summaryrefslogtreecommitdiffstats
path: root/base/tps/shared
diff options
context:
space:
mode:
authorAde Lee <alee@redhat.com>2013-08-13 12:20:31 -0400
committerAde Lee <alee@redhat.com>2013-08-13 12:20:31 -0400
commite6b7428e5ae6fd6ed139db15b0426c35524d1a11 (patch)
treef046d9bc768ba16244ff2a95e88b37a5b6f755e6 /base/tps/shared
parent74f60e95a9fd5984f81aeda492e157d1c9b6dedd (diff)
downloadpki-e6b7428e5ae6fd6ed139db15b0426c35524d1a11.tar.gz
pki-e6b7428e5ae6fd6ed139db15b0426c35524d1a11.tar.xz
pki-e6b7428e5ae6fd6ed139db15b0426c35524d1a11.zip
Initial code to configure a TPS in tomcat
This code allows pkispawn to configure a tps in tomcat. It does not include any config using the web UI panels.
Diffstat (limited to 'base/tps/shared')
-rw-r--r--base/tps/shared/conf/CS.cfg.in2490
-rw-r--r--base/tps/shared/conf/db.ldif82
-rw-r--r--base/tps/shared/conf/index.ldif269
-rw-r--r--base/tps/shared/conf/schema.ldif537
4 files changed, 1351 insertions, 2027 deletions
diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps/shared/conf/CS.cfg.in
index e972bcb9d..2ea111de9 100644
--- a/base/tps/shared/conf/CS.cfg.in
+++ b/base/tps/shared/conf/CS.cfg.in
@@ -1,184 +1,98 @@
_000=##
_001=## Token Processing System (TPS) Configuration File
_002=##
-pidDir=[PKI_PIDDIR]
-pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
-pkicreate.pki_instance_name=[PKI_INSTANCE_NAME]
-pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
-pkicreate.secure_port=[PKI_SECURE_PORT]
-pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
-pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
-pkicreate.user=[PKI_USER]
-pkicreate.group=[PKI_GROUP]
-pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
-cs.type=TPS
-selftests._000=##
-selftests._001=## Self Tests
-selftests._002=##
-selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the
-selftests._004=## following parameters (where certusage is optional):
-selftests._005=## tps.cert.list = <list of cert tag names deliminated by ",">
-selftests._006=## tps.cert.<cert tag name>.nickname
-selftests._007=## tps.cert.<cert tag name>.certusage
-selftests._008=##
-selftests.container.logger.enable=true
-selftests.container.logger.expirationTime=0
-selftests.container.logger.file.type=RollingLogFile
-selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log
-selftests.container.logger.level=10
-selftests.container.logger.maxFileSize=2000
-selftests.container.logger.rolloverInterval=2592000
-selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical
-selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical
-selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME]
-selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME]
-cs.state=0
+accessEvaluator.impl.group.class=com.netscape.cms.evaluators.GroupAccessEvaluator
+accessEvaluator.impl.ipaddress.class=com.netscape.cms.evaluators.IPAddressAccessEvaluator
+accessEvaluator.impl.user.class=com.netscape.cms.evaluators.UserAccessEvaluator
+applet._000=#########################################
+applet._001=# applet information
+applet._002=# SAF Key:
+applet._003=# applet.aid.cardmgr_instance=A0000001510000
+applet._004=#########################################
+applet.aid.cardmgr_instance=A0000000030000
+applet.aid.netkey_file=627601FF0000
+applet.aid.netkey_instance=627601FF000000
+applet.aid.netkey_old_file=A000000001
+applet.aid.netkey_old_instance=A00000000101
+applet.delete_old=true
+applet.so_pin=000000000000
+auths._000=##
+auths._001=## new authentication
+auths._002=##
+auths.impl._000=##
+auths.impl._001=## authentication manager implementations
+auths.impl._002=##
+auths.impl.AgentCertAuth.class=com.netscape.cms.authentication.AgentCertAuthentication
+auths.impl.CMCAuth.class=com.netscape.cms.authentication.CMCAuth
+auths.impl.NISAuth.class=com.netscape.cms.authentication.NISAuth
+auths.impl.PortalEnroll.class=com.netscape.cms.authentication.PortalEnroll
+auths.impl.SSLclientCertAuth.class=com.netscape.cms.authentication.SSLclientCertAuthentication
+auths.impl.TokenAuth.class=com.netscape.cms.authentication.TokenAuthentication
+auths.impl.UdnPwdDirAuth.class=com.netscape.cms.authentication.UdnPwdDirAuthentication
+auths.impl.UidPwdDirAuth.class=com.netscape.cms.authentication.UidPwdDirAuthentication
+auths.impl.UidPwdPinDirAuth.class=com.netscape.cms.authentication.UidPwdPinDirAuthentication
+auths.instance.AgentCertAuth.agentGroup=Certificate Manager Agents
+auths.instance.AgentCertAuth.pluginName=AgentCertAuth
+auths.instance.TokenAuth.pluginName=TokenAuth
+auths.instance.ldap1.dnpattern=
+auths.instance.ldap1.ldapByteAttributes=
+auths.instance.ldap1.ldapStringAttributes=mail,cn,uid
+auths.instance.ldap1.ldap.basedn=[LDAP_ROOT]
+auths.instance.ldap1.ldap.maxConns=15
+auths.instance.ldap1.ldap.minConns=3
+auths.instance.ldap1.ldap.ldapauth.authtype=BasicAuth
+auths.instance.ldap1.ldap.ldapauth.bindDN=
+auths.instance.ldap1.ldap.ldapauth.bindPWPrompt=ldap1
+auths.instance.ldap1.ldap.ldapauth.clientCertNickname=
+auths.instance.ldap1.ldap.ldapconn.host=[LDAP_HOST]
+auths.instance.ldap1.ldap.ldapconn.port=[LDAP_PORT]
+auths.instance.ldap1.ldap.ldapconn.secureConn=false
+auths.instance.ldap1.ldap.ldapconn.version=3
+auths.instance.ldap1.pluginName=UidPwdDirAuth
+auths.instance.SSLclientCertAuth.pluginName=SSLclientCertAuth
+auths.revocationChecking.bufferSize=50
authType=pwd
-instanceRoot=[PKI_INSTANCE_PATH]
+authz._000=##
+authz._001=## new authorizatioin
+authz._002=##
+authz.evaluateOrder=deny,allow
+authz.impl._000=##
+authz.impl._001=## authorization manager implementations
+authz.impl._002=##
+authz.impl.BasicAclAuthz.class=com.netscape.cms.authorization.BasicAclAuthz
+authz.impl.DirAclAuthz.class=com.netscape.cms.authorization.DirAclAuthz
+authz.instance.BasicAclAuthz.pluginName=BasicAclAuthz
+authz.instance.DirAclAuthz.ldap._000=##
+authz.instance.DirAclAuthz.ldap._001=## Internal Database
+authz.instance.DirAclAuthz.ldap._002=##
+authz.instance.DirAclAuthz.ldap=internaldb
+authz.instance.DirAclAuthz.pluginName=DirAclAuthz
+authz.sourceType=ldap
+channel._000=#########################################
+channel._001=# channel.encryption:
+channel._002=#
+channel._003=# - enable encryption for all operation commands to token
+channel._004=# - default is true
+channel._005=# channel.blocksize=242
+channel._006=# channel.defKeyVersion=0
+channel._007=# channel.defKeyIndex=0
+channel._008=#
+channel._009=# Config the size of memory managed memory in the applet
+channel._010=# Default is 5000, try not go get close to the instanceSize
+channel._011=# which defaults to 18000:
+channel._012=#
+channel._013=# * channel.instanceSize=18000
+channel._014=# * channel.appletMemorySize=5000
+channel._015=#########################################
+channel.encryption=true
+channel.blocksize=248
+channel.defKeyVersion=0
+channel.defKeyIndex=0
+cms.product.version=@APPLICATION_VERSION@
+cms.version=@APPLICATION_VERSION_MAJOR@.@APPLICATION_VERSION_MINOR@
+config.Generals.General.state=Enabled
+config.Generals.General.timestamp=1280283607424406
configurationRoot=/[PKI_SUBSYSTEM_TYPE]/conf/
-machineName=[PKI_HOSTNAME]
-instanceId=[PKI_INSTANCE_NAME]
-service.machineName=[PKI_HOSTNAME]
-service.instanceDir=[PKI_INSTANCE_PATH]
-service.securePort=[PKI_SECURE_PORT]
-service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT]
-service.unsecurePort=[PKI_UNSECURE_PORT]
-service.instanceID=[PKI_INSTANCE_NAME]
-logging._000=#########################################
-logging._001=# RA configuration File
-logging._002=#
-logging._003=# All <...> must be replaced with
-logging._004=# appropriate values.
-logging._005=#########################################
-logging._006=########################################
-logging._007=# logging
-logging._008=#
-logging._009=# logging.debug.enable:
-logging._010=# logging.audit.enable:
-logging._011=# logging.error.enable:
-logging._012=# - enable or disable the corresponding logging
-logging._013=# logging.debug.filename:
-logging._014=# logging.audit.filename:
-logging._015=# logging.error.filename:
-logging._016=# - name of the log file
-logging._017=# logging.debug.level:
-logging._018=# logging.audit.level:
-logging._019=# logging.error.level:
-logging._020=# - level of logging. (0-10)
-logging._021=# 0 - no logging,
-logging._022=# 4 - LL_PER_SERVER these messages will occur only once
-logging._023=# during the entire invocation of the
-logging._024=# server, e. g. at startup or shutdown
-logging._025=# time., reading the conf parameters.
