for (var i = 0; i < inputs.length; i++) {
+      var input = inputs[i];
+      if ((typeName && input.type != typeName) ||
+          (name && input.name != name))
+        continue;
+      matchingInputs.push(input);
+    }
+
+    return matchingInputs;
+  },
+
+  disable: function(form) {
+    var elements = Form.getElements(form);
+    for (var i = 0; i < elements.length; i++) {
+      var element = elements[i];
+      element.blur();
+      element.disabled = 'true';
+    }
+  },
+
+  enable: function(form) {
+    var elements = Form.getElements(form);
+    for (var i = 0; i < elements.length; i++) {
+      var element = elements[i];
+      element.disabled = '';
+    }
+  },
+
+  findFirstElement: function(form) {
+    return Form.getElements(form).find(function(element) {
+      return element.type != 'hidden' && !element.disabled &&
+        ['input', 'select', 'textarea'].include(element.tagName.toLowerCase());
+    });
+  },
+
+  focusFirstElement: function(form) {
+    Field.activate(Form.findFirstElement(form));
+  },
+
+  reset: function(form) {
+    $(form).reset();
+  }
+}
+
+Form.Element = {
+  serialize: function(element) {
+    element = $(element);
+    var method = element.tagName.toLowerCase();
+    var parameter = Form.Element.Serializers[method](element);
+
+    if (parameter) {
+      var key = encodeURIComponent(parameter[0]);
+      if (key.length == 0) return;
+
+      if (parameter[1].constructor != Array)
+        parameter[1] = [parameter[1]];
+
+      return parameter[1].map(function(value) {
+        return key + '=' + encodeURIComponent(value);
+      }).join('&');
+    }
+  },
+
+  getValue: function(element) {
+    element = $(element);
+    var method = element.tagName.toLowerCase();
+    var parameter = Form.Element.Serializers[method](element);
+
+    if (parameter)
+      return parameter[1];
+  }
+}
+
+Form.Element.Serializers = {
+  input: function(element) {
+    switch (element.type.toLowerCase()) {
+      case 'submit':
+      case 'hidden':
+      case 'password':
+      case 'text':
+        return Form.Element.Serializers.textarea(element);
+      case 'checkbox':
+      case 'radio':
+        return Form.Element.Serializers.inputSelector(element);
+    }
+    return false;
+  },
+
+  inputSelector: function(element) {
+    if (element.checked)
+      return [element.name, element.value];
+  },
+
+  textarea: function(element) {
+    return [element.name, element.value];
+  },
+
+  select: function(element) {
+    return Form.Element.Serializers[element.type == 'select-one' ?
+      'selectOne' : 'selectMany'](element);
+  },
+
+  selectOne: function(element) {
+    var value = '', opt, index = element.selectedIndex;
+    if (index >= 0) {
+      opt = element.options[index];
+      value = opt.value;
+      if (!value && !('value' in opt))
+        value = opt.text;
+    }
+    return [element.name, value];
+  },
+
+  selectMany: function(element) {
+    var value = new Array();
+    for (var i = 0; i < element.length; i++) {
+      var opt = element.options[i];
+      if (opt.selected) {
+        var optValue = opt.value;
+        if (!optValue && !('value' in opt))
+          optValue = opt.text;
+        value.push(optValue);
+      }
+    }
+    return [element.name, value];
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+var $F = Form.Element.getValue;
+
+/*--------------------------------------------------------------------------*/
+
+Abstract.TimedObserver = function() {}
+Abstract.TimedObserver.prototype = {
+  initialize: function(element, frequency, callback) {
+    this.frequency = frequency;
+    this.element   = $(element);
+    this.callback  = callback;
+
+    this.lastValue = this.getValue();
+    this.registerCallback();
+  },
+
+  registerCallback: function() {
+    setInterval(this.onTimerEvent.bind(this), this.frequency * 1000);
+  },
+
+  onTimerEvent: function() {
+    var value = this.getValue();
+    if (this.lastValue != value) {
+      this.callback(this.element, value);
+      this.lastValue = value;
+    }
+  }
+}
+
+Form.Element.Observer = Class.create();
+Form.Element.Observer.prototype = Object.extend(new Abstract.TimedObserver(), {
+  getValue: function() {
+    return Form.Element.getValue(this.element);
+  }
+});
+
+Form.Observer = Class.create();
+Form.Observer.prototype = Object.extend(new Abstract.TimedObserver(), {
+  getValue: function() {
+    return Form.serialize(this.element);
+  }
+});
+
+/*--------------------------------------------------------------------------*/
+
+Abstract.EventObserver = function() {}
+Abstract.EventObserver.prototype = {
+  initialize: function(element, callback) {
+    this.element  = $(element);
+    this.callback = callback;
+
+    this.lastValue = this.getValue();
+    if (this.element.tagName.toLowerCase() == 'form')
+      this.registerFormCallbacks();
+    else
+      this.registerCallback(this.element);
+  },
+
+  onElementEvent: function() {
+    var value = this.getValue();
+    if (this.lastValue != value) {
+      this.callback(this.element, value);
+      this.lastValue = value;
+    }
+  },
+
+  registerFormCallbacks: function() {
+    var elements = Form.getElements(this.element);
+    for (var i = 0; i < elements.length; i++)
+      this.registerCallback(elements[i]);
+  },
+
+  registerCallback: function(element) {
+    if (element.type) {
+      switch (element.type.toLowerCase()) {
+        case 'checkbox':
+        case 'radio':
+          Event.observe(element, 'click', this.onElementEvent.bind(this));
+          break;
+        case 'password':
+        case 'text':
+        case 'textarea':
+        case 'select-one':
+        case 'select-multiple':
+          Event.observe(element, 'change', this.onElementEvent.bind(this));
+          break;
+      }
+    }
+  }
+}
+
+Form.Element.EventObserver = Class.create();
+Form.Element.EventObserver.prototype = Object.extend(new Abstract.EventObserver(), {
+  getValue: function() {
+    return Form.Element.getValue(this.element);
+  }
+});
+
+Form.EventObserver = Class.create();
+Form.EventObserver.prototype = Object.extend(new Abstract.EventObserver(), {
+  getValue: function() {
+    return Form.serialize(this.element);
+  }
+});
+if (!window.Event) {
+  var Event = new Object();
+}
+
+Object.extend(Event, {
+  KEY_BACKSPACE: 8,
+  KEY_TAB:       9,
+  KEY_RETURN:   13,
+  KEY_ESC:      27,
+  KEY_LEFT:     37,
+  KEY_UP:       38,
+  KEY_RIGHT:    39,
+  KEY_DOWN:     40,
+  KEY_DELETE:   46,
+
+  element: function(event) {
+    return event.target || event.srcElement;
+  },
+
+  isLeftClick: function(event) {
+    return (((event.which) && (event.which == 1)) ||
+            ((event.button) && (event.button == 1)));
+  },
+
+  pointerX: function(event) {
+    return event.pageX || (event.clientX +
+      (document.documentElement.scrollLeft || document.body.scrollLeft));
+  },
+
+  pointerY: function(event) {
+    return event.pageY || (event.clientY +
+      (document.documentElement.scrollTop || document.body.scrollTop));
+  },
+
+  stop: function(event) {
+    if (event.preventDefault) {
+      event.preventDefault();
+      event.stopPropagation();
+    } else {
+      event.returnValue = false;
+      event.cancelBubble = true;
+    }
+  },
+
+  // find the first node with the given tagName, starting from the
+  // node the event was triggered on; traverses the DOM upwards
+  findElement: function(event, tagName) {
+    var element = Event.element(event);
+    while (element.parentNode && (!element.tagName ||
+        (element.tagName.toUpperCase() != tagName.toUpperCase())))
+      element = element.parentNode;
+    return element;
+  },
+
+  observers: false,
+
+  _observeAndCache: function(element, name, observer, useCapture) {
+    if (!this.observers) this.observers = [];
+    if (element.addEventListener) {
+      this.observers.push([element, name, observer, useCapture]);
+      element.addEventListener(name, observer, useCapture);
+    } else if (element.attachEvent) {
+      this.observers.push([element, name, observer, useCapture]);
+      element.attachEvent('on' + name, observer);
+    }
+  },
+
+  unloadCache: function() {
+    if (!Event.observers) return;
+    for (var i = 0; i < Event.observers.length; i++) {
+      Event.stopObserving.apply(this, Event.observers[i]);
+      Event.observers[i][0] = null;
+    }
+    Event.observers = false;
+  },
+
+  observe: function(element, name, observer, useCapture) {
+    var element = $(element);
+    useCapture = useCapture || false;
+
+    if (name == 'keypress' &&
+        (navigator.appVersion.match(/Konqueror|Safari|KHTML/)
+        || element.attachEvent))
+      name = 'keydown';
+
+    this._observeAndCache(element, name, observer, useCapture);
+  },
+
+  stopObserving: function(element, name, observer, useCapture) {
+    var element = $(element);
+    useCapture = useCapture || false;
+
+    if (name == 'keypress' &&
+        (navigator.appVersion.match(/Konqueror|Safari|KHTML/)
+        || element.detachEvent))
+      name = 'keydown';
+
+    if (element.removeEventListener) {
+      element.removeEventListener(name, observer, useCapture);
+    } else if (element.detachEvent) {
+      element.detachEvent('on' + name, observer);
+    }
+  }
+});
+
+/* prevent memory leaks in IE */
+Event.observe(window, 'unload', Event.unloadCache, false);
+var Position = {
+  // set to true if needed, warning: firefox performance problems
+  // NOT neeeded for page scrolling, only if draggable contained in
+  // scrollable elements
+  includeScrollOffsets: false,
+
+  // must be called before calling withinIncludingScrolloffset, every time the
+  // page is scrolled
+  prepare: function() {
+    this.deltaX =  window.pageXOffset
+                || document.documentElement.scrollLeft
+                || document.body.scrollLeft
+                || 0;
+    this.deltaY =  window.pageYOffset
+                || document.documentElement.scrollTop
+                || document.body.scrollTop
+                || 0;
+  },
+
+  realOffset: function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.scrollTop  || 0;
+      valueL += element.scrollLeft || 0;
+      element = element.parentNode;
+    } while (element);
+    return [valueL, valueT];
+  },
+
+  cumulativeOffset: function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+      element = element.offsetParent;
+    } while (element);
+    return [valueL, valueT];
+  },
+
+  positionedOffset: function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+      element = element.offsetParent;
+      if (element) {
+        p = Element.getStyle(element, 'position');
+        if (p == 'relative' || p == 'absolute') break;
+      }
+    } while (element);
+    return [valueL, valueT];
+  },
+
+  offsetParent: function(element) {
+    if (element.offsetParent) return element.offsetParent;
+    if (element == document.body) return element;
+
+    while ((element = element.parentNode) && element != document.body)
+      if (Element.getStyle(element, 'position') != 'static')
+        return element;
+
+    return document.body;
+  },
+
+  // caches x/y coordinate pair to use with overlap
+  within: function(element, x, y) {
+    if (this.includeScrollOffsets)
+      return this.withinIncludingScrolloffsets(element, x, y);
+    this.xcomp = x;
+    this.ycomp = y;
+    this.offset = this.cumulativeOffset(element);
+
+    return (y >= this.offset[1] &&
+            y <  this.offset[1] + element.offsetHeight &&
+            x >= this.offset[0] &&
+            x <  this.offset[0] + element.offsetWidth);
+  },
+
+  withinIncludingScrolloffsets: function(element, x, y) {
+    var offsetcache = this.realOffset(element);
+
+    this.xcomp = x + offsetcache[0] - this.deltaX;
+    this.ycomp = y + offsetcache[1] - this.deltaY;
+    this.offset = this.cumulativeOffset(element);
+
+    return (this.ycomp >= this.offset[1] &&
+            this.ycomp <  this.offset[1] + element.offsetHeight &&
+            this.xcomp >= this.offset[0] &&
+            this.xcomp <  this.offset[0] + element.offsetWidth);
+  },
+
+  // within must be called directly before
+  overlap: function(mode, element) {
+    if (!mode) return 0;
+    if (mode == 'vertical')
+      return ((this.offset[1] + element.offsetHeight) - this.ycomp) /
+        element.offsetHeight;
+    if (mode == 'horizontal')
+      return ((this.offset[0] + element.offsetWidth) - this.xcomp) /
+        element.offsetWidth;
+  },
+
+  clone: function(source, target) {
+    source = $(source);
+    target = $(target);
+    target.style.position = 'absolute';
+    var offsets = this.cumulativeOffset(source);
+    target.style.top    = offsets[1] + 'px';
+    target.style.left   = offsets[0] + 'px';
+    target.style.width  = source.offsetWidth + 'px';
+    target.style.height = source.offsetHeight + 'px';
+  },
+
+  page: function(forElement) {
+    var valueT = 0, valueL = 0;
+
+    var element = forElement;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+
+      // Safari fix
+      if (element.offsetParent==document.body)
+        if (Element.getStyle(element,'position')=='absolute') break;
+
+    } while (element = element.offsetParent);
+
+    element = forElement;
+    do {
+      valueT -= element.scrollTop  || 0;
+      valueL -= element.scrollLeft || 0;
+    } while (element = element.parentNode);
+
+    return [valueL, valueT];
+  },
+
+  clone: function(source, target) {
+    var options = Object.extend({
+      setLeft:    true,
+      setTop:     true,
+      setWidth:   true,
+      setHeight:  true,
+      offsetTop:  0,
+      offsetLeft: 0
+    }, arguments[2] || {})
+
+    // find page position of source
+    source = $(source);
+    var p = Position.page(source);
+
+    // find coordinate system to use
+    target = $(target);
+    var delta = [0, 0];
+    var parent = null;
+    // delta [0,0] will do fine with position: fixed elements,
+    // position:absolute needs offsetParent deltas
+    if (Element.getStyle(target,'position') == 'absolute') {
+      parent = Position.offsetParent(target);
+      delta = Position.page(parent);
+    }
+
+    // correct by body offsets (fixes Safari)
+    if (parent == document.body) {
+      delta[0] -= document.body.offsetLeft;
+      delta[1] -= document.body.offsetTop;
+    }
+
+    // set position
+    if(options.setLeft)   target.style.left  = (p[0] - delta[0] + options.offsetLeft) + 'px';
+    if(options.setTop)    target.style.top   = (p[1] - delta[1] + options.offsetTop) + 'px';
+    if(options.setWidth)  target.style.width = source.offsetWidth + 'px';
+    if(options.setHeight) target.style.height = source.offsetHeight + 'px';
+  },
+
+  absolutize: function(element) {
+    element = $(element);
+    if (element.style.position == 'absolute') return;
+    Position.prepare();
+
+    var offsets = Position.positionedOffset(element);
+    var top     = offsets[1];
+    var left    = offsets[0];
+    var width   = element.clientWidth;
+    var height  = element.clientHeight;
+
+    element._originalLeft   = left - parseFloat(element.style.left  || 0);
+    element._originalTop    = top  - parseFloat(element.style.top || 0);
+    element._originalWidth  = element.style.width;
+    element._originalHeight = element.style.height;
+
+    element.style.position = 'absolute';
+    element.style.top    = top + 'px';;
+    element.style.left   = left + 'px';;
+    element.style.width  = width + 'px';;
+    element.style.height = height + 'px';;
+  },
+
+  relativize: function(element) {
+    element = $(element);
+    if (element.style.position == 'relative') return;
+    Position.prepare();
+
+    element.style.position = 'relative';
+    var top  = parseFloat(element.style.top  || 0) - (element._originalTop || 0);
+    var left = parseFloat(element.style.left || 0) - (element._originalLeft || 0);
+
+    element.style.top    = top + 'px';
+    element.style.left   = left + 'px';
+    element.style.height = element._originalHeight;
+    element.style.width  = element._originalWidth;
+  }
+}
+
+// Safari returns margins on body which is incorrect if the child is absolutely
+// positioned.  For performance reasons, redefine Position.cumulativeOffset for
+// KHTML/WebKit only.
