Bugzilla Bug #688225 - (dogtagIPAv2.1) TRACKER: of the Dogtag fixes for freeIPA 2.1IPA_v2_RHEL_6_2_20111003

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/tags/IPA_v2_RHEL_6_2_20111003@2252 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-10-04 01:17:41 +0000
committer: mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2011-10-04 01:17:41 +0000
commit: a4682ceae6774956461edd03b2485bbacea445f4 (patch)
tree: 94c475a125441da63101738220ce3972cf37db61 /pki/base/tps
parent: 0c775428675d2cb1be9551f84e6b741ca813f77e (diff)
download: pki-a4682ceae6774956461edd03b2485bbacea445f4.tar.gz
pki-a4682ceae6774956461edd03b2485bbacea445f4.tar.xz
pki-a4682ceae6774956461edd03b2485bbacea445f4.zip
413 files changed, 132288 insertions, 0 deletions
diff --git a/pki/base/tps/CMakeLists.txt b/pki/base/tps/CMakeLists.txt
new file mode 100644
index 000000000..cefe11cd3
--- /dev/null
+++ b/pki/base/tps/CMakeLists.txt
@@ -0,0 +1,167 @@
+project(tps CXX)
+
+# NOTE:  TPS utilizes internal libraries located under '%{_libdir}/tps'.
+#
+#        One method of resolving this issue is the use of RPATH as
+#        described in 'http://www.cmake.org/Wiki/CMake_RPATH_handling'.
+#
+#        While Fedora allows the use of RPATH for this purpose as documented
+#        in the section entitled 'Rpath_for_Internal_Libraries' in the URL
+#        called 'http://fedoraproject.org/wiki/Packaging/Guidelines',
+#        the RPM '%cmake' macro overrides use of RPATH on Fedora and RHEL.
+#
+#        To resolve this issue on Fedora and RHEL, one of the following
+#        methods may be utilized:
+#
+#        (1) Uncomment the 'SET(CMAKE_SKIP_RPATH  FALSE)' line below, or
+#        (2) Implement the files described in the section entitled
+#            'Alternatives to Rpath' in the URL called
+#            'http://fedoraproject.org/wiki/Packaging/Guidelines'.
+
+# use, i.e. don't skip the full RPATH
+# (overrides '%cmake' macro setting of true)
+#SET(CMAKE_SKIP_RPATH  FALSE)
+
+# use, i.e. don't skip the full RPATH for the build tree
+SET(CMAKE_SKIP_BUILD_RPATH  FALSE)
+
+# when building, don't use the install RPATH already
+# (but later on when installing)
+SET(CMAKE_BUILD_WITH_INSTALL_RPATH FALSE) 
+
+# the RPATH to be used when installing
+SET(CMAKE_INSTALL_RPATH "${LIB_INSTALL_DIR}/tps")
+
+# add the automatically determined parts of the RPATH
+# which point to directories outside the build tree to the install RPATH
+SET(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE)
+
+add_subdirectory(src)
+add_subdirectory(tools)
+
+# install files
+add_subdirectory(doc)
+add_subdirectory(setup)
+
+# install init script
+install(
+    FILES
+        etc/init.d/pki-tpsd
+    DESTINATION
+        ${SYSCONF_INSTALL_DIR}/rc.d/init.d
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
+install(
+    FILES
+        applets/1.3.44724DDE.ijc
+        applets/1.4.499dc06c.ijc
+        applets/1.4.4d40a449.ijc
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/applets
+)
+
+install(
+    DIRECTORY
+        forms/esc/cgi-bin
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
+
+install(
+    DIRECTORY
+        apache/conf
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
+
+install(
+    FILES
+        forms/index.html
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot
+)
+
+install(
+    FILES
+        forms/index.cgi
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
+install(
+    DIRECTORY
+        forms/esc/demo
+        forms/esc/home
+        forms/esc/so
+        forms/esc/sow
+        forms/tps
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot
+    PATTERN
+        "forms/esc/sow/css" EXCLUDE
+    PATTERN
+        "forms/esc/sow/images"EXCLUDE
+    PATTERN
+        "forms/esc/sow/js"EXCLUDE
+    PATTERN
+        "forms/tps/admin/console/css"EXCLUDE
+)
+
+install(
+    DIRECTORY
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/docroot/tokendb
+)
+
+install(
+    DIRECTORY
+        lib
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
+
+install(
+    FILES
+        scripts/nss_pcache
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts
+    PERMISSIONS
+        OWNER_EXECUTE OWNER_WRITE OWNER_READ
+        GROUP_EXECUTE GROUP_READ
+        WORLD_EXECUTE WORLD_READ
+)
+
+install(
+    FILES
+        scripts/addAgents.ldif
+        scripts/addIndexes.ldif
+        scripts/addTokens.ldif
+        scripts/addVLVIndexes.ldif
+        scripts/database.ldif
+        scripts/schemaMods.ldif
+        scripts/vlvtasks.ldif
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/scripts
+)
+
+# install empty directories
+install(
+    DIRECTORY
+    DESTINATION
+        ${VAR_INSTALL_DIR}/lock/pki/tps
+)
+
+install(
+    DIRECTORY
+    DESTINATION
+        ${VAR_INSTALL_DIR}/run/pki/tps
+)
+
diff --git a/pki/base/tps/LICENSE b/pki/base/tps/LICENSE
new file mode 100644
index 000000000..e2391a711
--- /dev/null
+++ b/pki/base/tps/LICENSE
@@ -0,0 +1,469 @@
+This Program is free software; you can redistribute it and/or modify it 
+under the terms of the GNU Lesser General Public License as published by 
+the Free Software Foundation; version 2.1 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License 
+for more details.
+ 
+You should have received a copy of the GNU Lesser General Public License along 
+with this Program; if not, write to the Free Software Foundation, Inc., 
+59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+  To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard.  To achieve this, non-free programs must be
+allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+		  GNU LESSER GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+  
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    d) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    e) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
diff --git a/pki/base/tps/Makefile.am b/pki/base/tps/Makefile.am
new file mode 100644
index 000000000..1762ff4ef
--- /dev/null
+++ b/pki/base/tps/Makefile.am
@@ -0,0 +1,504 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# look for included m4 files in the ./m4/ directory
+ACLOCAL_AMFLAGS = -I m4
+
+#------------------------
+# Compiler Flags
+#------------------------
+DEBUG_DEFINES = @debug_defs@
+TPS_INCLUDES = -I$(srcdir)/src/include
+# These paths are dependent on the settings of prefix and exec_prefix
+# which may be specified at make time.  So we cannot use AC_DEFINE in
+# the configure.ac because that would set the values prior to their
+# being defined.  Defining them here ensures that they are properly
+# expanded before use.  See create_instance.h for more details. The
+# quoting ensures that the values are # quoted for the shell command,
+# and the value expands to a quoted string value in the header file
+# (e.g. - #define LOCALSTATEDIR "/var"; without the quotes, it would
+#         be #define LOCALSTATEDIR /var which would be an error).
+PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" \
+	-DSYSCONFDIR="\"$(sysconfdir)\"" -DLIBDIR="\"$(libdir)\"" \
+	-DBINDIR="\"$(bindir)\"" -DDATADIR="\"$(datadir)\"" \
+	-DDOCDIR="\"$(docdir)\"" -DLIBEXECDIR="\"$(libexecdir)\""
+AM_CPPFLAGS = $(DEBUG_DEFINES) $(TPS_INCLUDES) $(PATH_DEFINES)
+# We need to make sure that libpthread is linked before libc on HP-UX.
+if HPUX
+AM_LDFLAGS = -lpthread -lz
+endif
+if LINUX
+AM_LDFLAGS = -lz
+endif
+if SOLARIS
+AM_LDFLAGS = -lz
+endif
+
+#------------------------
+# Linker Flags
+#------------------------
+APR_LINK = @apr_lib@ -l@apr_lib_version@
+LDAPSDK_LINK = @ldapsdk_lib@ -lldap -lldap_r -llber
+SVRCORE_LINK = @svrcore_lib@ -lsvrcore
+SASL_LINK = @sasl_lib@ -lsasl2
+NSS_LINK = @nss_lib@ -lnss3 -lssl3 -lsmime3 -lsoftokn3
+NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4
+
+LIBSOCKET=@LIBSOCKET@
+LIBNSL=@LIBNSL@
+LIBDL=@LIBDL@
+LIBCSTD=@LIBCSTD@
+LIBCRUN=@LIBCRUN@
+
+#------------------------
+# Install Paths
+#------------------------
+aliasdir = $(prefix)@aliasdir@
+apache_modulesdir = $(prefix)@apache_modulesdir@
+appletsdir = $(prefix)@appletsdir@
+cgibin_demodir = $(prefix)@cgibin_demodir@
+cgibin_homedir = $(prefix)@cgibin_homedir@
+cgibin_sodir = $(prefix)@cgibin_sodir@
+cgibin_sowdir = $(prefix)@cgibin_sowdir@
+confdir = $(prefix)@confdir@
+docrootdir = $(prefix)@docrootdir@
+docroot_demodir = $(prefix)@docroot_demodir@
+docroot_homedir = $(prefix)@docroot_homedir@
+docroot_sodir = $(prefix)@docroot_sodir@
+docroot_sowdir = $(prefix)@docroot_sowdir@
+docroot_tokendbdir = $(prefix)@docroot_tokendbdir@
+docroot_tps_configdir = $(prefix)@docroot_tps_configdir@
+docroot_tps_imgdir = $(prefix)@docroot_tps_imgdir@
+docroot_tps_jsdir = $(prefix)@docroot_tps_jsdir@
+initddir = $(sysconfdir)@initddir@
+licensedir = $(prefix)@licensedir@
+logsdir = $(prefix)@logsdir@
+perl_basedir = $(prefix)@perl_basedir@
+perl_modulesdir = $(prefix)@perl_modulesdir@
+perl_servicedir = $(prefix)@perl_servicedir@
+perl_templatesdir = $(prefix)@perl_templatesdir@
+samplesdir = $(prefix)@samplesdir@
+scriptsdir = $(prefix)@scriptsdir@
+setupdir = $(prefix)@setupdir@
+templatesdir = $(prefix)@templatesdir@
+
+#------------------------
+# Build Products
+#------------------------
+lib_LTLIBRARIES =	libtokendb.la  \
+					libtps.la      \
+					libldapauth.la
+
+apache_modules_LTLIBRARIES =	mod_tps.la \
+								mod_tokendb.la
+
+libexec_PROGRAMS =	tpsclient
+
+#------------------------
+# Installed Files
+#------------------------
+# create an empty 'alias' directory
+alias_DATA =
+
+applets_DATA =	$(srcdir)/applets/1.4.4d40a449.ijc \
+		$(srcdir)/applets/1.4.499dc06c.ijc \
+		$(srcdir)/applets/1.3.44724DDE.ijc
+
+bin_SCRIPTS =	wrappers/tpsclient
+
+cgibin_demo_DATA =
+
+cgibin_demo_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/demo/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/demo/index.cgi
+
+cgibin_home_DATA =
+
+cgibin_home_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/home/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/home/index.cgi	\
+						 $(srcdir)/forms/esc/cgi-bin/home/cachain.cgi
+
+cgibin_so_DATA =
+
+cgibin_so_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/so/enroll.cgi \
+					$(srcdir)/forms/esc/cgi-bin/so/index.cgi
+
+cgibin_sow_DATA =
+
+cgibin_sow_SCRIPTS =	$(srcdir)/forms/esc/cgi-bin/sow/ajax-list.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/cfg.pl          \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/format.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/formatso.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/index.cgi       \
+						$(srcdir)/forms/esc/cgi-bin/sow/main.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/noaccess.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/read.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/read_temp.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/search.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/search_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/seturl.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/welcome.cgi     \
+						$(srcdir)/forms/esc/cgi-bin/sow/is_agent.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/is_user.cgi
+
+conf_DATA =	$(srcdir)/apache/conf/httpd.conf      \
+			$(srcdir)/apache/conf/magic           \
+			$(srcdir)/apache/conf/mime.types      \
+			$(srcdir)/apache/conf/nss.conf        \
+			$(srcdir)/apache/conf/perl.conf       \
+			$(srcdir)/doc/CS.cfg.in
+
+docroot_DATA =	$(srcdir)/forms/index.cgi  \
+				$(srcdir)/forms/index.html
+
+docroot_demo_DATA =
+
+docroot_home_DATA =
+
+docroot_so_DATA =
+
+docroot_sow_DATA =
+
+docroot_tokendb_DATA =
+
+docroot_tps_config_DATA = 
+
+docroot_tps_img_DATA =
+
+docroot_tps_js_DATA =
+
+initd_SCRIPTS =	$(srcdir)/etc/init.d/pki-tpsd
+
+license_DATA =	$(srcdir)/LICENSE
+
+# create an empty 'logs' directory
+logs_DATA =
+
+perl_base_SCRIPTS =	$(srcdir)/lib/perl/PKI/Base/Conf.pm \
+					$(srcdir)/lib/perl/PKI/Base/Registry.pm
+
+perl_modules_SCRIPTS =	$(srcdir)/lib/perl/PKI/TPS/AdminAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AdminPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/AgentAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AuthDBPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/BasePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/CAInfoPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/CertInfo.pm               \
+						$(srcdir)/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/CertRequestPanel.pm       \
+						$(srcdir)/lib/perl/PKI/TPS/Common.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/Config.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/DRMInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/DatabasePanel.pm          \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChainPanel.pm  \
+						$(srcdir)/lib/perl/PKI/TPS/DonePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/GlobalVar.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ImportAdminCertPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/Login.pm                  \
+						$(srcdir)/lib/perl/PKI/TPS/LoginPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/ModulePanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/Modutil.pm                \
+						$(srcdir)/lib/perl/PKI/TPS/NamePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ReqCertInfo.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/SecurityDomainPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/SizePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/SubsystemTypePanel.pm     \
+						$(srcdir)/lib/perl/PKI/TPS/TKSInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/WelcomePanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/wizard.pm
+
+perl_service_SCRIPTS =	$(srcdir)/lib/perl/PKI/Service/Op.pm
+
+perl_templates_SCRIPTS =	$(srcdir)/lib/perl/Template/Velocity.pm
+
+samples_DATA =	$(srcdir)/tools/raclient/enroll.tps \
+				$(srcdir)/tools/raclient/format.tps \
+				$(srcdir)/tools/raclient/reset_pin.tps
+
+scripts_DATA =	$(srcdir)/scripts/schemaMods.ldif \
+				$(srcdir)/scripts/database.ldif   \
+				$(srcdir)/scripts/addIndexes.ldif \
+				$(srcdir)/scripts/addAgents.ldif  \
+				$(srcdir)/scripts/addTokens.ldif  \
+				$(srcdir)/scripts/vlvtasks.ldif   \
+				$(srcdir)/scripts/addVLVIndexes.ldif
+
+scripts_SCRIPTS =	$(srcdir)/scripts/nss_pcache
+
+if LINUX
+setup_DATA =	$(srcdir)/setup/config.desktop.in $(srcdir)/setup/registry_instance
+endif
+
+templates_DATA =	$(srcdir)/apache/pki_instance_command_wrapper \
+					$(srcdir)/apache/pki_subsystem_command_wrapper
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Dynamic Libraries
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# libtokendb
+#------------------------
+libtokendb_la_SOURCES = src/tus/tus_db.c
+
+libtokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+libtokendb_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(GENERIC_LIBRARY_VERSION) --release $(VERSION)
+libtokendb_la_LIBADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                    \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# libtps
+#------------------------
+libtps_la_SOURCES =	src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/ConfigStore.cpp                   \
+					src/main/Util.cpp                          \
+					src/main/RA_Msg.cpp                        \
+					src/main/RA_pblock.cpp                     \
+					src/main/RA_Session.cpp                    \
+					src/main/RA_Context.cpp                    \
+					src/main/Login.cpp                         \
+					src/main/SecureId.cpp                      \
+					src/main/Memory.cpp                        \
+					src/main/AuthenticationEntry.cpp           \
+					src/main/AuthParams.cpp                    \
+					src/main/Authentication.cpp                \
+					src/main/AttributeSpec.cpp                 \
+					src/main/ObjectSpec.cpp                    \
+					src/main/PKCS11Obj.cpp                     \
+                                        src/main/LogFile.cpp                       \
+                                        src/main/RollingLogFile.cpp                \
+					src/httpClient/httpClient.cpp              \
+					src/httpClient/Cache.cpp                   \
+					src/httpClient/engine.cpp                  \
+					src/httpClient/http.cpp                    \
+					src/httpClient/response.cpp                \
+					src/httpClient/request.cpp                 \
+					src/httpClient/nscperror.cpp               \
+					src/cms/HttpConnection.cpp                 \
+					src/cms/ConnectionInfo.cpp                 \
+					src/cms/CertEnroll.cpp                     \
+					src/apdu/APDU.cpp                          \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Import_Key_APDU.cpp               \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/apdu/APDU_Response.cpp                 \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp      \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/channel/Channel.cpp                    \
+					src/channel/Secure_Channel.cpp             \
+					src/engine/RA.cpp                          \
+					src/processor/RA_Processor.cpp             \
+					src/processor/RA_Enroll_Processor.cpp      \
+					src/processor/RA_Pin_Reset_Processor.cpp   \
+					src/processor/RA_Renew_Processor.cpp       \
+					src/processor/RA_Unblock_Processor.cpp     \
+					src/processor/RA_Format_Processor.cpp      \
+					src/selftests/SelfTest.cpp                 \
+					src/selftests/TPSSystemCertsVerification.cpp  \
+					src/selftests/TPSPresence.cpp              \
+					src/selftests/TPSValidity.cpp
+
+libtps_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+libtps_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(GENERIC_LIBRARY_VERSION) --release $(VERSION)
+libtps_la_LIBADD = ${top_builddir}/libtokendb.la $(LDAPSDK_LINK)       \
+	$(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL)    \
+	$(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# libldapauth
+#------------------------
+libldapauth_la_SOURCES =	src/authentication/LDAP_Authentication.cpp
+
+libldapauth_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+libldapauth_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(GENERIC_LIBRARY_VERSION) --release $(VERSION)
+libldapauth_la_LIBADD = ${top_builddir}/libtps.la $(LDAPSDK_LINK)       \
+	$(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL)     \
+	$(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tps
+#------------------------
+mod_tps_la_SOURCES =	src/modules/tps/AP_Context.cpp \
+						src/modules/tps/AP_Session.cpp \
+						src/modules/tps/mod_tps.cpp
+
+mod_tps_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+mod_tps_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tps_la_LIBADD = ${top_builddir}/libtps.la $(APR_LINK)                 \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tokendb
+#------------------------
+mod_tokendb_la_SOURCES =	src/modules/tokendb/mod_tokendb.cpp
+
+mod_tokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+mod_tokendb_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tokendb_la_LIBADD = ${top_builddir}/libtokendb.la $(APR_LINK)         \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Programs
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# tpsclient
+#------------------------
+#
+# REMINDER:  Link order is significant!
+#
+tpsclient_SOURCES =	tools/raclient/RA_Client.cpp               \
+					tools/raclient/RA_Conn.cpp                 \
+					tools/raclient/RA_Token.cpp                \
+					src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/Util.cpp                          \
+					src/main/AuthParams.cpp                    \
+					src/apdu/APDU.cpp                          \
+					src/apdu/APDU_Response.cpp                 \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/main/RA_Msg.cpp                        \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp
+
+tpsclient_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+tpsclient_LDADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                         \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Wrappers
+#
+#////////////////////////////////////////////////////////////////
+
+create_wrapper = sed                              \
+	-e "s|\@ldapsdk_libdir\@|$(ldapsdk_libdir)|g" \
+	-e "s|\@libexecdir\@|$(libexecdir)|g"         \
+	-e "s|\@nspr_libdir\@|$(nspr_libdir)|g"       \
+	-e "s|\@nss_libdir\@|$(nss_libdir)|g"         \
+	-e "s|\@sasl_libdir\@|$(sasl_libdir)|g"
+
+%: %.in
+	mkdir -p $(dir $@)
+	$(create_wrapper) $^ > $@
+
diff --git a/pki/base/tps/Makefile.in b/pki/base/tps/Makefile.in
new file mode 100644
index 000000000..603b25e03
--- /dev/null
+++ b/pki/base/tps/Makefile.in
@@ -0,0 +1,4628 @@
+# Makefile.in generated by automake 1.11.1 from Makefile.am.
+# @configure_input@
+
+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
+# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
+# Inc.
+# This Makefile.in is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+@SET_MAKE@
+
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+
+
+
+VPATH = @srcdir@
+pkgdatadir = $(datadir)/@PACKAGE@
+pkgincludedir = $(includedir)/@PACKAGE@
+pkglibdir = $(libdir)/@PACKAGE@
+pkglibexecdir = $(libexecdir)/@PACKAGE@
+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
+install_sh_DATA = $(install_sh) -c -m 644
+install_sh_PROGRAM = $(install_sh) -c
+install_sh_SCRIPT = $(install_sh) -c
+INSTALL_HEADER = $(INSTALL_DATA)
+transform = $(program_transform_name)
+NORMAL_INSTALL = :
+PRE_INSTALL = :
+POST_INSTALL = :
+NORMAL_UNINSTALL = :
+PRE_UNINSTALL = :
+POST_UNINSTALL = :
+build_triplet = @build@
+host_triplet = @host@
+libexec_PROGRAMS = tpsclient$(EXEEXT)
+subdir = .
+DIST_COMMON = $(am__configure_deps) $(srcdir)/Makefile.am \
+	$(srcdir)/Makefile.in $(srcdir)/config.h.in \
+	$(top_srcdir)/configure compile config.guess config.sub \
+	depcomp install-sh ltmain.sh missing
+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
+am__aclocal_m4_deps = $(top_srcdir)/m4/libtool.m4 \
+	$(top_srcdir)/m4/ltoptions.m4 $(top_srcdir)/m4/ltsugar.m4 \
+	$(top_srcdir)/m4/ltversion.m4 $(top_srcdir)/m4/lt~obsolete.m4 \
+	$(top_srcdir)/m4/nspr.m4 $(top_srcdir)/m4/nss.m4 \
+	$(top_srcdir)/m4/openldap.m4 $(top_srcdir)/m4/sasl.m4 \
+	$(top_srcdir)/m4/svrcore.m4 $(top_srcdir)/m4/apr.m4 \
+	$(top_srcdir)/configure.ac
+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
+	$(ACLOCAL_M4)
+am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
+ configure.lineno config.status.lineno
+mkinstalldirs = $(install_sh) -d
+CONFIG_HEADER = config.h
+CONFIG_CLEAN_FILES =
+CONFIG_CLEAN_VPATH_FILES =
+am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
+am__vpath_adj = case $$p in \
+    $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
+    *) f=$$p;; \
+  esac;
+am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
+am__install_max = 40
+am__nobase_strip_setup = \
+  srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
+am__nobase_strip = \
+  for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
+am__nobase_list = $(am__nobase_strip_setup); \
+  for p in $$list; do echo "$$p $$p"; done | \
+  sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
+  $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
+    if (++n[$$2] == $(am__install_max)) \
+      { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
+    END { for (dir in files) print dir, files[dir] }'
+am__base_list = \
+  sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
+  sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
+am__installdirs = "$(DESTDIR)$(apache_modulesdir)" \
+	"$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" \
+	"$(DESTDIR)$(bindir)" "$(DESTDIR)$(cgibin_demodir)" \
+	"$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" \
+	"$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(initddir)" \
+	"$(DESTDIR)$(perl_basedir)" "$(DESTDIR)$(perl_modulesdir)" \
+	"$(DESTDIR)$(perl_servicedir)" \
+	"$(DESTDIR)$(perl_templatesdir)" "$(DESTDIR)$(scriptsdir)" \
+	"$(DESTDIR)$(aliasdir)" "$(DESTDIR)$(appletsdir)" \
+	"$(DESTDIR)$(cgibin_demodir)" "$(DESTDIR)$(cgibin_homedir)" \
+	"$(DESTDIR)$(cgibin_sodir)" "$(DESTDIR)$(cgibin_sowdir)" \
+	"$(DESTDIR)$(confdir)" "$(DESTDIR)$(docrootdir)" \
+	"$(DESTDIR)$(docroot_demodir)" "$(DESTDIR)$(docroot_homedir)" \
+	"$(DESTDIR)$(docroot_sodir)" "$(DESTDIR)$(docroot_sowdir)" \
+	"$(DESTDIR)$(docroot_tokendbdir)" \
+	"$(DESTDIR)$(docroot_tps_configdir)" \
+	"$(DESTDIR)$(docroot_tps_imgdir)" \
+	"$(DESTDIR)$(docroot_tps_jsdir)" "$(DESTDIR)$(licensedir)" \
+	"$(DESTDIR)$(logsdir)" "$(DESTDIR)$(samplesdir)" \
+	"$(DESTDIR)$(scriptsdir)" "$(DESTDIR)$(setupdir)" \
+	"$(DESTDIR)$(templatesdir)"
+LTLIBRARIES = $(apache_modules_LTLIBRARIES) $(lib_LTLIBRARIES)
+am__DEPENDENCIES_1 =
+libldapauth_la_DEPENDENCIES = ${top_builddir}/libtps.la \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am__dirstamp = $(am__leading_dot)dirstamp
+am_libldapauth_la_OBJECTS =  \
+	src/authentication/libldapauth_la-LDAP_Authentication.lo
+libldapauth_la_OBJECTS = $(am_libldapauth_la_OBJECTS)
+libldapauth_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+	$(CXXFLAGS) $(libldapauth_la_LDFLAGS) $(LDFLAGS) -o $@
+libtokendb_la_DEPENDENCIES = $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_libtokendb_la_OBJECTS = src/tus/libtokendb_la-tus_db.lo
+libtokendb_la_OBJECTS = $(am_libtokendb_la_OBJECTS)
+libtokendb_la_LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \
+	$(libtokendb_la_LDFLAGS) $(LDFLAGS) -o $@
+libtps_la_DEPENDENCIES = ${top_builddir}/libtokendb.la \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+am_libtps_la_OBJECTS = src/main/libtps_la-Buffer.lo \
+	src/main/libtps_la-NameValueSet.lo \
+	src/main/libtps_la-ConfigStore.lo src/main/libtps_la-Util.lo \
+	src/main/libtps_la-RA_Msg.lo src/main/libtps_la-RA_pblock.lo \
+	src/main/libtps_la-RA_Session.lo \
+	src/main/libtps_la-RA_Context.lo src/main/libtps_la-Login.lo \
+	src/main/libtps_la-SecureId.lo src/main/libtps_la-Memory.lo \
+	src/main/libtps_la-AuthenticationEntry.lo \
+	src/main/libtps_la-AuthParams.lo \
+	src/main/libtps_la-Authentication.lo \
+	src/main/libtps_la-AttributeSpec.lo \
+	src/main/libtps_la-ObjectSpec.lo \
+	src/main/libtps_la-PKCS11Obj.lo src/main/libtps_la-LogFile.lo \
+	src/main/libtps_la-RollingLogFile.lo \
+	src/httpClient/libtps_la-httpClient.lo \
+	src/httpClient/libtps_la-Cache.lo \
+	src/httpClient/libtps_la-engine.lo \
+	src/httpClient/libtps_la-http.lo \
+	src/httpClient/libtps_la-response.lo \
+	src/httpClient/libtps_la-request.lo \
+	src/httpClient/libtps_la-nscperror.lo \
+	src/cms/libtps_la-HttpConnection.lo \
+	src/cms/libtps_la-ConnectionInfo.lo \
+	src/cms/libtps_la-CertEnroll.lo src/apdu/libtps_la-APDU.lo \
+	src/apdu/libtps_la-Unblock_Pin_APDU.lo \
+	src/apdu/libtps_la-Create_Object_APDU.lo \
+	src/apdu/libtps_la-Set_Pin_APDU.lo \
+	src/apdu/libtps_la-Set_IssuerInfo_APDU.lo \
+	src/apdu/libtps_la-Get_IssuerInfo_APDU.lo \
+	src/apdu/libtps_la-Create_Pin_APDU.lo \
+	src/apdu/libtps_la-List_Pins_APDU.lo \
+	src/apdu/libtps_la-Initialize_Update_APDU.lo \
+	src/apdu/libtps_la-Get_Version_APDU.lo \
+	src/apdu/libtps_la-Get_Status_APDU.lo \
+	src/apdu/libtps_la-Get_Data_APDU.lo \
+	src/apdu/libtps_la-External_Authenticate_APDU.lo \
+	src/apdu/libtps_la-Generate_Key_APDU.lo \
+	src/apdu/libtps_la-Read_Buffer_APDU.lo \
+	src/apdu/libtps_la-Read_Object_APDU.lo \
+	src/apdu/libtps_la-Write_Object_APDU.lo \
+	src/apdu/libtps_la-Put_Key_APDU.lo \
+	src/apdu/libtps_la-Select_APDU.lo \
+	src/apdu/libtps_la-Delete_File_APDU.lo \
+	src/apdu/libtps_la-Install_Applet_APDU.lo \
+	src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo \
+	src/apdu/libtps_la-Load_File_APDU.lo \
+	src/apdu/libtps_la-Install_Load_APDU.lo \
+	src/apdu/libtps_la-Lifecycle_APDU.lo \
+	src/apdu/libtps_la-List_Objects_APDU.lo \
+	src/apdu/libtps_la-Import_Key_APDU.lo \
+	src/apdu/libtps_la-Import_Key_Enc_APDU.lo \
+	src/apdu/libtps_la-APDU_Response.lo \
+	src/msg/libtps_la-RA_Begin_Op_Msg.lo \
+	src/msg/libtps_la-RA_End_Op_Msg.lo \
+	src/msg/libtps_la-RA_Login_Request_Msg.lo \
+	src/msg/libtps_la-RA_Login_Response_Msg.lo \
+	src/msg/libtps_la-RA_SecureId_Request_Msg.lo \
+	src/msg/libtps_la-RA_SecureId_Response_Msg.lo \
+	src/msg/libtps_la-RA_ASQ_Request_Msg.lo \
+	src/msg/libtps_la-RA_ASQ_Response_Msg.lo \
+	src/msg/libtps_la-RA_New_Pin_Request_Msg.lo \
+	src/msg/libtps_la-RA_New_Pin_Response_Msg.lo \
+	src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo \
+	src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo \
+	src/msg/libtps_la-RA_Status_Update_Request_Msg.lo \
+	src/msg/libtps_la-RA_Status_Update_Response_Msg.lo \
+	src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo \
+	src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo \
+	src/channel/libtps_la-Channel.lo \
+	src/channel/libtps_la-Secure_Channel.lo \
+	src/engine/libtps_la-RA.lo \
+	src/processor/libtps_la-RA_Processor.lo \
+	src/processor/libtps_la-RA_Enroll_Processor.lo \
+	src/processor/libtps_la-RA_Pin_Reset_Processor.lo \
+	src/processor/libtps_la-RA_Renew_Processor.lo \
+	src/processor/libtps_la-RA_Unblock_Processor.lo \
+	src/processor/libtps_la-RA_Format_Processor.lo \
+	src/selftests/libtps_la-SelfTest.lo \
+	src/selftests/libtps_la-TPSSystemCertsVerification.lo \
+	src/selftests/libtps_la-TPSPresence.lo \
+	src/selftests/libtps_la-TPSValidity.lo
+libtps_la_OBJECTS = $(am_libtps_la_OBJECTS)
+libtps_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+	$(CXXFLAGS) $(libtps_la_LDFLAGS) $(LDFLAGS) -o $@
+mod_tokendb_la_DEPENDENCIES = ${top_builddir}/libtokendb.la \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_mod_tokendb_la_OBJECTS =  \
+	src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo
+mod_tokendb_la_OBJECTS = $(am_mod_tokendb_la_OBJECTS)
+mod_tokendb_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+	$(CXXFLAGS) $(mod_tokendb_la_LDFLAGS) $(LDFLAGS) -o $@
+mod_tps_la_DEPENDENCIES = ${top_builddir}/libtps.la \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1)
+am_mod_tps_la_OBJECTS = src/modules/tps/mod_tps_la-AP_Context.lo \
+	src/modules/tps/mod_tps_la-AP_Session.lo \
+	src/modules/tps/mod_tps_la-mod_tps.lo
+mod_tps_la_OBJECTS = $(am_mod_tps_la_OBJECTS)
+mod_tps_la_LINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) \
+	$(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \
+	$(CXXFLAGS) $(mod_tps_la_LDFLAGS) $(LDFLAGS) -o $@
+PROGRAMS = $(libexec_PROGRAMS)
+am_tpsclient_OBJECTS = tools/raclient/tpsclient-RA_Client.$(OBJEXT) \
+	tools/raclient/tpsclient-RA_Conn.$(OBJEXT) \
+	tools/raclient/tpsclient-RA_Token.$(OBJEXT) \
+	src/main/tpsclient-Buffer.$(OBJEXT) \
+	src/main/tpsclient-NameValueSet.$(OBJEXT) \
+	src/main/tpsclient-Util.$(OBJEXT) \
+	src/main/tpsclient-AuthParams.$(OBJEXT) \
+	src/apdu/tpsclient-APDU.$(OBJEXT) \
+	src/apdu/tpsclient-APDU_Response.$(OBJEXT) \
+	src/apdu/tpsclient-Create_Object_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Create_Pin_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Delete_File_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-External_Authenticate_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Format_Muscle_Applet_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Generate_Key_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_Data_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_Status_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_Version_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Initialize_Update_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Install_Applet_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Install_Load_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Lifecycle_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-List_Objects_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Set_IssuerInfo_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Get_IssuerInfo_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-List_Pins_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Load_File_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Put_Key_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Read_Buffer_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Read_Object_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Select_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Set_Pin_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Unblock_Pin_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Write_Object_APDU.$(OBJEXT) \
+	src/apdu/tpsclient-Import_Key_Enc_APDU.$(OBJEXT) \
+	src/main/tpsclient-RA_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Begin_Op_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_End_Op_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Login_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Login_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Extended_Login_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Extended_Login_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_ASQ_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_ASQ_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_New_Pin_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_New_Pin_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_SecureId_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_SecureId_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Status_Update_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Status_Update_Response_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Token_PDU_Request_Msg.$(OBJEXT) \
+	src/msg/tpsclient-RA_Token_PDU_Response_Msg.$(OBJEXT)
+tpsclient_OBJECTS = $(am_tpsclient_OBJECTS)
+tpsclient_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \
+	$(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1)
+SCRIPTS = $(bin_SCRIPTS) $(cgibin_demo_SCRIPTS) $(cgibin_home_SCRIPTS) \
+	$(cgibin_so_SCRIPTS) $(cgibin_sow_SCRIPTS) $(initd_SCRIPTS) \
+	$(perl_base_SCRIPTS) $(perl_modules_SCRIPTS) \
+	$(perl_service_SCRIPTS) $(perl_templates_SCRIPTS) \
+	$(scripts_SCRIPTS)
+DEFAULT_INCLUDES = -I.@am__isrc@
+depcomp = $(SHELL) $(top_srcdir)/depcomp
+am__depfiles_maybe = depfiles
+am__mv = mv -f
+COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+CCLD = $(CC)
+LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+LTCXXCOMPILE = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \
+	$(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS)
+CXXLD = $(CXX)
+CXXLINK = $(LIBTOOL) --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \
+	--mode=link $(CXXLD) $(AM_CXXFLAGS) $(CXXFLAGS) $(AM_LDFLAGS) \
+	$(LDFLAGS) -o $@
+SOURCES = $(libldapauth_la_SOURCES) $(libtokendb_la_SOURCES) \
+	$(libtps_la_SOURCES) $(mod_tokendb_la_SOURCES) \
+	$(mod_tps_la_SOURCES) $(tpsclient_SOURCES)
+DIST_SOURCES = $(libldapauth_la_SOURCES) $(libtokendb_la_SOURCES) \
+	$(libtps_la_SOURCES) $(mod_tokendb_la_SOURCES) \
+	$(mod_tps_la_SOURCES) $(tpsclient_SOURCES)
+DATA = $(alias_DATA) $(applets_DATA) $(cgibin_demo_DATA) \
+	$(cgibin_home_DATA) $(cgibin_so_DATA) $(cgibin_sow_DATA) \
+	$(conf_DATA) $(docroot_DATA) $(docroot_demo_DATA) \
+	$(docroot_home_DATA) $(docroot_so_DATA) $(docroot_sow_DATA) \
+	$(docroot_tokendb_DATA) $(docroot_tps_config_DATA) \
+	$(docroot_tps_img_DATA) $(docroot_tps_js_DATA) $(license_DATA) \
+	$(logs_DATA) $(samples_DATA) $(scripts_DATA) $(setup_DATA) \
+	$(templates_DATA)
+ETAGS = etags
+CTAGS = ctags
+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
+distdir = $(PACKAGE)-$(VERSION)
+top_distdir = $(distdir)
+am__remove_distdir = \
+  { test ! -d "$(distdir)" \
+    || { find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \
+         && rm -fr "$(distdir)"; }; }
+DIST_ARCHIVES = $(distdir).tar.gz
+GZIP_ENV = --best
+distuninstallcheck_listfiles = find . -type f -print
+distcleancheck_listfiles = find . -type f -print
+ACLOCAL = @ACLOCAL@
+AMTAR = @AMTAR@
+APRDIR = @APRDIR@
+AR = @AR@
+AUTOCONF = @AUTOCONF@
+AUTOHEADER = @AUTOHEADER@
+AUTOMAKE = @AUTOMAKE@
+AWK = @AWK@
+CC = @CC@
+CCDEPMODE = @CCDEPMODE@
+CFLAGS = @CFLAGS@
+CPP = @CPP@
+CPPFLAGS = @CPPFLAGS@
+CXX = @CXX@
+CXXCPP = @CXXCPP@
+CXXDEPMODE = @CXXDEPMODE@
+CXXFLAGS = @CXXFLAGS@
+CYGPATH_W = @CYGPATH_W@
+DEFS = @DEFS@
+DEPDIR = @DEPDIR@
+DSYMUTIL = @DSYMUTIL@
+DUMPBIN = @DUMPBIN@
+ECHO_C = @ECHO_C@
+ECHO_N = @ECHO_N@
+ECHO_T = @ECHO_T@
+EGREP = @EGREP@
+EXEEXT = @EXEEXT@
+FGREP = @FGREP@
+GENERIC_LIBRARY_VERSION = @GENERIC_LIBRARY_VERSION@
+GENERIC_RELEASE = @GENERIC_RELEASE@
+GENERIC_VERSION = @GENERIC_VERSION@
+GREP = @GREP@
+INSTALL = @INSTALL@
+INSTALL_DATA = @INSTALL_DATA@
+INSTALL_PROGRAM = @INSTALL_PROGRAM@
+INSTALL_SCRIPT = @INSTALL_SCRIPT@
+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
+LD = @LD@
+LDFLAGS = @LDFLAGS@
+LIBCRUN = @LIBCRUN@
+LIBCSTD = @LIBCSTD@
+LIBDL = @LIBDL@
+LIBNSL = @LIBNSL@
+LIBOBJS = @LIBOBJS@
+LIBS = @LIBS@
+LIBSOCKET = @LIBSOCKET@
+LIBTOOL = @LIBTOOL@
+LIPO = @LIPO@
+LN_S = @LN_S@
+LTLIBOBJS = @LTLIBOBJS@
+MAINT = @MAINT@
+MAKEINFO = @MAKEINFO@
+MKDIR_P = @MKDIR_P@
+NM = @NM@
+NMEDIT = @NMEDIT@
+OBJDUMP = @OBJDUMP@
+OBJEXT = @OBJEXT@
+OTOOL = @OTOOL@
+OTOOL64 = @OTOOL64@
+PACKAGE = @PACKAGE@
+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
+PACKAGE_NAME = @PACKAGE_NAME@
+PACKAGE_STRING = @PACKAGE_STRING@
+PACKAGE_TARNAME = @PACKAGE_TARNAME@
+PACKAGE_URL = @PACKAGE_URL@
+PACKAGE_VERSION = @PACKAGE_VERSION@
+PATH_SEPARATOR = @PATH_SEPARATOR@
+PKG_CONFIG = @PKG_CONFIG@
+RANLIB = @RANLIB@
+SED = @SED@
+SET_MAKE = @SET_MAKE@
+SHELL = @SHELL@
+STRIP = @STRIP@
+VERSION = @VERSION@
+abs_builddir = @abs_builddir@
+abs_srcdir = @abs_srcdir@
+abs_top_builddir = @abs_top_builddir@
+abs_top_srcdir = @abs_top_srcdir@
+ac_ct_CC = @ac_ct_CC@
+ac_ct_CXX = @ac_ct_CXX@
+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
+
+#------------------------
+# Install Paths
+#------------------------
+aliasdir = $(prefix)@aliasdir@
+am__include = @am__include@
+am__leading_dot = @am__leading_dot@
+am__quote = @am__quote@
+am__tar = @am__tar@
+am__untar = @am__untar@
+apache_modulesdir = $(prefix)@apache_modulesdir@
+appletsdir = $(prefix)@appletsdir@
+apr_bindir = @apr_bindir@
+apr_inc = @apr_inc@
+apr_lib = @apr_lib@
+apr_lib_version = @apr_lib_version@
+apr_libdir = @apr_libdir@
+bindir = @bindir@
+build = @build@
+build_alias = @build_alias@
+build_cpu = @build_cpu@
+build_os = @build_os@
+build_vendor = @build_vendor@
+builddir = @builddir@
+cgibin_demodir = $(prefix)@cgibin_demodir@
+cgibin_homedir = $(prefix)@cgibin_homedir@
+cgibin_sodir = $(prefix)@cgibin_sodir@
+cgibin_sowdir = $(prefix)@cgibin_sowdir@
+confdir = $(prefix)@confdir@
+datadir = @datadir@
+datarootdir = @datarootdir@
+debug_defs = @debug_defs@
+docdir = @docdir@
+docroot_demodir = $(prefix)@docroot_demodir@
+docroot_homedir = $(prefix)@docroot_homedir@
+docroot_sodir = $(prefix)@docroot_sodir@
+docroot_sow_cssdir = @docroot_sow_cssdir@
+docroot_sow_imagesdir = @docroot_sow_imagesdir@
+docroot_sow_jsdir = @docroot_sow_jsdir@
+docroot_sowdir = $(prefix)@docroot_sowdir@
+docroot_tokendbdir = $(prefix)@docroot_tokendbdir@
+docroot_tps_configdir = $(prefix)@docroot_tps_configdir@
+docroot_tps_cssdir = @docroot_tps_cssdir@
+docroot_tps_imgdir = $(prefix)@docroot_tps_imgdir@
+docroot_tps_jsdir = $(prefix)@docroot_tps_jsdir@
+docrootdir = $(prefix)@docrootdir@
+dvidir = @dvidir@
+exec_prefix = @exec_prefix@
+host = @host@
+host_alias = @host_alias@
+host_cpu = @host_cpu@
+host_os = @host_os@
+host_vendor = @host_vendor@
+htmldir = @htmldir@
+includedir = @includedir@
+infodir = @infodir@
+initddir = $(sysconfdir)@initddir@
+install_sh = @install_sh@
+ldapsdk_bindir = @ldapsdk_bindir@
+ldapsdk_inc = @ldapsdk_inc@
+ldapsdk_lib = @ldapsdk_lib@
+ldapsdk_libdir = @ldapsdk_libdir@
+libdir = @libdir@
+libexecdir = @libexecdir@
+licensedir = $(prefix)@licensedir@
+localedir = @localedir@
+localstatedir = @localstatedir@
+logsdir = $(prefix)@logsdir@
+lt_ECHO = @lt_ECHO@
+mandir = @mandir@
+mkdir_p = @mkdir_p@
+nspr_inc = @nspr_inc@
+nspr_lib = @nspr_lib@
+nspr_libdir = @nspr_libdir@
+nss_inc = @nss_inc@
+nss_lib = @nss_lib@
+nss_libdir = @nss_libdir@
+oldincludedir = @oldincludedir@
+pdfdir = @pdfdir@
+perl_basedir = $(prefix)@perl_basedir@
+perl_modulesdir = $(prefix)@perl_modulesdir@
+perl_servicedir = $(prefix)@perl_servicedir@
+perl_templatesdir = $(prefix)@perl_templatesdir@
+prefix = @prefix@
+program_transform_name = @program_transform_name@
+psdir = @psdir@
+samplesdir = $(prefix)@samplesdir@
+sasl_inc = @sasl_inc@
+sasl_lib = @sasl_lib@
+sasl_libdir = @sasl_libdir@
+sbindir = @sbindir@
+scriptsdir = $(prefix)@scriptsdir@
+setupdir = $(prefix)@setupdir@
+sharedstatedir = @sharedstatedir@
+srcdir = @srcdir@
+svrcore_inc = @svrcore_inc@
+svrcore_lib = @svrcore_lib@
+sysconfdir = @sysconfdir@
+target_alias = @target_alias@
+templatesdir = $(prefix)@templatesdir@
+top_build_prefix = @top_build_prefix@
+top_builddir = @top_builddir@
+top_srcdir = @top_srcdir@
+
+# look for included m4 files in the ./m4/ directory
+ACLOCAL_AMFLAGS = -I m4
+
+#------------------------
+# Compiler Flags
+#------------------------
+DEBUG_DEFINES = @debug_defs@
+TPS_INCLUDES = -I$(srcdir)/src/include
+# These paths are dependent on the settings of prefix and exec_prefix
+# which may be specified at make time.  So we cannot use AC_DEFINE in
+# the configure.ac because that would set the values prior to their
+# being defined.  Defining them here ensures that they are properly
+# expanded before use.  See create_instance.h for more details. The
+# quoting ensures that the values are # quoted for the shell command,
+# and the value expands to a quoted string value in the header file
+# (e.g. - #define LOCALSTATEDIR "/var"; without the quotes, it would
+#         be #define LOCALSTATEDIR /var which would be an error).
+PATH_DEFINES = -DLOCALSTATEDIR="\"$(localstatedir)\"" \
+	-DSYSCONFDIR="\"$(sysconfdir)\"" -DLIBDIR="\"$(libdir)\"" \
+	-DBINDIR="\"$(bindir)\"" -DDATADIR="\"$(datadir)\"" \
+	-DDOCDIR="\"$(docdir)\"" -DLIBEXECDIR="\"$(libexecdir)\""
+
+AM_CPPFLAGS = $(DEBUG_DEFINES) $(TPS_INCLUDES) $(PATH_DEFINES)
+# We need to make sure that libpthread is linked before libc on HP-UX.
+@HPUX_TRUE@AM_LDFLAGS = -lpthread -lz
+@LINUX_TRUE@AM_LDFLAGS = -lz
+@SOLARIS_TRUE@AM_LDFLAGS = -lz
+
+#------------------------
+# Linker Flags
+#------------------------
+APR_LINK = @apr_lib@ -l@apr_lib_version@
+LDAPSDK_LINK = @ldapsdk_lib@ -lldap -lldap_r -llber
+SVRCORE_LINK = @svrcore_lib@ -lsvrcore
+SASL_LINK = @sasl_lib@ -lsasl2
+NSS_LINK = @nss_lib@ -lnss3 -lssl3 -lsmime3 -lsoftokn3
+NSPR_LINK = @nspr_lib@ -lplc4 -lplds4 -lnspr4
+
+#------------------------
+# Build Products
+#------------------------
+lib_LTLIBRARIES = libtokendb.la  \
+					libtps.la      \
+					libldapauth.la
+
+apache_modules_LTLIBRARIES = mod_tps.la \
+								mod_tokendb.la
+
+
+#------------------------
+# Installed Files
+#------------------------
+# create an empty 'alias' directory
+alias_DATA = 
+applets_DATA =	$(srcdir)/applets/1.4.4d40a449.ijc \
+		$(srcdir)/applets/1.4.499dc06c.ijc \
+		$(srcdir)/applets/1.3.44724DDE.ijc
+
+bin_SCRIPTS = wrappers/tpsclient
+cgibin_demo_DATA = 
+cgibin_demo_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/demo/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/demo/index.cgi
+
+cgibin_home_DATA = 
+cgibin_home_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/home/enroll.cgi \
+						$(srcdir)/forms/esc/cgi-bin/home/index.cgi	\
+						 $(srcdir)/forms/esc/cgi-bin/home/cachain.cgi
+
+cgibin_so_DATA = 
+cgibin_so_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/so/enroll.cgi \
+					$(srcdir)/forms/esc/cgi-bin/so/index.cgi
+
+cgibin_sow_DATA = 
+cgibin_sow_SCRIPTS = $(srcdir)/forms/esc/cgi-bin/sow/ajax-list.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/cfg.pl          \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/enroll_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/format.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/formatso.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/index.cgi       \
+						$(srcdir)/forms/esc/cgi-bin/sow/main.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/noaccess.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/read.cgi        \
+						$(srcdir)/forms/esc/cgi-bin/sow/read_temp.cgi   \
+						$(srcdir)/forms/esc/cgi-bin/sow/search.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/search_temp.cgi \
+						$(srcdir)/forms/esc/cgi-bin/sow/seturl.cgi      \
+						$(srcdir)/forms/esc/cgi-bin/sow/welcome.cgi     \
+						$(srcdir)/forms/esc/cgi-bin/sow/is_agent.cgi    \
+						$(srcdir)/forms/esc/cgi-bin/sow/is_user.cgi
+
+conf_DATA = $(srcdir)/apache/conf/httpd.conf      \
+			$(srcdir)/apache/conf/magic           \
+			$(srcdir)/apache/conf/mime.types      \
+			$(srcdir)/apache/conf/nss.conf        \
+			$(srcdir)/apache/conf/perl.conf       \
+			$(srcdir)/doc/CS.cfg.in
+
+docroot_DATA = $(srcdir)/forms/index.cgi  \
+				$(srcdir)/forms/index.html
+
+docroot_demo_DATA = 
+docroot_home_DATA = 
+docroot_so_DATA = 
+docroot_sow_DATA = 
+docroot_tokendb_DATA = 
+docroot_tps_config_DATA = 
+docroot_tps_img_DATA = 
+docroot_tps_js_DATA = 
+initd_SCRIPTS = $(srcdir)/etc/init.d/pki-tpsd
+license_DATA = $(srcdir)/LICENSE
+
+# create an empty 'logs' directory
+logs_DATA = 
+perl_base_SCRIPTS = $(srcdir)/lib/perl/PKI/Base/Conf.pm \
+					$(srcdir)/lib/perl/PKI/Base/Registry.pm
+
+perl_modules_SCRIPTS = $(srcdir)/lib/perl/PKI/TPS/AdminAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AdminPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/AgentAuthPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/AuthDBPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/BasePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/CAInfoPanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/CertInfo.pm               \
+						$(srcdir)/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/CertRequestPanel.pm       \
+						$(srcdir)/lib/perl/PKI/TPS/Common.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/Config.pm                 \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/ConfigHSMPanel.pm         \
+						$(srcdir)/lib/perl/PKI/TPS/DRMInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/DatabasePanel.pm          \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm \
+						$(srcdir)/lib/perl/PKI/TPS/DisplayCertChainPanel.pm  \
+						$(srcdir)/lib/perl/PKI/TPS/DonePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/GlobalVar.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ImportAdminCertPanel.pm   \
+						$(srcdir)/lib/perl/PKI/TPS/Login.pm                  \
+						$(srcdir)/lib/perl/PKI/TPS/LoginPanel.pm             \
+						$(srcdir)/lib/perl/PKI/TPS/ModulePanel.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/Modutil.pm                \
+						$(srcdir)/lib/perl/PKI/TPS/NamePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/ReqCertInfo.pm            \
+						$(srcdir)/lib/perl/PKI/TPS/SecurityDomainPanel.pm    \
+						$(srcdir)/lib/perl/PKI/TPS/SizePanel.pm              \
+						$(srcdir)/lib/perl/PKI/TPS/SubsystemTypePanel.pm     \
+						$(srcdir)/lib/perl/PKI/TPS/TKSInfoPanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/WelcomePanel.pm           \
+						$(srcdir)/lib/perl/PKI/TPS/wizard.pm
+
+perl_service_SCRIPTS = $(srcdir)/lib/perl/PKI/Service/Op.pm
+perl_templates_SCRIPTS = $(srcdir)/lib/perl/Template/Velocity.pm
+samples_DATA = $(srcdir)/tools/raclient/enroll.tps \
+				$(srcdir)/tools/raclient/format.tps \
+				$(srcdir)/tools/raclient/reset_pin.tps
+
+scripts_DATA = $(srcdir)/scripts/schemaMods.ldif \
+				$(srcdir)/scripts/database.ldif   \
+				$(srcdir)/scripts/addIndexes.ldif \
+				$(srcdir)/scripts/addAgents.ldif  \
+				$(srcdir)/scripts/addTokens.ldif  \
+				$(srcdir)/scripts/vlvtasks.ldif   \
+				$(srcdir)/scripts/addVLVIndexes.ldif
+
+scripts_SCRIPTS = $(srcdir)/scripts/nss_pcache
+@LINUX_TRUE@setup_DATA = $(srcdir)/setup/config.desktop.in $(srcdir)/setup/registry_instance
+templates_DATA = $(srcdir)/apache/pki_instance_command_wrapper \
+					$(srcdir)/apache/pki_subsystem_command_wrapper
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Dynamic Libraries
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# libtokendb
+#------------------------
+libtokendb_la_SOURCES = src/tus/tus_db.c
+libtokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+libtokendb_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(GENERIC_LIBRARY_VERSION) --release $(VERSION)
+libtokendb_la_LIBADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                    \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# libtps
+#------------------------
+libtps_la_SOURCES = src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/ConfigStore.cpp                   \
+					src/main/Util.cpp                          \
+					src/main/RA_Msg.cpp                        \
+					src/main/RA_pblock.cpp                     \
+					src/main/RA_Session.cpp                    \
+					src/main/RA_Context.cpp                    \
+					src/main/Login.cpp                         \
+					src/main/SecureId.cpp                      \
+					src/main/Memory.cpp                        \
+					src/main/AuthenticationEntry.cpp           \
+					src/main/AuthParams.cpp                    \
+					src/main/Authentication.cpp                \
+					src/main/AttributeSpec.cpp                 \
+					src/main/ObjectSpec.cpp                    \
+					src/main/PKCS11Obj.cpp                     \
+                                        src/main/LogFile.cpp                       \
+                                        src/main/RollingLogFile.cpp                \
+					src/httpClient/httpClient.cpp              \
+					src/httpClient/Cache.cpp                   \
+					src/httpClient/engine.cpp                  \
+					src/httpClient/http.cpp                    \
+					src/httpClient/response.cpp                \
+					src/httpClient/request.cpp                 \
+					src/httpClient/nscperror.cpp               \
+					src/cms/HttpConnection.cpp                 \
+					src/cms/ConnectionInfo.cpp                 \
+					src/cms/CertEnroll.cpp                     \
+					src/apdu/APDU.cpp                          \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Import_Key_APDU.cpp               \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/apdu/APDU_Response.cpp                 \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp      \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/channel/Channel.cpp                    \
+					src/channel/Secure_Channel.cpp             \
+					src/engine/RA.cpp                          \
+					src/processor/RA_Processor.cpp             \
+					src/processor/RA_Enroll_Processor.cpp      \
+					src/processor/RA_Pin_Reset_Processor.cpp   \
+					src/processor/RA_Renew_Processor.cpp       \
+					src/processor/RA_Unblock_Processor.cpp     \
+					src/processor/RA_Format_Processor.cpp      \
+					src/selftests/SelfTest.cpp                 \
+					src/selftests/TPSSystemCertsVerification.cpp  \
+					src/selftests/TPSPresence.cpp              \
+					src/selftests/TPSValidity.cpp
+
+libtps_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+libtps_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(GENERIC_LIBRARY_VERSION) --release $(VERSION)
+libtps_la_LIBADD = ${top_builddir}/libtokendb.la $(LDAPSDK_LINK)       \
+	$(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL)    \
+	$(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# libldapauth
+#------------------------
+libldapauth_la_SOURCES = src/authentication/LDAP_Authentication.cpp
+libldapauth_la_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+libldapauth_la_LDFLAGS = $(AM_LDFLAGS) -version-info $(GENERIC_LIBRARY_VERSION) --release $(VERSION)
+libldapauth_la_LIBADD = ${top_builddir}/libtps.la $(LDAPSDK_LINK)       \
+	$(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL)     \
+	$(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tps
+#------------------------
+mod_tps_la_SOURCES = src/modules/tps/AP_Context.cpp \
+						src/modules/tps/AP_Session.cpp \
+						src/modules/tps/mod_tps.cpp
+
+mod_tps_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+
+mod_tps_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tps_la_LIBADD = ${top_builddir}/libtps.la $(APR_LINK)                 \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#------------------------
+# mod_tokendb
+#------------------------
+mod_tokendb_la_SOURCES = src/modules/tokendb/mod_tokendb.cpp
+mod_tokendb_la_CPPFLAGS = $(AM_CPPFLAGS) @apr_inc@ \
+	@ldapsdk_inc@ @svrcore_inc@ @sasl_inc@ @nss_inc@ @nspr_inc@
+
+mod_tokendb_la_LDFLAGS = $(AM_LDFLAGS) -avoid-version -module
+mod_tokendb_la_LIBADD = ${top_builddir}/libtokendb.la $(APR_LINK)         \
+	$(LDAPSDK_LINK) $(SVRCORE_LINK) $(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) \
+	$(LIBNSL) $(LIBSOCKET) $(LIBDL) $(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Programs
+#
+#////////////////////////////////////////////////////////////////
+
+#------------------------
+# tpsclient
+#------------------------
+#
+# REMINDER:  Link order is significant!