-logging._026=# Perhaps other infrequent events
-logging._027=# relating to failing over of CA, TKS,
-logging._028=# too
-logging._029=# 6 - LL_PER_CONNECTION these messages happen once per
-logging._030=# connection - most of the log events
-logging._031=# will be at this level
-logging._032=# 8 - LL_PER_PDU these messages relate to PDU
-logging._033=# processing. If you have something that
-logging._034=# is done for every PDU, such as
-logging._035=# applying the MAC, it should be logged
-logging._036=# at this level
-logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more
-logging._038=# chatty version of the above
-logging._039=# 10 - all logging
-logging._040=# logging.audit.buffer.size: # in bytes
-logging._041=# logging.audit.flush.interval: # in seconds, 0 disables flush thread
-logging._042=# logging.*.file.type:
-logging._043=# - file type: RollingLogFile or LogFile
-logging._044=# logging.*.rolloverInterval:
-logging._045=# - interval to roll over logs (seconds), 0 to disable rollover
-logging._046=# logging.*.maxFileSize:
-logging._047=# - size at which file rollover occurs, in kB
-logging._048=# logging.*.expirationTime:
-logging._049=# - maximum age of log, older unmodified logs are deleted( in seconds, 0 to disable)
-logging._050=#########################################
-logging.debug.enable=true
-logging.debug.filename=[PKI_INSTANCE_PATH]/logs/tps-debug.log
-logging.debug.level=10
-logging.debug.file.type=RollingLogFile
-logging.debug.maxFileSize=2000
-logging.debug.rolloverInterval=2592000
-logging.debug.expirationTime=0
-logging.audit.enable=true
-logging.audit.filename=[PKI_INSTANCE_PATH]/logs/tps-audit.log
-logging.audit.signedAuditFilename=[PKI_INSTANCE_PATH]/logs/signedAudit/tps_audit
-logging.audit.level=10
-logging.audit.logSigning=false
-logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
-logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
-logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
-logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
-logging.audit.buffer.size=512
-logging.audit.flush.interval=5
-logging.audit.file.type=RollingLogFile
-logging.audit.maxFileSize=2000
-logging.audit.rolloverInterval=2592000
-logging.audit.expirationTime=0
-logging.error.enable=true
-logging.error.filename=[PKI_INSTANCE_PATH]/logs/tps-error.log
-logging.error.level=10
-logging.error.file.type=RollingLogFile
-logging.error.maxFileSize=2000
-logging.error.rolloverInterval=2592000
-logging.error.expirationTime=0
-log._000=##
-log._001=## Logging
-log._002=##
-log.impl.file.class=com.netscape.cms.logging.RollingLogFile
-log.instance.SignedAudit._000=##
-log.instance.SignedAudit._001=## Signed Audit Logging
-log.instance.SignedAudit._002=##
-log.instance.SignedAudit._003=##
-log.instance.SignedAudit._004=## Available Audit events:
-log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
-log.instance.SignedAudit._006=##
-log.instance.SignedAudit.bufferSize=512
-log.instance.SignedAudit.enable=true
-log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
-log.instance.SignedAudit.expirationTime=0
-log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit
-log.instance.SignedAudit.flushInterval=5
-log.instance.SignedAudit.level=1
-log.instance.SignedAudit.logSigning=false
-log.instance.SignedAudit.maxFileSize=2000
-log.instance.SignedAudit.pluginName=file
-log.instance.SignedAudit.rolloverInterval=2592000
-log.instance.SignedAudit.signedAudit:_000=##
-log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed
-log.instance.SignedAudit.signedAudit:_002=##
-log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
-log.instance.SignedAudit.type=signedAudit
-log.instance.System._000=##
-log.instance.System._001=## System Logging
-log.instance.System._002=##
-log.instance.System.bufferSize=512
-log.instance.System.enable=true
-log.instance.System.expirationTime=0
-log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system
-log.instance.System.flushInterval=5
-log.instance.System.level=3
-log.instance.System.maxFileSize=2000
-log.instance.System.pluginName=file
-log.instance.System.rolloverInterval=2592000
-log.instance.System.type=system
-log.instance.Transactions._000=##
-log.instance.Transactions._001=## Transaction Logging
-log.instance.Transactions._002=##
-log.instance.Transactions.bufferSize=512
-log.instance.Transactions.enable=true
-log.instance.Transactions.expirationTime=0
-log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions
-log.instance.Transactions.flushInterval=5
-log.instance.Transactions.level=1
-log.instance.Transactions.maxFileSize=2000
-log.instance.Transactions.pluginName=file
-log.instance.Transactions.rolloverInterval=2592000
-log.instance.Transactions.type=transaction
-logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access
-logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error
conn.ca1._000=#########################################
conn.ca1._001=# CA connection
conn.ca1._002=#
@@ -210,17 +124,51 @@ conn.ca1._027=#
conn.ca1._028=# where
conn.ca1._029=# <n> - CA connection ID
conn.ca1._030=#########################################
-failover.pod.enable=false
-conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT]
conn.ca1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT]
+conn.ca1.keepAlive=true
+conn.ca1.retryConnect=3
conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient
conn.ca1.servlet.revoke=/ca/ee/subsystem/ca/doRevoke
conn.ca1.servlet.unrevoke=/ca/ee/subsystem/ca/doUnrevoke
-conn.ca1.retryConnect=3
-conn.ca1.timeout=100
conn.ca1.SSLOn=true
-conn.ca1.keepAlive=true
+conn.ca1.timeout=100
+conn.drm1._000=#########################################
+conn.drm1._001=# DRM connection
+conn.drm1._002=#
+conn.drm1._003=#conn.drm.totalConns
+conn.drm1._004=# - # of DRM connections
+conn.drm1._005=#conn.drm<n>.hostport
+conn.drm1._006=# - host name and port number of your DRM, the format is host:port
+conn.drm1._007=#conn.drm<n>.clientNickname
+conn.drm1._008=# - nickname of the client certificate for
+conn.drm1._009=# authentication
+conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair
+conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM
+conn.drm1._012=# - must be '/kra/GenerateKeyPair'
+conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery
+conn.drm1._014=# - servlet to handle key recovery
+conn.drm1._015=# - must be '/kra/TokenKeyRecovery'
+conn.drm1._016=#conn.drm<n>.retryConnect=3
+conn.drm1._017=# - number of reconnection attempts on failure
+conn.drm1._018=#conn.drm<n>.SSLOn=true
+conn.drm1._019=# - enable SSL or not
+conn.drm1._020=#conn.drm<n>.keepAlive=false
+conn.drm1._021=# - enable keep alive or not
+conn.drm1._022=#
+conn.drm1._023=# where
+conn.drm1._024=# <n> - DRM connection ID
+conn.drm1._025=#########################################
+conn.drm1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.drm1.hostport=[DRM_HOST]:[DRM_PORT]
+conn.drm1.keepAlive=false
+conn.drm1.retryConnect=3
+conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
+conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
+conn.drm1.SSLOn=true
+conn.drm1.timeout=100
+conn.drm.totalConns=1
conn.tks1._000=#########################################
conn.tks1._001=# TKS connection
conn.tks1._002=#
@@ -250,191 +198,22 @@ conn.tks1._025=# <n> - TKS connection ID
conn.tks1._026=# conn.tks<n>.tksSharedSymKeyName:
conn.tks1._027=# - set shared secret key name
conn.tks1._028=#########################################
-conn.tks1.hostport=[TKS_HOST]:[TKS_PORT]
conn.tks1.clientNickname=[HSM_LABEL][NICKNAME]
-conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey
-conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData
-conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData
-conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData
-conn.tks1.retryConnect=3
-conn.tks1.timeout=100
conn.tks1.generateHostChallenge=true
-conn.tks1.SSLOn=true
+conn.tks1.hostport=[TKS_HOST]:[TKS_PORT]
conn.tks1.keepAlive=false
conn.tks1.keySet=defKeySet
+conn.tks1.retryConnect=3
conn.tks1.serverKeygen=[SERVER_KEYGEN]
+conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData
+conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey
+conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData
+conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData
+conn.tks1.SSLOn=true
+conn.tks1.timeout=100
conn.tks1.tksSharedSymKeyName=sharedSecret
-conn.drm1._000=#########################################
-conn.drm1._001=# DRM connection
-conn.drm1._002=#
-conn.drm1._003=#conn.drm.totalConns
-conn.drm1._004=# - # of DRM connections
-conn.drm1._005=#conn.drm<n>.hostport
-conn.drm1._006=# - host name and port number of your DRM, the format is host:port
-conn.drm1._007=#conn.drm<n>.clientNickname
-conn.drm1._008=# - nickname of the client certificate for
-conn.drm1._009=# authentication
-conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair
-conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM
-conn.drm1._012=# - must be '/kra/GenerateKeyPair'
-conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery
-conn.drm1._014=# - servlet to handle key recovery
-conn.drm1._015=# - must be '/kra/TokenKeyRecovery'
-conn.drm1._016=#conn.drm<n>.retryConnect=3
-conn.drm1._017=# - number of reconnection attempts on failure
-conn.drm1._018=#conn.drm<n>.SSLOn=true
-conn.drm1._019=# - enable SSL or not
-conn.drm1._020=#conn.drm<n>.keepAlive=false
-conn.drm1._021=# - enable keep alive or not
-conn.drm1._022=#
-conn.drm1._023=# where
-conn.drm1._024=# <n> - DRM connection ID
-conn.drm1._025=#########################################
-conn.drm.totalConns=1
-conn.drm1.hostport=[DRM_HOST]:[DRM_PORT]
-conn.drm1.clientNickname=[HSM_LABEL][NICKNAME]
-conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
-conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
-conn.drm1.retryConnect=3
-conn.drm1.timeout=100
-conn.drm1.SSLOn=true
-conn.drm1.keepAlive=false
-auth.instance._000=########################################
-auth.instance._001=# publishing
-auth.instance._002=#
-auth.instance._003=# publisher.instance.<n>.libraryName:
-auth.instance._004=# - name of the library specified with a fully qualified path name
-auth.instance._005=# publisher.instance.<n>.libraryFactory:
-auth.instance._006=# - the name of the function which instantiates the publisher
-auth.instance._007=# publisher.instance.<n>.publisherId:
-auth.instance._008=# - the publisher ID
-auth.instance._009=#
-auth.instance._010=# where
-auth.instance._011=# <n> - publisher connection ID
-auth.instance._012=########################################
-auth.instance._013=#########################################
-auth.instance._014=# authentication
-auth.instance._015=#
-auth.instance._016=# auth.instance.<n>.libraryName:
-auth.instance._017=# - name of the library specified with a fully qualified path name
-auth.instance._018=# auth.instance.<n>.libraryFactory:
-auth.instance._019=# - the name of the function which instantiates the authentication
-auth.instance._020=# auth.instance.<n>.authId
-auth.instance._021=# - the authentication ID
-auth.instance._022=# auth.instance.<n>.hostport
-auth.instance._023=# - parameter specific to the given authentication,
-auth.instance._024=# i. e., LDAPAuthentication (id=ldap1)
-auth.instance._025=# - host name and port number, host:port
-auth.instance._026=# - for failover, provide multiple host:port designations
-auth.instance._027=# separated by " "
-auth.instance._028=# auth.instance.<n>.SSLOn:
-auth.instance._029=# - parameter specific to the given authentication,
-auth.instance._030=# i. e., LDAPAuthentication (id=ldap1)
-auth.instance._031=# - use SSL or not for LDAP service
-auth.instance._032=# auth.instance.<n>.retries:
-auth.instance._033=# - parameter specific to the given authentication,
-auth.instance._034=# i. e., LDAPAuthentication (id=ldap1)
-auth.instance._035=# - number of authentication re-attempts when authentication failed
-auth.instance._036=# auth.instance.<n>.retryConnect:
-auth.instance._037=# - parameter specific to the given authentication,
-auth.instance._038=# i. e., LDAPAuthentication (id=ldap1)
-auth.instance._039=# - number of connection re-attempts when connection failed
-auth.instance._040=#
-auth.instance._041=# where
-auth.instance._042=# <n> - authentication connection ID
-auth.instance._043=#########################################
-auth.instance.0.type=LDAP_Authentication
-auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT]
-auth.instance.0.libraryFactory=GetAuthentication
-auth.instance.0.authId=ldap1
-auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT]
-auth.instance.0.SSLOn=false
-auth.instance.0.retries=1
-auth.instance.0.retryConnect=3
-auth.instance.0.baseDN=[LDAP_ROOT]
-auth.instance.0.ssl=false
-auth.instance.0.attributes._001=##############################################
-auth.instance.0.attributes._002=# attributes will be available
-auth.instance.0.attributes._003=# as $auth.<attribute>$
-auth.instance.0.attributes._004=##############################################
-auth.instance.0.attributes=mail,cn,uid
-auth.instance.0.ui.title.en=LDAP Authentication
-auth.instance.0.ui.description.en=This authenticates user against the LDAP directory.
-auth.instance.0.ui.id.UID.name.en=LDAP User ID
-auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password
-auth.instance.0.ui.id.UID.description.en=LDAP User ID
-auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password
-auth.instance.1.type=LDAP_Authentication
-auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT]
-auth.instance.1.libraryFactory=GetAuthentication
-auth.instance.1.authId=ldap2
-auth.instance.1.bindDN=cn=Directory Manager
-auth.instance.1.bindPWD=[PKI_INSTANCE_PATH]/conf/password.conf
-auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
-auth.instance.1.SSLOn=false
-auth.instance.1.retries=1
-auth.instance.1.retryConnect=3
-auth.instance.1.baseDN=[TOKENDB_ROOT]
-auth.instance.1.ssl=false
-auth.instance.1.attributes._001=##############################################
-auth.instance.1.attributes._002=# attributes will be available
-auth.instance.1.attributes._003=# as $auth.<attribute>$
-auth.instance.1.attributes._004=##############################################
-auth.instance.1.attributes=mail,cn,uid
-auth.instance.1.ui.title.en=LDAP Authentication
-auth.instance.1.ui.description.en=This authenticates user against the LDAP directory.
-auth.instance.1.ui.id.UID.name.en=LDAP User ID
-auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password
-auth.instance.1.ui.id.UID.description.en=LDAP User ID
-auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password
-applet._000=#########################################
-applet._001=# applet information
-applet._002=# SAF Key:
-applet._003=# applet.aid.cardmgr_instance=A0000001510000
-applet._004=#########################################
-applet.aid.cardmgr_instance=A0000000030000
-applet.aid.netkey_instance=627601FF000000
-applet.aid.netkey_file=627601FF0000
-applet.aid.netkey_old_instance=A00000000101
-applet.aid.netkey_old_file=A000000001
-applet.so_pin=000000000000
-applet.delete_old=true
-general.verifyProof=1
-general.applet_ext=ijc
-general.search.sizelimit.max=2000
-general.search.sizelimit.default=100
-general.search.timelimit.max=10
-general.search.timelimit.default=10
-general.pwlength.min=16
-channel._000=#########################################
-channel._001=# channel.encryption:
-channel._002=#
-channel._003=# - enable encryption for all operation commands to token
-channel._004=# - default is true
-channel._005=# channel.blocksize=242
-channel._006=# channel.defKeyVersion=0
-channel._007=# channel.defKeyIndex=0
-channel._008=#########################################
-channel.encryption=true
-channel.blocksize=248
-channel.defKeyVersion=0
-channel.defKeyIndex=0
-# NOTE: Since the following comments will be 'scrubbed' from any TPS
-# instance's configuration file, they will ONLY be viewable in
-# the '/usr/share/pki/tps/conf/CS.cfg' TPS subsystem template!