+if (/Konqueror|Safari|KHTML/.test(navigator.userAgent)) {
+  Position.cumulativeOffset = function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+      if (element.offsetParent == document.body)
+        if (Element.getStyle(element, 'position') == 'absolute') break;
+
+      element = element.offsetParent;
+    } while (element);
+
+    return [valueL, valueT];
+  }
+}
\ No newline at end of file
diff --git a/base/tps-client/apache/docroot/esc/sow/js/scriptaculous.js b/base/tps-client/apache/docroot/esc/sow/js/scriptaculous.js
new file mode 100755
index 000000000..dac1228fb
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/js/scriptaculous.js
@@ -0,0 +1,45 @@
+// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// 
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var Scriptaculous = {
+  Version: '1.5.1',
+  require: function(libraryName) {
+    // inserting via DOM fails in Safari 2.0, so brute force approach
+    document.write('<script type="text/javascript" src="'+libraryName+'"></script>');
+  },
+  load: function() {
+    if((typeof Prototype=='undefined') ||
+      parseFloat(Prototype.Version.split(".")[0] + "." +
+                 Prototype.Version.split(".")[1]) < 1.4)
+      throw("script.aculo.us requires the Prototype JavaScript framework >= 1.4.0");
+    
+    $A(document.getElementsByTagName("script")).findAll( function(s) {
+      return (s.src && s.src.match(/scriptaculous\.js(\?.*)?$/))
+    }).each( function(s) {
+      var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,'');
+      var includes = s.src.match(/\?.*load=([a-z,]*)/);
+      (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider').split(',').each(
+       function(include) { Scriptaculous.require(path+include+'.js') });
+    });
+  }
+}
+
+Scriptaculous.load();
\ No newline at end of file
diff --git a/base/tps-client/apache/docroot/esc/sow/util.js b/base/tps-client/apache/docroot/esc/sow/util.js
new file mode 100755
index 000000000..967e6e5ed
--- /dev/null
+++ b/base/tps-client/apache/docroot/esc/sow/util.js
@@ -0,0 +1,1769 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact your Technical Support";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Smart Card Manager");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+  if (UserOnDoneInitializeBindingTable) {
+    UserOnDoneInitializeBindingTable();
+  }
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function GetCurrentKeyID()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    return keyID;
+  } else {
+    return "No Key Found!";
+  }
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid LDAP User ID!");
+    if (UserOnCOOLKeyStateError) {
+      UserOnCOOLKeyStateError(); // call user-level
+    }
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Key Password!");
+    if (UserOnCOOLKeyStateError) {
+      UserOnCOOLKeyStateError(); // call user-level
+    }
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Key Password values you entered do not match!");
+    if (UserOnCOOLKeyStateError) {
+      UserOnCOOLKeyStateError(); // call user-level
+    }
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid LDAP User ID !");
+       if (UserOnCOOLKeyStateError) {
+          UserOnCOOLKeyStateError(); // call user-level
+       }
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollTempCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, 'userKeyTemporary', screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoSetURLCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate1())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = 'soUserKey';
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoFormatSoCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate1())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = 'soCleanSOToken';
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate1())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = 'soCleanUserToken';
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException(getBundleString("errorFormatCoolKey"), e);
+    return false;
+  }
+  return true;
+}
+
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+  if (UserOnCOOLKeyInserted) {
+    UserOnCOOLKeyInserted(keyType, keyID);
+  }
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+  if (UserOnCOOLKeyRemoved) {
+    UserOnCOOLKeyRemoved(keyType, keyID);
+  }
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+  if (UserOnCOOLKeyFormatComplete) {
+    UserOnCOOLKeyFormatComplete(); // call user-level
+  }
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+  if (UserOnCOOLKeyStateError) {
+    UserOnCOOLKeyStateError(); // call user-level
+  }
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate1()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+    screenname = '';
+    screennamepwd = 'netscape';
+    pin = 'netscape'
+
+   return 1;
+}
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      if(UserOnCOOLKeyStatusUpdate)
+          UserOnCOOLKeyStatusUpdate(data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/sow/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
+function DoCoolKeySetConfigValue(configValue,newValue)
+{
+   if(!configValue || !newValue)
+      return null;
+
+   var result = null;
+
+   if(netkey)
+   {
+      try {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+            result = netkey.SetCoolKeyConfigValue(configValue,newValue);
+
+            } catch(e) {
+                MyAlert(getBundleString("errorConfigValue") + " " + e);
+      }
+
+    }
+
+    return result;
+}
+
+//Is the user "uid"  an "agent" or "user"
+// Input "type" either "agent" or "user"
+
+function IsAgentOrUser(uid,type)
+{
+  var url = window.location.href;
+  var lastSlash = 0;
+
+  var result = false;
+
+  if(!uid || !type)
+      return false;
+
+  var isAgent = 0;
+
+  if(type == "agent")
+     isAgent = 1;
+
+  //Accept either uid=name or name
+
+  if(uid.lastIndexOf("uid=") < 0)
+  {
+     uid = "uid=" + uid;
+  }
+
+  if(url)
+  {
+    lastSlash = url.lastIndexOf("/");
+  }
+  if(lastSlash > 0)
+  {
+    url =  url.substring(0,lastSlash);
+  }
+
+  if(isAgent)
+    url = url + "/is_agent.cgi?" + uid;
+  else
+    url = url +  "/is_user.cgi?" + uid;
+
+  var req = new XMLHttpRequest();
+  req.open('GET',url,false);
+  req.send(null);
+  if(req.status == 200)
+  {
+    //alert(req.responseText);
+    if(req.responseText.lastIndexOf("yes") >= 0)
+    {
+      result = true;
+    }
+  }
+  return result;
+}
+
+function GetCoolKeyIssuedTo(keyType,keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType,keyID);
+
+  var issuedTo = null;
+
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      issuedTo = netkey.GetCoolKeyUID(keyType,keyID);
+
+  } catch (e)
+  {
+  }
+  return issuedTo;
+}
+
diff --git a/base/tps-client/apache/docroot/footer.vm b/base/tps-client/apache/docroot/footer.vm
new file mode 100755
index 000000000..a596e45b1
--- /dev/null
+++ b/base/tps-client/apache/docroot/footer.vm
@@ -0,0 +1,19 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+  <div id="footer">
+  </div>
diff --git a/base/tps-client/apache/docroot/header.vm b/base/tps-client/apache/docroot/header.vm
new file mode 100755
index 000000000..3824b87f3
--- /dev/null
+++ b/base/tps-client/apache/docroot/header.vm
@@ -0,0 +1,26 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
diff --git a/base/tps-client/apache/docroot/index.cgi b/base/tps-client/apache/docroot/index.cgi
new file mode 100755
index 000000000..0e643166b
--- /dev/null
+++ b/base/tps-client/apache/docroot/index.cgi
@@ -0,0 +1,76 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use CGI;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Base::Conf;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+  my $self = {};
+  bless ($self);
+  return $self;
+}
+
+sub process()
+{
+  my $self = shift;
+
+  my $q = CGI->new();
+
+  my $docroot = PKI::Base::Registry->get_docroot();
+  my $parser = PKI::Base::Registry->get_parser();
+  my $cfg = PKI::Base::Registry->get_config();
+
+  $self->debug_params($cfg, $q);
+
+  $::symbol{machineName} = $cfg->get("service.machineName");
+  $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort");
+  $::symbol{securePort} = $cfg->get("service.securePort");
+  $::symbol{unsecurePort} = $cfg->get("service.unsecurePort");
+
+  my $result = $parser->execute_file("index.vm");
+
+  my $xml = $q->param('xml');
+  if ($xml eq "true") {
+    print "Content-Type: text/xml\n\n";
+    print $self->xml_output(\%::symbol);
+  } else {
+    print "Content-Type: text/html\n\n";
+    print "$result";
+  }
+}
+
+
+my $op = op->new();
+$op->execute();
diff --git a/base/tps-client/apache/docroot/index.html b/base/tps-client/apache/docroot/index.html
new file mode 100644
index 000000000..b225251a1
--- /dev/null
+++ b/base/tps-client/apache/docroot/index.html
@@ -0,0 +1,22 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation;
+     version 2.1 of the License.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/index.cgi">
+</html>
diff --git a/base/tps-client/apache/docroot/index.vm b/base/tps-client/apache/docroot/index.vm
new file mode 100755
index 000000000..438d014ef
--- /dev/null
+++ b/base/tps-client/apache/docroot/index.vm
@@ -0,0 +1,89 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>TPS Services</title>
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TPS Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/tus?op=index_operator">Operator Services</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/tus">Agent Services</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/tus?op=index_admin">Administrator Services</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+</body>
+</html>
diff --git a/base/tps-client/apache/docroot/tokendb/addConfig.template b/base/tps-client/apache/docroot/tokendb/addConfig.template
new file mode 100644
index 000000000..ce0177c1a
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/addConfig.template
@@ -0,0 +1,164 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Add " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+// validate according to the pattern
+function validate_form(s) {
+    var s_array = s.split("\n");
+    var reg = new RegExp(conf_pattern.replace(/\$name/g, conf_name));
+
+    for (var i=0; i< s_array.length ; i++) {
+        var key_value = s_array[i].split("=");
+        if (! reg.test(key_value[0])) {
+            alert(key_value[0] + " is not a valid parameter.\nValid parameters have the format " + conf_pattern.replace(/\$name/g, conf_name));
+            return false;
+        }
+    }
+    return true;
+}
+
+function doUpdateConfig(form) {
+        var uri = "";
+        var s = document.addConfigForm.added_params.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+
+        if (validate_form(s)) {
+            document.addConfigForm.added_params.value = s.replace(/\n/g, "&&");       
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left >" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% > New </td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<form NAME =\"addConfigForm\" METHOD=POST onSubmit=\"return doUpdateConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=save_config_changes\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=new_config VALUE=true>");
+
+    document.write("<td>\n");
+    document.write("<textarea name=added_params cols=100 rows=40>\n");
+    document.write("</textarea>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr>\n");
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=submit VALUE=Save>");
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/addResults.template b/base/tps-client/apache/docroot/tokendb/addResults.template
new file mode 100644
index 000000000..eca814f8b
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/addResults.template
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(tid) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Missing "+addType+" ID</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("New "+addType+" record "+tid+" has been added.</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/agentSelectConfig.template b/base/tps-client/apache/docroot/tokendb/agentSelectConfig.template
new file mode 100644
index 000000000..af782c190
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/agentSelectConfig.template
@@ -0,0 +1,123 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : " + disp_conf_type + " Review and Approval </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doViewConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr colspan=3>  <p> Use this form to select " + conf_type.replace(/_/g, " ").toLowerCase() + " for review. <br>" + 
+         "Select an item in the drop-down menu below and click \"Review\". </p></tr>");
+
+    document.write("<form NAME =\"selectViewConfigForm\" METHOD=POST onSubmit=\"return doViewConfig(this);\">");
+
+    document.write("<tr>");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=agent_view_config\">");
+    document.write("<input TYPE=HIDDEN NAME=ptype VALUE=\"" + conf_type + "\">");
+    var pset_list = conf_list.split(",");
+    document.write("<td ALIGN=LEFT width=20% >" + disp_conf_type + ": </td>");
+    document.write("<td ALIGN=LEFT><select name=\"pname\" >");
+    for (var i=0; i < pset_list.length; i++) {
+        document.write("<option value=\""+ pset_list[i] + "\">" + pset_list[i] + "</option>\n");
+    }
+    document.write("</select></td></tr>");
+    document.write("</table>");
+    
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr><td><input TYPE=submit VALUE=Review> </td>");
+    document.write("<td><input TYPE=button VALUE=Cancel  onClick=\"doCancel();\"></td>");
+    document.write("</tr>");
+    document.write("</table>");
+    document.write("</form>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/agentViewConfig.template b/base/tps-client/apache/docroot/tokendb/agentViewConfig.template
new file mode 100644
index 000000000..9abce847a
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/agentViewConfig.template
@@ -0,0 +1,187 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : " + disp_conf_type + " Review </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+    }
+    return true;
+}
+
+function doViewConfig(form) {
+        var uri = "";
+        var s = document.editConfigForm.pvalues.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doDelete() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_state.replace(/_/g, " ") + "</td></tr>");
+
+    document.write("<form NAME =\"viewConfigForm\" METHOD=POST onSubmit=\"return doViewConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=agent_change_config_state\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<td colspan=4>\n");
+    if ((typeof(conf_values) == "undefined") || (conf_values.length == 0) ) {
+        document.write("<textarea name=pvalues cols=100 rows=40 style=\"color:#000000\" disabled=disabled >\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=pvalues cols=100 rows=40 style=\"color:#000000\" disabled=disabled >\n");
+        document.write(conf_values.replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td></tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr>\n");
+    document.write("<td align=left>\n");
+    if (conf_state == "Enabled") {
+        document.write("<input TYPE=submit name=choice VALUE=Disable>");
+    } else {
+        document.write("<input TYPE=submit name=choice VALUE=Disable disabled=disabled>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    if (conf_state == "Pending_Approval") {
+        document.write("<input TYPE=submit name=choice VALUE=Reject >");
+    } else {
+        document.write("<input TYPE=submit name=choice VALUE=Reject disabled=disabled>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    if ((conf_state == "Disabled") || (conf_state == "Pending_Approval")) {
+        document.write("<input TYPE=submit name=choice VALUE=\"Approve and Enable\">");
+    } else {
+        document.write("<input TYPE=submit name=choice VALUE=\"Approve and Enable\" disabled=disabled>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</form>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/auditAdmin.template b/base/tps-client/apache/docroot/tokendb/auditAdmin.template
new file mode 100644
index 000000000..ff299530c
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/auditAdmin.template
@@ -0,0 +1,213 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Configure Audit Logging</font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doUpdateAudit(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<BR>");
+    document.write("<form NAME =\"editAuditForm\" METHOD=POST onSubmit=\"return doUpdateAudit(this);\">");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=update_audit_admin\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Enable Audit Logging:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if (signedAuditEnable == "true") {
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"true\" checked> Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"false\"> Disable");
+    } else {
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"true\" > Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"false\" checked> Disable");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Enable Audit Log Signing:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if (logSigningEnable == "true") {
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"true\" checked> Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"false\"> Disable");
+    } else {
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"true\" > Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"false\" checked> Disable");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Audit Log Signing Interval (seconds):&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=logSigningInterval VALUE=\"" + signedAuditLogInterval + "\" />");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Audit Log Signing Buffer Size (bytes, minimum 512):&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=logSigningBufferSize VALUE=\"" + signedAuditLogBufferSize + "\" />");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    var nonselectable_array = signedAuditNonSelectableEvents.split(",");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Events Always Logged:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<textarea name=nonselect cols=40 rows=10 >\n");
+    for (var i=0; i< nonselectable_array.length; i++) {
+        document.write(nonselectable_array[i] + "\n");
+    }
+    document.write("</textarea>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<p> Selected Optional Events to be logged: </p>");
+    var selectable_array = signedAuditSelectableEvents.split(",");
+    var signedAuditSelectedEvents_tmp = "," + signedAuditSelectedEvents + ",";
+
+
+    if ((typeof(selectable_array) != "undefined") && (selectable_array.length > 0)) {
+        document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+        for (var i=0; i < selectable_array.length; i++) {
+            if (i % 3 == 0) {
+                document.write("<tr bgcolor=#e5e5e5>\n");
+            }
+            document.write("<td>" + selectable_array[i] + "</td>");
+            if (signedAuditSelectedEvents_tmp.search("," + selectable_array[i] + ",") != -1) {
+                document.write("<td><input type=checkbox name=\"event_" + i + "\" value=\"" + selectable_array[i] + "\" checked></td>");
+            } else {
+                document.write("<td><input type=checkbox name=\"event_" + i + "\" value=\"" + selectable_array[i] + "\"></td>");
+            }
+
+            if ((i % 3 == 2) || (i == (selectable_array.length - 1))) {
+                document.write("</tr>");
+            }
+        }
+        document.write("</table>");
+    } else {
+        document.write("<p>There are no optional events to select.</p>");
+    }
+
+    document.write("<input type=hidden name=\"nEvents\" value=" + selectable_array.length + ">");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=Update>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/confirmConfigChanges.template b/base/tps-client/apache/docroot/tokendb/confirmConfigChanges.template
new file mode 100644
index 000000000..ef541d732
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/confirmConfigChanges.template
@@ -0,0 +1,234 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+String.prototype.htmlEntities = function () {
+   return this.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+};
+
+
+String.prototype.unescapeEntry = function () {
+   return this.replace(/&dbquote/g,'\"').replace(/&singlequote/g,'\'').replace(/&lessthan/g,'<').replace(/&greaterthan/g, '>');
+};
+
+String.prototype.escapeEntry = function () {
+   return this.replace(/\"/g,'&dbquote').replace(/\'/g,'&singlequote').replace(/</g,'&lessthan').replace(/>/g, '&greaterthan');
+};
+
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+    }
+    return true;
+}
+
+function doConfirmConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doBack(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+    document.write("<p> Please confirm changes to the " + disp_conf_type + ": " + conf_name + "</p>");
+    document.write("<BR/>");
+
+    document.write("<form NAME =\"confirmConfigForm\" METHOD=POST onSubmit=\"return doConfirmConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=save_config_changes\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=added_params VALUE='" + added_str + "'>");
+    document.write("<input TYPE=hidden NAME=deleted_params VALUE='" + deleted_str + "'>");
+    document.write("<input TYPE=hidden NAME=changed_params VALUE='" + changed_str + "'>");
+    document.write("<input TYPE=hidden NAME=new_config VALUE=false>");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+    document.write("<input TYPE=hidden NAME=approval_requested VALUE=\"" + conf_approval_requested + "\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> <font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\"> Parameters added: </font></td>");
+    document.write("<td>");
+    if ((typeof(added_str) == "undefined") || (added_str.length == 0) ) {
+        document.write("<textarea name=disp_added_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=disp_added_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write(added_str.unescapeEntry().replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> <font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\"> Parameters deleted: </font></td>");
+    document.write("<td>");
+    if ((typeof(deleted_str) == "undefined") || (deleted_str.length == 0) ) {
+        document.write("<textarea name=disp_deleted_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=disp_deleted_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write(deleted_str.unescapeEntry().replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> <font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\"> Parameters changed: </font></td>");
+    document.write("<td>");
+    if ((typeof(changed_str) == "undefined") || (changed_str.length == 0) ) {