+#
+tpsclient_SOURCES = tools/raclient/RA_Client.cpp               \
+					tools/raclient/RA_Conn.cpp                 \
+					tools/raclient/RA_Token.cpp                \
+					src/main/Buffer.cpp                        \
+					src/main/NameValueSet.cpp                  \
+					src/main/Util.cpp                          \
+					src/main/AuthParams.cpp                    \
+					src/apdu/APDU.cpp                          \
+					src/apdu/APDU_Response.cpp                 \
+					src/apdu/Create_Object_APDU.cpp            \
+					src/apdu/Create_Pin_APDU.cpp               \
+					src/apdu/Delete_File_APDU.cpp              \
+					src/apdu/External_Authenticate_APDU.cpp    \
+					src/apdu/Format_Muscle_Applet_APDU.cpp     \
+					src/apdu/Generate_Key_APDU.cpp             \
+					src/apdu/Get_Data_APDU.cpp                 \
+					src/apdu/Get_Status_APDU.cpp               \
+					src/apdu/Get_Version_APDU.cpp              \
+					src/apdu/Initialize_Update_APDU.cpp        \
+					src/apdu/Install_Applet_APDU.cpp           \
+					src/apdu/Install_Load_APDU.cpp             \
+					src/apdu/Lifecycle_APDU.cpp                \
+					src/apdu/List_Objects_APDU.cpp             \
+					src/apdu/Set_IssuerInfo_APDU.cpp           \
+					src/apdu/Get_IssuerInfo_APDU.cpp           \
+					src/apdu/List_Pins_APDU.cpp                \
+					src/apdu/Load_File_APDU.cpp                \
+					src/apdu/Put_Key_APDU.cpp                  \
+					src/apdu/Read_Buffer_APDU.cpp              \
+					src/apdu/Read_Object_APDU.cpp              \
+					src/apdu/Select_APDU.cpp                   \
+					src/apdu/Set_Pin_APDU.cpp                  \
+					src/apdu/Unblock_Pin_APDU.cpp              \
+					src/apdu/Write_Object_APDU.cpp             \
+					src/apdu/Import_Key_Enc_APDU.cpp           \
+					src/main/RA_Msg.cpp                        \
+					src/msg/RA_Begin_Op_Msg.cpp                \
+					src/msg/RA_End_Op_Msg.cpp                  \
+					src/msg/RA_Login_Request_Msg.cpp           \
+					src/msg/RA_Login_Response_Msg.cpp          \
+					src/msg/RA_Extended_Login_Request_Msg.cpp  \
+					src/msg/RA_Extended_Login_Response_Msg.cpp \
+					src/msg/RA_ASQ_Request_Msg.cpp             \
+					src/msg/RA_ASQ_Response_Msg.cpp            \
+					src/msg/RA_New_Pin_Request_Msg.cpp         \
+					src/msg/RA_New_Pin_Response_Msg.cpp        \
+					src/msg/RA_SecureId_Request_Msg.cpp        \
+					src/msg/RA_SecureId_Response_Msg.cpp       \
+					src/msg/RA_Status_Update_Request_Msg.cpp   \
+					src/msg/RA_Status_Update_Response_Msg.cpp  \
+					src/msg/RA_Token_PDU_Request_Msg.cpp       \
+					src/msg/RA_Token_PDU_Response_Msg.cpp
+
+tpsclient_CPPFLAGS = $(AM_CPPFLAGS) @ldapsdk_inc@ @svrcore_inc@ \
+	@sasl_inc@ @nss_inc@ @nspr_inc@
+
+tpsclient_LDADD = $(LDAPSDK_LINK) $(SVRCORE_LINK)                         \
+	$(SASL_LINK) $(NSS_LINK) $(NSPR_LINK) $(LIBNSL) $(LIBSOCKET) $(LIBDL) \
+	$(LIBCSTD) $(LIBCRUN)
+
+
+#////////////////////////////////////////////////////////////////
+#
+#   Wrappers
+#
+#////////////////////////////////////////////////////////////////
+create_wrapper = sed                              \
+	-e "s|\@ldapsdk_libdir\@|$(ldapsdk_libdir)|g" \
+	-e "s|\@libexecdir\@|$(libexecdir)|g"         \
+	-e "s|\@nspr_libdir\@|$(nspr_libdir)|g"       \
+	-e "s|\@nss_libdir\@|$(nss_libdir)|g"         \
+	-e "s|\@sasl_libdir\@|$(sasl_libdir)|g"
+
+all: config.h
+	$(MAKE) $(AM_MAKEFLAGS) all-am
+
+.SUFFIXES:
+.SUFFIXES: .c .cpp .lo .o .obj
+am--refresh:
+	@:
+$(srcdir)/Makefile.in: @MAINTAINER_MODE_TRUE@ $(srcdir)/Makefile.am  $(am__configure_deps)
+	@for dep in $?; do \
+	  case '$(am__configure_deps)' in \
+	    *$$dep*) \
+	      echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \
+	      $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \
+		&& exit 0; \
+	      exit 1;; \
+	  esac; \
+	done; \
+	echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \
+	$(am__cd) $(top_srcdir) && \
+	  $(AUTOMAKE) --foreign Makefile
+.PRECIOUS: Makefile
+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
+	@case '$?' in \
+	  *config.status*) \
+	    echo ' $(SHELL) ./config.status'; \
+	    $(SHELL) ./config.status;; \
+	  *) \
+	    echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe)'; \
+	    cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__depfiles_maybe);; \
+	esac;
+
+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
+	$(SHELL) ./config.status --recheck
+
+$(top_srcdir)/configure: @MAINTAINER_MODE_TRUE@ $(am__configure_deps)
+	$(am__cd) $(srcdir) && $(AUTOCONF)
+$(ACLOCAL_M4): @MAINTAINER_MODE_TRUE@ $(am__aclocal_m4_deps)
+	$(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS)
+$(am__aclocal_m4_deps):
+
+config.h: stamp-h1
+	@if test ! -f $@; then \
+	  rm -f stamp-h1; \
+	  $(MAKE) $(AM_MAKEFLAGS) stamp-h1; \
+	else :; fi
+
+stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status
+	@rm -f stamp-h1
+	cd $(top_builddir) && $(SHELL) ./config.status config.h
+$(srcdir)/config.h.in: @MAINTAINER_MODE_TRUE@ $(am__configure_deps) 
+	($(am__cd) $(top_srcdir) && $(AUTOHEADER))
+	rm -f stamp-h1
+	touch $@
+
+distclean-hdr:
+	-rm -f config.h stamp-h1
+install-apache_modulesLTLIBRARIES: $(apache_modules_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(apache_modulesdir)" || $(MKDIR_P) "$(DESTDIR)$(apache_modulesdir)"
+	@list='$(apache_modules_LTLIBRARIES)'; test -n "$(apache_modulesdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(apache_modulesdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(apache_modulesdir)"; \
+	}
+
+uninstall-apache_modulesLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(apache_modules_LTLIBRARIES)'; test -n "$(apache_modulesdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(apache_modulesdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(apache_modulesdir)/$$f"; \
+	done
+
+clean-apache_modulesLTLIBRARIES:
+	-test -z "$(apache_modules_LTLIBRARIES)" || rm -f $(apache_modules_LTLIBRARIES)
+	@list='$(apache_modules_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+install-libLTLIBRARIES: $(lib_LTLIBRARIES)
+	@$(NORMAL_INSTALL)
+	test -z "$(libdir)" || $(MKDIR_P) "$(DESTDIR)$(libdir)"
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	list2=; for p in $$list; do \
+	  if test -f $$p; then \
+	    list2="$$list2 $$p"; \
+	  else :; fi; \
+	done; \
+	test -z "$$list2" || { \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(libdir)'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(libdir)"; \
+	}
+
+uninstall-libLTLIBRARIES:
+	@$(NORMAL_UNINSTALL)
+	@list='$(lib_LTLIBRARIES)'; test -n "$(libdir)" || list=; \
+	for p in $$list; do \
+	  $(am__strip_dir) \
+	  echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(libdir)/$$f'"; \
+	  $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(libdir)/$$f"; \
+	done
+
+clean-libLTLIBRARIES:
+	-test -z "$(lib_LTLIBRARIES)" || rm -f $(lib_LTLIBRARIES)
+	@list='$(lib_LTLIBRARIES)'; for p in $$list; do \
+	  dir="`echo $$p | sed -e 's|/[^/]*$$||'`"; \
+	  test "$$dir" != "$$p" || dir=.; \
+	  echo "rm -f \"$${dir}/so_locations\""; \
+	  rm -f "$${dir}/so_locations"; \
+	done
+src/authentication/$(am__dirstamp):
+	@$(MKDIR_P) src/authentication
+	@: > src/authentication/$(am__dirstamp)
+src/authentication/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/authentication/$(DEPDIR)
+	@: > src/authentication/$(DEPDIR)/$(am__dirstamp)
+src/authentication/libldapauth_la-LDAP_Authentication.lo:  \
+	src/authentication/$(am__dirstamp) \
+	src/authentication/$(DEPDIR)/$(am__dirstamp)
+libldapauth.la: $(libldapauth_la_OBJECTS) $(libldapauth_la_DEPENDENCIES) 
+	$(libldapauth_la_LINK) -rpath $(libdir) $(libldapauth_la_OBJECTS) $(libldapauth_la_LIBADD) $(LIBS)
+src/tus/$(am__dirstamp):
+	@$(MKDIR_P) src/tus
+	@: > src/tus/$(am__dirstamp)
+src/tus/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/tus/$(DEPDIR)
+	@: > src/tus/$(DEPDIR)/$(am__dirstamp)
+src/tus/libtokendb_la-tus_db.lo: src/tus/$(am__dirstamp) \
+	src/tus/$(DEPDIR)/$(am__dirstamp)
+libtokendb.la: $(libtokendb_la_OBJECTS) $(libtokendb_la_DEPENDENCIES) 
+	$(libtokendb_la_LINK) -rpath $(libdir) $(libtokendb_la_OBJECTS) $(libtokendb_la_LIBADD) $(LIBS)
+src/main/$(am__dirstamp):
+	@$(MKDIR_P) src/main
+	@: > src/main/$(am__dirstamp)
+src/main/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/main/$(DEPDIR)
+	@: > src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Buffer.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-NameValueSet.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-ConfigStore.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Util.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_Msg.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_pblock.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_Session.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RA_Context.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Login.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-SecureId.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Memory.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-AuthenticationEntry.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-AuthParams.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-Authentication.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-AttributeSpec.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-ObjectSpec.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-PKCS11Obj.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-LogFile.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/libtps_la-RollingLogFile.lo: src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/$(am__dirstamp):
+	@$(MKDIR_P) src/httpClient
+	@: > src/httpClient/$(am__dirstamp)
+src/httpClient/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/httpClient/$(DEPDIR)
+	@: > src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-httpClient.lo:  \
+	src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-Cache.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-engine.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-http.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-response.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-request.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/httpClient/libtps_la-nscperror.lo: src/httpClient/$(am__dirstamp) \
+	src/httpClient/$(DEPDIR)/$(am__dirstamp)
+src/cms/$(am__dirstamp):
+	@$(MKDIR_P) src/cms
+	@: > src/cms/$(am__dirstamp)
+src/cms/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/cms/$(DEPDIR)
+	@: > src/cms/$(DEPDIR)/$(am__dirstamp)
+src/cms/libtps_la-HttpConnection.lo: src/cms/$(am__dirstamp) \
+	src/cms/$(DEPDIR)/$(am__dirstamp)
+src/cms/libtps_la-ConnectionInfo.lo: src/cms/$(am__dirstamp) \
+	src/cms/$(DEPDIR)/$(am__dirstamp)
+src/cms/libtps_la-CertEnroll.lo: src/cms/$(am__dirstamp) \
+	src/cms/$(DEPDIR)/$(am__dirstamp)
+src/apdu/$(am__dirstamp):
+	@$(MKDIR_P) src/apdu
+	@: > src/apdu/$(am__dirstamp)
+src/apdu/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/apdu/$(DEPDIR)
+	@: > src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Unblock_Pin_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Create_Object_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Set_Pin_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Set_IssuerInfo_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_IssuerInfo_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Create_Pin_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-List_Pins_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Initialize_Update_APDU.lo:  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_Version_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_Status_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Get_Data_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-External_Authenticate_APDU.lo:  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Generate_Key_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Read_Buffer_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Read_Object_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Write_Object_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Put_Key_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Select_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Delete_File_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Install_Applet_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo:  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Load_File_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Install_Load_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Lifecycle_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-List_Objects_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Import_Key_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-Import_Key_Enc_APDU.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/libtps_la-APDU_Response.lo: src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/msg/$(am__dirstamp):
+	@$(MKDIR_P) src/msg
+	@: > src/msg/$(am__dirstamp)
+src/msg/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/msg/$(DEPDIR)
+	@: > src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Begin_Op_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_End_Op_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Login_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Login_Response_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_SecureId_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_SecureId_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_ASQ_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_ASQ_Response_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_New_Pin_Request_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_New_Pin_Response_Msg.lo: src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Status_Update_Request_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Status_Update_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo:  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/channel/$(am__dirstamp):
+	@$(MKDIR_P) src/channel
+	@: > src/channel/$(am__dirstamp)
+src/channel/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/channel/$(DEPDIR)
+	@: > src/channel/$(DEPDIR)/$(am__dirstamp)
+src/channel/libtps_la-Channel.lo: src/channel/$(am__dirstamp) \
+	src/channel/$(DEPDIR)/$(am__dirstamp)
+src/channel/libtps_la-Secure_Channel.lo: src/channel/$(am__dirstamp) \
+	src/channel/$(DEPDIR)/$(am__dirstamp)
+src/engine/$(am__dirstamp):
+	@$(MKDIR_P) src/engine
+	@: > src/engine/$(am__dirstamp)
+src/engine/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/engine/$(DEPDIR)
+	@: > src/engine/$(DEPDIR)/$(am__dirstamp)
+src/engine/libtps_la-RA.lo: src/engine/$(am__dirstamp) \
+	src/engine/$(DEPDIR)/$(am__dirstamp)
+src/processor/$(am__dirstamp):
+	@$(MKDIR_P) src/processor
+	@: > src/processor/$(am__dirstamp)
+src/processor/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/processor/$(DEPDIR)
+	@: > src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Enroll_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Pin_Reset_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Renew_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Unblock_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/processor/libtps_la-RA_Format_Processor.lo:  \
+	src/processor/$(am__dirstamp) \
+	src/processor/$(DEPDIR)/$(am__dirstamp)
+src/selftests/$(am__dirstamp):
+	@$(MKDIR_P) src/selftests
+	@: > src/selftests/$(am__dirstamp)
+src/selftests/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/selftests/$(DEPDIR)
+	@: > src/selftests/$(DEPDIR)/$(am__dirstamp)
+src/selftests/libtps_la-SelfTest.lo: src/selftests/$(am__dirstamp) \
+	src/selftests/$(DEPDIR)/$(am__dirstamp)
+src/selftests/libtps_la-TPSSystemCertsVerification.lo:  \
+	src/selftests/$(am__dirstamp) \
+	src/selftests/$(DEPDIR)/$(am__dirstamp)
+src/selftests/libtps_la-TPSPresence.lo: src/selftests/$(am__dirstamp) \
+	src/selftests/$(DEPDIR)/$(am__dirstamp)
+src/selftests/libtps_la-TPSValidity.lo: src/selftests/$(am__dirstamp) \
+	src/selftests/$(DEPDIR)/$(am__dirstamp)
+libtps.la: $(libtps_la_OBJECTS) $(libtps_la_DEPENDENCIES) 
+	$(libtps_la_LINK) -rpath $(libdir) $(libtps_la_OBJECTS) $(libtps_la_LIBADD) $(LIBS)
+src/modules/tokendb/$(am__dirstamp):
+	@$(MKDIR_P) src/modules/tokendb
+	@: > src/modules/tokendb/$(am__dirstamp)
+src/modules/tokendb/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/modules/tokendb/$(DEPDIR)
+	@: > src/modules/tokendb/$(DEPDIR)/$(am__dirstamp)
+src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo:  \
+	src/modules/tokendb/$(am__dirstamp) \
+	src/modules/tokendb/$(DEPDIR)/$(am__dirstamp)
+mod_tokendb.la: $(mod_tokendb_la_OBJECTS) $(mod_tokendb_la_DEPENDENCIES) 
+	$(mod_tokendb_la_LINK) -rpath $(apache_modulesdir) $(mod_tokendb_la_OBJECTS) $(mod_tokendb_la_LIBADD) $(LIBS)
+src/modules/tps/$(am__dirstamp):
+	@$(MKDIR_P) src/modules/tps
+	@: > src/modules/tps/$(am__dirstamp)
+src/modules/tps/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) src/modules/tps/$(DEPDIR)
+	@: > src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+src/modules/tps/mod_tps_la-AP_Context.lo:  \
+	src/modules/tps/$(am__dirstamp) \
+	src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+src/modules/tps/mod_tps_la-AP_Session.lo:  \
+	src/modules/tps/$(am__dirstamp) \
+	src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+src/modules/tps/mod_tps_la-mod_tps.lo:  \
+	src/modules/tps/$(am__dirstamp) \
+	src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+mod_tps.la: $(mod_tps_la_OBJECTS) $(mod_tps_la_DEPENDENCIES) 
+	$(mod_tps_la_LINK) -rpath $(apache_modulesdir) $(mod_tps_la_OBJECTS) $(mod_tps_la_LIBADD) $(LIBS)
+install-libexecPROGRAMS: $(libexec_PROGRAMS)
+	@$(NORMAL_INSTALL)
+	test -z "$(libexecdir)" || $(MKDIR_P) "$(DESTDIR)$(libexecdir)"
+	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+	for p in $$list; do echo "$$p $$p"; done | \
+	sed 's/$(EXEEXT)$$//' | \
+	while read p p1; do if test -f $$p || test -f $$p1; \
+	  then echo "$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n;h' -e 's|.*|.|' \
+	    -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \
+	sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) files[d] = files[d] " " $$1; \
+	    else { print "f", $$3 "/" $$4, $$1; } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	    if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	    test -z "$$files" || { \
+	    echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(libexecdir)$$dir'"; \
+	    $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(libexecdir)$$dir" || exit $$?; \
+	    } \
+	; done
+
+uninstall-libexecPROGRAMS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(libexec_PROGRAMS)'; test -n "$(libexecdir)" || list=; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	  sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \
+	      -e 's/$$/$(EXEEXT)/' `; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(libexecdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(libexecdir)" && rm -f $$files
+
+clean-libexecPROGRAMS:
+	@list='$(libexec_PROGRAMS)'; test -n "$$list" || exit 0; \
+	echo " rm -f" $$list; \
+	rm -f $$list || exit $$?; \
+	test -n "$(EXEEXT)" || exit 0; \
+	list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \
+	echo " rm -f" $$list; \
+	rm -f $$list
+tools/raclient/$(am__dirstamp):
+	@$(MKDIR_P) tools/raclient
+	@: > tools/raclient/$(am__dirstamp)
+tools/raclient/$(DEPDIR)/$(am__dirstamp):
+	@$(MKDIR_P) tools/raclient/$(DEPDIR)
+	@: > tools/raclient/$(DEPDIR)/$(am__dirstamp)
+tools/raclient/tpsclient-RA_Client.$(OBJEXT):  \
+	tools/raclient/$(am__dirstamp) \
+	tools/raclient/$(DEPDIR)/$(am__dirstamp)
+tools/raclient/tpsclient-RA_Conn.$(OBJEXT):  \
+	tools/raclient/$(am__dirstamp) \
+	tools/raclient/$(DEPDIR)/$(am__dirstamp)
+tools/raclient/tpsclient-RA_Token.$(OBJEXT):  \
+	tools/raclient/$(am__dirstamp) \
+	tools/raclient/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-Buffer.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-NameValueSet.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-Util.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-AuthParams.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-APDU_Response.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Create_Object_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Create_Pin_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Delete_File_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-External_Authenticate_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Format_Muscle_Applet_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Generate_Key_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_Data_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_Status_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_Version_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Initialize_Update_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Install_Applet_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Install_Load_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Lifecycle_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-List_Objects_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Set_IssuerInfo_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Get_IssuerInfo_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-List_Pins_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Load_File_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Put_Key_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Read_Buffer_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Read_Object_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Select_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Set_Pin_APDU.$(OBJEXT): src/apdu/$(am__dirstamp) \
+	src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Unblock_Pin_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Write_Object_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/apdu/tpsclient-Import_Key_Enc_APDU.$(OBJEXT):  \
+	src/apdu/$(am__dirstamp) src/apdu/$(DEPDIR)/$(am__dirstamp)
+src/main/tpsclient-RA_Msg.$(OBJEXT): src/main/$(am__dirstamp) \
+	src/main/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Begin_Op_Msg.$(OBJEXT): src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_End_Op_Msg.$(OBJEXT): src/msg/$(am__dirstamp) \
+	src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Login_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Login_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Extended_Login_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Extended_Login_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_ASQ_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_ASQ_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_New_Pin_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_New_Pin_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_SecureId_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_SecureId_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Status_Update_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Status_Update_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Token_PDU_Request_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+src/msg/tpsclient-RA_Token_PDU_Response_Msg.$(OBJEXT):  \
+	src/msg/$(am__dirstamp) src/msg/$(DEPDIR)/$(am__dirstamp)
+tpsclient$(EXEEXT): $(tpsclient_OBJECTS) $(tpsclient_DEPENDENCIES) 
+	@rm -f tpsclient$(EXEEXT)
+	$(CXXLINK) $(tpsclient_OBJECTS) $(tpsclient_LDADD) $(LIBS)
+install-binSCRIPTS: $(bin_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(bindir)" || $(MKDIR_P) "$(DESTDIR)$(bindir)"
+	@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-binSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(bindir)" && rm -f $$files
+install-cgibin_demoSCRIPTS: $(cgibin_demo_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_demodir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_demodir)"
+	@list='$(cgibin_demo_SCRIPTS)'; test -n "$(cgibin_demodir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(cgibin_demodir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(cgibin_demodir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-cgibin_demoSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_demo_SCRIPTS)'; test -n "$(cgibin_demodir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_demodir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_demodir)" && rm -f $$files
+install-cgibin_homeSCRIPTS: $(cgibin_home_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_homedir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_homedir)"
+	@list='$(cgibin_home_SCRIPTS)'; test -n "$(cgibin_homedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(cgibin_homedir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(cgibin_homedir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-cgibin_homeSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_home_SCRIPTS)'; test -n "$(cgibin_homedir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_homedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_homedir)" && rm -f $$files
+install-cgibin_soSCRIPTS: $(cgibin_so_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sodir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_sodir)"
+	@list='$(cgibin_so_SCRIPTS)'; test -n "$(cgibin_sodir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(cgibin_sodir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(cgibin_sodir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-cgibin_soSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_so_SCRIPTS)'; test -n "$(cgibin_sodir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_sodir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_sodir)" && rm -f $$files
+install-cgibin_sowSCRIPTS: $(cgibin_sow_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sowdir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_sowdir)"
+	@list='$(cgibin_sow_SCRIPTS)'; test -n "$(cgibin_sowdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(cgibin_sowdir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(cgibin_sowdir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-cgibin_sowSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_sow_SCRIPTS)'; test -n "$(cgibin_sowdir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_sowdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_sowdir)" && rm -f $$files
+install-initdSCRIPTS: $(initd_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(initddir)" || $(MKDIR_P) "$(DESTDIR)$(initddir)"
+	@list='$(initd_SCRIPTS)'; test -n "$(initddir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(initddir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(initddir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-initdSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(initd_SCRIPTS)'; test -n "$(initddir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(initddir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(initddir)" && rm -f $$files
+install-perl_baseSCRIPTS: $(perl_base_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(perl_basedir)" || $(MKDIR_P) "$(DESTDIR)$(perl_basedir)"
+	@list='$(perl_base_SCRIPTS)'; test -n "$(perl_basedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(perl_basedir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(perl_basedir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-perl_baseSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(perl_base_SCRIPTS)'; test -n "$(perl_basedir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(perl_basedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(perl_basedir)" && rm -f $$files
+install-perl_modulesSCRIPTS: $(perl_modules_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(perl_modulesdir)" || $(MKDIR_P) "$(DESTDIR)$(perl_modulesdir)"
+	@list='$(perl_modules_SCRIPTS)'; test -n "$(perl_modulesdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(perl_modulesdir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(perl_modulesdir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-perl_modulesSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(perl_modules_SCRIPTS)'; test -n "$(perl_modulesdir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(perl_modulesdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(perl_modulesdir)" && rm -f $$files
+install-perl_serviceSCRIPTS: $(perl_service_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(perl_servicedir)" || $(MKDIR_P) "$(DESTDIR)$(perl_servicedir)"
+	@list='$(perl_service_SCRIPTS)'; test -n "$(perl_servicedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(perl_servicedir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(perl_servicedir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-perl_serviceSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(perl_service_SCRIPTS)'; test -n "$(perl_servicedir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(perl_servicedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(perl_servicedir)" && rm -f $$files
+install-perl_templatesSCRIPTS: $(perl_templates_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(perl_templatesdir)" || $(MKDIR_P) "$(DESTDIR)$(perl_templatesdir)"
+	@list='$(perl_templates_SCRIPTS)'; test -n "$(perl_templatesdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(perl_templatesdir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(perl_templatesdir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-perl_templatesSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(perl_templates_SCRIPTS)'; test -n "$(perl_templatesdir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(perl_templatesdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(perl_templatesdir)" && rm -f $$files
+install-scriptsSCRIPTS: $(scripts_SCRIPTS)
+	@$(NORMAL_INSTALL)
+	test -z "$(scriptsdir)" || $(MKDIR_P) "$(DESTDIR)$(scriptsdir)"
+	@list='$(scripts_SCRIPTS)'; test -n "$(scriptsdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
+	done | \
+	sed -e 'p;s,.*/,,;n' \
+	    -e 'h;s|.*|.|' \
+	    -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
+	$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
+	  { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
+	    if ($$2 == $$4) { files[d] = files[d] " " $$1; \
+	      if (++n[d] == $(am__install_max)) { \
+		print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
+	    else { print "f", d "/" $$4, $$1 } } \
+	  END { for (d in files) print "f", d, files[d] }' | \
+	while read type dir files; do \
+	     if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
+	     test -z "$$files" || { \
+	       echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(scriptsdir)$$dir'"; \
+	       $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(scriptsdir)$$dir" || exit $$?; \
+	     } \
+	; done
+
+uninstall-scriptsSCRIPTS:
+	@$(NORMAL_UNINSTALL)
+	@list='$(scripts_SCRIPTS)'; test -n "$(scriptsdir)" || exit 0; \
+	files=`for p in $$list; do echo "$$p"; done | \
+	       sed -e 's,.*/,,;$(transform)'`; \
+	test -n "$$list" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(scriptsdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(scriptsdir)" && rm -f $$files
+
+mostlyclean-compile:
+	-rm -f *.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-APDU.lo
+	-rm -f src/apdu/libtps_la-APDU_Response.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-APDU_Response.lo
+	-rm -f src/apdu/libtps_la-Create_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Create_Object_APDU.lo
+	-rm -f src/apdu/libtps_la-Create_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Create_Pin_APDU.lo
+	-rm -f src/apdu/libtps_la-Delete_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Delete_File_APDU.lo
+	-rm -f src/apdu/libtps_la-External_Authenticate_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-External_Authenticate_APDU.lo
+	-rm -f src/apdu/libtps_la-Format_Muscle_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo
+	-rm -f src/apdu/libtps_la-Generate_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Generate_Key_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_Data_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_Data_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_IssuerInfo_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_Status_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_Status_APDU.lo
+	-rm -f src/apdu/libtps_la-Get_Version_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Get_Version_APDU.lo
+	-rm -f src/apdu/libtps_la-Import_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Import_Key_APDU.lo
+	-rm -f src/apdu/libtps_la-Import_Key_Enc_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Import_Key_Enc_APDU.lo
+	-rm -f src/apdu/libtps_la-Initialize_Update_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Initialize_Update_APDU.lo
+	-rm -f src/apdu/libtps_la-Install_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Install_Applet_APDU.lo
+	-rm -f src/apdu/libtps_la-Install_Load_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Install_Load_APDU.lo
+	-rm -f src/apdu/libtps_la-Lifecycle_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Lifecycle_APDU.lo
+	-rm -f src/apdu/libtps_la-List_Objects_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-List_Objects_APDU.lo
+	-rm -f src/apdu/libtps_la-List_Pins_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-List_Pins_APDU.lo
+	-rm -f src/apdu/libtps_la-Load_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Load_File_APDU.lo
+	-rm -f src/apdu/libtps_la-Put_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Put_Key_APDU.lo
+	-rm -f src/apdu/libtps_la-Read_Buffer_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Read_Buffer_APDU.lo
+	-rm -f src/apdu/libtps_la-Read_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Read_Object_APDU.lo
+	-rm -f src/apdu/libtps_la-Select_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Select_APDU.lo
+	-rm -f src/apdu/libtps_la-Set_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Set_IssuerInfo_APDU.lo
+	-rm -f src/apdu/libtps_la-Set_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Set_Pin_APDU.lo
+	-rm -f src/apdu/libtps_la-Unblock_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Unblock_Pin_APDU.lo
+	-rm -f src/apdu/libtps_la-Write_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/libtps_la-Write_Object_APDU.lo
+	-rm -f src/apdu/tpsclient-APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-APDU_Response.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Create_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Create_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Delete_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-External_Authenticate_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Format_Muscle_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Generate_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_Data_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_Status_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Get_Version_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Import_Key_Enc_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Initialize_Update_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Install_Applet_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Install_Load_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Lifecycle_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-List_Objects_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-List_Pins_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Load_File_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Put_Key_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Read_Buffer_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Read_Object_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Select_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Set_IssuerInfo_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Set_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Unblock_Pin_APDU.$(OBJEXT)
+	-rm -f src/apdu/tpsclient-Write_Object_APDU.$(OBJEXT)
+	-rm -f src/authentication/libldapauth_la-LDAP_Authentication.$(OBJEXT)
+	-rm -f src/authentication/libldapauth_la-LDAP_Authentication.lo
+	-rm -f src/channel/libtps_la-Channel.$(OBJEXT)
+	-rm -f src/channel/libtps_la-Channel.lo
+	-rm -f src/channel/libtps_la-Secure_Channel.$(OBJEXT)
+	-rm -f src/channel/libtps_la-Secure_Channel.lo
+	-rm -f src/cms/libtps_la-CertEnroll.$(OBJEXT)
+	-rm -f src/cms/libtps_la-CertEnroll.lo
+	-rm -f src/cms/libtps_la-ConnectionInfo.$(OBJEXT)
+	-rm -f src/cms/libtps_la-ConnectionInfo.lo
+	-rm -f src/cms/libtps_la-HttpConnection.$(OBJEXT)
+	-rm -f src/cms/libtps_la-HttpConnection.lo
+	-rm -f src/engine/libtps_la-RA.$(OBJEXT)
+	-rm -f src/engine/libtps_la-RA.lo
+	-rm -f src/httpClient/libtps_la-Cache.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-Cache.lo
+	-rm -f src/httpClient/libtps_la-engine.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-engine.lo
+	-rm -f src/httpClient/libtps_la-http.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-http.lo
+	-rm -f src/httpClient/libtps_la-httpClient.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-httpClient.lo
+	-rm -f src/httpClient/libtps_la-nscperror.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-nscperror.lo
+	-rm -f src/httpClient/libtps_la-request.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-request.lo
+	-rm -f src/httpClient/libtps_la-response.$(OBJEXT)
+	-rm -f src/httpClient/libtps_la-response.lo
+	-rm -f src/main/libtps_la-AttributeSpec.$(OBJEXT)
+	-rm -f src/main/libtps_la-AttributeSpec.lo
+	-rm -f src/main/libtps_la-AuthParams.$(OBJEXT)
+	-rm -f src/main/libtps_la-AuthParams.lo
+	-rm -f src/main/libtps_la-Authentication.$(OBJEXT)
+	-rm -f src/main/libtps_la-Authentication.lo
+	-rm -f src/main/libtps_la-AuthenticationEntry.$(OBJEXT)
+	-rm -f src/main/libtps_la-AuthenticationEntry.lo
+	-rm -f src/main/libtps_la-Buffer.$(OBJEXT)
+	-rm -f src/main/libtps_la-Buffer.lo
+	-rm -f src/main/libtps_la-ConfigStore.$(OBJEXT)
+	-rm -f src/main/libtps_la-ConfigStore.lo
+	-rm -f src/main/libtps_la-LogFile.$(OBJEXT)
+	-rm -f src/main/libtps_la-LogFile.lo
+	-rm -f src/main/libtps_la-Login.$(OBJEXT)
+	-rm -f src/main/libtps_la-Login.lo
+	-rm -f src/main/libtps_la-Memory.$(OBJEXT)
+	-rm -f src/main/libtps_la-Memory.lo
+	-rm -f src/main/libtps_la-NameValueSet.$(OBJEXT)
+	-rm -f src/main/libtps_la-NameValueSet.lo
+	-rm -f src/main/libtps_la-ObjectSpec.$(OBJEXT)
+	-rm -f src/main/libtps_la-ObjectSpec.lo
+	-rm -f src/main/libtps_la-PKCS11Obj.$(OBJEXT)
+	-rm -f src/main/libtps_la-PKCS11Obj.lo
+	-rm -f src/main/libtps_la-RA_Context.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_Context.lo
+	-rm -f src/main/libtps_la-RA_Msg.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_Msg.lo
+	-rm -f src/main/libtps_la-RA_Session.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_Session.lo
+	-rm -f src/main/libtps_la-RA_pblock.$(OBJEXT)
+	-rm -f src/main/libtps_la-RA_pblock.lo
+	-rm -f src/main/libtps_la-RollingLogFile.$(OBJEXT)
+	-rm -f src/main/libtps_la-RollingLogFile.lo
+	-rm -f src/main/libtps_la-SecureId.$(OBJEXT)
+	-rm -f src/main/libtps_la-SecureId.lo
+	-rm -f src/main/libtps_la-Util.$(OBJEXT)
+	-rm -f src/main/libtps_la-Util.lo
+	-rm -f src/main/tpsclient-AuthParams.$(OBJEXT)
+	-rm -f src/main/tpsclient-Buffer.$(OBJEXT)
+	-rm -f src/main/tpsclient-NameValueSet.$(OBJEXT)
+	-rm -f src/main/tpsclient-RA_Msg.$(OBJEXT)
+	-rm -f src/main/tpsclient-Util.$(OBJEXT)
+	-rm -f src/modules/tokendb/mod_tokendb_la-mod_tokendb.$(OBJEXT)
+	-rm -f src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo
+	-rm -f src/modules/tps/mod_tps_la-AP_Context.$(OBJEXT)
+	-rm -f src/modules/tps/mod_tps_la-AP_Context.lo
+	-rm -f src/modules/tps/mod_tps_la-AP_Session.$(OBJEXT)
+	-rm -f src/modules/tps/mod_tps_la-AP_Session.lo
+	-rm -f src/modules/tps/mod_tps_la-mod_tps.$(OBJEXT)
+	-rm -f src/modules/tps/mod_tps_la-mod_tps.lo
+	-rm -f src/msg/libtps_la-RA_ASQ_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_ASQ_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_ASQ_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_ASQ_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Begin_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Begin_Op_Msg.lo
+	-rm -f src/msg/libtps_la-RA_End_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_End_Op_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Login_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Login_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_New_Pin_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_New_Pin_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_New_Pin_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_New_Pin_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_SecureId_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_SecureId_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_SecureId_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_SecureId_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Status_Update_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Status_Update_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Status_Update_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Status_Update_Response_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo
+	-rm -f src/msg/tpsclient-RA_ASQ_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_ASQ_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Begin_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_End_Op_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Extended_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Extended_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Login_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Login_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_New_Pin_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_New_Pin_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_SecureId_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_SecureId_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Status_Update_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Status_Update_Response_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Token_PDU_Request_Msg.$(OBJEXT)
+	-rm -f src/msg/tpsclient-RA_Token_PDU_Response_Msg.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Enroll_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Enroll_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Format_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Format_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Pin_Reset_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Pin_Reset_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Renew_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Renew_Processor.lo
+	-rm -f src/processor/libtps_la-RA_Unblock_Processor.$(OBJEXT)
+	-rm -f src/processor/libtps_la-RA_Unblock_Processor.lo
+	-rm -f src/selftests/libtps_la-SelfTest.$(OBJEXT)
+	-rm -f src/selftests/libtps_la-SelfTest.lo
+	-rm -f src/selftests/libtps_la-TPSPresence.$(OBJEXT)
+	-rm -f src/selftests/libtps_la-TPSPresence.lo
+	-rm -f src/selftests/libtps_la-TPSSystemCertsVerification.$(OBJEXT)
+	-rm -f src/selftests/libtps_la-TPSSystemCertsVerification.lo
+	-rm -f src/selftests/libtps_la-TPSValidity.$(OBJEXT)
+	-rm -f src/selftests/libtps_la-TPSValidity.lo
+	-rm -f src/tus/libtokendb_la-tus_db.$(OBJEXT)
+	-rm -f src/tus/libtokendb_la-tus_db.lo
+	-rm -f tools/raclient/tpsclient-RA_Client.$(OBJEXT)
+	-rm -f tools/raclient/tpsclient-RA_Conn.$(OBJEXT)
+	-rm -f tools/raclient/tpsclient-RA_Token.$(OBJEXT)
+
+distclean-compile:
+	-rm -f *.tab.c
+
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/channel/$(DEPDIR)/libtps_la-Channel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/cms/$(DEPDIR)/libtps_la-CertEnroll.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/cms/$(DEPDIR)/libtps_la-HttpConnection.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/engine/$(DEPDIR)/libtps_la-RA.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-Cache.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-engine.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-http.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-httpClient.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-nscperror.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-request.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/httpClient/$(DEPDIR)/libtps_la-response.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-AttributeSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-AuthParams.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Authentication.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Buffer.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-ConfigStore.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-LogFile.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Login.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Memory.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-NameValueSet.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-ObjectSpec.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_Context.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_Session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RA_pblock.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-RollingLogFile.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-SecureId.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/libtps_la-Util.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-AuthParams.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-Buffer.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-NameValueSet.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-RA_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/main/$(DEPDIR)/tpsclient-Util.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-SelfTest.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/selftests/$(DEPDIR)/libtps_la-TPSValidity.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@src/tus/$(DEPDIR)/libtokendb_la-tus_db.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Po@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Po@am__quote@
+
+.c.o:
+@am__fastdepCC_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c -o $@ $<
+
+.c.obj:
+@am__fastdepCC_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCC_TRUE@	$(COMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(COMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.c.lo:
+@am__fastdepCC_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCC_TRUE@	$(LTCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCC_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LTCOMPILE) -c -o $@ $<
+
+src/tus/libtokendb_la-tus_db.lo: src/tus/tus_db.c
+@am__fastdepCC_TRUE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT src/tus/libtokendb_la-tus_db.lo -MD -MP -MF src/tus/$(DEPDIR)/libtokendb_la-tus_db.Tpo -c -o src/tus/libtokendb_la-tus_db.lo `test -f 'src/tus/tus_db.c' || echo '$(srcdir)/'`src/tus/tus_db.c
+@am__fastdepCC_TRUE@	$(am__mv) src/tus/$(DEPDIR)/libtokendb_la-tus_db.Tpo src/tus/$(DEPDIR)/libtokendb_la-tus_db.Plo
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	source='src/tus/tus_db.c' object='src/tus/libtokendb_la-tus_db.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCC_FALSE@	DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCC_FALSE@	$(LIBTOOL)  --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o src/tus/libtokendb_la-tus_db.lo `test -f 'src/tus/tus_db.c' || echo '$(srcdir)/'`src/tus/tus_db.c
+
+.cpp.o:
+@am__fastdepCXX_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\
+@am__fastdepCXX_TRUE@	$(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCXX_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ $<
+
+.cpp.obj:
+@am__fastdepCXX_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\
+@am__fastdepCXX_TRUE@	$(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\
+@am__fastdepCXX_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'`
+
+.cpp.lo:
+@am__fastdepCXX_TRUE@	depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\
+@am__fastdepCXX_TRUE@	$(LTCXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\
+@am__fastdepCXX_TRUE@	$(am__mv) $$depbase.Tpo $$depbase.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LTCXXCOMPILE) -c -o $@ $<
+
+src/authentication/libldapauth_la-LDAP_Authentication.lo: src/authentication/LDAP_Authentication.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libldapauth_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/authentication/libldapauth_la-LDAP_Authentication.lo -MD -MP -MF src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Tpo -c -o src/authentication/libldapauth_la-LDAP_Authentication.lo `test -f 'src/authentication/LDAP_Authentication.cpp' || echo '$(srcdir)/'`src/authentication/LDAP_Authentication.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Tpo src/authentication/$(DEPDIR)/libldapauth_la-LDAP_Authentication.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/authentication/LDAP_Authentication.cpp' object='src/authentication/libldapauth_la-LDAP_Authentication.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libldapauth_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/authentication/libldapauth_la-LDAP_Authentication.lo `test -f 'src/authentication/LDAP_Authentication.cpp' || echo '$(srcdir)/'`src/authentication/LDAP_Authentication.cpp
+
+src/main/libtps_la-Buffer.lo: src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Buffer.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-Buffer.Tpo -c -o src/main/libtps_la-Buffer.lo `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-Buffer.Tpo src/main/$(DEPDIR)/libtps_la-Buffer.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Buffer.cpp' object='src/main/libtps_la-Buffer.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Buffer.lo `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp
+
+src/main/libtps_la-NameValueSet.lo: src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-NameValueSet.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-NameValueSet.Tpo -c -o src/main/libtps_la-NameValueSet.lo `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-NameValueSet.Tpo src/main/$(DEPDIR)/libtps_la-NameValueSet.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/NameValueSet.cpp' object='src/main/libtps_la-NameValueSet.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-NameValueSet.lo `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp
+
+src/main/libtps_la-ConfigStore.lo: src/main/ConfigStore.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-ConfigStore.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-ConfigStore.Tpo -c -o src/main/libtps_la-ConfigStore.lo `test -f 'src/main/ConfigStore.cpp' || echo '$(srcdir)/'`src/main/ConfigStore.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-ConfigStore.Tpo src/main/$(DEPDIR)/libtps_la-ConfigStore.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/ConfigStore.cpp' object='src/main/libtps_la-ConfigStore.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-ConfigStore.lo `test -f 'src/main/ConfigStore.cpp' || echo '$(srcdir)/'`src/main/ConfigStore.cpp
+
+src/main/libtps_la-Util.lo: src/main/Util.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Util.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-Util.Tpo -c -o src/main/libtps_la-Util.lo `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-Util.Tpo src/main/$(DEPDIR)/libtps_la-Util.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Util.cpp' object='src/main/libtps_la-Util.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Util.lo `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp
+
+src/main/libtps_la-RA_Msg.lo: src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_Msg.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-RA_Msg.Tpo -c -o src/main/libtps_la-RA_Msg.lo `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-RA_Msg.Tpo src/main/$(DEPDIR)/libtps_la-RA_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Msg.cpp' object='src/main/libtps_la-RA_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_Msg.lo `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp
+
+src/main/libtps_la-RA_pblock.lo: src/main/RA_pblock.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_pblock.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-RA_pblock.Tpo -c -o src/main/libtps_la-RA_pblock.lo `test -f 'src/main/RA_pblock.cpp' || echo '$(srcdir)/'`src/main/RA_pblock.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-RA_pblock.Tpo src/main/$(DEPDIR)/libtps_la-RA_pblock.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_pblock.cpp' object='src/main/libtps_la-RA_pblock.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_pblock.lo `test -f 'src/main/RA_pblock.cpp' || echo '$(srcdir)/'`src/main/RA_pblock.cpp
+
+src/main/libtps_la-RA_Session.lo: src/main/RA_Session.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_Session.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-RA_Session.Tpo -c -o src/main/libtps_la-RA_Session.lo `test -f 'src/main/RA_Session.cpp' || echo '$(srcdir)/'`src/main/RA_Session.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-RA_Session.Tpo src/main/$(DEPDIR)/libtps_la-RA_Session.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Session.cpp' object='src/main/libtps_la-RA_Session.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_Session.lo `test -f 'src/main/RA_Session.cpp' || echo '$(srcdir)/'`src/main/RA_Session.cpp
+
+src/main/libtps_la-RA_Context.lo: src/main/RA_Context.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RA_Context.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-RA_Context.Tpo -c -o src/main/libtps_la-RA_Context.lo `test -f 'src/main/RA_Context.cpp' || echo '$(srcdir)/'`src/main/RA_Context.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-RA_Context.Tpo src/main/$(DEPDIR)/libtps_la-RA_Context.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Context.cpp' object='src/main/libtps_la-RA_Context.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RA_Context.lo `test -f 'src/main/RA_Context.cpp' || echo '$(srcdir)/'`src/main/RA_Context.cpp
+
+src/main/libtps_la-Login.lo: src/main/Login.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Login.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-Login.Tpo -c -o src/main/libtps_la-Login.lo `test -f 'src/main/Login.cpp' || echo '$(srcdir)/'`src/main/Login.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-Login.Tpo src/main/$(DEPDIR)/libtps_la-Login.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Login.cpp' object='src/main/libtps_la-Login.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Login.lo `test -f 'src/main/Login.cpp' || echo '$(srcdir)/'`src/main/Login.cpp
+
+src/main/libtps_la-SecureId.lo: src/main/SecureId.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-SecureId.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-SecureId.Tpo -c -o src/main/libtps_la-SecureId.lo `test -f 'src/main/SecureId.cpp' || echo '$(srcdir)/'`src/main/SecureId.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-SecureId.Tpo src/main/$(DEPDIR)/libtps_la-SecureId.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/SecureId.cpp' object='src/main/libtps_la-SecureId.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-SecureId.lo `test -f 'src/main/SecureId.cpp' || echo '$(srcdir)/'`src/main/SecureId.cpp
+
+src/main/libtps_la-Memory.lo: src/main/Memory.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Memory.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-Memory.Tpo -c -o src/main/libtps_la-Memory.lo `test -f 'src/main/Memory.cpp' || echo '$(srcdir)/'`src/main/Memory.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-Memory.Tpo src/main/$(DEPDIR)/libtps_la-Memory.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Memory.cpp' object='src/main/libtps_la-Memory.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Memory.lo `test -f 'src/main/Memory.cpp' || echo '$(srcdir)/'`src/main/Memory.cpp
+
+src/main/libtps_la-AuthenticationEntry.lo: src/main/AuthenticationEntry.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-AuthenticationEntry.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Tpo -c -o src/main/libtps_la-AuthenticationEntry.lo `test -f 'src/main/AuthenticationEntry.cpp' || echo '$(srcdir)/'`src/main/AuthenticationEntry.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Tpo src/main/$(DEPDIR)/libtps_la-AuthenticationEntry.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthenticationEntry.cpp' object='src/main/libtps_la-AuthenticationEntry.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-AuthenticationEntry.lo `test -f 'src/main/AuthenticationEntry.cpp' || echo '$(srcdir)/'`src/main/AuthenticationEntry.cpp
+
+src/main/libtps_la-AuthParams.lo: src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-AuthParams.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-AuthParams.Tpo -c -o src/main/libtps_la-AuthParams.lo `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-AuthParams.Tpo src/main/$(DEPDIR)/libtps_la-AuthParams.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthParams.cpp' object='src/main/libtps_la-AuthParams.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-AuthParams.lo `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp
+
+src/main/libtps_la-Authentication.lo: src/main/Authentication.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-Authentication.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-Authentication.Tpo -c -o src/main/libtps_la-Authentication.lo `test -f 'src/main/Authentication.cpp' || echo '$(srcdir)/'`src/main/Authentication.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-Authentication.Tpo src/main/$(DEPDIR)/libtps_la-Authentication.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Authentication.cpp' object='src/main/libtps_la-Authentication.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-Authentication.lo `test -f 'src/main/Authentication.cpp' || echo '$(srcdir)/'`src/main/Authentication.cpp
+
+src/main/libtps_la-AttributeSpec.lo: src/main/AttributeSpec.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-AttributeSpec.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-AttributeSpec.Tpo -c -o src/main/libtps_la-AttributeSpec.lo `test -f 'src/main/AttributeSpec.cpp' || echo '$(srcdir)/'`src/main/AttributeSpec.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-AttributeSpec.Tpo src/main/$(DEPDIR)/libtps_la-AttributeSpec.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AttributeSpec.cpp' object='src/main/libtps_la-AttributeSpec.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-AttributeSpec.lo `test -f 'src/main/AttributeSpec.cpp' || echo '$(srcdir)/'`src/main/AttributeSpec.cpp
+
+src/main/libtps_la-ObjectSpec.lo: src/main/ObjectSpec.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-ObjectSpec.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-ObjectSpec.Tpo -c -o src/main/libtps_la-ObjectSpec.lo `test -f 'src/main/ObjectSpec.cpp' || echo '$(srcdir)/'`src/main/ObjectSpec.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-ObjectSpec.Tpo src/main/$(DEPDIR)/libtps_la-ObjectSpec.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/ObjectSpec.cpp' object='src/main/libtps_la-ObjectSpec.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-ObjectSpec.lo `test -f 'src/main/ObjectSpec.cpp' || echo '$(srcdir)/'`src/main/ObjectSpec.cpp
+
+src/main/libtps_la-PKCS11Obj.lo: src/main/PKCS11Obj.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-PKCS11Obj.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Tpo -c -o src/main/libtps_la-PKCS11Obj.lo `test -f 'src/main/PKCS11Obj.cpp' || echo '$(srcdir)/'`src/main/PKCS11Obj.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Tpo src/main/$(DEPDIR)/libtps_la-PKCS11Obj.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/PKCS11Obj.cpp' object='src/main/libtps_la-PKCS11Obj.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-PKCS11Obj.lo `test -f 'src/main/PKCS11Obj.cpp' || echo '$(srcdir)/'`src/main/PKCS11Obj.cpp
+
+src/main/libtps_la-LogFile.lo: src/main/LogFile.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-LogFile.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-LogFile.Tpo -c -o src/main/libtps_la-LogFile.lo `test -f 'src/main/LogFile.cpp' || echo '$(srcdir)/'`src/main/LogFile.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-LogFile.Tpo src/main/$(DEPDIR)/libtps_la-LogFile.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/LogFile.cpp' object='src/main/libtps_la-LogFile.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-LogFile.lo `test -f 'src/main/LogFile.cpp' || echo '$(srcdir)/'`src/main/LogFile.cpp
+
+src/main/libtps_la-RollingLogFile.lo: src/main/RollingLogFile.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/libtps_la-RollingLogFile.lo -MD -MP -MF src/main/$(DEPDIR)/libtps_la-RollingLogFile.Tpo -c -o src/main/libtps_la-RollingLogFile.lo `test -f 'src/main/RollingLogFile.cpp' || echo '$(srcdir)/'`src/main/RollingLogFile.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/libtps_la-RollingLogFile.Tpo src/main/$(DEPDIR)/libtps_la-RollingLogFile.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RollingLogFile.cpp' object='src/main/libtps_la-RollingLogFile.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/libtps_la-RollingLogFile.lo `test -f 'src/main/RollingLogFile.cpp' || echo '$(srcdir)/'`src/main/RollingLogFile.cpp
+
+src/httpClient/libtps_la-httpClient.lo: src/httpClient/httpClient.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-httpClient.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-httpClient.Tpo -c -o src/httpClient/libtps_la-httpClient.lo `test -f 'src/httpClient/httpClient.cpp' || echo '$(srcdir)/'`src/httpClient/httpClient.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-httpClient.Tpo src/httpClient/$(DEPDIR)/libtps_la-httpClient.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/httpClient.cpp' object='src/httpClient/libtps_la-httpClient.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-httpClient.lo `test -f 'src/httpClient/httpClient.cpp' || echo '$(srcdir)/'`src/httpClient/httpClient.cpp
+
+src/httpClient/libtps_la-Cache.lo: src/httpClient/Cache.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-Cache.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-Cache.Tpo -c -o src/httpClient/libtps_la-Cache.lo `test -f 'src/httpClient/Cache.cpp' || echo '$(srcdir)/'`src/httpClient/Cache.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-Cache.Tpo src/httpClient/$(DEPDIR)/libtps_la-Cache.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/Cache.cpp' object='src/httpClient/libtps_la-Cache.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-Cache.lo `test -f 'src/httpClient/Cache.cpp' || echo '$(srcdir)/'`src/httpClient/Cache.cpp
+
+src/httpClient/libtps_la-engine.lo: src/httpClient/engine.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-engine.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-engine.Tpo -c -o src/httpClient/libtps_la-engine.lo `test -f 'src/httpClient/engine.cpp' || echo '$(srcdir)/'`src/httpClient/engine.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-engine.Tpo src/httpClient/$(DEPDIR)/libtps_la-engine.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/engine.cpp' object='src/httpClient/libtps_la-engine.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-engine.lo `test -f 'src/httpClient/engine.cpp' || echo '$(srcdir)/'`src/httpClient/engine.cpp
+
+src/httpClient/libtps_la-http.lo: src/httpClient/http.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-http.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-http.Tpo -c -o src/httpClient/libtps_la-http.lo `test -f 'src/httpClient/http.cpp' || echo '$(srcdir)/'`src/httpClient/http.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-http.Tpo src/httpClient/$(DEPDIR)/libtps_la-http.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/http.cpp' object='src/httpClient/libtps_la-http.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-http.lo `test -f 'src/httpClient/http.cpp' || echo '$(srcdir)/'`src/httpClient/http.cpp
+
+src/httpClient/libtps_la-response.lo: src/httpClient/response.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-response.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-response.Tpo -c -o src/httpClient/libtps_la-response.lo `test -f 'src/httpClient/response.cpp' || echo '$(srcdir)/'`src/httpClient/response.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-response.Tpo src/httpClient/$(DEPDIR)/libtps_la-response.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/response.cpp' object='src/httpClient/libtps_la-response.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-response.lo `test -f 'src/httpClient/response.cpp' || echo '$(srcdir)/'`src/httpClient/response.cpp
+
+src/httpClient/libtps_la-request.lo: src/httpClient/request.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-request.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-request.Tpo -c -o src/httpClient/libtps_la-request.lo `test -f 'src/httpClient/request.cpp' || echo '$(srcdir)/'`src/httpClient/request.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-request.Tpo src/httpClient/$(DEPDIR)/libtps_la-request.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/request.cpp' object='src/httpClient/libtps_la-request.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-request.lo `test -f 'src/httpClient/request.cpp' || echo '$(srcdir)/'`src/httpClient/request.cpp
+
+src/httpClient/libtps_la-nscperror.lo: src/httpClient/nscperror.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/httpClient/libtps_la-nscperror.lo -MD -MP -MF src/httpClient/$(DEPDIR)/libtps_la-nscperror.Tpo -c -o src/httpClient/libtps_la-nscperror.lo `test -f 'src/httpClient/nscperror.cpp' || echo '$(srcdir)/'`src/httpClient/nscperror.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/httpClient/$(DEPDIR)/libtps_la-nscperror.Tpo src/httpClient/$(DEPDIR)/libtps_la-nscperror.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/httpClient/nscperror.cpp' object='src/httpClient/libtps_la-nscperror.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/httpClient/libtps_la-nscperror.lo `test -f 'src/httpClient/nscperror.cpp' || echo '$(srcdir)/'`src/httpClient/nscperror.cpp
+
+src/cms/libtps_la-HttpConnection.lo: src/cms/HttpConnection.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/cms/libtps_la-HttpConnection.lo -MD -MP -MF src/cms/$(DEPDIR)/libtps_la-HttpConnection.Tpo -c -o src/cms/libtps_la-HttpConnection.lo `test -f 'src/cms/HttpConnection.cpp' || echo '$(srcdir)/'`src/cms/HttpConnection.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/cms/$(DEPDIR)/libtps_la-HttpConnection.Tpo src/cms/$(DEPDIR)/libtps_la-HttpConnection.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/cms/HttpConnection.cpp' object='src/cms/libtps_la-HttpConnection.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/cms/libtps_la-HttpConnection.lo `test -f 'src/cms/HttpConnection.cpp' || echo '$(srcdir)/'`src/cms/HttpConnection.cpp
+
+src/cms/libtps_la-ConnectionInfo.lo: src/cms/ConnectionInfo.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/cms/libtps_la-ConnectionInfo.lo -MD -MP -MF src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Tpo -c -o src/cms/libtps_la-ConnectionInfo.lo `test -f 'src/cms/ConnectionInfo.cpp' || echo '$(srcdir)/'`src/cms/ConnectionInfo.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Tpo src/cms/$(DEPDIR)/libtps_la-ConnectionInfo.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/cms/ConnectionInfo.cpp' object='src/cms/libtps_la-ConnectionInfo.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/cms/libtps_la-ConnectionInfo.lo `test -f 'src/cms/ConnectionInfo.cpp' || echo '$(srcdir)/'`src/cms/ConnectionInfo.cpp
+
+src/cms/libtps_la-CertEnroll.lo: src/cms/CertEnroll.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/cms/libtps_la-CertEnroll.lo -MD -MP -MF src/cms/$(DEPDIR)/libtps_la-CertEnroll.Tpo -c -o src/cms/libtps_la-CertEnroll.lo `test -f 'src/cms/CertEnroll.cpp' || echo '$(srcdir)/'`src/cms/CertEnroll.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/cms/$(DEPDIR)/libtps_la-CertEnroll.Tpo src/cms/$(DEPDIR)/libtps_la-CertEnroll.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/cms/CertEnroll.cpp' object='src/cms/libtps_la-CertEnroll.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/cms/libtps_la-CertEnroll.lo `test -f 'src/cms/CertEnroll.cpp' || echo '$(srcdir)/'`src/cms/CertEnroll.cpp
+
+src/apdu/libtps_la-APDU.lo: src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-APDU.Tpo -c -o src/apdu/libtps_la-APDU.lo `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU.cpp' object='src/apdu/libtps_la-APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-APDU.lo `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp
+
+src/apdu/libtps_la-Unblock_Pin_APDU.lo: src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Unblock_Pin_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Tpo -c -o src/apdu/libtps_la-Unblock_Pin_APDU.lo `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Unblock_Pin_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Unblock_Pin_APDU.cpp' object='src/apdu/libtps_la-Unblock_Pin_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Unblock_Pin_APDU.lo `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp
+
+src/apdu/libtps_la-Create_Object_APDU.lo: src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Create_Object_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Tpo -c -o src/apdu/libtps_la-Create_Object_APDU.lo `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Create_Object_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Object_APDU.cpp' object='src/apdu/libtps_la-Create_Object_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Create_Object_APDU.lo `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp
+
+src/apdu/libtps_la-Set_Pin_APDU.lo: src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Set_Pin_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Tpo -c -o src/apdu/libtps_la-Set_Pin_APDU.lo `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Set_Pin_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_Pin_APDU.cpp' object='src/apdu/libtps_la-Set_Pin_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Set_Pin_APDU.lo `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp
+
+src/apdu/libtps_la-Set_IssuerInfo_APDU.lo: src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Set_IssuerInfo_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Tpo -c -o src/apdu/libtps_la-Set_IssuerInfo_APDU.lo `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Set_IssuerInfo_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_IssuerInfo_APDU.cpp' object='src/apdu/libtps_la-Set_IssuerInfo_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Set_IssuerInfo_APDU.lo `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp
+
+src/apdu/libtps_la-Get_IssuerInfo_APDU.lo: src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_IssuerInfo_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Tpo -c -o src/apdu/libtps_la-Get_IssuerInfo_APDU.lo `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Get_IssuerInfo_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_IssuerInfo_APDU.cpp' object='src/apdu/libtps_la-Get_IssuerInfo_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_IssuerInfo_APDU.lo `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp
+
+src/apdu/libtps_la-Create_Pin_APDU.lo: src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Create_Pin_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Tpo -c -o src/apdu/libtps_la-Create_Pin_APDU.lo `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Create_Pin_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Pin_APDU.cpp' object='src/apdu/libtps_la-Create_Pin_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Create_Pin_APDU.lo `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp
+
+src/apdu/libtps_la-List_Pins_APDU.lo: src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-List_Pins_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Tpo -c -o src/apdu/libtps_la-List_Pins_APDU.lo `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-List_Pins_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Pins_APDU.cpp' object='src/apdu/libtps_la-List_Pins_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-List_Pins_APDU.lo `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp
+
+src/apdu/libtps_la-Initialize_Update_APDU.lo: src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Initialize_Update_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Tpo -c -o src/apdu/libtps_la-Initialize_Update_APDU.lo `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Initialize_Update_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Initialize_Update_APDU.cpp' object='src/apdu/libtps_la-Initialize_Update_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Initialize_Update_APDU.lo `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp
+
+src/apdu/libtps_la-Get_Version_APDU.lo: src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_Version_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Tpo -c -o src/apdu/libtps_la-Get_Version_APDU.lo `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Get_Version_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Version_APDU.cpp' object='src/apdu/libtps_la-Get_Version_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_Version_APDU.lo `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp
+
+src/apdu/libtps_la-Get_Status_APDU.lo: src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_Status_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Tpo -c -o src/apdu/libtps_la-Get_Status_APDU.lo `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Get_Status_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Status_APDU.cpp' object='src/apdu/libtps_la-Get_Status_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_Status_APDU.lo `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp
+
+src/apdu/libtps_la-Get_Data_APDU.lo: src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Get_Data_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Tpo -c -o src/apdu/libtps_la-Get_Data_APDU.lo `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Get_Data_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Data_APDU.cpp' object='src/apdu/libtps_la-Get_Data_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Get_Data_APDU.lo `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp
+
+src/apdu/libtps_la-External_Authenticate_APDU.lo: src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-External_Authenticate_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Tpo -c -o src/apdu/libtps_la-External_Authenticate_APDU.lo `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-External_Authenticate_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/External_Authenticate_APDU.cpp' object='src/apdu/libtps_la-External_Authenticate_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-External_Authenticate_APDU.lo `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp
+
+src/apdu/libtps_la-Generate_Key_APDU.lo: src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Generate_Key_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Tpo -c -o src/apdu/libtps_la-Generate_Key_APDU.lo `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Generate_Key_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Generate_Key_APDU.cpp' object='src/apdu/libtps_la-Generate_Key_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Generate_Key_APDU.lo `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp
+
+src/apdu/libtps_la-Read_Buffer_APDU.lo: src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Read_Buffer_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Tpo -c -o src/apdu/libtps_la-Read_Buffer_APDU.lo `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Read_Buffer_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Buffer_APDU.cpp' object='src/apdu/libtps_la-Read_Buffer_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Read_Buffer_APDU.lo `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp
+
+src/apdu/libtps_la-Read_Object_APDU.lo: src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Read_Object_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Tpo -c -o src/apdu/libtps_la-Read_Object_APDU.lo `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Read_Object_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Object_APDU.cpp' object='src/apdu/libtps_la-Read_Object_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Read_Object_APDU.lo `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp
+
+src/apdu/libtps_la-Write_Object_APDU.lo: src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Write_Object_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Tpo -c -o src/apdu/libtps_la-Write_Object_APDU.lo `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Write_Object_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Write_Object_APDU.cpp' object='src/apdu/libtps_la-Write_Object_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Write_Object_APDU.lo `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp
+
+src/apdu/libtps_la-Put_Key_APDU.lo: src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Put_Key_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Tpo -c -o src/apdu/libtps_la-Put_Key_APDU.lo `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Put_Key_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Put_Key_APDU.cpp' object='src/apdu/libtps_la-Put_Key_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Put_Key_APDU.lo `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp
+
+src/apdu/libtps_la-Select_APDU.lo: src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Select_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Tpo -c -o src/apdu/libtps_la-Select_APDU.lo `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Select_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Select_APDU.cpp' object='src/apdu/libtps_la-Select_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Select_APDU.lo `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp
+
+src/apdu/libtps_la-Delete_File_APDU.lo: src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Delete_File_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Tpo -c -o src/apdu/libtps_la-Delete_File_APDU.lo `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Delete_File_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Delete_File_APDU.cpp' object='src/apdu/libtps_la-Delete_File_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Delete_File_APDU.lo `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp
+
+src/apdu/libtps_la-Install_Applet_APDU.lo: src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Install_Applet_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Tpo -c -o src/apdu/libtps_la-Install_Applet_APDU.lo `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Install_Applet_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Applet_APDU.cpp' object='src/apdu/libtps_la-Install_Applet_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Install_Applet_APDU.lo `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp
+
+src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo: src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Tpo -c -o src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Format_Muscle_Applet_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Format_Muscle_Applet_APDU.cpp' object='src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Format_Muscle_Applet_APDU.lo `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp
+
+src/apdu/libtps_la-Load_File_APDU.lo: src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Load_File_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Tpo -c -o src/apdu/libtps_la-Load_File_APDU.lo `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Load_File_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Load_File_APDU.cpp' object='src/apdu/libtps_la-Load_File_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Load_File_APDU.lo `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp
+
+src/apdu/libtps_la-Install_Load_APDU.lo: src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Install_Load_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Tpo -c -o src/apdu/libtps_la-Install_Load_APDU.lo `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Install_Load_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Load_APDU.cpp' object='src/apdu/libtps_la-Install_Load_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Install_Load_APDU.lo `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp
+
+src/apdu/libtps_la-Lifecycle_APDU.lo: src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Lifecycle_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Tpo -c -o src/apdu/libtps_la-Lifecycle_APDU.lo `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Lifecycle_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Lifecycle_APDU.cpp' object='src/apdu/libtps_la-Lifecycle_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Lifecycle_APDU.lo `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp
+
+src/apdu/libtps_la-List_Objects_APDU.lo: src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-List_Objects_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Tpo -c -o src/apdu/libtps_la-List_Objects_APDU.lo `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-List_Objects_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Objects_APDU.cpp' object='src/apdu/libtps_la-List_Objects_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-List_Objects_APDU.lo `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp
+
+src/apdu/libtps_la-Import_Key_APDU.lo: src/apdu/Import_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Import_Key_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Tpo -c -o src/apdu/libtps_la-Import_Key_APDU.lo `test -f 'src/apdu/Import_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Import_Key_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_APDU.cpp' object='src/apdu/libtps_la-Import_Key_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Import_Key_APDU.lo `test -f 'src/apdu/Import_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_APDU.cpp
+
+src/apdu/libtps_la-Import_Key_Enc_APDU.lo: src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-Import_Key_Enc_APDU.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Tpo -c -o src/apdu/libtps_la-Import_Key_Enc_APDU.lo `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Tpo src/apdu/$(DEPDIR)/libtps_la-Import_Key_Enc_APDU.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_Enc_APDU.cpp' object='src/apdu/libtps_la-Import_Key_Enc_APDU.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-Import_Key_Enc_APDU.lo `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp
+
+src/apdu/libtps_la-APDU_Response.lo: src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/libtps_la-APDU_Response.lo -MD -MP -MF src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Tpo -c -o src/apdu/libtps_la-APDU_Response.lo `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Tpo src/apdu/$(DEPDIR)/libtps_la-APDU_Response.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU_Response.cpp' object='src/apdu/libtps_la-APDU_Response.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/libtps_la-APDU_Response.lo `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp
+
+src/msg/libtps_la-RA_Begin_Op_Msg.lo: src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Begin_Op_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Tpo -c -o src/msg/libtps_la-RA_Begin_Op_Msg.lo `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Begin_Op_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Begin_Op_Msg.cpp' object='src/msg/libtps_la-RA_Begin_Op_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Begin_Op_Msg.lo `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp
+
+src/msg/libtps_la-RA_End_Op_Msg.lo: src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_End_Op_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Tpo -c -o src/msg/libtps_la-RA_End_Op_Msg.lo `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_End_Op_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_End_Op_Msg.cpp' object='src/msg/libtps_la-RA_End_Op_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_End_Op_Msg.lo `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp
+
+src/msg/libtps_la-RA_Login_Request_Msg.lo: src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Login_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_Login_Request_Msg.lo `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Login_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Request_Msg.cpp' object='src/msg/libtps_la-RA_Login_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Login_Request_Msg.lo `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Login_Response_Msg.lo: src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Login_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_Login_Response_Msg.lo `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Login_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Response_Msg.cpp' object='src/msg/libtps_la-RA_Login_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Login_Response_Msg.lo `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp
+
+src/msg/libtps_la-RA_SecureId_Request_Msg.lo: src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_SecureId_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_SecureId_Request_Msg.lo `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Request_Msg.cpp' object='src/msg/libtps_la-RA_SecureId_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_SecureId_Request_Msg.lo `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp
+
+src/msg/libtps_la-RA_SecureId_Response_Msg.lo: src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_SecureId_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_SecureId_Response_Msg.lo `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_SecureId_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Response_Msg.cpp' object='src/msg/libtps_la-RA_SecureId_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_SecureId_Response_Msg.lo `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp
+
+src/msg/libtps_la-RA_ASQ_Request_Msg.lo: src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_ASQ_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_ASQ_Request_Msg.lo `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Request_Msg.cpp' object='src/msg/libtps_la-RA_ASQ_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_ASQ_Request_Msg.lo `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp
+
+src/msg/libtps_la-RA_ASQ_Response_Msg.lo: src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_ASQ_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_ASQ_Response_Msg.lo `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_ASQ_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Response_Msg.cpp' object='src/msg/libtps_la-RA_ASQ_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_ASQ_Response_Msg.lo `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp
+
+src/msg/libtps_la-RA_New_Pin_Request_Msg.lo: src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_New_Pin_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_New_Pin_Request_Msg.lo `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Request_Msg.cpp' object='src/msg/libtps_la-RA_New_Pin_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_New_Pin_Request_Msg.lo `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp
+
+src/msg/libtps_la-RA_New_Pin_Response_Msg.lo: src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_New_Pin_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_New_Pin_Response_Msg.lo `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_New_Pin_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Response_Msg.cpp' object='src/msg/libtps_la-RA_New_Pin_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_New_Pin_Response_Msg.lo `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp
+
+src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo: src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Request_Msg.cpp' object='src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Token_PDU_Request_Msg.lo `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo: src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Token_PDU_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Response_Msg.cpp' object='src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Token_PDU_Response_Msg.lo `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp
+
+src/msg/libtps_la-RA_Status_Update_Request_Msg.lo: src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Status_Update_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_Status_Update_Request_Msg.lo `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Request_Msg.cpp' object='src/msg/libtps_la-RA_Status_Update_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Status_Update_Request_Msg.lo `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Status_Update_Response_Msg.lo: src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Status_Update_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_Status_Update_Response_Msg.lo `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Status_Update_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Response_Msg.cpp' object='src/msg/libtps_la-RA_Status_Update_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Status_Update_Response_Msg.lo `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp
+
+src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo: src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Tpo -c -o src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Request_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Request_Msg.cpp' object='src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Extended_Login_Request_Msg.lo `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp
+
+src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo: src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo -MD -MP -MF src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Tpo -c -o src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Tpo src/msg/$(DEPDIR)/libtps_la-RA_Extended_Login_Response_Msg.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Response_Msg.cpp' object='src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/libtps_la-RA_Extended_Login_Response_Msg.lo `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp
+
+src/channel/libtps_la-Channel.lo: src/channel/Channel.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/channel/libtps_la-Channel.lo -MD -MP -MF src/channel/$(DEPDIR)/libtps_la-Channel.Tpo -c -o src/channel/libtps_la-Channel.lo `test -f 'src/channel/Channel.cpp' || echo '$(srcdir)/'`src/channel/Channel.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/channel/$(DEPDIR)/libtps_la-Channel.Tpo src/channel/$(DEPDIR)/libtps_la-Channel.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/channel/Channel.cpp' object='src/channel/libtps_la-Channel.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/channel/libtps_la-Channel.lo `test -f 'src/channel/Channel.cpp' || echo '$(srcdir)/'`src/channel/Channel.cpp
+
+src/channel/libtps_la-Secure_Channel.lo: src/channel/Secure_Channel.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/channel/libtps_la-Secure_Channel.lo -MD -MP -MF src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Tpo -c -o src/channel/libtps_la-Secure_Channel.lo `test -f 'src/channel/Secure_Channel.cpp' || echo '$(srcdir)/'`src/channel/Secure_Channel.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Tpo src/channel/$(DEPDIR)/libtps_la-Secure_Channel.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/channel/Secure_Channel.cpp' object='src/channel/libtps_la-Secure_Channel.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/channel/libtps_la-Secure_Channel.lo `test -f 'src/channel/Secure_Channel.cpp' || echo '$(srcdir)/'`src/channel/Secure_Channel.cpp
+
+src/engine/libtps_la-RA.lo: src/engine/RA.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/engine/libtps_la-RA.lo -MD -MP -MF src/engine/$(DEPDIR)/libtps_la-RA.Tpo -c -o src/engine/libtps_la-RA.lo `test -f 'src/engine/RA.cpp' || echo '$(srcdir)/'`src/engine/RA.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/engine/$(DEPDIR)/libtps_la-RA.Tpo src/engine/$(DEPDIR)/libtps_la-RA.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/engine/RA.cpp' object='src/engine/libtps_la-RA.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/engine/libtps_la-RA.lo `test -f 'src/engine/RA.cpp' || echo '$(srcdir)/'`src/engine/RA.cpp
+
+src/processor/libtps_la-RA_Processor.lo: src/processor/RA_Processor.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Processor.lo -MD -MP -MF src/processor/$(DEPDIR)/libtps_la-RA_Processor.Tpo -c -o src/processor/libtps_la-RA_Processor.lo `test -f 'src/processor/RA_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Processor.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/processor/$(DEPDIR)/libtps_la-RA_Processor.Tpo src/processor/$(DEPDIR)/libtps_la-RA_Processor.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Processor.cpp' object='src/processor/libtps_la-RA_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Processor.lo `test -f 'src/processor/RA_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Processor.cpp
+
+src/processor/libtps_la-RA_Enroll_Processor.lo: src/processor/RA_Enroll_Processor.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Enroll_Processor.lo -MD -MP -MF src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Tpo -c -o src/processor/libtps_la-RA_Enroll_Processor.lo `test -f 'src/processor/RA_Enroll_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Enroll_Processor.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Tpo src/processor/$(DEPDIR)/libtps_la-RA_Enroll_Processor.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Enroll_Processor.cpp' object='src/processor/libtps_la-RA_Enroll_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Enroll_Processor.lo `test -f 'src/processor/RA_Enroll_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Enroll_Processor.cpp
+
+src/processor/libtps_la-RA_Pin_Reset_Processor.lo: src/processor/RA_Pin_Reset_Processor.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Pin_Reset_Processor.lo -MD -MP -MF src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Tpo -c -o src/processor/libtps_la-RA_Pin_Reset_Processor.lo `test -f 'src/processor/RA_Pin_Reset_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Pin_Reset_Processor.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Tpo src/processor/$(DEPDIR)/libtps_la-RA_Pin_Reset_Processor.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Pin_Reset_Processor.cpp' object='src/processor/libtps_la-RA_Pin_Reset_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Pin_Reset_Processor.lo `test -f 'src/processor/RA_Pin_Reset_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Pin_Reset_Processor.cpp
+
+src/processor/libtps_la-RA_Renew_Processor.lo: src/processor/RA_Renew_Processor.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Renew_Processor.lo -MD -MP -MF src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Tpo -c -o src/processor/libtps_la-RA_Renew_Processor.lo `test -f 'src/processor/RA_Renew_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Renew_Processor.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Tpo src/processor/$(DEPDIR)/libtps_la-RA_Renew_Processor.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Renew_Processor.cpp' object='src/processor/libtps_la-RA_Renew_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Renew_Processor.lo `test -f 'src/processor/RA_Renew_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Renew_Processor.cpp
+
+src/processor/libtps_la-RA_Unblock_Processor.lo: src/processor/RA_Unblock_Processor.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Unblock_Processor.lo -MD -MP -MF src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Tpo -c -o src/processor/libtps_la-RA_Unblock_Processor.lo `test -f 'src/processor/RA_Unblock_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Unblock_Processor.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Tpo src/processor/$(DEPDIR)/libtps_la-RA_Unblock_Processor.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Unblock_Processor.cpp' object='src/processor/libtps_la-RA_Unblock_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Unblock_Processor.lo `test -f 'src/processor/RA_Unblock_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Unblock_Processor.cpp
+
+src/processor/libtps_la-RA_Format_Processor.lo: src/processor/RA_Format_Processor.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/processor/libtps_la-RA_Format_Processor.lo -MD -MP -MF src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Tpo -c -o src/processor/libtps_la-RA_Format_Processor.lo `test -f 'src/processor/RA_Format_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Format_Processor.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Tpo src/processor/$(DEPDIR)/libtps_la-RA_Format_Processor.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/processor/RA_Format_Processor.cpp' object='src/processor/libtps_la-RA_Format_Processor.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/processor/libtps_la-RA_Format_Processor.lo `test -f 'src/processor/RA_Format_Processor.cpp' || echo '$(srcdir)/'`src/processor/RA_Format_Processor.cpp
+
+src/selftests/libtps_la-SelfTest.lo: src/selftests/SelfTest.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-SelfTest.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-SelfTest.Tpo -c -o src/selftests/libtps_la-SelfTest.lo `test -f 'src/selftests/SelfTest.cpp' || echo '$(srcdir)/'`src/selftests/SelfTest.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/selftests/$(DEPDIR)/libtps_la-SelfTest.Tpo src/selftests/$(DEPDIR)/libtps_la-SelfTest.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/selftests/SelfTest.cpp' object='src/selftests/libtps_la-SelfTest.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-SelfTest.lo `test -f 'src/selftests/SelfTest.cpp' || echo '$(srcdir)/'`src/selftests/SelfTest.cpp
+
+src/selftests/libtps_la-TPSSystemCertsVerification.lo: src/selftests/TPSSystemCertsVerification.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSSystemCertsVerification.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Tpo -c -o src/selftests/libtps_la-TPSSystemCertsVerification.lo `test -f 'src/selftests/TPSSystemCertsVerification.cpp' || echo '$(srcdir)/'`src/selftests/TPSSystemCertsVerification.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSSystemCertsVerification.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/selftests/TPSSystemCertsVerification.cpp' object='src/selftests/libtps_la-TPSSystemCertsVerification.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-TPSSystemCertsVerification.lo `test -f 'src/selftests/TPSSystemCertsVerification.cpp' || echo '$(srcdir)/'`src/selftests/TPSSystemCertsVerification.cpp
+
+src/selftests/libtps_la-TPSPresence.lo: src/selftests/TPSPresence.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSPresence.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Tpo -c -o src/selftests/libtps_la-TPSPresence.lo `test -f 'src/selftests/TPSPresence.cpp' || echo '$(srcdir)/'`src/selftests/TPSPresence.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSPresence.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/selftests/TPSPresence.cpp' object='src/selftests/libtps_la-TPSPresence.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-TPSPresence.lo `test -f 'src/selftests/TPSPresence.cpp' || echo '$(srcdir)/'`src/selftests/TPSPresence.cpp
+
+src/selftests/libtps_la-TPSValidity.lo: src/selftests/TPSValidity.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/selftests/libtps_la-TPSValidity.lo -MD -MP -MF src/selftests/$(DEPDIR)/libtps_la-TPSValidity.Tpo -c -o src/selftests/libtps_la-TPSValidity.lo `test -f 'src/selftests/TPSValidity.cpp' || echo '$(srcdir)/'`src/selftests/TPSValidity.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/selftests/$(DEPDIR)/libtps_la-TPSValidity.Tpo src/selftests/$(DEPDIR)/libtps_la-TPSValidity.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/selftests/TPSValidity.cpp' object='src/selftests/libtps_la-TPSValidity.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(libtps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/selftests/libtps_la-TPSValidity.lo `test -f 'src/selftests/TPSValidity.cpp' || echo '$(srcdir)/'`src/selftests/TPSValidity.cpp
+
+src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo: src/modules/tokendb/mod_tokendb.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo -MD -MP -MF src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Tpo -c -o src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo `test -f 'src/modules/tokendb/mod_tokendb.cpp' || echo '$(srcdir)/'`src/modules/tokendb/mod_tokendb.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Tpo src/modules/tokendb/$(DEPDIR)/mod_tokendb_la-mod_tokendb.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tokendb/mod_tokendb.cpp' object='src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tokendb_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tokendb/mod_tokendb_la-mod_tokendb.lo `test -f 'src/modules/tokendb/mod_tokendb.cpp' || echo '$(srcdir)/'`src/modules/tokendb/mod_tokendb.cpp
+
+src/modules/tps/mod_tps_la-AP_Context.lo: src/modules/tps/AP_Context.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tps/mod_tps_la-AP_Context.lo -MD -MP -MF src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Tpo -c -o src/modules/tps/mod_tps_la-AP_Context.lo `test -f 'src/modules/tps/AP_Context.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Context.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Tpo src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Context.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tps/AP_Context.cpp' object='src/modules/tps/mod_tps_la-AP_Context.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tps/mod_tps_la-AP_Context.lo `test -f 'src/modules/tps/AP_Context.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Context.cpp
+
+src/modules/tps/mod_tps_la-AP_Session.lo: src/modules/tps/AP_Session.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tps/mod_tps_la-AP_Session.lo -MD -MP -MF src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Tpo -c -o src/modules/tps/mod_tps_la-AP_Session.lo `test -f 'src/modules/tps/AP_Session.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Session.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Tpo src/modules/tps/$(DEPDIR)/mod_tps_la-AP_Session.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tps/AP_Session.cpp' object='src/modules/tps/mod_tps_la-AP_Session.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tps/mod_tps_la-AP_Session.lo `test -f 'src/modules/tps/AP_Session.cpp' || echo '$(srcdir)/'`src/modules/tps/AP_Session.cpp
+
+src/modules/tps/mod_tps_la-mod_tps.lo: src/modules/tps/mod_tps.cpp
+@am__fastdepCXX_TRUE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/modules/tps/mod_tps_la-mod_tps.lo -MD -MP -MF src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Tpo -c -o src/modules/tps/mod_tps_la-mod_tps.lo `test -f 'src/modules/tps/mod_tps.cpp' || echo '$(srcdir)/'`src/modules/tps/mod_tps.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Tpo src/modules/tps/$(DEPDIR)/mod_tps_la-mod_tps.Plo
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/modules/tps/mod_tps.cpp' object='src/modules/tps/mod_tps_la-mod_tps.lo' libtool=yes @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(LIBTOOL)  --tag=CXX $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(mod_tps_la_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/modules/tps/mod_tps_la-mod_tps.lo `test -f 'src/modules/tps/mod_tps.cpp' || echo '$(srcdir)/'`src/modules/tps/mod_tps.cpp
+
+tools/raclient/tpsclient-RA_Client.o: tools/raclient/RA_Client.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Client.o -MD -MP -MF tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo -c -o tools/raclient/tpsclient-RA_Client.o `test -f 'tools/raclient/RA_Client.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Client.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Client.cpp' object='tools/raclient/tpsclient-RA_Client.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Client.o `test -f 'tools/raclient/RA_Client.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Client.cpp
+
+tools/raclient/tpsclient-RA_Client.obj: tools/raclient/RA_Client.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Client.obj -MD -MP -MF tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo -c -o tools/raclient/tpsclient-RA_Client.obj `if test -f 'tools/raclient/RA_Client.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Client.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Client.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Tpo tools/raclient/$(DEPDIR)/tpsclient-RA_Client.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Client.cpp' object='tools/raclient/tpsclient-RA_Client.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Client.obj `if test -f 'tools/raclient/RA_Client.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Client.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Client.cpp'; fi`
+
+tools/raclient/tpsclient-RA_Conn.o: tools/raclient/RA_Conn.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Conn.o -MD -MP -MF tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo -c -o tools/raclient/tpsclient-RA_Conn.o `test -f 'tools/raclient/RA_Conn.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Conn.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Conn.cpp' object='tools/raclient/tpsclient-RA_Conn.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Conn.o `test -f 'tools/raclient/RA_Conn.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Conn.cpp
+
+tools/raclient/tpsclient-RA_Conn.obj: tools/raclient/RA_Conn.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Conn.obj -MD -MP -MF tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo -c -o tools/raclient/tpsclient-RA_Conn.obj `if test -f 'tools/raclient/RA_Conn.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Conn.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Conn.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Tpo tools/raclient/$(DEPDIR)/tpsclient-RA_Conn.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Conn.cpp' object='tools/raclient/tpsclient-RA_Conn.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Conn.obj `if test -f 'tools/raclient/RA_Conn.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Conn.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Conn.cpp'; fi`
+
+tools/raclient/tpsclient-RA_Token.o: tools/raclient/RA_Token.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Token.o -MD -MP -MF tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo -c -o tools/raclient/tpsclient-RA_Token.o `test -f 'tools/raclient/RA_Token.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Token.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Token.cpp' object='tools/raclient/tpsclient-RA_Token.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Token.o `test -f 'tools/raclient/RA_Token.cpp' || echo '$(srcdir)/'`tools/raclient/RA_Token.cpp
+
+tools/raclient/tpsclient-RA_Token.obj: tools/raclient/RA_Token.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT tools/raclient/tpsclient-RA_Token.obj -MD -MP -MF tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo -c -o tools/raclient/tpsclient-RA_Token.obj `if test -f 'tools/raclient/RA_Token.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Token.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Token.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Tpo tools/raclient/$(DEPDIR)/tpsclient-RA_Token.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='tools/raclient/RA_Token.cpp' object='tools/raclient/tpsclient-RA_Token.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o tools/raclient/tpsclient-RA_Token.obj `if test -f 'tools/raclient/RA_Token.cpp'; then $(CYGPATH_W) 'tools/raclient/RA_Token.cpp'; else $(CYGPATH_W) '$(srcdir)/tools/raclient/RA_Token.cpp'; fi`
+
+src/main/tpsclient-Buffer.o: src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Buffer.o -MD -MP -MF src/main/$(DEPDIR)/tpsclient-Buffer.Tpo -c -o src/main/tpsclient-Buffer.o `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-Buffer.Tpo src/main/$(DEPDIR)/tpsclient-Buffer.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Buffer.cpp' object='src/main/tpsclient-Buffer.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Buffer.o `test -f 'src/main/Buffer.cpp' || echo '$(srcdir)/'`src/main/Buffer.cpp
+
+src/main/tpsclient-Buffer.obj: src/main/Buffer.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Buffer.obj -MD -MP -MF src/main/$(DEPDIR)/tpsclient-Buffer.Tpo -c -o src/main/tpsclient-Buffer.obj `if test -f 'src/main/Buffer.cpp'; then $(CYGPATH_W) 'src/main/Buffer.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Buffer.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-Buffer.Tpo src/main/$(DEPDIR)/tpsclient-Buffer.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Buffer.cpp' object='src/main/tpsclient-Buffer.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Buffer.obj `if test -f 'src/main/Buffer.cpp'; then $(CYGPATH_W) 'src/main/Buffer.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Buffer.cpp'; fi`
+
+src/main/tpsclient-NameValueSet.o: src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-NameValueSet.o -MD -MP -MF src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo -c -o src/main/tpsclient-NameValueSet.o `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo src/main/$(DEPDIR)/tpsclient-NameValueSet.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/NameValueSet.cpp' object='src/main/tpsclient-NameValueSet.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-NameValueSet.o `test -f 'src/main/NameValueSet.cpp' || echo '$(srcdir)/'`src/main/NameValueSet.cpp
+
+src/main/tpsclient-NameValueSet.obj: src/main/NameValueSet.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-NameValueSet.obj -MD -MP -MF src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo -c -o src/main/tpsclient-NameValueSet.obj `if test -f 'src/main/NameValueSet.cpp'; then $(CYGPATH_W) 'src/main/NameValueSet.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/NameValueSet.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-NameValueSet.Tpo src/main/$(DEPDIR)/tpsclient-NameValueSet.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/NameValueSet.cpp' object='src/main/tpsclient-NameValueSet.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-NameValueSet.obj `if test -f 'src/main/NameValueSet.cpp'; then $(CYGPATH_W) 'src/main/NameValueSet.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/NameValueSet.cpp'; fi`
+
+src/main/tpsclient-Util.o: src/main/Util.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Util.o -MD -MP -MF src/main/$(DEPDIR)/tpsclient-Util.Tpo -c -o src/main/tpsclient-Util.o `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-Util.Tpo src/main/$(DEPDIR)/tpsclient-Util.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Util.cpp' object='src/main/tpsclient-Util.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Util.o `test -f 'src/main/Util.cpp' || echo '$(srcdir)/'`src/main/Util.cpp
+
+src/main/tpsclient-Util.obj: src/main/Util.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-Util.obj -MD -MP -MF src/main/$(DEPDIR)/tpsclient-Util.Tpo -c -o src/main/tpsclient-Util.obj `if test -f 'src/main/Util.cpp'; then $(CYGPATH_W) 'src/main/Util.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Util.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-Util.Tpo src/main/$(DEPDIR)/tpsclient-Util.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/Util.cpp' object='src/main/tpsclient-Util.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-Util.obj `if test -f 'src/main/Util.cpp'; then $(CYGPATH_W) 'src/main/Util.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/Util.cpp'; fi`
+
+src/main/tpsclient-AuthParams.o: src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-AuthParams.o -MD -MP -MF src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo -c -o src/main/tpsclient-AuthParams.o `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo src/main/$(DEPDIR)/tpsclient-AuthParams.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthParams.cpp' object='src/main/tpsclient-AuthParams.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-AuthParams.o `test -f 'src/main/AuthParams.cpp' || echo '$(srcdir)/'`src/main/AuthParams.cpp
+
+src/main/tpsclient-AuthParams.obj: src/main/AuthParams.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-AuthParams.obj -MD -MP -MF src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo -c -o src/main/tpsclient-AuthParams.obj `if test -f 'src/main/AuthParams.cpp'; then $(CYGPATH_W) 'src/main/AuthParams.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/AuthParams.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-AuthParams.Tpo src/main/$(DEPDIR)/tpsclient-AuthParams.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/AuthParams.cpp' object='src/main/tpsclient-AuthParams.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-AuthParams.obj `if test -f 'src/main/AuthParams.cpp'; then $(CYGPATH_W) 'src/main/AuthParams.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/AuthParams.cpp'; fi`
+
+src/apdu/tpsclient-APDU.o: src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo -c -o src/apdu/tpsclient-APDU.o `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU.cpp' object='src/apdu/tpsclient-APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU.o `test -f 'src/apdu/APDU.cpp' || echo '$(srcdir)/'`src/apdu/APDU.cpp
+
+src/apdu/tpsclient-APDU.obj: src/apdu/APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo -c -o src/apdu/tpsclient-APDU.obj `if test -f 'src/apdu/APDU.cpp'; then $(CYGPATH_W) 'src/apdu/APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU.cpp' object='src/apdu/tpsclient-APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU.obj `if test -f 'src/apdu/APDU.cpp'; then $(CYGPATH_W) 'src/apdu/APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU.cpp'; fi`
+
+src/apdu/tpsclient-APDU_Response.o: src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU_Response.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo -c -o src/apdu/tpsclient-APDU_Response.o `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU_Response.cpp' object='src/apdu/tpsclient-APDU_Response.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU_Response.o `test -f 'src/apdu/APDU_Response.cpp' || echo '$(srcdir)/'`src/apdu/APDU_Response.cpp
+
+src/apdu/tpsclient-APDU_Response.obj: src/apdu/APDU_Response.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-APDU_Response.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo -c -o src/apdu/tpsclient-APDU_Response.obj `if test -f 'src/apdu/APDU_Response.cpp'; then $(CYGPATH_W) 'src/apdu/APDU_Response.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU_Response.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Tpo src/apdu/$(DEPDIR)/tpsclient-APDU_Response.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/APDU_Response.cpp' object='src/apdu/tpsclient-APDU_Response.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-APDU_Response.obj `if test -f 'src/apdu/APDU_Response.cpp'; then $(CYGPATH_W) 'src/apdu/APDU_Response.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/APDU_Response.cpp'; fi`
+
+src/apdu/tpsclient-Create_Object_APDU.o: src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Object_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo -c -o src/apdu/tpsclient-Create_Object_APDU.o `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Object_APDU.cpp' object='src/apdu/tpsclient-Create_Object_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Object_APDU.o `test -f 'src/apdu/Create_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Object_APDU.cpp
+
+src/apdu/tpsclient-Create_Object_APDU.obj: src/apdu/Create_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Object_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo -c -o src/apdu/tpsclient-Create_Object_APDU.obj `if test -f 'src/apdu/Create_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Object_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Create_Object_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Object_APDU.cpp' object='src/apdu/tpsclient-Create_Object_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Object_APDU.obj `if test -f 'src/apdu/Create_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Object_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Create_Pin_APDU.o: src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Pin_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo -c -o src/apdu/tpsclient-Create_Pin_APDU.o `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Pin_APDU.cpp' object='src/apdu/tpsclient-Create_Pin_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Pin_APDU.o `test -f 'src/apdu/Create_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Create_Pin_APDU.cpp
+
+src/apdu/tpsclient-Create_Pin_APDU.obj: src/apdu/Create_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Create_Pin_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo -c -o src/apdu/tpsclient-Create_Pin_APDU.obj `if test -f 'src/apdu/Create_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Pin_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Create_Pin_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Create_Pin_APDU.cpp' object='src/apdu/tpsclient-Create_Pin_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Create_Pin_APDU.obj `if test -f 'src/apdu/Create_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Create_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Create_Pin_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Delete_File_APDU.o: src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Delete_File_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo -c -o src/apdu/tpsclient-Delete_File_APDU.o `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Delete_File_APDU.cpp' object='src/apdu/tpsclient-Delete_File_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Delete_File_APDU.o `test -f 'src/apdu/Delete_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Delete_File_APDU.cpp
+
+src/apdu/tpsclient-Delete_File_APDU.obj: src/apdu/Delete_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Delete_File_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo -c -o src/apdu/tpsclient-Delete_File_APDU.obj `if test -f 'src/apdu/Delete_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Delete_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Delete_File_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Delete_File_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Delete_File_APDU.cpp' object='src/apdu/tpsclient-Delete_File_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Delete_File_APDU.obj `if test -f 'src/apdu/Delete_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Delete_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Delete_File_APDU.cpp'; fi`
+
+src/apdu/tpsclient-External_Authenticate_APDU.o: src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-External_Authenticate_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo -c -o src/apdu/tpsclient-External_Authenticate_APDU.o `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/External_Authenticate_APDU.cpp' object='src/apdu/tpsclient-External_Authenticate_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-External_Authenticate_APDU.o `test -f 'src/apdu/External_Authenticate_APDU.cpp' || echo '$(srcdir)/'`src/apdu/External_Authenticate_APDU.cpp
+
+src/apdu/tpsclient-External_Authenticate_APDU.obj: src/apdu/External_Authenticate_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-External_Authenticate_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo -c -o src/apdu/tpsclient-External_Authenticate_APDU.obj `if test -f 'src/apdu/External_Authenticate_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/External_Authenticate_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/External_Authenticate_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-External_Authenticate_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/External_Authenticate_APDU.cpp' object='src/apdu/tpsclient-External_Authenticate_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-External_Authenticate_APDU.obj `if test -f 'src/apdu/External_Authenticate_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/External_Authenticate_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/External_Authenticate_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Format_Muscle_Applet_APDU.o: src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Format_Muscle_Applet_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.o `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Format_Muscle_Applet_APDU.cpp' object='src/apdu/tpsclient-Format_Muscle_Applet_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.o `test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Format_Muscle_Applet_APDU.cpp
+
+src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj: src/apdu/Format_Muscle_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj `if test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Format_Muscle_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Format_Muscle_Applet_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Format_Muscle_Applet_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Format_Muscle_Applet_APDU.cpp' object='src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Format_Muscle_Applet_APDU.obj `if test -f 'src/apdu/Format_Muscle_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Format_Muscle_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Format_Muscle_Applet_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Generate_Key_APDU.o: src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Generate_Key_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo -c -o src/apdu/tpsclient-Generate_Key_APDU.o `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Generate_Key_APDU.cpp' object='src/apdu/tpsclient-Generate_Key_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Generate_Key_APDU.o `test -f 'src/apdu/Generate_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Generate_Key_APDU.cpp
+
+src/apdu/tpsclient-Generate_Key_APDU.obj: src/apdu/Generate_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Generate_Key_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo -c -o src/apdu/tpsclient-Generate_Key_APDU.obj `if test -f 'src/apdu/Generate_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Generate_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Generate_Key_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Generate_Key_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Generate_Key_APDU.cpp' object='src/apdu/tpsclient-Generate_Key_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Generate_Key_APDU.obj `if test -f 'src/apdu/Generate_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Generate_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Generate_Key_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_Data_APDU.o: src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Data_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo -c -o src/apdu/tpsclient-Get_Data_APDU.o `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Data_APDU.cpp' object='src/apdu/tpsclient-Get_Data_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Data_APDU.o `test -f 'src/apdu/Get_Data_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Data_APDU.cpp
+
+src/apdu/tpsclient-Get_Data_APDU.obj: src/apdu/Get_Data_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Data_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo -c -o src/apdu/tpsclient-Get_Data_APDU.obj `if test -f 'src/apdu/Get_Data_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Data_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Data_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_Data_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Data_APDU.cpp' object='src/apdu/tpsclient-Get_Data_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Data_APDU.obj `if test -f 'src/apdu/Get_Data_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Data_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Data_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_Status_APDU.o: src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Status_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo -c -o src/apdu/tpsclient-Get_Status_APDU.o `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Status_APDU.cpp' object='src/apdu/tpsclient-Get_Status_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Status_APDU.o `test -f 'src/apdu/Get_Status_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Status_APDU.cpp
+
+src/apdu/tpsclient-Get_Status_APDU.obj: src/apdu/Get_Status_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Status_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo -c -o src/apdu/tpsclient-Get_Status_APDU.obj `if test -f 'src/apdu/Get_Status_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Status_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Status_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_Status_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Status_APDU.cpp' object='src/apdu/tpsclient-Get_Status_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Status_APDU.obj `if test -f 'src/apdu/Get_Status_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Status_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Status_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_Version_APDU.o: src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Version_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo -c -o src/apdu/tpsclient-Get_Version_APDU.o `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Version_APDU.cpp' object='src/apdu/tpsclient-Get_Version_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Version_APDU.o `test -f 'src/apdu/Get_Version_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_Version_APDU.cpp
+
+src/apdu/tpsclient-Get_Version_APDU.obj: src/apdu/Get_Version_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_Version_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo -c -o src/apdu/tpsclient-Get_Version_APDU.obj `if test -f 'src/apdu/Get_Version_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Version_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Version_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_Version_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_Version_APDU.cpp' object='src/apdu/tpsclient-Get_Version_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_Version_APDU.obj `if test -f 'src/apdu/Get_Version_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_Version_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_Version_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Initialize_Update_APDU.o: src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Initialize_Update_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo -c -o src/apdu/tpsclient-Initialize_Update_APDU.o `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Initialize_Update_APDU.cpp' object='src/apdu/tpsclient-Initialize_Update_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Initialize_Update_APDU.o `test -f 'src/apdu/Initialize_Update_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Initialize_Update_APDU.cpp
+
+src/apdu/tpsclient-Initialize_Update_APDU.obj: src/apdu/Initialize_Update_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Initialize_Update_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo -c -o src/apdu/tpsclient-Initialize_Update_APDU.obj `if test -f 'src/apdu/Initialize_Update_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Initialize_Update_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Initialize_Update_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Initialize_Update_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Initialize_Update_APDU.cpp' object='src/apdu/tpsclient-Initialize_Update_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Initialize_Update_APDU.obj `if test -f 'src/apdu/Initialize_Update_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Initialize_Update_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Initialize_Update_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Install_Applet_APDU.o: src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Applet_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo -c -o src/apdu/tpsclient-Install_Applet_APDU.o `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Applet_APDU.cpp' object='src/apdu/tpsclient-Install_Applet_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Applet_APDU.o `test -f 'src/apdu/Install_Applet_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Applet_APDU.cpp
+
+src/apdu/tpsclient-Install_Applet_APDU.obj: src/apdu/Install_Applet_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Applet_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo -c -o src/apdu/tpsclient-Install_Applet_APDU.obj `if test -f 'src/apdu/Install_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Applet_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Install_Applet_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Applet_APDU.cpp' object='src/apdu/tpsclient-Install_Applet_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Applet_APDU.obj `if test -f 'src/apdu/Install_Applet_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Applet_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Applet_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Install_Load_APDU.o: src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Load_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo -c -o src/apdu/tpsclient-Install_Load_APDU.o `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Load_APDU.cpp' object='src/apdu/tpsclient-Install_Load_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Load_APDU.o `test -f 'src/apdu/Install_Load_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Install_Load_APDU.cpp
+
+src/apdu/tpsclient-Install_Load_APDU.obj: src/apdu/Install_Load_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Install_Load_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo -c -o src/apdu/tpsclient-Install_Load_APDU.obj `if test -f 'src/apdu/Install_Load_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Load_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Load_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Install_Load_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Install_Load_APDU.cpp' object='src/apdu/tpsclient-Install_Load_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Install_Load_APDU.obj `if test -f 'src/apdu/Install_Load_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Install_Load_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Install_Load_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Lifecycle_APDU.o: src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Lifecycle_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo -c -o src/apdu/tpsclient-Lifecycle_APDU.o `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Lifecycle_APDU.cpp' object='src/apdu/tpsclient-Lifecycle_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Lifecycle_APDU.o `test -f 'src/apdu/Lifecycle_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Lifecycle_APDU.cpp
+
+src/apdu/tpsclient-Lifecycle_APDU.obj: src/apdu/Lifecycle_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Lifecycle_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo -c -o src/apdu/tpsclient-Lifecycle_APDU.obj `if test -f 'src/apdu/Lifecycle_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Lifecycle_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Lifecycle_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Lifecycle_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Lifecycle_APDU.cpp' object='src/apdu/tpsclient-Lifecycle_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Lifecycle_APDU.obj `if test -f 'src/apdu/Lifecycle_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Lifecycle_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Lifecycle_APDU.cpp'; fi`
+
+src/apdu/tpsclient-List_Objects_APDU.o: src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Objects_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo -c -o src/apdu/tpsclient-List_Objects_APDU.o `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Objects_APDU.cpp' object='src/apdu/tpsclient-List_Objects_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Objects_APDU.o `test -f 'src/apdu/List_Objects_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Objects_APDU.cpp
+
+src/apdu/tpsclient-List_Objects_APDU.obj: src/apdu/List_Objects_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Objects_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo -c -o src/apdu/tpsclient-List_Objects_APDU.obj `if test -f 'src/apdu/List_Objects_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Objects_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Objects_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-List_Objects_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Objects_APDU.cpp' object='src/apdu/tpsclient-List_Objects_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Objects_APDU.obj `if test -f 'src/apdu/List_Objects_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Objects_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Objects_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Set_IssuerInfo_APDU.o: src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_IssuerInfo_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.o `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Set_IssuerInfo_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.o `test -f 'src/apdu/Set_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_IssuerInfo_APDU.cpp
+
+src/apdu/tpsclient-Set_IssuerInfo_APDU.obj: src/apdu/Set_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_IssuerInfo_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.obj `if test -f 'src/apdu/Set_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_IssuerInfo_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Set_IssuerInfo_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Set_IssuerInfo_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_IssuerInfo_APDU.obj `if test -f 'src/apdu/Set_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_IssuerInfo_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Get_IssuerInfo_APDU.o: src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_IssuerInfo_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.o `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Get_IssuerInfo_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.o `test -f 'src/apdu/Get_IssuerInfo_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Get_IssuerInfo_APDU.cpp
+
+src/apdu/tpsclient-Get_IssuerInfo_APDU.obj: src/apdu/Get_IssuerInfo_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Get_IssuerInfo_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.obj `if test -f 'src/apdu/Get_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_IssuerInfo_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Get_IssuerInfo_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Get_IssuerInfo_APDU.cpp' object='src/apdu/tpsclient-Get_IssuerInfo_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Get_IssuerInfo_APDU.obj `if test -f 'src/apdu/Get_IssuerInfo_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Get_IssuerInfo_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Get_IssuerInfo_APDU.cpp'; fi`
+
+src/apdu/tpsclient-List_Pins_APDU.o: src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Pins_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo -c -o src/apdu/tpsclient-List_Pins_APDU.o `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Pins_APDU.cpp' object='src/apdu/tpsclient-List_Pins_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Pins_APDU.o `test -f 'src/apdu/List_Pins_APDU.cpp' || echo '$(srcdir)/'`src/apdu/List_Pins_APDU.cpp
+
+src/apdu/tpsclient-List_Pins_APDU.obj: src/apdu/List_Pins_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-List_Pins_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo -c -o src/apdu/tpsclient-List_Pins_APDU.obj `if test -f 'src/apdu/List_Pins_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Pins_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Pins_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-List_Pins_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/List_Pins_APDU.cpp' object='src/apdu/tpsclient-List_Pins_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-List_Pins_APDU.obj `if test -f 'src/apdu/List_Pins_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/List_Pins_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/List_Pins_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Load_File_APDU.o: src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Load_File_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo -c -o src/apdu/tpsclient-Load_File_APDU.o `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Load_File_APDU.cpp' object='src/apdu/tpsclient-Load_File_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Load_File_APDU.o `test -f 'src/apdu/Load_File_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Load_File_APDU.cpp
+
+src/apdu/tpsclient-Load_File_APDU.obj: src/apdu/Load_File_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Load_File_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo -c -o src/apdu/tpsclient-Load_File_APDU.obj `if test -f 'src/apdu/Load_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Load_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Load_File_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Load_File_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Load_File_APDU.cpp' object='src/apdu/tpsclient-Load_File_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Load_File_APDU.obj `if test -f 'src/apdu/Load_File_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Load_File_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Load_File_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Put_Key_APDU.o: src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Put_Key_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo -c -o src/apdu/tpsclient-Put_Key_APDU.o `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Put_Key_APDU.cpp' object='src/apdu/tpsclient-Put_Key_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Put_Key_APDU.o `test -f 'src/apdu/Put_Key_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Put_Key_APDU.cpp
+
+src/apdu/tpsclient-Put_Key_APDU.obj: src/apdu/Put_Key_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Put_Key_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo -c -o src/apdu/tpsclient-Put_Key_APDU.obj `if test -f 'src/apdu/Put_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Put_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Put_Key_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Put_Key_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Put_Key_APDU.cpp' object='src/apdu/tpsclient-Put_Key_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Put_Key_APDU.obj `if test -f 'src/apdu/Put_Key_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Put_Key_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Put_Key_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Read_Buffer_APDU.o: src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Buffer_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo -c -o src/apdu/tpsclient-Read_Buffer_APDU.o `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Buffer_APDU.cpp' object='src/apdu/tpsclient-Read_Buffer_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Buffer_APDU.o `test -f 'src/apdu/Read_Buffer_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Buffer_APDU.cpp
+
+src/apdu/tpsclient-Read_Buffer_APDU.obj: src/apdu/Read_Buffer_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Buffer_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo -c -o src/apdu/tpsclient-Read_Buffer_APDU.obj `if test -f 'src/apdu/Read_Buffer_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Buffer_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Buffer_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Read_Buffer_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Buffer_APDU.cpp' object='src/apdu/tpsclient-Read_Buffer_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Buffer_APDU.obj `if test -f 'src/apdu/Read_Buffer_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Buffer_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Buffer_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Read_Object_APDU.o: src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Object_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo -c -o src/apdu/tpsclient-Read_Object_APDU.o `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Object_APDU.cpp' object='src/apdu/tpsclient-Read_Object_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Object_APDU.o `test -f 'src/apdu/Read_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Read_Object_APDU.cpp
+
+src/apdu/tpsclient-Read_Object_APDU.obj: src/apdu/Read_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Read_Object_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo -c -o src/apdu/tpsclient-Read_Object_APDU.obj `if test -f 'src/apdu/Read_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Object_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Read_Object_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Read_Object_APDU.cpp' object='src/apdu/tpsclient-Read_Object_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Read_Object_APDU.obj `if test -f 'src/apdu/Read_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Read_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Read_Object_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Select_APDU.o: src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Select_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo -c -o src/apdu/tpsclient-Select_APDU.o `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Select_APDU.cpp' object='src/apdu/tpsclient-Select_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Select_APDU.o `test -f 'src/apdu/Select_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Select_APDU.cpp
+
+src/apdu/tpsclient-Select_APDU.obj: src/apdu/Select_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Select_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo -c -o src/apdu/tpsclient-Select_APDU.obj `if test -f 'src/apdu/Select_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Select_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Select_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Select_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Select_APDU.cpp' object='src/apdu/tpsclient-Select_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Select_APDU.obj `if test -f 'src/apdu/Select_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Select_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Select_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Set_Pin_APDU.o: src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_Pin_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo -c -o src/apdu/tpsclient-Set_Pin_APDU.o `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_Pin_APDU.cpp' object='src/apdu/tpsclient-Set_Pin_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_Pin_APDU.o `test -f 'src/apdu/Set_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Set_Pin_APDU.cpp