-#
-# Config the size of memory managed memory in the applet
-# Default is 5000, try not go get close to the instanceSize
-# which defaults to 18000:
-#
-# * channel.instanceSize=18000
-# * channel.appletMemorySize=5000
-#
-preop.pin=[PKI_RANDOM_NUMBER]
-cms.product.version=@APPLICATION_VERSION@
-preop.admin.name=Token Processing Service Manager Administrator
-preop.admin.group=Token Processing Service Manager Agents
-preop.admincert.profile=caAdminCert
+cs.state=0
+cs.type=TPS
dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
debug.append=true
@@ -443,11 +222,20 @@ debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/debug
debug.hashkeytypes=
debug.level=0
debug.showcaller=false
+failover.pod.enable=false
+general.applet_ext=ijc
+general.pwlength.min=16
+general.search.sizelimit.default=100
+general.search.sizelimit.max=2000
+general.search.timelimit.default=10
+general.search.timelimit.max=10
+general.verifyProof=1
+installDate=[INSTALL_TIME]
+instanceId=[PKI_INSTANCE_NAME]
+instanceRoot=[PKI_INSTANCE_PATH]
internaldb._000=##
internaldb._001=## Internal Database
internaldb._002=##
-internaldb.maxConns=15
-internaldb.minConns=3
internaldb.ldapauth.authtype=BasicAuth
internaldb.ldapauth.bindDN=cn=Directory Manager
internaldb.ldapauth.bindPWPrompt=Internal LDAP Database
@@ -455,101 +243,86 @@ internaldb.ldapauth.clientCertNickname=
internaldb.ldapconn.host=
internaldb.ldapconn.port=
internaldb.ldapconn.secureConn=false
-preop.internaldb.schema.ldif=/usr/share/pki/tps/conf/schema.ldif
-preop.internaldb.ldif=/usr/share/pki/tps/conf/database.ldif
-preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif,/usr/share/pki/tps/conf/acl.ldif
-preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif
-preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif
-preop.internaldb.post_ldif=
-preop.internaldb.wait_dn=
-preop.cert._000=#########################################
-preop.cert._001=# Installation configuration "preop" certs parameters
-preop.cert._002=#########################################
-preop.cert.list=sslserver,subsystem,audit_signing
-tps.cert.audit_signing.certusage=ObjectSigner
-tps.cert.sslserver.certusage=SSLServer
-tps.cert.subsystem.certusage=SSLClient
-preop.cert.sslserver.enable=true
-preop.cert.subsystem.enable=true
-preop.cert.audit_signing.enable=false
-preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
-preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME]
-preop.cert.sslserver.keysize.customsize=2048
-preop.cert.sslserver.keysize.size=2048
-preop.cert.sslserver.keysize.select=default
-preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME]
-preop.cert.sslserver.profile=caInternalAuthServerCert
-preop.cert.sslserver.subsystem=tps
-preop.cert._003=#preop.cert.sslserver.type=local
-preop.cert.sslserver.type=remote
-preop.cert.sslserver.userfriendlyname=SSL Server Certificate
-preop.cert._004=#preop.cert.sslserver.cncomponent.override=false
-preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
-preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_NAME]
-preop.cert.subsystem.keysize.customsize=2048
-preop.cert.subsystem.keysize.size=2048
-preop.cert.subsystem.keysize.select=default
-preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
-preop.cert.subsystem.profile=caInternalAuthSubsystemCert
-preop.cert.subsystem.subsystem=tps
-preop.cert._005=#preop.cert.subsystem.type=local
-preop.cert.subsystem.userfriendlyname=Subsystem Certificate
-preop.cert._006=#preop.cert.subsystem.cncomponent.override=true
-preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
-preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_NAME]
-preop.cert.audit_signing.keysize.customsize=2048
-preop.cert.audit_signing.keysize.size=2048
-preop.cert.audit_signing.keysize.select=default
-preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
-preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
-preop.cert.audit_signing.subsystem=tps
-preop.cert._005=#preop.cert.audit_signing.type=local
-preop.cert.audit_signing.userfriendlyname=Audit Log Signing Certificate
-preop.cert._006=#preop.cert.audit_signing.cncomponent.override=true
-preop.configModules._000=#########################################
-preop.configModules._001=# Installation configuration "preop" module parameters
-preop.configModules._002=#########################################
-preop.configModules.count=3
-preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
-preop.configModules.module0.imagePath=/pki/images/clearpixel.gif
-preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
-preop.configModules.module1.commonName=nfast
-preop.configModules.module1.imagePath=/pki/images/clearpixel.gif
-preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
-preop.configModules.module2.commonName=lunasa
-preop.configModules.module2.imagePath=/pki/images/clearpixel.gif
-preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
-preop.module.token=NSS Certificate DB
-preop.keysize._000=#########################################
-preop.keysize._001=# Installation configuration "preop" keysize parameters
-preop.keysize._002=#########################################
-preop.keysize.customsize=2048
-preop.keysize.select=default
-preop.keysize.size=2048
-preop.keysize.ecc.size=256
-preop.adminauth.done=false
-preop.adminpanel.done=false
-preop.agentauth.done=false
-preop.authdb.done=false
-preop.cainfo.done=false
-preop.certprettyprint.done=false
-preop.certrequest.done=false
-preop.confighsmlogin.done=false
-preop.confighsm.done=false
-preop.database.done=false
-preop.displaycertchain2.done=false
-preop.displaycertchain.done=false
-preop.donepanel.done=false
-preop.drminfo.done=false
-preop.importadmincert.done=false
-preop.loginpanel.done=false
-preop.ModulePanel.done=false
-preop.namepanel.done=false
-preop.securitydomain.done=false
-preop.SizePanel.done=false
-preop.subsystemtype.done=false
-preop.tksinfo.done=false
-preop.welcome.done=false
+internaldb.maxConns=15
+internaldb.minConns=3
+internaldb.multipleSuffix.enable=false
+jss._000=##
+jss._001=## JSS
+jss._002=##
+jss.configDir=[PKI_INSTANCE_PATH]/alias/
+jss.enable=true
+jss.ocspcheck.enable=false
+jss.secmodName=secmod.db
+jss.ssl.cipherfortezza=true
+jss.ssl.cipherpref=
+jss.ssl.cipherversion=cipherdomestic
+keys.ecc.curve.default=nistp256
+keys.ecc.curve.display.list=nistp256 (secp256r1),nistp384 (secp384r1),nistp521 (secp521r1),nistk163 (sect163k1),sect163r1,nistb163 (sect163r2),sect193r1,sect193r2,nistk233 (sect233k1),nistb233 (sect233r1),sect239k1,nistk283 (sect283k1),nistb283 (sect283r1),nistk409 (sect409k1),nistb409 (sect409r1),nistk571 (sect571k1),nistb571 (sect571r1),secp160k1,secp160r1,secp160r2,secp192k1,nistp192 (secp192r1, prime192v1),secp224k1,nistp224 (secp224r1),secp256k1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
+keys.ecc.curve.list=nistp256,nistp384,nistp521,sect163k1,nistk163,sect163r1,sect163r2,nistb163,sect193r1,sect193r2,sect233k1,nistk233,sect233r1,nistb233,sect239k1,sect283k1,nistk283,sect283r1,nistb283,sect409k1,nistk409,sect409r1,nistb409,sect571k1,nistk571,sect571r1,nistb571,secp160k1,secp160r1,secp160r2,secp192k1,secp192r1,nistp192,secp224k1,secp224r1,nistp224,secp256k1,secp256r1,secp384r1,secp521r1,prime192v1,prime192v2,prime192v3,prime239v1,prime239v2,prime239v3,c2pnb163v1,c2pnb163v2,c2pnb163v3,c2pnb176v1,c2tnb191v1,c2tnb191v2,c2tnb191v3,c2pnb208w1,c2tnb239v1,c2tnb239v2,c2tnb239v3,c2pnb272w1,c2pnb304w1,c2tnb359w1,c2pnb368w1,c2tnb431r1,secp112r1,secp112r2,secp128r1,secp128r2,sect113r1,sect113r2,sect131r1,sect131r2
+keys.rsa.keysize.default=2048
+log._000=##
+log._001=## Logging
+log._002=##
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/error
+log.impl.file.class=com.netscape.cms.logging.RollingLogFile
+log.instance.SignedAudit._000=##
+log.instance.SignedAudit._001=## Signed Audit Logging
+log.instance.SignedAudit._002=##
+log.instance.SignedAudit._003=##
+log.instance.SignedAudit._004=## Available Audit events:
+log.instance.SignedAudit._005=## AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit._006=##
+log.instance.SignedAudit.bufferSize=512
+log.instance.SignedAudit.enable=true
+log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,LOGGING_SIGNED_AUDIT_SIGNING,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_TOKEN,CONFIG_PROFILE,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
+log.instance.SignedAudit.expirationTime=0
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/signedAudit/tps_cert-tps_audit
+log.instance.SignedAudit.flushInterval=5
+log.instance.SignedAudit.level=1
+log.instance.SignedAudit.logSigning=false
+log.instance.SignedAudit.maxFileSize=2000
+log.instance.SignedAudit.pluginName=file
+log.instance.SignedAudit.rolloverInterval=2592000
+log.instance.SignedAudit.signedAudit:_000=##
+log.instance.SignedAudit.signedAudit:_001=## Fill in the nickname of a trusted signing certificate to allow TPS audit logs to be signed
+log.instance.SignedAudit.signedAudit:_002=##
+log.instance.SignedAudit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+log.instance.SignedAudit.type=signedAudit
+log.instance.System._000=##
+log.instance.System._001=## System Logging
+log.instance.System._002=##
+log.instance.System.bufferSize=512
+log.instance.System.enable=true
+log.instance.System.expirationTime=0
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/system
+log.instance.System.flushInterval=5
+log.instance.System.level=3
+log.instance.System.maxFileSize=2000
+log.instance.System.pluginName=file
+log.instance.System.rolloverInterval=2592000
+log.instance.System.type=system
+log.instance.Transactions._000=##
+log.instance.Transactions._001=## Transaction Logging
+log.instance.Transactions._002=##
+log.instance.Transactions.bufferSize=512
+log.instance.Transactions.enable=true
+log.instance.Transactions.expirationTime=0
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/transactions
+log.instance.Transactions.flushInterval=5
+log.instance.Transactions.level=1
+log.instance.Transactions.maxFileSize=2000
+log.instance.Transactions.pluginName=file
+log.instance.Transactions.rolloverInterval=2592000
+log.instance.Transactions.type=transaction
+machineName=[PKI_HOSTNAME]
+multiroles._000=##
+multiroles._001=## multiroles
+multiroles._002=##
+multiroles.enable=true
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Administrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group,ClonedSubsystems
+multiroles.false.groupEnforceList=Administrators,Auditors,Trusted Managers,Certificate Manager Agents,Registration Manager Agents,Data Recovery Manager Agents,Online Certificate Status Manager Agents,Token Key Service Manager Agents,Enterprise CA Administrators,Enterprise KRA Adminstrators,Enterprise OCSP Administrators,Enterprise RA Administrators,Enterprise TKS Administrators,Enterprise TPS Administrators,Security Domain Administrators,Subsystem Group
+multiroles=true
op.enroll._000=#########################################
op.enroll._001=# Default Operations
op.enroll._002=#
@@ -585,85 +358,311 @@ op.enroll._031=#
op.enroll._032=# Token ATR:
op.enroll._033=# Web Store - 3B759400006202020201
op.enroll._034=#########################################
-op.enroll.mapping.order=0,1,2
-op.enroll.mapping.0.filter.tokenType=userKey
-op.enroll.mapping.0.filter.tokenATR=
-op.enroll.mapping.0.filter.tokenCUID.start=
-op.enroll.mapping.0.filter.tokenCUID.end=
+op.enroll.allowUnknownToken=true
op.enroll.mapping.0.filter.appletMajorVersion=1
op.enroll.mapping.0.filter.appletMinorVersion=
+op.enroll.mapping.0.filter.tokenATR=
+op.enroll.mapping.0.filter.tokenCUID.end=
+op.enroll.mapping.0.filter.tokenCUID.start=
+op.enroll.mapping.0.filter.tokenType=userKey
op.enroll.mapping.0.target.tokenType=userKey
-op.enroll.mapping.1.filter.tokenType=soKey
-op.enroll.mapping.1.filter.tokenATR=
-op.enroll.mapping.1.filter.tokenCUID.start=
-op.enroll.mapping.1.filter.tokenCUID.end=
op.enroll.mapping.1.filter.appletMajorVersion=
op.enroll.mapping.1.filter.appletMinorVersion=
+op.enroll.mapping.1.filter.tokenATR=
+op.enroll.mapping.1.filter.tokenCUID.end=
+op.enroll.mapping.1.filter.tokenCUID.start=
+op.enroll.mapping.1.filter.tokenType=soKey
op.enroll.mapping.1.target.tokenType=soKey
-op.enroll.mapping.2.filter.tokenType=
-op.enroll.mapping.2.filter.tokenATR=
-op.enroll.mapping.2.filter.tokenCUID.start=
-op.enroll.mapping.2.filter.tokenCUID.end=
op.enroll.mapping.2.filter.appletMajorVersion=
op.enroll.mapping.2.filter.appletMinorVersion=
+op.enroll.mapping.2.filter.tokenATR=
+op.enroll.mapping.2.filter.tokenCUID.end=
+op.enroll.mapping.2.filter.tokenCUID.start=
+op.enroll.mapping.2.filter.tokenType=
op.enroll.mapping.2.target.tokenType=userKey
-op.pinReset.mapping.order=0
-op.pinReset.mapping.0.filter.tokenType=
-op.pinReset.mapping.0.filter.tokenATR=
-op.pinReset.mapping.0.filter.tokenCUID.start=
-op.pinReset.mapping.0.filter.tokenCUID.end=
-op.pinReset.mapping.0.filter.appletMajorVersion=
-op.pinReset.mapping.0.filter.appletMinorVersion=
-op.pinReset.mapping.0.target.tokenType=userKey
-op.format.mapping.order=0,1,2,3,4,5,6
-op.format.mapping.0.filter.tokenType=soCleanUserToken
-op.format.mapping.0.filter.tokenATR=
-op.format.mapping.0.filter.tokenCUID.start=
-op.format.mapping.0.filter.tokenCUID.end=
-op.format.mapping.0.filter.appletMajorVersion=
-op.format.mapping.0.filter.appletMinorVersion=
-op.format.mapping.0.target.tokenType=soCleanUserToken
-op.format.mapping.1.filter.tokenType=soUserKey
-op.format.mapping.1.filter.tokenATR=
-op.format.mapping.1.filter.tokenCUID.start=
-op.format.mapping.1.filter.tokenCUID.end=
-op.format.mapping.1.filter.appletMajorVersion=
-op.format.mapping.1.filter.appletMinorVersion=
-op.format.mapping.1.target.tokenType=soUserKey
-op.format.mapping.2.filter.tokenType=soKey
-op.format.mapping.2.filter.tokenATR=
-op.format.mapping.2.filter.tokenCUID.start=
-op.format.mapping.2.filter.tokenCUID.end=
-op.format.mapping.2.filter.appletMajorVersion=
-op.format.mapping.2.filter.appletMinorVersion=
-op.format.mapping.2.target.tokenType=soKey
-op.format.mapping.3.filter.tokenType=userKey
-op.format.mapping.3.filter.tokenATR=
-op.format.mapping.3.filter.tokenCUID.start=
-op.format.mapping.3.filter.tokenCUID.end=
-op.format.mapping.3.filter.appletMajorVersion=
-op.format.mapping.3.filter.appletMinorVersion=
-op.format.mapping.3.target.tokenType=userKey
-op.format.mapping.4.filter.tokenType=soCleanSOToken
-op.format.mapping.4.filter.tokenATR=
-op.format.mapping.4.filter.tokenCUID.start=
-op.format.mapping.4.filter.tokenCUID.end=
-op.format.mapping.4.filter.appletMajorVersion=
-op.format.mapping.4.filter.appletMinorVersion=
-op.format.mapping.5.filter.tokenType=cleanToken
-op.format.mapping.5.filter.tokenATR=
-op.format.mapping.5.filter.tokenCUID.start=
-op.format.mapping.5.filter.tokenCUID.end=
-op.format.mapping.5.filter.appletMajorVersion=
-op.format.mapping.5.filter.appletMinorVersion=
-op.format.mapping.5.target.tokenType=cleanToken
-op.format.mapping.4.target.tokenType=soCleanSOToken
-op.format.mapping.6.filter.tokenATR=
-op.format.mapping.6.filter.tokenCUID.start=
-op.format.mapping.6.filter.tokenCUID.end=
-op.format.mapping.6.filter.appletMajorVersion=
-op.format.mapping.6.filter.appletMinorVersion=
-op.format.mapping.6.target.tokenType=tokenKey
+op.enroll.mapping.order=0,1,2
+op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.soKey.auth.enable=true
+op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.cardmgr_instance=A0000000030000
+op.enroll.soKey.issuerinfo.enable=true
+op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi
+op.enroll.soKey.keyGen.encryption.ca.conn=ca1
+op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
+op.enroll.soKey.keyGen.encryption.certAttrId=c2
+op.enroll.soKey.keyGen.encryption.certId=C2
+op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$
+op.enroll.soKey.keyGen.encryption.keySize=1024
+op.enroll.soKey.keyGen.encryption.keyUsage=0
+op.enroll.soKey.keyGen.encryption.keyUser=0
+op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$
+op.enroll.soKey.keyGen.encryption.overwrite=true
+op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.encryption.privateKeyNumber=4
+op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.soKey.keyGen.encryption.publicKeyNumber=5
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true
+op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
+op.enroll.soKey.keyGen.keyType.num=2
+op.enroll.soKey.keyGen.keyType.value.0=signing
+op.enroll.soKey.keyGen.keyType.value.1=encryption
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
+op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2
+op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.ca.conn=ca1
+op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
