diff options
| author | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-09 01:51:54 -0500 |
|---|---|---|
| committer | Endi Sukma Dewata <edewata@redhat.com> | 2012-11-12 12:03:55 -0500 |
| commit | edf9c2273c00b52b0c240bc0c75dc1ba7bdc396e (patch) | |
| tree | 8a2a98b27a5d4721c6f1c099d70d1eeaca5fef04 /base | |
| parent | f400f3bc35f83a60fb386b734dec9fc66309bd71 (diff) | |
| download | pki-edf9c2273c00b52b0c240bc0c75dc1ba7bdc396e.tar.gz pki-edf9c2273c00b52b0c240bc0c75dc1ba7bdc396e.tar.xz pki-edf9c2273c00b52b0c240bc0c75dc1ba7bdc396e.zip | |
Reorganized common templates.
The common templates have moved from common-ui into base/common.
The deployment tools have been updated to use the new location.
Ticket #407
Diffstat (limited to 'base')
35 files changed, 3167 insertions, 76 deletions
diff --git a/base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm b/base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm new file mode 100644 index 000000000..b27042cfb --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/adminauthenticatepanel.vm @@ -0,0 +1,52 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Authentication</h2> +<p> +The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem. +#if ($systemType != "tps") +<br/> +If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one. +#end +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Uid:</th> + + <td><input type="text" size="40" name="uid" value="$uid"/></td> + </tr> + <tr> + <th>Password:</th> + + <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> + </tr> + </table> +<p> diff --git a/base/common/shared/webapps/pki/admin/console/config/adminpanel.vm b/base/common/shared/webapps/pki/admin/console/config/adminpanel.vm new file mode 100644 index 000000000..37d922764 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/adminpanel.vm @@ -0,0 +1,219 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT ID=Send_OnClick type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + var email = document.forms[0].email.value; + var name = document.forms[0].name.value; + var o = '$securityDomain'; + if (name == '') { + alert("Name is empty"); + return; + } + if (email == '') { + alert("Email is empty"); + return; + } + var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o; + document.forms[0].subject.value = dn; + var keyGenAlg = "rsa-dual-use"; + var keyParams = null; + if (document.forms[0].keytype.value == 'ecc') { + keyGenAlg = "ec-dual-use"; + keyParams = "curve=nistp256" + } + + if (navigator.appName == "Netscape" && + typeof(crypto.version) != "undefined") { + + crmfObject = crypto.generateCRMFRequest( + dn, "regToken", "authenticator", null, + "setCRMFRequest();", 2048, keyParams, keyGenAlg); + } else { + Send_OnClick(); + } +} + +function setCRMFRequest() +{ + with (document.forms[0]) { + cert_request.value = crmfObject.request; + submit(); + } +} + +</SCRIPT> +<SCRIPT type="text/VBS"> +<!-- + +Sub Send_OnClick + Dim TheForm + Dim szName + Set TheForm = Document.f + + + ' Contruct the X500 distinguished name + szName = "CN=NAME" + + ' IE doesnt like the dn containing the O component + + On Error Resume Next + Enroll.HashAlgorithm = "MD5" + Enroll.KeySpec = 1 + + Enroll.providerType = 1 + Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0" + + ' adding 2 to "GenKeyFlags" will enable the 'High Security' + ' (USER_PROTECTED) mode, which means IE will pop up a dialog + ' asking what level of protection the user would like to give + ' the key - this varies from 'none' to 'confirm password + ' every time the key is used' + Enroll.GenKeyFlags = 1 ' key PKCS12-exportable + szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2") + + theError = Err.Number + On Error Goto 0 + ' + ' If the user has cancelled things the we simply ignore whatever + ' they were doing ... need to think what should be done here + ' + If (szCertReq = Empty AND theError = 0) Then + Exit Sub + End If + If (szCertReq = Empty OR theError <> 0) Then + ' + ' There was an error in the key pair generation. The error value + ' is found in the variable 'theError' which we snarfed above before + ' we did the 'On Error Goto 0' which cleared it again. + ' + sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated." + result = MsgBox(sz, 0, "Credentials Enrollment") + Exit Sub + End If + + TheForm.cert_request.Value = szCertReq + TheForm.cert_request_type.Value = "pkcs10" + TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value + + TheForm.Submit + Exit Sub + +End Sub + +--> +</SCRIPT> + +<SCRIPT type="text/VBS"> +<!-- +FindProviders + +Function FindProviders + Dim i, j + Dim providers() + i = 0 + j = 1 + Dim el + Dim temp + Dim first + Dim TheForm + Set TheForm = document.f + On Error Resume Next + first = 0 + + Do While True + temp = "" + Enroll.providerType = j + temp = Enroll.enumProviders(i,0) + If Len(temp) = 0 Then + If j < 1 Then + j = j + 1 + i = 0 + Else + Exit Do + End If + Else + set el = document.createElement("OPTION") + el.text = temp + el.value = j + If temp = "Microsoft Base Cryptographic Provider v1.0" Then + first = j + End If + TheForm.cryptprovider.add(el) + If first = 0 Then + first = 1 + TheForm.cryptprovider.selectedIndex = 0 + Else + TheForm.cryptprovider.selectedIndex = first + End If + i = i + 1 + End If + Loop +End Function + +--> +</SCRIPT> +The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel. +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> + <br/> + + <table class="details"> + <tr> + <th>UID:</th> + <td><input type=text name=uid value="$admin_uid"></td> + </tr> + <tr> + <th>Name:</th> + <td><input size=35 type=text name=name value="$admin_name"></td> + </tr> + <tr> + <th>Email:</th> + <td><input size=35 type=text name=email value="$admin_email"></td> + </tr> + <tr> + <th>Password:</th> + <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td> + </tr> + <tr> + <th>Password (Again):</th> + + <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td> +<input type="hidden" name="cert_request" value=""/> +<input type="hidden" name="display" value=$displayStr /> +<input type="hidden" name="profileId" value="caAdminCert" /> +<input type="hidden" name="cert_request_type" value="crmf" /> +<input type="hidden" name="import" value=$import /> +<input type="hidden" name="uid" value="admin" /> +<input type="hidden" name="securitydomain" value="$securityDomain" /> +<input type="hidden" name="subject" value="cn=x" /> + </tr> + <tr> + <th>Key Type:</th> + <td><select name="keytype"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td> + </tr> + </table> + <div align="right"> + <hr /> + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm b/base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm new file mode 100644 index 000000000..abb7678ae --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/agentauthenticatepanel.vm @@ -0,0 +1,48 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Authentication</h2> +<br/> +The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests. +<br/> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Uid:</th> + + <td><input type="text" size="40" name="uid" value="$uid"/></td> + </tr> + <tr> + <th>Password:</th> + + <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> + </tr> + </table> +<br/> diff --git a/base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm b/base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm new file mode 100644 index 000000000..3ec3526d1 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/backupkeycertpanel.vm @@ -0,0 +1,57 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Export Keys and Certificates</h2> +<p> +To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) as well as the CA certificate chains need to be exported, and later imported into the cloned subsystem. All of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password specified below. This export operation is performed only when the master subsystem's keys and certificates are stored in the software token. +<p> +If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to export them. +<p> +For cloning, if the keys and certificates are stored in a hardware token, clones should use the same hardware token as that of the Master. +<p> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +<b><input $dobackup type=radio name=choice value="backupkey"> Export subsystem keys and certificates </b> +<br/> + <table class="details"> + <tr> + <th>Password to protect the PKCS #12 file:</th> + + <td><input type="password" size="40" name="__pwd" value="$pwd" autocomplete="off" /></td> + </tr> + <tr> + <th>Password again:</th> + + <td><input type="password" size="40" name="__pwdagain" value="$pwdagain" autocomplete="off"/></td> + </tr> + </table> +<br/> +<b><input $nobackup type=radio name=choice value="nobackupkey"> Don't export subsystem keys and certificates </b> +<br/> diff --git a/base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm new file mode 100644 index 000000000..08bcc1331 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/certchainpanel.vm @@ -0,0 +1,49 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<b>Pretty Print of Certificates on this