+
+src/apdu/tpsclient-Set_Pin_APDU.obj: src/apdu/Set_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Set_Pin_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo -c -o src/apdu/tpsclient-Set_Pin_APDU.obj `if test -f 'src/apdu/Set_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_Pin_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Set_Pin_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Set_Pin_APDU.cpp' object='src/apdu/tpsclient-Set_Pin_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Set_Pin_APDU.obj `if test -f 'src/apdu/Set_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Set_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Set_Pin_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Unblock_Pin_APDU.o: src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Unblock_Pin_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo -c -o src/apdu/tpsclient-Unblock_Pin_APDU.o `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Unblock_Pin_APDU.cpp' object='src/apdu/tpsclient-Unblock_Pin_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Unblock_Pin_APDU.o `test -f 'src/apdu/Unblock_Pin_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Unblock_Pin_APDU.cpp
+
+src/apdu/tpsclient-Unblock_Pin_APDU.obj: src/apdu/Unblock_Pin_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Unblock_Pin_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo -c -o src/apdu/tpsclient-Unblock_Pin_APDU.obj `if test -f 'src/apdu/Unblock_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Unblock_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Unblock_Pin_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Unblock_Pin_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Unblock_Pin_APDU.cpp' object='src/apdu/tpsclient-Unblock_Pin_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Unblock_Pin_APDU.obj `if test -f 'src/apdu/Unblock_Pin_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Unblock_Pin_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Unblock_Pin_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Write_Object_APDU.o: src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Write_Object_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo -c -o src/apdu/tpsclient-Write_Object_APDU.o `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Write_Object_APDU.cpp' object='src/apdu/tpsclient-Write_Object_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Write_Object_APDU.o `test -f 'src/apdu/Write_Object_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Write_Object_APDU.cpp
+
+src/apdu/tpsclient-Write_Object_APDU.obj: src/apdu/Write_Object_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Write_Object_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo -c -o src/apdu/tpsclient-Write_Object_APDU.obj `if test -f 'src/apdu/Write_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Write_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Write_Object_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Write_Object_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Write_Object_APDU.cpp' object='src/apdu/tpsclient-Write_Object_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Write_Object_APDU.obj `if test -f 'src/apdu/Write_Object_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Write_Object_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Write_Object_APDU.cpp'; fi`
+
+src/apdu/tpsclient-Import_Key_Enc_APDU.o: src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Import_Key_Enc_APDU.o -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.o `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_Enc_APDU.cpp' object='src/apdu/tpsclient-Import_Key_Enc_APDU.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.o `test -f 'src/apdu/Import_Key_Enc_APDU.cpp' || echo '$(srcdir)/'`src/apdu/Import_Key_Enc_APDU.cpp
+
+src/apdu/tpsclient-Import_Key_Enc_APDU.obj: src/apdu/Import_Key_Enc_APDU.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/apdu/tpsclient-Import_Key_Enc_APDU.obj -MD -MP -MF src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.obj `if test -f 'src/apdu/Import_Key_Enc_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Import_Key_Enc_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Import_Key_Enc_APDU.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Tpo src/apdu/$(DEPDIR)/tpsclient-Import_Key_Enc_APDU.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/apdu/Import_Key_Enc_APDU.cpp' object='src/apdu/tpsclient-Import_Key_Enc_APDU.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/apdu/tpsclient-Import_Key_Enc_APDU.obj `if test -f 'src/apdu/Import_Key_Enc_APDU.cpp'; then $(CYGPATH_W) 'src/apdu/Import_Key_Enc_APDU.cpp'; else $(CYGPATH_W) '$(srcdir)/src/apdu/Import_Key_Enc_APDU.cpp'; fi`
+
+src/main/tpsclient-RA_Msg.o: src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-RA_Msg.o -MD -MP -MF src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo -c -o src/main/tpsclient-RA_Msg.o `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo src/main/$(DEPDIR)/tpsclient-RA_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Msg.cpp' object='src/main/tpsclient-RA_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-RA_Msg.o `test -f 'src/main/RA_Msg.cpp' || echo '$(srcdir)/'`src/main/RA_Msg.cpp
+
+src/main/tpsclient-RA_Msg.obj: src/main/RA_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/main/tpsclient-RA_Msg.obj -MD -MP -MF src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo -c -o src/main/tpsclient-RA_Msg.obj `if test -f 'src/main/RA_Msg.cpp'; then $(CYGPATH_W) 'src/main/RA_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/RA_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/main/$(DEPDIR)/tpsclient-RA_Msg.Tpo src/main/$(DEPDIR)/tpsclient-RA_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/main/RA_Msg.cpp' object='src/main/tpsclient-RA_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/main/tpsclient-RA_Msg.obj `if test -f 'src/main/RA_Msg.cpp'; then $(CYGPATH_W) 'src/main/RA_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/main/RA_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Begin_Op_Msg.o: src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Begin_Op_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo -c -o src/msg/tpsclient-RA_Begin_Op_Msg.o `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Begin_Op_Msg.cpp' object='src/msg/tpsclient-RA_Begin_Op_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Begin_Op_Msg.o `test -f 'src/msg/RA_Begin_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Begin_Op_Msg.cpp
+
+src/msg/tpsclient-RA_Begin_Op_Msg.obj: src/msg/RA_Begin_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Begin_Op_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo -c -o src/msg/tpsclient-RA_Begin_Op_Msg.obj `if test -f 'src/msg/RA_Begin_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Begin_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Begin_Op_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Begin_Op_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Begin_Op_Msg.cpp' object='src/msg/tpsclient-RA_Begin_Op_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Begin_Op_Msg.obj `if test -f 'src/msg/RA_Begin_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Begin_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Begin_Op_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_End_Op_Msg.o: src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_End_Op_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo -c -o src/msg/tpsclient-RA_End_Op_Msg.o `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_End_Op_Msg.cpp' object='src/msg/tpsclient-RA_End_Op_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_End_Op_Msg.o `test -f 'src/msg/RA_End_Op_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_End_Op_Msg.cpp
+
+src/msg/tpsclient-RA_End_Op_Msg.obj: src/msg/RA_End_Op_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_End_Op_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo -c -o src/msg/tpsclient-RA_End_Op_Msg.obj `if test -f 'src/msg/RA_End_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_End_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_End_Op_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_End_Op_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_End_Op_Msg.cpp' object='src/msg/tpsclient-RA_End_Op_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_End_Op_Msg.obj `if test -f 'src/msg/RA_End_Op_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_End_Op_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_End_Op_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Login_Request_Msg.o: src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Login_Request_Msg.o `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Login_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Request_Msg.o `test -f 'src/msg/RA_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Login_Request_Msg.obj: src/msg/RA_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Login_Request_Msg.obj `if test -f 'src/msg/RA_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Login_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Login_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Request_Msg.obj `if test -f 'src/msg/RA_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Login_Response_Msg.o: src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Login_Response_Msg.o `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Login_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Response_Msg.o `test -f 'src/msg/RA_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Login_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Login_Response_Msg.obj: src/msg/RA_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Login_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Login_Response_Msg.obj `if test -f 'src/msg/RA_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Login_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Login_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Login_Response_Msg.obj `if test -f 'src/msg/RA_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Login_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Extended_Login_Request_Msg.o: src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.o `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.o `test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj: src/msg/RA_Extended_Login_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Request_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Request_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Extended_Login_Response_Msg.o: src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.o `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.o `test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Extended_Login_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj: src/msg/RA_Extended_Login_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Extended_Login_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Extended_Login_Response_Msg.cpp' object='src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Extended_Login_Response_Msg.obj `if test -f 'src/msg/RA_Extended_Login_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Extended_Login_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Extended_Login_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_ASQ_Request_Msg.o: src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.o `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Request_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.o `test -f 'src/msg/RA_ASQ_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Request_Msg.cpp
+
+src/msg/tpsclient-RA_ASQ_Request_Msg.obj: src/msg/RA_ASQ_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.obj `if test -f 'src/msg/RA_ASQ_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Request_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Request_Msg.obj `if test -f 'src/msg/RA_ASQ_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_ASQ_Response_Msg.o: src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.o `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Response_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.o `test -f 'src/msg/RA_ASQ_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_ASQ_Response_Msg.cpp
+
+src/msg/tpsclient-RA_ASQ_Response_Msg.obj: src/msg/RA_ASQ_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_ASQ_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.obj `if test -f 'src/msg/RA_ASQ_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_ASQ_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_ASQ_Response_Msg.cpp' object='src/msg/tpsclient-RA_ASQ_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_ASQ_Response_Msg.obj `if test -f 'src/msg/RA_ASQ_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_ASQ_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_ASQ_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_New_Pin_Request_Msg.o: src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.o `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Request_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.o `test -f 'src/msg/RA_New_Pin_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Request_Msg.cpp
+
+src/msg/tpsclient-RA_New_Pin_Request_Msg.obj: src/msg/RA_New_Pin_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.obj `if test -f 'src/msg/RA_New_Pin_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Request_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Request_Msg.obj `if test -f 'src/msg/RA_New_Pin_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_New_Pin_Response_Msg.o: src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.o `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Response_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.o `test -f 'src/msg/RA_New_Pin_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_New_Pin_Response_Msg.cpp
+
+src/msg/tpsclient-RA_New_Pin_Response_Msg.obj: src/msg/RA_New_Pin_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_New_Pin_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.obj `if test -f 'src/msg/RA_New_Pin_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_New_Pin_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_New_Pin_Response_Msg.cpp' object='src/msg/tpsclient-RA_New_Pin_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_New_Pin_Response_Msg.obj `if test -f 'src/msg/RA_New_Pin_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_New_Pin_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_New_Pin_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_SecureId_Request_Msg.o: src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.o `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Request_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.o `test -f 'src/msg/RA_SecureId_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Request_Msg.cpp
+
+src/msg/tpsclient-RA_SecureId_Request_Msg.obj: src/msg/RA_SecureId_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.obj `if test -f 'src/msg/RA_SecureId_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Request_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Request_Msg.obj `if test -f 'src/msg/RA_SecureId_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_SecureId_Response_Msg.o: src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.o `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Response_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.o `test -f 'src/msg/RA_SecureId_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_SecureId_Response_Msg.cpp
+
+src/msg/tpsclient-RA_SecureId_Response_Msg.obj: src/msg/RA_SecureId_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_SecureId_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.obj `if test -f 'src/msg/RA_SecureId_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_SecureId_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_SecureId_Response_Msg.cpp' object='src/msg/tpsclient-RA_SecureId_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_SecureId_Response_Msg.obj `if test -f 'src/msg/RA_SecureId_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_SecureId_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_SecureId_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Status_Update_Request_Msg.o: src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.o `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Request_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.o `test -f 'src/msg/RA_Status_Update_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Status_Update_Request_Msg.obj: src/msg/RA_Status_Update_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.obj `if test -f 'src/msg/RA_Status_Update_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Request_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Request_Msg.obj `if test -f 'src/msg/RA_Status_Update_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Status_Update_Response_Msg.o: src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.o `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Response_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.o `test -f 'src/msg/RA_Status_Update_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Status_Update_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Status_Update_Response_Msg.obj: src/msg/RA_Status_Update_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Status_Update_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.obj `if test -f 'src/msg/RA_Status_Update_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Status_Update_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Status_Update_Response_Msg.cpp' object='src/msg/tpsclient-RA_Status_Update_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Status_Update_Response_Msg.obj `if test -f 'src/msg/RA_Status_Update_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Status_Update_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Status_Update_Response_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Token_PDU_Request_Msg.o: src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Request_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.o `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Request_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Request_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.o `test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Request_Msg.cpp
+
+src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj: src/msg/RA_Token_PDU_Request_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Request_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Request_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Request_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Request_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Request_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Request_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Request_Msg.cpp'; fi`
+
+src/msg/tpsclient-RA_Token_PDU_Response_Msg.o: src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Response_Msg.o -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.o `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Response_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Response_Msg.o' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.o `test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp' || echo '$(srcdir)/'`src/msg/RA_Token_PDU_Response_Msg.cpp
+
+src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj: src/msg/RA_Token_PDU_Response_Msg.cpp
+@am__fastdepCXX_TRUE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -MT src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj -MD -MP -MF src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Response_Msg.cpp'; fi`
+@am__fastdepCXX_TRUE@	$(am__mv) src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Tpo src/msg/$(DEPDIR)/tpsclient-RA_Token_PDU_Response_Msg.Po
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	source='src/msg/RA_Token_PDU_Response_Msg.cpp' object='src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj' libtool=no @AMDEPBACKSLASH@
+@AMDEP_TRUE@@am__fastdepCXX_FALSE@	DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@
+@am__fastdepCXX_FALSE@	$(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tpsclient_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) -c -o src/msg/tpsclient-RA_Token_PDU_Response_Msg.obj `if test -f 'src/msg/RA_Token_PDU_Response_Msg.cpp'; then $(CYGPATH_W) 'src/msg/RA_Token_PDU_Response_Msg.cpp'; else $(CYGPATH_W) '$(srcdir)/src/msg/RA_Token_PDU_Response_Msg.cpp'; fi`
+
+mostlyclean-libtool:
+	-rm -f *.lo
+
+clean-libtool:
+	-rm -rf .libs _libs
+	-rm -rf src/apdu/.libs src/apdu/_libs
+	-rm -rf src/authentication/.libs src/authentication/_libs
+	-rm -rf src/channel/.libs src/channel/_libs
+	-rm -rf src/cms/.libs src/cms/_libs
+	-rm -rf src/engine/.libs src/engine/_libs
+	-rm -rf src/httpClient/.libs src/httpClient/_libs
+	-rm -rf src/main/.libs src/main/_libs
+	-rm -rf src/modules/tokendb/.libs src/modules/tokendb/_libs
+	-rm -rf src/modules/tps/.libs src/modules/tps/_libs
+	-rm -rf src/msg/.libs src/msg/_libs
+	-rm -rf src/processor/.libs src/processor/_libs
+	-rm -rf src/selftests/.libs src/selftests/_libs
+	-rm -rf src/tus/.libs src/tus/_libs
+
+distclean-libtool:
+	-rm -f libtool config.lt
+install-aliasDATA: $(alias_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(aliasdir)" || $(MKDIR_P) "$(DESTDIR)$(aliasdir)"
+	@list='$(alias_DATA)'; test -n "$(aliasdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(aliasdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(aliasdir)" || exit $$?; \
+	done
+
+uninstall-aliasDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(alias_DATA)'; test -n "$(aliasdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(aliasdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(aliasdir)" && rm -f $$files
+install-appletsDATA: $(applets_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(appletsdir)" || $(MKDIR_P) "$(DESTDIR)$(appletsdir)"
+	@list='$(applets_DATA)'; test -n "$(appletsdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(appletsdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(appletsdir)" || exit $$?; \
+	done
+
+uninstall-appletsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(applets_DATA)'; test -n "$(appletsdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(appletsdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(appletsdir)" && rm -f $$files
+install-cgibin_demoDATA: $(cgibin_demo_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_demodir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_demodir)"
+	@list='$(cgibin_demo_DATA)'; test -n "$(cgibin_demodir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cgibin_demodir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(cgibin_demodir)" || exit $$?; \
+	done
+
+uninstall-cgibin_demoDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_demo_DATA)'; test -n "$(cgibin_demodir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_demodir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_demodir)" && rm -f $$files
+install-cgibin_homeDATA: $(cgibin_home_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_homedir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_homedir)"
+	@list='$(cgibin_home_DATA)'; test -n "$(cgibin_homedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cgibin_homedir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(cgibin_homedir)" || exit $$?; \
+	done
+
+uninstall-cgibin_homeDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_home_DATA)'; test -n "$(cgibin_homedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_homedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_homedir)" && rm -f $$files
+install-cgibin_soDATA: $(cgibin_so_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sodir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_sodir)"
+	@list='$(cgibin_so_DATA)'; test -n "$(cgibin_sodir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cgibin_sodir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(cgibin_sodir)" || exit $$?; \
+	done
+
+uninstall-cgibin_soDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_so_DATA)'; test -n "$(cgibin_sodir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_sodir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_sodir)" && rm -f $$files
+install-cgibin_sowDATA: $(cgibin_sow_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(cgibin_sowdir)" || $(MKDIR_P) "$(DESTDIR)$(cgibin_sowdir)"
+	@list='$(cgibin_sow_DATA)'; test -n "$(cgibin_sowdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(cgibin_sowdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(cgibin_sowdir)" || exit $$?; \
+	done
+
+uninstall-cgibin_sowDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(cgibin_sow_DATA)'; test -n "$(cgibin_sowdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(cgibin_sowdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(cgibin_sowdir)" && rm -f $$files
+install-confDATA: $(conf_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(confdir)" || $(MKDIR_P) "$(DESTDIR)$(confdir)"
+	@list='$(conf_DATA)'; test -n "$(confdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(confdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(confdir)" || exit $$?; \
+	done
+
+uninstall-confDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(conf_DATA)'; test -n "$(confdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(confdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(confdir)" && rm -f $$files
+install-docrootDATA: $(docroot_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docrootdir)" || $(MKDIR_P) "$(DESTDIR)$(docrootdir)"
+	@list='$(docroot_DATA)'; test -n "$(docrootdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docrootdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docrootdir)" || exit $$?; \
+	done
+
+uninstall-docrootDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_DATA)'; test -n "$(docrootdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docrootdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docrootdir)" && rm -f $$files
+install-docroot_demoDATA: $(docroot_demo_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_demodir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_demodir)"
+	@list='$(docroot_demo_DATA)'; test -n "$(docroot_demodir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_demodir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_demodir)" || exit $$?; \
+	done
+
+uninstall-docroot_demoDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_demo_DATA)'; test -n "$(docroot_demodir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_demodir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_demodir)" && rm -f $$files
+install-docroot_homeDATA: $(docroot_home_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_homedir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_homedir)"
+	@list='$(docroot_home_DATA)'; test -n "$(docroot_homedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_homedir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_homedir)" || exit $$?; \
+	done
+
+uninstall-docroot_homeDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_home_DATA)'; test -n "$(docroot_homedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_homedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_homedir)" && rm -f $$files
+install-docroot_soDATA: $(docroot_so_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_sodir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_sodir)"
+	@list='$(docroot_so_DATA)'; test -n "$(docroot_sodir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_sodir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_sodir)" || exit $$?; \
+	done
+
+uninstall-docroot_soDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_so_DATA)'; test -n "$(docroot_sodir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_sodir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_sodir)" && rm -f $$files
+install-docroot_sowDATA: $(docroot_sow_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_sowdir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_sowdir)"
+	@list='$(docroot_sow_DATA)'; test -n "$(docroot_sowdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_sowdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_sowdir)" || exit $$?; \
+	done
+
+uninstall-docroot_sowDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_sow_DATA)'; test -n "$(docroot_sowdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_sowdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_sowdir)" && rm -f $$files
+install-docroot_tokendbDATA: $(docroot_tokendb_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tokendbdir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_tokendbdir)"
+	@list='$(docroot_tokendb_DATA)'; test -n "$(docroot_tokendbdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_tokendbdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_tokendbdir)" || exit $$?; \
+	done
+
+uninstall-docroot_tokendbDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tokendb_DATA)'; test -n "$(docroot_tokendbdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_tokendbdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_tokendbdir)" && rm -f $$files
+install-docroot_tps_configDATA: $(docroot_tps_config_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tps_configdir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_tps_configdir)"
+	@list='$(docroot_tps_config_DATA)'; test -n "$(docroot_tps_configdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_tps_configdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_tps_configdir)" || exit $$?; \
+	done
+
+uninstall-docroot_tps_configDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tps_config_DATA)'; test -n "$(docroot_tps_configdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_tps_configdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_tps_configdir)" && rm -f $$files
+install-docroot_tps_imgDATA: $(docroot_tps_img_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tps_imgdir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_tps_imgdir)"
+	@list='$(docroot_tps_img_DATA)'; test -n "$(docroot_tps_imgdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_tps_imgdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_tps_imgdir)" || exit $$?; \
+	done
+
+uninstall-docroot_tps_imgDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tps_img_DATA)'; test -n "$(docroot_tps_imgdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_tps_imgdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_tps_imgdir)" && rm -f $$files
+install-docroot_tps_jsDATA: $(docroot_tps_js_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(docroot_tps_jsdir)" || $(MKDIR_P) "$(DESTDIR)$(docroot_tps_jsdir)"
+	@list='$(docroot_tps_js_DATA)'; test -n "$(docroot_tps_jsdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(docroot_tps_jsdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(docroot_tps_jsdir)" || exit $$?; \
+	done
+
+uninstall-docroot_tps_jsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(docroot_tps_js_DATA)'; test -n "$(docroot_tps_jsdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(docroot_tps_jsdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(docroot_tps_jsdir)" && rm -f $$files
+install-licenseDATA: $(license_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(licensedir)" || $(MKDIR_P) "$(DESTDIR)$(licensedir)"
+	@list='$(license_DATA)'; test -n "$(licensedir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(licensedir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(licensedir)" || exit $$?; \
+	done
+
+uninstall-licenseDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(license_DATA)'; test -n "$(licensedir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(licensedir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(licensedir)" && rm -f $$files
+install-logsDATA: $(logs_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(logsdir)" || $(MKDIR_P) "$(DESTDIR)$(logsdir)"
+	@list='$(logs_DATA)'; test -n "$(logsdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(logsdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(logsdir)" || exit $$?; \
+	done
+
+uninstall-logsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(logs_DATA)'; test -n "$(logsdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(logsdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(logsdir)" && rm -f $$files
+install-samplesDATA: $(samples_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(samplesdir)" || $(MKDIR_P) "$(DESTDIR)$(samplesdir)"
+	@list='$(samples_DATA)'; test -n "$(samplesdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(samplesdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(samplesdir)" || exit $$?; \
+	done
+
+uninstall-samplesDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(samples_DATA)'; test -n "$(samplesdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(samplesdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(samplesdir)" && rm -f $$files
+install-scriptsDATA: $(scripts_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(scriptsdir)" || $(MKDIR_P) "$(DESTDIR)$(scriptsdir)"
+	@list='$(scripts_DATA)'; test -n "$(scriptsdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(scriptsdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(scriptsdir)" || exit $$?; \
+	done
+
+uninstall-scriptsDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(scripts_DATA)'; test -n "$(scriptsdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(scriptsdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(scriptsdir)" && rm -f $$files
+install-setupDATA: $(setup_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(setupdir)" || $(MKDIR_P) "$(DESTDIR)$(setupdir)"
+	@list='$(setup_DATA)'; test -n "$(setupdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(setupdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(setupdir)" || exit $$?; \
+	done
+
+uninstall-setupDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(setup_DATA)'; test -n "$(setupdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(setupdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(setupdir)" && rm -f $$files
+install-templatesDATA: $(templates_DATA)
+	@$(NORMAL_INSTALL)
+	test -z "$(templatesdir)" || $(MKDIR_P) "$(DESTDIR)$(templatesdir)"
+	@list='$(templates_DATA)'; test -n "$(templatesdir)" || list=; \
+	for p in $$list; do \
+	  if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
+	  echo "$$d$$p"; \
+	done | $(am__base_list) | \
+	while read files; do \
+	  echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesdir)'"; \
+	  $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesdir)" || exit $$?; \
+	done
+
+uninstall-templatesDATA:
+	@$(NORMAL_UNINSTALL)
+	@list='$(templates_DATA)'; test -n "$(templatesdir)" || list=; \
+	files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \
+	test -n "$$files" || exit 0; \
+	echo " ( cd '$(DESTDIR)$(templatesdir)' && rm -f" $$files ")"; \
+	cd "$(DESTDIR)$(templatesdir)" && rm -f $$files
+
+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
+	list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	mkid -fID $$unique
+tags: TAGS
+
+TAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	set x; \
+	here=`pwd`; \
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	shift; \
+	if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
+	  test -n "$$unique" || unique=$$empty_fix; \
+	  if test $$# -gt 0; then \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      "$$@" $$unique; \
+	  else \
+	    $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
+	      $$unique; \
+	  fi; \
+	fi
+ctags: CTAGS
+CTAGS:  $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) \
+		$(TAGS_FILES) $(LISP)
+	list='$(SOURCES) $(HEADERS) config.h.in $(LISP) $(TAGS_FILES)'; \
+	unique=`for i in $$list; do \
+	    if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
+	  done | \
+	  $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
+	      END { if (nonempty) { for (i in files) print i; }; }'`; \
+	test -z "$(CTAGS_ARGS)$$unique" \
+	  || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
+	     $$unique
+
+GTAGS:
+	here=`$(am__cd) $(top_builddir) && pwd` \
+	  && $(am__cd) $(top_srcdir) \
+	  && gtags -i $(GTAGS_ARGS) "$$here"
+
+distclean-tags:
+	-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
+
+distdir: $(DISTFILES)
+	$(am__remove_distdir)
+	test -d "$(distdir)" || mkdir "$(distdir)"
+	@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
+	list='$(DISTFILES)'; \
+	  dist_files=`for file in $$list; do echo $$file; done | \
+	  sed -e "s|^$$srcdirstrip/||;t" \
+	      -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
+	case $$dist_files in \
+	  */*) $(MKDIR_P) `echo "$$dist_files" | \
+			   sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
+			   sort -u` ;; \
+	esac; \
+	for file in $$dist_files; do \
+	  if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
+	  if test -d $$d/$$file; then \
+	    dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
+	    if test -d "$(distdir)/$$file"; then \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
+	      cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
+	      find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
+	    fi; \
+	    cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
+	  else \
+	    test -f "$(distdir)/$$file" \
+	    || cp -p $$d/$$file "$(distdir)/$$file" \
+	    || exit 1; \
+	  fi; \
+	done
+	-test -n "$(am__skip_mode_fix)" \
+	|| find "$(distdir)" -type d ! -perm -755 \
+		-exec chmod u+rwx,go+rx {} \; -o \
+	  ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -400 -exec chmod a+r {} \; -o \
+	  ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \
+	|| chmod -R a+r "$(distdir)"
+dist-gzip: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+dist-bzip2: distdir
+	tardir=$(distdir) && $(am__tar) | bzip2 -9 -c >$(distdir).tar.bz2
+	$(am__remove_distdir)
+
+dist-lzma: distdir
+	tardir=$(distdir) && $(am__tar) | lzma -9 -c >$(distdir).tar.lzma
+	$(am__remove_distdir)
+
+dist-xz: distdir
+	tardir=$(distdir) && $(am__tar) | xz -c >$(distdir).tar.xz
+	$(am__remove_distdir)
+
+dist-tarZ: distdir
+	tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z
+	$(am__remove_distdir)
+
+dist-shar: distdir
+	shar $(distdir) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).shar.gz
+	$(am__remove_distdir)
+
+dist-zip: distdir
+	-rm -f $(distdir).zip
+	zip -rq $(distdir).zip $(distdir)
+	$(am__remove_distdir)
+
+dist dist-all: distdir
+	tardir=$(distdir) && $(am__tar) | GZIP=$(GZIP_ENV) gzip -c >$(distdir).tar.gz
+	$(am__remove_distdir)
+
+# This target untars the dist file and tries a VPATH configuration.  Then
+# it guarantees that the distribution is self-contained by making another
+# tarfile.
+distcheck: dist
+	case '$(DIST_ARCHIVES)' in \
+	*.tar.gz*) \
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).tar.gz | $(am__untar) ;;\
+	*.tar.bz2*) \
+	  bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\
+	*.tar.lzma*) \
+	  lzma -dc $(distdir).tar.lzma | $(am__untar) ;;\
+	*.tar.xz*) \
+	  xz -dc $(distdir).tar.xz | $(am__untar) ;;\
+	*.tar.Z*) \
+	  uncompress -c $(distdir).tar.Z | $(am__untar) ;;\
+	*.shar.gz*) \
+	  GZIP=$(GZIP_ENV) gzip -dc $(distdir).shar.gz | unshar ;;\
+	*.zip*) \
+	  unzip $(distdir).zip ;;\
+	esac
+	chmod -R a-w $(distdir); chmod a+w $(distdir)
+	mkdir $(distdir)/_build
+	mkdir $(distdir)/_inst
+	chmod a-w $(distdir)
+	test -d $(distdir)/_build || exit 0; \
+	dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \
+	  && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \
+	  && am__cwd=`pwd` \
+	  && $(am__cd) $(distdir)/_build \
+	  && ../configure --srcdir=.. --prefix="$$dc_install_base" \
+	    $(DISTCHECK_CONFIGURE_FLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) \
+	  && $(MAKE) $(AM_MAKEFLAGS) dvi \
+	  && $(MAKE) $(AM_MAKEFLAGS) check \
+	  && $(MAKE) $(AM_MAKEFLAGS) install \
+	  && $(MAKE) $(AM_MAKEFLAGS) installcheck \
+	  && $(MAKE) $(AM_MAKEFLAGS) uninstall \
+	  && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \
+	        distuninstallcheck \
+	  && chmod -R a-w "$$dc_install_base" \
+	  && ({ \
+	       (cd ../.. && umask 077 && mkdir "$$dc_destdir") \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \
+	       && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \
+	            distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \
+	      } || { rm -rf "$$dc_destdir"; exit 1; }) \
+	  && rm -rf "$$dc_destdir" \
+	  && $(MAKE) $(AM_MAKEFLAGS) dist \
+	  && rm -rf $(DIST_ARCHIVES) \
+	  && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \
+	  && cd "$$am__cwd" \
+	  || exit 1
+	$(am__remove_distdir)
+	@(echo "$(distdir) archives ready for distribution: "; \
+	  list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \
+	  sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x'
+distuninstallcheck:
+	@$(am__cd) '$(distuninstallcheck_dir)' \
+	&& test `$(distuninstallcheck_listfiles) | wc -l` -le 1 \
+	   || { echo "ERROR: files left after uninstall:" ; \
+	        if test -n "$(DESTDIR)"; then \
+	          echo "  (check DESTDIR support)"; \
+	        fi ; \
+	        $(distuninstallcheck_listfiles) ; \
+	        exit 1; } >&2
+distcleancheck: distclean
+	@if test '$(srcdir)' = . ; then \
+	  echo "ERROR: distcleancheck can only run from a VPATH build" ; \
+	  exit 1 ; \
+	fi
+	@test `$(distcleancheck_listfiles) | wc -l` -eq 0 \
+	  || { echo "ERROR: files left in build directory after distclean:" ; \
+	       $(distcleancheck_listfiles) ; \
+	       exit 1; } >&2
+check-am: all-am
+check: check-am
+all-am: Makefile $(LTLIBRARIES) $(PROGRAMS) $(SCRIPTS) $(DATA) \
+		config.h
+installdirs:
+	for dir in "$(DESTDIR)$(apache_modulesdir)" "$(DESTDIR)$(libdir)" "$(DESTDIR)$(libexecdir)" "$(DESTDIR)$(bindir)" "$(DESTDIR)$(cgibin_demodir)" "$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" "$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(initddir)" "$(DESTDIR)$(perl_basedir)" "$(DESTDIR)$(perl_modulesdir)" "$(DESTDIR)$(perl_servicedir)" "$(DESTDIR)$(perl_templatesdir)" "$(DESTDIR)$(scriptsdir)" "$(DESTDIR)$(aliasdir)" "$(DESTDIR)$(appletsdir)" "$(DESTDIR)$(cgibin_demodir)" "$(DESTDIR)$(cgibin_homedir)" "$(DESTDIR)$(cgibin_sodir)" "$(DESTDIR)$(cgibin_sowdir)" "$(DESTDIR)$(confdir)" "$(DESTDIR)$(docrootdir)" "$(DESTDIR)$(docroot_demodir)" "$(DESTDIR)$(docroot_homedir)" "$(DESTDIR)$(docroot_sodir)" "$(DESTDIR)$(docroot_sowdir)" "$(DESTDIR)$(docroot_tokendbdir)" "$(DESTDIR)$(docroot_tps_configdir)" "$(DESTDIR)$(docroot_tps_imgdir)" "$(DESTDIR)$(docroot_tps_jsdir)" "$(DESTDIR)$(licensedir)" "$(DESTDIR)$(logsdir)" "$(DESTDIR)$(samplesdir)" "$(DESTDIR)$(scriptsdir)" "$(DESTDIR)$(setupdir)" "$(DESTDIR)$(templatesdir)"; do \
+	  test -z "$$dir" || $(MKDIR_P) "$$dir"; \
+	done
+install: install-am
+install-exec: install-exec-am
+install-data: install-data-am
+uninstall: uninstall-am
+
+install-am: all-am
+	@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
+
+installcheck: installcheck-am
+install-strip:
+	$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
+	  install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
+	  `test -z '$(STRIP)' || \
+	    echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
+mostlyclean-generic:
+
+clean-generic:
+
+distclean-generic:
+	-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
+	-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
+	-rm -f src/apdu/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/apdu/$(am__dirstamp)
+	-rm -f src/authentication/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/authentication/$(am__dirstamp)
+	-rm -f src/channel/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/channel/$(am__dirstamp)
+	-rm -f src/cms/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/cms/$(am__dirstamp)
+	-rm -f src/engine/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/engine/$(am__dirstamp)
+	-rm -f src/httpClient/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/httpClient/$(am__dirstamp)
+	-rm -f src/main/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/main/$(am__dirstamp)
+	-rm -f src/modules/tokendb/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/modules/tokendb/$(am__dirstamp)
+	-rm -f src/modules/tps/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/modules/tps/$(am__dirstamp)
+	-rm -f src/msg/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/msg/$(am__dirstamp)
+	-rm -f src/processor/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/processor/$(am__dirstamp)
+	-rm -f src/selftests/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/selftests/$(am__dirstamp)
+	-rm -f src/tus/$(DEPDIR)/$(am__dirstamp)
+	-rm -f src/tus/$(am__dirstamp)
+	-rm -f tools/raclient/$(DEPDIR)/$(am__dirstamp)
+	-rm -f tools/raclient/$(am__dirstamp)
+
+maintainer-clean-generic:
+	@echo "This command is intended for maintainers to use"
+	@echo "it deletes files that may require special tools to rebuild."
+clean: clean-am
+
+clean-am: clean-apache_modulesLTLIBRARIES clean-generic \
+	clean-libLTLIBRARIES clean-libexecPROGRAMS clean-libtool \
+	mostlyclean-am
+
+distclean: distclean-am
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf src/apdu/$(DEPDIR) src/authentication/$(DEPDIR) src/channel/$(DEPDIR) src/cms/$(DEPDIR) src/engine/$(DEPDIR) src/httpClient/$(DEPDIR) src/main/$(DEPDIR) src/modules/tokendb/$(DEPDIR) src/modules/tps/$(DEPDIR) src/msg/$(DEPDIR) src/processor/$(DEPDIR) src/selftests/$(DEPDIR) src/tus/$(DEPDIR) tools/raclient/$(DEPDIR)
+	-rm -f Makefile
+distclean-am: clean-am distclean-compile distclean-generic \
+	distclean-hdr distclean-libtool distclean-tags
+
+dvi: dvi-am
+
+dvi-am:
+
+html: html-am
+
+html-am:
+
+info: info-am
+
+info-am:
+
+install-data-am: install-aliasDATA install-apache_modulesLTLIBRARIES \
+	install-appletsDATA install-cgibin_demoDATA \
+	install-cgibin_demoSCRIPTS install-cgibin_homeDATA \
+	install-cgibin_homeSCRIPTS install-cgibin_soDATA \
+	install-cgibin_soSCRIPTS install-cgibin_sowDATA \
+	install-cgibin_sowSCRIPTS install-confDATA install-docrootDATA \
+	install-docroot_demoDATA install-docroot_homeDATA \
+	install-docroot_soDATA install-docroot_sowDATA \
+	install-docroot_tokendbDATA install-docroot_tps_configDATA \
+	install-docroot_tps_imgDATA install-docroot_tps_jsDATA \
+	install-initdSCRIPTS install-licenseDATA install-logsDATA \
+	install-perl_baseSCRIPTS install-perl_modulesSCRIPTS \
+	install-perl_serviceSCRIPTS install-perl_templatesSCRIPTS \
+	install-samplesDATA install-scriptsDATA install-scriptsSCRIPTS \
+	install-setupDATA install-templatesDATA
+
+install-dvi: install-dvi-am
+
+install-dvi-am:
+
+install-exec-am: install-binSCRIPTS install-libLTLIBRARIES \
+	install-libexecPROGRAMS
+
+install-html: install-html-am
+
+install-html-am:
+
+install-info: install-info-am
+
+install-info-am:
+
+install-man:
+
+install-pdf: install-pdf-am
+
+install-pdf-am:
+
+install-ps: install-ps-am
+
+install-ps-am:
+
+installcheck-am:
+
+maintainer-clean: maintainer-clean-am
+	-rm -f $(am__CONFIG_DISTCLEAN_FILES)
+	-rm -rf $(top_srcdir)/autom4te.cache
+	-rm -rf src/apdu/$(DEPDIR) src/authentication/$(DEPDIR) src/channel/$(DEPDIR) src/cms/$(DEPDIR) src/engine/$(DEPDIR) src/httpClient/$(DEPDIR) src/main/$(DEPDIR) src/modules/tokendb/$(DEPDIR) src/modules/tps/$(DEPDIR) src/msg/$(DEPDIR) src/processor/$(DEPDIR) src/selftests/$(DEPDIR) src/tus/$(DEPDIR) tools/raclient/$(DEPDIR)
+	-rm -f Makefile
+maintainer-clean-am: distclean-am maintainer-clean-generic
+
+mostlyclean: mostlyclean-am
+
+mostlyclean-am: mostlyclean-compile mostlyclean-generic \
+	mostlyclean-libtool
+
+pdf: pdf-am
+
+pdf-am:
+
+ps: ps-am
+
+ps-am:
+
+uninstall-am: uninstall-aliasDATA uninstall-apache_modulesLTLIBRARIES \
+	uninstall-appletsDATA uninstall-binSCRIPTS \
+	uninstall-cgibin_demoDATA uninstall-cgibin_demoSCRIPTS \
+	uninstall-cgibin_homeDATA uninstall-cgibin_homeSCRIPTS \
+	uninstall-cgibin_soDATA uninstall-cgibin_soSCRIPTS \
+	uninstall-cgibin_sowDATA uninstall-cgibin_sowSCRIPTS \
+	uninstall-confDATA uninstall-docrootDATA \
+	uninstall-docroot_demoDATA uninstall-docroot_homeDATA \
+	uninstall-docroot_soDATA uninstall-docroot_sowDATA \
+	uninstall-docroot_tokendbDATA uninstall-docroot_tps_configDATA \
+	uninstall-docroot_tps_imgDATA uninstall-docroot_tps_jsDATA \
+	uninstall-initdSCRIPTS uninstall-libLTLIBRARIES \
+	uninstall-libexecPROGRAMS uninstall-licenseDATA \
+	uninstall-logsDATA uninstall-perl_baseSCRIPTS \
+	uninstall-perl_modulesSCRIPTS uninstall-perl_serviceSCRIPTS \
+	uninstall-perl_templatesSCRIPTS uninstall-samplesDATA \
+	uninstall-scriptsDATA uninstall-scriptsSCRIPTS \
+	uninstall-setupDATA uninstall-templatesDATA
+
+.MAKE: all install-am install-strip
+
+.PHONY: CTAGS GTAGS all all-am am--refresh check check-am clean \
+	clean-apache_modulesLTLIBRARIES clean-generic \
+	clean-libLTLIBRARIES clean-libexecPROGRAMS clean-libtool ctags \
+	dist dist-all dist-bzip2 dist-gzip dist-lzma dist-shar \
+	dist-tarZ dist-xz dist-zip distcheck distclean \
+	distclean-compile distclean-generic distclean-hdr \
+	distclean-libtool distclean-tags distcleancheck distdir \
+	distuninstallcheck dvi dvi-am html html-am info info-am \
+	install install-aliasDATA install-am \
+	install-apache_modulesLTLIBRARIES install-appletsDATA \
+	install-binSCRIPTS install-cgibin_demoDATA \
+	install-cgibin_demoSCRIPTS install-cgibin_homeDATA \
+	install-cgibin_homeSCRIPTS install-cgibin_soDATA \
+	install-cgibin_soSCRIPTS install-cgibin_sowDATA \
+	install-cgibin_sowSCRIPTS install-confDATA install-data \
+	install-data-am install-docrootDATA install-docroot_demoDATA \
+	install-docroot_homeDATA install-docroot_soDATA \
+	install-docroot_sowDATA install-docroot_tokendbDATA \
+	install-docroot_tps_configDATA install-docroot_tps_imgDATA \
+	install-docroot_tps_jsDATA install-dvi install-dvi-am \
+	install-exec install-exec-am install-html install-html-am \
+	install-info install-info-am install-initdSCRIPTS \
+	install-libLTLIBRARIES install-libexecPROGRAMS \
+	install-licenseDATA install-logsDATA install-man install-pdf \
+	install-pdf-am install-perl_baseSCRIPTS \
+	install-perl_modulesSCRIPTS install-perl_serviceSCRIPTS \
+	install-perl_templatesSCRIPTS install-ps install-ps-am \
+	install-samplesDATA install-scriptsDATA install-scriptsSCRIPTS \
+	install-setupDATA install-strip install-templatesDATA \
+	installcheck installcheck-am installdirs maintainer-clean \
+	maintainer-clean-generic mostlyclean mostlyclean-compile \
+	mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
+	tags uninstall uninstall-aliasDATA uninstall-am \
+	uninstall-apache_modulesLTLIBRARIES uninstall-appletsDATA \
+	uninstall-binSCRIPTS uninstall-cgibin_demoDATA \
+	uninstall-cgibin_demoSCRIPTS uninstall-cgibin_homeDATA \
+	uninstall-cgibin_homeSCRIPTS uninstall-cgibin_soDATA \
+	uninstall-cgibin_soSCRIPTS uninstall-cgibin_sowDATA \
+	uninstall-cgibin_sowSCRIPTS uninstall-confDATA \
+	uninstall-docrootDATA uninstall-docroot_demoDATA \
+	uninstall-docroot_homeDATA uninstall-docroot_soDATA \
+	uninstall-docroot_sowDATA uninstall-docroot_tokendbDATA \
+	uninstall-docroot_tps_configDATA uninstall-docroot_tps_imgDATA \
+	uninstall-docroot_tps_jsDATA uninstall-initdSCRIPTS \
+	uninstall-libLTLIBRARIES uninstall-libexecPROGRAMS \
+	uninstall-licenseDATA uninstall-logsDATA \
+	uninstall-perl_baseSCRIPTS uninstall-perl_modulesSCRIPTS \
+	uninstall-perl_serviceSCRIPTS uninstall-perl_templatesSCRIPTS \
+	uninstall-samplesDATA uninstall-scriptsDATA \
+	uninstall-scriptsSCRIPTS uninstall-setupDATA \
+	uninstall-templatesDATA
+
+
+%: %.in
+	mkdir -p $(dir $@)
+	$(create_wrapper) $^ > $@
+
+# Tell versions [3.59,3.63) of GNU make to not export all variables.
+# Otherwise a system limit (for SysV at least) may be exceeded.
+.NOEXPORT:
diff --git a/pki/base/tps/aclocal.m4 b/pki/base/tps/aclocal.m4
new file mode 100644
index 000000000..1dbe7f340
--- /dev/null
+++ b/pki/base/tps/aclocal.m4
@@ -0,0 +1,1031 @@
+# generated automatically by aclocal 1.11.1 -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2007, 2008, 2009  Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
+# PARTICULAR PURPOSE.
+
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.65],,
+[m4_warning([this file was generated for autoconf 2.65.
+You have another version of autoconf.  It may work, but is not guaranteed to.
+If you have problems, you may need to regenerate the build system entirely.
+To do so, use the procedure documented by the package, typically `autoreconf'.])])
+
+# Copyright (C) 2002, 2003, 2005, 2006, 2007, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_AUTOMAKE_VERSION(VERSION)
+# ----------------------------
+# Automake X.Y traces this macro to ensure aclocal.m4 has been
+# generated from the m4 files accompanying Automake X.Y.
+# (This private macro should not be called outside this file.)
+AC_DEFUN([AM_AUTOMAKE_VERSION],
+[am__api_version='1.11'
+dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to
+dnl require some minimum version.  Point them to the right macro.
+m4_if([$1], [1.11.1], [],
+      [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl
+])
+
+# _AM_AUTOCONF_VERSION(VERSION)
+# -----------------------------
+# aclocal traces this macro to find the Autoconf version.
+# This is a private macro too.  Using m4_define simplifies
+# the logic in aclocal, which can simply ignore this definition.
+m4_define([_AM_AUTOCONF_VERSION], [])
+
+# AM_SET_CURRENT_AUTOMAKE_VERSION
+# -------------------------------
+# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced.
+# This function is AC_REQUIREd by AM_INIT_AUTOMAKE.
+AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION],
+[AM_AUTOMAKE_VERSION([1.11.1])dnl
+m4_ifndef([AC_AUTOCONF_VERSION],
+  [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl
+_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))])
+
+# AM_AUX_DIR_EXPAND                                         -*- Autoconf -*-
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets
+# $ac_aux_dir to `$srcdir/foo'.  In other projects, it is set to
+# `$srcdir', `$srcdir/..', or `$srcdir/../..'.
+#
+# Of course, Automake must honor this variable whenever it calls a
+# tool from the auxiliary directory.  The problem is that $srcdir (and
+# therefore $ac_aux_dir as well) can be either absolute or relative,
+# depending on how configure is run.  This is pretty annoying, since
+# it makes $ac_aux_dir quite unusable in subdirectories: in the top
+# source directory, any form will work fine, but in subdirectories a
+# relative path needs to be adjusted first.
+#
+# $ac_aux_dir/missing
+#    fails when called from a subdirectory if $ac_aux_dir is relative
+# $top_srcdir/$ac_aux_dir/missing
+#    fails if $ac_aux_dir is absolute,
+#    fails when called from a subdirectory in a VPATH build with
+#          a relative $ac_aux_dir
+#
+# The reason of the latter failure is that $top_srcdir and $ac_aux_dir
+# are both prefixed by $srcdir.  In an in-source build this is usually
+# harmless because $srcdir is `.', but things will broke when you
+# start a VPATH build or use an absolute $srcdir.
+#
+# So we could use something similar to $top_srcdir/$ac_aux_dir/missing,
+# iff we strip the leading $srcdir from $ac_aux_dir.  That would be:
+#   am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"`
+# and then we would define $MISSING as
+#   MISSING="\${SHELL} $am_aux_dir/missing"
+# This will work as long as MISSING is not called from configure, because
+# unfortunately $(top_srcdir) has no meaning in configure.
+# However there are other variables, like CC, which are often used in
+# configure, and could therefore not use this "fixed" $ac_aux_dir.
+#
+# Another solution, used here, is to always expand $ac_aux_dir to an
+# absolute PATH.  The drawback is that using absolute paths prevent a
+# configured tree to be moved without reconfiguration.
+
+AC_DEFUN([AM_AUX_DIR_EXPAND],
+[dnl Rely on autoconf to set up CDPATH properly.
+AC_PREREQ([2.50])dnl
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+])
+
+# AM_CONDITIONAL                                            -*- Autoconf -*-
+
+# Copyright (C) 1997, 2000, 2001, 2003, 2004, 2005, 2006, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 9
+
+# AM_CONDITIONAL(NAME, SHELL-CONDITION)
+# -------------------------------------
+# Define a conditional.
+AC_DEFUN([AM_CONDITIONAL],
+[AC_PREREQ(2.52)dnl
+ ifelse([$1], [TRUE],  [AC_FATAL([$0: invalid condition: $1])],
+	[$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl
+AC_SUBST([$1_TRUE])dnl
+AC_SUBST([$1_FALSE])dnl
+_AM_SUBST_NOTMAKE([$1_TRUE])dnl
+_AM_SUBST_NOTMAKE([$1_FALSE])dnl
+m4_define([_AM_COND_VALUE_$1], [$2])dnl
+if $2; then
+  $1_TRUE=
+  $1_FALSE='#'
+else
+  $1_TRUE='#'
+  $1_FALSE=
+fi
+AC_CONFIG_COMMANDS_PRE(
+[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then
+  AC_MSG_ERROR([[conditional "$1" was never defined.
+Usually this means the macro was only invoked conditionally.]])
+fi])])
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2009
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 10
+
+# There are a few dirty hacks below to avoid letting `AC_PROG_CC' be
+# written in clear, in which case automake, when reading aclocal.m4,
+# will think it sees a *use*, and therefore will trigger all it's
+# C support machinery.  Also note that it means that autoscan, seeing
+# CC etc. in the Makefile, will ask for an AC_PROG_CC use...
+
+
+# _AM_DEPENDENCIES(NAME)
+# ----------------------
+# See how the compiler implements dependency checking.
+# NAME is "CC", "CXX", "GCJ", or "OBJC".
+# We try a few techniques and use that to set a single cache variable.
+#
+# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was
+# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular
+# dependency, and given that the user is not expected to run this macro,
+# just rely on AC_PROG_CC.
+AC_DEFUN([_AM_DEPENDENCIES],
+[AC_REQUIRE([AM_SET_DEPDIR])dnl
+AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl
+AC_REQUIRE([AM_MAKE_INCLUDE])dnl
+AC_REQUIRE([AM_DEP_TRACK])dnl
+
+ifelse([$1], CC,   [depcc="$CC"   am_compiler_list=],
+       [$1], CXX,  [depcc="$CXX"  am_compiler_list=],
+       [$1], OBJC, [depcc="$OBJC" am_compiler_list='gcc3 gcc'],
+       [$1], UPC,  [depcc="$UPC"  am_compiler_list=],
+       [$1], GCJ,  [depcc="$GCJ"  am_compiler_list='gcc3 gcc'],
+                   [depcc="$$1"   am_compiler_list=])
+
+AC_CACHE_CHECK([dependency style of $depcc],
+               [am_cv_$1_dependencies_compiler_type],
+[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_$1_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp`
+  fi
+  am__universal=false
+  m4_case([$1], [CC],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac],
+    [CXX],
+    [case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac])
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_$1_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_$1_dependencies_compiler_type=none
+fi
+])
+AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type])
+AM_CONDITIONAL([am__fastdep$1], [
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_$1_dependencies_compiler_type" = gcc3])
+])
+
+
+# AM_SET_DEPDIR
+# -------------
+# Choose a directory name for dependency files.
+# This macro is AC_REQUIREd in _AM_DEPENDENCIES
+AC_DEFUN([AM_SET_DEPDIR],
+[AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl
+])
+
+
+# AM_DEP_TRACK
+# ------------
+AC_DEFUN([AM_DEP_TRACK],
+[AC_ARG_ENABLE(dependency-tracking,
+[  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors])
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno])
+AC_SUBST([AMDEPBACKSLASH])dnl
+_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl
+])
+
+# Generate code to set up dependency tracking.              -*- Autoconf -*-
+
+# Copyright (C) 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+#serial 5
+
+# _AM_OUTPUT_DEPENDENCY_COMMANDS
+# ------------------------------
+AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS],
+[{
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`AS_DIRNAME("$mf")`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`AS_DIRNAME(["$file"])`
+      AS_MKDIR_P([$dirpart/$fdir])
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+])# _AM_OUTPUT_DEPENDENCY_COMMANDS
+
+
+# AM_OUTPUT_DEPENDENCY_COMMANDS
+# -----------------------------
+# This macro should only be invoked once -- use via AC_REQUIRE.
+#
+# This code is only required when automatic dependency tracking
+# is enabled.  FIXME.  This creates each `.P' file that we will
+# need in order to bootstrap the dependency handling code.
+AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS],
+[AC_CONFIG_COMMANDS([depfiles],
+     [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS],
+     [AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"])
+])
+
+# Do all the work for Automake.                             -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2002, 2003, 2004,
+# 2005, 2006, 2008, 2009 Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 16
+
+# This macro actually does too much.  Some checks are only needed if
+# your package does certain things.  But this isn't really a big deal.
+
+# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE])
+# AM_INIT_AUTOMAKE([OPTIONS])
+# -----------------------------------------------
+# The call with PACKAGE and VERSION arguments is the old style
+# call (pre autoconf-2.50), which is being phased out.  PACKAGE
+# and VERSION should now be passed to AC_INIT and removed from
+# the call to AM_INIT_AUTOMAKE.
+# We support both call styles for the transition.  After
+# the next Automake release, Autoconf can make the AC_INIT
+# arguments mandatory, and then we can depend on a new Autoconf
+# release and drop the old call support.
+AC_DEFUN([AM_INIT_AUTOMAKE],
+[AC_PREREQ([2.62])dnl
+dnl Autoconf wants to disallow AM_ names.  We explicitly allow
+dnl the ones we care about.
+m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl
+AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl
+AC_REQUIRE([AC_PROG_INSTALL])dnl
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    AC_MSG_ERROR([source directory already configured; run "make distclean" there first])
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+AC_SUBST([CYGPATH_W])
+
+# Define the identity of the package.
+dnl Distinguish between old-style and new-style calls.
+m4_ifval([$2],
+[m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl
+ AC_SUBST([PACKAGE], [$1])dnl
+ AC_SUBST([VERSION], [$2])],
+[_AM_SET_OPTIONS([$1])dnl
+dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT.
+m4_if(m4_ifdef([AC_PACKAGE_NAME], 1)m4_ifdef([AC_PACKAGE_VERSION], 1), 11,,
+  [m4_fatal([AC_INIT should be called with package and version arguments])])dnl
+ AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl
+ AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl
+
+_AM_IF_OPTION([no-define],,
+[AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package])
+ AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])])dnl
+
+# Some tools Automake needs.
+AC_REQUIRE([AM_SANITY_CHECK])dnl
+AC_REQUIRE([AC_ARG_PROGRAM])dnl
+AM_MISSING_PROG(ACLOCAL, aclocal-${am__api_version})
+AM_MISSING_PROG(AUTOCONF, autoconf)
+AM_MISSING_PROG(AUTOMAKE, automake-${am__api_version})
+AM_MISSING_PROG(AUTOHEADER, autoheader)
+AM_MISSING_PROG(MAKEINFO, makeinfo)
+AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl
+AC_REQUIRE([AM_PROG_MKDIR_P])dnl
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+AC_REQUIRE([AC_PROG_AWK])dnl
+AC_REQUIRE([AC_PROG_MAKE_SET])dnl
+AC_REQUIRE([AM_SET_LEADING_DOT])dnl
+_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])],
+	      [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])],
+			     [_AM_PROG_TAR([v7])])])
+_AM_IF_OPTION([no-dependencies],,
+[AC_PROVIDE_IFELSE([AC_PROG_CC],
+		  [_AM_DEPENDENCIES(CC)],
+		  [define([AC_PROG_CC],
+			  defn([AC_PROG_CC])[_AM_DEPENDENCIES(CC)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_CXX],
+		  [_AM_DEPENDENCIES(CXX)],
+		  [define([AC_PROG_CXX],
+			  defn([AC_PROG_CXX])[_AM_DEPENDENCIES(CXX)])])dnl
+AC_PROVIDE_IFELSE([AC_PROG_OBJC],
+		  [_AM_DEPENDENCIES(OBJC)],
+		  [define([AC_PROG_OBJC],
+			  defn([AC_PROG_OBJC])[_AM_DEPENDENCIES(OBJC)])])dnl
+])
+_AM_IF_OPTION([silent-rules], [AC_REQUIRE([AM_SILENT_RULES])])dnl
+dnl The `parallel-tests' driver may need to know about EXEEXT, so add the
+dnl `am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen.  This macro
+dnl is hooked onto _AC_COMPILER_EXEEXT early, see below.
+AC_CONFIG_COMMANDS_PRE(dnl
+[m4_provide_if([_AM_COMPILER_EXEEXT],
+  [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl
+])
+
+dnl Hook into `_AC_COMPILER_EXEEXT' early to learn its expansion.  Do not
+dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further
+dnl mangled by Autoconf and run in a shell conditional statement.
+m4_define([_AC_COMPILER_EXEEXT],
+m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])])
+
+
+# When config.status generates a header, we must update the stamp-h file.
+# This file resides in the same directory as the config header
+# that is generated.  The stamp files are numbered to have different names.
+
+# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the
+# loop where config.status creates the headers, so we can generate
+# our stamp files there.
+AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK],
+[# Compute $1's index in $config_headers.
+_am_arg=$1
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count])
+
+# Copyright (C) 2001, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_SH
+# ------------------
+# Define $install_sh.
+AC_DEFUN([AM_PROG_INSTALL_SH],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+AC_SUBST(install_sh)])
+
+# Copyright (C) 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# Check whether the underlying file-system supports filenames
+# with a leading dot.  For instance MS-DOS doesn't.
+AC_DEFUN([AM_SET_LEADING_DOT],
+[rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+AC_SUBST([am__leading_dot])])
+
+# Add --enable-maintainer-mode option to configure.         -*- Autoconf -*-
+# From Jim Meyering
+
+# Copyright (C) 1996, 1998, 2000, 2001, 2002, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_MAINTAINER_MODE([DEFAULT-MODE])
+# ----------------------------------
+# Control maintainer-specific portions of Makefiles.
+# Default is to disable them, unless `enable' is passed literally.
+# For symmetry, `disable' may be passed as well.  Anyway, the user
+# can override the default with the --enable/--disable switch.
+AC_DEFUN([AM_MAINTAINER_MODE],
+[m4_case(m4_default([$1], [disable]),
+       [enable], [m4_define([am_maintainer_other], [disable])],
+       [disable], [m4_define([am_maintainer_other], [enable])],
+       [m4_define([am_maintainer_other], [enable])
+        m4_warn([syntax], [unexpected argument to AM@&t@_MAINTAINER_MODE: $1])])
+AC_MSG_CHECKING([whether to am_maintainer_other maintainer-specific portions of Makefiles])
+  dnl maintainer-mode's default is 'disable' unless 'enable' is passed
+  AC_ARG_ENABLE([maintainer-mode],
+[  --][am_maintainer_other][-maintainer-mode  am_maintainer_other make rules and dependencies not useful
+			  (and sometimes confusing) to the casual installer],
+      [USE_MAINTAINER_MODE=$enableval],
+      [USE_MAINTAINER_MODE=]m4_if(am_maintainer_other, [enable], [no], [yes]))
+  AC_MSG_RESULT([$USE_MAINTAINER_MODE])
+  AM_CONDITIONAL([MAINTAINER_MODE], [test $USE_MAINTAINER_MODE = yes])
+  MAINT=$MAINTAINER_MODE_TRUE
+  AC_SUBST([MAINT])dnl
+]
+)
+
+AU_DEFUN([jm_MAINTAINER_MODE], [AM_MAINTAINER_MODE])
+
+# Check to see how 'make' treats includes.	            -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2009  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# AM_MAKE_INCLUDE()
+# -----------------
+# Check to see how make treats includes.
+AC_DEFUN([AM_MAKE_INCLUDE],
+[am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+AC_MSG_CHECKING([for style of include used by $am_make])
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+AC_SUBST([am__include])
+AC_SUBST([am__quote])
+AC_MSG_RESULT([$_am_result])
+rm -f confinc confmf
+])
+
+# Copyright (C) 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_PROG_CC_C_O
+# --------------
+# Like AC_PROG_CC_C_O, but changed for automake.
+AC_DEFUN([AM_PROG_CC_C_O],
+[AC_REQUIRE([AC_PROG_CC_C_O])dnl
+AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([compile])dnl
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']`
+eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+if test "$am_t" != yes; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+dnl Make sure AC_PROG_CC is never called again, or it will override our
+dnl setting of CC.
+m4_define([AC_PROG_CC],
+          [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])])
+])
+
+# Fake the existence of programs that GNU maintainers use.  -*- Autoconf -*-
+
+# Copyright (C) 1997, 1999, 2000, 2001, 2003, 2004, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 6
+
+# AM_MISSING_PROG(NAME, PROGRAM)
+# ------------------------------
+AC_DEFUN([AM_MISSING_PROG],
+[AC_REQUIRE([AM_MISSING_HAS_RUN])
+$1=${$1-"${am_missing_run}$2"}
+AC_SUBST($1)])
+
+
+# AM_MISSING_HAS_RUN
+# ------------------
+# Define MISSING if not defined so far and test if it supports --run.
+# If it does, set am_missing_run to use it, otherwise, to nothing.
+AC_DEFUN([AM_MISSING_HAS_RUN],
+[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl
+AC_REQUIRE_AUX_FILE([missing])dnl
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  AC_MSG_WARN([`missing' script is too old or missing])
+fi
+])
+
+# Copyright (C) 2003, 2004, 2005, 2006  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_MKDIR_P
+# ---------------
+# Check for `mkdir -p'.
+AC_DEFUN([AM_PROG_MKDIR_P],
+[AC_PREREQ([2.60])dnl
+AC_REQUIRE([AC_PROG_MKDIR_P])dnl
+dnl Automake 1.8 to 1.9.6 used to define mkdir_p.  We now use MKDIR_P,
+dnl while keeping a definition of mkdir_p for backward compatibility.
+dnl @MKDIR_P@ is magic: AC_OUTPUT adjusts its value for each Makefile.
+dnl However we cannot define mkdir_p as $(MKDIR_P) for the sake of
+dnl Makefile.ins that do not define MKDIR_P, so we do our own
+dnl adjustment using top_builddir (which is defined more often than
+dnl MKDIR_P).
+AC_SUBST([mkdir_p], ["$MKDIR_P"])dnl
+case $mkdir_p in
+  [[\\/$]]* | ?:[[\\/]]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+])
+
+# Helper functions for option handling.                     -*- Autoconf -*-
+
+# Copyright (C) 2001, 2002, 2003, 2005, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 4
+
+# _AM_MANGLE_OPTION(NAME)
+# -----------------------
+AC_DEFUN([_AM_MANGLE_OPTION],
+[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])])
+
+# _AM_SET_OPTION(NAME)
+# ------------------------------
+# Set option NAME.  Presently that only means defining a flag for this option.
+AC_DEFUN([_AM_SET_OPTION],
+[m4_define(_AM_MANGLE_OPTION([$1]), 1)])
+
+# _AM_SET_OPTIONS(OPTIONS)
+# ----------------------------------
+# OPTIONS is a space-separated list of Automake options.
+AC_DEFUN([_AM_SET_OPTIONS],
+[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])])
+
+# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET])
+# -------------------------------------------
+# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise.