+op.enroll.soKey.keyGen.signing.certAttrId=c1
+op.enroll.soKey.keyGen.signing.certId=C1
+op.enroll.soKey.keyGen.signing.cuid_label=$cuid$
+op.enroll.soKey.keyGen.signing.keySize=1024
+op.enroll.soKey.keyGen.signing.keyUsage=0
+op.enroll.soKey.keyGen.signing.keyUser=0
+op.enroll.soKey.keyGen.signing.label=signing key for $userid$
+op.enroll.soKey.keyGen.signing.overwrite=true
+op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.signing.privateKeyNumber=2
+op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.signing.publicKeyNumber=3
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.tokenName=$auth.cn$
+op.enroll.soKey.loginRequest.enable=true
+op.enroll.soKey.pinReset.enable=true
+op.enroll.soKey.pinReset.pin.maxLen=10
+op.enroll.soKey.pinReset.pin.maxRetries=127
+op.enroll.soKey.pinReset.pin.minLen=4
+op.enroll.soKey.pkcs11obj.compress.enable=true
+op.enroll.soKey.pkcs11obj.enable=true
+op.enroll.soKeyTemporary.auth.enable=true
+op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
+op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0
+op.enroll.soKeyTemporary.keyGen.auth.certId=C0
+op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
+op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.auth.keyUser=15
+op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
+op.enroll.soKeyTemporary.keyGen.auth.overwrite=false
+op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0
+op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1
+op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2
+op.enroll.soKeyTemporary.keyGen.encryption.certId=C2
+op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
+op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0
+op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$
+op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true
+op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4
+op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true
+op.enroll.soKeyTemporary.keyGen.keyType.num=3
+op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth
+op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing
+op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1
+op.enroll.soKeyTemporary.keyGen.signing.certId=C1
+op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
+op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.signing.keyUser=0
+op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$
+op.enroll.soKeyTemporary.keyGen.signing.overwrite=true
+op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2
+op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
+op.enroll.soKeyTemporary.loginRequest.enable=true
+op.enroll.soKeyTemporary.pinReset.enable=true
+op.enroll.soKeyTemporary.pinReset.pin.maxLen=10
+op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127
+op.enroll.soKeyTemporary.pinReset.pin.minLen=4
+op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true
+op.enroll.soKeyTemporary.pkcs11obj.enable=true
+op.enroll.soKeyTemporary.tks.conn=tks1
+op.enroll.soKeyTemporary.tks.keySet=defKeyset
+op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary
+op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets
+op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true
+op.enroll.soKeyTemporary.update.applet.enable=true
+op.enroll.soKeyTemporary.update.applet.encryption=true
+op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.soKeyTemporary.update.symmetricKeys.enable=false
+op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1
+op.enroll.soKey.tks.conn=tks1
+op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets
+op.enroll.soKey.update.applet.emptyToken.enable=true
+op.enroll.soKey.update.applet.enable=true
+op.enroll.soKey.update.applet.encryption=true
+op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.soKey.update.symmetricKeys.enable=false
+op.enroll.soKey.update.symmetricKeys.requiredVersion=1
op.enroll.userKey._000=#########################################
op.enroll.userKey._001=# Enrollment Operation For CoolKey
op.enroll.userKey._002=#
@@ -743,8 +742,10 @@ op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary.
op.enroll.userKey._076=# Make sure the profile specified by the profileId to have
op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate.
op.enroll.userKey._078=#
+op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
op.enroll.userKey._079=# The three recovery schemes supported are:
op.enroll.userKey._080=#
+op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher
op.enroll.userKey._081=# * GenerateNewKey - Generate a new
op.enroll.userKey._082=# cert for the
op.enroll.userKey._083=# encryption cert.
@@ -755,289 +756,128 @@ op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND
op.enroll.userKey._088=# recover last for
op.enroll.userKey._089=# encryption cert.
op.enroll.userKey._090=#########################################
-op.enroll.allowUnknownToken=true
-op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
+op.enroll.userKey.auth.enable=true
+op.enroll.userKey.auth.id=ldap1
+op.enroll.userKey.cardmgr_instance=A0000000030000
+op.enroll.userKey.issuerinfo.enable=true
+op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
+op.enroll.userKey.keyGen.encryption.ca.conn=ca1
+op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
+op.enroll.userKey.keyGen.encryption.certAttrId=c2
+op.enroll.userKey.keyGen.encryption.certId=C2
+op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$
+op.enroll.userKey.keyGen.encryption.keySize=1024
+op.enroll.userKey.keyGen.encryption.keyUsage=0
+op.enroll.userKey.keyGen.encryption.keyUser=0
+op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$
+op.enroll.userKey.keyGen.encryption.overwrite=true
+op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.encryption.privateKeyNumber=4
+op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.userKey.keyGen.encryption.publicKeyNumber=5
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true
+op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
+op.enroll.userKey.keyGen.keyType.num=2
+op.enroll.userKey.keyGen.keyType.value.0=signing
+op.enroll.userKey.keyGen.keyType.value.1=encryption
op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2
op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing
op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption
-op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
-op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true
-op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
-op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
-op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
-op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2
op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
-op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
-op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
-op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
-op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
-op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
-op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2
op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing
op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption
-op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
-op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true
-op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
-op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
-op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true
-op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
-op.enroll.userKey.keyGen.tokenName=$auth.cn$
-op.enroll.userKey.keyGen.keyType.num=2
-op.enroll.userKey.keyGen.keyType.value.0=signing
-op.enroll.userKey.keyGen.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.ca.conn=ca1
+op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
+op.enroll.userKey.keyGen.signing.certAttrId=c1
+op.enroll.userKey.keyGen.signing.certId=C1
+op.enroll.userKey.keyGen.signing.cuid_label=$cuid$
op.enroll.userKey.keyGen.signing.keySize=1024
+op.enroll.userKey.keyGen.signing.keyUsage=0
+op.enroll.userKey.keyGen.signing.keyUser=0
+op.enroll.userKey.keyGen.signing.label=signing key for $userid$
+op.enroll.userKey.keyGen.signing.overwrite=true
+op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.signing.privateKeyNumber=2
+op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false
-op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false
-op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true
op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false
-op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true
-op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false
-op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false
-op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true
-op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true
-op.enroll.userKey.keyGen.signing.label=signing key for $userid$
-op.enroll.userKey.keyGen.signing.cuid_label=$cuid$
-op.enroll.userKey.keyGen.signing.overwrite=true
-op.enroll.userKey.keyGen.signing.certId=C1
-op.enroll.userKey.keyGen.signing.certAttrId=c1
-op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2
-op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3
-op.enroll.userKey.keyGen.signing.keyUsage=0
-op.enroll.userKey.keyGen.signing.keyUser=0
-op.enroll.userKey.keyGen.signing.privateKeyNumber=2
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false
op.enroll.userKey.keyGen.signing.publicKeyNumber=3
-op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
-op.enroll.userKey.keyGen.signing.ca.conn=ca1
-op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
-op.enroll.userKey.keyGen.encryption.keySize=1024
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false
-op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true
-op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true
-op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$
-op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$
-op.enroll.userKey.keyGen.encryption.overwrite=true
-op.enroll.userKey.keyGen.encryption.certId=C2
-op.enroll.userKey.keyGen.encryption.certAttrId=c2
-op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4
-op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5
-op.enroll.userKey.keyGen.encryption.keyUsage=0
-op.enroll.userKey.keyGen.encryption.keyUser=0
-op.enroll.userKey.keyGen.encryption.privateKeyNumber=4
-op.enroll.userKey.keyGen.encryption.publicKeyNumber=5
-op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
-op.enroll.userKey.keyGen.encryption.ca.conn=ca1
-op.enroll.userKey.pkcs11obj.enable=true
-op.enroll.userKey.pkcs11obj.compress.enable=true
-op.enroll.userKey.update.applet.emptyToken.enable=true
-op.enroll.userKey.update.applet.enable=true
-op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449
-op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets
-op.enroll.userKey.update.applet.encryption=true
-op.enroll.userKey.update.symmetricKeys.enable=false
-op.enroll.userKey.update.symmetricKeys.requiredVersion=1
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.tokenName=$auth.cn$
op.enroll.userKey.loginRequest.enable=true
op.enroll.userKey.pinReset.enable=true
+op.enroll.userKey.pinReset.pin.maxLen=10
op.enroll.userKey.pinReset.pin.maxRetries=127
op.enroll.userKey.pinReset.pin.minLen=4
-op.enroll.userKey.pinReset.pin.maxLen=10
-op.enroll.userKey.cardmgr_instance=A0000000030000
-op.enroll.userKey.tks.conn=tks1
-op.enroll.userKey.auth.id=ldap1
-op.enroll.userKey.auth.enable=true
-op.enroll.userKey.issuerinfo.enable=true
-op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
-op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2
-op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
-op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
-op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
-op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
-op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
-op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
-op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
-op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
-op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
-op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1
-op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true
-op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true
-op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
-op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true
-op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
-op.enroll.userKeyTemporary.keyGen.keyType.num=3
-op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth
-op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing
-op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption
-op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
-op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
-op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
-op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
-op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$
-op.enroll.userKeyTemporary.keyGen.auth.overwrite=false
-op.enroll.userKeyTemporary.keyGen.auth.certId=C0
-op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0
-op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0
-op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1
-op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0
-op.enroll.userKeyTemporary.keyGen.auth.keyUser=15
-op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0
-op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1
-op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
-op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1
-op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
-op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
-op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
-op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$
-op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$
-op.enroll.userKeyTemporary.keyGen.signing.overwrite=true
-op.enroll.userKeyTemporary.keyGen.signing.certId=C1
-op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1
-op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2
-op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3
-op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0
-op.enroll.userKeyTemporary.keyGen.signing.keyUser=0
-op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2
-op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3
-op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
-op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1
-op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher
-op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
-op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
-op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
-op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$
-op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$
-op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true
-op.enroll.userKeyTemporary.keyGen.encryption.certId=C2
-op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2
-op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
-op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
-op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0
-op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0
-op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4
-op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5
-op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
-op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1
-op.enroll.userKeyTemporary.pkcs11obj.enable=true
-op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true
-op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true
-op.enroll.userKeyTemporary.update.applet.enable=true
-op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
-op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets
-op.enroll.userKeyTemporary.update.applet.encryption=true
-op.enroll.userKeyTemporary.update.symmetricKeys.enable=false
-op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1
-op.enroll.userKeyTemporary.loginRequest.enable=true
-op.enroll.userKeyTemporary.pinReset.enable=true
-op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127
-op.enroll.userKeyTemporary.pinReset.pin.minLen=4
-op.enroll.userKeyTemporary.pinReset.pin.maxLen=10
-op.enroll.userKeyTemporary.tks.conn=tks1
-op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000
-op.enroll.userKeyTemporary.auth.id=ldap1
-op.enroll.userKeyTemporary.auth.enable=true
+op.enroll.userKey.pkcs11obj.compress.enable=true
+op.enroll.userKey.pkcs11obj.enable=true
op.enroll.userKey.renewal._000=#########################################
op.enroll.userKey.renewal._001=# Token Renewal.