+        document.write("<textarea name=disp_changed_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=disp_changed_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write(changed_str.unescapeEntry().replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=\"Confirm Changes\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+
+    document.write("<td>\n");
+    document.write("<form NAME =\"backForm\" METHOD=POST onSubmit=\"return doBack(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=return_to_edit_config_parameter\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=pvalues VALUE=\"" + conf_values.escapeEntry() + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+    document.write("<input TYPE=hidden NAME=pstate VALUE=\"" + conf_state + "\">");
+    document.write("<input TYPE=submit VALUE=\"Back\">");
+    document.write("</form>\n");
+    document.write("</td>\n");
+
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/confirmDeleteConfig.template b/base/tps-client/apache/docroot/tokendb/confirmDeleteConfig.template
new file mode 100644
index 000000000..3b1ab8b47
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/confirmDeleteConfig.template
@@ -0,0 +1,173 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Delete " + disp_conf_type + " Confirmation </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+    }
+    return true;
+}
+
+function doUpdateConfig(form) {
+        var uri = "";
+        var s = document.editConfigForm.pvalues.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        document.editConfigForm.pvalues.value = s.replace(/\n/g, "&&");
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doDelete() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_state.replace(/_/g, " ") + "</td></tr>");
+
+    document.write("<form NAME =\"editConfigForm\" METHOD=POST onSubmit=\"return doUpdateConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=delete_config_parameter\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<td align=left colspan=4>\n");
+    if ((typeof(conf_values) == "undefined") || (conf_values.length == 0) ) {
+        document.write("<textarea name=pvalues style=\"color:#000000\" cols=100 rows=40 disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=pvalues cols=100 style=\"color:#000000\" rows=40 disabled=disabled>\n");
+        document.write(conf_values.replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td></tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr valign=top>\n");
+    document.write("<td>\n");
+    document.write("Are you sure?");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=\"Delete\">");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/delete.template b/base/tps-client/apache/docroot/tokendb/delete.template
new file mode 100644
index 000000000..4d3243db1
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/delete.template
@@ -0,0 +1,294 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr valign=top>\n");
+    document.write("<td>\n");
+    document.write("Are you sure?");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=delete><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=Delete></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/deleteResults.template b/base/tps-client/apache/docroot/tokendb/deleteResults.template
new file mode 100644
index 000000000..606e11bb0
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/deleteResults.template
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(tid) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Missing " + deleteType + " ID</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write(deleteType + " record "+tid+" has been deleted.</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/doToken.template b/base/tps-client/apache/docroot/tokendb/doToken.template
new file mode 100644
index 000000000..419a9a240
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/doToken.template
@@ -0,0 +1,360 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+function check_transition(state, tlist) {
+    for (var i=0; i < tlist.length; i++) {
+        if (state == tlist[i]) {
+            return true;
+        }
+    }
+    return false;
+}
+
+if (rc == "0") {
+    document.write("<b>The operation has been successful.</b>");
+    document.write("<p>\n");
+} else if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=60%>\n");
+    var transitions = allowed_transitions.split(",");
+    if (allowed_transitions != "") {
+        document.write("<form method='get' action='tus'><select name=\"question\">");
+
+        if (check_transition(1, transitions)) {
+            document.write("<option value=\"1\" >This token has been physically damaged.</option>");
+        } else {
+            document.write("<option value=\"1\" disabled=true >This token has been physically damaged.</option>");
+        }
+        if (check_transition(2, transitions)) {
+            document.write("<option value=\"2\">This token has been permanently lost.</option>");
+        } else {
+            document.write("<option value=\"2\" disabled=true >This token has been permanently lost.</option>");
+        }
+        if (check_transition(3, transitions)) {
+            document.write("<option value=\"3\" >This token has been temporarily lost.</option>");
+        } else {
+            document.write("<option value=\"3\" disabled=true >This token has been temporarily lost.</option>");
+        }
+        if (check_transition(4, transitions)) {
+            document.write("<option value=\"4\" >This temporarily lost token has been found.</option>");
+        } else {
+            document.write("<option value=\"4\" disabled=true >This temporarily lost token has been found.</option>");
+        }
+        if (check_transition(5, transitions)) {
+            document.write("<option value=\"5\" >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        } else {
+            document.write("<option value=\"5\" disabled=true >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        }
+        if (check_transition(6, transitions)) {
+            document.write("<option value=\"6\" >This token has been terminated.</option>");
+        } else {
+            document.write("<option value=\"6\" disabled=true >This token has been terminated.</option>");
+        }
+        document.write("</select><input type=hidden name=op value=do_token><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    }
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=edit><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Edit\"></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/doTokenConfirm.template b/base/tps-client/apache/docroot/tokendb/doTokenConfirm.template
new file mode 100644
index 000000000..16bd2a191
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/doTokenConfirm.template
@@ -0,0 +1,344 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<td width=80%>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">");
+    document.write("Are you sure?");
+     document.write("</font>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=80%>\n");
+    document.write("<form method='get' action='tus'><select name=\"question\">");
+    if (question == '1') {
+      document.write("<option selected value=\"1\">This token has been physically damaged.</option>");
+    } else {
+      document.write("<option value=\"1\" disabled>This token has been physically damaged.</option>");
+    }
+    if (question == '2') {
+      document.write("<option selected value=\"2\">This token has been permanently lost.</option>");
+    } else {
+      document.write("<option value=\"2\" disabled>This token has been permanently lost.</option>");
+    }
+    if (question == '3') {
+      document.write("<option selected value=\"3\">This token has been temporarily lost.</option>");
+    } else {
+      document.write("<option value=\"3\" disabled>This token has been temporarily lost.</option>");
+    }
+    if (question == '4') {
+      document.write("<option selected value=\"4\">This temporarily lost token has been found.</option>");
+    } else {
+      document.write("<option value=\"4\" disabled>This temporarily lost token has been found.</option>");
+    }
+    if (question == '5') {
+      document.write("<option selected value=\"5\">This temporarily lost token cannot be found (becomes permanently lost).</option>");
+    } else {
+      document.write("<option value=\"5\" disabled>This temporarily lost token cannot be found (becomes permanently lost).</option>");
+    }
+    if (question == '6') {
+      document.write("<option selected value=\"6\">This token has been terminated.</option>");
+    } else {
+      document.write("<option value=\"6\" disabled>This token has been terminated.</option>");
+    }
+    document.write("</select><input type=hidden name=op value=do_token>");
+    document.write("<input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/edit.template b/base/tps-client/apache/docroot/tokendb/edit.template
new file mode 100644
index 000000000..163ae3bd1
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/edit.template
@@ -0,0 +1,199 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Edit Token</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function doSave(form) {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    uri += "?op=save&tid="+results[0].cn;
+
+    if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+    }
+
+    if (results[0].tokenPolicy != form.tokenPolicy.value) {
+       uri += "&tokenPolicy=" + form.tokenPolicy.value;
+    }
+    uri += "&m=" + results[0].modified;
+    location.href = uri;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<FORM NAME =\"editForm\" ACTION=\"\" METHOD=GET>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=uid SIZE=20 VALUE="+results[0].tokenUserID+">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].tokenStatus+"\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=tokenPolicy SIZE=20 VALUE="+results[0].tokenPolicy+">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].tokenType+"\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Save onClick=\"doSave(editForm);\">");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("</form>\n");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/editConfig.template b/base/tps-client/apache/docroot/tokendb/editConfig.template
new file mode 100644
index 000000000..a4091870a
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/editConfig.template
@@ -0,0 +1,237 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+String.prototype.htmlEntities = function () {
+   return this.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+};
+
+String.prototype.unescapeEntry = function () {
+   return this.replace(/&dbquote/g,'\"').replace(/&singlequote/g,'\'').replace(/&lessthan/g,'<').replace(/&greaterthan/g, '>');
+};
+
+String.prototype.escapeEntry = function () {
+   return this.replace(/\"/g,'&dbquote').replace(/\'/g,'&singlequote').replace(/</g,'&lessthan').replace(/>/g, '&greaterthan');
+};
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+// validate according to the pattern
+function validate_form(s) {
+    var s_array = s.split("\n");
+    var reg = new RegExp(conf_pattern.replace(/\$name/g, conf_name));
+
+    for (var i=0; i< s_array.length ; i++) {
+        var key_value = s_array[i].split("=");
+        if (! reg.test(key_value[0])) {
+            alert(key_value[0] + " is not a valid parameter.\nValid parameters have the format " + conf_pattern.replace(/\$name/g, conf_name));
+            return false;
+        }
+    }
+    return true;
+}
+
+function doUpdateConfig(form) {
+        var uri = "";
+        var s = document.editConfigForm.pvalues.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(s)) {
+            document.editConfigForm.pvalues.value = s.escapeEntry().replace(/\n/g, "&&");
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doDelete() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_state.replace(/_/g, " ") + "</td></tr>");
+
+    document.write("<form NAME =\"editConfigForm\" METHOD=POST onSubmit=\"return doUpdateConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=confirm_config_changes\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<td align=left colspan=4>\n");
+    if ((typeof(conf_values) == "undefined") || (conf_values.length == 0) ) {
+        if ((conf_state == "Disabled") || (agent_must_approve != "true")) {
+            document.write("<textarea name=pvalues cols=100 rows=40>\n");
+            document.write("</textarea>\n");
+        } else {
+            document.write("<textarea name=pvalues style=\"color:#000000\" cols=100 rows=40 disabled=disabled>\n");
+            document.write("</textarea>\n");
+        }
+    } else {
+        if ((conf_state == "Disabled") || (agent_must_approve != "true")) {
+            document.write("<textarea name=pvalues cols=100 rows=40>\n");
+            document.write(conf_values.unescapeEntry().replace(/&&/g, "\r\n"));
+            document.write("</textarea>\n");
+        } else {
+            document.write("<textarea name=pvalues cols=100 style=\"color:#000000\" rows=40 disabled=disabled>\n");
+            document.write(conf_values.unescapeEntry().replace(/&&/g, "\r\n"));
+            document.write("</textarea>\n");
+        }
+    }
+    document.write("</td></tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+
+    document.write("<tr>\n");
+    document.write("<td align=left>\n");
+    if ((conf_state == "Disabled") || (agent_must_approve != "true")) {
+        document.write("<input name=choice TYPE=submit VALUE=Save>");
+    } else {
+        document.write("<input name=choice TYPE=submit VALUE=Save disabled=disabled>");
+    }
+    document.write("</td>\n");
+
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+
+    if (agent_must_approve == "true") {
+        document.write("<td align=left>\n");
+        if (conf_state == "Disabled") {
+            document.write("<input name=choice TYPE=submit VALUE=\"Submit For Approval\">");
+        } else {
+            document.write("<input name=choice TYPE=submit VALUE=\"Submit For Approval\" disabled=disabled>");
+        }
+        document.write("</td>\n");
+    }
+
+    document.write("</form>\n");
+
+    if (conf_type != "Generals") {
+        document.write("<td align=left>\n");
+        document.write("<form name=deleteConfig method=POST onSubmit=\"return doDelete(this);\">\n");
+        document.write("<input type=hidden name=query value=\"op=confirm_delete_config\">");
+        document.write("<input type=hidden name=pname value=\"" + conf_name + "\">");
+        document.write("<input type=hidden name=ptype value=\"" + conf_type + "\">");
+        document.write("<input type=hidden name=pvalues value=\"" + conf_values.escapeEntry() + "\">");
+        document.write("<input type=hidden name=pstate value=\"" + conf_state + "\">");
+        document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+        if ((conf_state == "Disabled")|| (agent_must_approve != "true")) {
+            document.write("<input TYPE=submit VALUE=\"Delete\">");
+        } else {
+            document.write("<input TYPE=submit VALUE=\"Delete\" disabled=disabled>");
+        }
+        document.write("</form>");
+        document.write("</td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/editResults.template b/base/tps-client/apache/docroot/tokendb/editResults.template
new file mode 100644
index 000000000..783b065c3
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/editResults.template
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(tid) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Missing token ID</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Token record <a href=\"tus?op=show&tid=" + tid + "\">"+tid+"</a> has been updated.</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/editUser.template b/base/tps-client/apache/docroot/tokendb/editUser.template
new file mode 100644
index 000000000..55b587cbe
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/editUser.template
@@ -0,0 +1,313 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Edit User</font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+        if (validate_required(firstName,"First Name is required")==false) {
+            firstName.focus();
+            return false;
+        }
+        if (validate_required(lastName,"Last Name is required")==false) {
+            lastName.focus();
+            return false;
+        }
+        if (validate_required(userCert,"User Certificate is required")==false) {
+            userCert.focus();
+            return false;
+        }
+
+    }
+}
+
+function doUpdateUser(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doUpdateUserProfile(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doCheckBox(val) {
+    document.addUserProfileForm.other_profile.disabled = false;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many users to edit</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<form NAME =\"editUserForm\" METHOD=POST onSubmit=\"return doUpdateUser(this);\">");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=save_user\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "UserID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].uid+"</font>\n");
+    document.write("<input TYPE=HIDDEN NAME=uid VALUE=\"" + results[0].uid + "\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "First Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=firstName SIZE=20 VALUE=\""+
+                   ((typeof(results[0].givenName) == 'undefined')?'':results[0].givenName)+"\">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=lastName SIZE=20 VALUE=\""+results[0].sn+"\">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Role:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td ><input type=checkbox name=opOperator value=Operators " + operator + ">Operator</td>\n");
+    document.write("<td ><input type=checkbox name=opAgent value=Agents " + agent + ">Agent</td>\n");
+    document.write("<td ><input type=checkbox name=opAdmin value=Administrators " + admin + ">Administrator</td>\n");
+    document.write("</tr>\n");
+    
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Certificate:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if ((typeof(results[0].userCertificate) == "undefined") || (results[0].userCertificate.length == 0) ) {
+        document.write("<textarea name=userCert cols=40 rows=10>\n");
+        document.write("Paste the base 64 user certificate here (without the header and footer)");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=userCert cols=40 rows=10>\n");
+        document.write(results[0].userCertificate.replace(/\.\./g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    if ((typeof(results[0].profileID) != "undefined") && (results[0].profileID.length != 0)) {
+
+        var profile_array = results[0].profileID.split("#");
+        document.write("<input TYPE=HIDDEN NAME=nProfiles VALUE=\"" + profile_array.length + "\">");
+        document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+        document.write("<tr bgcolor=#e5e5e5>\n");
+
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "Profile ID</font>\n");
+        document.write("</td>\n");
+
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "Remove Profile Access</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+
+        for (var i=0; i < profile_array.length; i++) {
+            document.write("<tr>\n");
+            document.write("<td>\n");
+            document.write(profile_array[i]);
+            document.write("<input type=hidden name=\"profile_" + i + "\" value=\""+ profile_array[i] + "\">");
+            document.write("</td>\n");
+            document.write("<td><input type=checkbox name=\"delete_" + i + "\" value=\"delete\"></td>\n");
+            document.write("</tr>\n");
+        }
+        document.write("</table>\n");
+    } else {
+        document.write("<p>Profile Memberships</p>");
+    }
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=Update>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("<td>\n");
+    document.write("<form name=deleteUser method=GET action='tus'>\n");
+    document.write("<input type=hidden name=op value=user_delete_confirm>");
+    document.write("<input type=hidden name=uid value=" + results[0].uid + ">");
+    document.write("<input TYPE=submit VALUE=\"Delete User\">");
+    document.write("</form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+
+    if ((typeof(start_val) != "undefined") && (start_val > 0) && (typeof(num_profiles_to_display) != "undefined")) {
+        var new_start = start_val - num_profiles_to_display;
+        if (new_start < 0) new_start =0;
+        document.write("<td> <form name=prev_edit method=get action=\"doCancel()\">");
+        document.write("<input TYPE=hidden name=op VALUE=edit_user>");
+        document.write("<input TYPE=hidden name=uid VALUE=" + results[0].uid + ">");
+        document.write("<input TYPE=hidden name=start_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_profile_vals) != "undefined") && (has_more_profile_vals == "true")) {
+        var new_start = end_val;
+        document.write("<td> <form method=get name=prev_edit action=\"doCancel()\">");
+        document.write("<input TYPE=hidden name=op VALUE=edit_user>");
+        document.write("<input TYPE=hidden name=uid VALUE=" + results[0].uid + ">");
+        document.write("<input TYPE=hidden name=start_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>");
+
+    document.write("<form NAME =\"addUserProfileForm\" METHOD=POST onSubmit=\"return doUpdateUserProfile(this);\">");
+    document.write("<tr>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 >\n");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=add_profile_user\">");
+    document.write("<input TYPE=HIDDEN NAME=uid VALUE=\"" + results[0].uid + "\">");
+    document.write("<td>Add new profile: <select name=\"profile_0\" onChange=\"doCheckbox(this.options[selectedIndex].value)\">");
+    for (var i=0; i < profile_list.length; i++) {
+        document.write("<option value=\""+ profile_list[i] + "\">" + profile_list[i] + "</option>\n");
+    }
+    document.write("</select></td>");
+    document.write("<td><input type=text name=other_profile></td>");
+    document.write("<td><input TYPE=submit VALUE=\"Add Profile\"></td></tr>");
+    document.write("</table>");
+    document.write("</form>\n");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/error.template b/base/tps-client/apache/docroot/tokendb/error.template
new file mode 100644
index 000000000..8f629ff72
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/error.template
@@ -0,0 +1,73 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS Error!</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+document.write("<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+
+if (typeof(error) == "undefined") {
+    document.write("TUS encountered undefined error.");
+} else {
+    document.write(""+error);
+}
+
+document.write("</font>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/index.template b/base/tps-client/apache/docroot/tokendb/index.template
new file mode 100644
index 000000000..4aa9f0cdd
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/index.template