+AC_DEFUN([_AM_IF_OPTION],
+[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])])
+
+# Check to make sure that the build environment is sane.    -*- Autoconf -*-
+
+# Copyright (C) 1996, 1997, 2000, 2001, 2003, 2005, 2008
+# Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 5
+
+# AM_SANITY_CHECK
+# ---------------
+AC_DEFUN([AM_SANITY_CHECK],
+[AC_MSG_CHECKING([whether build environment is sane])
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[[\\\"\#\$\&\'\`$am_lf]]*)
+    AC_MSG_ERROR([unsafe absolute working directory name]);;
+esac
+case $srcdir in
+  *[[\\\"\#\$\&\'\`$am_lf\ \	]]*)
+    AC_MSG_ERROR([unsafe srcdir value: `$srcdir']);;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$[*]" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$[*]" != "X $srcdir/configure conftest.file" \
+      && test "$[*]" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      AC_MSG_ERROR([ls -t appears to fail.  Make sure there is not a broken
+alias in your environment])
+   fi
+
+   test "$[2]" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   AC_MSG_ERROR([newly created file is older than distributed files!
+Check your system clock])
+fi
+AC_MSG_RESULT(yes)])
+
+# Copyright (C) 2001, 2003, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# AM_PROG_INSTALL_STRIP
+# ---------------------
+# One issue with vendor `install' (even GNU) is that you can't
+# specify the program used to strip binaries.  This is especially
+# annoying in cross-compiling environments, where the build's strip
+# is unlikely to handle the host's binaries.
+# Fortunately install-sh will honor a STRIPPROG variable, so we
+# always use install-sh in `make install-strip', and initialize
+# STRIPPROG with the value of the STRIP variable (set by the user).
+AC_DEFUN([AM_PROG_INSTALL_STRIP],
+[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+dnl Don't test for $cross_compiling = yes, because it might be `maybe'.
+if test "$cross_compiling" != no; then
+  AC_CHECK_TOOL([STRIP], [strip], :)
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+AC_SUBST([INSTALL_STRIP_PROGRAM])])
+
+# Copyright (C) 2006, 2008  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in.
+# This macro is traced by Automake.
+AC_DEFUN([_AM_SUBST_NOTMAKE])
+
+# AM_SUBST_NOTMAKE(VARIABLE)
+# ---------------------------
+# Public sister of _AM_SUBST_NOTMAKE.
+AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)])
+
+# Check how to create a tarball.                            -*- Autoconf -*-
+
+# Copyright (C) 2004, 2005  Free Software Foundation, Inc.
+#
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# serial 2
+
+# _AM_PROG_TAR(FORMAT)
+# --------------------
+# Check how to create a tarball in format FORMAT.
+# FORMAT should be one of `v7', `ustar', or `pax'.
+#
+# Substitute a variable $(am__tar) that is a command
+# writing to stdout a FORMAT-tarball containing the directory
+# $tardir.
+#     tardir=directory && $(am__tar) > result.tar
+#
+# Substitute a variable $(am__untar) that extract such
+# a tarball read from stdin.
+#     $(am__untar) < result.tar
+AC_DEFUN([_AM_PROG_TAR],
+[# Always define AMTAR for backward compatibility.
+AM_MISSING_PROG([AMTAR], [tar])
+m4_if([$1], [v7],
+     [am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'],
+     [m4_case([$1], [ustar],, [pax],,
+              [m4_fatal([Unknown tar format])])
+AC_MSG_CHECKING([how to create a $1 tar archive])
+# Loop over all known methods to create a tar archive until one works.
+_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none'
+_am_tools=${am_cv_prog_tar_$1-$_am_tools}
+# Do not fold the above two line into one, because Tru64 sh and
+# Solaris sh will not grok spaces in the rhs of `-'.
+for _am_tool in $_am_tools
+do
+  case $_am_tool in
+  gnutar)
+    for _am_tar in tar gnutar gtar;
+    do
+      AM_RUN_LOG([$_am_tar --version]) && break
+    done
+    am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"'
+    am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"'
+    am__untar="$_am_tar -xf -"
+    ;;
+  plaintar)
+    # Must skip GNU tar: if it does not support --format= it doesn't create
+    # ustar tarball either.
+    (tar --version) >/dev/null 2>&1 && continue
+    am__tar='tar chf - "$$tardir"'
+    am__tar_='tar chf - "$tardir"'
+    am__untar='tar xf -'
+    ;;
+  pax)
+    am__tar='pax -L -x $1 -w "$$tardir"'
+    am__tar_='pax -L -x $1 -w "$tardir"'
+    am__untar='pax -r'
+    ;;
+  cpio)
+    am__tar='find "$$tardir" -print | cpio -o -H $1 -L'
+    am__tar_='find "$tardir" -print | cpio -o -H $1 -L'
+    am__untar='cpio -i -H $1 -d'
+    ;;
+  none)
+    am__tar=false
+    am__tar_=false
+    am__untar=false
+    ;;
+  esac
+
+  # If the value was cached, stop now.  We just wanted to have am__tar
+  # and am__untar set.
+  test -n "${am_cv_prog_tar_$1}" && break
+
+  # tar/untar a dummy directory, and stop if the command works
+  rm -rf conftest.dir
+  mkdir conftest.dir
+  echo GrepMe > conftest.dir/file
+  AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar])
+  rm -rf conftest.dir
+  if test -s conftest.tar; then
+    AM_RUN_LOG([$am__untar <conftest.tar])
+    grep GrepMe conftest.dir/file >/dev/null 2>&1 && break
+  fi
+done
+rm -rf conftest.dir
+
+AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool])
+AC_MSG_RESULT([$am_cv_prog_tar_$1])])
+AC_SUBST([am__tar])
+AC_SUBST([am__untar])
+]) # _AM_PROG_TAR
+
+m4_include([m4/libtool.m4])
+m4_include([m4/ltoptions.m4])
+m4_include([m4/ltsugar.m4])
+m4_include([m4/ltversion.m4])
+m4_include([m4/lt~obsolete.m4])
diff --git a/pki/base/tps/apache/LICENSE-2.0 b/pki/base/tps/apache/LICENSE-2.0
new file mode 100644
index 000000000..7b69c6227
--- /dev/null
+++ b/pki/base/tps/apache/LICENSE-2.0
@@ -0,0 +1,678 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+
+
+
+APACHE HTTP SERVER SUBCOMPONENTS: 
+
+The Apache HTTP Server includes a number of subcomponents with
+separate copyright notices and license terms. Your use of the source
+code for the these subcomponents is subject to the terms and
+conditions of the following licenses. 
+
+For the mod_mime_magic component:
+
+/*
+ * mod_mime_magic: MIME type lookup via file magic numbers
+ * Copyright (c) 1996-1997 Cisco Systems, Inc.
+ *
+ * This software was submitted by Cisco Systems to the Apache Group in July
+ * 1997.  Future revisions and derivatives of this source code must
+ * acknowledge Cisco Systems as the original contributor of this module.
+ * All other licensing and usage conditions are those of the Apache Group.
+ *
+ * Some of this code is derived from the free version of the file command
+ * originally posted to comp.sources.unix.  Copyright info for that program
+ * is included below as required.
+ * ---------------------------------------------------------------------------
+ * - Copyright (c) Ian F. Darwin, 1987. Written by Ian F. Darwin.
+ *
+ * This software is not subject to any license of the American Telephone and
+ * Telegraph Company or of the Regents of the University of California.
+ *
+ * Permission is granted to anyone to use this software for any purpose on any
+ * computer system, and to alter it and redistribute it freely, subject to
+ * the following restrictions:
+ *
+ * 1. The author is not responsible for the consequences of use of this
+ * software, no matter how awful, even if they arise from flaws in it.
+ *
+ * 2. The origin of this software must not be misrepresented, either by
+ * explicit claim or by omission.  Since few users ever read sources, credits
+ * must appear in the documentation.
+ *
+ * 3. Altered versions must be plainly marked as such, and must not be
+ * misrepresented as being the original software.  Since few users ever read
+ * sources, credits must appear in the documentation.
+ *
+ * 4. This notice may not be removed or altered.
+ * -------------------------------------------------------------------------
+ *
+ */
+
+
+For the  modules\mappers\mod_imap.c component:
+
+  "macmartinized" polygon code copyright 1992 by Eric Haines, erich@eye.com
+
+For the  server\util_md5.c component:
+
+/************************************************************************
+ * NCSA HTTPd Server
+ * Software Development Group
+ * National Center for Supercomputing Applications
+ * University of Illinois at Urbana-Champaign
+ * 605 E. Springfield, Champaign, IL 61820
+ * httpd@ncsa.uiuc.edu
+ *
+ * Copyright  (C)  1995, Board of Trustees of the University of Illinois
+ *
+ ************************************************************************
+ *
+ * md5.c: NCSA HTTPd code which uses the md5c.c RSA Code
+ *
+ *  Original Code Copyright (C) 1994, Jeff Hostetler, Spyglass, Inc.
+ *  Portions of Content-MD5 code Copyright (C) 1993, 1994 by Carnegie Mellon
+ *     University (see Copyright below).
+ *  Portions of Content-MD5 code Copyright (C) 1991 Bell Communications 
+ *     Research, Inc. (Bellcore) (see Copyright below).
+ *  Portions extracted from mpack, John G. Myers - jgm+@cmu.edu
+ *  Content-MD5 Code contributed by Martin Hamilton (martin@net.lut.ac.uk)
+ *
+ */
+
+
+/* these portions extracted from mpack, John G. Myers - jgm+@cmu.edu */
+/* (C) Copyright 1993,1994 by Carnegie Mellon University
+ * All Rights Reserved.
+ *
+ * Permission to use, copy, modify, distribute, and sell this software
+ * and its documentation for any purpose is hereby granted without
+ * fee, provided that the above copyright notice appear in all copies
+ * and that both that copyright notice and this permission notice
+ * appear in supporting documentation, and that the name of Carnegie
+ * Mellon University not be used in advertising or publicity
+ * pertaining to distribution of the software without specific,
+ * written prior permission.  Carnegie Mellon University makes no
+ * representations about the suitability of this software for any
+ * purpose.  It is provided "as is" without express or implied
+ * warranty.
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Copyright (c) 1991 Bell Communications Research, Inc. (Bellcore)
+ *
+ * Permission to use, copy, modify, and distribute this material
+ * for any purpose and without fee is hereby granted, provided
+ * that the above copyright notice and this permission notice
+ * appear in all copies, and that the name of Bellcore not be
+ * used in advertising or publicity pertaining to this
+ * material without the specific, prior written permission
+ * of an authorized representative of Bellcore.  BELLCORE
+ * MAKES NO REPRESENTATIONS ABOUT THE ACCURACY OR SUITABILITY
+ * OF THIS MATERIAL FOR ANY PURPOSE.  IT IS PROVIDED "AS IS",
+ * WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES.  
+ */
+
+For the  srclib\apr\include\apr_md5.h component: 
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+
+For the  srclib\apr\passwd\apr_md5.c component:
+
+/*
+ * This is work is derived from material Copyright RSA Data Security, Inc.
+ *
+ * The RSA copyright statement and Licence for that original material is
+ * included below. This is followed by the Apache copyright statement and
+ * licence for the modifications made to that material.
+ */
+
+/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+ */
+
+/* Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+   rights reserved.
+
+   License to copy and use this software is granted provided that it
+   is identified as the "RSA Data Security, Inc. MD5 Message-Digest
+   Algorithm" in all material mentioning or referencing this software
+   or this function.
+
+   License is also granted to make and use derivative works provided
+   that such works are identified as "derived from the RSA Data
+   Security, Inc. MD5 Message-Digest Algorithm" in all material
+   mentioning or referencing the derived work.
+
+   RSA Data Security, Inc. makes no representations concerning either
+   the merchantability of this software or the suitability of this
+   software for any particular purpose. It is provided "as is"
+   without express or implied warranty of any kind.
+
+   These notices must be retained in any copies of any part of this
+   documentation and/or software.
+ */
+/*
+ * The apr_md5_encode() routine uses much code obtained from the FreeBSD 3.0
+ * MD5 crypt() function, which is licenced as follows:
+ * ----------------------------------------------------------------------------
+ * "THE BEER-WARE LICENSE" (Revision 42):
+ * <phk@login.dknet.dk> wrote this file.  As long as you retain this notice you
+ * can do whatever you want with this stuff. If we meet some day, and you think
+ * this stuff is worth it, you can buy me a beer in return.  Poul-Henning Kamp
+ * ----------------------------------------------------------------------------
+ */
+
+For the srclib\apr-util\crypto\apr_md4.c component:
+
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\include\apr_md4.h component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
+ * rights reserved.
+ *
+ * License to copy and use this software is granted provided that it
+ * is identified as the "RSA Data Security, Inc. MD4 Message-Digest
+ * Algorithm" in all material mentioning or referencing this software
+ * or this function.
+ *
+ * License is also granted to make and use derivative works provided
+ * that such works are identified as "derived from the RSA Data
+ * Security, Inc. MD4 Message-Digest Algorithm" in all material
+ * mentioning or referencing the derived work.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+
+For the srclib\apr-util\test\testdbm.c component:
+
+/* ====================================================================
+ * The Apache Software License, Version 1.1
+ *
+ * Copyright (c) 2000-2002 The Apache Software Foundation.  All rights
+ * reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. The end-user documentation included with the redistribution,
+ *    if any, must include the following acknowledgment:
+ *       "This product includes software developed by the
+ *        Apache Software Foundation (http://www.apache.org/)."
+ *    Alternately, this acknowledgment may appear in the software itself,
+ *    if and wherever such third-party acknowledgments normally appear.
+ *
+ * 4. The names "Apache" and "Apache Software Foundation" must
+ *    not be used to endorse or promote products derived from this
+ *    software without prior written permission. For written
+ *    permission, please contact apache@apache.org.
+ *
+ * 5. Products derived from this software may not be called "Apache",
+ *    nor may "Apache" appear in their name, without prior written
+ *    permission of the Apache Software Foundation.
+ *
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+ * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ * This file came from the SDBM package (written by oz@nexus.yorku.ca).
+ * That package was under public domain. This file has been ported to
+ * APR, updated to ANSI C and other, newer idioms, and added to the Apache
+ * codebase under the above copyright and license.
+ */
+
+
+For the srclib\apr-util\test\testmd4.c component:
+
+ *
+ * This is derived from material copyright RSA Data Security, Inc.
+ * Their notice is reproduced below in its entirety.
+ *
+ * Copyright (C) 1990-2, RSA Data Security, Inc. Created 1990. All
+ * rights reserved.
+ *
+ * RSA Data Security, Inc. makes no representations concerning either
+ * the merchantability of this software or the suitability of this
+ * software for any particular purpose. It is provided "as is"
+ * without express or implied warranty of any kind.
+ *
+ * These notices must be retained in any copies of any part of this
+ * documentation and/or software.
+ */
+
+For the srclib\apr-util\xml\expat\conftools\install-sh component:
+
+#
+# install - install a program, script, or datafile
+# This comes from X11R5 (mit/util/scripts/install.sh).
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+#
+
+For the srclib\pcre\install-sh component:
+
+#
+# Copyright 1991 by the Massachusetts Institute of Technology
+#
+# Permission to use, copy, modify, distribute, and sell this software and its
+# documentation for any purpose is hereby granted without fee, provided that
+# the above copyright notice appear in all copies and that both that
+# copyright notice and this permission notice appear in supporting
+# documentation, and that the name of M.I.T. not be used in advertising or
+# publicity pertaining to distribution of the software without specific,
+# written prior permission.  M.I.T. makes no representations about the
+# suitability of this software for any purpose.  It is provided "as is"
+# without express or implied warranty.
+
+For the pcre component:
+
+PCRE LICENCE
+------------
+
+PCRE is a library of functions to support regular expressions whose syntax
+and semantics are as close as possible to those of the Perl 5 language.
+
+Written by: Philip Hazel <ph10@cam.ac.uk>
+
+University of Cambridge Computing Service,
+Cambridge, England. Phone: +44 1223 334714.
+
+Copyright (c) 1997-2001 University of Cambridge
+
+Permission is granted to anyone to use this software for any purpose on any
+computer system, and to redistribute it freely, subject to the following
+restrictions:
+
+1. This software is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+2. The origin of this software must not be misrepresented, either by
+   explicit claim or by omission. In practice, this means that if you use
+   PCRE in software which you distribute to others, commercially or
+   otherwise, you must put a sentence like this
+
+     Regular expression support is provided by the PCRE library package,
+     which is open source software, written by Philip Hazel, and copyright
+     by the University of Cambridge, England.
+
+   somewhere reasonably visible in your documentation and in any relevant
+   files or online help data or similar. A reference to the ftp site for
+   the source, that is, to
+
+     ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
+
+   should also be given in the documentation.
+
+3. Altered versions must be plainly marked as such, and must not be
+   misrepresented as being the original software.
+
+4. If PCRE is embedded in any software that is released under the GNU
+   General Purpose Licence (GPL), or Lesser General Purpose Licence (LGPL),
+   then the terms of that licence shall supersede any condition above with
+   which it is incompatible.
+
+The documentation for PCRE, supplied in the "doc" directory, is distributed
+under the same terms as the software itself.
+
+End PCRE LICENCE
+
+
+For the test\zb.c component:
+
+/*                          ZeusBench V1.01
+			    ===============
+
+This program is Copyright (C) Zeus Technology Limited 1996.
+
+This program may be used and copied freely providing this copyright notice
+is not removed.
+
+This software is provided "as is" and any express or implied waranties, 
+including but not limited to, the implied warranties of merchantability and
+fitness for a particular purpose are disclaimed.  In no event shall 
+Zeus Technology Ltd. be liable for any direct, indirect, incidental, special, 
+exemplary, or consequential damaged (including, but not limited to, 
+procurement of substitute good or services; loss of use, data, or profits;
+or business interruption) however caused and on theory of liability.  Whether
+in contract, strict liability or tort (including negligence or otherwise) 
+arising in any way out of the use of this software, even if advised of the
+possibility of such damage.
+
+     Written by Adam Twiss (adam@zeus.co.uk).  March 1996
+
+Thanks to the following people for their input:
+  Mike Belshe (mbelshe@netscape.com) 
+  Michael Campanella (campanella@stevms.enet.dec.com)
+
+*/
+
+For the expat xml parser component:
+
+Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd
+                               and Clark Cooper
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+	
+The above copyright notice and this permission notice shall be included
+in all copies or substantial portions of the Software.
+	
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+====================================================================
diff --git a/pki/base/tps/apache/conf/httpd.conf b/pki/base/tps/apache/conf/httpd.conf
new file mode 100644
index 000000000..878a4e655
--- /dev/null
+++ b/pki/base/tps/apache/conf/httpd.conf
@@ -0,0 +1,1085 @@
+#
+# Based upon the NCSA server configuration files originally by Rob McCool.
+#
+# This is the main Apache server configuration file.  It contains the
+# configuration directives that give the server its instructions.
+# See <URL:http://httpd.apache.org/docs-2.0/> for detailed information about
+# the directives.
+#
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+# The configuration directives are grouped into three basic sections:
+#  1. Directives that control the operation of the Apache server process as a
+#     whole (the 'global environment').
+#  2. Directives that define the parameters of the 'main' or 'default' server,
+#     which responds to requests that aren't handled by a virtual host.
+#     These directives also provide default values for the settings
+#     of all virtual hosts.
+#  3. Settings for virtual hosts, which allow Web requests to be sent to
+#     different IP addresses or hostnames and have them handled by the
+#     same Apache server process.
+#
+# Configuration and logfile names: If the filenames you specify for many
+# of the server's control files begin with "/" (or "drive:/" for Win32), the
+# server will use that explicit path.  If the filenames do *not* begin
+# with "/", the value of ServerRoot is prepended -- so "logs/foo.log"
+# with ServerRoot set to "/export/apache" will be interpreted by the
+# server as "/export/apache/logs/foo.log".
+#
+
+### Section 1: Global Environment
+#
+# The directives in this section affect the overall operation of Apache,
+# such as the number of concurrent requests it can handle or where it
+# can find its configuration files.
+#
+
+#
+# ServerRoot: The top of the directory tree under which the server's
+# configuration, error, and log files are kept.
+#
+# NOTE!  If you intend to place this on an NFS (or otherwise network)
+# mounted filesystem then please read the LockFile documentation (available
+# at <URL:http://httpd.apache.org/docs-2.0/mod/mpm_common.html#lockfile>);
+# you will save yourself a lot of trouble.
+#
+# Do NOT add a slash at the end of the directory path.
+#
+ServerRoot "[SERVER_ROOT]"
+
+#
+# The accept serialization lock file MUST BE STORED ON A LOCAL DISK.
+#
+<IfModule !mpm_winnt.c>
+<IfModule !mpm_netware.c>
+#LockFile logs/accept.lock
+</IfModule>
+</IfModule>
+
+#
+# ScoreBoardFile: File used to store internal server process information.
+# If unspecified (the default), the scoreboard will be stored in an
+# anonymous shared memory segment, and will be unavailable to third-party
+# applications.
+# If specified, ensure that no two invocations of Apache share the same
+# scoreboard file. The scoreboard file MUST BE STORED ON A LOCAL DISK.
+#
+<IfModule !mpm_netware.c>
+<IfModule !perchild.c>
+#ScoreBoardFile logs/apache_runtime_status
+</IfModule>
+</IfModule>
+
+
+#
+# PidFile: The file in which the server should record its process
+# identification number when it starts.
+#
+<IfModule !mpm_netware.c>
+PidFile run/[PKI_INSTANCE_ID].pid
+</IfModule>
+
+#
+# Timeout: The number of seconds before receives and sends time out.
+#
+Timeout 300
+
+#
+# KeepAlive: Whether or not to allow persistent connections (more than
+# one request per connection). Set to "Off" to deactivate.
+#
+KeepAlive On
+
+#
+# MaxKeepAliveRequests: The maximum number of requests to allow
+# during a persistent connection. Set to 0 to allow an unlimited amount.
+# We recommend you leave this number high, for maximum performance.
+#
+MaxKeepAliveRequests 100
+
+#
+# KeepAliveTimeout: Number of seconds to wait for the next request from the
+# same client on the same connection.
+#
+KeepAliveTimeout 15
+
+##
+## Server-Pool Size Regulation (MPM specific)
+## 
+
+# prefork MPM
+# StartServers: number of server processes to start
+# MinSpareServers: minimum number of server processes which are kept spare
+# MaxSpareServers: maximum number of server processes which are kept spare
+# MaxClients: maximum number of server processes allowed to start
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule prefork.c>
+StartServers         5
+MinSpareServers      5
+MaxSpareServers     10
+MaxClients         150
+MaxRequestsPerChild  0
+</IfModule>
+
+# worker MPM
+# StartServers: initial number of server processes to start
+# MaxClients: maximum number of simultaneous client connections
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# ThreadsPerChild: constant number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of requests a server process serves
+<IfModule worker.c>
+ServerLimit          1
+StartServers         1
+MaxClients          64
+MinSpareThreads     1
+MaxSpareThreads     75 
+ThreadsPerChild     64
+MaxRequestsPerChild  0
+</IfModule>
+
+# perchild MPM
+# NumServers: constant number of server processes
+# StartThreads: initial number of worker threads in each server process
+# MinSpareThreads: minimum number of worker threads which are kept spare
+# MaxSpareThreads: maximum number of worker threads which are kept spare
+# MaxThreadsPerChild: maximum number of worker threads in each server process
+# MaxRequestsPerChild: maximum number of connections per server process
+<IfModule perchild.c>
+NumServers           5
+StartThreads         5
+MinSpareThreads      5
+MaxSpareThreads     10
+MaxThreadsPerChild  20
+MaxRequestsPerChild  0
+</IfModule>
+
+# WinNT MPM
+# ThreadsPerChild: constant number of worker threads in the server process
+# MaxRequestsPerChild: maximum  number of requests a server process serves
+<IfModule mpm_winnt.c>
+ThreadsPerChild 250
+MaxRequestsPerChild  0
+</IfModule>
+
+# BeOS MPM
+# StartThreads: how many threads do we initially spawn?
+# MaxClients:   max number of threads we can have (1 thread == 1 client)
+# MaxRequestsPerThread: maximum number of requests each thread will process
+<IfModule beos.c>
+StartThreads               10
+MaxClients                 50
+MaxRequestsPerThread       10000
+</IfModule>    
+
+# NetWare MPM
+# ThreadStackSize: Stack size allocated for each worker thread
+# StartThreads: Number of worker threads launched at server startup
+# MinSpareThreads: Minimum number of idle threads, to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads
+# MaxThreads: Maximum number of worker threads alive at the same time
+# MaxRequestsPerChild: Maximum  number of requests a thread serves. It is 
+#                      recommended that the default value of 0 be set for this
+#                      directive on NetWare.  This will allow the thread to 
+#                      continue to service requests indefinitely.                          
+<IfModule mpm_netware.c>
+ThreadStackSize      65536
+StartThreads           250
+MinSpareThreads         25
+MaxSpareThreads        250
+MaxThreads            1000
+MaxRequestsPerChild      0
+MaxMemFree             100
+</IfModule>
+
+# OS/2 MPM
+# StartServers: Number of server processes to maintain
+# MinSpareThreads: Minimum number of idle threads per process, 
+#                  to handle request spikes
+# MaxSpareThreads: Maximum number of idle threads per process
+# MaxRequestsPerChild: Maximum number of connections per server process
+<IfModule mpmt_os2.c>
+StartServers           2
+MinSpareThreads        5
+MaxSpareThreads       10
+MaxRequestsPerChild    0
+</IfModule>
+
+#
+# Listen: Allows you to bind Apache to specific IP addresses and/or
+# ports, instead of the default. See also the <VirtualHost>
+# directive.
+#
+# Change this to Listen on specific IP addresses as shown below to 
+# prevent Apache from glomming onto all bound IP addresses (0.0.0.0)
+#
+#Listen 12.34.56.78:80
+
+Listen [PORT]
+
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+
+# Required modules for command 'Order':
+[FORTITUDE_AUTH_MODULES]
+# Required module for command 'UserDir':
+LoadModule userdir_module [FORTITUDE_LIB_DIR]/modules/mod_userdir.so
+# Required module for command 'DirectoryIndex':
+LoadModule dir_module [FORTITUDE_LIB_DIR]/modules/mod_dir.so
+# Required module for command 'TypesConfig':
+LoadModule mime_module [FORTITUDE_LIB_DIR]/modules/mod_mime.so
+# Required module for command 'LogFormat':
+LoadModule log_config_module [FORTITUDE_LIB_DIR]/modules/mod_log_config.so
+# Required module for command 'Alias':
+LoadModule alias_module [FORTITUDE_LIB_DIR]/modules/mod_alias.so
+# Required module for command 'SetEnvIf':
+LoadModule setenvif_module [FORTITUDE_LIB_DIR]/modules/mod_setenvif.so
+# Required module for command 'IndexOptions':
+LoadModule autoindex_module [FORTITUDE_LIB_DIR]/modules/mod_autoindex.so
+# Required module for command 'LanguagePriority':
+LoadModule negotiation_module [FORTITUDE_LIB_DIR]/modules/mod_negotiation.so
+# Required module for command 'CGI Scripts':
+LoadModule cgi_module [FORTITUDE_LIB_DIR]/modules/mod_cgi.so
+# Required module for commands in nss.conf:
+[FORTITUDE_NSS_MODULES]
+# Required module for command 'TPSConfigPathFile':
+LoadModule tps_module         [FORTITUDE_MODULE]/mod_tps.so
+# Required module for command 'TokendbConfigPathFile':
+LoadModule tokendb_module     [FORTITUDE_MODULE]/mod_tokendb.so
+
+<Location /nk_service>
+    SetHandler nk_service
+</Location>
+
+<Location /tus>
+    SetHandler tus
+</Location>
+
+#
+# Load config files from the config directory "/etc/[PKI_INSTANCE_ID]/conf.d".
+#
+#Include conf.d/*.conf
+Include [SERVER_ROOT]/conf/perl.conf
+
+#
+# ExtendedStatus controls whether Apache will generate "full" status
+# information (ExtendedStatus On) or just basic information (ExtendedStatus
+# Off) when the "server-status" handler is called. The default is Off.
+#
+#ExtendedStatus On
+
+### Section 2: 'Main' server configuration
+#
+# The directives in this section set up the values used by the 'main'
+# server, which responds to any requests that aren't handled by a
+# <VirtualHost> definition.  These values also provide defaults for
+# any <VirtualHost> containers you may define later in the file.
+#
+# All of these directives may appear inside <VirtualHost> containers,
+# in which case these default settings will be overridden for the
+# virtual host being defined.
+#
+
+<IfModule !mpm_winnt.c>
+<IfModule !mpm_netware.c>
+#
+# If you wish [PKI_INSTANCE_ID] to run as a different user or group, you must run
+# [PKI_INSTANCE_ID] as root initially and it will switch.  
+#
+# User/Group: The name (or #number) of the user/group to run [PKI_INSTANCE_ID] as.
+#  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
+#  . On HPUX you may not be able to use shared memory as nobody, and the
+#    suggested workaround is to create a user www and use that user.
+#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
+#  when the value of (unsigned)Group is above 60000; 
+#  don't use Group #-1 on these systems!
+#
+User [PKI_USER]
+Group [PKI_GROUP]
+#Group #-1
+</IfModule>
+</IfModule>
+
+#
+# ServerAdmin: Your address, where problems with the server should be
+# e-mailed.  This address appears on some server-generated pages, such
+# as error documents.  e.g. admin@your-domain.com
+#
+ServerAdmin you@example.com
+
+#
+# ServerName gives the name and port that the server uses to identify itself.
+# This can often be determined automatically, but we recommend you specify
+# it explicitly to prevent problems during startup.
+#
+# If this is not set to valid DNS name for your host, server-generated
+# redirections will not work.  See also the UseCanonicalName directive.
+#
+# If your host doesn't have a registered DNS name, enter its IP address here.
+# You will have to access it by its address anyway, and this will make 
+# redirections work in a sensible way.
+#
+#ServerName www.example.com:80
+
+#
+# UseCanonicalName: Determines how Apache constructs self-referencing 
+# URLs and the SERVER_NAME and SERVER_PORT variables.
+# When set "Off", Apache will use the Hostname and Port supplied
+# by the client.  When set "On", Apache will use the value of the
+# ServerName directive.
+#
+UseCanonicalName Off
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "[SERVER_ROOT]/docroot"
+
+#
+# Each directory to which Apache has access can be configured with respect
+# to which services and features are allowed and/or disabled in that
+# directory (and its subdirectories). 
+#
+# First, we configure the "default" to be a very restrictive set of 
+# features.  
+#
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+</Directory>
+
+#
+# Note that from this point forward you must specifically allow
+# particular features to be enabled - so if something's not working as
+# you might expect, make sure that you have specifically enabled it
+# below.
+#
+
+#
+# This should be changed to whatever you set DocumentRoot to.
+#
+<Directory "[SERVER_ROOT]/docroot">
+
+#
+# Possible values for the Options directive are "None", "All",
+# or any combination of:
+#   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
+#
+# Note that "MultiViews" must be named *explicitly* --- "Options All"
+# doesn't give it to you.
+#
+# The Options directive is both complicated and important.  Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#options
+# for more information.
+#
+    Options Indexes ExecCGI FollowSymLinks
+
+#
+# AllowOverride controls what directives may be placed in .htaccess files.
+# It can be "All", "None", or any combination of the keywords:
+#   Options FileInfo AuthConfig Limit
+#
+    AllowOverride None
+
+#
+# Controls who can get stuff from this server.
+#
+    Order allow,deny
+    Allow from all
+
+</Directory>
+
+#
+# UserDir: The name of the directory that is appended onto a user's home
+# directory if a ~user request is received.
+#
+UserDir public_html
+
+#
+# Control access to UserDir directories.  The following is an example
+# for a site where these directories are restricted to read-only.
+#
+#<Directory /home/*/public_html>
+#    AllowOverride FileInfo AuthConfig Limit Indexes
+#    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+#    <Limit GET POST OPTIONS PROPFIND>
+#        Order allow,deny
+#        Allow from all
+#    </Limit>
+#    <LimitExcept GET POST OPTIONS PROPFIND>
+#        Order deny,allow
+#        Deny from all
+#    </LimitExcept>
+#</Directory>
+
+#
+# DirectoryIndex: sets the file that Apache will serve if a directory
+# is requested.
+#
+# The index.html.var file (a type-map) is used to deliver content-
+# negotiated documents.  The MultiViews Option can be used for the 
+# same purpose, but it is much slower.
+#
+DirectoryIndex index.html index.html.var
+
+#
+# AccessFileName: The name of the file to look for in each directory
+# for additional configuration directives.  See also the AllowOverride 
+# directive.
+#
+AccessFileName .htaccess
+
+#
+# The following lines prevent .htaccess and .htpasswd files from being 
+# viewed by Web clients. 
+#
+<Files ~ "^\.ht">
+    Order allow,deny
+    Deny from all
+</Files>
+
+#
+# TypesConfig describes where the mime.types file (or equivalent) is
+# to be found.
+#
+TypesConfig conf/mime.types
+
+#
+# DefaultType is the default MIME type the server will use for a document
+# if it cannot otherwise determine one, such as from filename extensions.
+# If your server contains mostly text or HTML documents, "text/plain" is
+# a good value.  If most of your content is binary, such as applications
+# or images, you may want to use "application/octet-stream" instead to
+# keep browsers from trying to display binary files as though they are
+# text.
+#
+DefaultType text/plain
+
+#
+# The mod_mime_magic module allows the server to use various hints from the
+# contents of the file itself to determine its type.  The MIMEMagicFile
+# directive tells the module where the hint definitions are located.
+#
+<IfModule mod_mime_magic.c>
+    MIMEMagicFile conf/magic
+</IfModule>
+
+#
+# HostnameLookups: Log the names of clients or just their IP addresses
+# e.g., www.apache.org (on) or 204.62.129.132 (off).
+# The default is off because it'd be overall better for the net if people
+# had to knowingly turn this feature on, since enabling it means that
+# each client request will result in AT LEAST one lookup request to the
+# nameserver.
+#
+HostnameLookups Off
+
+#
+# EnableMMAP: Control whether memory-mapping is used to deliver
+# files (assuming that the underlying OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  On some systems, turning it off (regardless of
+# filesystem) can improve performance; for details, please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablemmap
+#
+#EnableMMAP off
+
+#
+# EnableSendfile: Control whether the sendfile kernel support is 
+# used  to deliver files (assuming that the OS supports it).
+# The default is on; turn this off if you serve from NFS-mounted 
+# filesystems.  Please see
+# http://httpd.apache.org/docs-2.0/mod/core.html#enablesendfile
+#
+#EnableSendfile off
+
+#
+# ErrorLog: The location of the error log file.
+# If you do not specify an ErrorLog directive within a <VirtualHost>
+# container, error messages relating to that virtual host will be
+# logged here.  If you *do* define an error logfile for a <VirtualHost>
+# container, that host's errors will be logged there and not here.
+#
+ErrorLog logs/error_log
+
+#
+# LogLevel: Control the number of messages logged to the error_log.
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+#
+#LogLevel warn
+LogLevel debug
+
+#
+# The following directives define some format nicknames for use with
+# a CustomLog directive (see below).
+#
+LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
+LogFormat "%h %l %u %t \"%r\" %>s %b" common
+LogFormat "%{Referer}i -> %U" referer
+LogFormat "%{User-agent}i" agent
+
+# You need to enable mod_logio.c to use %I and %O
+#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
+
+#
+# The location and format of the access logfile (Common Logfile Format).
+# If you do not define any access logfiles within a <VirtualHost>
+# container, they will be logged here.  Contrariwise, if you *do*
+# define per-<VirtualHost> access logfiles, transactions will be
+# logged therein and *not* in this file.
+#
+CustomLog logs/access_log common
+
+#
+# If you would like to have agent and referer logfiles, uncomment the
+# following directives.
+#
+#CustomLog logs/referer_log referer
+#CustomLog logs/agent_log agent
+
+#
+# If you prefer a single logfile with access, agent, and referer information
+# (Combined Logfile Format) you can use the following directive.
+#
+#CustomLog logs/access_log combined
+
+#
+# ServerTokens
+# This directive configures what you return as the Server HTTP response
+# Header. The default is 'Full' which sends information about the OS-Type
+# and compiled in modules.
+# Set to one of:  Full | OS | Minor | Minimal | Major | Prod
+# where Full conveys the most information, and Prod the least.
+#
+ServerTokens Prod
+
+#
+# Optionally add a line containing the server version and virtual host
+# name to server-generated pages (internal error documents, FTP directory 
+# listings, mod_status and mod_info output etc., but not CGI generated 
+# documents or custom error documents).
+# Set to "EMail" to also include a mailto: link to the ServerAdmin.
+# Set to one of:  On | Off | EMail
+#
+ServerSignature Off
+
+#
+# Aliases: Add here as many aliases as you need (with no limit). The format is 
+# Alias fakename realname
+#
+# Note that if you include a trailing / on fakename then the server will
+# require it to be present in the URL.  So "/icons" isn't aliased in this
+# example, only "/icons/".  If the fakename is slash-terminated, then the 
+# realname must also be slash terminated, and if the fakename omits the 
+# trailing slash, the realname must also omit it.
+#
+# We include the /icons/ alias for FancyIndexed directory listings.  If you
+# do not use FancyIndexing, you may comment this out.
+#
+Alias /icons/ "[SERVER_ROOT]/icons/"
+
+<Directory "[SERVER_ROOT]/icons">
+    Options Indexes MultiViews
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+</Directory>
+
+#
+# This should be changed to the ServerRoot/manual/.  The alias provides
+# the manual, even if you choose to move your DocumentRoot.  You may comment
+# this out if you do not care for the documentation.
+#
+AliasMatch ^/manual(?:/(?:de|en|es|fr|ja|ko|ru))?(/.*)?$ "[SERVER_ROOT]/manual$1"
+
+<Directory "[SERVER_ROOT]/manual">
+    Options Indexes
+    AllowOverride None
+    Order allow,deny
+    Allow from all
+
+    <Files *.html>
+        SetHandler type-map
+    </Files>
+
+    SetEnvIf Request_URI ^/manual/(de|en|es|fr|ja|ko|ru)/ prefer-language=$1
+    RedirectMatch 301 ^/manual(?:/(de|en|es|fr|ja|ko|ru)){2,}(/.*)?$ /manual/$1$2
+</Directory>
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "[SERVER_ROOT]/cgi-bin/"
+
+<IfModule mod_cgid.c>
+#
+# Additional to mod_cgid.c settings, mod_cgid has Scriptsock <path>
+# for setting UNIX socket for communicating with cgid.
+#
+#Scriptsock            logs/cgisock
+</IfModule>
+
+#
+# "[SERVER_ROOT]/cgi-bin" should be changed to whatever your ScriptAliased
+# CGI directory exists, if you have that configured.
+#
+<Directory "[SERVER_ROOT]/cgi-bin">
+    AllowOverride None
+    Options ExecCGI
+    Order allow,deny
+    Allow from all
+</Directory>
+
+#
+# Redirect allows you to tell clients about documents which used to exist in
+# your server's namespace, but do not anymore. This allows you to tell the
+# clients where to look for the relocated document.
+# Example:
+# Redirect permanent /foo http://www.example.com/bar
+
+#
+# Directives controlling the display of server-generated directory listings.
+#
+
+#
+# IndexOptions: Controls the appearance of server-generated directory
+# listings.
+#
+IndexOptions FancyIndexing VersionSort
+
+#
+# AddIcon* directives tell the server which icon to show for different
+# files or filename extensions.  These are only displayed for
+# FancyIndexed directories.
+#
+AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
+
+AddIconByType (TXT,/icons/text.gif) text/*
+AddIconByType (IMG,/icons/image2.gif) image/*
+AddIconByType (SND,/icons/sound2.gif) audio/*
+AddIconByType (VID,/icons/movie.gif) video/*
+
+AddIcon /icons/binary.gif .bin .exe
+AddIcon /icons/binhex.gif .hqx
+AddIcon /icons/tar.gif .tar
+AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
+AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
+AddIcon /icons/a.gif .ps .ai .eps
+AddIcon /icons/layout.gif .html .shtml .htm .pdf
+AddIcon /icons/text.gif .txt
+AddIcon /icons/c.gif .c
+AddIcon /icons/p.gif .pl .py
+AddIcon /icons/f.gif .for
+AddIcon /icons/dvi.gif .dvi
+AddIcon /icons/uuencoded.gif .uu
+AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
+AddIcon /icons/tex.gif .tex
+AddIcon /icons/bomb.gif core
+
+AddIcon /icons/back.gif ..
+AddIcon /icons/hand.right.gif README
+AddIcon /icons/folder.gif ^^DIRECTORY^^
+AddIcon /icons/blank.gif ^^BLANKICON^^
+
+#
+# DefaultIcon is which icon to show for files which do not have an icon
+# explicitly set.
+#
+DefaultIcon /icons/unknown.gif
+
+#
+# AddDescription allows you to place a short description after a file in
+# server-generated indexes.  These are only displayed for FancyIndexed
+# directories.
+# Format: AddDescription "description" filename
+#
+#AddDescription "GZIP compressed document" .gz
+#AddDescription "tar archive" .tar
+#AddDescription "GZIP compressed tar archive" .tgz
+
+#
+# ReadmeName is the name of the README file the server will look for by
+# default, and append to directory listings.
+#
+# HeaderName is the name of a file which should be prepended to
+# directory indexes. 
+ReadmeName README.html
+HeaderName HEADER.html
+
+#
+# IndexIgnore is a set of filenames which directory indexing should ignore
+# and not include in the listing.  Shell-style wildcarding is permitted.
+#
+IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
+
+#
+# DefaultLanguage and AddLanguage allows you to specify the language of 
+# a document. You can then use content negotiation to give a browser a 
+# file in a language the user can understand.
+#
+# Specify a default language. This means that all data
+# going out without a specific language tag (see below) will 
+# be marked with this one. You probably do NOT want to set
+# this unless you are sure it is correct for all cases.
+#
+# * It is generally better to not mark a page as 
+# * being a certain language than marking it with the wrong
+# * language!
+#
+# DefaultLanguage nl
+#
+# Note 1: The suffix does not have to be the same as the language
+# keyword --- those with documents in Polish (whose net-standard
+# language code is pl) may wish to use "AddLanguage pl .po" to
+# avoid the ambiguity with the common suffix for perl scripts.
+#
+# Note 2: The example entries below illustrate that in some cases 
+# the two character 'Language' abbreviation is not identical to 
+# the two character 'Country' code for its country,
+# E.g. 'Danmark/dk' versus 'Danish/da'.
+#
+# Note 3: In the case of 'ltz' we violate the RFC by using a three char
+# specifier. There is 'work in progress' to fix this and get
+# the reference data for rfc1766 cleaned up.
+#
+# Catalan (ca) - Croatian (hr) - Czech (cs) - Danish (da) - Dutch (nl)
+# English (en) - Esperanto (eo) - Estonian (et) - French (fr) - German (de)
+# Greek-Modern (el) - Hebrew (he) - Italian (it) - Japanese (ja)
+# Korean (ko) - Luxembourgeois* (ltz) - Norwegian Nynorsk (nn)
+# Norwegian (no) - Polish (pl) - Portugese (pt)
+# Brazilian Portuguese (pt-BR) - Russian (ru) - Swedish (sv)
+# Simplified Chinese (zh-CN) - Spanish (es) - Traditional Chinese (zh-TW)
+#
+AddLanguage ca .ca
+AddLanguage cs .cz .cs
+AddLanguage da .dk
+AddLanguage de .de
+AddLanguage el .el
+AddLanguage en .en
+AddLanguage eo .eo
+AddLanguage es .es
+AddLanguage et .et
+AddLanguage fr .fr
+AddLanguage he .he
+AddLanguage hr .hr
+AddLanguage it .it
+AddLanguage ja .ja
+AddLanguage ko .ko
+AddLanguage ltz .ltz
+AddLanguage nl .nl
+AddLanguage nn .nn
+AddLanguage no .no
+AddLanguage pl .po
+AddLanguage pt .pt
+AddLanguage pt-BR .pt-br
+AddLanguage ru .ru
+AddLanguage sv .sv
+AddLanguage zh-CN .zh-cn
+AddLanguage zh-TW .zh-tw
+
+#
+# LanguagePriority allows you to give precedence to some languages
+# in case of a tie during content negotiation.
+#
+# Just list the languages in decreasing order of preference. We have
+# more or less alphabetized them here. You probably want to change this.
+#
+LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
+
+#
+# ForceLanguagePriority allows you to serve a result page rather than
+# MULTIPLE CHOICES (Prefer) [in case of a tie] or NOT ACCEPTABLE (Fallback)
+# [in case no accepted languages matched the available variants]
+#
+ForceLanguagePriority Prefer Fallback
+
+#
+# Commonly used filename extensions to character sets. You probably
+# want to avoid clashes with the language extensions, unless you
+# are good at carefully testing your setup after each change.
+# See http://www.iana.org/assignments/character-sets for the
+# official list of charset names and their respective RFCs.
+#
+AddCharset ISO-8859-1  .iso8859-1  .latin1
+AddCharset ISO-8859-2  .iso8859-2  .latin2 .cen
+AddCharset ISO-8859-3  .iso8859-3  .latin3
+AddCharset ISO-8859-4  .iso8859-4  .latin4
+AddCharset ISO-8859-5  .iso8859-5  .latin5 .cyr .iso-ru
+AddCharset ISO-8859-6  .iso8859-6  .latin6 .arb
+AddCharset ISO-8859-7  .iso8859-7  .latin7 .grk
+AddCharset ISO-8859-8  .iso8859-8  .latin8 .heb
+AddCharset ISO-8859-9  .iso8859-9  .latin9 .trk
+AddCharset ISO-2022-JP .iso2022-jp .jis
+AddCharset ISO-2022-KR .iso2022-kr .kis
+AddCharset ISO-2022-CN .iso2022-cn .cis
+AddCharset Big5        .Big5       .big5
+# For russian, more than one charset is used (depends on client, mostly):
+AddCharset WINDOWS-1251 .cp-1251   .win-1251
+AddCharset CP866       .cp866
+AddCharset KOI8-r      .koi8-r .koi8-ru
+AddCharset KOI8-ru     .koi8-uk .ua
+AddCharset ISO-10646-UCS-2 .ucs2
+AddCharset ISO-10646-UCS-4 .ucs4
+AddCharset UTF-8       .utf8
+
+# The set below does not map to a specific (iso) standard
+# but works on a fairly wide range of browsers. Note that
+# capitalization actually matters (it should not, but it
+# does for some browsers).
+#
+# See http://www.iana.org/assignments/character-sets
+# for a list of sorts. But browsers support few.
+#
+AddCharset GB2312      .gb2312 .gb 
+AddCharset utf-7       .utf7
+AddCharset utf-8       .utf8
+AddCharset big5        .big5 .b5
+AddCharset EUC-TW      .euc-tw
+AddCharset EUC-JP      .euc-jp
+AddCharset EUC-KR      .euc-kr
+AddCharset shift_jis   .sjis
+
+#
+# AddType allows you to add to or override the MIME configuration
+# file mime.types for specific file types.
+#
+#AddType application/x-tar .tgz
+#
+# AddEncoding allows you to have certain browsers uncompress
+# information on the fly. Note: Not all browsers support this.
+# Despite the name similarity, the following Add* directives have nothing
+# to do with the FancyIndexing customization directives above.
+#
+#AddEncoding x-compress .Z
+#AddEncoding x-gzip .gz .tgz
+#
+# If the AddEncoding directives above are commented-out, then you
+# probably should define those extensions to indicate media types:
+#
+AddType application/x-compress .Z
+AddType application/x-gzip .gz .tgz
+
+#
+# AddHandler allows you to map certain file extensions to "handlers":
+# actions unrelated to filetype. These can be either built into the server
+# or added with the Action directive (see below)
+#
+# To use CGI scripts outside of ScriptAliased directories:
+# (You will also need to add "ExecCGI" to the "Options" directive.)
+#
+AddHandler cgi-script .cgi
+
+#
+# For files that include their own HTTP headers:
+#
+#AddHandler send-as-is asis
+
+#
+# For server-parsed imagemap files:
+#
+#AddHandler imap-file map
+
+#
+# For type maps (negotiated resources):
+# (This is enabled by default to allow the Apache "It Worked" page
+#  to be distributed in multiple languages.)
+#
+AddHandler type-map var
+
+#
+# Filters allow you to process content before it is sent to the client.
+#
+# To parse .shtml files for server-side includes (SSI):
+# (You will also need to add "Includes" to the "Options" directive.)
+#
+#AddType text/html .shtml
+#AddOutputFilter INCLUDES .shtml
+
+#
+# Action lets you define media types that will execute a script whenever
+# a matching file is called. This eliminates the need for repeated URL
+# pathnames for oft-used CGI file processors.
+# Format: Action media/type /cgi-script/location
+# Format: Action handler-name /cgi-script/location
+#
+
+#
+# Customizable error responses come in three flavors:
+# 1) plain text 2) local redirects 3) external redirects
+#
+# Some examples:
+#ErrorDocument 500 "The server made a boo boo."
+#ErrorDocument 404 /missing.html
+#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
+#ErrorDocument 402 http://www.example.com/subscription_info.html
+#
+
+#
+# Putting this all together, we can internationalize error responses.
+#
+# We use Alias to redirect any /error/HTTP_<error>.html.var response to
+# our collection of by-error message multi-language collections.  We use 
+# includes to substitute the appropriate text.
+#
+# You can modify the messages' appearance without changing any of the
+# default HTTP_<error>.html.var files by adding the line:
+#
+#   Alias /error/include/ "/your/include/path/"
+#
+# which allows you to create your own set of files by starting with the
+# /export/apache/error/include/ files and copying them to /your/include/path/, 
+# even on a per-VirtualHost basis.  The default include files will display
+# your Apache version number and your ServerAdmin email address regardless
+# of the setting of ServerSignature.
+#
+# The internationalized error documents require mod_alias, mod_include
+# and mod_negotiation.  To activate them, uncomment the following 30 lines.
+
+#    Alias /error/ "/export/apache/error/"
+#
+#    <Directory "/export/apache/error">
+#        AllowOverride None
+#        Options IncludesNoExec
+#        AddOutputFilter Includes html
+#        AddHandler type-map var
+#        Order allow,deny
+#        Allow from all
+#        LanguagePriority en cs de es fr it ja ko nl pl pt-br ro sv tr
+#        ForceLanguagePriority Prefer Fallback
+#    </Directory>
+#
+#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
+#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
+#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
+#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
+#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
+#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
+#    ErrorDocument 410 /error/HTTP_GONE.html.var
+#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
+#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
+#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
+#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
+#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
+#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
+#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
+#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
+#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
+#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
+#[ErrorDocument_404]
+#[ErrorDocument_500]
+
+
+#
+# The following directives modify normal HTTP response behavior to
+# handle known problems with browser implementations.
+#
+BrowserMatch "Mozilla/2" nokeepalive
+BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0
+BrowserMatch "RealPlayer 4\.0" force-response-1.0
+BrowserMatch "Java/1\.0" force-response-1.0
+BrowserMatch "JDK/1\.0" force-response-1.0
+
+#
+# The following directive disables redirects on non-GET requests for
+# a directory that does not include the trailing slash.  This fixes a 
+# problem with Microsoft WebFolders which does not appropriately handle 
+# redirects for folders with DAV methods.
+# Same deal with Apple's DAV filesystem and Gnome VFS support for DAV.
+#
+BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
+BrowserMatch "^WebDrive" redirect-carefully
+BrowserMatch "^WebDAVFS/1.[012]" redirect-carefully
+BrowserMatch "^gnome-vfs" redirect-carefully
+
+#
+# Allow server status reports generated by mod_status,
+# with the URL of http://servername/server-status
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-status>
+#    SetHandler server-status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+#
+# Allow remote server configuration reports, with the URL of
+#  http://servername/server-info (requires that mod_info.c be loaded).
+# Change the ".example.com" to match your domain to enable.
+#
+#<Location /server-info>
+#    SetHandler server-info
+#    Order deny,allow
+#    Deny from all
+#    Allow from .example.com
+#</Location>
+
+
+#
+# Bring in additional module-specific configurations
+#
+#<IfModule mod_ssl.c>
+#    Include conf/ssl.conf
+#</IfModule>
+Include [SERVER_ROOT]/conf/nss.conf
+
+TPSConfigPathFile [SERVER_ROOT]/conf/CS.cfg
+
+TokendbConfigPathFile [SERVER_ROOT]/conf/CS.cfg
+
+### Section 3: Virtual Hosts
+#
+# VirtualHost: If you want to maintain multiple domains/hostnames on your
+# machine you can setup VirtualHost containers for them. Most configurations
+# use only name-based virtual hosts so the server doesn't need to worry about
+# IP addresses. This is indicated by the asterisks in the directives below.
+#
+# Please see the documentation at 
+# <URL:http://httpd.apache.org/docs-2.0/vhosts/>
+# for further details before you try to setup virtual hosts.
+#
+# You may use the command line option '-S' to verify your virtual host
+# configuration.
+
+#
+# Use name-based virtual hosting.
+#
+#NameVirtualHost *:80
+
+#
+# VirtualHost example:
+# Almost any Apache directive may go into a VirtualHost container.
+# The first VirtualHost section is used for requests without a known
+# server name.
+#
+#<VirtualHost *:80>
+#    ServerAdmin webmaster@dummy-host.example.com
+#    DocumentRoot /www/docs/dummy-host.example.com
+#    ServerName dummy-host.example.com
+#    ErrorLog logs/dummy-host.example.com-error_log
+#    CustomLog logs/dummy-host.example.com-access_log common
+#</VirtualHost>
+
+#turn off TRACE by default
+TraceEnable Off
diff --git a/pki/base/tps/apache/conf/magic b/pki/base/tps/apache/conf/magic
new file mode 100644
index 000000000..0de73361f
--- /dev/null
+++ b/pki/base/tps/apache/conf/magic
@@ -0,0 +1,382 @@
+# Magic data for mod_mime_magic Apache module (originally for file(1) command)
+# The module is described in /manual/mod/mod_mime_magic.html
+#
+# The format is 4-5 columns:
+#    Column #1: byte number to begin checking from, ">" indicates continuation
+#    Column #2: type of data to match
+#    Column #3: contents of data to match
+#    Column #4: MIME type of result
+#    Column #5: MIME encoding of result (optional)
+
+#------------------------------------------------------------------------------
+# Localstuff:  file(1) magic for locally observed files
+# Add any locally observed files here.
+
+#------------------------------------------------------------------------------
+# end local stuff
+#------------------------------------------------------------------------------
+
+#------------------------------------------------------------------------------
+# Java
+
+0	short		0xcafe
+>2	short		0xbabe		application/java
+
+#------------------------------------------------------------------------------
+# audio:  file(1) magic for sound formats
+#
+# from Jan Nicolai Langfeldt <janl@ifi.uio.no>,
+#
+
+# Sun/NeXT audio data
+0	string		.snd
+>12	belong		1		audio/basic
+>12	belong		2		audio/basic
+>12	belong		3		audio/basic
+>12	belong		4		audio/basic
+>12	belong		5		audio/basic
+>12	belong		6		audio/basic
+>12	belong		7		audio/basic
+
+>12	belong		23		audio/x-adpcm
+
+# DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
+# that uses little-endian encoding and has a different magic number
+# (0x0064732E in little-endian encoding).
+0	lelong		0x0064732E	
+>12	lelong		1		audio/x-dec-basic
+>12	lelong		2		audio/x-dec-basic
+>12	lelong		3		audio/x-dec-basic
+>12	lelong		4		audio/x-dec-basic
+>12	lelong		5		audio/x-dec-basic
+>12	lelong		6		audio/x-dec-basic
+>12	lelong		7		audio/x-dec-basic
+#                                       compressed (G.721 ADPCM)
+>12	lelong		23		audio/x-dec-adpcm
+
+# Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
+#					AIFF audio data
+8	string		AIFF		audio/x-aiff	
+#					AIFF-C audio data
+8	string		AIFC		audio/x-aiff	
+#					IFF/8SVX audio data
+8	string		8SVX		audio/x-aiff	
+
+# Creative Labs AUDIO stuff
+#					Standard MIDI data
+0	string	MThd			audio/unknown	
+#>9 	byte	>0			(format %d)
+#>11	byte	>1			using %d channels
+#					Creative Music (CMF) data
+0	string	CTMF			audio/unknown	
+#					SoundBlaster instrument data
+0	string	SBI			audio/unknown	
+#					Creative Labs voice data
+0	string	Creative\ Voice\ File	audio/unknown	
+## is this next line right?  it came this way...
+#>19	byte	0x1A
+#>23	byte	>0			- version %d
+#>22	byte	>0			\b.%d
+
+# [GRR 950115:  is this also Creative Labs?  Guessing that first line
+#  should be string instead of unknown-endian long...]
+#0	long		0x4e54524b	MultiTrack sound data
+#0	string		NTRK		MultiTrack sound data
+#>4	long		x		- version %ld
+
+# Microsoft WAVE format (*.wav)
+# [GRR 950115:  probably all of the shorts and longs should be leshort/lelong]
+#					Microsoft RIFF
+0	string		RIFF		audio/unknown
+#					- WAVE format
+>8	string		WAVE		audio/x-wav
+# MPEG audio.