op.enroll.userKey.renewal._002=#
@@ -1056,307 +896,348 @@ op.enroll.userKey.renewal._014=# values are for completeness only, server
op.enroll.userKey.renewal._015=# code calculates actual values used.
op.enroll.userKey.renewal._016=#
op.enroll.userKey.renewal._017=#########################################
-op.enroll.userKey.renewal.keyType.num=2
-op.enroll.userKey.renewal.keyType.value.0=signing
-op.enroll.userKey.renewal.keyType.value.1=encryption
-op.enroll.userKey.renewal.signing.enable=true
-op.enroll.userKey.renewal.signing.gracePeriod.enable=false
-op.enroll.userKey.renewal.signing.gracePeriod.before=30
-op.enroll.userKey.renewal.signing.gracePeriod.after=30
-op.enroll.userKey.renewal.signing.certId=C1
-op.enroll.userKey.renewal.encryption.certId=C2
-op.enroll.userKey.renewal.signing.certAttrId=c1
+op.enroll.userKey.renewal.encryption.ca.conn=ca1
+op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal
op.enroll.userKey.renewal.encryption.certAttrId=c2
+op.enroll.userKey.renewal.encryption.certId=C2
op.enroll.userKey.renewal.encryption.enable=true
-op.enroll.userKey.renewal.encryption.gracePeriod.enable=false
-op.enroll.userKey.renewal.encryption.gracePeriod.before=30
op.enroll.userKey.renewal.encryption.gracePeriod.after=30
+op.enroll.userKey.renewal.encryption.gracePeriod.before=30
+op.enroll.userKey.renewal.encryption.gracePeriod.enable=false
+op.enroll.userKey.renewal.keyType.num=2
+op.enroll.userKey.renewal.keyType.value.0=signing
+op.enroll.userKey.renewal.keyType.value.1=encryption
op.enroll.userKey.renewal.signing.ca.conn=ca1
-op.enroll.userKey.renewal.encryption.ca.conn=ca1
op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal
-op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal
-op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary
-op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2
-op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing
-op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption
-op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
-op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true
-op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
-op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
-op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false
-op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
-op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2
-op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
-op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
-op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
-op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
-op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
-op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
-op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
-op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
-op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2
-op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing
-op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption
-op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
-op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true
-op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
-op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
-op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true
-op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
-op.enroll.soKey.keyGen.tokenName=$auth.cn$
-op.enroll.soKey.keyGen.keyType.num=2
-op.enroll.soKey.keyGen.keyType.value.0=signing
-op.enroll.soKey.keyGen.keyType.value.1=encryption
-op.enroll.soKey.keyGen.signing.keySize=1024
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false
-op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true
-op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true
-op.enroll.soKey.keyGen.signing.label=signing key for $userid$
-op.enroll.soKey.keyGen.signing.cuid_label=$cuid$
-op.enroll.soKey.keyGen.signing.overwrite=true
-op.enroll.soKey.keyGen.signing.certId=C1
-op.enroll.soKey.keyGen.signing.certAttrId=c1
-op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2
-op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3
-op.enroll.soKey.keyGen.signing.keyUsage=0
-op.enroll.soKey.keyGen.signing.keyUser=0
-op.enroll.soKey.keyGen.signing.privateKeyNumber=2
-op.enroll.soKey.keyGen.signing.publicKeyNumber=3
-op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
-op.enroll.soKey.keyGen.signing.ca.conn=ca1
-op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
-op.enroll.soKey.keyGen.encryption.keySize=1024
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false
-op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true
-op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true
-op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$
-op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$
-op.enroll.soKey.keyGen.encryption.overwrite=true
-op.enroll.soKey.keyGen.encryption.certId=C2
-op.enroll.soKey.keyGen.encryption.certAttrId=c2
-op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4
-op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5
-op.enroll.soKey.keyGen.encryption.keyUsage=0
-op.enroll.soKey.keyGen.encryption.keyUser=0
-op.enroll.soKey.keyGen.encryption.privateKeyNumber=4
-op.enroll.soKey.keyGen.encryption.publicKeyNumber=5
-op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
-op.enroll.soKey.keyGen.encryption.ca.conn=ca1
-op.enroll.soKey.pkcs11obj.enable=true
-op.enroll.soKey.pkcs11obj.compress.enable=true
-op.enroll.soKey.update.applet.emptyToken.enable=true
-op.enroll.soKey.update.applet.enable=true
-op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449
-op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets
-op.enroll.soKey.update.applet.encryption=true
-op.enroll.soKey.update.symmetricKeys.enable=false
-op.enroll.soKey.update.symmetricKeys.requiredVersion=1
-op.enroll.soKey.loginRequest.enable=true
-op.enroll.soKey.pinReset.enable=true
-op.enroll.soKey.pinReset.pin.maxRetries=127
-op.enroll.soKey.pinReset.pin.minLen=4
-op.enroll.soKey.pinReset.pin.maxLen=10
-op.enroll.soKey.cardmgr_instance=A0000000030000
-op.enroll.soKey.tks.conn=tks1
-op.enroll.soKey.auth.id=ldap2
-op.enroll.soKey.auth.enable=true
-op.enroll.soKey.issuerinfo.enable=true
-op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi
-op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2
-op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
-op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
-op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
-op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
-op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
-op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
-op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
-op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
-op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
-op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1
-op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true
-op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true
-op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
-op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true
-op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
-op.enroll.soKeyTemporary.keyGen.keyType.num=3
-op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth
-op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing
-op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption
-op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
-op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
-op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
-op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
-op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$
-op.enroll.soKeyTemporary.keyGen.auth.overwrite=false
-op.enroll.soKeyTemporary.keyGen.auth.certId=C0
-op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0
-op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0
-op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1
-op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0
-op.enroll.soKeyTemporary.keyGen.auth.keyUser=15
-op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0
-op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1
-op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
-op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
-op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
-op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
-op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
-op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$
-op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$
-op.enroll.soKeyTemporary.keyGen.signing.overwrite=true
-op.enroll.soKeyTemporary.keyGen.signing.certId=C1
-op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1
-op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2
-op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3
-op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0
-op.enroll.soKeyTemporary.keyGen.signing.keyUser=0
-op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2
-op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3
-op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
-op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1
-op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
-op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
-op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
-op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$
-op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$
-op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true
-op.enroll.soKeyTemporary.keyGen.encryption.certId=C2
-op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2
-op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
-op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
-op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0
-op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0
-op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4
-op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5
-op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
-op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1
-op.enroll.soKeyTemporary.pkcs11obj.enable=true
-op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true
-op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true
-op.enroll.soKeyTemporary.update.applet.enable=true
-op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
-op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets
-op.enroll.soKeyTemporary.update.applet.encryption=true
-op.enroll.soKeyTemporary.update.symmetricKeys.enable=false
-op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1
-op.enroll.soKeyTemporary.loginRequest.enable=true
-op.enroll.soKeyTemporary.pinReset.enable=true
-op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127
-op.enroll.soKeyTemporary.pinReset.pin.minLen=4
-op.enroll.soKeyTemporary.pinReset.pin.maxLen=10
-op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
-op.enroll.soKeyTemporary.tks.conn=tks1
-op.enroll.soKeyTemporary.tks.keySet=defKeyset
-op.enroll.soKeyTemporary.auth.id=ldap2
-op.enroll.soKeyTemporary.auth.enable=true
+op.enroll.userKey.renewal.signing.certAttrId=c1
+op.enroll.userKey.renewal.signing.certId=C1
+op.enroll.userKey.renewal.signing.enable=true
+op.enroll.userKey.renewal.signing.gracePeriod.after=30
+op.enroll.userKey.renewal.signing.gracePeriod.before=30
+op.enroll.userKey.renewal.signing.gracePeriod.enable=false
+op.enroll.userKeyTemporary.auth.enable=true
+op.enroll.userKeyTemporary.auth.id=ldap1
+op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000
+op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0
+op.enroll.userKeyTemporary.keyGen.auth.certId=C0
+op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
+op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.auth.keyUser=15
+op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
+op.enroll.userKeyTemporary.keyGen.auth.overwrite=false
+op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0
+op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1
+op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2
+op.enroll.userKeyTemporary.keyGen.encryption.certId=C2
+op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
+op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0
+op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$
+op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true
+op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4
+op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true
+op.enroll.userKeyTemporary.keyGen.keyType.num=3
+op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth
+op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing
+op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1
+op.enroll.userKeyTemporary.keyGen.signing.certId=C1
+op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
+op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.signing.keyUser=0
+op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$
+op.enroll.userKeyTemporary.keyGen.signing.overwrite=true
+op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2
+op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
+op.enroll.userKeyTemporary.loginRequest.enable=true
+op.enroll.userKeyTemporary.pinReset.enable=true
+op.enroll.userKeyTemporary.pinReset.pin.maxLen=10
+op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127
+op.enroll.userKeyTemporary.pinReset.pin.minLen=4
+op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true
+op.enroll.userKeyTemporary.pkcs11obj.enable=true
+op.enroll.userKeyTemporary.tks.conn=tks1
+op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
+op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets
+op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true
+op.enroll.userKeyTemporary.update.applet.enable=true
+op.enroll.userKeyTemporary.update.applet.encryption=true
+op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.userKeyTemporary.update.symmetricKeys.enable=false
+op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1
+op.enroll.userKey.tks.conn=tks1
+op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets
+op.enroll.userKey.update.applet.emptyToken.enable=true
+op.enroll.userKey.update.applet.enable=true
+op.enroll.userKey.update.applet.encryption=true
+op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.userKey.update.symmetricKeys.enable=false