@@ -0,0 +1,151 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS Agent</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a></font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\"><b>UID:</b>" + 
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+    if (form.uid.value == "" && form.tid.value == "") {
+        alert("Enter token or user ID");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        if (form.tid.value.length > 0) uri += "&tid=" + form.tid.value;
+        if (form.uid.value.length > 0) uri += "&uid=" + form.uid.value;
+        location.href = uri;
+    }
+}
+
+var lastCol = 100;
+document.write("<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%><tr>");
+if ((typeof(operatorAuth) != "undefined") && (operatorAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_operator\">Operator Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(agentAuth) != "undefined") && (agentAuth == "true")) {
+    document.write("<td bgcolor=\"#e5e5e5\" width=\"20%\"><a href=\"/tus\">Agent Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(adminAuth) != "undefined") && (adminAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_admin\">Administrator Operations</td>");
+    lastCol -= 20;
+}
+document.write("<td width=\"" + lastCol + "%\"></td>");
+document.write("</tr></table>");
+
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%>
+<tr>
+    <td bgcolor=#e5e5e5>&nbsp;</td>
+</tr>
+</table>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td><i>Tokens</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search">List/Search Tokens</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Certificates</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_certificate">List/Search Certificates</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Activities</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_activity">List/Search Activities</a></td>
+  </tr>
+  <tr>
+    <td></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Advanced Configuration</i></td>
+  </tr>
+  <SCRIPT type="text/JavaScript">
+  <!--
+    var target_array = agent_target_list.split(",");
+    for (var i=0; i< target_array.length ; i++) {
+      document.write("<tr><td>&bull;&nbsp;<a href=\"tus?op=agent_select_config&type=" + target_array[i] + "\">" +
+          target_array[i].replace(/_/g, " ") + "</a></td> </tr>");
+    }
+  //-->
+  </SCRIPT>
+
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/indexAdmin.template b/base/tps-client/apache/docroot/tokendb/indexAdmin.template
new file mode 100644
index 000000000..97086257b
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/indexAdmin.template
@@ -0,0 +1,176 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS Admin</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\"><b>UID:</b>" + 
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function submitEditForm(form) {
+    document.editForm.submit();
+}
+
+function doFind(form) {
+    if (form.uid.value == "" && form.tid.value == "") {
+        alert("Enter token or user ID");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        if (form.tid.value.length > 0) uri += "&tid=" + form.tid.value;
+        if (form.uid.value.length > 0) uri += "&uid=" + form.uid.value;
+        location.href = uri;
+    }
+}
+var lastCol = 100;
+document.write("<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%><tr>");
+if ((typeof(operatorAuth) != "undefined") && (operatorAuth == "true")) {  
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_operator\">Operator Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(agentAuth) != "undefined") && (agentAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus\">Agent Operations</td>");
+    lastCol -=20;
+}
+if ((typeof(adminAuth) != "undefined") && (adminAuth == "true")) {
+    document.write("<td bgcolor=\"#e5e5e5\" width=\"20%\"><a href=\"/tus?op=index_admin\">Administrator Operations</td>");
+    lastCol -=20;
+}
+document.write("<td width=\"" + lastCol + "%\"></td>");
+document.write("</tr></table>");
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%>
+<tr>
+    <td bgcolor=#e5e5e5>&nbsp;</td>
+</tr>
+</table>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td></td>
+  </tr>
+  <tr>
+    <td><i>Tokens</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_admin">List/Search Tokens</a></td>
+  </tr>
+   <tr>
+    <td>&bull;&nbsp;<a href="tus?op=new">Add New Token</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr> 
+    <td><i>Users</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=add_user?tid=&uid=">Add User</a></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=view_users">List Users</a></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_users">Search Users</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+   <tr>
+    <td><i>Activities</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_activity_admin">List/Search Activities</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+   <tr>
+    <td><i>Self Tests</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=self_test">Run Self Tests</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+   <tr>
+    <td><i>Auditing</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=audit_admin">Configure Signed Audit</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Advanced Configuration</i></td>
+  </tr>
+  <SCRIPT type="text/JavaScript">
+  <!--
+    var target_array = target_list.split(","); 
+    for (var i=0; i< target_array.length ; i++) {
+      document.write("<tr><td>&bull;&nbsp;<a href=\"tus?op=select_config_parameter&type=" + target_array[i] + "\">" +
+          target_array[i].replace(/_/g, " ") + "</a></td> </tr>");
+    }
+  //-->
+  </SCRIPT>
+  <tr>
+    <form name="editForm" method=POST action="tus" >
+        <input TYPE=hidden NAME=query VALUE="op=edit_config_parameter">
+        <input TYPE=HIDDEN NAME=ptype VALUE="Generals">
+        <input TYPE=HIDDEN NAME=pname VALUE="General">
+        <td>&bull;&nbsp;<a href="javascript:submitEditForm(this)">General</a></td>
+    </form>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/indexOperator.template b/base/tps-client/apache/docroot/tokendb/indexOperator.template
new file mode 100644
index 000000000..1b1902843
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/indexOperator.template
@@ -0,0 +1,129 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS Operator</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\"><b>UID:</b>" + 
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+    if (form.uid.value == "" && form.tid.value == "") {
+        alert("Enter token or user ID");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        if (form.tid.value.length > 0) uri += "&tid=" + form.tid.value;
+        if (form.uid.value.length > 0) uri += "&uid=" + form.uid.value;
+        location.href = uri;
+    }
+}
+
+var lastCol = 100;
+document.write("<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%><tr>");
+if ((typeof(operatorAuth) != "undefined") && (operatorAuth == "true")) {
+    document.write("<td bgcolor=\"#e5e5e5\" width=\"20%\"><a href=\"/tus?op=index_operator\">Operator Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(agentAuth) != "undefined") && (agentAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus\">Agent Operations</td>");
+    lastCol -=20;
+}
+if ((typeof(adminAuth) != "undefined") && (adminAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_admin\">Administrator Operations</td>");
+    lastCol -=20;
+}
+document.write("<td width=\"" + lastCol + "%\"></td>");
+document.write("</tr></table>");
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%>
+<tr>
+    <td bgcolor=#e5e5e5>&nbsp;</td>
+</tr>
+</table>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td><i>Tokens</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search&top=operator">List/Search Tokens</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Certificates</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_certificate&top=operator">List/Search Certificates</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Activities</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_activity&top=operator">List/Search Activities</a></td>
+  </tr>
+  <tr>
+    <td></td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/new.template b/base/tps-client/apache/docroot/tokendb/new.template
new file mode 100644
index 000000000..f4bf1475d
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/new.template
@@ -0,0 +1,93 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Add New Token</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doAdd(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=add";
+        uri += "&tid=" + form.tid.value;
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="addForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Add onClick="doAdd(addForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/newUser.template b/base/tps-client/apache/docroot/tokendb/newUser.template
new file mode 100644
index 000000000..f1e7e6e35
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/newUser.template
@@ -0,0 +1,179 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Admin Operations : Add New User</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+        if (validate_required(userid,"Userid is required")==false) {
+            userid.focus();
+            return false;
+        } 
+        if (validate_required(firstName,"First Name is required")==false) {
+            firstName.focus();
+            return false;
+        }
+        if (validate_required(lastName,"Last Name is required")==false) {
+            lastName.focus();
+            return false;
+        }
+        if (validate_required(groupid,"Group ID is required")==false) {
+            groupid.focus();
+            return false;
+        }
+
+    }
+}
+
+function doAdd(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(this)) {
+            document.addUserForm.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+    
+//-->
+</SCRIPT>
+
+<FORM NAME ="addUserForm" METHOD="POST" onSubmit="return doAdd(this)" >
+<input TYPE="hidden" NAME="query" VALUE="op=addUser">
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=userid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User First Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=firstName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User Last Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=lastName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Role:
+      </font>
+    </td>
+    <td> Operator
+      <input TYPE=CHECKBOX NAME=opOperator value="Operators" CHECKED>
+      &nbsp;&nbsp;&nbsp;&nbsp;Agent
+      <input TYPE=CHECKBOX NAME=opAgent value="Agents" >
+      &nbsp;&nbsp;&nbsp;&nbsp;Admin
+      <input TYPE=CHECKBOX NAME=opAdmin value="Administrators" >
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Certificate:
+      </font>
+    </td>
+    <td>
+      <textarea name="cert" cols="40" rows="10" >
+Paste the base 64 user certificate here (without the header and footer) 
+      </textarea>
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=submit VALUE="Add User" >
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/revoke.template b/base/tps-client/apache/docroot/tokendb/revoke.template
new file mode 100644
index 000000000..6a62ea116
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/revoke.template
@@ -0,0 +1,317 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=60%>\n");
+    document.write("<form method='get' action='tus'><select name=\"question\"><option value=\"1\">Is this token physically damaged?</option><option value=\"2\">Is this token permanently lost?</option><option value=\"3\">Is this token temporarily lost?</option><option value=\"4\">Is this temporarily lost token found?</option><option value=\"5\">Does this temporarily lost token become permanently lost?</option></select><input type=hidden name=op value=do_token><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=revoke><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Revoke\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=edit><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Edit\"></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/search.template b/base/tps-client/apache/docroot/tokendb/search.template
new file mode 100644
index 000000000..305c9cd74
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/search.template
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Search Tokens</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+            uri += "top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT SIZE=4 NAME=maxCount value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchActivity.template b/base/tps-client/apache/docroot/tokendb/searchActivity.template
new file mode 100644
index 000000000..e831a2872
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchActivity.template
@@ -0,0 +1,123 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Operator Operations : Search Activity</font>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Search Activity</font>\n");
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_activity";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+            uri += "top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchActivityAdmin.template b/base/tps-client/apache/docroot/tokendb/searchActivityAdmin.template
new file mode 100644
index 000000000..da201d97f
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchActivityAdmin.template
@@ -0,0 +1,119 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Search Activity</font>\n");
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_activity_admin";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+            uri += "top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchActivityAdminResults.template b/base/tps-client/apache/docroot/tokendb/searchActivityAdminResults.template
new file mode 100644
index 000000000..d8f6587aa
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchActivityAdminResults.template
@@ -0,0 +1,234 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+    "<a href=\""+uri+"\">Main Menu</a> : Administrator Operations : Search Activity Results</font>\n");
+uri += "?op=show_admin&tid=";
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Activity ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "IP</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Operation</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Result</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td colspan=7>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">");
+    document.write("Details");
+    document.write("</font>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    for (var i = 0; i < results.length; i++) {
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       
+                        results[i].cn+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"" + uri + 
+                        results[i].tokenID+"\">" + results[i].tokenID + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenIP+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenOp+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenResult+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td colspan=7>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+ results[i].tokenMsg+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) && 
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchActivityResults.template b/base/tps-client/apache/docroot/tokendb/searchActivityResults.template
new file mode 100644
index 000000000..1f97860a0
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchActivityResults.template
@@ -0,0 +1,239 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Operator Operations : Search Activity Results</font>\n");
+    uri += "?op=show&top=operator&tid=";
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Agent Operations : Search Activity Results</font>\n");
+    uri += "?op=show&tid=";
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Activity ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "IP</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Operation</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Result</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td colspan=7>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">");
+    document.write("Details");
+    document.write("</font>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    for (var i = 0; i < results.length; i++) {
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       
+                        results[i].cn+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"" + uri + 
+                        results[i].tokenID+"\">" + results[i].tokenID + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenIP+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenOp+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenResult+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td colspan=7>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+ results[i].tokenMsg+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchAdmin.template b/base/tps-client/apache/docroot/tokendb/searchAdmin.template
new file mode 100644
index 000000000..b0960f571
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchAdmin.template
@@ -0,0 +1,115 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Search Tokens</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_admin";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchAdminResults.template b/base/tps-client/apache/docroot/tokendb/searchAdminResults.template
new file mode 100644
index 000000000..ab0a471c2
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchAdminResults.template
@@ -0,0 +1,222 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Administrator Operations : Search Results</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+uri += "?op=show_admin&tid=";
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modified</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+	for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "<a href=\""+uri+results[i].cn+"\">"+
+                        results[i].cn+"</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenStatus+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenAppletID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].keyInfo+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenPolicy+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfModify)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchCertificate.template b/base/tps-client/apache/docroot/tokendb/searchCertificate.template
new file mode 100644
index 000000000..788491fbf
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchCertificate.template
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Search Certificates</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_certificate";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+           uri += "&top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT SIZE=4 NAME=maxCount value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchCertificateResults.template b/base/tps-client/apache/docroot/tokendb/searchCertificateResults.template
new file mode 100644
index 000000000..bb6dcabf3
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchCertificateResults.template
@@ -0,0 +1,226 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Operator Operations : Search Certificate Results</font>\n");
+    cert_uri = uri + "?op=show_certificate&top=operator&cn=";
+    uri += "?op=show&top=operator&tid=";
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Agent Operations : Search Certificate Results</font>\n");
+    cert_uri = uri + "?op=show_certificate&cn=";
+    uri += "?op=show&tid=";
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Serial Number</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Subject</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Type</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Status</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Modified At</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+	for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\""+ cert_uri +
+                        results[i].cn+"\">" + results[i].cn + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        "0x" + results[i].tokenSerial+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenSubject+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"" + uri +
+                        results[i].tokenID+"\">" + results[i].tokenID + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenKeyType+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenStatus+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfModify)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchResults.template b/base/tps-client/apache/docroot/tokendb/searchResults.template
new file mode 100644
index 000000000..f4644b355
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchResults.template
@@ -0,0 +1,227 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Operator Operations : Search Results</font>\n");
+    uri += "?op=show&top=operator&tid=";
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Agent Operations : Search Results</font>\n");
+    uri += "?op=show&tid=";
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modified</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+	for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "<a href=\""+uri+results[i].cn+"\">"+
+                        results[i].cn+"</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenStatus+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenReason+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenAppletID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].keyInfo+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfModify)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchUser.template b/base/tps-client/apache/docroot/tokendb/searchUser.template
new file mode 100644
index 000000000..57e3a5507
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchUser.template
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Search Users</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_users";
+        uri += "&uid=" + form.uid.value;
+        uri += "&firstName=" + form.firstName.value;
+        uri += "&lastName=" + form.lastName.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        First Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=firstName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Last Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=lastName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/searchUserResults.template b/base/tps-client/apache/docroot/tokendb/searchUserResults.template
new file mode 100644
index 000000000..bbb885f31
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/searchUserResults.template
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Administrator Operations : Search Results</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+uri += "?op=edit_user&uid=";