+0   beshort&0xfff0  0xfff0  audio/mpeg
+# C64 SID Music files, from Linus Walleij <triad@df.lth.se>
+0   string      PSID        audio/prs.sid
+
+#------------------------------------------------------------------------------
+# c-lang:  file(1) magic for C programs or various scripts
+#
+
+# XPM icons (Greg Roelofs, newt@uchicago.edu)
+# ideally should go into "images", but entries below would tag XPM as C source
+0	string		/*\ XPM		image/x-xbm	7bit
+
+# this first will upset you if you're a PL/1 shop... (are there any left?)
+# in which case rm it; ascmagic will catch real C programs
+#					C or REXX program text
+0	string		/*		text/plain
+#					C++ program text
+0	string		//		text/plain
+
+#------------------------------------------------------------------------------
+# compress:  file(1) magic for pure-compression formats (no archives)
+#
+# compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
+#
+# Formats for various forms of compressed data
+# Formats for "compress" proper have been moved into "compress.c",
+# because it tries to uncompress it to figure out what's inside.
+
+# standard unix compress
+0	string		\037\235	application/octet-stream	x-compress
+
+# gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
+0       string          \037\213        application/octet-stream	x-gzip
+
+# According to gzip.h, this is the correct byte order for packed data.
+0	string		\037\036	application/octet-stream
+#
+# This magic number is byte-order-independent.
+#
+0	short		017437		application/octet-stream
+
+# XXX - why *two* entries for "compacted data", one of which is
+# byte-order independent, and one of which is byte-order dependent?
+#
+# compacted data
+0	short		0x1fff		application/octet-stream
+0	string		\377\037	application/octet-stream
+# huf output
+0	short		0145405		application/octet-stream
+
+# Squeeze and Crunch...
+# These numbers were gleaned from the Unix versions of the programs to
+# handle these formats.  Note that I can only uncrunch, not crunch, and
+# I didn't have a crunched file handy, so the crunch number is untested.
+#				Keith Waclena <keith@cerberus.uchicago.edu>
+#0	leshort		0x76FF		squeezed data (CP/M, DOS)
+#0	leshort		0x76FE		crunched data (CP/M, DOS)
+
+# Freeze
+#0	string		\037\237	Frozen file 2.1
+#0	string		\037\236	Frozen file 1.0 (or gzip 0.5)
+
+# lzh?
+#0	string		\037\240	LZH compressed data
+
+#------------------------------------------------------------------------------
+# frame:  file(1) magic for FrameMaker files
+#
+# This stuff came on a FrameMaker demo tape, most of which is
+# copyright, but this file is "published" as witness the following:
+#
+0	string		\<MakerFile	application/x-frame
+0	string		\<MIFFile	application/x-frame
+0	string		\<MakerDictionary	application/x-frame
+0	string		\<MakerScreenFon	application/x-frame
+0	string		\<MML		application/x-frame
+0	string		\<Book		application/x-frame
+0	string		\<Maker		application/x-frame
+
+#------------------------------------------------------------------------------
+# html:  file(1) magic for HTML (HyperText Markup Language) docs
+#
+# from Daniel Quinlan <quinlan@yggdrasil.com>
+# and Anna Shergold <anna@inext.co.uk>
+#
+0   string      \<!DOCTYPE\ HTML    text/html
+0   string      \<!doctype\ html    text/html
+0   string      \<HEAD      text/html
+0   string      \<head      text/html
+0   string      \<TITLE     text/html
+0   string      \<title     text/html
+0   string      \<html      text/html
+0   string      \<HTML      text/html
+0   string      \<!--       text/html
+0   string      \<h1        text/html
+0   string      \<H1        text/html
+
+# XML eXtensible Markup Language, from Linus Walleij <triad@df.lth.se>
+0   string      \<?xml      text/xml
+
+#------------------------------------------------------------------------------
+# images:  file(1) magic for image formats (see also "c-lang" for XPM bitmaps)
+#
+# originally from jef@helios.ee.lbl.gov (Jef Poskanzer),
+# additions by janl@ifi.uio.no as well as others. Jan also suggested
+# merging several one- and two-line files into here.
+#
+# XXX - byte order for GIF and TIFF fields?
+# [GRR:  TIFF allows both byte orders; GIF is probably little-endian]
+#
+
+# [GRR:  what the hell is this doing in here?]
+#0	string		xbtoa		btoa'd file
+
+# PBMPLUS
+#					PBM file
+0	string		P1		image/x-portable-bitmap	7bit
+#					PGM file
+0	string		P2		image/x-portable-greymap	7bit
+#					PPM file
+0	string		P3		image/x-portable-pixmap	7bit
+#					PBM "rawbits" file
+0	string		P4		image/x-portable-bitmap
+#					PGM "rawbits" file
+0	string		P5		image/x-portable-greymap
+#					PPM "rawbits" file
+0	string		P6		image/x-portable-pixmap
+
+# NIFF (Navy Interchange File Format, a modification of TIFF)
+# [GRR:  this *must* go before TIFF]
+0	string		IIN1		image/x-niff
+
+# TIFF and friends
+#					TIFF file, big-endian
+0	string		MM		image/tiff
+#					TIFF file, little-endian
+0	string		II		image/tiff
+
+# possible GIF replacements; none yet released!
+# (Greg Roelofs, newt@uchicago.edu)
+#
+# GRR 950115:  this was mine ("Zip GIF"):
+#					ZIF image (GIF+deflate alpha)
+0	string		GIF94z		image/unknown
+#
+# GRR 950115:  this is Jeremy Wohl's Free Graphics Format (better):
+#					FGF image (GIF+deflate beta)
+0	string		FGF95a		image/unknown
+#
+# GRR 950115:  this is Thomas Boutell's Portable Bitmap Format proposal
+# (best; not yet implemented):
+#					PBF image (deflate compression)
+0	string		PBF		image/unknown
+
+# GIF
+0	string		GIF		image/gif
+
+# JPEG images
+0	beshort		0xffd8		image/jpeg
+
+# PC bitmaps (OS/2, Windoze BMP files)  (Greg Roelofs, newt@uchicago.edu)
+0	string		BM		image/bmp
+#>14	byte		12		(OS/2 1.x format)
+#>14	byte		64		(OS/2 2.x format)
+#>14	byte		40		(Windows 3.x format)
+#0	string		IC		icon
+#0	string		PI		pointer
+#0	string		CI		color icon
+#0	string		CP		color pointer
+#0	string		BA		bitmap array
+
+
+#------------------------------------------------------------------------------
+# lisp:  file(1) magic for lisp programs
+#
+# various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
+0	string	;;			text/plain	8bit
+# Emacs 18 - this is always correct, but not very magical.
+0	string	\012(			application/x-elc
+# Emacs 19
+0	string	;ELC\023\000\000\000	application/x-elc
+
+#------------------------------------------------------------------------------
+# mail.news:  file(1) magic for mail and news
+#
+# There are tests to ascmagic.c to cope with mail and news.
+0	string		Relay-Version: 	message/rfc822	7bit
+0	string		#!\ rnews	message/rfc822	7bit
+0	string		N#!\ rnews	message/rfc822	7bit
+0	string		Forward\ to 	message/rfc822	7bit
+0	string		Pipe\ to 	message/rfc822	7bit
+0	string		Return-Path:	message/rfc822	7bit
+0	string		Path:		message/news	8bit
+0	string		Xref:		message/news	8bit
+0	string		From:		message/rfc822	7bit
+0	string		Article 	message/news	8bit
+#------------------------------------------------------------------------------
+# msword: file(1) magic for MS Word files
+#
+# Contributor claims:
+# Reversed-engineered MS Word magic numbers
+#
+
+0	string		\376\067\0\043			application/msword
+0	string		\333\245-\0\0\0			application/msword
+
+# disable this one because it applies also to other
+# Office/OLE documents for which msword is not correct. See PR#2608.
+#0	string		\320\317\021\340\241\261	application/msword
+
+
+
+#------------------------------------------------------------------------------
+# printer:  file(1) magic for printer-formatted files
+#
+
+# PostScript
+0	string		%!		application/postscript
+0	string		\004%!		application/postscript
+
+# Acrobat
+# (due to clamen@cs.cmu.edu)
+0	string		%PDF-		application/pdf
+
+#------------------------------------------------------------------------------
+# sc:  file(1) magic for "sc" spreadsheet
+#
+38	string		Spreadsheet	application/x-sc
+
+#------------------------------------------------------------------------------
+# tex:  file(1) magic for TeX files
+#
+# XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
+#
+# From <conklin@talisman.kaleida.com>
+
+# Although we may know the offset of certain text fields in TeX DVI
+# and font files, we can't use them reliably because they are not
+# zero terminated. [but we do anyway, christos]
+0	string		\367\002	application/x-dvi
+#0	string		\367\203	TeX generic font data
+#0	string		\367\131	TeX packed font data
+#0	string		\367\312	TeX virtual font data
+#0	string		This\ is\ TeX,	TeX transcript text	
+#0	string		This\ is\ METAFONT,	METAFONT transcript text
+
+# There is no way to detect TeX Font Metric (*.tfm) files without
+# breaking them apart and reading the data.  The following patterns
+# match most *.tfm files generated by METAFONT or afm2tfm.
+#2	string		\000\021	TeX font metric data
+#2	string		\000\022	TeX font metric data
+#>34	string		>\0		(%s)
+
+# Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
+#0	string		\\input\ texinfo	Texinfo source text
+#0	string		This\ is\ Info\ file	GNU Info text
+
+# correct TeX magic for Linux (and maybe more)
+# from Peter Tobias (tobias@server.et-inf.fho-emden.de)
+#
+0	leshort		0x02f7		application/x-dvi
+
+# RTF - Rich Text Format
+0	string		{\\rtf		application/rtf
+
+#------------------------------------------------------------------------------
+# animation:  file(1) magic for animation/movie formats
+#
+# animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
+#						MPEG file
+0	string		\000\000\001\263	video/mpeg
+#
+# The contributor claims:
+#   I couldn't find a real magic number for these, however, this
+#   -appears- to work.  Note that it might catch other files, too,
+#   so BE CAREFUL!
+#
+# Note that title and author appear in the two 20-byte chunks
+# at decimal offsets 2 and 22, respectively, but they are XOR'ed with
+# 255 (hex FF)! DL format SUCKS BIG ROCKS.
+#
+#						DL file version 1 , medium format (160x100, 4 images/screen)
+0	byte		1			video/unknown
+0	byte		2			video/unknown
+# Quicktime video, from Linus Walleij <triad@df.lth.se>
+# from Apple quicktime file format documentation.
+4   string      moov        video/quicktime
+4   string      mdat        video/quicktime
+
diff --git a/pki/base/tps/apache/conf/mime.types b/pki/base/tps/apache/conf/mime.types
new file mode 100644
index 000000000..3485692d1
--- /dev/null
+++ b/pki/base/tps/apache/conf/mime.types
@@ -0,0 +1,592 @@
+# This is a comment. I love comments.
+
+# This file controls what Internet media types are sent to the client for
+# given file extension(s).  Sending the correct media type to the client
+# is important so they know how to handle the content of the file.
+# Extra types can either be added here or by using an AddType directive
+# in your config files. For more information about Internet media types,
+# please read RFC 2045, 2046, 2047, 2048, and 2077.  The Internet media type
+# registry is at <http://www.iana.org/assignments/media-types/>.
+
+# MIME type			Extensions
+application/activemessage
+application/andrew-inset	ez
+application/applefile
+application/atom+xml		atom
+application/atomicmail
+application/batch-smtp
+application/beep+xml
+application/cals-1840
+application/cnrp+xml
+application/commonground
+application/cpl+xml
+application/cybercash
+application/dca-rft
+application/dec-dx
+application/dvcs
+application/edi-consent
+application/edifact
+application/edi-x12
+application/eshop
+application/font-tdpfr
+application/http
+application/hyperstudio
+application/iges
+application/index
+application/index.cmd
+application/index.obj
+application/index.response
+application/index.vnd
+application/iotp
+application/ipp
+application/isup
+application/mac-binhex40	hqx
+application/mac-compactpro	cpt
+application/macwriteii
+application/marc
+application/mathematica
+application/mathml+xml		mathml
+application/msword		doc
+application/news-message-id
+application/news-transmission
+application/ocsp-request
+application/ocsp-response
+application/octet-stream	bin dms lha lzh exe class so dll dmg
+application/oda			oda
+application/ogg			ogg
+application/parityfec
+application/pdf			pdf
+application/pgp-encrypted
+application/pgp-keys
+application/pgp-signature
+application/pkcs10
+application/pkcs7-mime
+application/pkcs7-signature
+application/pkix-cert
+application/pkix-crl
+application/pkixcmp
+application/postscript		ai eps ps
+application/prs.alvestrand.titrax-sheet
+application/prs.cww
+application/prs.nprend
+application/prs.plucker
+application/qsig
+application/rdf+xml		rdf
+application/reginfo+xml
+application/remote-printing
+application/riscos
+application/rtf
+application/sdp
+application/set-payment
+application/set-payment-initiation
+application/set-registration
+application/set-registration-initiation
+application/sgml
+application/sgml-open-catalog
+application/sieve
+application/slate
+application/smil		smi smil
+application/srgs		gram
+application/srgs+xml		grxml
+application/timestamp-query
+application/timestamp-reply
+application/tve-trigger
+application/vemmi
+application/vnd.3gpp.pic-bw-large
+application/vnd.3gpp.pic-bw-small
+application/vnd.3gpp.pic-bw-var
+application/vnd.3gpp.sms
+application/vnd.3m.post-it-notes
+application/vnd.accpac.simply.aso
+application/vnd.accpac.simply.imp
+application/vnd.acucobol
+application/vnd.acucorp
+application/vnd.adobe.xfdf
+application/vnd.aether.imp
+application/vnd.amiga.ami
+application/vnd.anser-web-certificate-issue-initiation
+application/vnd.anser-web-funds-transfer-initiation
+application/vnd.audiograph
+application/vnd.blueice.multipass
+application/vnd.bmi
+application/vnd.businessobjects
+application/vnd.canon-cpdl
+application/vnd.canon-lips
+application/vnd.cinderella
+application/vnd.claymore
+application/vnd.commerce-battelle
+application/vnd.commonspace
+application/vnd.contact.cmsg
+application/vnd.cosmocaller
+application/vnd.criticaltools.wbs+xml
+application/vnd.ctc-posml
+application/vnd.cups-postscript
+application/vnd.cups-raster
+application/vnd.cups-raw
+application/vnd.curl
+application/vnd.cybank
+application/vnd.data-vision.rdz
+application/vnd.dna
+application/vnd.dpgraph
+application/vnd.dreamfactory
+application/vnd.dxr
+application/vnd.ecdis-update
+application/vnd.ecowin.chart
+application/vnd.ecowin.filerequest
+application/vnd.ecowin.fileupdate
+application/vnd.ecowin.series
+application/vnd.ecowin.seriesrequest
+application/vnd.ecowin.seriesupdate
+application/vnd.enliven
+application/vnd.epson.esf
+application/vnd.epson.msf
+application/vnd.epson.quickanime
+application/vnd.epson.salt
+application/vnd.epson.ssf
+application/vnd.ericsson.quickcall
+application/vnd.eudora.data
+application/vnd.fdf
+application/vnd.ffsns
+application/vnd.fints
+application/vnd.flographit
+application/vnd.framemaker
+application/vnd.fsc.weblaunch
+application/vnd.fujitsu.oasys
+application/vnd.fujitsu.oasys2
+application/vnd.fujitsu.oasys3
+application/vnd.fujitsu.oasysgp
+application/vnd.fujitsu.oasysprs
+application/vnd.fujixerox.ddd
+application/vnd.fujixerox.docuworks
+application/vnd.fujixerox.docuworks.binder
+application/vnd.fut-misnet
+application/vnd.grafeq
+application/vnd.groove-account
+application/vnd.groove-help
+application/vnd.groove-identity-message
+application/vnd.groove-injector
+application/vnd.groove-tool-message
+application/vnd.groove-tool-template
+application/vnd.groove-vcard
+application/vnd.hbci
+application/vnd.hhe.lesson-player
+application/vnd.hp-hpgl
+application/vnd.hp-hpid
+application/vnd.hp-hps
+application/vnd.hp-pcl
+application/vnd.hp-pclxl
+application/vnd.httphone
+application/vnd.hzn-3d-crossword
+application/vnd.ibm.afplinedata
+application/vnd.ibm.electronic-media
+application/vnd.ibm.minipay
+application/vnd.ibm.modcap
+application/vnd.ibm.rights-management
+application/vnd.ibm.secure-container
+application/vnd.informix-visionary
+application/vnd.intercon.formnet
+application/vnd.intertrust.digibox
+application/vnd.intertrust.nncp
+application/vnd.intu.qbo
+application/vnd.intu.qfx
+application/vnd.irepository.package+xml
+application/vnd.is-xpr
+application/vnd.japannet-directory-service
+application/vnd.japannet-jpnstore-wakeup
+application/vnd.japannet-payment-wakeup
+application/vnd.japannet-registration
+application/vnd.japannet-registration-wakeup
+application/vnd.japannet-setstore-wakeup
+application/vnd.japannet-verification
+application/vnd.japannet-verification-wakeup
+application/vnd.jisp
+application/vnd.kde.karbon
+application/vnd.kde.kchart
+application/vnd.kde.kformula
+application/vnd.kde.kivio
+application/vnd.kde.kontour
+application/vnd.kde.kpresenter
+application/vnd.kde.kspread
+application/vnd.kde.kword
+application/vnd.kenameaapp
+application/vnd.koan
+application/vnd.liberty-request+xml
+application/vnd.llamagraphics.life-balance.desktop
+application/vnd.llamagraphics.life-balance.exchange+xml
+application/vnd.lotus-1-2-3
+application/vnd.lotus-approach
+application/vnd.lotus-freelance
+application/vnd.lotus-notes
+application/vnd.lotus-organizer
+application/vnd.lotus-screencam
+application/vnd.lotus-wordpro
+application/vnd.mcd
+application/vnd.mediastation.cdkey
+application/vnd.meridian-slingshot
+application/vnd.micrografx.flo
+application/vnd.micrografx.igx
+application/vnd.mif		mif
+application/vnd.minisoft-hp3000-save
+application/vnd.mitsubishi.misty-guard.trustweb
+application/vnd.mobius.daf
+application/vnd.mobius.dis
+application/vnd.mobius.mbk
+application/vnd.mobius.mqy
+application/vnd.mobius.msl
+application/vnd.mobius.plc
+application/vnd.mobius.txf
+application/vnd.mophun.application
+application/vnd.mophun.certificate
+application/vnd.motorola.flexsuite
+application/vnd.motorola.flexsuite.adsi
+application/vnd.motorola.flexsuite.fis
+application/vnd.motorola.flexsuite.gotap
+application/vnd.motorola.flexsuite.kmr
+application/vnd.motorola.flexsuite.ttc
+application/vnd.motorola.flexsuite.wem
+application/vnd.mozilla.xul+xml	xul
+application/vnd.ms-artgalry
+application/vnd.ms-asf
+application/vnd.ms-excel	xls
+application/vnd.ms-lrm
+application/vnd.ms-powerpoint	ppt
+application/vnd.ms-project
+application/vnd.ms-tnef
+application/vnd.ms-works
+application/vnd.ms-wpl
+application/vnd.mseq
+application/vnd.msign
+application/vnd.music-niff
+application/vnd.musician
+application/vnd.netfpx
+application/vnd.noblenet-directory
+application/vnd.noblenet-sealer
+application/vnd.noblenet-web
+application/vnd.novadigm.edm
+application/vnd.novadigm.edx
+application/vnd.novadigm.ext
+application/vnd.obn
+application/vnd.osa.netdeploy
+application/vnd.palm
+application/vnd.pg.format
+application/vnd.pg.osasli
+application/vnd.powerbuilder6
+application/vnd.powerbuilder6-s
+application/vnd.powerbuilder7
+application/vnd.powerbuilder7-s
+application/vnd.powerbuilder75
+application/vnd.powerbuilder75-s
+application/vnd.previewsystems.box
+application/vnd.publishare-delta-tree
+application/vnd.pvi.ptid1
+application/vnd.pwg-multiplexed
+application/vnd.pwg-xhtml-print+xml
+application/vnd.quark.quarkxpress
+application/vnd.rapid
+application/vnd.s3sms
+application/vnd.sealed.net
+application/vnd.seemail
+application/vnd.shana.informed.formdata
+application/vnd.shana.informed.formtemplate
+application/vnd.shana.informed.interchange
+application/vnd.shana.informed.package
+application/vnd.smaf
+application/vnd.sss-cod
+application/vnd.sss-dtf
+application/vnd.sss-ntf
+application/vnd.street-stream
+application/vnd.svd
+application/vnd.swiftview-ics
+application/vnd.triscape.mxs
+application/vnd.trueapp
+application/vnd.truedoc
+application/vnd.ufdl
+application/vnd.uplanet.alert
+application/vnd.uplanet.alert-wbxml
+application/vnd.uplanet.bearer-choice
+application/vnd.uplanet.bearer-choice-wbxml
+application/vnd.uplanet.cacheop
+application/vnd.uplanet.cacheop-wbxml
+application/vnd.uplanet.channel
+application/vnd.uplanet.channel-wbxml
+application/vnd.uplanet.list
+application/vnd.uplanet.list-wbxml
+application/vnd.uplanet.listcmd
+application/vnd.uplanet.listcmd-wbxml
+application/vnd.uplanet.signal
+application/vnd.vcx
+application/vnd.vectorworks
+application/vnd.vidsoft.vidconference
+application/vnd.visio
+application/vnd.visionary
+application/vnd.vividence.scriptfile
+application/vnd.vsf
+application/vnd.wap.sic
+application/vnd.wap.slc
+application/vnd.wap.wbxml	wbxml
+application/vnd.wap.wmlc	wmlc
+application/vnd.wap.wmlscriptc	wmlsc
+application/vnd.webturbo
+application/vnd.wrq-hp3000-labelled
+application/vnd.wt.stf
+application/vnd.wv.csp+wbxml
+application/vnd.xara
+application/vnd.xfdl
+application/vnd.yamaha.hv-dic
+application/vnd.yamaha.hv-script
+application/vnd.yamaha.hv-voice
+application/vnd.yellowriver-custom-menu
+application/voicexml+xml	vxml
+application/watcherinfo+xml
+application/whoispp-query
+application/whoispp-response
+application/wita
+application/wordperfect5.1
+application/x-bcpio		bcpio
+application/x-cdlink		vcd
+application/x-chess-pgn		pgn
+application/x-compress
+application/x-cpio		cpio
+application/x-csh		csh
+application/x-director		dcr dir dxr
+application/x-dvi		dvi
+application/x-futuresplash	spl
+application/x-gtar		gtar
+application/x-gzip
+application/x-hdf		hdf
+application/x-javascript	js
+application/x-koan		skp skd skt skm
+application/x-latex		latex
+application/x-netcdf		nc cdf
+application/x-sh		sh
+application/x-shar		shar
+application/x-shockwave-flash	swf
+application/x-stuffit		sit
+application/x-sv4cpio		sv4cpio
+application/x-sv4crc		sv4crc
+application/x-tar		tar
+application/x-tcl		tcl
+application/x-tex		tex
+application/x-texinfo		texinfo texi
+application/x-troff		t tr roff
+application/x-troff-man		man
+application/x-troff-me		me
+application/x-troff-ms		ms
+application/x-ustar		ustar
+application/x-wais-source	src
+application/x400-bp
+application/xhtml+xml		xhtml xht
+application/xslt+xml		xslt
+application/xml			xml xsl
+application/xml-dtd		dtd
+application/xml-external-parsed-entity
+application/zip			zip
+audio/32kadpcm
+audio/amr
+audio/amr-wb
+audio/basic			au snd
+audio/cn
+audio/dat12
+audio/dsr-es201108
+audio/dvi4
+audio/evrc
+audio/evrc0
+audio/g722
+audio/g.722.1
+audio/g723
+audio/g726-16
+audio/g726-24
+audio/g726-32
+audio/g726-40
+audio/g728
+audio/g729
+audio/g729D
+audio/g729E
+audio/gsm
+audio/gsm-efr
+audio/l8
+audio/l16
+audio/l20
+audio/l24
+audio/lpc
+audio/midi			mid midi kar
+audio/mpa
+audio/mpa-robust
+audio/mp4a-latm
+audio/mpeg			mpga mp2 mp3
+audio/parityfec
+audio/pcma
+audio/pcmu
+audio/prs.sid
+audio/qcelp
+audio/red
+audio/smv
+audio/smv0
+audio/telephone-event
+audio/tone
+audio/vdvi
+audio/vnd.3gpp.iufp
+audio/vnd.cisco.nse
+audio/vnd.cns.anp1
+audio/vnd.cns.inf1
+audio/vnd.digital-winds
+audio/vnd.everad.plj
+audio/vnd.lucent.voice
+audio/vnd.nortel.vbk
+audio/vnd.nuera.ecelp4800
+audio/vnd.nuera.ecelp7470
+audio/vnd.nuera.ecelp9600
+audio/vnd.octel.sbc
+audio/vnd.qcelp
+audio/vnd.rhetorex.32kadpcm
+audio/vnd.vmx.cvsd
+audio/x-aiff			aif aiff aifc
+audio/x-alaw-basic
+audio/x-mpegurl			m3u
+audio/x-pn-realaudio		ram ra
+audio/x-pn-realaudio-plugin
+application/vnd.rn-realmedia	rm
+audio/x-wav			wav
+chemical/x-pdb			pdb
+chemical/x-xyz			xyz
+image/bmp			bmp
+image/cgm			cgm
+image/g3fax
+image/gif			gif
+image/ief			ief
+image/jpeg			jpeg jpg jpe
+image/naplps
+image/png			png
+image/prs.btif
+image/prs.pti
+image/svg+xml			svg
+image/t38
+image/tiff			tiff tif
+image/tiff-fx
+image/vnd.cns.inf2
+image/vnd.djvu			djvu djv
+image/vnd.dwg
+image/vnd.dxf
+image/vnd.fastbidsheet
+image/vnd.fpx
+image/vnd.fst
+image/vnd.fujixerox.edmics-mmr
+image/vnd.fujixerox.edmics-rlc
+image/vnd.globalgraphics.pgb
+image/vnd.mix
+image/vnd.ms-modi
+image/vnd.net-fpx
+image/vnd.svf
+image/vnd.wap.wbmp		wbmp
+image/vnd.xiff
+image/x-cmu-raster		ras
+image/x-icon			ico
+image/x-portable-anymap		pnm
+image/x-portable-bitmap		pbm
+image/x-portable-graymap	pgm
+image/x-portable-pixmap		ppm
+image/x-rgb			rgb
+image/x-xbitmap			xbm
+image/x-xpixmap			xpm
+image/x-xwindowdump		xwd
+message/delivery-status
+message/disposition-notification
+message/external-body
+message/http
+message/news
+message/partial
+message/rfc822
+message/s-http
+message/sip
+message/sipfrag
+model/iges			igs iges
+model/mesh			msh mesh silo
+model/vnd.dwf
+model/vnd.flatland.3dml
+model/vnd.gdl
+model/vnd.gs-gdl
+model/vnd.gtw
+model/vnd.mts
+model/vnd.parasolid.transmit.binary
+model/vnd.parasolid.transmit.text
+model/vnd.vtu
+model/vrml			wrl vrml
+multipart/alternative
+multipart/appledouble
+multipart/byteranges
+multipart/digest
+multipart/encrypted
+multipart/form-data
+multipart/header-set
+multipart/mixed
+multipart/parallel
+multipart/related
+multipart/report
+multipart/signed
+multipart/voice-message
+text/calendar			ics ifb
+text/css			css
+text/directory
+text/enriched
+text/html			html htm
+text/parityfec
+text/plain			asc txt
+text/prs.lines.tag
+text/rfc822-headers
+text/richtext			rtx
+text/rtf			rtf
+text/sgml			sgml sgm
+text/t140
+text/tab-separated-values	tsv
+text/uri-list
+text/vnd.abc
+text/vnd.curl
+text/vnd.dmclientscript
+text/vnd.fly
+text/vnd.fmi.flexstor
+text/vnd.in3d.3dml
+text/vnd.in3d.spot
+text/vnd.iptc.nitf
+text/vnd.iptc.newsml
+text/vnd.latex-z
+text/vnd.motorola.reflex
+text/vnd.ms-mediapackage
+text/vnd.net2phone.commcenter.command
+text/vnd.sun.j2me.app-descriptor
+text/vnd.wap.si
+text/vnd.wap.sl
+text/vnd.wap.wml		wml
+text/vnd.wap.wmlscript		wmls
+text/x-setext			etx
+text/xml
+text/xml-external-parsed-entity
+video/bmpeg
+video/bt656
+video/celb
+video/dv
+video/h261
+video/h263
+video/h263-1998
+video/h263-2000
+video/jpeg
+video/mp1s
+video/mp2p
+video/mp2t
+video/mp4v-es
+video/mpv
+video/mpeg			mpeg mpg mpe
+video/nv
+video/parityfec
+video/pointer
+video/quicktime			qt mov
+video/smpte292m
+video/vnd.fvt
+video/vnd.motorola.video
+video/vnd.motorola.videop
+video/vnd.mpegurl		mxu m4u
+video/vnd.nokia.interleaved-multimedia
+video/vnd.objectvideo
+video/vnd.vivo
+video/x-msvideo			avi
+video/x-sgi-movie		movie
+x-conference/x-cooltalk		ice
diff --git a/pki/base/tps/apache/conf/nss.conf b/pki/base/tps/apache/conf/nss.conf
new file mode 100644
index 000000000..2e0b0ecae
--- /dev/null
+++ b/pki/base/tps/apache/conf/nss.conf
@@ -0,0 +1,268 @@
+#
+# This is the Apache server configuration file providing SSL support using.
+# the mod_nss plugin.  It contains the configuration directives to instruct
+# the server how to serve pages over an https connection.
+# 
+# Do NOT simply read the instructions in here without understanding
+# what they do.  They're here only as hints or reminders.  If you are unsure
+# consult the online docs. You have been warned.  
+#
+
+#
+# When we also provide SSL we have to listen to the 
+# standard HTTP port (see above) and to the HTTPS port
+#
+# Note: Configurations that use IPv6 but not IPv4-mapped addresses need two
+#       Listen directives: "Listen [::]:443" and "Listen 0.0.0.0:443"
+#
+Listen [SECURE_PORT]
+
+Listen [NON_CLIENTAUTH_SECURE_PORT]
+
+##
+##  SSL Global Context
+##
+##  All SSL configuration in this context applies both to
+##  the main server and all SSL-enabled virtual hosts.
+##
+
+#
+#   Some MIME-types for downloading Certificates and CRLs
+#
+AddType application/x-x509-ca-cert .crt
+AddType application/x-pkcs7-crl    .crl
+
+#   Pass Phrase Dialog:
+#   Configure the pass phrase gathering process.
+#   The filtering dialog program (`builtin' is a internal
+#   terminal dialog) has to provide the pass phrase on stdout.
+#NSSPassPhraseDialog  builtin
+NSSPassPhraseDialog  defer:[SERVER_ROOT]/conf/password.conf
+
+
+#   Pass Phrase Helper:
+#   This helper program stores the token password pins between
+#   restarts of Apache.
+NSSPassPhraseHelper /usr/share/pki/tps/scripts/nss_pcache
+
+#   Configure the SSL Session Cache. 
+#   SSLSessionCacheSize is the number of entries in the cache.
+#   SSLSessionCacheTimeout is the SSL2 session timeout (in seconds).
+#   SSL3SessionCacheTimeout is the SSL3/TLS session timeout (in seconds).
+NSSSessionCacheSize 10000
+NSSSessionCacheTimeout 100
+NSSSession3CacheTimeout 86400
+
+##
+## SSL Virtual Host Context
+##
+
+<VirtualHost _default_:[SECURE_PORT]>
+
+#   General setup for the virtual host
+#DocumentRoot "/htdocs"
+#ServerName [Server_Name]:[Secure_Port]
+#ServerAdmin you@example.com
+
+# Configure OCSP checking of client certs
+
+#NSSOCSP on
+#NSSOCSPDefaultResponder on
+
+# URL of the ocsp service
+#
+#   Example of the built in ocsp service of the  CS CA
+
+#NSSOCSPDefaultURL http://localhost:9180/ca/ocsp
+
+# Nickname of ocsp signing cert
+#
+#    Below is sufficient if using built in CS CA ocsp service
+#    If using outboard ocsp, make sure the cert listed below
+#    is imported into the local cert database.
+
+#NSSOCSPDefaultName caCert 
+
+
+# mod_ssl logs to separate log files, you can choose to do that if you'd like
+ErrorLog [SERVER_ROOT]/logs/error_log
+TransferLog [SERVER_ROOT]/logs/access_log
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the server certificate you are going to use.
+NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]"
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase  [SERVER_ROOT]/alias
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient require
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog [SERVER_ROOT]/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
+
+<VirtualHost _default_:[NON_CLIENTAUTH_SECURE_PORT]>
+
+#   General setup for the virtual host
+#DocumentRoot "/htdocs"
+#ServerName [Server_Name]:[Non_Clientauth_Secure_Port]
+#ServerAdmin you@example.com
+
+# mod_ssl logs to separate log files, you can choose to do that if you'd like
+ErrorLog [SERVER_ROOT]/logs/error_log
+TransferLog [SERVER_ROOT]/logs/access_log
+
+#   SSL Engine Switch:
+#   Enable/Disable SSL for this virtual host.
+NSSEngine on
+
+#   SSL Cipher Suite:
+#   List the ciphers that the client is permitted to negotiate.
+#   See the mod_nss documentation for a complete list.
+NSSCipherSuite -des,-desede3,-rc2,-rc2export,-rc4,-rc4export,+rsa_3des_sha,-rsa_des_56_sha,+rsa_des_sha,-rsa_null_md5,-rsa_null_sha,-rsa_rc2_40_md5,+rsa_rc4_128_md5,-rsa_rc4_128_sha,-rsa_rc4_40_md5,-rsa_rc4_56_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-fips_des_sha,+fips_3des_sha,-rsa_aes_128_sha,-rsa_aes_256_sha,+ecdhe_ecdsa_aes_256_sha
+
+NSSProtocol SSLv3,TLSv1
+
+#   SSL Certificate Nickname:
+#   The nickname of the server certificate you are going to use.
+NSSNickname "Server-Cert cert-[PKI_INSTANCE_ID]"
+
+#   Server Certificate Database:
+#   The NSS security database directory that holds the certificates and
+#   keys. The database consists of 3 files: cert8.db, key3.db and secmod.db.
+#   Provide the directory that these files exist.
+NSSCertificateDatabase  [SERVER_ROOT]/alias
+
+#   Client Authentication (Type):
+#   Client certificate verification type.  Types are none, optional and
+#   require.
+NSSVerifyClient none
+
+#   Access Control:
+#   With SSLRequire you can do per-directory access control based
+#   on arbitrary complex boolean expressions containing server
+#   variable checks and other lookup directives.  The syntax is a
+#   mixture between C and Perl.  See the mod_nss documentation
+#   for more details.
+#<Location />
+#SSLRequire (    %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
+#            and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
+#            and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
+#            and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
+#            and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20       ) \
+#           or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
+#</Location>
+
+#   SSL Engine Options:
+#   Set various options for the SSL engine.
+#   o FakeBasicAuth:
+#     Translate the client X.509 into a Basic Authorisation.  This means that
+#     the standard Auth/DBMAuth methods can be used for access control.  The
+#     user name is the `one line' version of the client's X.509 certificate.
+#     Note that no password is obtained from the user. Every entry in the user
+#     file needs this password: `xxj31ZMTZzkVA'.
+#   o ExportCertData:
+#     This exports two additional environment variables: SSL_CLIENT_CERT and
+#     SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
+#     server (always existing) and the client (only existing when client
+#     authentication is used). This can be used to import the certificates
+#     into CGI scripts.
+#   o StdEnvVars:
+#     This exports the standard SSL/TLS related `SSL_*' environment variables.
+#     Per default this exportation is switched off for performance reasons,
+#     because the extraction step is an expensive operation and is usually
+#     useless for serving static content. So one usually enables the
+#     exportation for CGI and SSI requests only.
+#   o StrictRequire:
+#     This denies access when "SSLRequireSSL" or "SSLRequire" applied even
+#     under a "Satisfy any" situation, i.e. when it applies access is denied
+#     and no other module can change it.
+#   o OptRenegotiate:
+#     This enables optimized SSL connection renegotiation handling when SSL
+#     directives are used in per-directory context. 
+#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
+<Files ~ "\.(cgi|shtml|phtml|php3?)$">
+    NSSOptions +StdEnvVars
+</Files>
+<Directory "/cgi-bin">
+    NSSOptions +StdEnvVars
+</Directory>
+
+#   Per-Server Logging:
+#   The home of a custom SSL log file. Use this when you want a
+#   compact non-error SSL logfile on a virtual host basis.
+#CustomLog [SERVER_ROOT]/logs/ssl_request_log \
+#          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+</VirtualHost>                                  
diff --git a/pki/base/tps/apache/conf/perl.conf b/pki/base/tps/apache/conf/perl.conf
new file mode 100644
index 000000000..feb51e860
--- /dev/null
+++ b/pki/base/tps/apache/conf/perl.conf
@@ -0,0 +1,70 @@
+#
+# Mod_perl incorporates a Perl interpreter into the Apache web server,
+# so that the Apache web server can directly execute Perl code.
+# Mod_perl links the Perl runtime library into the Apache web server
+# and provides an object-oriented Perl interface for Apache's C
+# language API.  The end result is a quicker CGI script turnaround
+# process, since no external Perl interpreter has to be started.
+#
+
+LoadModule perl_module [FORTITUDE_LIB_DIR]/modules/mod_perl.so
+
+# Uncomment this line to globally enable warnings, which will be
+# written to the server's error log.  Warnings should be enabled
+# during the development process, but should be disabled on a
+# production server as they affect performance.
+#
+#PerlWarn On
+
+# Uncomment this line to enable taint checking globally.  When Perl is
+# running in taint mode various checks are performed to reduce the
+# risk of insecure data being passed to a subshell or being used to
+# modify the filesystem.  Unfortunatly many Perl modules are not
+# taint-safe, so you should exercise care before enabling it on a
+# production server.
+#
+#PerlTaintCheck On
+
+# This will allow execution of mod_perl to compile your scripts to
+# subroutines which it will execute directly, avoiding the costly
+# compile process for most requests.
+#
+#Alias /perl /var/www/perl
+#<Directory /var/www/perl>
+#    SetHandler perl-script
+#    PerlResponseHandler ModPerl::Registry
+#    PerlOptions +ParseHeaders
+#    Options +ExecCGI
+#</Directory>
+
+# This will allow remote server configuration reports, with the URL of
+#  http://servername/perl-status
+# Change the ".your-domain.com" to match your domain to enable.
+#
+#PerlModule Apache::compat
+#<Location /perl-status>
+#    SetHandler perl-script
+#    PerlResponseHandler Apache::Status
+#    Order deny,allow
+#    Deny from all
+#    Allow from .your-domain.com
+#</Location>
+
+PerlModule ModPerl::Registry
+PerlModule [FORTITUDE_APACHE]::compat
+PerlModule PKI::TPS::wizard
+PerlSetEnv PKI_DOCROOT [SERVER_ROOT]/docroot
+PerlSetEnv PKI_ROOT [SERVER_ROOT]
+<Location /tps/admin/console/config/wizard>
+   SetHandler perl-script
+   PerlHandler PKI::TPS::Wizard
+   Order deny,allow
+   Allow from all
+</Location>
+
+<Location /tps/admin/console/config/login>
+   SetHandler perl-script
+   PerlHandler PKI::TPS::Login
+   Order deny,allow
+   Allow from all
+</Location>
diff --git a/pki/base/tps/apache/pki_instance_command_wrapper b/pki/base/tps/apache/pki_instance_command_wrapper
new file mode 100644
index 000000000..913b37e4a
--- /dev/null
+++ b/pki/base/tps/apache/pki_instance_command_wrapper
@@ -0,0 +1,192 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+PRODUCT=[PKI_PRODUCT]
+SUBSYSTEM=[PKI_SUBSYSTEM]
+INSTANCE=[PKI_INSTANCE]
+COMMAND=[PKI_COMMAND]
+
+
+###############################################################################
+##  (2) Define helper functions.                                             ##
+###############################################################################
+
+invalid_operating_system() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' operating system!"
+   	echo
+}
+
+invalid_architecture() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' architecture!"
+   	echo
+}
+
+
+###############################################################################
+##  (3) Set environment variables.                                           ##
+##                                                                           ##
+##      Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+##                                                                           ##
+##      Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin" on 32-bit and 64-bit Linux as well as both         ##
+##             32-bit Solaris and 64-bit Solaris, this directory             ##
+##             will always be excluded from the search path.                 ##
+##                                                                           ##
+##             Additionally, since "/bin" is nothing more than a symbolic    ##
+##             link to "/usr/bin" on Solaris, this directory will also       ##
+##             always be excluded from the search path on this platform.     ##
+##                                                                           ##
+###############################################################################
+
+OS=`uname -s`
+ARCHITECTURE=""
+
+if [ "${OS}" = "Linux" ] ; then
+	ARCHITECTURE=`uname -i`
+	if [ "${ARCHITECTURE}" = "i386" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}:/bin
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		PATH=/usr/lib64/${PRODUCT}:/bin:${PATH}
+		PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+elif [ "${OS}" = "SunOS" ] ; then
+	ARCHITECTURE=`uname -p`
+	if	[ "${ARCHITECTURE}" = "sparc" ] &&
+		[ -d "/usr/lib/sparcv9/" ] ; then
+		ARCHITECTURE="sparcv9"
+	fi
+	if [ "${ARCHITECTURE}" = "sparc" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/var/lib/${INSTANCE}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/bin/sparcv9
+		PATH=/usr/lib/${PRODUCT}:${PATH}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/var/lib/${INSTANCE}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+else
+	invalid_operating_system "${OS}"
+	exit 255
+fi
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
diff --git a/pki/base/tps/apache/pki_subsystem_command_wrapper b/pki/base/tps/apache/pki_subsystem_command_wrapper
new file mode 100644
index 000000000..19cbf9dd9
--- /dev/null
+++ b/pki/base/tps/apache/pki_subsystem_command_wrapper
@@ -0,0 +1,182 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+ 
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+PRODUCT=[PKI_PRODUCT]
+SUBSYSTEM=[PKI_SUBSYSTEM]
+COMMAND=[PKI_COMMAND]
+
+
+###############################################################################
+##  (2) Define helper functions.                                             ##
+###############################################################################
+
+invalid_operating_system() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' operating system!"
+   	echo
+}
+
+invalid_architecture() {
+   	echo
+   	echo "ERROR:  '$0' does not execute on the '$1' architecture!"
+   	echo
+}
+
+
+###############################################################################
+##  (3) Set environment variables.                                           ##
+##                                                                           ##
+##      Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+##                                                                           ##
+##      Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin" on 32-bit and 64-bit Linux as well as both         ##
+##             32-bit Solaris and 64-bit Solaris, this directory             ##
+##             will always be excluded from the search path.                 ##
+##                                                                           ##
+##             Additionally, since "/bin" is nothing more than a symbolic    ##
+##             link to "/usr/bin" on Solaris, this directory will also       ##
+##             always be excluded from the search path on this platform.     ##
+##                                                                           ##
+###############################################################################
+
+OS=`uname -s`
+ARCHITECTURE=""
+
+if [ "${OS}" = "Linux" ] ; then
+	ARCHITECTURE=`uname -i`
+	if [ "${ARCHITECTURE}" = "i386" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}:/bin
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java:/usr/lib64:/lib64:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib64/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/usr/lib64/${PRODUCT}:/bin:${PATH}
+		PATH=/usr/lib64/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+elif [ "${OS}" = "SunOS" ] ; then
+	ARCHITECTURE=`uname -p`
+	if	[ "${ARCHITECTURE}" = "sparc" ] &&
+		[ -d "/usr/lib/sparcv9/" ] ; then
+		ARCHITECTURE="sparcv9"
+	fi
+	if [ "${ARCHITECTURE}" = "sparc" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	elif [ "${ARCHITECTURE}" = "sparcv9" ] ; then
+		LD_LIBRARY_PATH=/usr/lib/java:/usr/lib:/lib
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/java/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9:/lib/sparcv9:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:${LD_LIBRARY_PATH}
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/java/dirsec:${LD_LIBRARY_PATH}
+		export LD_LIBRARY_PATH
+
+		PATH=/usr/lib/${PRODUCT}
+		PATH=/usr/lib/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}:${PATH}
+		PATH=/usr/lib/sparcv9/${PRODUCT}/${SUBSYSTEM}:${PATH}
+		export PATH
+	else
+		invalid_architecture "${ARCHITECTURE}"
+		exit 255
+	fi
+else
+	invalid_operating_system "${OS}"
+	exit 255
+fi
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
diff --git a/pki/base/tps/apache/readme.html b/pki/base/tps/apache/readme.html
new file mode 100644
index 000000000..3b741e6ae
--- /dev/null
+++ b/pki/base/tps/apache/readme.html
@@ -0,0 +1,1222 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation;
+     version 2.1 of the License.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<body>
+<h1>
+<center><b>
+How to Setup and Configure "mod_tps" and "mod_tokendb" on Apache
+</b></center>
+<hr>
+<h2>Overview</h2>
+<ul>
+<p>This document describes how to install and configure the "mod_tps" and
+"mod_tokendb" modules required by CoolKey.
+</ul>
+<h2>Dependencies</h2>
+<ul>
+<p>"mod_tps" is dependent upon the following components:
+<ul>
+<li>Fedora Certificate System (FCS) 1.0.0 Certificate Authority (CA)
+<li>FCS 1.0.0 Token Key Service (TKS)
+<li>FCS 1.0.0 Data Recovery Manager (DRM) [optional]
+<li>FCS 1.0.0 Token Processing System (TPS)
+<li>Fedora Directory Server (FDS) 1.0 (TPS internaldb instance)
+<li>Apache 2.0.52
+<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude)
+</ul>
+<p>"mod_tokendb" is dependent upon the following components:
+<ul>
+<li>FCS 1.0.0 TPS
+<li>FDS 1.0 TPS internaldb instance
+<li>Apache 2.0.52
+<li>"mod_nss" module installed and available from this Apache 2.0.52 (Fortitude)
+<li>"mod_tps" module installed and available from this Apache 2.0.52 (Fortitude)
+</ul>
+</ul>
+<h2>Supported Platforms</h2>
+<ul>
+<li>Fedora Core 6 (32-bit),
+<li>Fedora Core 6 (64-bit), and
+<li>Solaris 9 (64-bit)
+</ul>
+<h2>Installing and Configuring "mod_tps" and "mod_tokendb"</h2>
+<ol>
+<li>Insure that a pre-installed version 1.0.0 of the FCS common subsystems area
+exists on the desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;)
+<li>Insure that a pre-installed version 1.0.0 of the FCS CA exists on the
+desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_ca_subsystems&gt; and &lt;pki_server_root&gt;/&lt;ca_instance&gt;)
+<li>Insure that a pre-installed version 1.0.0 of the FCS TKS exists on the
+desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tks_subsystems&gt; and &lt;pki_server_root&gt;/&lt;tks_instance&gt;)
+<li>Optionally, insure that a pre-installed version 1.0.0 of the FCS DRM exists
+on the desired machine running on the desired platform<br>
+(e. g. - &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_drm_subsystems&gt; and &lt;pki_server_root&gt;/&lt;drm_instance&gt;)
+<li>Insure that a pre-installed version 1.0 of the FDS exists on the desired
+machine running on the desired platform.<br>
+This is needed to create a TPS internaldb instance<br>
+(e. g. - &lt;rhds_server_root&gt;/&lt;tps_internaldb&gt;)
+<li>Insure that a pre-installed threaded version 2.0.52 of the Apache server
+exists on the desired machine running on the desired platform<br>
+(e. g. - &lt;apache_server_root&gt;)
+<li>Insure that this Apache server has "mod_nss" (Fortitude) installed and
+available from its &lt;apache_server_root&gt;
+<li>Download and unpack the entire contents of the TPS package into the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;, the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;, and the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;
+<li>Change directory to &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin
+<li>Execute &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/setup_tps:
+<ol type="a">
+<li>Creates a wrapper script called
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/tpsclient for
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/tpsclient
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/bin directory
+(instance-specific binaries)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/cgi-bin directory
+(user customization)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/docroot directory
+(user customization)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/lib directory
+(instance-specific libraries)
+<li>Creates an empty
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/logs directory
+(instance-specific logs)
+<li>Sets up the CA connector in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+<li>Optionally, sets up the DRM connector in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+<li>Creates a cert8.db in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/cert8.db
+<li>Creates a key3.db in
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/key3.db
+<li>Populates the cert8.db and key3.db security databases located in the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config directory with the
+ServerCert
+<li>Populates the TPS internaldb located in the
+&lt;rhds_server_root&gt;/&lt;tps_internaldb&gt; directory by executing the
+LDIF scripts located in the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup directory
+<li>Generates the
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/config/httpd.conf
+Apache Configuration file:
+<pre>
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule nss_module         &lt;apache_server_root&gt;/modules/libmodnss.so
+
+#
+# Bring in additional module-specific configurations
+#
+Include &lt;apache_server_root&gt;/conf/nss.conf
+Include &lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/tps.conf
+</pre>
+<li>Generates the
+&lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/tps.conf
+Apache TPS Module Configuration file:
+<pre>
+#
+# Dynamic Shared Object (DSO) Support
+#
+# To be able to use the functionality of a module which was built as a DSO you
+# have to place corresponding `LoadModule' lines at this location so the
+# directives contained in it are actually available _before_ they are used.
+# Statically compiled modules (those listed by `httpd -l') do not need
+# to be loaded here.
+#
+# Example:
+# LoadModule foo_module modules/mod_foo.so
+#
+LoadModule tps_module         &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tps.so
+LoadModule tokendb_module     &lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tokendb.so
+
+&lt;Location /nk_service&gt;
+    SetHandler nk_service
+&lt;/Location&gt;
+                                                                                
+&lt;Location /tus&gt;
+    SetHandler tus
+&lt;/Location&gt;
+
+#
+# DocumentRoot: The directory out of which you will serve your
+# documents. By default, all requests are taken from this directory, but
+# symbolic links and aliases may be used to point to other locations.
+#
+DocumentRoot "&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot"
+
+#
+# ScriptAlias: This controls which directories contain server scripts.
+# ScriptAliases are essentially the same as Aliases, except that
+# documents in the realname directory are treated as applications and
+# run by the server when requested rather than as documents sent to the client.
+# The same rules about trailing "/" apply to ScriptAlias directives as to
+# Alias.