+op.enroll.userKey.update.symmetricKeys.requiredVersion=1
+op.format._000=#########################################
+op.format._001=# Format Operation For tokenKey
+op.format._002=#
+op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false
+op.format._004=# - update applet or not if token is empty
+op.format._005=#
+op.format._006=# - applicable to CoolKey
+op.format._007=# - applicable to HouseKey
+op.format._008=# - applicable to HouseKey with Legacy Applet
+op.format._009=#########################################
+op.format.allowUnknownToken=true
+op.format.cleanToken.auth.enable=false
+op.format.cleanToken.auth.id=ldap1
+op.format.cleanToken.ca.conn=ca1
+op.format.cleanToken.cardmgr_instance=A0000000030000
+op.format.cleanToken.issuerinfo.enable=true
+op.format.cleanToken.issuerinfo.value=
+op.format.cleanToken.loginRequest.enable=true
+op.format.cleanToken.revokeCert=true
+op.format.cleanToken.tks.conn=tks1
+op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
+op.format.cleanToken.update.applet.emptyToken.enable=true
+op.format.cleanToken.update.applet.encryption=true
+op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.cleanToken.update.symmetricKeys.enable=false
+op.format.cleanToken.update.symmetricKeys.requiredVersion=1
+op.format.mapping.0.filter.appletMajorVersion=
+op.format.mapping.0.filter.appletMinorVersion=
+op.format.mapping.0.filter.tokenATR=
+op.format.mapping.0.filter.tokenCUID.end=
+op.format.mapping.0.filter.tokenCUID.start=
+op.format.mapping.0.filter.tokenType=soCleanUserToken
+op.format.mapping.0.target.tokenType=soCleanUserToken
+op.format.mapping.1.filter.appletMajorVersion=
+op.format.mapping.1.filter.appletMinorVersion=
+op.format.mapping.1.filter.tokenATR=
+op.format.mapping.1.filter.tokenCUID.end=
+op.format.mapping.1.filter.tokenCUID.start=
+op.format.mapping.1.filter.tokenType=soUserKey
+op.format.mapping.1.target.tokenType=soUserKey
+op.format.mapping.2.filter.appletMajorVersion=
+op.format.mapping.2.filter.appletMinorVersion=
+op.format.mapping.2.filter.tokenATR=
+op.format.mapping.2.filter.tokenCUID.end=
+op.format.mapping.2.filter.tokenCUID.start=
+op.format.mapping.2.filter.tokenType=soKey
+op.format.mapping.2.target.tokenType=soKey
+op.format.mapping.3.filter.appletMajorVersion=
+op.format.mapping.3.filter.appletMinorVersion=
+op.format.mapping.3.filter.tokenATR=
+op.format.mapping.3.filter.tokenCUID.end=
+op.format.mapping.3.filter.tokenCUID.start=
+op.format.mapping.3.filter.tokenType=userKey
+op.format.mapping.3.target.tokenType=userKey
+op.format.mapping.4.filter.appletMajorVersion=
+op.format.mapping.4.filter.appletMinorVersion=
+op.format.mapping.4.filter.tokenATR=
+op.format.mapping.4.filter.tokenCUID.end=
+op.format.mapping.4.filter.tokenCUID.start=
+op.format.mapping.4.filter.tokenType=soCleanSOToken
+op.format.mapping.4.target.tokenType=soCleanSOToken
+op.format.mapping.5.filter.appletMajorVersion=
+op.format.mapping.5.filter.appletMinorVersion=
+op.format.mapping.5.filter.tokenATR=
+op.format.mapping.5.filter.tokenCUID.end=
+op.format.mapping.5.filter.tokenCUID.start=
+op.format.mapping.5.filter.tokenType=cleanToken
+op.format.mapping.5.target.tokenType=cleanToken
+op.format.mapping.6.filter.appletMajorVersion=
+op.format.mapping.6.filter.appletMinorVersion=
+op.format.mapping.6.filter.tokenATR=
+op.format.mapping.6.filter.tokenCUID.end=
+op.format.mapping.6.filter.tokenCUID.start=
+op.format.mapping.6.target.tokenType=tokenKey
+op.format.mapping.order=0,1,2,3,4,5,6
+op.format.soCleanSOToken.auth.enable=false
+op.format.soCleanSOToken.auth.id=ldap1
+op.format.soCleanSOToken.ca.conn=ca1
+op.format.soCleanSOToken.cardmgr_instance=A0000000030000
+op.format.soCleanSOToken.issuerinfo.enable=true
+op.format.soCleanSOToken.issuerinfo.value=
+op.format.soCleanSOToken.loginRequest.enable=false
+op.format.soCleanSOToken.revokeCert=true
+op.format.soCleanSOToken.tks.conn=tks1
+op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
+op.format.soCleanSOToken.update.applet.emptyToken.enable=true
+op.format.soCleanSOToken.update.applet.encryption=true
+op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.soCleanSOToken.update.symmetricKeys.enable=false
+op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1
+op.format.soCleanUserToken.auth.enable=false
+op.format.soCleanUserToken.auth.id=ldap1
+op.format.soCleanUserToken.ca.conn=ca1
+op.format.soCleanUserToken.cardmgr_instance=A0000000030000
+op.format.soCleanUserToken.issuerinfo.enable=true
+op.format.soCleanUserToken.issuerinfo.value=
+op.format.soCleanUserToken.loginRequest.enable=false
+op.format.soCleanUserToken.revokeCert=true
+op.format.soCleanUserToken.tks.conn=tks1
+op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
+op.format.soCleanUserToken.update.applet.emptyToken.enable=true
+op.format.soCleanUserToken.update.applet.encryption=true
+op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.soCleanUserToken.update.symmetricKeys.enable=false
+op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1
+op.format.soKey.auth.enable=true
+op.format.soKey.auth.id=ldap2
+op.format.soKey.ca.conn=ca1
+op.format.soKey.cardmgr_instance=A0000000030000
+op.format.soKey.issuerinfo.enable=true
+op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi
+op.format.soKey.loginRequest.enable=true
+op.format.soKey.revokeCert=true
+op.format.soKey.tks.conn=tks1
+op.format.soKey.update.applet.directory=[TPS_DIR]/applets
+op.format.soKey.update.applet.emptyToken.enable=true
+op.format.soKey.update.applet.encryption=true
+op.format.soKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.soKey.update.symmetricKeys.enable=false
+op.format.soKey.update.symmetricKeys.requiredVersion=1
+op.format.soUserKey.auth.enable=false
+op.format.soUserKey.auth.id=ldap1
+op.format.soUserKey.ca.conn=ca1
+op.format.soUserKey.cardmgr_instance=A0000000030000
+op.format.soUserKey.issuerinfo.enable=true
+op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
+op.format.soUserKey.loginRequest.enable=false
+op.format.soUserKey.revokeCert=true
+op.format.soUserKey.tks.conn=tks1
+op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
+op.format.soUserKey.update.applet.emptyToken.enable=true
+op.format.soUserKey.update.applet.encryption=true
+op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.soUserKey.update.symmetricKeys.enable=false
+op.format.soUserKey.update.symmetricKeys.requiredVersion=1
+op.format.tokenKey.auth.enable=true
+op.format.tokenKey.auth.id=ldap1
+op.format.tokenKey.ca.conn=ca1
+op.format.tokenKey.cardmgr_instance=A0000000030000
+op.format.tokenKey.issuerinfo.enable=true
+op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
+op.format.tokenKey.loginRequest.enable=true
+op.format.tokenKey.revokeCert=true
+op.format.tokenKey.tks.conn=tks1
+op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
+op.format.tokenKey.update.applet.emptyToken.enable=true
+op.format.tokenKey.update.applet.encryption=true
+op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.tokenKey.update.symmetricKeys.enable=false
+op.format.tokenKey.update.symmetricKeys.requiredVersion=1
+op.format.userKey.auth.enable=true
+op.format.userKey.auth.id=ldap1
+op.format.userKey.ca.conn=ca1
+op.format.userKey.cardmgr_instance=A0000000030000
+op.format.userKey.issuerinfo.enable=true
+op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
+op.format.userKey.loginRequest.enable=true
+op.format.userKey.revokeCert=true
+op.format.userKey.tks.conn=tks1
+op.format.userKey.update.applet.directory=[TPS_DIR]/applets
+op.format.userKey.update.applet.emptyToken.enable=true
+op.format.userKey.update.applet.encryption=true
+op.format.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.userKey.update.symmetricKeys.enable=false
+op.format.userKey.update.symmetricKeys.requiredVersion=1
op.pinReset._000=#########################################
op.pinReset._001=# Certificate Chain Imports
op.pinReset._002=#
@@ -1376,141 +1257,194 @@ op.pinReset._015=#
op.pinReset._016=# - N/A for HouseKey
op.pinReset._017=# - N/A for HouseKey with Legacy Applet
op.pinReset._018=#########################################
+op.pinReset.mapping.0.filter.appletMajorVersion=
+op.pinReset.mapping.0.filter.appletMinorVersion=
+op.pinReset.mapping.0.filter.tokenATR=
+op.pinReset.mapping.0.filter.tokenCUID.end=
+op.pinReset.mapping.0.filter.tokenCUID.start=
+op.pinReset.mapping.0.filter.tokenType=
+op.pinReset.mapping.0.target.tokenType=userKey
+op.pinReset.mapping.order=0
+op.pinReset.userKey.auth.enable=true
+op.pinReset.userKey.auth.id=ldap1
+op.pinReset.userKey.cardmgr_instance=A0000000030000
+op.pinReset.userKey.loginRequest.enable=true
+op.pinReset.userKey.pinReset.pin.maxLen=10
+op.pinReset.userKey.pinReset.pin.minLen=4
+op.pinReset.userKey.tks.conn=tks1
+op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets
op.pinReset.userKey.update.applet.emptyToken.enable=true
op.pinReset.userKey.update.applet.enable=false
-op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449
-op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets
op.pinReset.userKey.update.applet.encryption=true
+op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449
op.pinReset.userKey.update.symmetricKeys.enable=false
op.pinReset.userKey.update.symmetricKeys.requiredVersion=1
-op.pinReset.userKey.loginRequest.enable=true
-op.pinReset.userKey.pinReset.pin.minLen=4
-op.pinReset.userKey.pinReset.pin.maxLen=10
-op.pinReset.userKey.tks.conn=tks1
-op.pinReset.userKey.cardmgr_instance=A0000000030000
-op.pinReset.userKey.auth.id=ldap1
-op.pinReset.userKey.auth.enable=true
-op.format._000=#########################################
-op.format._001=# Format Operation For tokenKey
-op.format._002=#
-op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false
-op.format._004=# - update applet or not if token is empty
-op.format._005=#
-op.format._006=# - applicable to CoolKey
-op.format._007=# - applicable to HouseKey
-op.format._008=# - applicable to HouseKey with Legacy Applet
-op.format._009=#########################################
-op.format.allowUnknownToken=true
-op.format.soCleanUserToken.update.applet.emptyToken.enable=true
-op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449
-op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
-op.format.soCleanUserToken.update.applet.encryption=true
-op.format.soCleanUserToken.update.symmetricKeys.enable=false
-op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1
-op.format.soCleanUserToken.revokeCert=true
-op.format.soCleanUserToken.ca.conn=ca1
-op.format.soCleanUserToken.loginRequest.enable=false
-op.format.soCleanUserToken.cardmgr_instance=A0000000030000
-op.format.soCleanUserToken.tks.conn=tks1
-op.format.soCleanUserToken.auth.id=ldap1
-op.format.soCleanUserToken.auth.enable=false
-op.format.soCleanUserToken.issuerinfo.enable=true
-op.format.soCleanUserToken.issuerinfo.value=
-op.format.soCleanSOToken.update.applet.emptyToken.enable=true
-op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449
-op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
-op.format.soCleanSOToken.update.applet.encryption=true
-op.format.soCleanSOToken.update.symmetricKeys.enable=false
-op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1
-op.format.soCleanSOToken.revokeCert=true
-op.format.soCleanSOToken.ca.conn=ca1
-op.format.soCleanSOToken.loginRequest.enable=false
-op.format.soCleanSOToken.cardmgr_instance=A0000000030000
-op.format.soCleanSOToken.tks.conn=tks1
-op.format.soCleanSOToken.auth.id=ldap1
-op.format.soCleanSOToken.auth.enable=false
-op.format.soCleanSOToken.issuerinfo.enable=true
-op.format.soCleanSOToken.issuerinfo.value=
-op.format.cleanToken.update.applet.emptyToken.enable=true
-op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449
-op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
-op.format.cleanToken.update.applet.encryption=true
-op.format.cleanToken.update.symmetricKeys.enable=false
-op.format.cleanToken.update.symmetricKeys.requiredVersion=1
-op.format.cleanToken.revokeCert=true
-op.format.cleanToken.ca.conn=ca1
-op.format.cleanToken.loginRequest.enable=true
-op.format.cleanToken.cardmgr_instance=A0000000030000
-op.format.cleanToken.tks.conn=tks1
-op.format.cleanToken.auth.id=ldap1
-op.format.cleanToken.auth.enable=false
-op.format.cleanToken.issuerinfo.enable=true
-op.format.cleanToken.issuerinfo.value=
-op.format.soUserKey.update.applet.emptyToken.enable=true
-op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449
-op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
-op.format.soUserKey.update.applet.encryption=true
-op.format.soUserKey.update.symmetricKeys.enable=false
-op.format.soUserKey.update.symmetricKeys.requiredVersion=1
-op.format.soUserKey.revokeCert=true
-op.format.soUserKey.ca.conn=ca1
-op.format.soUserKey.loginRequest.enable=false
-op.format.soUserKey.cardmgr_instance=A0000000030000
-op.format.soUserKey.tks.conn=tks1
-op.format.soUserKey.auth.id=ldap1
-op.format.soUserKey.auth.enable=false
-op.format.soUserKey.issuerinfo.enable=true
-op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
-op.format.soKey.update.applet.emptyToken.enable=true
-op.format.soKey.update.applet.requiredVersion=1.4.4d40a449
-op.format.soKey.update.applet.directory=[TPS_DIR]/applets
-op.format.soKey.update.applet.encryption=true
-op.format.soKey.update.symmetricKeys.enable=false
-op.format.soKey.update.symmetricKeys.requiredVersion=1
-op.format.soKey.revokeCert=true
-op.format.soKey.ca.conn=ca1
-op.format.soKey.loginRequest.enable=true
-op.format.soKey.cardmgr_instance=A0000000030000
-op.format.soKey.tks.conn=tks1
-op.format.soKey.auth.id=ldap2
-op.format.soKey.auth.enable=true
-op.format.soKey.issuerinfo.enable=true
-op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi
-op.format.userKey.update.applet.emptyToken.enable=true
-op.format.userKey.update.applet.requiredVersion=1.4.4d40a449
-op.format.userKey.update.applet.directory=[TPS_DIR]/applets
-op.format.userKey.update.applet.encryption=true
-op.format.userKey.update.symmetricKeys.enable=false
-op.format.userKey.update.symmetricKeys.requiredVersion=1
-op.format.userKey.revokeCert=true
-op.format.userKey.ca.conn=ca1
-op.format.userKey.loginRequest.enable=true
-op.format.userKey.cardmgr_instance=A0000000030000
-op.format.userKey.tks.conn=tks1
-op.format.userKey.auth.id=ldap1
-op.format.userKey.auth.enable=true
-op.format.userKey.issuerinfo.enable=true