subsystem. +<p> +#foreach ($item in $ppcerts) +<H2>$item.getDN()</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Certificate: $item.getNickname()</b></td> +</tr> + +<tr> + <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> +</tr> +</table> +#end + + <br/> + + <div align="right"> + <hr /> + + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm b/base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm new file mode 100644 index 000000000..ac8da10ee --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/certprettyprintpanel.vm @@ -0,0 +1,49 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +The following certificates were installed on this instance. +<p> +#foreach ($item in $ppcerts) +<H2>$item.getDN()</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Certificate: $item.getNickname()</b></td> +</tr> + +<tr> + <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td> +</tr> +</table> +#end + + <br/> + + <div align="right"> + <hr /> + + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm b/base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm new file mode 100644 index 000000000..0502834e4 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/certrequestpanel.vm @@ -0,0 +1,219 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<style type="text/css"> + +.floating { + position: absolute; + left: 250px; + top: 50px; + width: 600px; + padding: 3px; + border: solid; + border-width: 5px; + background: white; + display: none; + margin: 5px; +} +</style> +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +function showcert(element, event) +{ + var x = event.clientX; + var y = event.clientY; + + var content = element.getAttribute("content"); + var content_d = element.getAttribute("content_desc"); + + if (content == null) { return false; } + + var n = element.getAttribute("n"); + + var editableType = element.getAttribute("editableType"); + var desc; + var d; + var c; + if (editableType == "cert") + { + d = document.getElementById(n+"_editCertDiv"); + c = document.getElementById(n+"_text"); + desc = document.getElementById(n+"_desc_t"); + } else if (editableType == "certchain") { + d = document.getElementById(n+"_editCertChainDiv"); + c = document.getElementById(n+"_cc_text"); + desc = document.getElementById(n+"_cc_desc_t"); + } else { + d = document.getElementById(n+"_showCertDiv"); + c = document.getElementById(n+"_pre"); + desc = document.getElementById(n+"_desc_p"); + } + + if (desc.hasChildNodes()) + { + desc.removeChild(desc.childNodes[0]); + } + var content_desc = document.createTextNode(content_d); + desc.appendChild(content_desc); + + if (c.hasChildNodes()) + { + c.removeChild(c.childNodes[0]); + } + var content_text = document.createTextNode(content); + c.appendChild(content_text); + + d.style.left = x+30; // x-offset of floating div + assumedheight = 1000; + + var offset = 20; // extra y-offset of floating div + var bottom = y + offset + assumedheight; + if (bottom > window.innerHeight) { + offset = 0 - (2*offset) - assumedheight; + } + + d.style.top = y+ offset +document.body.scrollTop; + + // unhide the window + d.style.display ="block"; + +} + +function hide(tag) +{ + document.getElementById(tag+"_showCertDiv").style.display ="none"; + document.getElementById(tag+"_editCertDiv").style.display ="none"; + document.getElementById(tag+"_editCertChainDiv").style.display ="none"; +} + +</SCRIPT> +A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate. +<p> +If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully. +<p> +However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation. +<p> +Press the [Apply] button after certificates and chains are pasted in. +<p> +Press the [Next] button once all certificates have been generated successfully. +<p> +#foreach ($item in $reqscerts) +<H2>$item.getDN()</H2> +<table width=100%> +<tr> + <td width=10%></td> + <td width=20%></td> + <td width=70%></td> +</tr> + +<tr> + <td> </td> +#if ($item.getCert() == "...paste certificate here...") + <td><font color=red>action required</font><br> +<img alt="" src="/pki/images/no-certificate.png"/></td> +#elseif ($item.getCert() == "...certificate be generated internally...") +<td> + <img alt="" src="/pki/images/no-certificate.png"/><br> + certificate will be generated internally + </td> +#elseif ($item.getCert() == "") + <td> +<img alt="" src="/pki/images/no-certificate.png"/><br> + No Certificate Generated. Please import.<br> + </td> +#else + <td> +<img alt="" src="/pki/images/certificate.png"/><br> + Certificate Generated Successfully + </td> +#end + +<td> + + +#if ($item.getCert() == "...paste certificate here...") +<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p> +<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p> +<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p> +#elseif ($item.getCert() == "...certificate be generated internally...") +<p> +#else +<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p> +<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p> +<a content="$item.getEscapedCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p> +#end + + +</td> +</tr> +</table> + +<div id="$item.getCertTag()_showCertDiv" class="floating"> +<div align="right" onclick="hide('$item.getCertTag()');">X</div> +<table id="$item.getCertTag()_stable" width="100%"> +<tr> +<td id="$item.getCertTag()_desc_p"></td> +</tr> +<tr> +<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td> +</tr> +</table> +</div> + +<div id="$item.getCertTag()_editCertDiv" class="floating"> +<div align="right" onclick="hide('$item.getCertTag()');">X</div> +<table id="$item.getCertTag()_etable" width="100%"> +<tr> +<td id="$item.getCertTag()_desc_t"></td> +</tr> +<tr> +<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td> +</tr> +</table> +</div> + +<div id="$item.getCertTag()_editCertChainDiv" class="floating"> +<div align="right" onclick="hide('$item.getCertTag()');">X</div> +<table id="$item.getCertTag()_cc_etable" width="100%"> +<tr> +<td id="$item.getCertTag()_cc_desc_t"></td> +</tr> +<tr> +<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td> +</tr> +</table> +</div> + + +#end + + <p> + + + <div align="right"> + <hr /> + + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm b/base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm new file mode 100644 index 000000000..839cff56a --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/config_addhsm.vm @@ -0,0 +1,96 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> +<SCRIPT LANGUAGE="JavaScript"> + function checkClose() { + if ('$status' == "update" && '$error' == '') { + window.close(); + } + } + +</SCRIPT> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + + + <body onLoad="checkClose();"><div id="wrap"><div id="wrap"> + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td class="page-content" width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Security Modules</h1> +Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. +<p> +<H2>Registering a New Security Module</H2> +<form name=configForm action="config_addhsm" method="post"> +<p> +If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here. +<table> +<tr> + <td> +Library Path: <input type=text name="modulePath" value=""> + </td> +</tr> +<tr> + <td> +Module Name: <input type=text name="moduleName" value=""> + </td> +<tr> +</tr> +</table> +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply"> + </td> +</tr> +</table> +</form> + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm b/base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm new file mode 100644 index 000000000..147425bae --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/config_hsmloginpanel.vm @@ -0,0 +1,79 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> + <h1> + Security Modules Login Panel</h1> +Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. +<br/> +<H2>Security Token Login</H2> +<form name=configHSMLoginForm action="config_hsmlogin" method="post"> +<p> +The user has chosen to login to the following security module: <b>$SecToken</b> +<p> +#if ($status == "alreadyLoggedIn") + Token already logged in. +#elseif ($status == "tokenPasswordNotInitialized") + Token password not initialized. +#elseif ($status == "justLoggedIn") + Token logged in successfully. +#else +<table> +<tr> + <td> +Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b> + </td> +</tr> +<tr> + <td> +Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off"> + </td> +<tr> +</tr> +</table> +<p> +#end + +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> + + </td> +</tr> +</table> + </td> + </tr> + </table> + + <p> + + <div align="right"> + <hr /> + + </div> + + diff --git a/base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm b/base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm new file mode 100644 index 000000000..8ae6f3f7b --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/createsubsystempanel.vm @@ -0,0 +1,101 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Subsystem Configuration</h2> +<p> +#if ($systemType != "tps") +This instance can be configured as either a new $systemname subsystem or a clone of an existing $systemname. If the cloning