+#
+ScriptAlias /cgi-bin/ "&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/"
+
+#
+# Bring in additional module-specific configurations
+#
+TPSConfigPathFile &lt;pki_server_root&gt;/&lt;tps_instance&gt;/config/CS.cfg
+</ol>
+<li>Assume "root" privilege
+<li>Execute &lt;apache_server_root&gt;/bin/apachectl -f 
+&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/config/httpd.conf
+start
+</ol>
+
+<h2>Inventory of cs-tps-{version} Package</h2>
+<ul>
+<table border=1>
+<tr>
+<th>Packaged File</th>
+<th>Unpackaged File</th>
+</tr>
+<tr>
+<td>applets/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/applets/</td>
+</tr>
+<tr>
+<td>applets/1.3.427BDDB8.ijc</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/applets/1.3.427BDDB8.ijc</td>
+</tr>
+<tr>
+<td>bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/</td>
+</tr>
+<tr>
+<td>bin/setup_tps</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/setup_tps</td>
+</tr>
+<tr>
+<td>bin/setup_tps</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/bin/uninstall_tps</td>
+</tr>
+<tr>
+<td>bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/</td>
+</tr>
+<tr>
+<td>bin/tpsclient</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/bin/tpsclient</td>
+</tr>
+<tr>
+<td>cgi-bin/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/</td>
+</tr>
+<tr>
+<td>cgi-bin/AdminEsc.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/AdminEsc.html</td>
+</tr>
+<tr>
+<td>cgi-bin/AdvancePopup.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/AdvancePopup.html</td>
+</tr>
+<tr>
+<td>cgi-bin/EnrollPopup.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/EnrollPopup.html</td>
+</tr>
+<tr>
+<td>cgi-bin/SettingsEsc.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/SettingsEsc.html</td>
+</tr>
+<tr>
+<td>cgi-bin/TokenManager.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/TokenManager.html</td>
+</tr>
+<tr>
+<td>cgi-bin/TokenPin.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/TokenPin.html</td>
+</tr>
+<tr>
+<td>cgi-bin/esc.cgi</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/esc.cgi</td>
+</tr>
+<tr>
+<td>cgi-bin/style.css</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/cgi-bin/style.css</td>
+</tr>
+<tr>
+<td>config/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/</td>
+</tr>
+<tr>
+<td>config/CS.cfg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/CS.cfg</td>
+</tr>
+<tr>
+<td>config/enroll.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/enroll.test</td>
+</tr>
+<tr>
+<td>config/format.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/format.test</td>
+</tr>
+<tr>
+<td>config/reset_pin.test</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/config/reset_pin.test</td>
+</tr>
+<tr>
+<td>docroot/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/</td>
+</tr>
+<tr>
+<td>docroot/GenericAuth.html</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/GenericAuth.html</td>
+</tr>
+<tr>
+<td>docroot/images/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/</td>
+</tr>
+<tr>
+<td>docroot/images/BannerBackground.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/BannerBackground.gif</td>
+</tr>
+<tr>
+<td>docroot/images/BindSettingsPrototype.jpg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/BindSettingsPrototype.jpg</td>
+</tr>
+<tr>
+<td>docroot/images/CancelButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/CancelButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/CloseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/CloseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ContinueButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ContinueButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/HelpButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/HelpButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKey-Small.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKey-Small.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyInsert.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyInsert.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyLogo.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyLogo.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyPair.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyPair.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyProgress.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyProgress.gif</td>
+</tr>
+<tr>
+<td>docroot/images/NetKeyQuestionMark.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/NetKeyQuestionMark.gif</td>
+</tr>
+<tr>
+<td>docroot/images/OKButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/OKButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/PadLock.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/PadLock.gif</td>
+</tr>
+<tr>
+<td>docroot/images/PurchaseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/PurchaseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ReactivateButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ReactivateButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/ReleaseButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/ReleaseButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/SecureButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/SecureButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/SuspendButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/SuspendButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/TryAgainButton.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/TryAgainButton.gif</td>
+</tr>
+<tr>
+<td>docroot/images/bg.jpg</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/bg.jpg</td>
+</tr>
+<tr>
+<td>docroot/images/logo.gif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/images/logo.gif</td>
+</tr>
+<tr>
+<td>docroot/style.css</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/style.css</td>
+</tr>
+<tr>
+<td>docroot/tus/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/</td>
+</tr>
+<tr>
+<td>docroot/tus/addResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/addResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/delete.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/delete.template</td>
+</tr>
+<tr>
+<td>docroot/tus/deleteResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/deleteResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/doToken.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/doToken.template</td>
+</tr>
+<tr>
+<td>docroot/tus/doTokenConfirm.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/doTokenConfirm.template</td>
+</tr>
+<tr>
+<td>docroot/tus/edit.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/edit.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editAdminResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editAdminResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/editResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/editResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/error.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/error.template</td>
+</tr>
+<tr>
+<td>docroot/tus/index.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/index.template</td>
+</tr>
+<tr>
+<td>docroot/tus/indexAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/indexAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/new.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/new.template</td>
+</tr>
+<tr>
+<td>docroot/tus/revoke.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/revoke.template</td>
+</tr>
+<tr>
+<td>docroot/tus/search.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/search.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchActivity.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchActivity.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchActivityResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchActivityResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchAdminResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchAdminResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchCertificateResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchCertificateResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/searchResults.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/searchResults.template</td>
+</tr>
+<tr>
+<td>docroot/tus/show.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/show.template</td>
+</tr>
+<tr>
+<td>docroot/tus/showAdmin.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/showAdmin.template</td>
+</tr>
+<tr>
+<td>docroot/tus/showCert.template</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/docroot/tus/showCert.template</td>
+</tr>
+<tr>
+<td>lib/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/</td>
+</tr>
+<tr>
+<td>lib/libldapauth.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libldapauth.so</td>
+</tr>
+<tr>
+<td>lib/libtokendb.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libtokendb.so</td>
+</tr>
+<tr>
+<td>lib/libtps.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/libtps.so</td>
+</tr>
+<tr>
+<td>lib/mod_tokendb.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tokendb.so</td>
+</tr>
+<tr>
+<td>lib/mod_tps.so</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/lib/mod_tps.so</td>
+</tr>
+<tr>
+<td>setup/</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/</td>
+</tr>
+<tr>
+<td>setup/addAgents.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addAgents.ldif</td>
+</tr>
+<tr>
+<td>setup/addIndexes.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addIndexes.ldif</td>
+</tr>
+<tr>
+<td>setup/addTokens.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addTokens.ldif</td>
+</tr>
+<tr>
+<td>setup/addVLVIndexes.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/addVLVIndexes.ldif</td>
+</tr>
+<tr>
+<td>setup/schemaMods.ldif</td>
+<td>&lt;pki_server_root&gt;/&lt;common_subsystems_area&gt;/&lt;common_tps_subsystems&gt;/setup/schemaMods.ldif</td>
+</tr>
+</table>
+</ul>
+
+<h2>Inventory of cs-tps-devel-{version} Package</h2>
+<ul>
+<table border=1>
+<tr>
+<th>Packaged File</th>
+<th>Unpackaged File</th>
+</tr>
+<tr>
+<td>include/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/APDU_Response.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Create_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Create_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Delete_File_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/External_Authenticate_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Format_Muscle_Applet_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Generate_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Data_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Status_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Get_Version_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Import_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Import_Key_Enc_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Initialize_Update_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Install_Applet_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Install_Load_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Lifecycle_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/List_Objects_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/List_Pins_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Load_File_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Put_Key_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Read_Buffer_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Read_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Select_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Set_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Unblock_Pin_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/apdu/Write_Object_APDU.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/AuthParams.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/Authentication.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/authentication/LDAP_Authentication.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/Channel.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/channel/Secure_Channel.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/CertEnroll.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/ConnectionInfo.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/cms/HttpConnection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/engine/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/engine/RA.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/AccessLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Auth.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ByteBuffer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/CERTUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Cache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Connection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ConnectionListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/DebugLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Defines.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ErrorLogger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Iterator.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/LogRotationTask.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Logger.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/NSPRerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddy.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyCache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSBuddyService.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCertExtension.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCommonLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfig.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfigManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSConfigReader.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSCrypt.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSDataSourceListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSDataSourceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSGroup.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSGroupCache.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSHelper.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPRUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPlugin.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSPluginManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServerManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServiceListener.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSServiceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSUser.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PSWaspLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Pool.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceManager.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceServer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/PresenceServerImpl.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SECerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLServerSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SSLerrs.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ScheduledTask.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Scheduler.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SecurityHeaders.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerConnection.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerHeaderProcessor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ServerSocket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/Socket.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SocketINC.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/SocketLib.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/StringList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/StringUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/TaskList.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/ThreadPool.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/URLUtil.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/engine.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/http.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/request.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/httpClient/httpc/response.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_pblock.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/AttributeSpec.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/AuthenticationEntry.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Base.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Buffer.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/ConfigStore.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Login.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Memory.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/MemoryMgr.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/NameValueSet.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/ObjectSpec.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/PKCS11Obj.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/PublishEntry.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Context.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/RA_Session.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/SecureId.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/main/Util.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/AP_Context.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/modules/tps/AP_Session.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_ASQ_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_ASQ_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Begin_Op_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_End_Op_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Extended_Login_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Extended_Login_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Login_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Login_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_New_Pin_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_New_Pin_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_SecureId_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_SecureId_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Status_Update_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Status_Update_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Token_PDU_Request_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/msg/RA_Token_PDU_Response_Msg.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Enroll_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Format_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Pin_Reset_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Renew_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/processor/RA_Unblock_Processor.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IConnector.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IPublish_Data.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/IPublisher.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/publisher/NetkeyPublisher.h</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/tus/</td>
+<td>&nbsp;</td>
+</tr>
+<tr>
+<td>include/tus/tus_db.h</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</ul>
+</body>
+</html>
+
diff --git a/pki/base/tps/applets/1.2.4122DFB4.ijc b/pki/base/tps/applets/1.2.4122DFB4.ijc
new file mode 100644
index 000000000..2a8ea0733
--- /dev/null
+++ b/pki/base/tps/applets/1.2.4122DFB4.ijc
diff --git a/pki/base/tps/applets/1.2.416DA155.ijc b/pki/base/tps/applets/1.2.416DA155.ijc
new file mode 100755
index 000000000..21b0312a8
--- /dev/null
+++ b/pki/base/tps/applets/1.2.416DA155.ijc
diff --git a/pki/base/tps/applets/1.3.42260AFA.ijc b/pki/base/tps/applets/1.3.42260AFA.ijc
new file mode 100755
index 000000000..f17f98281
--- /dev/null
+++ b/pki/base/tps/applets/1.3.42260AFA.ijc
diff --git a/pki/base/tps/applets/1.3.4255CC01.ijc b/pki/base/tps/applets/1.3.4255CC01.ijc
new file mode 100644
index 000000000..322fe86e2
--- /dev/null
+++ b/pki/base/tps/applets/1.3.4255CC01.ijc
diff --git a/pki/base/tps/applets/1.3.42659461.ijc b/pki/base/tps/applets/1.3.42659461.ijc
new file mode 100755
index 000000000..ccf8ba451
--- /dev/null
+++ b/pki/base/tps/applets/1.3.42659461.ijc
diff --git a/pki/base/tps/applets/1.3.427BDDB8.ijc b/pki/base/tps/applets/1.3.427BDDB8.ijc
new file mode 100644
index 000000000..4a633e8d3
--- /dev/null
+++ b/pki/base/tps/applets/1.3.427BDDB8.ijc
diff --git a/pki/base/tps/applets/1.3.44724DDE.ijc b/pki/base/tps/applets/1.3.44724DDE.ijc
new file mode 100755
index 000000000..e56705dff
--- /dev/null
+++ b/pki/base/tps/applets/1.3.44724DDE.ijc
diff --git a/pki/base/tps/applets/1.3.45787308.ijc b/pki/base/tps/applets/1.3.45787308.ijc
new file mode 100755
index 000000000..164c7e0cd
--- /dev/null
+++ b/pki/base/tps/applets/1.3.45787308.ijc
diff --git a/pki/base/tps/applets/1.4.499dc06c.ijc b/pki/base/tps/applets/1.4.499dc06c.ijc
new file mode 100644
index 000000000..388482123
--- /dev/null
+++ b/pki/base/tps/applets/1.4.499dc06c.ijc
diff --git a/pki/base/tps/applets/1.4.4d40a449.ijc b/pki/base/tps/applets/1.4.4d40a449.ijc
new file mode 100644
index 000000000..bd716adb0
--- /dev/null
+++ b/pki/base/tps/applets/1.4.4d40a449.ijc
diff --git a/pki/base/tps/applets/3FD00877.ijc b/pki/base/tps/applets/3FD00877.ijc
new file mode 100644
index 000000000..5e6624d5a
--- /dev/null
+++ b/pki/base/tps/applets/3FD00877.ijc
diff --git a/pki/base/tps/applets/4003196C.ijc b/pki/base/tps/applets/4003196C.ijc
new file mode 100644
index 000000000..bed8a7900
--- /dev/null
+++ b/pki/base/tps/applets/4003196C.ijc
diff --git a/pki/base/tps/applets/402428AD.ijc b/pki/base/tps/applets/402428AD.ijc
new file mode 100644
index 000000000..b91a64334
--- /dev/null
+++ b/pki/base/tps/applets/402428AD.ijc
diff --git a/pki/base/tps/applets/404E4697.ijc b/pki/base/tps/applets/404E4697.ijc
new file mode 100644
index 000000000..9c927c0f0
--- /dev/null
+++ b/pki/base/tps/applets/404E4697.ijc
diff --git a/pki/base/tps/applets/4122DFB4.ijc b/pki/base/tps/applets/4122DFB4.ijc
new file mode 100644
index 000000000..2a8ea0733
--- /dev/null
+++ b/pki/base/tps/applets/4122DFB4.ijc
diff --git a/pki/base/tps/applets/listappletdates b/pki/base/tps/applets/listappletdates
new file mode 100755
index 000000000..a9e5c49ca
--- /dev/null
+++ b/pki/base/tps/applets/listappletdates
@@ -0,0 +1,42 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+$f = `/bin/ls *.ijc`;
+
+@filenames = split /\n/ms, $f;
+
+foreach $file (@filenames) {
+	$timestamp = $file;
+    $timestamp =~ s/1\.\d\.//;
+
+	($root) = ($timestamp =~ /(.*).ijc/);
+   
+	($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime(hex($root));
+	
+	printf "  %16s    %4d/%02d/%02d  %02d:%02d\n", $file, 
+             $year+1900, $mon+1, $mday,
+			 $hour, $min;
+
+}
+
diff --git a/pki/base/tps/applets/readme.txt b/pki/base/tps/applets/readme.txt
new file mode 100644
index 000000000..9dd2a87ef
--- /dev/null
+++ b/pki/base/tps/applets/readme.txt
@@ -0,0 +1,52 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+This directory contains a list of CoolKey applets
+that can be used by the TPS for applet upgrade.
+
+
+Applet Information:
+------------------
+
+File Name     Creation Date    Applet Ver Major Ver Minor Ver Remark
+============  ================ ========== ========= ========= ==========
+427BDDB8.ijc  2005/05/06  14:12 427BDDB8   1         3         Official Applet
+
+Token Information:
+-----------------
+
+Type                      CUID (Token ID)     ATR       Remark
+======================== ==================== =======  ==================
+Old "E" and ealier cards 40900062ff00ssssssss 
+(Acquired From WebSite)
+"F" cards                40900062ff00ssssssss
+(Acquired From WebSite)
+"G" & later (Oct/Nov)    409000620103ssssssss 
+(Acquired From WebSite)
+Fortezza cards           409000620103ssssssss     
+(Acquired From WebSite)
+Developement Keyed cards 409000620101ssssssss 3B76940000FF6276010000
+
+where ssssssss is the serial number. 
+
+
+Remark
+======
+1.3.45787308.ijc - this is the unofficial jForte applet with hacks
diff --git a/pki/base/tps/autogen.sh b/pki/base/tps/autogen.sh
new file mode 100755
index 000000000..0e425b2b5
--- /dev/null
+++ b/pki/base/tps/autogen.sh
@@ -0,0 +1,60 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+# Check autoconf version
+AC_VERSION=`autoconf --version | grep '^autoconf' | sed 's/.*) *//'`
+case $AC_VERSION in
+'' | 0.* | 1.* | 2.[0-4]* | 2.[0-9] | 2.5[0-8]* )
+    echo "You must have autoconf version 2.59 or later installed (found version $AC_VERSION)."
+    exit 1
+    ;;
+* )
+    echo "Found autoconf version $AC_VERSION"
+    ;;
+esac
+
+# Check automake version
+AM_VERSION=`automake --version | grep '^automake' | sed 's/.*) *//'`
+case $AM_VERSION in
+'' | 0.* | 1.[0-8].* | 1.9.[0-5]* )
+    echo "You must have automake version 1.9.6 or later installed (found version $AM_VERSION)."
+    exit 1
+    ;;
+* )
+    echo "Found automake version $AM_VERSION"
+    ;;
+esac
+
+# Check libtool version
+LT_VERSION=`libtool --version | grep ' libtool)' | sed 's/.*) \([0-9][0-9.]*\)[^ ]* .*/\1/'`
+case $LT_VERSION in
+'' | 0.* | 1.[0-4]* | 1.5.[0-9] | 1.5.[0-1]* | 1.5.2[0-1]* )
+    echo "You must have libtool version 1.5.22 or later installed (found version $LT_VERSION)."
+    exit 1
+    ;;
+* )
+    echo "Found libtool version $LT_VERSION"
+    ;;
+esac
+
+# Run autoreconf
+echo "Running autoreconf -fvi"
+autoreconf -fvi
diff --git a/pki/base/tps/build.xml b/pki/base/tps/build.xml
new file mode 100644
index 000000000..4518d2145
--- /dev/null
+++ b/pki/base/tps/build.xml
@@ -0,0 +1,428 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License, or
+  (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="tps" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+    <!-- Set up component-specific properties -->
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="config.desktop.version">
+        <arg value="-pi -e"/>
+        <arg value="s/Version=.*/Version=${version}/"/>
+        <arg value="setup/config.desktop.in"/>
+    </exec>
+
+    <exec executable="perl"
+          failonerror="true"
+          outputproperty="wizard.pm.version">
+        <arg value="-pi -e"/>
+        <arg value='s/\$symbol{productversion}    = ".*";/\$symbol{productversion}    = "${version}";/'/>
+        <arg value="lib/perl/PKI/TPS/wizard.pm"/>
+    </exec>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="755"
+                        prefix="usr/bin/">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/lib/">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/lib/httpd/modules/">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="EULA"/>
+                <include name="LICENSE"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="alias/**"/>
+                <include name="applets/**"/>
+                <include name="conf/**"/>
+                <include name="docroot/**"/>
+                <include name="lib/**"/>
+                <include name="samples/**"/>
+                <include name="scripts/**"/>
+            </zipfileset>
+            <zipfileset dir="./setup"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}/setup">
+                <include name="config.desktop.in"/>
+                <include name="registry_instance"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="755"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="cgi-bin/**"/>
+                <include name="docroot/index.cgi"/>
+                <include name="logs/signedAudit"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="."
+                        mode="755"
+                        prefix="usr/bin/">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="usr/lib/">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="usr/lib/httpd/modules/">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="EULA"/>
+                <include name="LICENSE"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="alias/**"/>
+                <include name="applets/**"/>
+                <include name="conf/**"/>
+                <include name="docroot/**"/>
+                <include name="lib/**"/>
+                <include name="samples/**"/>
+                <include name="scripts/**"/>
+            </tarfileset>
+            <tarfileset dir="./setup"
+                        mode="644"
+                        prefix="usr/share/${product.prefix}/${product}/setup">
+                <include name="config.desktop.in"/>
+                <include name="registry_instance"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="755"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="cgi-bin/**"/>
+                <include name="docroot/index.cgi"/>
+                <include name="logs/signedAudit"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <echo message="${empty.binary.gtar.log.message}"/>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="EULA"/>
+                <include name="LICENSE"/>
+                <include name="Makefile.*"/>
+                <include name="aclocal.m4"/>
+                <include name="alias/**"/>
+                <include name="apache/**"/>
+                <include name="applets/**"/>
+                <exclude name="autogen.sh"/>
+                <include name="build.xml"/>
+                <include name="compile"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="config.guess"/>
+                <include name="config.h.in"/>
+                <include name="config.sub"/>
+                <exclude name="configure"/>
+                <include name="configure.ac"/>
+                <include name="depcomp"/>
+                <include name="doc/**"/>
+                <include name="etc/**"/>
+                <include name="forms/**"/>
+                <include name="install-sh"/>
+                <include name="lib/**"/>
+                <include name="logs/**"/>
+                <include name="ltmain.sh"/>
+                <include name="m4/**"/>
+                <include name="missing"/>
+                <include name="release"/>
+                <include name="scripts/**"/>
+                <include name="setup/**"/>
+                <exclude name="setup_package"/>
+                <include name="src/**"/>
+                <include name="stubs/**"/>
+                <include name="tools/**"/>
+                <include name="ui/**"/>
+                <include name="wrappers/**"/>
+            </zipfileset>
+            <zipfileset dir="./etc/init.d"
+                        filemode="755"
+                        prefix="etc/${init.d}">
+                <include name="pki-tpsd"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="755"
+                        prefix="${src.dist.name}">
+                <include name="autogen.sh"/>
+                <include name="configure"/>
+                <include name="setup_package"/>
+                <exclude name="etc/init.d/pki-tpsd"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="EULA"/>
+                <include name="LICENSE"/>
+                <include name="Makefile.*"/>
+                <include name="aclocal.m4"/>
+                <include name="alias/**"/>
+                <include name="apache/**"/>
+                <include name="applets/**"/>
+                <exclude name="autogen.sh"/>
+                <include name="build.xml"/>
+                <include name="compile"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="config.guess"/>
+                <include name="config.h.in"/>
+                <include name="config.sub"/>
+                <exclude name="configure"/>
+                <include name="configure.ac"/>
+                <include name="depcomp"/>
+                <include name="doc/**"/>
+                <include name="etc/**"/>
+                <include name="forms/**"/>
+                <include name="install-sh"/>
+                <include name="lib/**"/>
+                <include name="logs/**"/>
+                <include name="ltmain.sh"/>
+                <include name="m4/**"/>
+                <include name="missing"/>
+                <include name="release"/>
+                <include name="scripts/**"/>
+                <include name="setup/**"/>
+                <exclude name="setup_package"/>
+                <include name="src/**"/>
+                <include name="stubs/**"/>
+                <include name="tools/**"/>
+                <include name="ui/**"/>
+                <include name="wrappers/**"/>
+            </tarfileset>
+            <tarfileset dir="./etc/init.d"
+                        mode="755"
+                        prefix="${dist.name}/etc/${init.d}">
+                <include name="pki-tpsd"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="755"
+                        prefix="${src.dist.name}">
+                <include name="autogen.sh"/>
+                <include name="configure"/>
+                <include name="setup_package"/>
+                <exclude name="etc/init.d/pki-tpsd"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/pki/base/tps/compile b/pki/base/tps/compile
new file mode 100755
index 000000000..c0096a7b5
--- /dev/null
+++ b/pki/base/tps/compile
@@ -0,0 +1,143 @@
+#! /bin/sh
+# Wrapper for compilers which do not understand `-c -o'.
+
+scriptversion=2009-10-06.20; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009  Free Software
+# Foundation, Inc.
+# Written by Tom Tromey <tromey@cygnus.com>.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# This file is maintained in Automake, please report
+# bugs to <bug-automake@gnu.org> or send patches to
+# <automake-patches@gnu.org>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: compile [--help] [--version] PROGRAM [ARGS]
+
+Wrapper for compilers which do not understand `-c -o'.
+Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
+arguments, and rename the output as expected.
+
+If you are trying to build a whole package this is not the
+right script to run: please start by reading the file `INSTALL'.
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "compile $scriptversion"
+    exit $?
+    ;;
+esac
+
+ofile=
+cfile=
+eat=
+
+for arg
+do
+  if test -n "$eat"; then
+    eat=
+  else
+    case $1 in
+      -o)
+	# configure might choose to run compile as `compile cc -o foo foo.c'.
+	# So we strip `-o arg' only if arg is an object.
+	eat=1
+	case $2 in
+	  *.o | *.obj)
+	    ofile=$2
+	    ;;
+	  *)
+	    set x "$@" -o "$2"
+	    shift
+	    ;;
+	esac
+	;;
+      *.c)
+	cfile=$1
+	set x "$@" "$1"
+	shift
+	;;
+      *)
+	set x "$@" "$1"
+	shift
+	;;
+    esac
+  fi
+  shift
+done
+
+if test -z "$ofile" || test -z "$cfile"; then
+  # If no `-o' option was seen then we might have been invoked from a
+  # pattern rule where we don't need one.  That is ok -- this is a
+  # normal compilation that the losing compiler can handle.  If no
+  # `.c' file was seen then we are probably linking.  That is also
+  # ok.
+  exec "$@"
+fi
+
+# Name of file we expect compiler to create.
+cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
+
+# Create the lock directory.
+# Note: use `[/\\:.-]' here to ensure that we don't use the same name
+# that we are using for the .o file.  Also, base the name on the expected
+# object file name, since that is what matters with a parallel build.
+lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
+while true; do
+  if mkdir "$lockdir" >/dev/null 2>&1; then
+    break
+  fi
+  sleep 1
+done
+# FIXME: race condition here if user kills between mkdir and trap.
+trap "rmdir '$lockdir'; exit 1" 1 2 15
+
+# Run the compile.
+"$@"
+ret=$?
+
+if test -f "$cofile"; then
+  test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
+elif test -f "${cofile}bj"; then
+  test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
+fi
+
+rmdir "$lockdir"
+exit $ret
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/pki/base/tps/config.guess b/pki/base/tps/config.guess
new file mode 100755
index 000000000..dc84c68ef
--- /dev/null
+++ b/pki/base/tps/config.guess
@@ -0,0 +1,1501 @@
+#! /bin/sh
+# Attempt to guess a canonical system name.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-11-20'
+
+# This file is free software; you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Originally written by Per Bothner.  Please send patches (context
+# diff format) to <config-patches@gnu.org> and include a ChangeLog
+# entry.
+#
+# This script attempts to guess a canonical system name similar to
+# config.sub.  If it succeeds, it prints the system name on stdout, and
+# exits with 0.  Otherwise, it exits with 1.
+#
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION]
+
+Output the configuration name of the system \`$me' is run on.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.guess ($timestamp)
+
+Originally written by Per Bothner.
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help" >&2
+       exit 1 ;;
+    * )
+       break ;;
+  esac
+done
+
+if test $# != 0; then
+  echo "$me: too many arguments$help" >&2
+  exit 1
+fi
+
+trap 'exit 1' 1 2 15
+
+# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
+# compiler to aid in system detection is discouraged as it requires
+# temporary files to be created and, as you can see below, it is a
+# headache to deal with in a portable fashion.
+
+# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
+# use `HOST_CC' if defined, but it is deprecated.
+
+# Portable tmp directory creation inspired by the Autoconf team.
+
+set_cc_for_build='
+trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
+trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
+: ${TMPDIR=/tmp} ;
+ { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
+ { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
+ { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
+ { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
+dummy=$tmp/dummy ;
+tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
+case $CC_FOR_BUILD,$HOST_CC,$CC in
+ ,,)    echo "int x;" > $dummy.c ;
+	for c in cc gcc c89 c99 ; do
+	  if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
+	     CC_FOR_BUILD="$c"; break ;
+	  fi ;
+	done ;
+	if test x"$CC_FOR_BUILD" = x ; then
+	  CC_FOR_BUILD=no_compiler_found ;
+	fi
+	;;
+ ,,*)   CC_FOR_BUILD=$CC ;;
+ ,*,*)  CC_FOR_BUILD=$HOST_CC ;;
+esac ; set_cc_for_build= ;'
+
+# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
+# (ghazi@noc.rutgers.edu 1994-08-24)
+if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
+	PATH=$PATH:/.attbin ; export PATH
+fi
+
+UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
+UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
+UNAME_SYSTEM=`(uname -s) 2>/dev/null`  || UNAME_SYSTEM=unknown
+UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
+
+# Note: order is significant - the case branches are not exclusive.
+
+case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
+    *:NetBSD:*:*)
+	# NetBSD (nbsd) targets should (where applicable) match one or
+	# more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*,
+	# *-*-netbsdecoff* and *-*-netbsd*.  For targets that recently
+	# switched to ELF, *-*-netbsd* would select the old
+	# object file format.  This provides both forward
+	# compatibility and a consistent mechanism for selecting the
+	# object file format.
+	#
+	# Note: NetBSD doesn't particularly care about the vendor
+	# portion of the name.  We always set it to "unknown".
+	sysctl="sysctl -n hw.machine_arch"
+	UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \
+	    /usr/sbin/$sysctl 2>/dev/null || echo unknown)`
+	case "${UNAME_MACHINE_ARCH}" in
+	    armeb) machine=armeb-unknown ;;
+	    arm*) machine=arm-unknown ;;
+	    sh3el) machine=shl-unknown ;;
+	    sh3eb) machine=sh-unknown ;;
+	    sh5el) machine=sh5le-unknown ;;
+	    *) machine=${UNAME_MACHINE_ARCH}-unknown ;;
+	esac
+	# The Operating System including object format, if it has switched
+	# to ELF recently, or will in the future.
+	case "${UNAME_MACHINE_ARCH}" in
+	    arm*|i386|m68k|ns32k|sh3*|sparc|vax)
+		eval $set_cc_for_build
+		if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
+			| grep -q __ELF__
+		then
+		    # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
+		    # Return netbsd for either.  FIX?
+		    os=netbsd
+		else
+		    os=netbsdelf
+		fi
+		;;
+	    *)
+	        os=netbsd
+		;;
+	esac
+	# The OS release
+	# Debian GNU/NetBSD machines have a different userland, and
+	# thus, need a distinct triplet. However, they do not need
+	# kernel version information, so it can be replaced with a
+	# suitable tag, in the style of linux-gnu.
+	case "${UNAME_VERSION}" in
+	    Debian*)
+		release='-gnu'
+		;;
+	    *)
+		release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'`
+		;;
+	esac
+	# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
+	# contains redundant information, the shorter form:
+	# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
+	echo "${machine}-${os}${release}"
+	exit ;;
+    *:OpenBSD:*:*)
+	UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
+	echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
+	exit ;;
+    *:ekkoBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
+	exit ;;
+    *:SolidBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
+	exit ;;
+    macppc:MirBSD:*:*)
+	echo powerpc-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    *:MirBSD:*:*)
+	echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
+	exit ;;
+    alpha:OSF1:*:*)
+	case $UNAME_RELEASE in
+	*4.0)
+		UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
+		;;
+	*5.*)
+	        UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
+		;;
+	esac
+	# According to Compaq, /usr/sbin/psrinfo has been available on
+	# OSF/1 and Tru64 systems produced since 1995.  I hope that
+	# covers most systems running today.  This code pipes the CPU
+	# types through head -n 1, so we only detect the type of CPU 0.
+	ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^  The alpha \(.*\) processor.*$/\1/p' | head -n 1`
+	case "$ALPHA_CPU_TYPE" in
+	    "EV4 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV4.5 (21064)")
+		UNAME_MACHINE="alpha" ;;
+	    "LCA4 (21066/21068)")
+		UNAME_MACHINE="alpha" ;;
+	    "EV5 (21164)")
+		UNAME_MACHINE="alphaev5" ;;
+	    "EV5.6 (21164A)")
+		UNAME_MACHINE="alphaev56" ;;
+	    "EV5.6 (21164PC)")
+		UNAME_MACHINE="alphapca56" ;;
+	    "EV5.7 (21164PC)")
+		UNAME_MACHINE="alphapca57" ;;
+	    "EV6 (21264)")
+		UNAME_MACHINE="alphaev6" ;;
+	    "EV6.7 (21264A)")
+		UNAME_MACHINE="alphaev67" ;;
+	    "EV6.8CB (21264C)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8AL (21264B)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.8CX (21264D)")
+		UNAME_MACHINE="alphaev68" ;;
+	    "EV6.9A (21264/EV69A)")
+		UNAME_MACHINE="alphaev69" ;;
+	    "EV7 (21364)")
+		UNAME_MACHINE="alphaev7" ;;
+	    "EV7.9 (21364A)")
+		UNAME_MACHINE="alphaev79" ;;
+	esac
+	# A Pn.n version is a patched version.
+	# A Vn.n version is a released version.
+	# A Tn.n version is a released field test version.
+	# A Xn.n version is an unreleased experimental baselevel.
+	# 1.2 uses "1.2" for uname -r.
+	echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+	exit ;;
+    Alpha\ *:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# Should we change UNAME_MACHINE based on the output of uname instead
+	# of the specific Alpha model?
+	echo alpha-pc-interix
+	exit ;;
+    21064:Windows_NT:50:3)
+	echo alpha-dec-winnt3.5
+	exit ;;
+    Amiga*:UNIX_System_V:4.0:*)
+	echo m68k-unknown-sysv4
+	exit ;;
+    *:[Aa]miga[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-amigaos
+	exit ;;
+    *:[Mm]orph[Oo][Ss]:*:*)
+	echo ${UNAME_MACHINE}-unknown-morphos
+	exit ;;
+    *:OS/390:*:*)
+	echo i370-ibm-openedition
+	exit ;;
+    *:z/VM:*:*)
+	echo s390-ibm-zvmoe
+	exit ;;
+    *:OS400:*:*)
+        echo powerpc-ibm-os400
+	exit ;;
+    arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
+	echo arm-acorn-riscix${UNAME_RELEASE}
+	exit ;;
+    arm:riscos:*:*|arm:RISCOS:*:*)
+	echo arm-unknown-riscos
+	exit ;;
+    SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
+	echo hppa1.1-hitachi-hiuxmpp
+	exit ;;
+    Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
+	# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
+	if test "`(/bin/universe) 2>/dev/null`" = att ; then
+		echo pyramid-pyramid-sysv3
+	else
+		echo pyramid-pyramid-bsd
+	fi
+	exit ;;
+    NILE*:*:*:dcosx)
+	echo pyramid-pyramid-svr4
+	exit ;;
+    DRS?6000:unix:4.0:6*)
+	echo sparc-icl-nx6
+	exit ;;
+    DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
+	case `/usr/bin/uname -p` in
+	    sparc) echo sparc-icl-nx7; exit ;;
+	esac ;;
+    s390x:SunOS:*:*)
+	echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4H:SunOS:5.*:*)
+	echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
+	echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
+	echo i386-pc-auroraux${UNAME_RELEASE}
+	exit ;;
+    i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
+	eval $set_cc_for_build
+	SUN_ARCH="i386"
+	# If there is a compiler, see if it is configured for 64-bit objects.
+	# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
+	# This test works for both compilers.
+	if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+	    if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
+		(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		grep IS_64BIT_ARCH >/dev/null
+	    then
+		SUN_ARCH="x86_64"
+	    fi
+	fi
+	echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:6*:*)
+	# According to config.sub, this is the proper way to canonicalize
+	# SunOS6.  Hard to guess exactly what SunOS6 will be like, but
+	# it's likely to be more like Solaris than SunOS4.
+	echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    sun4*:SunOS:*:*)
+	case "`/usr/bin/arch -k`" in
+	    Series*|S4*)
+		UNAME_RELEASE=`uname -v`
+		;;
+	esac
+	# Japanese Language versions have a version number like `4.1.3-JL'.
+	echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
+	exit ;;
+    sun3*:SunOS:*:*)
+	echo m68k-sun-sunos${UNAME_RELEASE}
+	exit ;;
+    sun*:*:4.2BSD:*)
+	UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
+	test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
+	case "`/bin/arch`" in
+	    sun3)
+		echo m68k-sun-sunos${UNAME_RELEASE}
+		;;
+	    sun4)
+		echo sparc-sun-sunos${UNAME_RELEASE}
+		;;
+	esac
+	exit ;;
+    aushp:SunOS:*:*)
+	echo sparc-auspex-sunos${UNAME_RELEASE}
+	exit ;;
+    # The situation for MiNT is a little confusing.  The machine name
+    # can be virtually everything (everything which is not
+    # "atarist" or "atariste" at least should have a processor
+    # > m68000).  The system name ranges from "MiNT" over "FreeMiNT"
+    # to the lowercase version "mint" (or "freemint").  Finally
+    # the system name "TOS" denotes a system which is actually not
+    # MiNT.  But MiNT is downward compatible to TOS, so this should
+    # be no problem.
+    atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
+	echo m68k-atari-mint${UNAME_RELEASE}
+        exit ;;
+    *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
+        echo m68k-atari-mint${UNAME_RELEASE}
+	exit ;;
+    milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
+        echo m68k-milan-mint${UNAME_RELEASE}
+        exit ;;
+    hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
+        echo m68k-hades-mint${UNAME_RELEASE}
+        exit ;;
+    *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
+        echo m68k-unknown-mint${UNAME_RELEASE}
+        exit ;;
+    m68k:machten:*:*)
+	echo m68k-apple-machten${UNAME_RELEASE}
+	exit ;;
+    powerpc:machten:*:*)
+	echo powerpc-apple-machten${UNAME_RELEASE}
+	exit ;;
+    RISC*:Mach:*:*)
+	echo mips-dec-mach_bsd4.3
+	exit ;;
+    RISC*:ULTRIX:*:*)
+	echo mips-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    VAX*:ULTRIX*:*:*)
+	echo vax-dec-ultrix${UNAME_RELEASE}
+	exit ;;
+    2020:CLIX:*:* | 2430:CLIX:*:*)
+	echo clipper-intergraph-clix${UNAME_RELEASE}
+	exit ;;
+    mips:*:*:UMIPS | mips:*:*:RISCos)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+#ifdef __cplusplus
+#include <stdio.h>  /* for printf() prototype */
+	int main (int argc, char *argv[]) {
+#else
+	int main (argc, argv) int argc; char *argv[]; {
+#endif
+	#if defined (host_mips) && defined (MIPSEB)
+	#if defined (SYSTYPE_SYSV)
+	  printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_SVR4)
+	  printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
+	#endif
+	#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
+	  printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
+	#endif
+	#endif
+	  exit (-1);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c &&
+	  dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
+	  SYSTEM_NAME=`$dummy $dummyarg` &&
+	    { echo "$SYSTEM_NAME"; exit; }
+	echo mips-mips-riscos${UNAME_RELEASE}
+	exit ;;
+    Motorola:PowerMAX_OS:*:*)
+	echo powerpc-motorola-powermax
+	exit ;;
+    Motorola:*:4.3:PL8-*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
+	echo powerpc-harris-powermax
+	exit ;;
+    Night_Hawk:Power_UNIX:*:*)
+	echo powerpc-harris-powerunix
+	exit ;;
+    m88k:CX/UX:7*:*)
+	echo m88k-harris-cxux7
+	exit ;;
+    m88k:*:4*:R4*)
+	echo m88k-motorola-sysv4
+	exit ;;
+    m88k:*:3*:R3*)
+	echo m88k-motorola-sysv3
+	exit ;;
+    AViiON:dgux:*:*)
+        # DG/UX returns AViiON for all architectures
+        UNAME_PROCESSOR=`/usr/bin/uname -p`
+	if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
+	then
+	    if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
+	       [ ${TARGET_BINARY_INTERFACE}x = x ]
+	    then
+		echo m88k-dg-dgux${UNAME_RELEASE}
+	    else
+		echo m88k-dg-dguxbcs${UNAME_RELEASE}
+	    fi
+	else
+	    echo i586-dg-dgux${UNAME_RELEASE}
+	fi
+ 	exit ;;
+    M88*:DolphinOS:*:*)	# DolphinOS (SVR3)
+	echo m88k-dolphin-sysv3
+	exit ;;
+    M88*:*:R3*:*)
+	# Delta 88k system running SVR3
+	echo m88k-motorola-sysv3
+	exit ;;
+    XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
+	echo m88k-tektronix-sysv3
+	exit ;;
+    Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
+	echo m68k-tektronix-bsd
+	exit ;;
+    *:IRIX*:*:*)
+	echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
+	exit ;;
+    ????????:AIX?:[12].1:2)   # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
+	echo romp-ibm-aix     # uname -m gives an 8 hex-code CPU id
+	exit ;;               # Note that: echo "'`uname -s`'" gives 'AIX '
+    i*86:AIX:*:*)
+	echo i386-ibm-aix
+	exit ;;
+    ia64:AIX:*:*)
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:2:3)
+	if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
+		eval $set_cc_for_build
+		sed 's/^		//' << EOF >$dummy.c
+		#include <sys/systemcfg.h>
+
+		main()
+			{
+			if (!__power_pc())
+				exit(1);
+			puts("powerpc-ibm-aix3.2.5");
+			exit(0);
+			}
+EOF
+		if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
+		then
+			echo "$SYSTEM_NAME"
+		else
+			echo rs6000-ibm-aix3.2.5
+		fi
+	elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
+		echo rs6000-ibm-aix3.2.4
+	else
+		echo rs6000-ibm-aix3.2
+	fi
+	exit ;;
+    *:AIX:*:[456])
+	IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
+	if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
+		IBM_ARCH=rs6000
+	else
+		IBM_ARCH=powerpc
+	fi
+	if [ -x /usr/bin/oslevel ] ; then
+		IBM_REV=`/usr/bin/oslevel`
+	else
+		IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
+	fi
+	echo ${IBM_ARCH}-ibm-aix${IBM_REV}
+	exit ;;
+    *:AIX:*:*)
+	echo rs6000-ibm-aix
+	exit ;;
+    ibmrt:4.4BSD:*|romp-ibm:BSD:*)
+	echo romp-ibm-bsd4.4
+	exit ;;
+    ibmrt:*BSD:*|romp-ibm:BSD:*)            # covers RT/PC BSD and
+	echo romp-ibm-bsd${UNAME_RELEASE}   # 4.3 with uname added to
+	exit ;;                             # report: romp-ibm BSD 4.3
+    *:BOSX:*:*)
+	echo rs6000-bull-bosx
+	exit ;;
+    DPX/2?00:B.O.S.:*:*)
+	echo m68k-bull-sysv3
+	exit ;;
+    9000/[34]??:4.3bsd:1.*:*)
+	echo m68k-hp-bsd
+	exit ;;
+    hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
+	echo m68k-hp-bsd4.4
+	exit ;;
+    9000/[34678]??:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	case "${UNAME_MACHINE}" in
+	    9000/31? )            HP_ARCH=m68000 ;;
+	    9000/[34]?? )         HP_ARCH=m68k ;;
+	    9000/[678][0-9][0-9])
+		if [ -x /usr/bin/getconf ]; then
+		    sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
+                    sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
+                    case "${sc_cpu_version}" in
+                      523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
+                      528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
+                      532)                      # CPU_PA_RISC2_0
+                        case "${sc_kernel_bits}" in
+                          32) HP_ARCH="hppa2.0n" ;;
+                          64) HP_ARCH="hppa2.0w" ;;
+			  '') HP_ARCH="hppa2.0" ;;   # HP-UX 10.20
+                        esac ;;
+                    esac
+		fi
+		if [ "${HP_ARCH}" = "" ]; then
+		    eval $set_cc_for_build
+		    sed 's/^              //' << EOF >$dummy.c
+
+              #define _HPUX_SOURCE
+              #include <stdlib.h>
+              #include <unistd.h>
+
+              int main ()
+              {
+              #if defined(_SC_KERNEL_BITS)
+                  long bits = sysconf(_SC_KERNEL_BITS);
+              #endif
+                  long cpu  = sysconf (_SC_CPU_VERSION);
+
+                  switch (cpu)
+              	{
+              	case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
+              	case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
+              	case CPU_PA_RISC2_0:
+              #if defined(_SC_KERNEL_BITS)
+              	    switch (bits)
+              		{
+              		case 64: puts ("hppa2.0w"); break;
+              		case 32: puts ("hppa2.0n"); break;
+              		default: puts ("hppa2.0"); break;
+              		} break;
+              #else  /* !defined(_SC_KERNEL_BITS) */
+              	    puts ("hppa2.0"); break;
+              #endif
+              	default: puts ("hppa1.0"); break;
+              	}
+                  exit (0);
+              }
+EOF
+		    (CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
+		    test -z "$HP_ARCH" && HP_ARCH=hppa
+		fi ;;
+	esac
+	if [ ${HP_ARCH} = "hppa2.0w" ]
+	then
+	    eval $set_cc_for_build
+
+	    # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
+	    # 32-bit code.  hppa64-hp-hpux* has the same kernel and a compiler
+	    # generating 64-bit code.  GNU and HP use different nomenclature:
+	    #
+	    # $ CC_FOR_BUILD=cc ./config.guess
+	    # => hppa2.0w-hp-hpux11.23
+	    # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
+	    # => hppa64-hp-hpux11.23
+
+	    if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
+		grep -q __LP64__
+	    then
+		HP_ARCH="hppa2.0w"
+	    else
+		HP_ARCH="hppa64"
+	    fi
+	fi
+	echo ${HP_ARCH}-hp-hpux${HPUX_REV}
+	exit ;;
+    ia64:HP-UX:*:*)
+	HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
+	echo ia64-hp-hpux${HPUX_REV}
+	exit ;;
+    3050*:HI-UX:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#include <unistd.h>
+	int
+	main ()
+	{
+	  long cpu = sysconf (_SC_CPU_VERSION);
+	  /* The order matters, because CPU_IS_HP_MC68K erroneously returns
+	     true for CPU_PA_RISC1_0.  CPU_IS_PA_RISC returns correct
+	     results, however.  */
+	  if (CPU_IS_PA_RISC (cpu))
+	    {
+	      switch (cpu)
+		{
+		  case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
+		  case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
+		  default: puts ("hppa-hitachi-hiuxwe2"); break;
+		}
+	    }
+	  else if (CPU_IS_HP_MC68K (cpu))
+	    puts ("m68k-hitachi-hiuxwe2");
+	  else puts ("unknown-hitachi-hiuxwe2");
+	  exit (0);
+	}
+EOF
+	$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
+		{ echo "$SYSTEM_NAME"; exit; }
+	echo unknown-hitachi-hiuxwe2
+	exit ;;
+    9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
+	echo hppa1.1-hp-bsd
+	exit ;;
+    9000/8??:4.3bsd:*:*)
+	echo hppa1.0-hp-bsd
+	exit ;;
+    *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
+	echo hppa1.0-hp-mpeix
+	exit ;;
+    hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
+	echo hppa1.1-hp-osf
+	exit ;;
+    hp8??:OSF1:*:*)
+	echo hppa1.0-hp-osf
+	exit ;;
+    i*86:OSF1:*:*)
+	if [ -x /usr/sbin/sysversion ] ; then
+	    echo ${UNAME_MACHINE}-unknown-osf1mk
+	else
+	    echo ${UNAME_MACHINE}-unknown-osf1
+	fi
+	exit ;;
+    parisc*:Lites*:*:*)
+	echo hppa1.1-hp-lites
+	exit ;;
+    C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
+	echo c1-convex-bsd
+        exit ;;
+    C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+        exit ;;
+    C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
+	echo c34-convex-bsd
+        exit ;;
+    C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
+	echo c38-convex-bsd
+        exit ;;
+    C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
+	echo c4-convex-bsd
+        exit ;;
+    CRAY*Y-MP:*:*:*)
+	echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*[A-Z]90:*:*:*)
+	echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
+	| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
+	      -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
+	      -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*TS:*:*:*)
+	echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*T3E:*:*:*)
+	echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    CRAY*SV1:*:*:*)
+	echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    *:UNICOS/mp:*:*)
+	echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
+	exit ;;
+    F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
+	FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
+        echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+        exit ;;
+    5000:UNIX_System_V:4.*:*)
+        FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
+        FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
+        echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
+	exit ;;
+    i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
+	echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
+	exit ;;
+    sparc*:BSD/OS:*:*)
+	echo sparc-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:BSD/OS:*:*)
+	echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
+	exit ;;
+    *:FreeBSD:*:*)
+	case ${UNAME_MACHINE} in
+	    pc98)
+		echo i386-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    amd64)
+		echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	    *)
+		echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
+	esac
+	exit ;;
+    i*:CYGWIN*:*)
+	echo ${UNAME_MACHINE}-pc-cygwin
+	exit ;;
+    *:MINGW*:*)
+	echo ${UNAME_MACHINE}-pc-mingw32
+	exit ;;
+    i*:windows32*:*)
+    	# uname -m includes "-pc" on this system.
+    	echo ${UNAME_MACHINE}-mingw32
+	exit ;;
+    i*:PW*:*)
+	echo ${UNAME_MACHINE}-pc-pw32
+	exit ;;
+    *:Interix*:*)
+    	case ${UNAME_MACHINE} in
+	    x86)
+		echo i586-pc-interix${UNAME_RELEASE}
+		exit ;;
+	    authenticamd | genuineintel | EM64T)
+		echo x86_64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	    IA64)
+		echo ia64-unknown-interix${UNAME_RELEASE}
+		exit ;;
+	esac ;;
+    [345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
+	echo i${UNAME_MACHINE}-pc-mks
+	exit ;;
+    8664:Windows_NT:*)
+	echo x86_64-pc-mks
+	exit ;;
+    i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
+	# How do we know it's Interix rather than the generic POSIX subsystem?
+	# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
+	# UNAME_MACHINE based on the output of uname instead of i386?
+	echo i586-pc-interix
+	exit ;;
+    i*:UWIN*:*)
+	echo ${UNAME_MACHINE}-pc-uwin
+	exit ;;
+    amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
+	echo x86_64-unknown-cygwin
+	exit ;;
+    p*:CYGWIN*:*)
+	echo powerpcle-unknown-cygwin
+	exit ;;
+    prep*:SunOS:5.*:*)
+	echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
+	exit ;;
+    *:GNU:*:*)
+	# the GNU system
+	echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
+	exit ;;
+    *:GNU/*:*:*)
+	# other systems with GNU libc and userland
+	echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-gnu
+	exit ;;
+    i*86:Minix:*:*)
+	echo ${UNAME_MACHINE}-pc-minix
+	exit ;;
+    alpha:Linux:*:*)
+	case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+	  EV5)   UNAME_MACHINE=alphaev5 ;;
+	  EV56)  UNAME_MACHINE=alphaev56 ;;
+	  PCA56) UNAME_MACHINE=alphapca56 ;;
+	  PCA57) UNAME_MACHINE=alphapca56 ;;
+	  EV6)   UNAME_MACHINE=alphaev6 ;;
+	  EV67)  UNAME_MACHINE=alphaev67 ;;
+	  EV68*) UNAME_MACHINE=alphaev68 ;;
+        esac
+	objdump --private-headers /bin/sh | grep -q ld.so.1
+	if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+	echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC}
+	exit ;;
+    arm*:Linux:*:*)
+	eval $set_cc_for_build
+	if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
+	    | grep -q __ARM_EABI__
+	then
+	    echo ${UNAME_MACHINE}-unknown-linux-gnu
+	else
+	    echo ${UNAME_MACHINE}-unknown-linux-gnueabi
+	fi
+	exit ;;
+    avr32*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    cris:Linux:*:*)
+	echo cris-axis-linux-gnu
+	exit ;;
+    crisv32:Linux:*:*)
+	echo crisv32-axis-linux-gnu
+	exit ;;
+    frv:Linux:*:*)
+    	echo frv-unknown-linux-gnu
+	exit ;;
+    i*86:Linux:*:*)
+	LIBC=gnu
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#ifdef __dietlibc__
+	LIBC=dietlibc
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'`
+	echo "${UNAME_MACHINE}-pc-linux-${LIBC}"
+	exit ;;
+    ia64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m32r*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    m68*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    mips:Linux:*:* | mips64:Linux:*:*)
+	eval $set_cc_for_build
+	sed 's/^	//' << EOF >$dummy.c
+	#undef CPU
+	#undef ${UNAME_MACHINE}
+	#undef ${UNAME_MACHINE}el
+	#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
+	CPU=${UNAME_MACHINE}el
+	#else
+	#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
+	CPU=${UNAME_MACHINE}
+	#else
+	CPU=
+	#endif
+	#endif
+EOF
+	eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
+	test x"${CPU}" != x && { echo "${CPU}-unknown-linux-gnu"; exit; }
+	;;
+    or32:Linux:*:*)
+	echo or32-unknown-linux-gnu
+	exit ;;
+    padre:Linux:*:*)
+	echo sparc-unknown-linux-gnu
+	exit ;;
+    parisc64:Linux:*:* | hppa64:Linux:*:*)
+	echo hppa64-unknown-linux-gnu
+	exit ;;
+    parisc:Linux:*:* | hppa:Linux:*:*)
+	# Look for CPU level
+	case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
+	  PA7*) echo hppa1.1-unknown-linux-gnu ;;
+	  PA8*) echo hppa2.0-unknown-linux-gnu ;;
+	  *)    echo hppa-unknown-linux-gnu ;;
+	esac
+	exit ;;
+    ppc64:Linux:*:*)
+	echo powerpc64-unknown-linux-gnu
+	exit ;;
+    ppc:Linux:*:*)
+	echo powerpc-unknown-linux-gnu
+	exit ;;
+    s390:Linux:*:* | s390x:Linux:*:*)
+	echo ${UNAME_MACHINE}-ibm-linux
+	exit ;;
+    sh64*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sh*:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    sparc:Linux:*:* | sparc64:Linux:*:*)
+	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    vax:Linux:*:*)
+	echo ${UNAME_MACHINE}-dec-linux-gnu
+	exit ;;
+    x86_64:Linux:*:*)
+	echo x86_64-unknown-linux-gnu
+	exit ;;
+    xtensa*:Linux:*:*)
+    	echo ${UNAME_MACHINE}-unknown-linux-gnu
+	exit ;;
+    i*86:DYNIX/ptx:4*:*)
+	# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
+	# earlier versions are messed up and put the nodename in both
+	# sysname and nodename.
+	echo i386-sequent-sysv4
+	exit ;;
+    i*86:UNIX_SV:4.2MP:2.*)
+        # Unixware is an offshoot of SVR4, but it has its own version
+        # number series starting with 2...
+        # I am not positive that other SVR4 systems won't match this,
+	# I just have to hope.  -- rms.
+        # Use sysv4.2uw... so that sysv4* matches it.
+	echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
+	exit ;;
+    i*86:OS/2:*:*)
+	# If we were able to find `uname', then EMX Unix compatibility
+	# is probably installed.
+	echo ${UNAME_MACHINE}-pc-os2-emx
+	exit ;;
+    i*86:XTS-300:*:STOP)
+	echo ${UNAME_MACHINE}-unknown-stop
+	exit ;;
+    i*86:atheos:*:*)
+	echo ${UNAME_MACHINE}-unknown-atheos
+	exit ;;
+    i*86:syllable:*:*)
+	echo ${UNAME_MACHINE}-pc-syllable
+	exit ;;
+    i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
+	echo i386-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    i*86:*DOS:*:*)
+	echo ${UNAME_MACHINE}-pc-msdosdjgpp
+	exit ;;
+    i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
+	UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
+	if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
+		echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
+	else
+		echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
+	fi
+	exit ;;
+    i*86:*:5:[678]*)
+    	# UnixWare 7.x, OpenUNIX and OpenServer 6.
+	case `/bin/uname -X | grep "^Machine"` in
+	    *486*)	     UNAME_MACHINE=i486 ;;
+	    *Pentium)	     UNAME_MACHINE=i586 ;;
+	    *Pent*|*Celeron) UNAME_MACHINE=i686 ;;
+	esac
+	echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
+	exit ;;
+    i*86:*:3.2:*)
+	if test -f /usr/options/cb.name; then
+		UNAME_REL=`sed -n 's/.*Version //p' </usr/options/cb.name`
+		echo ${UNAME_MACHINE}-pc-isc$UNAME_REL
+	elif /bin/uname -X 2>/dev/null >/dev/null ; then
+		UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
+		(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
+		(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
+			&& UNAME_MACHINE=i586
+		(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
+			&& UNAME_MACHINE=i686
+		echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
+	else
+		echo ${UNAME_MACHINE}-pc-sysv32
+	fi
+	exit ;;
+    pc:*:*:*)
+	# Left here for compatibility:
+        # uname -m prints for DJGPP always 'pc', but it prints nothing about
+        # the processor, so we play safe by assuming i586.
+	# Note: whatever this is, it MUST be the same as what config.sub
+	# prints for the "djgpp" host, or else GDB configury will decide that
+	# this is a cross-build.
+	echo i586-pc-msdosdjgpp
+        exit ;;
+    Intel:Mach:3*:*)
+	echo i386-pc-mach3
+	exit ;;
+    paragon:*:*:*)
+	echo i860-intel-osf1
+	exit ;;
+    i860:*:4.*:*) # i860-SVR4
+	if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
+	  echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
+	else # Add other i860-SVR4 vendors below as they are discovered.
+	  echo i860-unknown-sysv${UNAME_RELEASE}  # Unknown i860-SVR4
+	fi
+	exit ;;
+    mini*:CTIX:SYS*5:*)
+	# "miniframe"
+	echo m68010-convergent-sysv
+	exit ;;
+    mc68k:UNIX:SYSTEM5:3.51m)
+	echo m68k-convergent-sysv
+	exit ;;
+    M680?0:D-NIX:5.3:*)
+	echo m68k-diab-dnix
+	exit ;;
+    M68*:*:R3V[5678]*:*)
+	test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
+    3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
+	OS_REL=''
+	test -r /etc/.relid \
+	&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	  && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	  && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
+        /bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+          && { echo i486-ncr-sysv4; exit; } ;;
+    NCR*:*:4.2:* | MPRAS*:*:4.2:*)
+	OS_REL='.3'
+	test -r /etc/.relid \
+	    && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
+	/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
+	    && { echo i486-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; }
+	/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
+	    && { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
+    m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
+	echo m68k-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    mc68030:UNIX_System_V:4.*:*)
+	echo m68k-atari-sysv4
+	exit ;;
+    TSUNAMI:LynxOS:2.*:*)
+	echo sparc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    rs6000:LynxOS:2.*:*)
+	echo rs6000-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
+	echo powerpc-unknown-lynxos${UNAME_RELEASE}
+	exit ;;
+    SM[BE]S:UNIX_SV:*:*)
+	echo mips-dde-sysv${UNAME_RELEASE}
+	exit ;;
+    RM*:ReliantUNIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    RM*:SINIX-*:*:*)
+	echo mips-sni-sysv4
+	exit ;;
+    *:SINIX-*:*:*)
+	if uname -p 2>/dev/null >/dev/null ; then
+		UNAME_MACHINE=`(uname -p) 2>/dev/null`
+		echo ${UNAME_MACHINE}-sni-sysv4
+	else
+		echo ns32k-sni-sysv
+	fi
+	exit ;;
+    PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
+                      # says <Richard.M.Bartel@ccMail.Census.GOV>
+        echo i586-unisys-sysv4
+        exit ;;
+    *:UNIX_System_V:4*:FTX*)
+	# From Gerald Hewes <hewes@openmarket.com>.
+	# How about differentiating between stratus architectures? -djm
+	echo hppa1.1-stratus-sysv4
+	exit ;;
+    *:*:*:FTX*)
+	# From seanf@swdc.stratus.com.
+	echo i860-stratus-sysv4
+	exit ;;
+    i*86:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo ${UNAME_MACHINE}-stratus-vos
+	exit ;;
+    *:VOS:*:*)
+	# From Paul.Green@stratus.com.
+	echo hppa1.1-stratus-vos
+	exit ;;
+    mc68*:A/UX:*:*)
+	echo m68k-apple-aux${UNAME_RELEASE}
+	exit ;;
+    news*:NEWS-OS:6*:*)
+	echo mips-sony-newsos6
+	exit ;;
+    R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
+	if [ -d /usr/nec ]; then
+	        echo mips-nec-sysv${UNAME_RELEASE}
+	else
+	        echo mips-unknown-sysv${UNAME_RELEASE}
+	fi
+        exit ;;
+    BeBox:BeOS:*:*)	# BeOS running on hardware made by Be, PPC only.
+	echo powerpc-be-beos
+	exit ;;
+    BeMac:BeOS:*:*)	# BeOS running on Mac or Mac clone, PPC only.
+	echo powerpc-apple-beos
+	exit ;;
+    BePC:BeOS:*:*)	# BeOS running on Intel PC compatible.
+	echo i586-pc-beos
+	exit ;;
+    BePC:Haiku:*:*)	# Haiku running on Intel PC compatible.
+	echo i586-pc-haiku
+	exit ;;
+    SX-4:SUPER-UX:*:*)
+	echo sx4-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-5:SUPER-UX:*:*)
+	echo sx5-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-6:SUPER-UX:*:*)
+	echo sx6-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-7:SUPER-UX:*:*)
+	echo sx7-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8:SUPER-UX:*:*)
+	echo sx8-nec-superux${UNAME_RELEASE}
+	exit ;;
+    SX-8R:SUPER-UX:*:*)
+	echo sx8r-nec-superux${UNAME_RELEASE}
+	exit ;;
+    Power*:Rhapsody:*:*)
+	echo powerpc-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Rhapsody:*:*)
+	echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
+	exit ;;
+    *:Darwin:*:*)
+	UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
+	case $UNAME_PROCESSOR in
+	    i386)
+		eval $set_cc_for_build
+		if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
+		  if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
+		      (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
+		      grep IS_64BIT_ARCH >/dev/null
+		  then
+		      UNAME_PROCESSOR="x86_64"
+		  fi
+		fi ;;
+	    unknown) UNAME_PROCESSOR=powerpc ;;
+	esac
+	echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
+	exit ;;
+    *:procnto*:*:* | *:QNX:[0123456789]*:*)
+	UNAME_PROCESSOR=`uname -p`
+	if test "$UNAME_PROCESSOR" = "x86"; then
+		UNAME_PROCESSOR=i386
+		UNAME_MACHINE=pc
+	fi
+	echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
+	exit ;;
+    *:QNX:*:4*)
+	echo i386-pc-qnx
+	exit ;;
+    NSE-?:NONSTOP_KERNEL:*:*)
+	echo nse-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    NSR-?:NONSTOP_KERNEL:*:*)
+	echo nsr-tandem-nsk${UNAME_RELEASE}
+	exit ;;
+    *:NonStop-UX:*:*)
+	echo mips-compaq-nonstopux
+	exit ;;
+    BS2000:POSIX*:*:*)
+	echo bs2000-siemens-sysv
+	exit ;;
+    DS/*:UNIX_System_V:*:*)
+	echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
+	exit ;;
+    *:Plan9:*:*)
+	# "uname -m" is not consistent, so use $cputype instead. 386
+	# is converted to i386 for consistency with other x86
+	# operating systems.