-op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
-op.format.tokenKey.update.applet.emptyToken.enable=true
-op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449
-op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
-op.format.tokenKey.update.applet.encryption=true
-op.format.tokenKey.update.symmetricKeys.enable=false
-op.format.tokenKey.update.symmetricKeys.requiredVersion=1
-op.format.tokenKey.revokeCert=true
-op.format.tokenKey.ca.conn=ca1
-op.format.tokenKey.loginRequest.enable=true
-op.format.tokenKey.cardmgr_instance=A0000000030000
-op.format.tokenKey.tks.conn=tks1
-op.format.tokenKey.auth.id=ldap1
-op.format.tokenKey.auth.enable=true
-op.format.tokenKey.issuerinfo.enable=true
-op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi
-passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
+os.serverName=cert-[PKI_INSTANCE_NAME]
+os.userid=nobody
passwordClass=com.netscape.cmsutil.password.PlainPasswordFile
+passwordFile=[PKI_INSTANCE_PATH]/conf/password.conf
+pidDir=[PKI_PIDDIR]
+pkicreate.admin_secure_port=[PKI_ADMIN_SECURE_PORT]
+pkicreate.agent_secure_port=[PKI_AGENT_SECURE_PORT]
+pkicreate.ee_secure_port=[PKI_EE_SECURE_PORT]
+pkicreate.group=[PKI_GROUP]
+pkicreate.pki_instance_name=[PKI_INSTANCE_NAME]
+pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
+pkicreate.secure_port=[PKI_SECURE_PORT]
+pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
+pkicreate.systemd.servicename=[PKI_SYSTEMD_SERVICENAME]
+pkicreate.tomcat_server_port=[TOMCAT_SERVER_PORT]
+pkicreate.unsecure_port=[PKI_UNSECURE_PORT]
+pkicreate.user=[PKI_USER]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.admincert.profile=caAdminCert
+preop.admin.group=TUS Agents,TUS Operators,TUS Administrators,TUS Officers
+preop.admin.name=Token Processing Service Manager Administrator
+preop.cert.admin.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.admin.dn=uid=admin,cn=admin
+preop.cert.admin.keysize.custom_size=2048
+preop.cert.admin.keysize.size=2048
+preop.cert.admin.profile=adminCert.profile
+preop.cert.audit_signing.cncomponent.override=true
+preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate
+preop.cert.audit_signing.enable=true
+preop.cert.audit_signing.keysize.custom_size=2048
+preop.cert.audit_signing.keysize.size=2048
+preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME]
+preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
+preop.cert.audit_signing.signing.required=false
+preop.cert.audit_signing.subsystem=tps
+preop.cert.audit_signing.type=remote
+preop.cert.audit_signing.userfriendlyname=TPS Audit Signing Certificate
+preop.cert.list=sslserver,subsystem,audit_signing
+preop.cert.rsalist=audit_signing
+preop.cert.sslserver.cncomponent.override=false
+preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.sslserver.dn=CN=[PKI_HOSTNAME]
+preop.cert.sslserver.enable=true
+preop.cert.sslserver.keysize.custom_size=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.nickname=[PKI_SSL_SERVER_NICKNAME]
+preop.cert.sslserver.profile=caInternalAuthServerCert
+preop.cert.sslserver.signing.required=false
+preop.cert.sslserver.subsystem=tps
+preop.cert.sslserver.type=remote
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert.subsystem.cncomponent.override=true
+preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.subsystem.dn=CN=TPS Subsystem Certificate
+preop.cert.subsystem.enable=true
+preop.cert.subsystem.keysize.custom_size=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME]
+preop.cert.subsystem.profile=caInternalAuthSubsystemCert
+preop.cert.subsystem.signing.required=false
+preop.cert.subsystem.subsystem=tps
+preop.cert.subsystem.type=remote
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.configModules.count=3
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=/pki/images/clearpixel.gif
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=/pki/images/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=/pki/images/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.hierarchy.profile=caCert.profile
+preop.internaldb.data_ldif=/usr/share/pki/tps/conf/db.ldif
+preop.internaldb.index_ldif=/usr/share/pki/tps/conf/index.ldif
+preop.internaldb.ldif=/usr/share/pki/tps/conf/database.ldif
+preop.internaldb.manager_ldif=/usr/share/pki/ca/conf/manager.ldif
+preop.internaldb.post_ldif=
+preop.internaldb.schema.ldif=/usr/share/pki/tps/conf/schema.ldif
+preop.internaldb.wait_dn=
+preop.module.token=Internal Key Storage Token
+preop.pin=[PKI_RANDOM_NUMBER]
+preop.product.name=CS
+preop.securitydomain.admin_url=https://[PKI_HOSTNAME]:8443
+preop.system.fullname=Token Key Service
+preop.system.name=TPS
+preop.wizard.name=TPS Setup Wizard
+proxy.securePort=[PKI_PROXY_SECURE_PORT]
+proxy.unsecurePort=[PKI_PROXY_UNSECURE_PORT]
registry.file=[PKI_INSTANCE_PATH]/conf/registry.cfg
+selftests._000=##
+selftests._001=## Self Tests
+selftests._002=##
+selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## tps.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## tps.cert.<cert tag name>.nickname
+selftests._007=## tps.cert.<cert tag name>.certusage
+selftests._008=##
+selftests.container.instance.SystemCertsVerification=com.netscape.cms.selftests.common.SystemCertsVerification
+selftests.container.logger.bufferSize=512
+selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
+selftests.container.logger.enable=true
+selftests.container.logger.expirationTime=0
+selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_TYPE]/selftests.log
+selftests.container.logger.flushInterval=5
+selftests.container.logger.level=1
+selftests.container.logger.maxFileSize=2000
+selftests.container.logger.register=false
+selftests.container.logger.rolloverInterval=2592000
+selftests.container.logger.type=transaction
+selftests.container.order.onDemand=SystemCertsVerification:critical
+selftests.container.order.startup=SystemCertsVerification:critical
+selftests.plugin.SystemCertsVerification.SubId=tps
+service.instanceDir=[PKI_INSTANCE_ROOT]
+service.instanceID=[PKI_INSTANCE_NAME]
+service.machineName=[PKI_HOSTNAME]
+service.non_clientauth_securePort=[PKI_EE_SECURE_PORT]
+service.securePort=[PKI_AGENT_SECURE_PORT]
+service.unsecurePort=[PKI_UNSECURE_PORT]
+smtp.host=localhost
+smtp.port=25
subsystem.0.class=org.dogtagpki.tps.server.TPSSubsystem
subsystem.0.id=tps
+subsystem.1.class=com.netscape.cmscore.selftests.SelfTestSubsystem
+subsystem.1.id=selftests
+subsystem.2.class=com.netscape.cmscore.util.StatsSubsystem
+subsystem.2.id=stats
+target._000=#########################################
+target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs
+target._002=#
+target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin.
+target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab.
+target._005=#
+target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list
+target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement
+target._008=# (enable/ disable) to be edited.
+target._009=#
+target._010=# For the wording to display correctly, the values in the above list should be plurals.
+target._011=#
+target._012=# Each parameter set in the lists above requires three parameters:
+target._013=# target.<type name>.list : list of choices of this parameter set type (will display in the drop down box)
+target._014=# target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set.
+target._015=# target.<type_name>.displayname: used in the UI display text. This should be the singular form of <type_name>.
+target._016=#
+target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined.
+target._018=#
+target._019=########################################
+target.agent_approve.list=Profiles
+target.Authentication_Sources.displayname=Authentication Source
+target.Authentication_Sources.list=0,1
+target.Authentication_Sources.pattern=auth\.instance\.$name\..*
+target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources
+target.Generals.displayname=General
+target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..*
+target.Profile_Mappings.displayname=Profile Mapping
+target.Profile_Mappings.list=enroll,format,pinReset
+target.Profile_Mappings.pattern=op\.$name\.mapping\..*
+target.Profiles.displayname=Profile
+target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey
+target.Profiles.pattern=op\..*\.$name\..*
+target.Subsystem_Connections.displayname=Subsystem Connection
+target.Subsystem_Connections.list=ca1,drm1,tks1
+target.Subsystem_Connections.pattern=conn\.$name\..*
tokendb._000=#########################################
tokendb._001=# tokendb.auditLog:
tokendb._002=# - audit log path
@@ -1587,100 +1521,59 @@ tokendb._072=# TOKEN_FOUND =4,
tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5,
tokendb._074=# TOKEN_TERMINATED = 6
tokendb._075=#########################################
+tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT]
+tokendb.addConfigTemplate=addConfig.template
+tokendb.addResultTemplate=addResults.template
+tokendb.agentSelectConfigTemplate=agentSelectConfig.template
+tokendb.agentViewConfigTemplate=agentViewConfig.template
+tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6
+tokendb.auditAdminTemplate=auditAdmin.template
tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log
-tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
-tokendb.ssl=false
+tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT]
tokendb.bindDN=cn=Directory Manager
tokendb.bindPassPath=[PKI_INSTANCE_PATH]/conf/password.conf
-tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus
-tokendb.userBaseDN=[TOKENDB_ROOT]
-tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT]
-tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT]
tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT]
-tokendb.indexTemplate=index.template
-tokendb.indexAdminTemplate=indexAdmin.template
-tokendb.newTemplate=new.template
-tokendb.showTemplate=show.template
-tokendb.showCertTemplate=showCert.template
-tokendb.errorTemplate=error.template
-tokendb.searchTemplate=search.template
-tokendb.searchResultTemplate=searchResults.template
-tokendb.searchCertificateResultTemplate=searchCertificateResults.template
-tokendb.editTemplate=edit.template
-tokendb.editResultTemplate=editResults.template
-tokendb.addResultTemplate=addResults.template
-tokendb.deleteTemplate=delete.template
+tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template
+tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template
+tokendb.defaultPolicy=RE_ENROLL=YES
tokendb.deleteResultTemplate=deleteResults.template
-tokendb.searchActivityTemplate=searchActivity.template
-tokendb.searchCertificateTemplate=searchCertificate.template
-tokendb.searchActivityResultTemplate=searchActivityResults.template
-tokendb.searchActivityAdminTemplate=searchActivityAdmin.template
-tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template
-tokendb.showAdminTemplate=showAdmin.template
-tokendb.doTokenTemplate=doToken.template
+tokendb.deleteTemplate=delete.template
tokendb.doTokenConfirmTemplate=doTokenConfirm.template
+tokendb.doTokenTemplate=doToken.template
+tokendb.editConfigTemplate=editConfig.template
+tokendb.editResultTemplate=editResults.template
+tokendb.editTemplate=edit.template
+tokendb.editUserTemplate=editUser.template
+tokendb.errorTemplate=error.template
+tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
+tokendb.indexAdminTemplate=indexAdmin.template
+tokendb.indexOperatorTemplate=indexOperator.template
+tokendb.indexTemplate=index.template
+tokendb.newTemplate=new.template
+tokendb.newUserTemplate=newUser.template
tokendb.revokeTemplate=revoke.template
-tokendb.searchAdminTemplate=searchAdmin.template
+tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template
+tokendb.searchActivityAdminTemplate=searchActivityAdmin.template
+tokendb.searchActivityResultTemplate=searchActivityResults.template
+tokendb.searchActivityTemplate=searchActivity.template
tokendb.searchAdminResultTemplate=searchAdminResults.template
-tokendb.defaultPolicy=RE_ENROLL=YES
-tokendb.newUserTemplate=newUser.template
-tokendb.userDeleteTemplate=userDelete.template
+tokendb.searchAdminTemplate=searchAdmin.template
+tokendb.searchCertificateResultTemplate=searchCertificateResults.template
+tokendb.searchCertificateTemplate=searchCertificate.template
+tokendb.searchResultTemplate=searchResults.template
+tokendb.searchTemplate=search.template
tokendb.searchUserResultTemplate=searchUserResults.template
tokendb.searchUserTemplate=searchUser.template
-tokendb.editUserTemplate=editUser.template
-tokendb.indexOperatorTemplate=indexOperator.template
-tokendb.selfTestTemplate=selfTest.template
-tokendb.selfTestResultsTemplate=selfTestResults.template
-tokendb.auditAdminTemplate=auditAdmin.template
tokendb.selectConfigTemplate=selectConfig.template
-tokendb.agentSelectConfigTemplate=agentSelectConfig.template
-tokendb.editConfigTemplate=editConfig.template
-tokendb.agentViewConfigTemplate=agentViewConfig.template
-tokendb.addConfigTemplate=addConfig.template
-tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template
-tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template
-log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
-log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
-log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST
-tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6
-target._000=#########################################
-target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs
-target._002=#
-target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin.
-target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab.
-target._005=#
-target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list
-target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement
-target._008=# (enable/ disable) to be edited.
-target._009=#
-target._010=# For the wording to display correctly, the values in the above list should be plurals.
-target._011=#
-target._012=# Each parameter set in the lists above requires three parameters:
-target._013=# target.<type name>.list : list of choices of this parameter set type (will display in the drop down box)
-target._014=# target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set.
-target._015=# target.<type_name>.displayname: used in the UI display text. This should be the singular form of <type_name>.
-target._016=#
-target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined.