option is chosen, please provide the URL to an existing $systemname instance. +#else +This instance can be configured as a new $systemname subsystem. +#end +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> +<b><input $check_newsubsystem type=radio name=choice value="newsubsystem"> Configure this Instance as a New $systemname Subsystem </b> +<br/> + <table class="details"> + <tr> + <th>Subsystem Name: </th> + <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td> + </tr> + <tr> + <th>Subsystem HTTP EE URL (unsecure): </th> + <td>http://$machineName:$http_port</td> + </tr> + <tr> + <th>Subsystem HTTPS Agent URL (clientauth): </th> + <td>https://$machineName:$https_agent_port</td> + </tr> + <tr> + <th>Subsystem HTTPS EE URL (non-clientauth): </th> + <td>https://$machineName:$https_ee_port</td> + </tr> + <tr> + <th>Subsystem HTTPS Admin URL (non-clientauth): </th> + <td>https://$machineName:$https_admin_port</td> + </tr> + </table> +<p> +#if ($disableClone == "true") +<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled"> Clone an Existing $systemname Subsystem </b> +#else +<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem"> Clone an Existing $systemname Subsystem </b> +#end +<br/> + <table class="details"> + <tr> + <th>Subsystem Name: </th> +#if ($disableClone == "true") + <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname Clone 1)</td> +#else + <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname Clone 1)</td> +#end + </tr> + <tr> + <th>Subsystem URL: </th> +#if ($disableClone == "true") + <td><select name="urls" disabled="disabled"> +#else + <td><select name="urls"> +#end + #if ($urls.size() > 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #else + <option selected value="none">NONE</option> + #end + </select> + </td> + </tr> + </table> +<br/> diff --git a/base/common/shared/webapps/pki/admin/console/config/databasepanel.vm b/base/common/shared/webapps/pki/admin/console/config/databasepanel.vm new file mode 100644 index 000000000..174710110 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/databasepanel.vm @@ -0,0 +1,132 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +Please provide information to an existing Fedora Directory Server that can be used as the internal database for this instance. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> +<div id=details style="display: none;"> +<p> +Each instance needs access to a Fedora Directory Server instance to store requests and records. Each PKI instance may create its own associated internal database, or may share an existing internal database. To share an existing internal database instance, a PKI instance would only need to establish a unique distinguished name (DN) using the field entitled <b>Base DN</b> and a unique database name using the field entitled <b>Database</b>. +#if ($clone == "clone") +<p> +<p> +Replication agreements between the master and clone database instances may be customized. If no master and replication ports are provided, then replication will occur on the same ports used by the Certificate Sever instances to communicate with the directory server. If these ports are LDAPS ports, then the replication traffic will be SSL encrypted. It is still possible to require the replication traffic to be SSL encrypted on the non-SSL port by selecting TLS for Replication Security. In order for this operation to be successful though, the database instances must be SSL enabled before continuing beyond this panel. +#end +</div> +<p> +<i>Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used.</i> +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> + + <table class="details"> + <tr> + <th>Host:</th> + <td><input type="text" size="40" name="host" value="$hostname" /></td> + </tr> + + <tr> + <th>Port:</th> + + <td><input type="text" size="40" name="port" value="$portStr" /> + <input type="CHECKBOX" NAME="secureConn">SSL + </td> + </tr> + <tr> + <th>Base DN:</th> +#if ($clone == "clone") + <td><input type="text" size="40" name="basedn" value="$basedn" readonly/></td> +#else + <td><input type="text" size="40" name="basedn" value="$basedn" /></td> +#end + </tr> + <tr> + <th>Database:</th> + + <td><input type="text" size="40" name="database" value="$database" /></td> + </tr> + <tr> + <th>Bind DN:</th> + <td><input type="text" size="40" name="binddn" value="$binddn" /></td> + </tr> + <tr> + <th>Bind Password:</th> + + <td><input type="password" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td> + </tr> + </table> + <input type="hidden" name="display" value=$displayStr /> + <input type="CHECKBOX" NAME="removeData">Remove the existing data from the <b>Base DN</b> shown above.<p> + +#if ($clone == "clone") + + #set ($check_none="") + #set ($check_tls="") + #set ($check_ssl="") + #if ($replicationSecurity == "TLS") #set ($check_tls="CHECKED") + #elseif ($replicationSecurity == "SSL") #set ($check_ssl="CHECKED") + #else #set ($check_none="CHECKED") #end + + <table class="details" > + <tr><th>Replication Details</th></tr> + <tr> + <th>Master Replication Port:</th> + <td><input type="text" size="40" name="masterReplicationPort" value="$masterReplicationPort" /></td> + </tr> + + <tr> + <th>Clone Replication Port:</th> + <td><input type="text" size="40" name="cloneReplicationPort" value="$cloneReplicationPort" /></td> + </tr> + + <tr> + <th>Replication Security:</th> + <td> + <input type="radio" name="replicationSecurity" value="None" $check_none />None</input> + <input type="radio" name="replicationSecurity" value="TLS" $check_tls />TLS</input> + <input type="radio" name="replicationSecurity" value="SSL" $check_ssl />SSL</input> + </td> + </tr> + <p> +#end + + <div align="right"> + <hr /> + + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm new file mode 100644 index 000000000..26506c12f --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/displaycertchainpanel.vm @@ -0,0 +1,49 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>$panelname</h2> +<br/> +A certificate chain is a list of all certificates chained up to the root. +<br/> +If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance. +<br/> +If no certificate chain is listed below, simply click the Next button to move on to the next panel. +<p> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> + +#if ($certchain.size() > 0) +#foreach ($p in $certchain) +<pre> +$p +</pre> +<br/> +#end +#end diff --git a/base/common/shared/webapps/pki/admin/console/config/donepanel.vm b/base/common/shared/webapps/pki/admin/console/config/donepanel.vm new file mode 100644 index 000000000..136760171 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/donepanel.vm @@ -0,0 +1,74 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<input type="hidden" name="host" value=$host /> +<input type="hidden" name="port" value=$port /> +<input type="hidden" name="systemType" value=$systemType /> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +#if ($systemType.equals("tks")) +As 'root', restart the server on the command line by typing the following command: +<br> +$initCommand restart $instanceId +<br> +After performing this restart, the server should become operational. +#else +#if ($externalCA.equals("true") && $systemType.equals("kra")) +As 'root', restart the server on the command line by typing the following command: +<br> +$initCommand restart $instanceId +<br> +Startup the administration console to add the peer CA to the Trusted Manager's Group. Make sure to add the transport certificate and connector information to the peer CA. After performing this restart, the server should become operational. +#else +As 'root', restart the server on the command line by typing the following command: +<br> +$initCommand restart $instanceId +<br> +After performing this restart, the server should become operational. +<br/> +Please go to the <A href="https://$host:$port/$systemType/services"><b>services page</b></A> to access all of the available interfaces. +<br/> +#end +#end +<br/> +To create additional instances, type "/usr/bin/pkicreate" on the command line. +#if ($systemType != "tps") +<br> +To start the administration console, type "/usr/bin/pkiconsole" on the command line. +<br/> +#end +#if (($systemType == "kra") && ($info != "")) +<hr> +<br> +<b>Important warning</b> reported by Certificate Authority:<br> <b>$info</b> +<br/> +<br> +This instance of Data Recovery Manager (DRM) is not connected to any Certificate Authority (CA). Please consult the product documentation for the manual procedure of connecting a DRM to a CA. +<br/> +#end diff --git a/base/common/shared/webapps/pki/admin/console/config/footer.vm b/base/common/shared/webapps/pki/admin/console/config/footer.vm new file mode 100644 index 000000000..a596e45b1 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/footer.vm @@ -0,0 +1,19 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + <div id="footer"> + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/header.vm b/base/common/shared/webapps/pki/admin/console/config/header.vm new file mode 100644 index 000000000..e0fe6a962 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/header.vm @@ -0,0 +1,25 