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Name</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Date Created</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Date Modified</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "<a href=\""+uri+results[i].uid+"\">"+
+                        results[i].uid+"</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].cn+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].createTimeStamp)+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].modifyTimeStamp)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/selectConfig.template b/base/tps-client/apache/docroot/tokendb/selectConfig.template
new file mode 100644
index 000000000..33f560461
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/selectConfig.template
@@ -0,0 +1,137 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doAddConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        // need to validate that pname is not empty
+        this.action = uri;
+        return true;
+}
+
+function doEditConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5> <p>  Use this form to add or modify " + conf_type.replace(/_/g, " ").toLowerCase() + ".  <br> Either select an item " + 
+         " to edit in the drop-down box below and click \"Edit\", <br> or fill in the name of a new " + disp_conf_type.toLowerCase() + 
+         " and click the \"Add\" button.</p></tr>");
+
+    document.write("<form NAME =\"selectEditConfigForm\" METHOD=POST onSubmit=\"return doEditConfig(this);\">");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=edit_config_parameter\">");
+    document.write("<input TYPE=HIDDEN NAME=ptype VALUE=\"" + conf_type + "\">");
+
+    var pset_list = conf_list.split(",");
+    document.write("<tr>");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> Edit an existing " + disp_conf_type + ": </td>");
+    document.write("<td ALIGN=LEFT width=30%><select name=\"pname\">");
+    for (var i=0; i < pset_list.length; i++) {
+        document.write("<option value=\""+ pset_list[i] + "\">" + pset_list[i] + "</option>\n");
+    }
+    document.write("</select></td>");
+    document.write("<td ALIGN=LEFT width=30%><input TYPE=submit VALUE=Edit></td></tr>");
+    document.write("</form>\n");
+
+    document.write("<form NAME =\"selectAddConfigForm\" METHOD=POST onSubmit=\"return doAddConfig(this);\">");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=add_config_parameter\">");
+    document.write("<input TYPE=HIDDEN NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<tr>");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> Add a new " + disp_conf_type + ": </td>");
+    document.write("<td ALIGN=LEFT width=30%> <input type=text name=pname></td> ");
+    document.write("<td ALIGN=LEFT width=30%><input TYPE=submit VALUE=Add></td></tr>");
+    document.write("</table>");
+    document.write("</form>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/selfTest.template b/base/tps-client/apache/docroot/tokendb/selfTest.template
new file mode 100644
index 000000000..163437d17
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/selfTest.template
@@ -0,0 +1,129 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Admin Operations : Run Self Tests</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function runSelfTest(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        if (enabledTests > 0) {
+            document.selfTestForm.action = uri;
+            return true;
+        } else {
+            alert("Self tests are not enabled.");
+            return false;
+        }
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="selfTestForm" METHOD="POST" onSubmit="return runSelfTest(this)" >
+<input TYPE="hidden" NAME="query" VALUE="op=run_self_test">
+
+<SCRIPT type="text/JavaScript">
+<!--
+if ((typeof(test_list) != "undefined") && (test_list.length > 0)) {
+    document.write("<center>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;Enable&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+    document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;Critical&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+    document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;Test&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+    document.write("</tr>\n");
+    var enabledTests = 0
+    for (var i = 0, k = 1; i < test_list.length; i++) {
+        document.write("<tr bgcolor=#efefef>\n");
+        document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;");
+        document.write("<input type=checkbox name=\"enable"+test_list[i]+"\" value=\"enable"+test_list[i]+"\" ");
+        if ((typeof(enabled) != "undefined") && (enabled & k)) {
+            document.write("CHECKED");
+            enabledTests++;
+        }
+        document.write(" DISABLED>\n");
+        document.write("&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+        document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;");
+        document.write("<input type=checkbox name=\"critical"+test_list[i]+"\" value=\"critical"+test_list[i]+"\" ");
+        if ((typeof(critical) != "undefined") && (critical & k)) {
+            document.write("CHECKED");
+        }
+        document.write(" DISABLED>\n");
+        document.write("&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+        document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;");
+        document.write(test_list[i]);
+        document.write("&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+        document.write("</tr>\n");
+        k *= 2;
+    }
+    document.write("</table>\n");
+    document.write("<HR NOSHADE SIZE=1>\n");
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<input TYPE=submit VALUE=\"Run\">\n");
+} else {
+    document.write("Error: Missing self test list.\n");
+    document.write("<HR NOSHADE SIZE=1>\n");
+}
+//-->
+</SCRIPT>
+
+</form>
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/selfTestResults.template b/base/tps-client/apache/docroot/tokendb/selfTestResults.template
new file mode 100644
index 000000000..aeb49d711
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/selfTestResults.template
@@ -0,0 +1,113 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(result) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Error: Missing self test results.</font>\n");
+} else {
+    if (typeof(test_list) == "undefined" || test_list.length == 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+        document.write("Error: List of self tests is not available.</font>\n");
+    } else {
+        var enabledTests = 0
+        for (var i = 0, k = 1; i < test_list.length; i++) {
+            if ((typeof(enabled) != "undefined") && (enabled & k)) {
+                enabledTests++;
+            }
+            k *= 2;
+        }
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+        if (enabledTests == 0) {
+            document.write("Self tests are not enabled.");
+        } else {
+            if (result == 0) {
+                document.write("Self test"+((enabledTests > 1)?"s ":" "));
+                for (i = 0, k = 1, n = 0; i < test_list.length; i++) {
+                    if ((typeof(enabled) != "undefined") && (enabled & k)) {
+                        if (n > 0) {
+                            document.write(", ");
+                        }
+                        document.write("\""+test_list[i]+"\"");
+                        n++;
+                    }
+                    k *= 2;
+                }
+                document.write(((enabledTests > 1)?" are":" is")+" completed successfully.\n");
+            } else if (result > -4 && result < 4) {
+                document.write("Self test \""+test_list[0]+"\" encounter "+((result < 0)?"critical":"")+" failure: "+result+"\n");
+                if (result < 0) {
+                    document.write("<br><b>Please stop the server immediately.</b>\n");
+                }
+            } else {
+                document.write("Self test \""+test_list[1]+"\" encounter "+((result < 0)?"critical":"")+" failure: "+result+"\n");
+                if (result < 0) {
+                    document.write("<br><b>Please stop the server immediately.</b>\n");
+                }
+            }
+        }
+        document.write("</font>\n");
+    }
+}
+document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/show.template b/base/tps-client/apache/docroot/tokendb/show.template
new file mode 100644
index 000000000..a9dd39334
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/show.template
@@ -0,0 +1,379 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Operator Operations : Token Details</font>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function check_transition(state, tlist) {
+    for (var i=0; i < tlist.length; i++) {
+        if (state == tlist[i]) {
+            return true;
+        }
+    }
+    return false;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=60%>\n");
+   
+    if ((allowed_transitions != "") && ((typeof(topLevel) == "undefined") || (topLevel != "operator"))) { 
+        var transitions = allowed_transitions.split(",");
+        document.write("<form method='get' action='tus'><select name=\"question\">");
+        if (check_transition(1, transitions)) {
+            document.write("<option value=\"1\" >This token has been physically damaged.</option>");
+        } else {
+            document.write("<option value=\"1\" disabled=true >This token has been physically damaged.</option>");
+        }
+        if (check_transition(2, transitions)) {
+            document.write("<option value=\"2\">This token has been permanently lost.</option>");
+        } else {
+            document.write("<option value=\"2\" disabled=true >This token has been permanently lost.</option>");
+        }
+        if (check_transition(3, transitions)) {
+            document.write("<option value=\"3\" >This token has been temporarily lost.</option>");
+        } else {
+            document.write("<option value=\"3\" disabled=true >This token has been temporarily lost.</option>");
+        }
+        if (check_transition(4, transitions)) {
+            document.write("<option value=\"4\" >This temporarily lost token has been found.</option>");
+        } else {
+            document.write("<option value=\"4\" disabled=true >This temporarily lost token has been found.</option>");
+        }
+        if (check_transition(5, transitions)) {
+            document.write("<option value=\"5\" >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        } else {
+            document.write("<option value=\"5\" disabled=true >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        }
+        if (check_transition(6, transitions)) {
+            document.write("<option value=\"6\" >This token has been terminated.</option>");
+        } else {
+            document.write("<option value=\"6\" disabled=true >This token has been terminated.</option>");
+        }
+        document.write("</select><input type=hidden name=op value=do_confirm_token><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=right width=10%>\n");
+    document.write("</td>\n");
+
+    document.write("<td align=right width=10%>\n");
+    if ((typeof(topLevel) == "undefined") || (topLevel != "operator")) { 
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=edit><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Edit\"></form>");
+    }
+    document.write("</td>\n");
+
+    document.write("<td align=right width=10%>\n");
+    if ((typeof(topLevel) == "undefined") || (topLevel != "operator")) {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    } else {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=top value=operator><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    }
+    document.write("</td>\n");
+
+    document.write("<td align=right width=10%>\n");
+    if ((typeof(topLevel) == "undefined") || (topLevel != "operator")) {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>"); 
+    } else {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=top value=operator><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    }
+    document.write("</td>\n");
+
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/showAdmin.template b/base/tps-client/apache/docroot/tokendb/showAdmin.template
new file mode 100644
index 000000000..fe3292011
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/showAdmin.template
@@ -0,0 +1,302 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_admin_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=confirm><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=Delete></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/showCert.template b/base/tps-client/apache/docroot/tokendb/showCert.template
new file mode 100644
index 000000000..964035887
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/showCert.template
@@ -0,0 +1,355 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Operator Operations : Certificate Details</font>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Certificate Details</font>\n");
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function breakLinesWithDots(str) {
+	str = str.replace(/\.\./g, '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Certificate Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Serial Number:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "0x"+results[0].tokenSerial+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"tus?op=show&top=operator&tid=" + results[0].tokenID + "\">"+
+                   results[0].tokenID+"</a></font>\n");
+    } else {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"tus?op=show&tid=" + results[0].tokenID + "\">"+
+                   results[0].tokenID+"</a></font>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenKeyType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Issuer:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenIssuer+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Subject:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenSubject+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Not Before:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].tokenNotBefore)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Not After:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].tokenNotAfter)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Certificate:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "-----BEGIN CERTIFICATE-----<br>" +
+                   breakLinesWithDots(results[0].userCertificate)+
+                   "<br>" +
+                   "-----END CERTIFICATE-----<br>" +
+                   "</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tokendb/userDelete.template b/base/tps-client/apache/docroot/tokendb/userDelete.template
new file mode 100755
index 000000000..db4b226cd
--- /dev/null
+++ b/base/tps-client/apache/docroot/tokendb/userDelete.template
@@ -0,0 +1,174 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/pki/images/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/pki/images/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Delete User</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doDeleteUser(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many users to edit</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<form NAME =\"deleteUserForm\" METHOD=POST onSubmit=\"return doDeleteUser(this);\">");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=do_delete_user\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "UserID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].uid+"</font>\n");
+    document.write("<input TYPE=HIDDEN NAME=uid VALUE=\"" + results[0].uid + "\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "First Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].givenName);
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].sn);
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Role:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td ><input type=checkbox name=opOperator value=Operators disabled=true " + operator + ">Operator</td>\n");
+    document.write("<td ><input type=checkbox name=opAgent value=Agents disabled=true " + agent + ">Agent</td>\n");
+    document.write("<td ><input type=checkbox name=opAdmin value=Administrators disabled=true " + admin + ">Administrator</td>\n");
+    document.write("</tr>\n");
+    
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Certificate:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<textarea name=userCert disabled=true cols=40 rows=10>\n");
+    document.write(results[0].userCertificate);
+    document.write("</textarea>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("Are you sure?");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=Delete>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</form>");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/adminauthenticatepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/adminauthenticatepanel.vm
new file mode 100644
index 000000000..cfa53c628
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/adminauthenticatepanel.vm
@@ -0,0 +1,51 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<p>
+The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem.
+#if ($systemType != "tps")
+<br/>
+If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one.
+#end
+<br/>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<p>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/adminpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/adminpanel.vm
new file mode 100644
index 000000000..46d3e25a2
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/adminpanel.vm
@@ -0,0 +1,246 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT ID=Send_OnClick type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+#if ($import == 'true' && $clone != 'clone')
+    var email = document.forms[0].email.value;
+    var name = document.forms[0].name.value;
+    var o = '$securityDomain';
+    if (name == '') {
+        alert("Name is empty");
+        return;
+    }
+    if (email == '') {
+        alert("Email is empty");
+        return;
+    }
+    var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o;
+    document.forms[0].subject.value = dn;
+    var keyGenAlg = "rsa-dual-use";
+    var keyParams = null;
+
+    if (document.forms[0].keytype.value == 'ecc') {
+        keyGenAlg = "ec-dual-use";
+        keyParams = "curve=nistp256"
+    }
+
+    if (navigator.appName == "Netscape" &&
+      typeof(crypto.version) != "undefined") {
+
+        crmfObject = crypto.generateCRMFRequest(
+          dn, "regToken", "authenticator", null,
+          "setCRMFRequest();", 2048, keyParams, keyGenAlg);
+    } else {
+        Send_OnClick();
+    }
+#else
+    with (document.forms[0]) {
+        submit();
+    }
+#end
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+        cert_request.value = crmfObject.request;
+        submit();
+    }
+}
+
+</SCRIPT>
+<SCRIPT type="text/VBS">
+<!--
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Set TheForm = Document.f
+
+
+  ' Contruct the X500 distinguished name
+  szName = "CN=NAME"
+
+  ' IE doesnt like the dn containing the O component
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   Enroll.providerType = 1
+   Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0"
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security'
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection the user would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.cert_request.Value = szCertReq
+  TheForm.cert_request_type.Value = "pkcs10"
+  TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value
+
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+
+-->
+</SCRIPT>
+
+<SCRIPT type="text/VBS">
+<!--
+FindProviders
+
+Function FindProviders
+        Dim i, j
+        Dim providers()
+        i = 0
+        j = 1
+        Dim el
+        Dim temp
+        Dim first
+        Dim TheForm
+        Set TheForm = document.f
+        On Error Resume Next
+        first = 0
+
+        Do While True
+        temp = ""
+        Enroll.providerType = j
+        temp = Enroll.enumProviders(i,0)
+        If Len(temp) = 0 Then
+        If j < 1 Then
+          j = j + 1
+          i = 0
+        Else
+          Exit Do
+        End If
+        Else
+        set el = document.createElement("OPTION")
+        el.text = temp
+        el.value = j
+        If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+          first = j
+        End If
+        TheForm.cryptprovider.add(el)
+        If first = 0  Then
+          first = 1
+          TheForm.cryptprovider.selectedIndex = 0
+        Else
+          TheForm.cryptprovider.selectedIndex = first
+        End If
+        i = i + 1
+        End If
+        Loop
+End Function
+
+-->
+</SCRIPT>
+The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel.
+<br/>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+    <br/>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>UID:</th>
+#if ($clone != 'clone')
+        <td><input type=text name=uid value="$admin_uid"></td>
+#else
+        <td><input type=text name=uid value="$admin_uid" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Name:</th>
+#if ($clone != 'clone')
+        <td><input size=35 type=text name=name value="$admin_name"></td>
+#else
+        <td><input size=35 type=text name=name value="$admin_name" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Email:</th>
+#if ($clone != 'clone')
+        <td><input size=35 type=text name=email value="$admin_email"></td>
+#else
+        <td><input size=35 type=text name=email value="$admin_email" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Password:</th>
+#if ($clone != 'clone')
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td>
+#else
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" disabled="disabled" autocomplete="off"/></td>
+#end
+      </tr>
+      <tr>
+        <th>Password (Again):</th>
+                                                                              
+#if ($clone != 'clone')
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td>
+#else
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" disabled="disabled" autocomplete="off"/></td>
+#end
+<input type="hidden" name="cert_request" value=""/>
+<input type="hidden" name="display" value=$displayStr />
+<input type="hidden" name="profileId" value="caAdminCert" />
+<input type="hidden" name="cert_request_type" value="crmf" />
+<input type="hidden" name="import" value=$import />
+<input type="hidden" name="uid" value="admin" />
+<input type="hidden" name="clone" value=$clone />
+<input type="hidden" name="securitydomain" value="$securityDomain" />
+<input type="hidden" name="subject" value="cn=x" />
+      </tr>
+      <tr>
+        <th>Key Type:</th>
+        <td><select name="keytype"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td>
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/agentauthenticatepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/agentauthenticatepanel.vm
new file mode 100644
index 000000000..738efe5b3
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/agentauthenticatepanel.vm
@@ -0,0 +1,47 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<br/>
+The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests.