-target._018=#
-target._019=########################################
-target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources
-target.agent_approve.list=Profiles
-target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey
-target.Profiles.pattern=op\..*\.$name\..*
-target.Profiles.displayname=Profile
-target.Subsystem_Connections.list=ca1,drm1,tks1
-target.Subsystem_Connections.pattern=conn\.$name\..*
-target.Subsystem_Connections.displayname=Subsystem Connection
-target.Profile_Mappings.list=enroll,format,pinReset
-target.Profile_Mappings.pattern=op\.$name\.mapping\..*
-target.Profile_Mappings.displayname=Profile Mapping
-target.Authentication_Sources.list=0,1
-target.Authentication_Sources.pattern=auth\.instance\.$name\..*
-target.Authentication_Sources.displayname=Authentication Source
-target.Generals.displayname=General
-target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..*
-config.Generals.General.state=Enabled
-config.Generals.General.timestamp=1280283607424406
+tokendb.selfTestResultsTemplate=selfTestResults.template
+tokendb.selfTestTemplate=selfTest.template
+tokendb.showAdminTemplate=showAdmin.template
+tokendb.showCertTemplate=showCert.template
+tokendb.showTemplate=show.template
+tokendb.ssl=false
+tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus
+tokendb.userBaseDN=[TOKENDB_ROOT]
+tokendb.userDeleteTemplate=userDelete.template
tps._000=########################################
tps._001=# For verifying system certificates
tps._002=# tps.cert.list=sslserver,subsystem,audit_signing
@@ -1698,11 +1591,12 @@ tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5,
tps._016=# TOKEN_TERMINATED = 6
tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0
tps._018=########################################
-tps.operations.allowedTransitions=0:0,0:4,4:0
-tps.cert.list=sslserver,subsystem,audit_signing
-tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME]
-tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME]
+tps.cert.audit_signing.certusage=ObjectSigner
tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME]
+tps.cert.list=sslserver,subsystem,audit_signing
+tps.cert.sslserver.certusage=SSLServer
+tps.cert.subsystem.certusage=SSLClient
+tps.operations.allowedTransitions=0:0,0:4,4:0
usrgrp._000=##
usrgrp._001=## User/Group
usrgrp._002=##
diff --git a/base/tps/shared/conf/db.ldif b/base/tps/shared/conf/db.ldif
index 050118d1f..1dada984a 100644
--- a/base/tps/shared/conf/db.ldif
+++ b/base/tps/shared/conf/db.ldif
@@ -3,64 +3,52 @@
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
-dn: ou=people,{rootSuffix}
-objectClass: top
-objectClass: organizationalUnit
-ou: people
+dn: ou=Tokens,{rootSuffix}
+objectclass: top
+objectclass: organizationalunit
+ou: Tokens
+
+dn: ou=Activities,{rootSuffix}
+objectclass: top
+objectclass: organizationalunit
+ou: Activities
+
+dn: ou=Certificates,{rootSuffix}
+objectclass: top
+objectclass: organizationalunit
+ou: Certificates
+
+dn: ou=People,{rootSuffix}
+objectclass: top
+objectclass: organizationalunit
+ou: People
aci: (targetattr!="userPassword")(version 3.0; acl "Enable anonymous access"; allow (read, search, compare)userdn="ldap:///anyone";)
-dn: ou=groups,{rootSuffix}
-objectClass: top
-objectClass: organizationalUnit
-ou: groups
-
-dn: cn=Token Processing Service Manager Agents,ou=groups,{rootSuffix}
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Token Processing Service Manager Agents
-description: Agents for Token Processing Service Manager
-
-dn: cn=Subsystem Group, ou=groups, {rootSuffix}
-objectClass: top
-objectClass: groupOfUniqueNames
-cn: Subsystem Group
-description: Subsystem Group
+dn: ou=Groups,{rootSuffix}
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
-dn: cn=Trusted Managers,ou=groups,{rootSuffix}
+dn: cn=TUS Agents,ou=Groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
-cn: Trusted Managers
-description: Managers trusted by this PKI instance
+cn: TUS Agents
+description: Agents for TUS
-dn: cn=Administrators,ou=groups,{rootSuffix}
+dn: cn=TUS Officers,ou=Groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
-cn: Administrators
-description: People who manage the Certificate System
+cn: TUS Officers
+description: Security Officers for TUS
-dn: cn=Auditors,ou=groups,{rootSuffix}
+dn: cn=TUS Administrators,ou=Groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
-cn: Auditors
-description: People who can read the signed audits
+cn: TUS Administrators
+description: Administrators for TUS
-dn: cn=ClonedSubsystems,ou=groups,{rootSuffix}
+dn: cn=TUS Operators,ou=Groups,{rootSuffix}
objectClass: top
objectClass: groupOfUniqueNames
-cn: ClonedSubsystems
-description: People who can clone the master subsystem
-
-dn: ou=requests,{rootSuffix}
-objectClass: top
-objectClass: organizationalUnit
-ou: requests
-
-dn: cn=crossCerts,{rootSuffix}
-cn: crossCerts
-sn: crossCerts
-objectClass: top
-objectClass: person
-objectClass: pkiCA
-cACertificate;binary:
-authorityRevocationList;binary:
-certificateRevocationList;binary:
+cn: TUS Operators
+description: Operators for TUS
diff --git a/base/tps/shared/conf/index.ldif b/base/tps/shared/conf/index.ldif
index fa4f2828c..d896de394 100644
--- a/base/tps/shared/conf/index.ldif
+++ b/base/tps/shared/conf/index.ldif
@@ -1,203 +1,76 @@
# --- BEGIN COPYRIGHT BLOCK ---
-# Copyright (C) 2006 Red Hat, Inc.
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301 USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
# All rights reserved.
# --- END COPYRIGHT BLOCK ---
#
-dn: cn=revokedby,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsSystemIndex: false
-cn: revokedby
-
-dn: cn=issuedby,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsSystemIndex: false
-cn: issuedby
-
-dn: cn=publicKeyData,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsSystemIndex: false
-cn: publicKeyData
-
-dn: cn=clientId,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsSystemIndex: false
-cn: clientId
-
-dn: cn=dataType,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsSystemIndex: false
-cn: dataType
-
-dn: cn=status,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsSystemIndex: false
-cn: status
-
-dn: cn=description,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: description
-
-dn: cn=serialno,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: serialno
-
-dn: cn=metaInfo,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: metaInfo
-
-dn: cn=certstatus,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: certstatus
-
-dn: cn=requestid,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: requestid
-
-dn: cn=requesttype,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: requesttype
-
-dn: cn=requeststate,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: requeststate
-
-dn: cn=requestowner,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: requestowner
-
-dn: cn=notbefore,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: notbefore
-
-dn: cn=notafter,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: notafter
-
-dn: cn=duration,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: duration
-
-dn: cn=dateOfCreate,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
+dn: cn=tokenUserID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenUserID
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=tokenID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenID
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=dateOfCreate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
cn: dateOfCreate
-
-dn: cn=revokedOn,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: revokedOn
-
-dn: cn=archivedBy,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsSystemIndex: false
-cn: archivedBy
-
-dn: cn=ownername,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsIndexType: sub
-nsSystemIndex: false
-cn: ownername
-
-dn: cn=subjectname,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsIndexType: sub
-nsSystemIndex: false
-cn: subjectname
-
-dn: cn=requestsourceid,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsIndexType: sub
-nsSystemIndex: false
-cn: requestsourceid
-
-dn: cn=revInfo,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsIndexType: sub
-nsSystemIndex: false
-cn: revInfo
-
-dn: cn=extension,cn=index,cn={database},cn=ldbm database, cn=plugins, cn=config
-objectClass: top
-objectClass: nsIndex
-nsIndexType: eq
-nsIndexType: pres
-nsIndexType: sub
-nsSystemIndex: false
-cn: extension
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=dateOfModify,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: dateOfModify
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: userCertificate
+nsindextype: eq
+nssystemindex: false
+
+dn: cn=tokenSerial,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenSerial
+nsindextype: eq
+nssystemindex: false
+
+dn: cn=tokenKeyType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenKeyType
+nsindextype: eq
+nssystemindex: false
diff --git a/base/tps/shared/conf/schema.ldif b/base/tps/shared/conf/schema.ldif
index 777bbef12..bde045630 100644
--- a/base/tps/shared/conf/schema.ldif
+++ b/base/tps/shared/conf/schema.ldif
@@ -1,489 +1,58 @@
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( usertype-oid NAME 'usertype' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( userstate-oid NAME 'userstate' DESC 'Distinguish whether the user is administrator, agent or subsystem.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( cmsuser-oid NAME 'cmsuser' DESC 'CMS User' SUP top STRUCTURAL MUST usertype MAY userstate X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( archivedBy-oid NAME 'archivedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( adminMessages-oid NAME 'adminMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( algorithm-oid NAME 'algorithm' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( algorithmId-oid NAME 'algorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( signingAlgorithmId-oid NAME 'signingAlgorithmId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( autoRenew-oid NAME 'autoRenew' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( certStatus-oid NAME 'certStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( crlName-oid NAME 'crlName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( crlSize-oid NAME 'crlSize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( deltaSize-oid NAME 'deltaSize' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( crlNumber-oid NAME 'crlNumber' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( deltaNumber-oid NAME 'deltaNumber' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( firstUnsaved-oid NAME 'firstUnsaved' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( crlCache-oid NAME 'crlCache' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( revokedCerts-oid NAME 'revokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( unrevokedCerts-oid NAME 'unrevokedCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( expiredCerts-oid NAME 'expiredCerts' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( crlExtensions-oid NAME 'crlExtensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( dateOfArchival-oid NAME 'dateOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( dateOfRecovery-oid NAME 'dateOfRecovery' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( dateOfRevocation-oid NAME 'dateOfRevocation' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA 02110-1301 USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
dn: cn=schema
changetype: modify
add: attributeTypes
attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( duration-oid NAME 'duration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( extension-oid NAME 'extension' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( issuedBy-oid NAME 'issuedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( issueInfo-oid NAME 'issueInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( issuerName-oid NAME 'issuerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( keySize-oid NAME 'keySize' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( clientId-oid NAME 'clientId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( dataType-oid NAME 'dataType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( status-oid NAME 'status' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( keyState-oid NAME 'keyState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( metaInfo-oid NAME 'metaInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( nextUpdate-oid NAME 'nextUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( notAfter-oid NAME 'notAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( notBefore-oid NAME 'notBefore' DESC 'CMS defined attribute'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( ownerName-oid NAME 'ownerName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( password-oid NAME 'password' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( p12Expiration-oid NAME 'p12Expiration' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( proofOfArchival-oid NAME 'proofOfArchival' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( publicKeyData-oid NAME 'publicKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( publicKeyFormat-oid NAME 'publicKeyFormat' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( privateKeyData-oid NAME 'privateKeyData' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestId-oid NAME 'requestId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestInfo-oid NAME 'requestInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestState-oid NAME 'requestState' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestResult-oid NAME 'requestResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestOwner-oid NAME 'requestOwner' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestAgentGroup-oid NAME 'requestAgentGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestSourceId-oid NAME 'requestSourceId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestType-oid NAME 'requestType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestFlag-oid NAME 'requestFlag' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( requestError-oid NAME 'requestError' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( resourceACLS-oid NAME 'resourceACLS' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( revInfo-oid NAME 'revInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( revokedBy-oid NAME 'revokedBy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( revokedOn-oid NAME 'revokedOn' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( serialno-oid NAME 'serialno' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( nextRange-oid NAME 'nextRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( publishingStatus-oid NAME 'publishingStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( beginRange-oid NAME 'beginRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( endRange-oid NAME 'endRange' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( subjectName-oid NAME 'subjectName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( sessionContext-oid NAME 'sessionContext' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( thisUpdate-oid NAME 'thisUpdate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( transId-oid NAME 'transId' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( transStatus-oid NAME 'transStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( transName-oid NAME 'transName' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( transOps-oid NAME 'transOps' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( userDN-oid NAME 'userDN' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( userMessages-oid NAME 'userMessages' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( version-oid NAME 'version' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( Clone-oid NAME 'Clone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( DomainManager-oid NAME 'DomainManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( SecurePort-oid NAME 'SecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( SecureAgentPort-oid NAME 'SecureAgentPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( SecureAdminPort-oid NAME 'SecureAdminPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( SecureEEClientAuthPort-oid NAME 'SecureEEClientAuthPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( UnSecurePort-oid NAME 'UnSecurePort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( SubsystemName-oid NAME 'SubsystemName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: attributeTypes
-attributeTypes: ( cmsUserGroup-oid NAME 'cmsUserGroup' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( CertACLS-oid NAME 'CertACLS' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY resourceACLS X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( repository-oid NAME 'repository' DESC 'CMS defined class' SUP top STRUCTURAL MUST ou MAY ( serialno $ description $ nextRange $ publishingStatus ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( request-oid NAME 'request' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( requestId $ dateOfCreate $ dateOfModify $ requestState $ requestResult $ requestOwner $ requestAgentGroup $ requestSourceId $ requestType $ requestFlag $ requestError $ userMessages $ adminMessages ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( transaction-oid NAME 'transaction' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( transId $ description $ transName $ transStatus $ transOps ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( crlIssuingPointRecord-oid NAME 'crlIssuingPointRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ crlNumber $ crlSize $ thisUpdate $ nextUpdate $ deltaNumber $ deltaSize $ firstUnsaved $ certificateRevocationList $ deltaRevocationList $ crlCache $ revokedCerts $ unrevokedCerts $ expiredCerts $ cACertificate ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( certificateRecord-oid NAME 'certificateRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ certStatus $ autoRenew $ issueInfo $ metaInfo $ revInfo $ version $ duration $ notAfter $ notBefore $ algorithmId $ subjectName $ signingAlgorithmId $ userCertificate $ issuedBy $ revokedBy $ revokedOn $ extension $ publicKeyData $ issuerName ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( userDetails-oid NAME 'userDetails' DESC 'CMS defined class' SUP top STRUCTURAL MUST userDN MAY ( dateOfCreate $ dateOfModify $ password $ p12Expiration ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( keyRecord-oid NAME 'keyRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( serialno $ dateOfCreate $ dateOfModify $ keyState $ privateKeyData $ ownerName $ keySize $ metaInfo $ dateOfArchival $ dateOfRecovery $ algorithm $ publicKeyFormat $ publicKeyData $ archivedBy $ clientId $ dataType $ status ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( pkiSecurityDomain-oid NAME 'pkiSecurityDomain' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( ou $ name ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( pkiSecurityGroup-oid NAME 'pkiSecurityGroup' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( pkiSubsystem-oid NAME 'pkiSubsystem' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ Host $ SecurePort $ SubsystemName $ Clone ) MAY ( DomainManager $ SecureAgentPort $ SecureAdminPort $SecureEEClientAuthPort $ UnSecurePort ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( pkiRange-oid NAME 'pkiRange' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ beginRange $ endRange $ Host $ SecurePort ) X-ORIGIN 'user defined' )
-
-dn: cn=schema
-changetype: modify
-add: objectClasses
-objectClasses: ( securityDomainSessionEntry-oid NAME 'securityDomainSessionEntry' DESC 'CMS defined class' SUP top STRUCTURAL MUST ( cn $ host $ uid $ cmsUserGroup $ dateOfCreate ) X-ORIGIN 'user defined' )
+attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+-
+add: objectClasses
+objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' )
+objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' )
+objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' )
+objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' )
generated by cgit (git 2.34.1) at 2024-07-07 00:52:10 +0000