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> +<div id="header"> + <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> + <div id="headerpaddedtitle"> + <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> + </div> + <div id="account"> + </div> +</div> diff --git a/base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm b/base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm new file mode 100644 index 000000000..e6c03a6b1 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/hierarchypanel.vm @@ -0,0 +1,56 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { + setURL(); +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>PKI Hierarchy</h2> +<p> +This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} + +</script> + +<div id=details style="display: none;"> +<p> +The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA. +</div> + +<p> +<b><input $check_root type=radio name=choice value="root"> Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="/pki/images/rootca.gif"></b> +<p> +<b><input $check_join type=radio name=choice value="join"> Make this a subordinate CA of another CA. <img alt="" src="/pki/images/sub.gif"></b> + +<p> diff --git a/base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm b/base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm new file mode 100644 index 000000000..53d445946 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/importadmincertpanel.vm @@ -0,0 +1,66 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem. +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<font color="red">$info</font> +<p> + <p> + + <table class="details"> + <tr> +<SCRIPT LANGUAGE="JavaScript"> +#if ($ca == 'true' && $import == 'true') +if (navigator.appName == "Netscape") { +document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>'); +} else { +document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>'); +} +#else +#if ($import == 'true') +if (navigator.appName == "Netscape") { +document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>'); +} else { +document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>'); +} +#end +#end +</SCRIPT> +<input type="hidden" name="serialNumber" value=$serialNumber /> +<input type="hidden" name="caHost" value=$caHost /> +<input type="hidden" name="caPort" value=$caPort /> +<input type="hidden" name="pkcs7" value=$pkcs7 /> + + </tr> + </table> + <div align="right"> + <hr /> + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm new file mode 100755 index 000000000..c53c3af2a --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/importcachainpanel.vm @@ -0,0 +1,65 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +</SCRIPT> +The CA's certificate chain needs to be imported into your browser. Also, you must trust the CA. Once this is done, click Next. +<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<p> + <p> + + <table class="details"> + <tr> +<SCRIPT LANGUAGE="JavaScript"> + +function importCAChain() +{ + var importcachain = document.getElementById("importcachain"); + + if(!importcachain) + return; + + alert("You will now be asked to import and trust the Certificate Chain from the CA. Please do so."); + + importcachain.src="http://$machineName:$http_port/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert"; +} + +#if ($ca == 'true' && $import == 'true') +document.writeln('<iframe scrolling=yes id="importcachain" frameborder=0 height=0 width=0></iframe>'); +window.setTimeout(importCAChain,700); +#end + +</SCRIPT> + + </tr> + </table> + <div align="right"> + <hr /> + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/login.vm b/base/common/shared/webapps/pki/admin/console/config/login.vm new file mode 100644 index 000000000..2400bd2d3 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/login.vm @@ -0,0 +1,113 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + </head> + + + <body><div id="wrap"> + +#include ( "admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +#include ( "admin/console/config/topmenu.vm" ) + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +<div> + - +</div> + + +</div> +</div> + +</div> +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td class="sidebar"> + + </td> + <td class="page-content" width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Login</h1> + +A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue. + + <p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <p> + <form name="f" action="login" method="post"> + + <table class="details"> + <tr> + <th>PIN:</th> + <td><input type=password name="pin"></td> + </tr> + </table> + <div align="right"> + <hr /> + </div> + </form> + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> +<td align=right> +<input type=button onclick="javascript: document.f.submit();" name=login value="Login"> +</td> +</tr> +</table> + + + </td> + </tr> + </table> + +#include ( "admin/console/config/footer.vm" ) + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/common/shared/webapps/pki/admin/console/config/modulepanel.vm b/base/common/shared/webapps/pki/admin/console/config/modulepanel.vm new file mode 100644 index 000000000..f0952ecbe --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/modulepanel.vm @@ -0,0 +1,162 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> +<div id=details style="display: none;"> +<br/> +Key pairs for this instance will be generated and stored on a device called a security module. +<br/> +A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>. +<br/> +<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included. +<br/> +Before any security module solution can be used, a user must first always be authenticated to this security module via a token. To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software. +<br/> +Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot. For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication. +<br/> +Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue. +</div> +<br/> +<H2>Supported Security Modules</H2> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Module/Token</b></td> + <td width=10%><b>Status</b></td> + <td width=10%><b>Default</b></td> + <td width=10%><b>Operations</b></td> +</tr> +#foreach ($module in $sms) +<tr bgcolor="#eeeeee"> + <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td> + <td> + #if ($module.isFound()) + Found + #else + Not Found + #end + </td> + <td></td> + <td></td> +</tr> +#foreach ($token in $module.getTokens()) +<tr> + <td>- $token.getNickName()</td> + <td> + #if ($token.isPresent() && $token.isLoggedIn()) + Logged In + #else + Not logged In + #end + </td> + <td> + #if ($token.isPresent() && $token.isLoggedIn()) + #if ($defTok == $token.getNickName()) + <input checked type=radio name="choice" value="$token.getNickName()"> + #else + <input type=radio name="choice" value="$token.getNickName()"> + #end + #end + </td> + <td> + #if ($token.isPresent() && !$token.isLoggedIn()) +<a href="wizard?p=$subpanelno&SecToken=$token.getNickName()">Login</a> + #end +</td> +</tr> +#end +#end + +</table> +<H2>Other Security Modules</H2> +<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3> +<table width=100%> +<tr bgcolor="#cccccc"> + <td width=20%><b>Module/Token</b></td> + <td width=10%><b>Status</b></td> + <td width=10%><b>Default</b></td> + <td width=10%><b>Operations</b></td> +</tr> +#foreach ($module in $oms) +<tr bgcolor="#eeeeee"> + <td>$module.getUserFriendlyName()</td> + <td> + #if ($module.isFound()) + Found + #else + Not Found + #end + </td> + <td></td> + <td></td> +</tr> +#foreach ($token in $module.getTokens()) +<tr> + <td>- $token.getNickName()</td> + <td> + #if ($token.isPresent() && $token.isLoggedIn()) + Logged In + #else + Not logged In + #end + </td> + <td> + #if ($defTok == $token.getNickName()) + <input checked type=radio name="choice" value="$token.getNickName()"> + #else + <input type=radio name="choice" value="$token.getNickName()"> + #end + </td> + <td> + #if ($token.isPresent() && !$token.isLoggedIn()) +<a href="wizard?p=$subpanelno&SecToken=$token.getNickName()">Login</a> + #end +</td> +</tr> +#end +#end + +</table> + + + <br/> + + <div align="right"> + <hr /> + + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/namepanel.vm b/base/common/shared/webapps/pki/admin/console/config/namepanel.vm new file mode 100644 index 000000000..a1fff3807 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/namepanel.vm @@ -0,0 +1,105 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names. Each certificate will be stored in the security module using a unique nickname.