+<br/>
+#if ($errorString != "")
+<img alt="" src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<br/>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/authdbpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/authdbpanel.vm
new file mode 100644
index 000000000..3ebb96853
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/authdbpanel.vm
@@ -0,0 +1,67 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+    Please provide information about the LDAP server that will be used to authenticate the identity of end users. <a href="javascript: toggle_details();">[Details]</a>
+<script>
+function toggle_details() {
+  d = document.getElementById('details');   if (d.style.display == "block") {
+    d.style.display="none";   } else {
+    d.style.display="block";
+  } } </script>
+<div id=details style="display: none;"> <p>
+    In order for ESC to submit certificate requests to TPS, the end user's identity must first be verified.  To accomplish this, an end user first sends a uid and password to TPS.  TPS must then contact an LDAP server (e.g. - a corporate LDAP directory server) to verify this end user's identity.
+<p>
+If the end user's identity is successfully verified, TPS will establish an authenticated connection with this ESC, and begin accepting certificate requests and issuing certificates to this end user.
+<p>
+If, however, the end user's identity fails to be verified, TPS will not establish a connection with this ESC. TPS never issues certificates to unauthenticated end users.
+</div>
+<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>                                                                            
+
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+
+      <tr>
+        <th>Port:</th>
+
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" />
+          <input type="CHECKBOX" NAME="secureConn" value="true">SSL </td>
+      </tr>
+            
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+    </table>
+ 
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/cainfopanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/cainfopanel.vm
new file mode 100644
index 000000000..8d2e54251
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/cainfopanel.vm
@@ -0,0 +1,54 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+A Certificate Authority (CA) is responsible for issuing different kinds of certificates. Each Enterprise Security Client (ESC) interfaces with a TPS subsystem to request end user certificates. Consequently, to obtain these certificates, an HTTPS EE URL to a CA that has been registered in the security domain must also be selected.
+<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+
+
+     <div align="right">
+      <hr />
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/certchainpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/certchainpanel.vm
new file mode 100644
index 000000000..d6b7b3fe4
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/certchainpanel.vm
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<b>Pretty Print of Certificates on this subsystem.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/certprettyprintpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/certprettyprintpanel.vm
new file mode 100644
index 000000000..0e5f05af6
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/certprettyprintpanel.vm
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+The following certificates were installed on this instance.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/certrequestpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/certrequestpanel.vm
new file mode 100644
index 000000000..632b27c34
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/certrequestpanel.vm
@@ -0,0 +1,224 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 250px;
+  top: 50px;
+  width: 600px;
+  padding: 3px;
+  border: solid;
+  border-width: 5px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+</style>
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function showcert(element, event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var content = element.getAttribute("content");
+  var content_d = element.getAttribute("content_desc");
+
+  if (content == null) { return false; }
+
+  var n = element.getAttribute("n");
+
+  var editableType = element.getAttribute("editableType");
+  var desc;
+  var d;
+  var c;
+  if (editableType == "cert")
+  {
+    d = document.getElementById(n+"_editCertDiv");
+    c = document.getElementById(n+"_text");
+    desc = document.getElementById(n+"_desc_t");
+  } else if (editableType == "certchain") {
+    d = document.getElementById(n+"_editCertChainDiv");
+    c = document.getElementById(n+"_cc_text");
+    desc = document.getElementById(n+"_cc_desc_t");
+  } else {
+    d = document.getElementById(n+"_showCertDiv");
+    c = document.getElementById(n+"_pre");
+    desc = document.getElementById(n+"_desc_p");
+  }
+
+  if (desc.hasChildNodes())
+  {
+    desc.removeChild(desc.childNodes[0]);
+  }
+  var content_desc = document.createTextNode(content_d);
+  desc.appendChild(content_desc);
+    
+  if (c.hasChildNodes())
+  {
+    c.removeChild(c.childNodes[0]);
+  }
+  var content_text = document.createTextNode(content);
+  c.appendChild(content_text);
+    
+  d.style.left = x+30; // x-offset of floating div
+  assumedheight = 1000;
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  d.style.top = y+ offset +document.body.scrollTop;
+
+  // unhide the window
+  d.style.display ="block";
+
+}
+
+function hide(tag)
+{
+    document.getElementById(tag+"_showCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertChainDiv").style.display ="none";
+}
+
+</SCRIPT>
+A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate.
+<p>
+If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully.
+<p>
+However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation.
+<p>
+Press the [Apply] button after certificates and chains are pasted in.
+<p>
+Press the [Next] button once all certificates have been generated successfully.
+<p>
+#foreach ($item in $reqscerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr>
+  <td width=10%></td>
+  <td width=20%></td>
+  <td width=70%></td>
+</tr>
+
+<tr>
+  <td>&nbsp;</td>
+#if ($item.getCert() == "...paste certificate here...") 
+  <td><font color=red>action required</font><br>
+<img src="/pki/images/no-certificate.png"/></td>
+#else
+  #if ($item.getCert() == "...certificate be generated internally...")
+<td>
+  <img src="/pki/images/no-certificate.png"/><br>
+  certificate will be generated internally
+  </td>
+  #else
+    #if ($item.getCert() == "")
+  <td>
+<img src="/pki/images/no-certificate.png"/><br>
+  No Certificate Generated. Please import.<br>
+  </td>
+    #else
+  <td>
+<img src="/pki/images/certificate.png"/><br>
+  Certificate Generated Successfully
+  </td>
+    #end
+  #end
+#end
+
+<td>
+
+
+#if ($item.getCert() == "...paste certificate here...") 
+<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p>
+<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p>
+<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p>
+#else
+  #if ($item.getCert() == "...certificate be generated internally...")
+<p>
+  #else
+<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p>
+<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p>
+<a content="$item.getCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p>
+  #end
+#end
+
+
+</td>
+</tr>
+</table>
+                                                                                
+<div id="$item.getCertTag()_showCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_stable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_p"></td>
+</tr>
+<tr>
+<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertChainDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_cc_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_cc_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td>
+</tr>
+</table>
+</div>
+
+
+#end
+
+    <p>
+
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/config_addhsm.vm b/base/tps-client/apache/docroot/tps/admin/console/config/config_addhsm.vm
new file mode 100644
index 000000000..90d2f0ea9
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/config_addhsm.vm
@@ -0,0 +1,95 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="page-content" width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Security Modules</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Registering a New Security Module</H2>
+<form name=configForm action="config_addhsm" method="post">
+<p>
+If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here.
+<table>
+<tr>
+  <td>
+Library Path: <input type=text name="modulePath" value="">
+  </td>
+</tr>
+<tr>
+  <td>
+Module Name: <input type=text name="moduleName" value="">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/config_db.vm b/base/tps-client/apache/docroot/tps/admin/console/config/config_db.vm
new file mode 100644
index 000000000..ba40c7cee
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/config_db.vm
@@ -0,0 +1,125 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function donePanel(errorStr, displayS) {
+      if (displayS == "loaded") {
+        if (errorStr == '') {
+            window.close();
+        }
+      }
+    }
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="donePanel('$errorString', '$displayStr')">
+<div id="wrap">
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Internal Database </h1>
+
+    <form name=configForm action="config_db" method="post">
+    <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Port:</th>
+                                                                                
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+      <tr>
+        <th>Database:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+                                                                                
+        <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+        <td><input type="hidden" name="display" value=$displayStr /></td>
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/config_hsm.vm b/base/tps-client/apache/docroot/tps/admin/console/config/config_hsm.vm
new file mode 100644
index 000000000..7ec82522c
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/config_hsm.vm
@@ -0,0 +1,175 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+#include ( "admin/console/config/topmenu.vm" )
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Security Modules </h1>
+
+<form name=configForm action="config_hsm" method="post">
+
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below.
+<p>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+
+  </td>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_hsm value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/config_hsmloginpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/config_hsmloginpanel.vm
new file mode 100644
index 000000000..332f2f470
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/config_hsmloginpanel.vm
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+  <h1>
+  Security Modules Login Panel</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Security Token Login</H2>
+<form name=configHSMLoginForm action="config_hsmlogin" method="post">
+<p>
+The user has chosen to login to the following security module: <b>$SecToken</b>
+<p>
+#if ($status == "alreadyLoggedIn")
+	Token already logged in.
+#else
+   #if ($status == "tokenPasswordNotInitialized")
+	Token password not initialized.
+   #else
+      #if ($status == "justLoggedIn")
+          Token logged in successfully.
+      #else
+<table>
+<tr>
+  <td>
+Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b>
+  </td>
+</tr>
+<tr>
+  <td>
+Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+      #end
+    #end
+#end
+
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+    <p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+
+
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/config_join.vm b/base/tps-client/apache/docroot/tps/admin/console/config/config_join.vm
new file mode 100644
index 000000000..49e43fbc4
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/config_join.vm
@@ -0,0 +1,124 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+                                                                                
+                                                                                
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Join the PKI Network </h1>
+
+To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing.
+    <p>
+    <form action="config_join" method="post" name="f">
+                                                                                
+<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA.
+<p>
+<table width=100%>
+<tr>
+  <td width=50%>Certificate Request to a CA:</td>
+  <td>Certificate Chain From a CA:</td>
+  </td>
+</tr>
+<tr>
+  <td>
+<textarea rows=8 cols=40 name="req">$certreq</textarea>
+  </td>
+  <td>
+<textarea rows=8 cols=40 name="cert">$cert</textarea>
+  </td>
+</tr>
+</table>
+<p>
+<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority
+<br>
+    <table class="details">
+      <tr>
+        <th width=10%>URL:</th>
+        <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>UID:</th>
+        <td><input type="text" length="64" size="40" name="uid" value="agent" /></td>
+      </tr>       
+      <tr>
+        <th>Password:</th>
+        <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td>
+      </tr>       
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit();" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/config_rootca.vm b/base/tps-client/apache/docroot/tps/admin/console/config/config_rootca.vm
new file mode 100644
index 000000000..7e17fef35
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/config_rootca.vm
@@ -0,0 +1,112 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+
+
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Root CA </h1>
+
+A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide.
+    <p>
+
+<form name="f" action="config_rootca" method="post">
+                                                                                
+<H2>CA Certificate Profile</H2>
+
+<p>
+    <table class="details">
+      <tr>
+        <th width=10%>Profile:</th>
+                                                                                
+        <td><select name="profile">
+#foreach ($p in $profiles)
+#if ($p.getID() == $selected_profile_id)
+        <option selected value="$p.getID()">$p.getName()</option>
+#else
+        <option value="$p.getID()">$p.getName()</option>
+#end
+#end
+        </select>
+        </td>
+      </tr>
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit()" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/createsubsystempanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/createsubsystempanel.vm
new file mode 100644
index 000000000..1ddd7a90c
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/createsubsystempanel.vm
@@ -0,0 +1,98 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Subsystem Configuration</h2>
+<p>
+#if ($systemType != "tps")
+This instance can be configured as either a new $systemname subsystem or a clone of an existing $systemname. If the cloning option is chosen, please provide the URL to an existing $systemname instance.
+#else
+This instance can be configured as a new $systemname subsystem.
+#end
+<br/>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+<b><input $check_newsubsystem type=radio name=choice value="newsubsystem">&nbsp;Configure this Instance as a New $systemname Subsystem </b>
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTP URL (unsecure): </th>
+        <td>http://$machineName:$http_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS URL (clientauth): </th>
+        <td>https://$machineName:$https_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS URL (non-clientauth): </th>
+        <td>https://$machineName:$non_clientauth_https_port</td>
+      </tr>
+    </table>
+<p>
+#if ($disableClone)
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled">&nbsp;Clone an Existing $systemname Subsystem </b>
+#else
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem">&nbsp;Clone an Existing $systemname Subsystem </b>
+#end
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+#if ($disableClone)
+        <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname
+ Clone 1)</td>
+#else
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname
+ Clone 1)</td>
+#end
+      </tr>
+      <tr>
+        <th>Subsystem URL: </th>
+#if ($disableClone)
+        <td><select name="urls" disabled="disabled">
+#else
+        <td><select name="urls">
+#end
+           #if ($urls_size != 0) 
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #else
+               <option selected value="none">NONE</option>
+           #end
+        </select>
+        </td>
+      </tr>
+    </table>
+<br/>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/databasepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/databasepanel.vm
new file mode 100644
index 000000000..ce168fd2a
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/databasepanel.vm
@@ -0,0 +1,93 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Please provide information to an existing Fedora Directory Server that can be used as the internal database for this instance. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<p>
+Each instance needs access to a Fedora Directory Server instance to store requests and records. Each PKI instance may create its own associated internal database, or may share an existing internal database. To share an existing internal database instance, a PKI instance would only need to establish a unique distinguished name (DN) using the field entitled <b>Base DN</b> and a unique database name using the field entitled <b>Database</b>. 
+</div>
+<p>
+<i>Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used.</i>
+<br/>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>                                                                            
+
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+        <td><input type="text" size="40" name="host" value="$hostname" /></td>
+      </tr>
+            
+      <tr>
+        <th>Port:</th>
+                                
+        <td><input type="text" size="40" name="port" value="$portStr" />  
+<input type="CHECKBOX" NAME="secureConn" value="true">SSL
+</td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+      <tr>
+        <th>Database:</th>
+
+        <td><input type="text" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+
+        <td><input type="password" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+    </table>
+        <input type="hidden" name="display" value=$displayStr />
+ 
+#if ($firsttime == 'false')
+<input type="CHECKBOX" NAME="removeData">Remove the existing data from the <b>Base DN</b> shown above.<p>
+#end
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/displaycertchain2panel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/displaycertchain2panel.vm
new file mode 100644
index 000000000..3a13b7cd4
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/displaycertchain2panel.vm
@@ -0,0 +1,40 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<p>
+A certificate chain is a list of all certificates chained up to the root.
+<p>
+If the entire certificate chain is displayed below, click the Next button to import it into this subsystem. This certificate chain will then be trusted for this instance.
+<p>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<p>
+<pre>
+$certchain
+</pre>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/displaycertchainpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/displaycertchainpanel.vm
new file mode 100644
index 000000000..f7b9dee90
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/displaycertchainpanel.vm
@@ -0,0 +1,40 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<br/>
+A certificate chain is a list of all certificates chained up to the root.
+<br/>
+If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance.
+<br/>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<br/>
+<pre>
+$certchain
+</pre>
+#if ($errorString != "")
+<img alt="" src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/donepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/donepanel.vm
new file mode 100644
index 000000000..3df605d69
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/donepanel.vm
@@ -0,0 +1,45 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<input type="hidden" name="host" value=$host />
+<input type="hidden" name="port" value=$port />
+<input type="hidden" name="systemType" value=$systemType />
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+As 'root', restart the server on the command line by typing "$restartCommand". After performing this restart, the server should become operational.
+<br/>
+Please go to the <A href="https://$host:$non_clientauth_port">services page</A> to access all of the available interfaces.
+<br/>
+Each Enterprise Security Client (ESC) talks to a TPS config URL for token management functions located at <A href="http://$host:$unsecurePort/cgi-bin/home/index.cgi">http://$host:$unsecurePort/cgi-bin/home/index.cgi</A>.
+<br/>
+<br/>
+To create additional instances, type "/usr/bin/pkicreate" on the command line.
+<br/>
+#if ($systemType != "tps")
+To start the administration console, type "/usr/bin/pkiconsole" on the command line.
+#end
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/drminfopanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/drminfopanel.vm
new file mode 100644
index 000000000..8931bf1c9
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/drminfopanel.vm
@@ -0,0 +1,55 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+A Data Recovery Manager (DRM) is responsible for server-side key generation, archival, and recovery. If server-side key generation is not needed, this step can be skipped.
+<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+<p>
+#end
+<b><input checked type=radio name=choice value="keygen">&nbsp;Connect this instance to the HTTPS Agent URL of a DRM to support server-side key generation.</b>
+<p>
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+    <div align="right">
+      <hr />
+    </div>
+<p>
+<b><input type=radio name=choice value="nokeygen">&nbsp;Configure this instance to NOT support server-side key generation.</b>
+<p>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/footer.vm b/base/tps-client/apache/docroot/tps/admin/console/config/footer.vm
new file mode 100644
index 000000000..a596e45b1
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/footer.vm
@@ -0,0 +1,19 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+  <div id="footer">
+  </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/header.vm b/base/tps-client/apache/docroot/tps/admin/console/config/header.vm
new file mode 100644
index 000000000..e0fe6a962
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/header.vm
@@ -0,0 +1,25 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+    </div>
+</div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/hierarchypanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/hierarchypanel.vm
new file mode 100644
index 000000000..0138188e9
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/hierarchypanel.vm
@@ -0,0 +1,79 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+  setURL();
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>PKI Hierarchy</h2>
+<p>
+This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a>
+<script>
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+
+function setURL() {
+    var cbox = document.forms[0].elements['urls'];
+    if (document.forms[0].choice[0].checked) {
+        cbox.disabled = "disabled";
+    } else {
+        cbox.disabled = "";
+    }
+}
+
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA.