<a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> + +<div id=details style="display: none;"> +<br/> +Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields. +<br/> +</div> + + <p> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +#foreach ($item in $certs) +<H2>$item.getUserFriendlyName()</H2> + + <table class="details"> + <tr> + <th>DN:</th> +#if ($item.isEnable()) + <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getEscapedDN()"/></td> +#else + <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getEscapedDN()" disabled="disabled" /></td> +#end + </tr> + <tr> + <th>Nickname:</th> +#if ($item.isEnable()) + <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td> +#else + <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()" disabled="disabled" /></td> +#end + </tr> + </table> +<br/> +#end +<br/> +<hr> +<p> +A Certificate Authority (CA) is responsible for issuing different kinds of certificates. To obtain the certificates required internally by this subsystem, the user must select a URL to a CA that has been registered in the security domain or to an "External CA". +<p> +<i>Note: An "External CA" is defined to be a CA that is not part of the 'Security Domain'. Verisign<sup>®</sup>, GeoTrust<sup>®</sup>, and Netscape<sup>®</sup> Certificate Management System (CMS) 6.x are examples of "External CAs".</i> +<br/> + <table class="details"> + <tr> + <th>URL:</th> +#if ($isRoot == "true") + <td><select name="urls" disabled="disabled"> +#else + <td><select name="urls"> +#end + #if ($urls.size() > 0) + #set ($x=0) + #foreach ($p in $urls) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + #end + </select> + </td> + </tr> + </table> + + <div align="right"> + <hr /> + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm b/base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm new file mode 100644 index 000000000..ab9b06f4c --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/restorekeycertpanel.vm @@ -0,0 +1,54 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Import Keys and Certificates</h2> +<br/> +To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) need to be imported. For a software token, all of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password provided during the creation of this file. To import this PKCS #12 file, first copy the PKCS #12 file to the alias directory for the cloned subsystem. Then enter an appropriate filename and password in the form specified below. +<p> +If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to import them. +<p> +For keys and certificates stored in an external software token, please refer to the Dogtag documentation for instructions. +<p> +By default, if the path is left blank, no PKCS #12 file will be imported. +<br/> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>PKCS #12 filename:</th> + + <td><input type="text" size="40" name="path" value="$path"/></td> + </tr> + <tr> + <th>PKCS #12 Password:</th> + + <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td> + </tr> + </table> +<br/> diff --git a/base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm b/base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm new file mode 100644 index 000000000..ce74ecae8 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/savepkcs12panel.vm @@ -0,0 +1,40 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>Save Keys and Certificates</h2> +<br/> +This Subsystem is attempting to return the keys and certificates in a PKCS #12 format. +<p> +A popup dialog box from the browser should appear, prompting the user to save these keys and certificates to a PKCS #12 file located on the local filesystem. Follow the instructions within this dialog to save this PKCS #12 file to a safe location. +<br/> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +<iframe scrolling=no frameborder=0 height=0 width=0 src="/$subsystemtype/admin/console/config/savepkcs12"></iframe> +<br/> diff --git a/base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm b/base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm new file mode 100644 index 000000000..e9e0763ab --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/securitydomainloginpanel.vm @@ -0,0 +1,109 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> + +<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> +<META http-equiv=Content-Type content="text/html; charset=UTF-8"> + </head> + + +<div id="wrap"> +<div id="header"> + <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/pki/images/logo_header.gif" alt="Dogtag" id="myLogo" /></a> + <div id="headerpaddedtitle"> + <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">®</font></sup> Certificate System</a> + </div> + <div id="account"> + <dl><dt><span></span></dt><dd></dd></dl> + </div> +</div> + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td width="100%"> + <h1><img src="/pki/images/icon-software.gif" /> + Security Domain ($name) Login </h1> + + <form name=sdForm action="getCookie" method="post"> + <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end + <table class="details"> + <tr> + <th>Uid:</th> + + <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td> + </tr> + + <tr> + <th>Password:</th> + + <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td> + </tr> +<input type=hidden name=url value="$url"> + + </table> + + <div align="right"> + <hr /> + + </div> + + +<p> +<table width=100%> +<tr bgcolor="#eeeeee"> + <td> +<div align="right"> +<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> +</div> + </td> +</tr> +</table> + + </form> + + </td> + </tr> + </table> + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm b/base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm new file mode 100644 index 000000000..a8ac15bf5 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/securitydomainpanel.vm @@ -0,0 +1,115 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<h2>$panelname</h2> +<br/> +A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> + +<div id=details style="display: none;"> +<br/> +This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority. +<br/> +If the user is creating a new security domain, this CA Administrator is also +the security domain Administrator. +<br/> +If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator +requested in the next panel. +</div> +#if ($errorString != "") +<img alt="" src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +#if ($cstype == "CA") +<b><input $check_newdomain type=radio name=choice value="newdomain"> Create a New Security Domain </b> +<br/> +If no security domain exists, a new one must be created for this CA. + <table class="details"> + <tr> + <th>Security Domain Name: </th> + <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> + </tr> + <tr> + <th>Security Domain HTTP EE URL (unsecure): </th> + <td>http://$machineName:$http_ee_port</td> + </tr> + <tr> + <th>Security Domain HTTPS Agent URL (clientauth): </th> + <td>https://$machineName:$https_agent_port</td> + </tr> + <tr> + <th>Security Domain HTTPS EE URL (non-clientauth): </th> + <td>https://$machineName:$https_ee_port</td> + </tr> + <tr> + <th>Security Domain HTTPS Admin URL (non-clientauth): </th> + <td>https://$machineName:$https_admin_port</td> + </tr> + </table> +<br/> +<b><input $check_existingdomain type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> +#else +<b><input disabled="disabled" type=radio name=choice value="newdomain"> Create a New Security Domain </b> +<br/> +If no security domain exists, a new one must be created for this CA. + <table class="details"> + <tr> + <th>Security Domain Name: </th> + <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td> + </tr> + </table> +<br/> +<b><input checked type=radio name=choice value="existingdomain"> Join an Existing Security Domain </b> +#end +<br/> +Enter the URL to an existing security domain. +<br/> + <table class="details"> + <tr> + <th>Security Domain HTTPS Admin URL (non-clientauth): </th> + <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td> + </tr> + </table> +<br/> +<table> +<tr> +<td valign="top"><b>NOTE: </b></td> +<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$initCommand status $instanceId" from the command-line.</td> +</tr> +</table> +<br/> diff --git a/base/common/shared/webapps/pki/admin/console/config/sidemenu.vm b/base/common/shared/webapps/pki/admin/console/config/sidemenu.vm new file mode 100644 index 000000000..09fe16870 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/sidemenu.vm @@ -0,0 +1,30 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<div id="sidenav"> +<ul> + <li><a href="welcome">Welcome</a></li> + <li><a href="database">Internal Database</a></li> + <li><a href="module">Security Modules</a></li> + <li><a href="size">Key Size</a></li> + <li><a href="name">Issuer Name</a></li> + <li><a href="hierarchy">PKI Hierarchy</a></li> + <li><a href="admin">Administrator</a></li> + <li><a href="done">Finish</a></li> +</ul> +</div> diff --git a/base/common/shared/webapps/pki/admin/console/config/sizepanel.vm b/base/common/shared/webapps/pki/admin/console/config/sizepanel.vm new file mode 100644 index 000000000..1dee1ce6b --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/sizepanel.vm @@ -0,0 +1,685 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<style type="text/css"> +div#advance +{ + margin: 0px 20px 0px 20px; + display: none; +} +div#simple +{ + margin: 0px 20px 0px 20px; + display: block; +} +</style> + +<SCRIPT type="text/JavaScript"> + +var rsalist="${rsalist}"; +var ecclist="${ecclist}"; +var curvelist="${curvelist}"; +var displaycurvelist = "${displaycurvelist}"; +var rsaTags = "${rsaTags}"; +var additionalMessage = ""; +if (rsaTags.length > 0) { + additionalMessage = (rsaTags.indexOf(",") != -1)? + "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing, Transport, and Storage functionality <b>ONLY</b> support RSA keys. Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that RSA keys are selected for the Audit Log Signing Certificate, Transport Certificate, and Storage Certificate. All other keys can be ECC.</i>": + "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing functionality <b>ONLY</b> supports RSA keys. Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that an RSA key is selected for the Audit Log Signing Certificate. All other keys can be ECC.</i>"; +} + +function myOnLoad() { + var form = document.forms[0]; + var keyTypeSelect = form.elements['keytype']; + + setSigningAlgOptions(keyTypeSelect.value, "commontag"); + setAllSigningAlgOptions(keyTypeSelect.value); + + setAlgOptions(keyTypeSelect.value, "commontag"); + setAllAlgOptions(keyTypeSelect.value); +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} + +function toggleLayer(whichLayer) +{ + if (document.getElementById) { + // this is the way the standards work + var style2 = document.getElementById(whichLayer).style; + if (style2.display == "block") { + style2.display = "none"; + } else { + style2.display = "block"; + } + } +} + +function toggleLayer1(whichLayer) +{ + if (document.getElementById) { + // this is the way the standards work + var style2 = document.getElementById(whichLayer).style; + if (style2.display == "block") { + style2.display = "none"; + } else if (style2.display == "") { + style2.display = "none"; + } else { + style2.display = "block"; + } + } +} + +function toggleOn(whichLayer) +{ + if (document.getElementById) { + var style2 = document.getElementById(whichLayer).style; + style2.display = "block"; + } +} + +function toggleOff(whichLayer) +{ + if (document.getElementById) { + var style2 = document.getElementById(whichLayer).style; + style2.display = "none"; + } +} + +function keyAlgorithmChange() +{ + var form = document.forms[0]; + var keyTypeSelect = document.forms[0].elements['keyalgorithm']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_keyalgorithm') != -1) { + form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + } + } +} + +function signingAlgorithmChange() +{ + var form = document.forms[0]; + var keyTypeSelect = document.forms[0].elements['signingalgorithm']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_signingalgorithm') != -1) { + form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + } + } +} + +function setAllAlgOptions(keyType) +{ + var form = document.forms[0]; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + var ind = name.indexOf('_keyalgorithm'); + if (ind != -1) { + var tag = name.substring(0,ind); + setAlgOptions(keyType, tag); + } + } +} + +function setAlgOptions(keyType, certTag) +{ + var algSelect; + var list; + if (certTag == "commontag") { + algSelect = document.forms[0].elements['keyalgorithm']; + } else { + algSelect = document.forms[0].elements[certTag + '_keyalgorithm']; + } + if (typeof(algSelect) == "undefined") { + return; + } + algSelect.options.length=0; + if (keyType == "rsa") { + list = rsalist.split(","); + } else { + list = ecclist.split(","); + } + for (i=0; i < list.length; i++) { + algSelect.options[algSelect.options.length] = new Option(list[i], list[i]); + } +} + +function setAllSigningAlgOptions(keyType) +{ + var form = document.forms[0]; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + var ind = name.indexOf('_signingalgorithm'); + if (ind != -1) { + var tag = name.substring(0,ind); + setSigningAlgOptions(keyType, tag); + } + } +} + +function setSigningAlgOptions(keyType, certTag) +{ + var algSelect; + var list; + if (certTag == "commontag") { + algSelect = document.forms[0].elements['signingalgorithm']; + } else { + algSelect = document.forms[0].elements[certTag + '_signingalgorithm']; + } + if (typeof(algSelect) == "undefined") { + return; + } + algSelect.options.length=0; + if (keyType == "rsa") { + list = rsalist.split(","); + } else { + list = ecclist.split(","); + } + for (i=0; i < list.length; i++) { + algSelect.options[algSelect.options.length] = new Option(list[i], list[i]); + } +} + +function toggleKeyCurve(keyType, certTag) +{ + if (keyType == "rsa") { + toggleOn(certTag + '_custom_display_keysize'); + toggleOff(certTag + '_custom_display_curvename'); + } else { + toggleOff(certTag + '_custom_display_keysize'); + toggleOn(certTag + '_custom_display_curvename'); + } +} + +function toggleAllKeyCurves(keyType) +{ + var form = document.forms[0]; + if (keyType == "rsa") { + toggleOn('simple_keysize'); + toggleOff('simple_curvename'); + } else { + toggleOn('simple_curvename'); + toggleOff('simple_keysize'); + } + + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + var ind = name.indexOf('_keytype'); + + if (ind != -1) { + var tag = name.substring(0,ind); + if (keyType =="rsa") { + toggleOff(tag + '_custom_display_curvename'); + toggleOn(tag + '_custom_display_keysize'); + } else { + toggleOn(tag + '_custom_display_curvename'); + toggleOff(tag + '_custom_display_keysize'); + } + } + } +} + +function indexOfTag(tag) +{ + var index = rsaTags.indexOf(tag); + if (index > 0) { + if (rsaTags.charAt(index-1) != ',') { + index = -1; + } + } + return index; +} + +function keyTypeChange(certTag) +{ + var form = document.forms[0]; + var keyTypeSelect; + if (certTag == "commontag") { + keyTypeSelect = document.forms[0].elements['keytype']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + var k = name.indexOf('_keytype'); + if (k != -1) { + var tag = name.substring(0, k); + if ((keyTypeSelect.value.indexOf('ecc') != -1) && + (indexOfTag(tag) == -1)) { + form.elements[name].selectedIndex = keyTypeSelect.selectedIndex; + setAlgOptions(keyTypeSelect.value, tag); + setSigningAlgOptions(keyTypeSelect.value, tag); + toggleKeyCurve(keyTypeSelect.value, tag); + } + } + } + } else { + keyTypeSelect = document.forms[0].elements[certTag + '_keytype']; + toggleKeyCurve(keyTypeSelect.value, certTag); + } + setAlgOptions(keyTypeSelect.value, certTag); + setSigningAlgOptions(keyTypeSelect.value, certTag); +} + +function defaultChange() +{ + var form = document.forms[0]; + var choiceSelect = document.forms[0].elements['choice']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_choice') != -1) { + for (var j = 0; j < form.elements[name].length; j++) { + var c = form.elements[name]; + c[j].checked = choiceSelect[j].checked; + } + } + } +} + +function customChange() +{ + var form = document.forms[0]; + var choiceSelect = document.forms[0].elements['choice']; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_choice') != -1) { + for (var j = 0; j < form.elements[name].length; j++) { + var c = form.elements[name]; + c[j].checked = choiceSelect[j].checked; + } + } + } +} + +function textChange() +{ + var customSize = document.forms[0].elements['custom_size']; + var form = document.forms[0]; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_custom_size') != -1) { + form.elements[name].value = customSize.value; + } + } +} + +function matchCurve(curve) +{ + var list = curvelist.split(","); + for (var i=0; i < list.length; i++) { + if (list[i] == curve) return true; + } + return false; +} + +function curveChange() +{ + var customCurve = document.forms[0].elements['custom_curvename']; + var check = matchCurve(customCurve.value); + if (check == false) { + alert("The curve name " + customCurve.value + " is not in the set of allowed curves.\n" + + "To see a list of allowed curves, click on Details."); + return; + } + var form = document.forms[0]; + for (var i = 0; i < form.length; i++) { + var name = form[i].name; + if (name.indexOf('_custom_curvename') != -1) { + form.elements[name].value = customCurve.value; + } + } +} + +function displayCurveList() +{ + var list = displaycurvelist.split(","); + var linelen = 0; + for (var i=0; i < list.length -1 ; i++) { + document.write(list[i] + ","); + linelen = linelen + list[i].length; + if (linelen >= 60) { + document.write("<br/>"); + linelen=0; + } + } + document.write(list[list.length -1]); +} + +</SCRIPT> +Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus. +<SCRIPT type="text/JavaScript"> +document.write(additionalMessage); +</SCRIPT> + <a href="javascript:toggle_details();">[Details]</a> +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> +<div id=details style="display: none;"> +<br/> +<p> +Each certificate can have its own key pair generated with its own independent settings or common settings can be applied to all key pairs. At minimum, each key pair has to define what <i>type</i> it is by identifying a cipher family and then has to set a <i>strength</i> for that key. +</p> +<ul> +<li> +<b><i>Key Type</i></b>. Sets the cipher family to use to generate the key pair. RSA and ECC key types have slightly different strength options. +</li> +<li> +<b><i>RSA strength: Key Size</i></b>. Sets the key length for the generated pair. Longer keys are stronger, which makes them more secure. +However, longer key pair sizes also increase the time required to perform operations such as signing certificates, so long keys can affect performance. +</li> +<li> +<b><i>ECC strength: Curve Name</i></b>. Sets the curve algorithm to use, which can be any one of the curves listed below. The curves that are included in parenthesis are equivalent - and either name can be used. Note that not all curves may be supported by the token. +<br/><ul style="list-style:none"><li><i> +<SCRIPT type="text/JavaScript"> +displayCurveList(); +</SCRIPT></i></li></ul> +</li> +<li> +<b><i>Signing Algorithm</i></b>. <i>Signing certificates only.</i> Sets the signing algorithm which will be used to sign objects issued by the subsystem. This is only displayed for certificates which are used for object signing, such as the CA signing certificate or the OCSP signing certificate. +</li> +<li><b><i>Signed With</i></b>. <i>Root CAs only.</i> Sets the signing algorithm used to sign the CA signing certificate itself. +</li> +</ul> +<br/> +</div> +#if ($select == "clone") +For a cloned subsystem, only the key for an SSL server certificate is generated. +#end +<br/> +#if ($errorString != "") +<img src="/pki/images/icon_crit_update.gif"> <font color="red">$errorString</font> +#end +<br/> +<div id="simple"> +<br/> +<table width=100%> +<tr> + <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td> +</tr> +</table> +<br/> +<H2>Common Key Settings</H2> +<br/> +<table width=100% class="details"> + <tr> + <th width="30%">Key Type:</th> + <td><select name="keytype" onChange="keyTypeChange('commontag')"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td> + </tr> +</table> + +#if ($subsystemtype == "ca") +#if ($hselect == "root") +<table width=100% class="details"> + <tr> + <th width="30%">Signed With:</th> + <td><select name="keyalgorithm" onChange="keyAlgorithmChange()"> + </select></td> + </tr> +</table> +#end +#end + +#if ($show_signing == "true") +<table width=100% class="details"> + <tr> + <th width="30%">Signing Algorithm:</th> + <td><select name="signingalgorithm" onChange="signingAlgorithmChange()"> + </select></td> + </tr> +</table> +#end + +<div id="simple_keysize"> +<p> + + <input checked onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits)</b>. + <p> + <input onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key size:</b> + + <p> +<table width=100% class="details"> + <tr> + <th>Key Size:</th> + <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="2048" /></td> + </tr> +</table> + +</div> + +<div id="simple_curvename" style="display: none;"> +<p> + + <input checked onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default curve ($default_ecc_curvename)</b>. + <p> + <input onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following curve:</b> + + <p> +<table width=100% class="details"> + <tr> + <th width=30%>Curve Name:</th> + <td><input onChange="curveChange()" type="text" size="20" name="custom_curvename" value="$default_ecc_curvename" /></td> + </tr> +</table> + +</div> + +<!-- to be used when we can do a google-style horizontal combo-box +<div id="simple_curvename" style="display: none;"> + +<table width=100% class="details"> + <tr> + <th width="30%">Curve Name:</th> + <td><select name="custom_curvename"> + #set ($x=0) + #foreach ($p in ${curvelist}) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + </select></td> + </tr> +</table> +</div> +--> + +</div> +<p> + +<div id="advance" style="display: none;"> +<p> +<table width=100%> +<tr> + <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td> +</tr> +</table> +#foreach ($item in $certs) +<H2>Key for $item.getUserFriendlyName()</H2> +<p> +<table width=100% class="details"> + <tr> + <th width="30%">Key Type:</th> +#if ($item.isEnable()) + <td><select name="$item.getCertTag()_keytype" onChange="keyTypeChange('$item.getCertTag()')"><option value=rsa>RSA</option><option value="ecc">ECC</option></select></td> +#else + <td><select name="$item.getCertTag()_keytype" disabled="disabled" onChange="keyTypeChange('$item.getCertTag()')"><option value=rsa>RSA</option><option value="ecc">ECC</option></select></td> +#end + </tr> +</table> + +#if ($subsystemtype == "ca") +#if ($hselect == "root") +#if ($item.getCertTag() == "signing") +<table width=100% class="details"> + <tr> + <th width="30%">Signed With:</th> + <td><select name="$item.getCertTag()_keyalgorithm"> + </select></td> + </tr> +</table> +#end +#end +#end + +#if ($item.isSigningRequired()) +<table width=100% class="details"> + <tr> + <th width="30%">Signing Algorithm:</th> + <td><select name="$item.getCertTag()_signingalgorithm"> + </select></td> + </tr> +</table> +#end + +<div id="$item.getCertTag()_custom_display_keysize"> +<br/> +#if ($item.isEnable()) + <input +#if ($item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits). +#else + <input +#if ($item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="default" disabled="disabled"><b>Use the default key size ($default_keysize bits). +#end + <br/> +#if ($item.isEnable()) + <input +#if (!$item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key size:</b> +#else + <input +#if (!$item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="custom" disabled="disabled"><b>Use the following custom key size:</b> +#end + + <br/> +<table width=100% class="details"> + <tr> + <th>Key Size:</th> +#if ($item.isEnable()) + <td><input type="text" size="20" name=$item.getCertTag()_custom_size value=$item.getCustomKeysize() /></td> +#else + <td><input type="text" size="20" name=$item.getCertTag()_custom_size value=$item.getCustomKeysize() disabled="disabled"/></td> +#end + </tr> +</table> +</div> + +<div id="$item.getCertTag()_custom_display_curvename" style="display: none;"> +<br/> +#if ($item.isEnable()) + <input +#if ($item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="default"><b>Use the default curve ($default_ecc_curvename). +#else + <input +#if ($item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="default" disabled="disabled"><b>Use the default curve ($default_ecc_curvename). +#end + <br/> +#if ($item.isEnable()) + <input +#if (!$item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following curve:</b> +#else + <input +#if (!$item.useDefaultKey()) + checked +#end + type=radio name=$item.getCertTag()_choice value="custom" disabled="disabled"><b>Use the following curve:</b> +#end + + <br/> +<table width=100% class="details"> + <tr> + <th width=30%>Curve Name:</th> +#if ($item.isEnable()) + <td><input type="text" size="20" name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename() /></td> +#else + <td><input type="text" size="20" name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename() disabled="disabled"/></td> +#end + </tr> +</table> +</div> + +<!-- to be used when we can do a google-style combo-box +<div id="$item.getCertTag()_custom_display_curvename" style="display: none;"> +<table width=100% class="details"> + <tr> + <th width="30%">Curve Name:</th> +#if ($item.isEnable()) + <td><select name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename()> + #set ($x=0) + #foreach ($p in $curvelist) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + </select> + </td> +#else + <td><select name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename() disabled="disabled"> + #set ($x=0) + #foreach ($p in $curvelist) + <option value="$x">$p</option> + #set ($x=$x+1) + #end + </select> + </td> +#end + </tr> +</table> +</div> +--> + +#end +</div> +<br/> +<br/> +<br/> +#if ($firsttime == 'false') +<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p> +#end +<br/> + <div align="right"> + <hr /> +<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete. Please wait for the next panel to appear.</i> + + </div> diff --git a/base/common/shared/webapps/pki/admin/console/config/topmenu.vm b/base/common/shared/webapps/pki/admin/console/config/topmenu.vm new file mode 100644 index 000000000..64881066f --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/topmenu.vm @@ -0,0 +1,21 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<ul> +<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li> +</ul> diff --git a/base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm b/base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm new file mode 100644 index 000000000..07b0d641f --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/welcomepanel.vm @@ -0,0 +1,56 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<SCRIPT type="text/JavaScript"> +function myOnLoad() { +} + +function performPanel() { + with (document.forms[0]) { + submit(); + } +} +</SCRIPT> +<H2>$panelname</H2> +The $fullsystemname configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname ($systemname). <a href="javascript:toggle_details();">[Details]</a> + +<SCRIPT type="text/JavaScript"> +function toggle_details() +{ + d = document.getElementById('details'); + if (d.style.display == "block") { + d.style.display="none"; + } else { + d.style.display="block"; + } +} +</script> + +<div id=details style="display: none;"> +<p> +A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates. +<p> +Dogtag Certificate System (DCS) $productversion + is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC). +<p> +For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem. +#if ($systemType != "tps") +<p> +Additionally, this wizard may also be used to clone any existing instance to achieve scalability and high-availability. +#end +</div> diff --git a/base/common/shared/webapps/pki/admin/console/config/wizard.vm b/base/common/shared/webapps/pki/admin/console/config/wizard.vm new file mode 100644 index 000000000..cc868e572 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/wizard.vm @@ -0,0 +1,152 @@ +<!