+</div>
+
+<p>
+<b><input $check_root type=radio name=choice value="root" onChange="setURL();">&nbsp;Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="/pki/images/rootca.gif"></b>
+<p>
+<b><input $check_join type=radio name=choice value="join" onChange="setURL();">&nbsp;Make this a subordinate CA of another CA. <img alt="" src="/pki/images/sub.gif"></b>
+
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls.size() > 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+<p>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/importadmincertpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/importadmincertpanel.vm
new file mode 100644
index 000000000..609b4bf4f
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/importadmincertpanel.vm
@@ -0,0 +1,55 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem.
+<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<font color="red">$info</font>
+<p>
+    <p>
+                                                                                
+    <table class="details">
+      <tr>
+#if ($ca == 'true' && $import == 'true')
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#else
+#if ($caType == 'ca' && $import == 'true')
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#else
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#end 
+#end
+<input type="hidden" name="serialNumber" value=$serialNumber />
+<input type="hidden" name="caHost" value=$caHost />
+<input type="hidden" name="caPort" value=$caPort />
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/login.vm b/base/tps-client/apache/docroot/tps/admin/console/config/login.vm
new file mode 100644
index 000000000..73f53afa6
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/login.vm
@@ -0,0 +1,109 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body><div id="wrap">
+  
+#include ( "tps/admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+  -
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+         
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Login</h1>
+
+A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue.
+
+    <p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <p>
+    <form name="f" action="login" method="post">
+                                                                                
+    <table class="details">
+      <tr>
+        <th>PIN:</th>
+        <td><input type=password name="pin"></td>
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+<td align=right>
+<input type=button onclick="javascript: document.f.submit();" name=login value="Login">
+</td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+#include ( "tps/admin/console/config/footer.vm" )
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/modulepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/modulepanel.vm
new file mode 100644
index 000000000..812d7ca6c
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/modulepanel.vm
@@ -0,0 +1,161 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<br/>
+Key pairs for this instance will be generated and stored on a device called a security module.
+<br/>
+A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>.
+<br/>
+<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included.
+<br/>
+Before any security module solution can be used, a user must first always be authenticated to this security module via a token.  To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software.
+<br/>
+Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot.  For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication.
+<br/>
+Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue.
+</div>
+<br/>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+   #if ($token.isLoggedIn())
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+   #end
+  </td>
+  <td>
+	#if (!$token.isLoggedIn())
+<a href="wizard?p=$subpanelno&amp;SecToken=$token.getNickName()">Login</a>
+	#end
+</td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td>
+    #if (!$token.isLoggedIn())
+<a href="wizard?p=$subpanelno&amp;SecToken=$token.getNickName()">Login</a>
+    #end
+  </td>
+</tr>
+#end
+#end
+
+</table>
+
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/namepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/namepanel.vm
new file mode 100644
index 000000000..0ed2d1adb
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/namepanel.vm
@@ -0,0 +1,90 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names.  Each certificate will be stored in the security module using a unique nickname.<a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields.
+<br/>
+</div>
+
+    <p>
+#if ($errorString != "")
+<img alt="" src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#foreach ($item in $certs)
+<H2>$item.getUserFriendlyName()</H2>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>DN:</th>
+        <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getDN()"/></td>
+      </tr>
+      <tr> 
+        <th>Nickname:</th>
+        <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td>
+      </tr>
+    </table>
+<p>
+#end
+<p>
+<hr>
+<p>
+Please select the CA to submit these system certificate requests:
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+                                                                                
+   <div align="right">
+      <hr />
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/securitydomainloginpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/securitydomainloginpanel.vm
new file mode 100644
index 000000000..a8c0c8079
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/securitydomainloginpanel.vm
@@ -0,0 +1,108 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+  </head>
+
+
+<div id="wrap">
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  Security Domain ($name) Login </h1>
+
+    <form name=sdForm action="getCookie" method="post">
+    <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Password:</th>
+                                                                                
+        <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td>
+      </tr>       
+<input type=hidden name=url value="$url">
+
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<div align="right">
+<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> 
+</div>
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/securitydomainpanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/securitydomainpanel.vm
new file mode 100644
index 000000000..adb45cff6
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/securitydomainpanel.vm
@@ -0,0 +1,114 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>$panelname</h2>
+<br/>
+A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<br/>
+This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority.
+<br/>
+If the user is creating a new security domain, this CA Administrator is also
+the security domain Administrator.
+<br/>
+If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator
+requested in the next panel.
+</div>
+#if ($errorString != "")
+<img alt="" src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#if ($cstype == "CA") 
+<b><input $check_newdomain type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTP EE URL (unsecure): </th>
+        <td>http://$machineName:$http_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Agent URL (clientauth): </th>
+        <td>https://$machineName:$https_agent_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS EE URL (non-clientauth): </th>
+        <td>https://$machineName:$https_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td>https://$machineName:$https_admin_port</td>
+      </tr>
+    </table>
+<br/>
+<b><input $check_existingdomain type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#else
+<b><input disabled="disabled" type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+    </table>
+<br/>
+<b><input checked type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#end
+<br/>
+Enter the URL to an existing security domain.
+<br/>
+    <table class="details">
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td>
+      </tr>
+    </table>
+<br/>
+<table>
+<tr>
+<td valign="top"><b>NOTE:&nbsp;&nbsp; </b></td>
+<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$statusCommand" from the command-line.</td>
+</tr>
+</table>
+<br/>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/sidemenu.vm b/base/tps-client/apache/docroot/tps/admin/console/config/sidemenu.vm
new file mode 100644
index 000000000..c3dbf1410
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/sidemenu.vm
@@ -0,0 +1,29 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="sidenav">
+<ul>
+  <li><a href="welcome">Welcome</a></li>
+  <li><a href="database">Internal Database</a></li>
+  <li><a href="module">Security Modules</a></li>
+  <li><a href="size">Key Size</a></li>
+  <li><a href="name">Issuer Name</a></li>
+  <li><a href="hierarchy">PKI Hierarchy</a></li>
+  <li><a href="admin">Administrator</a></li>
+  <li><a href="done">Finish</a></li>
+</ul>
+</div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/sizepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/sizepanel.vm
new file mode 100644
index 000000000..cfcf15190
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/sizepanel.vm
@@ -0,0 +1,303 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<style type="text/css">
+div#advance
+{
+  margin: 0px 20px 0px 20px;
+  display: none;
+}
+div#simple
+{
+  margin: 0px 20px 0px 20px;
+  display: block;
+}
+</style>
+
+<SCRIPT type="text/JavaScript">
+var keys_ecc_curve_list="$keys_ecc_curve_list";
+var keys_ecc_curve_display_list = "$keys_ecc_curve_display_list";
+var keys_rsa_size_display_list = "$keys_rsa_size_display_list";
+
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function toggleLayer(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function toggleLayer1(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else if (style2.display == "") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function keyTypeChange()
+{
+  var form = document.forms[0];
+
+  var keyTypeSelect = document.forms[0].elements['keytype'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_keytype') != -1) {
+      if (keyTypeSelect.value.indexOf('ecc') != -1) {
+        form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+      }
+    }
+  }
+}
+
+function defaultChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function customChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function textChange()
+{
+  var customSize = document.forms[0].elements['custom_size'];
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_custom_size') != -1) {
+      form.elements[name].value = customSize.value;
+    }
+  }
+}
+
+function displayCurveList()
+{
+  var list = keys_ecc_curve_display_list.split(",");
+  var linelen = 0;
+  for (var i=0; i < list.length -1 ; i++) {
+    document.write(list[i] + ",");
+    linelen = linelen + list[i].length;
+    if (linelen >= 60) {
+      document.write("<br/>");
+      linelen=0;
+    }
+  }
+  document.write(list[list.length -1]);
+}
+
+function displayStrengthList()
+{
+  var list = keys_rsa_size_display_list.split(",");
+  var linelen = 0;
+  for (var i=0; i < list.length -1 ; i++) {
+    document.write(list[i] + ",");
+    linelen = linelen + list[i].length;
+    if (linelen >= 60) {
+      document.write("<br/>");
+      linelen=0;
+    }
+  }
+  document.write(list[list.length -1]);
+}
+
+</SCRIPT>
+Select the key pair type(s) and associated key pair size(s) from the pulldown menus. <a href="javascript:toggle_details();">[Details]</a>
+<p>
+Note that only RSA is supported for the audit_signing certificate at this point
+<p>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</SCRIPT>
+<div id=details style="display: none;">
+<p> 
+Each certificate can have its own key pair generated with its own independent settings or common settings can be applied to all key pairs. At minimum, each key pair has to define what <i>type</i> it is by identifying a cipher family and then has to set a <i>strength</i> for that key.
+</p>
+<ul>
+<li>
+<b><i>Key Type</i></b>. Sets the cipher family to use to generate the key pair. RSA and ECC key types have slightly different strength options.
+</li>
+<li>
+<b><i>RSA strength: Key Size</i></b>. Sets the key length for the generated pair. The key length can be one of the lenghs listed below.  Longer keys are stronger, which makes them more secure.
+However, longer key pair sizes also increase the time required to perform operations such as signing certificates, so long keys can affect performance.
+<br/><ul style="list-style:none"><li><i>
+<SCRIPT type="text/JavaScript">
+displayStrengthList();
+</SCRIPT></i></li></ul>
+</li>
+<li>
+<b><i>ECC strength: Curve Name</i></b>. Sets the curve algorithm to use, which can be any one of the curves listed below.  The curves that are included in parenthesis are equivalent - and either name can be used.  Note that not all curves may be supported by the token.
+<br/><ul style="list-style:none"><li><i>
+<SCRIPT type="text/JavaScript">
+displayCurveList();
+</SCRIPT></i></li></ul>
+</li>
+</ul>
+<br/>
+</div>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+<div id="simple">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td>
+</tr>
+</table>
+<p>
+<H2>Common Key Settings</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+        <td><select name="keytype" onChange="keyTypeChange()"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td>
+      </tr>
+</table>
+<p>
+
+<p>
+    <input
+#if ($select == "default")
+ checked
+#end
+ onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize  bits for RSA; curve $default_ecc_curvename  for ECC)</b>.
+    <p>
+    <input
+#if ($select == "custom")
+ checked
+#end
+ onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key strength:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size or Curve (see Details above):</th>
+        <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="" /></td>
+      </tr>
+</table>
+<p>
+</div>
+
+<div id="advance">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td>
+</tr>
+</table>
+
+#foreach ($item in $certs)
+<H2>Key for $item.getUserFriendlyName()</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+#if ($item.getCertTag() == "audit_signing")
+        <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option></select></td>
+#else
+        <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td>
+#end
+      </tr>
+</table>
+<p>
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits for RSA, curve $default_ecc_curvename for ECC).
+    <p>
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key strength:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size or Curve (see Details above):</th>
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_size value="" /></td>
+      </tr>
+</table>
+#end
+</div>
+
+<br/>
+<br/>
+<br/>
+#if ($firsttime == 'false')
+<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p>
+#end
+<p>
+    <div align="right">
+      <hr />
+<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete.  Please wait for the next panel to appear.</i>
+      &nbsp;
+    </div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/tksinfopanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/tksinfopanel.vm
new file mode 100644
index 000000000..1f6ee162f
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/tksinfopanel.vm
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+The Token Key Service (TKS) is responsible for managing master keys that are used for establishing secure channels. Select an HTTPS Agent URL of a TKS from the list below.
+<p>
+#if ($errorString != "")
+<img src="/pki/images/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+    <div align="right">
+      <hr />
+    </div>
+<p>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/topmenu.vm b/base/tps-client/apache/docroot/tps/admin/console/config/topmenu.vm
new file mode 100644
index 000000000..c76b2e8fa
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/topmenu.vm
@@ -0,0 +1,20 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li>
+</ul>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/welcomepanel.vm b/base/tps-client/apache/docroot/tps/admin/console/config/welcomepanel.vm
new file mode 100644
index 000000000..619560dd3
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/welcomepanel.vm
@@ -0,0 +1,57 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<H2>$wizardname</H2>
+The $fullsystemname
+ configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname
+ ($systemname). <a href="javascript:toggle_details();">[Details]</a>
+                                                                                
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates.
+<p>
+Dogtag Certificate System (DCS) $productversion &nbsp;
+is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC).
+<p>
+For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem.
+#if ($systemType != "tps")
+<p>
+Additionally, this wizard may also be used to clone any existing instance to achieve scalability and high-availability.
+#end
+</div>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/wizard.vm b/base/tps-client/apache/docroot/tps/admin/console/config/wizard.vm
new file mode 100644
index 000000000..31d395edf
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/wizard.vm
@@ -0,0 +1,147 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/pki/images/favicon.ico" />
+    <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" />
+
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+function process(fop) {
+    with (document.forms[0]) {
+        op.value = fop;
+        if (fop == 'next') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else if (fop == 'apply') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else {
+            document.getElementById('progress').style.visibility = "visible";
+            submit();
+        }
+    }
+}
+
+</SCRIPT>
+
+  <body><div id="wrap">
+  
+#include ( "tps/admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li>
+</ul>
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+          
+<div id="sidenav">
+<ul>
+#foreach ($pn in $panels)
+#if (!$pn.isSubPanel())
+  #if ($pn.isPanelDone() == "false")
+    <li><center><font color=black size="2">$pn.getName()</font></center></li>
+  #else
+    <li><center><font color=white size="2">$pn.getName()</font></center></li>
+  #end
+#end
+#end
+</ul>
+</div>
+
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="/pki/images/icon-software.gif" />
+  $title </h1>
+
+<form name=f method=post action="wizard">
+<input type=hidden name=p value="$p">
+
+#parse ( $panel )
+
+<input type=hidden name="op" value=''>
+
+</form>
+
+<table width=100% border=0 cellspacing=0 cellpadding=0>
+<tr bgcolor="#eeeeee">
+<td><img id=progress style="visibility: hidden;" src="/pki/images/bigrotation2.gif" /></td>
+<td align=right>
+
+#if ($showApplyButton == "true")
+<input type=button onclick="process('apply')" name=back value="Apply">
+#end
+
+#if ($lastpanel)
+&nbsp;
+#else
+<input type=button onclick="process('next')" name=back value="Next>">
+#end
+
+</td>
+</tr>
+</table>
+
+	</td>
+      </tr>
+    </table>
+
+#include ( "tps/admin/console/config/footer.vm" )
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/config/xml.vm b/base/tps-client/apache/docroot/tps/admin/console/config/xml.vm
new file mode 100644
index 000000000..31ff72aa2
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/config/xml.vm
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<response>
+  $xml 
+</response>
diff --git a/base/tps-client/apache/docroot/tps/admin/console/js/misc.js b/base/tps-client/apache/docroot/tps/admin/console/js/misc.js
new file mode 100644
index 000000000..d4dc336ab
--- /dev/null
+++ b/base/tps-client/apache/docroot/tps/admin/console/js/misc.js
@@ -0,0 +1,30 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * This function is to submit the form's parameters and to decide if the 
+ * window should remain open.
+ *
+ * @param f The form
+ * @param fclose true if you want to close the window; otherwise false.
+ */
+function saveConfig(f, fclose) {
+    f.submit();
+    if (fclose == true)
+        window.close();
+}
diff --git a/base/tps-client/apache/pki_instance_command_wrapper b/base/tps-client/apache/pki_instance_command_wrapper
new file mode 100644
index 000000000..8ecef8075
--- /dev/null
+++ b/base/tps-client/apache/pki_instance_command_wrapper
@@ -0,0 +1,192 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+PRODUCT=[PKI_PRODUCT]
+SUBSYSTEM=[PKI_SUBSYSTEM]
+INSTANCE=[PKI_INSTANCE]
+COMMAND=[PKI_COMMAND]
+
+
+###############################################################################
+##  (2) Define helper functions.                                             ##
+###############################################################################
+
+invalid_operating_system() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' operating system!"
+   	echo
+}
+
+invalid_architecture() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' architecture!"