-- --- BEGIN COPYRIGHT BLOCK --- + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + --- END COPYRIGHT BLOCK --- --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> + +<html> + <head> + + <title>Dogtag Certificate System</title> + + <link rel="shortcut icon" href="/pki/images/favicon.ico" /> + <link rel="stylesheet" href="/pki/css/pki-base.css" type="text/css" /> + + <META http-equiv=Content-Type content="text/html; charset=UTF-8"> + + </head> + + <body onLoad="myOnLoad();"> + +<SCRIPT type="text/JavaScript"> +function process(fop) { + with (document.forms[0]) { + op.value = fop; + if (fop == 'next') { + document.getElementById('progress').style.visibility = "visible"; + performPanel(); + } else if (fop == 'apply') { + document.getElementById('progress').style.visibility = "visible"; + performPanel(); + } else { + document.getElementById('progress').style.visibility = "visible"; + submit(); + } + } +} + +</SCRIPT> + +<div id="wrap"> + +#include ( "admin/console/config/header.vm" ) + +<div id="mainNavOuter"> +<div id="mainNav"> + +<div id="mainNavInner"> + + +<ul> +<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li> +</ul> + +</div><!-- end mainNavInner --> +</div><!-- end mainNav --> +</div><!-- end mainNavOuter --> + + +<div id="bar"> + +<div id="systembar"> +<div id="systembarinner"> + +</div> +</div> + +</div> +<!-- close bar --> + + <div id="content"> + <table width="100%" cellspacing="0"> + <tr> + <td class="sidebar"> + +<div id="sidenav"> +<ul> +#foreach ($panel in $panels) +#if (!$panel.isSubPanel()) +#if ($panel.isPanelDone()) + <li><center><font color=white size="2">$panel.getName()</font></center></li> +#else + <li><center><font color=black size="2">$panel.getName()</font></center></li> +#end +#end + +#end +</ul> +</div> + + </td> + <td class="page-content" width="100%"> + <h1><img alt="" src="/pki/images/icon-software.gif" /> + $title </h1> + +<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1" + codebase="xenroll.dll" + id=Enroll > +</OBJECT> + +<form name=f method=post action="wizard"> +<input type=hidden name=p value="$p"> + +#parse ( $panel ) + +<input type=hidden name="op" value=''> + +</form> + +<table width=100% border=0 cellspacing=0 cellpadding=0> +<tr bgcolor="#eeeeee"> +<td><img alt="" id=progress style="visibility: hidden;" src="/pki/images/bigrotation2.gif" /></td> +<td align=right> + +#if ($showApplyButton == true) +<input type=button onclick="process('apply')" name=back value="Apply"> +#end + +#if ($lastpanel == true) + +#else +<input type=button onclick="process('next')" name=back value="Next>"> +#end + +</td> +</tr> +</table> + + </td> + </tr> + </table> + +#include ( "admin/console/config/footer.vm" ) + + </div> <!-- close content --> + </div> <!-- close wrap --> + + </body> +</html> diff --git a/base/common/shared/webapps/pki/admin/console/config/xml.vm b/base/common/shared/webapps/pki/admin/console/config/xml.vm new file mode 100644 index 000000000..ee4bc2c97 --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/config/xml.vm @@ -0,0 +1,21 @@ +<?xml version='1.0' encoding='utf-8'?> +<!-- BEGIN COPYRIGHT BLOCK + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 of the License. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + + Copyright (C) 2007 Red Hat, Inc. + All rights reserved. + END COPYRIGHT BLOCK --> +<response> + $xml +</response> diff --git a/base/common/shared/webapps/pki/admin/console/js/misc.js b/base/common/shared/webapps/pki/admin/console/js/misc.js new file mode 100644 index 000000000..d4dc336ab --- /dev/null +++ b/base/common/shared/webapps/pki/admin/console/js/misc.js @@ -0,0 +1,30 @@ +// --- BEGIN COPYRIGHT BLOCK --- +// This program is free software; you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation; version 2 of the License. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License along +// with this program; if not, write to the Free Software Foundation, Inc., +// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. +// +// Copyright (C) 2007 Red Hat, Inc. +// All rights reserved. +// --- END COPYRIGHT BLOCK --- + +/** + * This function is to submit the form's parameters and to decide if the + * window should remain open. + * + * @param f The form + * @param fclose true if you want to close the window; otherwise false. + */ +function saveConfig(f, fclose) { + f.submit(); + if (fclose == true) + window.close(); +} diff --git a/base/deploy/src/scriptlets/instance_layout.py b/base/deploy/src/scriptlets/instance_layout.py index cf8e42d4f..995f4aacc 100644 --- a/base/deploy/src/scriptlets/instance_layout.py +++ b/base/deploy/src/scriptlets/instance_layout.py @@ -72,28 +72,13 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): util.directory.create(master['pki_tomcat_webapps_path']) util.directory.create(master['pki_tomcat_webapps_common_path']) - # Copy /usr/share/pki/common-ui/css - # to <instance>/webapp/pki/css + # Copy /usr/share/pki/common-ui + # to <instance>/webapp/pki util.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "css"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "css"), - overwrite_flag=True) - - # Copy /usr/share/pki/common-ui/images - # to <instance>/webapp/pki/images - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "images"), - os.path.join( - master['pki_tomcat_webapps_common_path'], - "images"), + "common-ui"), + master['pki_tomcat_webapps_common_path'], overwrite_flag=True) util.directory.create(master['pki_tomcat_webapps_root_path']) diff --git a/base/deploy/src/scriptlets/webapp_deployment.py b/base/deploy/src/scriptlets/webapp_deployment.py index 4c15256bd..9fca206e9 100644 --- a/base/deploy/src/scriptlets/webapp_deployment.py +++ b/base/deploy/src/scriptlets/webapp_deployment.py @@ -48,36 +48,18 @@ class PkiScriptlet(pkiscriptlet.AbstractBasePkiScriptlet): # deploy webapp util.directory.create(master['pki_tomcat_webapps_subsystem_path']) - # Copy /usr/share/pki/common-ui/admin/console/config - # to <instance>/webapp/<subsystem>/admin/console/config + # Copy /usr/share/pki/server/webapps/pki/admin + # to <instance>/webapp/<subsystem>/admin util.directory.copy( os.path.join( config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "admin", - "console", - "config"), - os.path.join( - master['pki_tomcat_webapps_subsystem_path'], - "admin", - "console", - "config"), - overwrite_flag=True) - - # Copy /usr/share/pki/common-ui/admin/console/js - # to <instance>/webapp/<subsystem>/admin/console/js - util.directory.copy( - os.path.join( - config.PKI_DEPLOYMENT_SOURCE_ROOT, - "common-ui", - "admin", - "console", - "js"), + "server", + "webapps", + "pki", + "admin"), os.path.join( master['pki_tomcat_webapps_subsystem_path'], - "admin", - "console", - "js"), + "admin"), overwrite_flag=True) util.directory.copy( diff --git a/base/setup/pkicreate b/base/setup/pkicreate index 6b503fe7e..6f63e96e8 100755 --- a/base/setup/pkicreate +++ b/base/setup/pkicreate @@ -2065,27 +2065,11 @@ sub process_pki_directories $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); - # Copy /usr/share/pki/common-ui/css - # to <instance>/docroot/pki/css + # Copy /usr/share/pki/common-ui + # to <instance>/docroot/pki return 0 if !copy_directory( - "$common_ui_subsystem_path/css", - "$docroot_instance_path/pki/css", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui/esc - # to <instance>/docroot/pki/esc - return 0 if !copy_directory( - "$common_ui_subsystem_path/esc", - "$docroot_instance_path/pki/esc", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui/images - # to <instance>/docroot/pki/images - return 0 if !copy_directory( - "$common_ui_subsystem_path/images", - "$docroot_instance_path/pki/images", + $common_ui_subsystem_path, + "$docroot_instance_path/pki", $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); @@ -2116,19 +2100,11 @@ sub process_pki_directories $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); - # Copy /usr/share/pki/common-ui/admin/console/config - # to <instance>/webapp/<subsystem>/admin/console/config - return 0 if !copy_directory( - "$common_ui_subsystem_path/admin/console/config", - "$webapps_subsystem_instance_path/admin/console/config", - $default_dir_permissions, $default_file_permissions, - $pki_user, $pki_group); - - # Copy /usr/share/pki/common-ui/admin/console/js - # to <instance>/webapp/<subsystem>/admin/console/js + # Copy /usr/share/pki/server/webapps/pki/admin + # to <instance>/webapp/<subsystem>/admin return 0 if !copy_directory( - "$common_ui_subsystem_path/admin/console/js", - "$webapps_subsystem_instance_path/admin/console/js", + "$pki_subsystem_common_area/server/webapps/pki/admin", + "$webapps_subsystem_instance_path/admin", $default_dir_permissions, $default_file_permissions, $pki_user, $pki_group); |