+   	echo
+}
+
+
+###############################################################################
+##  (3) Set environment variables.                                           ##
+##                                                                           ##
+##      Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+##                                                                           ##
+##      Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin" on 32-bit and 64-bit Linux as well as both         ##
+##             32-bit Solaris and 64-bit Solaris, this directory             ##
+##             will always be excluded from the search path.                 ##
+##                                                                           ##
+##             Additionally, since "/bin" is nothing more than a symbolic    ##
+##             link to "/usr/bin" on Solaris, this directory will also       ##
+##             always be excluded from the search path on this platform.     ##
+##                                                                           ##
+###############################################################################
+
+OS=`uname -s`
+ARCHITECTURE=""
+
+if [ "${OS}" = "Linux" ] ; then
+	ARCHITECTURE=`arch`
+	if [ "${ARCHITECTURE}" = "i686" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}:/bin
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		PATH=/usr/lib64/${PRODUCT}:/bin:${PATH}
+		PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+elif [ "${OS}" = "SunOS" ] ; then
+	ARCHITECTURE=`uname -p`
+	if	[ "${ARCHITECTURE}" = "sparc" ] &&
+		[ -d "/usr/lib/sparcv9/" ] ; then
+		ARCHITECTURE="sparcv9"
+	fi
+	if [ "${ARCHITECTURE}" = "sparc" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/bin/sparcv9
+		PATH=/usr/lib/${PRODUCT}:${PATH}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+else
+	invalid_operating_system "${OS}"
+	exit 255
+fi
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
diff --git a/base/tps-client/apache/pki_subsystem_command_wrapper b/base/tps-client/apache/pki_subsystem_command_wrapper
new file mode 100644
index 000000000..4285b767a
--- /dev/null
+++ b/base/tps-client/apache/pki_subsystem_command_wrapper
@@ -0,0 +1,182 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+ 
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+PRODUCT=[PKI_PRODUCT]
+SUBSYSTEM=[PKI_SUBSYSTEM]
+COMMAND=[PKI_COMMAND]
+
+
+###############################################################################
+##  (2) Define helper functions.                                             ##
+###############################################################################
+
+invalid_operating_system() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' operating system!"
+   	echo
+}
+
+invalid_architecture() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' architecture!"
+   	echo
+}
+
+
+###############################################################################
+##  (3) Set environment variables.                                           ##
+##                                                                           ##
+##      Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+##                                                                           ##
+##      Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin" on 32-bit and 64-bit Linux as well as both         ##
+##             32-bit Solaris and 64-bit Solaris, this directory             ##
+##             will always be excluded from the search path.                 ##
+##                                                                           ##
+##             Additionally, since "/bin" is nothing more than a symbolic    ##
+##             link to "/usr/bin" on Solaris, this directory will also       ##
+##             always be excluded from the search path on this platform.     ##
+##                                                                           ##
+###############################################################################
+
+OS=`uname -s`
+ARCHITECTURE=""
+
+if [ "${OS}" = "Linux" ] ; then
+	ARCHITECTURE=`arch`
+	if [ "${ARCHITECTURE}" = "i686" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}:/bin
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/usr/lib64/${PRODUCT}:/bin:${PATH}
+		PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+elif [ "${OS}" = "SunOS" ] ; then
+	ARCHITECTURE=`uname -p`
+	if	[ "${ARCHITECTURE}" = "sparc" ] &&
+		[ -d "/usr/lib/sparcv9/" ] ; then
+		ARCHITECTURE="sparcv9"
+	fi
+	if [ "${ARCHITECTURE}" = "sparc" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+else
+	invalid_operating_system "${OS}"
+	exit 255
+fi
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
diff --git a/base/tps-client/apache/readme.html b/base/tps-client/apache/readme.html
new file mode 100644
index 000000000..3b741e6ae
--- /dev/null
+++ b/base/tps-client/apache/readme.html
@@ -0,0 +1,1222 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation;
+     version 2.1 of the License.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<body>
+<h1>
+<center><b>
+How to Setup and Configure "mod_tps" and "mod_tokendb" on Apache
+</b></center>
+<hr>
+<h2>Overview</h2>
+<ul>
+<p>This document describes how to install and configure the "mod_tps" and
+"mod_tokendb" modules required by CoolKey.
+</ul>
+<h2>Dependencies</h2>
+<ul>
+<p>"mod_tps" is dependent upon the following components:
+<ul>
+<li>Fedora Certificate System (FCS) 1.0.0 Certificate Authority (CA)
+<li>FCS 1.0.0 Token Key Service (TKS)
+<li>FCS 1.0.0 Data Recovery Manager (DRM) [optional]
+<li>FCS 1.0.0 Token Processing System (TPS)
+<li>Fedora Directory Server (FDS) 1.0 (TPS internaldb instance)
+<li>Apache 2.0.52
+<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude)
+</ul>
+<p>"mod_tokendb" is dependent upon the following components:
+<ul>
+<li>FCS 1.0.0 TPS
+<li>FDS 1.0 TPS internaldb instance
+<li>Apache 2.0.52
+<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude)
+<li>"mod_tps" module installed and available from this Apache 2.0.52 (Fortitude)
+</ul>
+</ul>
+<h2>Supported Platforms</h2>
+<ul>
+<li>Fedora Core 6 (32-bit),
+<li>Fedora Core 6 (64-bit), and
+<li>Solaris 9 (64-bit)
+</ul>
+<h2>Installing and Configuring "mod_tps" and "mod_tokendb"</h2>
+<ol>
+<li>Insure that a pre-installed version 1.0.0 of the FCS common subsystems area
+exists on the desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;)
+<li>Insure that a pre-installed version 1.0.0 of the FCS CA exists on the
+desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_ca_subsystems&gt; and &lt;pki_server_root&gt;/&lt;ca_instance&gt;)
+<li>Insure that a pre-installed version 1.0.0 of the FCS TKS exists on the
+desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tks_subsystems&gt; and &lt;pki_server_root&gt;/&lt;tks_instance&gt;)
+<li>Optionally, insure that a pre-installed version 1.0.0 of the FCS DRM exists
+on the desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_drm_subsystems&gt; and &lt;pki_server_root&gt;/&lt;drm_instance&gt;)
+<li>Insure that a pre-installed version 1.0 of the FDS exists on the desired
+machine running on the desired platform.<br>
+This is needed to create a TPS internaldb instance<br>
+(e. g. - &lt;rhds_server_root&gt;/&lt;tps_internaldb&gt;)
+<li>Insure that a pre-installed threaded version 2.0.52 of the Apache server
+exists on the desired machine running on the desired platform<br>
+(e. g. - &lt;apache_server_root&gt;)
+<li>Insure that this Apache server has "mod_nss" (Fortitude) installed and
+available from its &lt;apache_server_root&gt;
+<li>Download and unpack the entire contents of the TPS package into the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;, the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;, and the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;
+<li>Change directory to &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin
+<li>Execute &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/setup_tps:
+<ol type="a">
+<li>Creates a wrapper script called
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/tpsclient for
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/tpsclient
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/bin directory
+(instance-specific binaries)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/cgi-bin directory
+(user customization)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/docroot directory
+(user customization)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/lib directory
+(instance-specific libraries)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/logs directory
+(instance-specific logs)
+<li>Sets up the CA connector in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+<li>Optionally, sets up the DRM connector in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+<li>Creates a cert8.db in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/cert8.db
+<li>Creates a key3.db in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/key3.db
+<li>Populates the cert8.db and key3.db security databases located in the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config directory with the
+ServerCert
+<li>Populates the TPS internaldb located in the
+&lt;rhds_server_root&gt;/&lt;tps_internaldb&gt; directory by executing the
+LDIF scripts located in the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup directory
+<li>Generates the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/config/httpd.conf
+Apache Configuration file:
+<pre>
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule nss_module         &lt;apache_server_root&gt;/modules/libmodnss.so
+
+#
+# Bring in additional module-specific configurations
+#
+Include &lt;apache_server_root&gt;/conf/nss.conf
+Include &lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/tps.conf
+</pre>
+<li>Generates the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/tps.conf
+Apache TPS Module Configuration file:
+<pre>
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule tps_module         &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tps.so
+LoadModule tokendb_module     &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tokendb.so
+
+&lt;Location /nk_service&gt;
+    SetHandler nk_service
+&lt;/Location&gt;
+                                                                                
+&lt;Location /tus&gt;
+    SetHandler tus
+&lt;/Location&gt;
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot"
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/"
+
+#
+# Bring in additional module-specific configurations
+#
+TPSConfigPathFile &lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+</ol>
+<li>Assume "root" privilege
+<li>Execute &lt;apache_server_root&gt;/bin/apachectl -f 
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/config/httpd.conf
+start
+</ol>
+
+<h2>Inventory of cs-tps-{version} Package</h2>
+<ul>
+<table border=1>
+<tr>
+<th>Packaged File</th>
+<th>Unpackaged File</th>
+</tr>
+<tr>
+<td>applets/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/applets/</td>
+</tr>
+<tr>
+<td>applets/1.3.427BDDB8.ijc</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/applets/1.3.427BDDB8.ijc</td>
+</tr>
+<tr>
+<td>bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/</td>
+</tr>
+<tr>
+<td>bin/setup_tps</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/setup_tps</td>
+</tr>
+<tr>
+<td>bin/setup_tps</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/uninstall_tps</td>
+</tr>
+<tr>
+<td>bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/</td>
+</tr>
+<tr>
+<td>bin/tpsclient</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/tpsclient</td>
+</tr>
+<tr>
+<td>cgi-bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/</td>
+</tr>
+<tr>
+<td>cgi-bin/AdminEsc.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/AdminEsc.html</td>
+</tr>
+<tr>
+<td>cgi-bin/AdvancePopup.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/AdvancePopup.html</td>
+</tr>
+<tr>
+<td>cgi-bin/EnrollPopup.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/EnrollPopup.html</td>
+</tr>
+<tr>
+<td>cgi-bin/SettingsEsc.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/SettingsEsc.html</td>
+</tr>
+<tr>
+<td>cgi-bin/TokenManager.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/TokenManager.html</td>
+</tr>
+<tr>
+<td>cgi-bin/TokenPin.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/TokenPin.html</td>
+</tr>
+<tr>
+<td>cgi-bin/esc.cgi</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/esc.cgi</td>
+</tr>
+<tr>
+<td>cgi-bin/style.css</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/style.css</td>
+</tr>
+<tr>
+<td>config/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/</td>
+</tr>
+<tr>
+<td>config/CS.cfg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/CS.cfg</td>
+</tr>
+<tr>
+<td>config/enroll.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/enroll.test</td>
+</tr>
+<tr>
+<td>config/format.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/format.test</td>
+</tr>
+<tr>
+<td>config/reset_pin.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/reset_pin.test</td>
+</tr>
+<tr>
+<td>docroot/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/</td>
+</tr>
+<tr>
+<td>docroot/GenericAuth.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/GenericAuth.html</td>
+</tr>
+<tr>
+<td>docroot/images/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/</td>
+</tr>
+<tr>
+<td>docroot/images/BannerBackground.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/BannerBackground.gif</td>
+</tr>
+<tr>
+<td>docroot/images/BindSettingsPrototype.jpg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/BindSettingsPrototype.jpg</td>
+</tr>
+<tr>
+<td>docroot/images/CancelButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/CancelButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/CloseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/CloseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ContinueButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ContinueButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/HelpButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/HelpButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKey-Small.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKey-Small.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyInsert.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyInsert.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyLogo.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyLogo.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyPair.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyPair.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyProgress.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyProgress.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyQuestionMark.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyQuestionMark.gif</td>
+</tr>
+<tr>
+<td>docroot/images/OKButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/OKButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/PadLock.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/PadLock.gif</td>
+</tr>
+<tr>
+<td>docroot/images/PurchaseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/PurchaseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ReactivateButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ReactivateButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ReleaseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ReleaseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/SecureButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/SecureButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/SuspendButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/SuspendButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/TryAgainButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/TryAgainButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/bg.jpg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/bg.jpg</td>
+</tr>
+<tr>
+<td>docroot/images/logo.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/logo.gif</td>
+</tr>
+<tr>
+<td>docroot/style.css</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/style.css</td>
+</tr>
+<tr>
+<td>docroot/tus/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/</td>
+</tr>
+<tr>
+<td>docroot/tus/addResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/addResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/delete.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/delete.template</td>
+</tr>
+<tr>
+<td>docroot/tus/deleteResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/deleteResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/doToken.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/doToken.template</td>
+</tr>
+<tr>
+<td>docroot/tus/doTokenConfirm.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/doTokenConfirm.template</td>
+</tr>
+<tr>
+<td>docroot/tus/edit.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/edit.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editAdminResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editAdminResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/error.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/error.template</td>
+</tr>
+<tr>
+<td>docroot/tus/index.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/index.template</td>
+</tr>
+<tr>
+<td>docroot/tus/indexAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/indexAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/new.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/new.template</td>
+</tr>
+<tr>
+<td>docroot/tus/revoke.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/revoke.template</td>
+</tr>
+<tr>
+<td>docroot/tus/search.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/search.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchActivity.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchActivity.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchActivityResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchActivityResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchAdminResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchAdminResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchCertificateResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchCertificateResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/show.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/show.template</td>
+</tr>
+<tr>
+<td>docroot/tus/showAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/showAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/showCert.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/showCert.template</td>
+</tr>
+<tr>
+<td>lib/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/</td>
+</tr>
+<tr>
+<td>lib/libldapauth.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libldapauth.so</td>
+</tr>
+<tr>
+<td>lib/libtokendb.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libtokendb.so</td>
+</tr>
+<tr>
+<td>lib/libtps.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libtps.so</td>
+</tr>
+<tr>
+<td>lib/mod_tokendb.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tokendb.so</td>
+</tr>
+<tr>
+<td>lib/mod_tps.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tps.so</td>
+</tr>
+<tr>
+<td>setup/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/</td>
+</tr>
+<tr>
+<td>setup/addAgents.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addAgents.ldif</td>
+</tr>
+<tr>
+<td>setup/addIndexes.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addIndexes.ldif</td>
+</tr>
+<tr>
+<td>setup/addTokens.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addTokens.ldif</td>
+</tr>
+<tr>
+<td>setup/addVLVIndexes.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addVLVIndexes.ldif</td>
+</tr>
+<tr>
+<td>setup/schemaMods.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/schemaMods.ldif</td>
+</tr>
+</table>
+</ul>
+
+<h2>Inventory of cs-tps-devel-{version} Package</h2>
+<ul>
+<table border=1>
+<tr>
+<th>Packaged File</th>
+<th>Unpackaged File</th>
+</tr>
+<tr>
+<td>include/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/APDU_Response.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Create_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Create_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Delete_File_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/External_Authenticate_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Format_Muscle_Applet_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Generate_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Data_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Status_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Version_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Import_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Import_Key_Enc_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Initialize_Update_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Install_Applet_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Install_Load_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Lifecycle_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/List_Objects_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/List_Pins_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Load_File_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Put_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Read_Buffer_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Read_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Select_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Set_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Unblock_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Write_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/AuthParams.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/Authentication.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/LDAP_Authentication.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/Channel.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/Secure_Channel.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/CertEnroll.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/ConnectionInfo.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/HttpConnection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/engine/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/engine/RA.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/AccessLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Auth.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ByteBuffer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/CERTUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Cache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Connection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ConnectionListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/DebugLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Defines.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ErrorLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Iterator.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/LogRotationTask.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Logger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/NSPRerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddy.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyCache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyService.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCertExtension.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCommonLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfig.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfigManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfigReader.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCrypt.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSDataSourceListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSDataSourceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSGroup.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSGroupCache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSHelper.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPRUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPlugin.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPluginManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServiceListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServiceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSUser.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSWaspLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Pool.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceServer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceServerImpl.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SECerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLServerSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ScheduledTask.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Scheduler.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SecurityHeaders.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerConnection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerHeaderProcessor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Socket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SocketINC.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SocketLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/StringList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/StringUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/TaskList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ThreadPool.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/URLUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/engine.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/http.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/request.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/response.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_pblock.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/AttributeSpec.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/AuthenticationEntry.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Base.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Buffer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/ConfigStore.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Login.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Memory.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/MemoryMgr.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/NameValueSet.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/ObjectSpec.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/PKCS11Obj.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/PublishEntry.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Context.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Session.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/SecureId.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Util.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/AP_Context.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/AP_Session.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_ASQ_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_ASQ_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Begin_Op_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_End_Op_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Extended_Login_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Extended_Login_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Login_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Login_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_New_Pin_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_New_Pin_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_SecureId_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_SecureId_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Status_Update_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Status_Update_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Token_PDU_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Token_PDU_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Enroll_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Format_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Pin_Reset_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Renew_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Unblock_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IConnector.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IPublish_Data.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IPublisher.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/NetkeyPublisher.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/tus/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/tus/tus_db.h</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</ul>
+</body>
+</html>
+