+	if test "$cputype" = "386"; then
+	    UNAME_MACHINE=i386
+	else
+	    UNAME_MACHINE="$cputype"
+	fi
+	echo ${UNAME_MACHINE}-unknown-plan9
+	exit ;;
+    *:TOPS-10:*:*)
+	echo pdp10-unknown-tops10
+	exit ;;
+    *:TENEX:*:*)
+	echo pdp10-unknown-tenex
+	exit ;;
+    KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
+	echo pdp10-dec-tops20
+	exit ;;
+    XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
+	echo pdp10-xkl-tops20
+	exit ;;
+    *:TOPS-20:*:*)
+	echo pdp10-unknown-tops20
+	exit ;;
+    *:ITS:*:*)
+	echo pdp10-unknown-its
+	exit ;;
+    SEI:*:*:SEIUX)
+        echo mips-sei-seiux${UNAME_RELEASE}
+	exit ;;
+    *:DragonFly:*:*)
+	echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
+	exit ;;
+    *:*VMS:*:*)
+    	UNAME_MACHINE=`(uname -p) 2>/dev/null`
+	case "${UNAME_MACHINE}" in
+	    A*) echo alpha-dec-vms ; exit ;;
+	    I*) echo ia64-dec-vms ; exit ;;
+	    V*) echo vax-dec-vms ; exit ;;
+	esac ;;
+    *:XENIX:*:SysV)
+	echo i386-pc-xenix
+	exit ;;
+    i*86:skyos:*:*)
+	echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
+	exit ;;
+    i*86:rdos:*:*)
+	echo ${UNAME_MACHINE}-pc-rdos
+	exit ;;
+    i*86:AROS:*:*)
+	echo ${UNAME_MACHINE}-pc-aros
+	exit ;;
+esac
+
+#echo '(No uname command or uname output not recognized.)' 1>&2
+#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2
+
+eval $set_cc_for_build
+cat >$dummy.c <<EOF
+#ifdef _SEQUENT_
+# include <sys/types.h>
+# include <sys/utsname.h>
+#endif
+main ()
+{
+#if defined (sony)
+#if defined (MIPSEB)
+  /* BFD wants "bsd" instead of "newsos".  Perhaps BFD should be changed,
+     I don't know....  */
+  printf ("mips-sony-bsd\n"); exit (0);
+#else
+#include <sys/param.h>
+  printf ("m68k-sony-newsos%s\n",
+#ifdef NEWSOS4
+          "4"
+#else
+	  ""
+#endif
+         ); exit (0);
+#endif
+#endif
+
+#if defined (__arm) && defined (__acorn) && defined (__unix)
+  printf ("arm-acorn-riscix\n"); exit (0);
+#endif
+
+#if defined (hp300) && !defined (hpux)
+  printf ("m68k-hp-bsd\n"); exit (0);
+#endif
+
+#if defined (NeXT)
+#if !defined (__ARCHITECTURE__)
+#define __ARCHITECTURE__ "m68k"
+#endif
+  int version;
+  version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`;
+  if (version < 4)
+    printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version);
+  else
+    printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version);
+  exit (0);
+#endif
+
+#if defined (MULTIMAX) || defined (n16)
+#if defined (UMAXV)
+  printf ("ns32k-encore-sysv\n"); exit (0);
+#else
+#if defined (CMU)
+  printf ("ns32k-encore-mach\n"); exit (0);
+#else
+  printf ("ns32k-encore-bsd\n"); exit (0);
+#endif
+#endif
+#endif
+
+#if defined (__386BSD__)
+  printf ("i386-pc-bsd\n"); exit (0);
+#endif
+
+#if defined (sequent)
+#if defined (i386)
+  printf ("i386-sequent-dynix\n"); exit (0);
+#endif
+#if defined (ns32000)
+  printf ("ns32k-sequent-dynix\n"); exit (0);
+#endif
+#endif
+
+#if defined (_SEQUENT_)
+    struct utsname un;
+
+    uname(&un);
+
+    if (strncmp(un.version, "V2", 2) == 0) {
+	printf ("i386-sequent-ptx2\n"); exit (0);
+    }
+    if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */
+	printf ("i386-sequent-ptx1\n"); exit (0);
+    }
+    printf ("i386-sequent-ptx\n"); exit (0);
+
+#endif
+
+#if defined (vax)
+# if !defined (ultrix)
+#  include <sys/param.h>
+#  if defined (BSD)
+#   if BSD == 43
+      printf ("vax-dec-bsd4.3\n"); exit (0);
+#   else
+#    if BSD == 199006
+      printf ("vax-dec-bsd4.3reno\n"); exit (0);
+#    else
+      printf ("vax-dec-bsd\n"); exit (0);
+#    endif
+#   endif
+#  else
+    printf ("vax-dec-bsd\n"); exit (0);
+#  endif
+# else
+    printf ("vax-dec-ultrix\n"); exit (0);
+# endif
+#endif
+
+#if defined (alliant) && defined (i860)
+  printf ("i860-alliant-bsd\n"); exit (0);
+#endif
+
+  exit (1);
+}
+EOF
+
+$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` &&
+	{ echo "$SYSTEM_NAME"; exit; }
+
+# Apollos put the system type in the environment.
+
+test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; }
+
+# Convex versions that predate uname can use getsysinfo(1)
+
+if [ -x /usr/convex/getsysinfo ]
+then
+    case `getsysinfo -f cpu_type` in
+    c1*)
+	echo c1-convex-bsd
+	exit ;;
+    c2*)
+	if getsysinfo -f scalar_acc
+	then echo c32-convex-bsd
+	else echo c2-convex-bsd
+	fi
+	exit ;;
+    c34*)
+	echo c34-convex-bsd
+	exit ;;
+    c38*)
+	echo c38-convex-bsd
+	exit ;;
+    c4*)
+	echo c4-convex-bsd
+	exit ;;
+    esac
+fi
+
+cat >&2 <<EOF
+$0: unable to guess system type
+
+This script, last modified $timestamp, has failed to recognize
+the operating system you are using. It is advised that you
+download the most up to date version of the config scripts from
+
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD
+and
+  http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+If the version you run ($0) is already up to date, please
+send the following data and any information you think might be
+pertinent to <config-patches@gnu.org> in order to provide the needed
+information to handle your system.
+
+config.guess timestamp = $timestamp
+
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null`
+
+hostinfo               = `(hostinfo) 2>/dev/null`
+/bin/universe          = `(/bin/universe) 2>/dev/null`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null`
+/bin/arch              = `(/bin/arch) 2>/dev/null`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
+
+UNAME_MACHINE = ${UNAME_MACHINE}
+UNAME_RELEASE = ${UNAME_RELEASE}
+UNAME_SYSTEM  = ${UNAME_SYSTEM}
+UNAME_VERSION = ${UNAME_VERSION}
+EOF
+
+exit 1
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/pki/base/tps/config.h.in b/pki/base/tps/config.h.in
new file mode 100644
index 000000000..e16d451f5
--- /dev/null
+++ b/pki/base/tps/config.h.in
@@ -0,0 +1,448 @@
+/* config.h.in.  Generated from configure.ac by autoheader.  */
+
+/* Define to 1 if the `closedir' function returns void instead of `int'. */
+#undef CLOSEDIR_VOID
+
+/* cpu type pa-risc */
+#undef CPU_hppa
+
+/* cpu type ia64 */
+#undef CPU_ia64
+
+/* cpu type sparc */
+#undef CPU_sparc
+
+/* Define to 1 if you have the <arpa/inet.h> header file. */
+#undef HAVE_ARPA_INET_H
+
+/* Define to 1 if your system has a working `chown' function. */
+#undef HAVE_CHOWN
+
+/* Define to 1 if you have the declaration of `strerror_r', and to 0 if you
+   don't. */
+#undef HAVE_DECL_STRERROR_R
+
+/* Define to 1 if you have the <dirent.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_DIRENT_H
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you don't have `vprintf' but do have `_doprnt.' */
+#undef HAVE_DOPRNT
+
+/* Define to 1 if you have the `endpwent' function. */
+#undef HAVE_ENDPWENT
+
+/* Define to 1 if you have the <fcntl.h> header file. */
+#undef HAVE_FCNTL_H
+
+/* Define to 1 if you have the `fork' function. */
+#undef HAVE_FORK
+
+/* Define to 1 if you have the `ftruncate' function. */
+#undef HAVE_FTRUNCATE
+
+/* Define to 1 if you have the `getcwd' function. */
+#undef HAVE_GETCWD
+
+/* Define to 1 if you have the `gethostbyname' function. */
+#undef HAVE_GETHOSTBYNAME
+
+/* Define to 1 if you have the `getpagesize' function. */
+#undef HAVE_GETPAGESIZE
+
+/* Define to 1 if you have the `inet_ntoa' function. */
+#undef HAVE_INET_NTOA
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* have the function ldap_url_parse_ext */
+#undef HAVE_LDAP_URL_PARSE_EXT
+
+/* Define to 1 if you have the `localtime_r' function. */
+#undef HAVE_LOCALTIME_R
+
+/* Define to 1 if `lstat' has the bug that it succeeds when given the
+   zero-length file name argument. */
+#undef HAVE_LSTAT_EMPTY_STRING_BUG
+
+/* Define to 1 if your system has a GNU libc compatible `malloc' function, and
+   to 0 otherwise. */
+#undef HAVE_MALLOC
+
+/* Define to 1 if you have the <malloc.h> header file. */
+#undef HAVE_MALLOC_H
+
+/* Define to 1 if you have the `memmove' function. */
+#undef HAVE_MEMMOVE
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the `memset' function. */
+#undef HAVE_MEMSET
+
+/* Define to 1 if you have the `mkdir' function. */
+#undef HAVE_MKDIR
+
+/* Define to 1 if you have a working `mmap' system call. */
+#undef HAVE_MMAP
+
+/* Define to 1 if you have the `munmap' function. */
+#undef HAVE_MUNMAP
+
+/* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
+#undef HAVE_NDIR_H
+
+/* Define to 1 if you have the <netdb.h> header file. */
+#undef HAVE_NETDB_H
+
+/* Define to 1 if you have the <netinet/in.h> header file. */
+#undef HAVE_NETINET_IN_H
+
+/* Define to 1 if you have the `putenv' function. */
+#undef HAVE_PUTENV
+
+/* Define to 1 if you have the `rmdir' function. */
+#undef HAVE_RMDIR
+
+/* Define to 1 if you have the `setrlimit' function. */
+#undef HAVE_SETRLIMIT
+
+/* HAVE_SIGNED_CHAR */
+#undef HAVE_SIGNED_CHAR
+
+/* Define to 1 if you have the `socket' function. */
+#undef HAVE_SOCKET
+
+/* Define to 1 if `stat' has the bug that it succeeds when given the
+   zero-length file name argument. */
+#undef HAVE_STAT_EMPTY_STRING_BUG
+
+/* Define to 1 if stdbool.h conforms to C99. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the `strcasecmp' function. */
+#undef HAVE_STRCASECMP
+
+/* Define to 1 if you have the `strchr' function. */
+#undef HAVE_STRCHR
+
+/* Define to 1 if you have the `strcspn' function. */
+#undef HAVE_STRCSPN
+
+/* Define to 1 if you have the `strdup' function. */
+#undef HAVE_STRDUP
+
+/* HAVE_STRERROR */
+#undef HAVE_STRERROR
+
+/* Define to 1 if you have the `strerror_r' function. */
+#undef HAVE_STRERROR_R
+
+/* Define to 1 if you have the `strftime' function. */
+#undef HAVE_STRFTIME
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strncasecmp' function. */
+#undef HAVE_STRNCASECMP
+
+/* Define to 1 if you have the `strpbrk' function. */
+#undef HAVE_STRPBRK
+
+/* Define to 1 if you have the `strrchr' function. */
+#undef HAVE_STRRCHR
+
+/* Define to 1 if you have the `strstr' function. */
+#undef HAVE_STRSTR
+
+/* Define to 1 if you have the `strtol' function. */
+#undef HAVE_STRTOL
+
+/* HAVE_SYS_BITYPES_H */
+#undef HAVE_SYS_BITYPES_H
+
+/* Define to 1 if you have the <sys/dir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_DIR_H
+
+/* Define to 1 if you have the <sys/file.h> header file. */
+#undef HAVE_SYS_FILE_H
+
+/* Define to 1 if you have the <sys/ndir.h> header file, and it defines `DIR'.
+   */
+#undef HAVE_SYS_NDIR_H
+
+/* Define to 1 if you have the <sys/param.h> header file. */
+#undef HAVE_SYS_PARAM_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/time.h> header file. */
+#undef HAVE_SYS_TIME_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have <sys/wait.h> that is POSIX.1 compatible. */
+#undef HAVE_SYS_WAIT_H
+
+/* Define to 1 if you have the `tzset' function. */
+#undef HAVE_TZSET
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the `vfork' function. */
+#undef HAVE_VFORK
+
+/* Define to 1 if you have the <vfork.h> header file. */
+#undef HAVE_VFORK_H
+
+/* Define to 1 if you have the `vprintf' function. */
+#undef HAVE_VPRINTF
+
+/* HAVE_WEAK_IO_SYMBOLS */
+#undef HAVE_WEAK_IO_SYMBOLS
+
+/* Define to 1 if `fork' works. */
+#undef HAVE_WORKING_FORK
+
+/* Define to 1 if `vfork' works. */
+#undef HAVE_WORKING_VFORK
+
+/* Define to 1 if the system has the type `_Bool'. */
+#undef HAVE__BOOL
+
+/* HP-UX */
+#undef HPUX
+
+/* HP-UX 11 */
+#undef HPUX11
+
+/* HP-UX 11.11 */
+#undef HPUX11_11
+
+/* HP-UX 11.23 */
+#undef HPUX11_23
+
+/* HPUX_SOURCE */
+#undef HPUX_SOURCE
+
+/* Linux */
+#undef LINUX
+
+/* Linux 2.6 */
+#undef LINUX2_0
+
+/* Linux 2.6 */
+#undef LINUX2_2
+
+/* Linux 2.6 */
+#undef LINUX2_4
+
+/* Linux 2.6 */
+#undef LINUX2_6
+
+/* Define to 1 if `lstat' dereferences a symlink specified with a trailing
+   slash. */
+#undef LSTAT_FOLLOWS_SLASHED_SYMLINK
+
+/* Define to the sub-directory in which libtool stores uninstalled libraries.
+   */
+#undef LT_OBJDIR
+
+/* Linux */
+#undef Linux
+
+/* NEED_ENDIAN_H */
+#undef NEED_ENDIAN_H
+
+/* NEED_GETOPT_H */
+#undef NEED_GETOPT_H
+
+/* NEED_IOCTL_H */
+#undef NEED_IOCTL_H
+
+/* NEED_SYS_TIME_H */
+#undef NEED_SYS_TIME_H
+
+/* NEED_UINT_T */
+#undef NEED_UINT_T
+
+/* NET_SSL */
+#undef NET_SSL
+
+/* NO_INT64_T */
+#undef NO_INT64_T
+
+/* Define to 1 if your C compiler doesn't accept -c and -o together. */
+#undef NO_MINUS_C_MINUS_O
+
+/* NSPR */
+#undef NSPR
+
+/* NSPR20 */
+#undef NSPR20
+
+/* NS_USE_NATIVE */
+#undef NS_USE_NATIVE
+
+/* OS version */
+#undef OSVERSION
+
+/* OS HP-UX */
+#undef OS_hpux
+
+/* OS SOLARIS */
+#undef OS_solaris
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define as the return type of signal handlers (`int' or `void'). */
+#undef RETSIGTYPE
+
+/* SOLARIS */
+#undef SOLARIS
+
+/* SOLARIS_55_OR_GREATER */
+#undef SOLARIS_55_OR_GREATER
+
+/* Define to 1 if the `S_IS*' macros in <sys/stat.h> do not work properly. */
+#undef STAT_MACROS_BROKEN
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Define to 1 if strerror_r returns char *. */
+#undef STRERROR_R_CHAR_P
+
+/* SVR4 */
+#undef SVR4
+
+/* SW_THREADS */
+#undef SW_THREADS
+
+/* SYSV */
+#undef SYSV
+
+/* Define to 1 if you can safely include both <sys/time.h> and <time.h>. */
+#undef TIME_WITH_SYS_TIME
+
+/* Define to 1 if your <sys/time.h> declares `struct tm'. */
+#undef TM_IN_SYS_TIME
+
+/* USE_NODL_TABS */
+#undef USE_NODL_TABS
+
+/* If defined, using OpenLDAP for LDAP SDK */
+#undef USE_OPENLDAP
+
+/* Version number of package */
+#undef VERSION
+
+/* UNIX */
+#undef XP_UNIX
+
+/* _BSD_SOURCE */
+#undef _BSD_SOURCE
+
+/* _HPUX_SOURCE */
+#undef _HPUX_SOURCE
+
+/* POSIX revision */
+#undef _POSIX_C_SOURCE
+
+/* _POSIX_SOURCE */
+#undef _POSIX_SOURCE
+
+/* _PR_NEED_FAKE_POLL */
+#undef _PR_NEED_FAKE_POLL
+
+/* _PR_NTHREAD */
+#undef _PR_NTHREAD
+
+/* _REENTRANT */
+#undef _REENTRANT
+
+/* SVID_GETTOD */
+#undef _SVID_GETTOD
+
+/* _SVID_SOURCE */
+#undef _SVID_SOURCE
+
+/* SVR4 */
+#undef __svr4
+
+/* SVR4 */
+#undef __svr4__
+
+/* Define to empty if `const' does not conform to ANSI C. */
+#undef const
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef gid_t
+
+/* HP-UX pa-risc */
+#undef hppa
+
+/* HP-UX */
+#undef hpux
+
+/* linux */
+#undef linux
+
+/* Define to rpl_malloc if the replacement function should be used. */
+#undef malloc
+
+/* Define to `int' if <sys/types.h> does not define. */
+#undef pid_t
+
+/* Define to `unsigned int' if <sys/types.h> does not define. */
+#undef size_t
+
+/* SunOS5 */
+#undef sunos5
+
+/* Define to `int' if <sys/types.h> doesn't define. */
+#undef uid_t
+
+/* Define as `fork' if `vfork' does not work. */
+#undef vfork
diff --git a/pki/base/tps/config.sub b/pki/base/tps/config.sub
new file mode 100755
index 000000000..2a55a5075
--- /dev/null
+++ b/pki/base/tps/config.sub
@@ -0,0 +1,1705 @@
+#! /bin/sh
+# Configuration validation subroutine script.
+#   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
+#   2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009
+#   Free Software Foundation, Inc.
+
+timestamp='2009-11-20'
+
+# This file is (in principle) common to ALL GNU software.
+# The presence of a machine in this file suggests that SOME GNU software
+# can handle that machine.  It does not imply ALL GNU software can.
+#
+# This file is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA
+# 02110-1301, USA.
+#
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+
+# Please send patches to <config-patches@gnu.org>.  Submit a context
+# diff and a properly formatted GNU ChangeLog entry.
+#
+# Configuration subroutine to validate and canonicalize a configuration type.
+# Supply the specified configuration type as an argument.
+# If it is invalid, we print an error message on stderr and exit with code 1.
+# Otherwise, we print the canonical config type on stdout and succeed.
+
+# You can get the latest version of this script from:
+# http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD
+
+# This file is supposed to be the same for all GNU packages
+# and recognize all the CPU types, system types and aliases
+# that are meaningful with *any* GNU software.
+# Each package is responsible for reporting which valid configurations
+# it does not support.  The user should be able to distinguish
+# a failure to support a valid configuration from a meaningless
+# configuration.
+
+# The goal of this file is to map all the various variations of a given
+# machine specification into a single specification in the form:
+#	CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM
+# or in some cases, the newer four-part form:
+#	CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM
+# It is wrong to echo any other type of specification.
+
+me=`echo "$0" | sed -e 's,.*/,,'`
+
+usage="\
+Usage: $0 [OPTION] CPU-MFR-OPSYS
+       $0 [OPTION] ALIAS
+
+Canonicalize a configuration name.
+
+Operation modes:
+  -h, --help         print this help, then exit
+  -t, --time-stamp   print date of last modification, then exit
+  -v, --version      print version number, then exit
+
+Report bugs and patches to <config-patches@gnu.org>."
+
+version="\
+GNU config.sub ($timestamp)
+
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
+2002, 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc.
+
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
+
+help="
+Try \`$me --help' for more information."
+
+# Parse command line
+while test $# -gt 0 ; do
+  case $1 in
+    --time-stamp | --time* | -t )
+       echo "$timestamp" ; exit ;;
+    --version | -v )
+       echo "$version" ; exit ;;
+    --help | --h* | -h )
+       echo "$usage"; exit ;;
+    -- )     # Stop option processing
+       shift; break ;;
+    - )	# Use stdin as input.
+       break ;;
+    -* )
+       echo "$me: invalid option $1$help"
+       exit 1 ;;
+
+    *local*)
+       # First pass through any local machine types.
+       echo $1
+       exit ;;
+
+    * )
+       break ;;
+  esac
+done
+
+case $# in
+ 0) echo "$me: missing argument$help" >&2
+    exit 1;;
+ 1) ;;
+ *) echo "$me: too many arguments$help" >&2
+    exit 1;;
+esac
+
+# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any).
+# Here we must recognize all the valid KERNEL-OS combinations.
+maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
+case $maybe_os in
+  nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
+  uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
+  kopensolaris*-gnu* | \
+  storm-chaos* | os2-emx* | rtmk-nova*)
+    os=-$maybe_os
+    basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
+    ;;
+  *)
+    basic_machine=`echo $1 | sed 's/-[^-]*$//'`
+    if [ $basic_machine != $1 ]
+    then os=`echo $1 | sed 's/.*-/-/'`
+    else os=; fi
+    ;;
+esac
+
+### Let's recognize common machines as not being operating systems so
+### that things like config.sub decstation-3100 work.  We also
+### recognize some manufacturers as not being operating systems, so we
+### can provide default operating systems below.
+case $os in
+	-sun*os*)
+		# Prevent following clause from handling this invalid input.
+		;;
+	-dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \
+	-att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \
+	-unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \
+	-convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\
+	-c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \
+	-harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \
+	-apple | -axis | -knuth | -cray | -microblaze)
+		os=
+		basic_machine=$1
+		;;
+        -bluegene*)
+	        os=-cnk
+		;;
+	-sim | -cisco | -oki | -wec | -winbond)
+		os=
+		basic_machine=$1
+		;;
+	-scout)
+		;;
+	-wrs)
+		os=-vxworks
+		basic_machine=$1
+		;;
+	-chorusos*)
+		os=-chorusos
+		basic_machine=$1
+		;;
+ 	-chorusrdb)
+ 		os=-chorusrdb
+		basic_machine=$1
+ 		;;
+	-hiux*)
+		os=-hiuxwe2
+		;;
+	-sco6)
+		os=-sco5v6
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5)
+		os=-sco3.2v5
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco4)
+		os=-sco3.2v4
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2.[4-9]*)
+		os=`echo $os | sed -e 's/sco3.2./sco3.2v/'`
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco3.2v[4-9]*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco5v6*)
+		# Don't forget version if it is 3.2v4 or newer.
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-sco*)
+		os=-sco3.2v2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-udk*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-isc)
+		os=-isc2.2
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-clix*)
+		basic_machine=clipper-intergraph
+		;;
+	-isc*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'`
+		;;
+	-lynx*)
+		os=-lynxos
+		;;
+	-ptx*)
+		basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'`
+		;;
+	-windowsnt*)
+		os=`echo $os | sed -e 's/windowsnt/winnt/'`
+		;;
+	-psos*)
+		os=-psos
+		;;
+	-mint | -mint[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+esac
+
+# Decode aliases for certain CPU-COMPANY combinations.
+case $basic_machine in
+	# Recognize the basic CPU types without company name.
+	# Some are omitted here because they have special meanings below.
+	1750a | 580 \
+	| a29k \
+	| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
+	| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
+	| am33_2.0 \
+	| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr | avr32 \
+	| bfin \
+	| c4x | clipper \
+	| d10v | d30v | dlx | dsp16xx \
+	| fido | fr30 | frv \
+	| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
+	| i370 | i860 | i960 | ia64 \
+	| ip2k | iq2000 \
+	| lm32 \
+	| m32c | m32r | m32rle | m68000 | m68k | m88k \
+	| maxq | mb | microblaze | mcore | mep | metag \
+	| mips | mipsbe | mipseb | mipsel | mipsle \
+	| mips16 \
+	| mips64 | mips64el \
+	| mips64octeon | mips64octeonel \
+	| mips64orion | mips64orionel \
+	| mips64r5900 | mips64r5900el \
+	| mips64vr | mips64vrel \
+	| mips64vr4100 | mips64vr4100el \
+	| mips64vr4300 | mips64vr4300el \
+	| mips64vr5000 | mips64vr5000el \
+	| mips64vr5900 | mips64vr5900el \
+	| mipsisa32 | mipsisa32el \
+	| mipsisa32r2 | mipsisa32r2el \
+	| mipsisa64 | mipsisa64el \
+	| mipsisa64r2 | mipsisa64r2el \
+	| mipsisa64sb1 | mipsisa64sb1el \
+	| mipsisa64sr71k | mipsisa64sr71kel \
+	| mipstx39 | mipstx39el \
+	| mn10200 | mn10300 \
+	| moxie \
+	| mt \
+	| msp430 \
+	| nios | nios2 \
+	| ns16k | ns32k \
+	| or32 \
+	| pdp10 | pdp11 | pj | pjl \
+	| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
+	| pyramid \
+	| rx \
+	| score \
+	| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
+	| sh64 | sh64le \
+	| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
+	| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
+	| spu | strongarm \
+	| tahoe | thumb | tic4x | tic80 | tron \
+	| ubicom32 \
+	| v850 | v850e \
+	| we32k \
+	| x86 | xc16x | xscale | xscalee[bl] | xstormy16 | xtensa \
+	| z8k | z80)
+		basic_machine=$basic_machine-unknown
+		;;
+	m6811 | m68hc11 | m6812 | m68hc12 | picochip)
+		# Motorola 68HC11/12.
+		basic_machine=$basic_machine-unknown
+		os=-none
+		;;
+	m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k)
+		;;
+	ms1)
+		basic_machine=mt-unknown
+		;;
+
+	# We use `pc' rather than `unknown'
+	# because (1) that's what they normally are, and
+	# (2) the word "unknown" tends to confuse beginning users.
+	i*86 | x86_64)
+	  basic_machine=$basic_machine-pc
+	  ;;
+	# Object if more than one company name word.
+	*-*-*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+	# Recognize the basic CPU types with company name.
+	580-* \
+	| a29k-* \
+	| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
+	| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
+	| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
+	| arm-*  | armbe-* | armle-* | armeb-* | armv*-* \
+	| avr-* | avr32-* \
+	| bfin-* | bs2000-* \
+	| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
+	| clipper-* | craynv-* | cydra-* \
+	| d10v-* | d30v-* | dlx-* \
+	| elxsi-* \
+	| f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \
+	| h8300-* | h8500-* \
+	| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
+	| i*86-* | i860-* | i960-* | ia64-* \
+	| ip2k-* | iq2000-* \
+	| lm32-* \
+	| m32c-* | m32r-* | m32rle-* \
+	| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
+	| m88110-* | m88k-* | maxq-* | mcore-* | metag-* | microblaze-* \
+	| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
+	| mips16-* \
+	| mips64-* | mips64el-* \
+	| mips64octeon-* | mips64octeonel-* \
+	| mips64orion-* | mips64orionel-* \
+	| mips64r5900-* | mips64r5900el-* \
+	| mips64vr-* | mips64vrel-* \
+	| mips64vr4100-* | mips64vr4100el-* \
+	| mips64vr4300-* | mips64vr4300el-* \
+	| mips64vr5000-* | mips64vr5000el-* \
+	| mips64vr5900-* | mips64vr5900el-* \
+	| mipsisa32-* | mipsisa32el-* \
+	| mipsisa32r2-* | mipsisa32r2el-* \
+	| mipsisa64-* | mipsisa64el-* \
+	| mipsisa64r2-* | mipsisa64r2el-* \
+	| mipsisa64sb1-* | mipsisa64sb1el-* \
+	| mipsisa64sr71k-* | mipsisa64sr71kel-* \
+	| mipstx39-* | mipstx39el-* \
+	| mmix-* \
+	| mt-* \
+	| msp430-* \
+	| nios-* | nios2-* \
+	| none-* | np1-* | ns16k-* | ns32k-* \
+	| orion-* \
+	| pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \
+	| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
+	| pyramid-* \
+	| romp-* | rs6000-* | rx-* \
+	| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
+	| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
+	| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
+	| sparclite-* \
+	| sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | strongarm-* | sv1-* | sx?-* \
+	| tahoe-* | thumb-* \
+	| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* | tile-* \
+	| tron-* \
+	| ubicom32-* \
+	| v850-* | v850e-* | vax-* \
+	| we32k-* \
+	| x86-* | x86_64-* | xc16x-* | xps100-* | xscale-* | xscalee[bl]-* \
+	| xstormy16-* | xtensa*-* \
+	| ymp-* \
+	| z8k-* | z80-*)
+		;;
+	# Recognize the basic CPU types without company name, with glob match.
+	xtensa*)
+		basic_machine=$basic_machine-unknown
+		;;
+	# Recognize the various machine names and aliases which stand
+	# for a CPU type and a company and sometimes even an OS.
+	386bsd)
+		basic_machine=i386-unknown
+		os=-bsd
+		;;
+	3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc)
+		basic_machine=m68000-att
+		;;
+	3b*)
+		basic_machine=we32k-att
+		;;
+	a29khif)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+    	abacus)
+		basic_machine=abacus-unknown
+		;;
+	adobe68k)
+		basic_machine=m68010-adobe
+		os=-scout
+		;;
+	alliant | fx80)
+		basic_machine=fx80-alliant
+		;;
+	altos | altos3068)
+		basic_machine=m68k-altos
+		;;
+	am29k)
+		basic_machine=a29k-none
+		os=-bsd
+		;;
+	amd64)
+		basic_machine=x86_64-pc
+		;;
+	amd64-*)
+		basic_machine=x86_64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	amdahl)
+		basic_machine=580-amdahl
+		os=-sysv
+		;;
+	amiga | amiga-*)
+		basic_machine=m68k-unknown
+		;;
+	amigaos | amigados)
+		basic_machine=m68k-unknown
+		os=-amigaos
+		;;
+	amigaunix | amix)
+		basic_machine=m68k-unknown
+		os=-sysv4
+		;;
+	apollo68)
+		basic_machine=m68k-apollo
+		os=-sysv
+		;;
+	apollo68bsd)
+		basic_machine=m68k-apollo
+		os=-bsd
+		;;
+	aros)
+		basic_machine=i386-pc
+		os=-aros
+		;;
+	aux)
+		basic_machine=m68k-apple
+		os=-aux
+		;;
+	balance)
+		basic_machine=ns32k-sequent
+		os=-dynix
+		;;
+	blackfin)
+		basic_machine=bfin-unknown
+		os=-linux
+		;;
+	blackfin-*)
+		basic_machine=bfin-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	bluegene*)
+		basic_machine=powerpc-ibm
+		os=-cnk
+		;;
+	c90)
+		basic_machine=c90-cray
+		os=-unicos
+		;;
+        cegcc)
+		basic_machine=arm-unknown
+		os=-cegcc
+		;;
+	convex-c1)
+		basic_machine=c1-convex
+		os=-bsd
+		;;
+	convex-c2)
+		basic_machine=c2-convex
+		os=-bsd
+		;;
+	convex-c32)
+		basic_machine=c32-convex
+		os=-bsd
+		;;
+	convex-c34)
+		basic_machine=c34-convex
+		os=-bsd
+		;;
+	convex-c38)
+		basic_machine=c38-convex
+		os=-bsd
+		;;
+	cray | j90)
+		basic_machine=j90-cray
+		os=-unicos
+		;;
+	craynv)
+		basic_machine=craynv-cray
+		os=-unicosmp
+		;;
+	cr16)
+		basic_machine=cr16-unknown
+		os=-elf
+		;;
+	crds | unos)
+		basic_machine=m68k-crds
+		;;
+	crisv32 | crisv32-* | etraxfs*)
+		basic_machine=crisv32-axis
+		;;
+	cris | cris-* | etrax*)
+		basic_machine=cris-axis
+		;;
+	crx)
+		basic_machine=crx-unknown
+		os=-elf
+		;;
+	da30 | da30-*)
+		basic_machine=m68k-da30
+		;;
+	decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn)
+		basic_machine=mips-dec
+		;;
+	decsystem10* | dec10*)
+		basic_machine=pdp10-dec
+		os=-tops10
+		;;
+	decsystem20* | dec20*)
+		basic_machine=pdp10-dec
+		os=-tops20
+		;;
+	delta | 3300 | motorola-3300 | motorola-delta \
+	      | 3300-motorola | delta-motorola)
+		basic_machine=m68k-motorola
+		;;
+	delta88)
+		basic_machine=m88k-motorola
+		os=-sysv3
+		;;
+	dicos)
+		basic_machine=i686-pc
+		os=-dicos
+		;;
+	djgpp)
+		basic_machine=i586-pc
+		os=-msdosdjgpp
+		;;
+	dpx20 | dpx20-*)
+		basic_machine=rs6000-bull
+		os=-bosx
+		;;
+	dpx2* | dpx2*-bull)
+		basic_machine=m68k-bull
+		os=-sysv3
+		;;
+	ebmon29k)
+		basic_machine=a29k-amd
+		os=-ebmon
+		;;
+	elxsi)
+		basic_machine=elxsi-elxsi
+		os=-bsd
+		;;
+	encore | umax | mmax)
+		basic_machine=ns32k-encore
+		;;
+	es1800 | OSE68k | ose68k | ose | OSE)
+		basic_machine=m68k-ericsson
+		os=-ose
+		;;
+	fx2800)
+		basic_machine=i860-alliant
+		;;
+	genix)
+		basic_machine=ns32k-ns
+		;;
+	gmicro)
+		basic_machine=tron-gmicro
+		os=-sysv
+		;;
+	go32)
+		basic_machine=i386-pc
+		os=-go32
+		;;
+	h3050r* | hiux*)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	h8300hms)
+		basic_machine=h8300-hitachi
+		os=-hms
+		;;
+	h8300xray)
+		basic_machine=h8300-hitachi
+		os=-xray
+		;;
+	h8500hms)
+		basic_machine=h8500-hitachi
+		os=-hms
+		;;
+	harris)
+		basic_machine=m88k-harris
+		os=-sysv3
+		;;
+	hp300-*)
+		basic_machine=m68k-hp
+		;;
+	hp300bsd)
+		basic_machine=m68k-hp
+		os=-bsd
+		;;
+	hp300hpux)
+		basic_machine=m68k-hp
+		os=-hpux
+		;;
+	hp3k9[0-9][0-9] | hp9[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k2[0-9][0-9] | hp9k31[0-9])
+		basic_machine=m68000-hp
+		;;
+	hp9k3[2-9][0-9])
+		basic_machine=m68k-hp
+		;;
+	hp9k6[0-9][0-9] | hp6[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hp9k7[0-79][0-9] | hp7[0-79][0-9])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k78[0-9] | hp78[0-9])
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893)
+		# FIXME: really hppa2.0-hp
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][13679] | hp8[0-9][13679])
+		basic_machine=hppa1.1-hp
+		;;
+	hp9k8[0-9][0-9] | hp8[0-9][0-9])
+		basic_machine=hppa1.0-hp
+		;;
+	hppa-next)
+		os=-nextstep3
+		;;
+	hppaosf)
+		basic_machine=hppa1.1-hp
+		os=-osf
+		;;
+	hppro)
+		basic_machine=hppa1.1-hp
+		os=-proelf
+		;;
+	i370-ibm* | ibm*)
+		basic_machine=i370-ibm
+		;;
+# I'm not sure what "Sysv32" means.  Should this be sysv3.2?
+	i*86v32)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv32
+		;;
+	i*86v4*)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv4
+		;;
+	i*86v)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-sysv
+		;;
+	i*86sol2)
+		basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'`
+		os=-solaris2
+		;;
+	i386mach)
+		basic_machine=i386-mach
+		os=-mach
+		;;
+	i386-vsta | vsta)
+		basic_machine=i386-unknown
+		os=-vsta
+		;;
+	iris | iris4d)
+		basic_machine=mips-sgi
+		case $os in
+		    -irix*)
+			;;
+		    *)
+			os=-irix4
+			;;
+		esac
+		;;
+	isi68 | isi)
+		basic_machine=m68k-isi
+		os=-sysv
+		;;
+	m68knommu)
+		basic_machine=m68k-unknown
+		os=-linux
+		;;
+	m68knommu-*)
+		basic_machine=m68k-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	m88k-omron*)
+		basic_machine=m88k-omron
+		;;
+	magnum | m3230)
+		basic_machine=mips-mips
+		os=-sysv
+		;;
+	merlin)
+		basic_machine=ns32k-utek
+		os=-sysv
+		;;
+        microblaze)
+		basic_machine=microblaze-xilinx
+		;;
+	mingw32)
+		basic_machine=i386-pc
+		os=-mingw32
+		;;
+	mingw32ce)
+		basic_machine=arm-unknown
+		os=-mingw32ce
+		;;
+	miniframe)
+		basic_machine=m68000-convergent
+		;;
+	*mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*)
+		basic_machine=m68k-atari
+		os=-mint
+		;;
+	mips3*-*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`
+		;;
+	mips3*)
+		basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown
+		;;
+	monitor)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	morphos)
+		basic_machine=powerpc-unknown
+		os=-morphos
+		;;
+	msdos)
+		basic_machine=i386-pc
+		os=-msdos
+		;;
+	ms1-*)
+		basic_machine=`echo $basic_machine | sed -e 's/ms1-/mt-/'`
+		;;
+	mvs)
+		basic_machine=i370-ibm
+		os=-mvs
+		;;
+	ncr3000)
+		basic_machine=i486-ncr
+		os=-sysv4
+		;;
+	netbsd386)
+		basic_machine=i386-unknown
+		os=-netbsd
+		;;
+	netwinder)
+		basic_machine=armv4l-rebel
+		os=-linux
+		;;
+	news | news700 | news800 | news900)
+		basic_machine=m68k-sony
+		os=-newsos
+		;;
+	news1000)
+		basic_machine=m68030-sony
+		os=-newsos
+		;;
+	news-3600 | risc-news)
+		basic_machine=mips-sony
+		os=-newsos
+		;;
+	necv70)
+		basic_machine=v70-nec
+		os=-sysv
+		;;
+	next | m*-next )
+		basic_machine=m68k-next
+		case $os in
+		    -nextstep* )
+			;;
+		    -ns2*)
+		      os=-nextstep2
+			;;
+		    *)
+		      os=-nextstep3
+			;;
+		esac
+		;;
+	nh3000)
+		basic_machine=m68k-harris
+		os=-cxux
+		;;
+	nh[45]000)
+		basic_machine=m88k-harris
+		os=-cxux
+		;;
+	nindy960)
+		basic_machine=i960-intel
+		os=-nindy
+		;;
+	mon960)
+		basic_machine=i960-intel
+		os=-mon960
+		;;
+	nonstopux)
+		basic_machine=mips-compaq
+		os=-nonstopux
+		;;
+	np1)
+		basic_machine=np1-gould
+		;;
+	nsr-tandem)
+		basic_machine=nsr-tandem
+		;;
+	op50n-* | op60c-*)
+		basic_machine=hppa1.1-oki
+		os=-proelf
+		;;
+	openrisc | openrisc-*)
+		basic_machine=or32-unknown
+		;;
+	os400)
+		basic_machine=powerpc-ibm
+		os=-os400
+		;;
+	OSE68000 | ose68000)
+		basic_machine=m68000-ericsson
+		os=-ose
+		;;
+	os68k)
+		basic_machine=m68k-none
+		os=-os68k
+		;;
+	pa-hitachi)
+		basic_machine=hppa1.1-hitachi
+		os=-hiuxwe2
+		;;
+	paragon)
+		basic_machine=i860-intel
+		os=-osf
+		;;
+	parisc)
+		basic_machine=hppa-unknown
+		os=-linux
+		;;
+	parisc-*)
+		basic_machine=hppa-`echo $basic_machine | sed 's/^[^-]*-//'`
+		os=-linux
+		;;
+	pbd)
+		basic_machine=sparc-tti
+		;;
+	pbb)
+		basic_machine=m68k-tti
+		;;
+	pc532 | pc532-*)
+		basic_machine=ns32k-pc532
+		;;
+	pc98)
+		basic_machine=i386-pc
+		;;
+	pc98-*)
+		basic_machine=i386-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium | p5 | k5 | k6 | nexgen | viac3)
+		basic_machine=i586-pc
+		;;
+	pentiumpro | p6 | 6x86 | athlon | athlon_*)
+		basic_machine=i686-pc
+		;;
+	pentiumii | pentium2 | pentiumiii | pentium3)
+		basic_machine=i686-pc
+		;;
+	pentium4)
+		basic_machine=i786-pc
+		;;
+	pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*)
+		basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumpro-* | p6-* | 6x86-* | athlon-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*)
+		basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pentium4-*)
+		basic_machine=i786-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	pn)
+		basic_machine=pn-gould
+		;;
+	power)	basic_machine=power-ibm
+		;;
+	ppc)	basic_machine=powerpc-unknown
+		;;
+	ppc-*)	basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppcle | powerpclittle | ppc-le | powerpc-little)
+		basic_machine=powerpcle-unknown
+		;;
+	ppcle-* | powerpclittle-*)
+		basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64)	basic_machine=powerpc64-unknown
+		;;
+	ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ppc64le | powerpc64little | ppc64-le | powerpc64-little)
+		basic_machine=powerpc64le-unknown
+		;;
+	ppc64le-* | powerpc64little-*)
+		basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'`
+		;;
+	ps2)
+		basic_machine=i386-ibm
+		;;
+	pw32)
+		basic_machine=i586-unknown
+		os=-pw32
+		;;
+	rdos)
+		basic_machine=i386-pc
+		os=-rdos
+		;;
+	rom68k)
+		basic_machine=m68k-rom68k
+		os=-coff
+		;;
+	rm[46]00)
+		basic_machine=mips-siemens
+		;;
+	rtpc | rtpc-*)
+		basic_machine=romp-ibm
+		;;
+	s390 | s390-*)
+		basic_machine=s390-ibm
+		;;
+	s390x | s390x-*)
+		basic_machine=s390x-ibm
+		;;
+	sa29200)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	sb1)
+		basic_machine=mipsisa64sb1-unknown
+		;;
+	sb1el)
+		basic_machine=mipsisa64sb1el-unknown
+		;;
+	sde)
+		basic_machine=mipsisa32-sde
+		os=-elf
+		;;
+	sei)
+		basic_machine=mips-sei
+		os=-seiux
+		;;
+	sequent)
+		basic_machine=i386-sequent
+		;;
+	sh)
+		basic_machine=sh-hitachi
+		os=-hms
+		;;
+	sh5el)
+		basic_machine=sh5le-unknown
+		;;
+	sh64)
+		basic_machine=sh64-unknown
+		;;
+	sparclite-wrs | simso-wrs)
+		basic_machine=sparclite-wrs
+		os=-vxworks
+		;;
+	sps7)
+		basic_machine=m68k-bull
+		os=-sysv2
+		;;
+	spur)
+		basic_machine=spur-unknown
+		;;
+	st2000)
+		basic_machine=m68k-tandem
+		;;
+	stratus)
+		basic_machine=i860-stratus
+		os=-sysv4
+		;;
+	sun2)
+		basic_machine=m68000-sun
+		;;
+	sun2os3)
+		basic_machine=m68000-sun
+		os=-sunos3
+		;;
+	sun2os4)
+		basic_machine=m68000-sun
+		os=-sunos4
+		;;
+	sun3os3)
+		basic_machine=m68k-sun
+		os=-sunos3
+		;;
+	sun3os4)
+		basic_machine=m68k-sun
+		os=-sunos4
+		;;
+	sun4os3)
+		basic_machine=sparc-sun
+		os=-sunos3
+		;;
+	sun4os4)
+		basic_machine=sparc-sun
+		os=-sunos4
+		;;
+	sun4sol2)
+		basic_machine=sparc-sun
+		os=-solaris2
+		;;
+	sun3 | sun3-*)
+		basic_machine=m68k-sun
+		;;
+	sun4)
+		basic_machine=sparc-sun
+		;;
+	sun386 | sun386i | roadrunner)
+		basic_machine=i386-sun
+		;;
+	sv1)
+		basic_machine=sv1-cray
+		os=-unicos
+		;;
+	symmetry)
+		basic_machine=i386-sequent
+		os=-dynix
+		;;
+	t3e)
+		basic_machine=alphaev5-cray
+		os=-unicos
+		;;
+	t90)
+		basic_machine=t90-cray
+		os=-unicos
+		;;
+	tic54x | c54x*)
+		basic_machine=tic54x-unknown
+		os=-coff
+		;;
+	tic55x | c55x*)
+		basic_machine=tic55x-unknown
+		os=-coff
+		;;
+	tic6x | c6x*)
+		basic_machine=tic6x-unknown
+		os=-coff
+		;;
+	tile*)
+		basic_machine=tile-unknown
+		os=-linux-gnu
+		;;
+	tx39)
+		basic_machine=mipstx39-unknown
+		;;
+	tx39el)
+		basic_machine=mipstx39el-unknown
+		;;
+	toad1)
+		basic_machine=pdp10-xkl
+		os=-tops20
+		;;
+	tower | tower-32)
+		basic_machine=m68k-ncr
+		;;
+	tpf)
+		basic_machine=s390x-ibm
+		os=-tpf
+		;;
+	udi29k)
+		basic_machine=a29k-amd
+		os=-udi
+		;;
+	ultra3)
+		basic_machine=a29k-nyu
+		os=-sym1
+		;;
+	v810 | necv810)
+		basic_machine=v810-nec
+		os=-none
+		;;
+	vaxv)
+		basic_machine=vax-dec
+		os=-sysv
+		;;
+	vms)
+		basic_machine=vax-dec
+		os=-vms
+		;;
+	vpp*|vx|vx-*)
+		basic_machine=f301-fujitsu
+		;;
+	vxworks960)
+		basic_machine=i960-wrs
+		os=-vxworks
+		;;
+	vxworks68)
+		basic_machine=m68k-wrs
+		os=-vxworks
+		;;
+	vxworks29k)
+		basic_machine=a29k-wrs
+		os=-vxworks
+		;;
+	w65*)
+		basic_machine=w65-wdc
+		os=-none
+		;;
+	w89k-*)
+		basic_machine=hppa1.1-winbond
+		os=-proelf
+		;;
+	xbox)
+		basic_machine=i686-pc
+		os=-mingw32
+		;;
+	xps | xps100)
+		basic_machine=xps100-honeywell
+		;;
+	ymp)
+		basic_machine=ymp-cray
+		os=-unicos
+		;;
+	z8k-*-coff)
+		basic_machine=z8k-unknown
+		os=-sim
+		;;
+	z80-*-coff)
+		basic_machine=z80-unknown
+		os=-sim
+		;;
+	none)
+		basic_machine=none-none
+		os=-none
+		;;
+
+# Here we handle the default manufacturer of certain CPU types.  It is in
+# some cases the only manufacturer, in others, it is the most popular.
+	w89k)
+		basic_machine=hppa1.1-winbond
+		;;
+	op50n)
+		basic_machine=hppa1.1-oki
+		;;
+	op60c)
+		basic_machine=hppa1.1-oki
+		;;
+	romp)
+		basic_machine=romp-ibm
+		;;
+	mmix)
+		basic_machine=mmix-knuth
+		;;
+	rs6000)
+		basic_machine=rs6000-ibm
+		;;
+	vax)
+		basic_machine=vax-dec
+		;;
+	pdp10)
+		# there are many clones, so DEC is not a safe bet
+		basic_machine=pdp10-unknown
+		;;
+	pdp11)
+		basic_machine=pdp11-dec
+		;;
+	we32k)
+		basic_machine=we32k-att
+		;;
+	sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
+		basic_machine=sh-unknown
+		;;
+	sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
+		basic_machine=sparc-sun
+		;;
+	cydra)
+		basic_machine=cydra-cydrome
+		;;
+	orion)
+		basic_machine=orion-highlevel
+		;;
+	orion105)
+		basic_machine=clipper-highlevel
+		;;
+	mac | mpw | mac-mpw)
+		basic_machine=m68k-apple
+		;;
+	pmac | pmac-mpw)
+		basic_machine=powerpc-apple
+		;;
+	*-unknown)
+		# Make sure to match an already-canonicalized machine name.
+		;;
+	*)
+		echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2
+		exit 1
+		;;
+esac
+
+# Here we canonicalize certain aliases for manufacturers.
+case $basic_machine in
+	*-digital*)
+		basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'`
+		;;
+	*-commodore*)
+		basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'`
+		;;
+	*)
+		;;
+esac
+
+# Decode manufacturer-specific aliases for certain operating systems.
+
+if [ x"$os" != x"" ]
+then
+case $os in
+        # First match some system type aliases
+        # that might get confused with valid system types.
+	# -solaris* is a basic system type, with this one exception.
+        -auroraux)
+	        os=-auroraux
+		;;
+	-solaris1 | -solaris1.*)
+		os=`echo $os | sed -e 's|solaris1|sunos4|'`
+		;;
+	-solaris)
+		os=-solaris2
+		;;
+	-svr4*)
+		os=-sysv4
+		;;
+	-unixware*)
+		os=-sysv4.2uw
+		;;
+	-gnu/linux*)
+		os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'`
+		;;
+	# First accept the basic system types.
+	# The portable systems comes first.
+	# Each alternative MUST END IN A *, to match a version number.
+	# -sysv* is not here because it comes later, after sysvr4.
+	-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
+	      | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\
+	      | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \
+	      | -sym* | -kopensolaris* \
+	      | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
+	      | -aos* | -aros* \
+	      | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
+	      | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
+	      | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \
+	      | -openbsd* | -solidbsd* \
+	      | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \
+	      | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \
+	      | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \
+	      | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \
+	      | -chorusos* | -chorusrdb* | -cegcc* \
+	      | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \
+	      | -mingw32* | -linux-gnu* | -linux-newlib* | -linux-uclibc* \
+	      | -uxpv* | -beos* | -mpeix* | -udk* \
+	      | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \
+	      | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \
+	      | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \
+	      | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \
+	      | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \
+	      | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \
+	      | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*)
+	# Remember, each alternative MUST END IN *, to match a version number.
+		;;
+	-qnx*)
+		case $basic_machine in
+		    x86-* | i*86-*)
+			;;
+		    *)
+			os=-nto$os
+			;;
+		esac
+		;;
+	-nto-qnx*)
+		;;
+	-nto*)
+		os=`echo $os | sed -e 's|nto|nto-qnx|'`
+		;;
+	-sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \
+	      | -windows* | -osx | -abug | -netware* | -os9* | -beos* | -haiku* \
+	      | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*)
+		;;
+	-mac*)
+		os=`echo $os | sed -e 's|mac|macos|'`
+		;;
+	-linux-dietlibc)
+		os=-linux-dietlibc
+		;;
+	-linux*)
+		os=`echo $os | sed -e 's|linux|linux-gnu|'`
+		;;
+	-sunos5*)
+		os=`echo $os | sed -e 's|sunos5|solaris2|'`
+		;;
+	-sunos6*)
+		os=`echo $os | sed -e 's|sunos6|solaris3|'`
+		;;
+	-opened*)
+		os=-openedition
+		;;
+        -os400*)
+		os=-os400
+		;;
+	-wince*)
+		os=-wince
+		;;
+	-osfrose*)
+		os=-osfrose
+		;;
+	-osf*)
+		os=-osf
+		;;
+	-utek*)
+		os=-bsd
+		;;
+	-dynix*)
+		os=-bsd
+		;;
+	-acis*)
+		os=-aos
+		;;
+	-atheos*)
+		os=-atheos
+		;;
+	-syllable*)
+		os=-syllable
+		;;
+	-386bsd)
+		os=-bsd
+		;;
+	-ctix* | -uts*)
+		os=-sysv
+		;;
+	-nova*)
+		os=-rtmk-nova
+		;;
+	-ns2 )
+		os=-nextstep2
+		;;
+	-nsk*)
+		os=-nsk
+		;;
+	# Preserve the version number of sinix5.
+	-sinix5.*)
+		os=`echo $os | sed -e 's|sinix|sysv|'`
+		;;
+	-sinix*)
+		os=-sysv4
+		;;
+        -tpf*)
+		os=-tpf
+		;;
+	-triton*)
+		os=-sysv3
+		;;
+	-oss*)
+		os=-sysv3
+		;;
+	-svr4)
+		os=-sysv4
+		;;
+	-svr3)
+		os=-sysv3
+		;;
+	-sysvr4)
+		os=-sysv4
+		;;
+	# This must come after -sysvr4.
+	-sysv*)
+		;;
+	-ose*)
+		os=-ose
+		;;
+	-es1800*)
+		os=-ose
+		;;
+	-xenix)
+		os=-xenix
+		;;
+	-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+		os=-mint
+		;;
+	-aros*)
+		os=-aros
+		;;
+	-kaos*)
+		os=-kaos
+		;;
+	-zvmoe)
+		os=-zvmoe
+		;;
+	-dicos*)
+		os=-dicos
+		;;
+	-none)
+		;;
+	*)
+		# Get rid of the `-' at the beginning of $os.
+		os=`echo $os | sed 's/[^-]*-//'`
+		echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2
+		exit 1
+		;;
+esac
+else
+
+# Here we handle the default operating systems that come with various machines.
+# The value should be what the vendor currently ships out the door with their
+# machine or put another way, the most popular os provided with the machine.
+
+# Note that if you're going to try to match "-MANUFACTURER" here (say,
+# "-sun"), then you have to tell the case statement up towards the top
+# that MANUFACTURER isn't an operating system.  Otherwise, code above
+# will signal an error saying that MANUFACTURER isn't an operating
+# system, and we'll never get to this point.
+
+case $basic_machine in
+        score-*)
+		os=-elf
+		;;
+        spu-*)
+		os=-elf
+		;;
+	*-acorn)
+		os=-riscix1.2
+		;;
+	arm*-rebel)
+		os=-linux
+		;;
+	arm*-semi)
+		os=-aout
+		;;
+        c4x-* | tic4x-*)
+        	os=-coff
+		;;
+	# This must come before the *-dec entry.
+	pdp10-*)
+		os=-tops20
+		;;
+	pdp11-*)
+		os=-none
+		;;
+	*-dec | vax-*)
+		os=-ultrix4.2
+		;;
+	m68*-apollo)
+		os=-domain
+		;;
+	i386-sun)
+		os=-sunos4.0.2
+		;;
+	m68000-sun)
+		os=-sunos3
+		# This also exists in the configure program, but was not the
+		# default.
+		# os=-sunos4
+		;;
+	m68*-cisco)
+		os=-aout
+		;;
+        mep-*)
+		os=-elf
+		;;
+	mips*-cisco)
+		os=-elf
+		;;
+	mips*-*)
+		os=-elf
+		;;
+	or32-*)
+		os=-coff
+		;;
+	*-tti)	# must be before sparc entry or we get the wrong os.
+		os=-sysv3
+		;;
+	sparc-* | *-sun)
+		os=-sunos4.1.1
+		;;
+	*-be)
+		os=-beos
+		;;
+	*-haiku)
+		os=-haiku
+		;;
+	*-ibm)
+		os=-aix
+		;;
+    	*-knuth)
+		os=-mmixware
+		;;
+	*-wec)
+		os=-proelf
+		;;
+	*-winbond)
+		os=-proelf
+		;;
+	*-oki)
+		os=-proelf
+		;;
+	*-hp)
+		os=-hpux
+		;;
+	*-hitachi)
+		os=-hiux
+		;;
+	i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent)
+		os=-sysv
+		;;
+	*-cbm)
+		os=-amigaos
+		;;
+	*-dg)
+		os=-dgux
+		;;
+	*-dolphin)
+		os=-sysv3
+		;;
+	m68k-ccur)
+		os=-rtu
+		;;
+	m88k-omron*)
+		os=-luna
+		;;
+	*-next )
+		os=-nextstep
+		;;
+	*-sequent)
+		os=-ptx
+		;;
+	*-crds)
+		os=-unos
+		;;
+	*-ns)
+		os=-genix
+		;;
+	i370-*)
+		os=-mvs
+		;;
+	*-next)
+		os=-nextstep3
+		;;
+	*-gould)
+		os=-sysv
+		;;
+	*-highlevel)
+		os=-bsd
+		;;
+	*-encore)
+		os=-bsd
+		;;
+	*-sgi)
+		os=-irix
+		;;
+	*-siemens)
+		os=-sysv4
+		;;
+	*-masscomp)
+		os=-rtu
+		;;
+	f30[01]-fujitsu | f700-fujitsu)
+		os=-uxpv
+		;;
+	*-rom68k)
+		os=-coff
+		;;
+	*-*bug)
+		os=-coff
+		;;
+	*-apple)
+		os=-macos
+		;;
+	*-atari*)
+		os=-mint
+		;;
+	*)
+		os=-none
+		;;
+esac
+fi
+
+# Here we handle the case where we know the os, and the CPU type, but not the
+# manufacturer.  We pick the logical manufacturer.
+vendor=unknown
+case $basic_machine in
+	*-unknown)
+		case $os in
+			-riscix*)
+				vendor=acorn
+				;;
+			-sunos*)
+				vendor=sun
+				;;
+			-cnk*|-aix*)
+				vendor=ibm
+				;;
+			-beos*)
+				vendor=be
+				;;
+			-hpux*)
+				vendor=hp
+				;;
+			-mpeix*)
+				vendor=hp
+				;;
+			-hiux*)
+				vendor=hitachi
+				;;
+			-unos*)
+				vendor=crds
+				;;
+			-dgux*)
+				vendor=dg
+				;;
+			-luna*)
+				vendor=omron
+				;;
+			-genix*)
+				vendor=ns
+				;;
+			-mvs* | -opened*)
+				vendor=ibm
+				;;
+			-os400*)
+				vendor=ibm
+				;;
+			-ptx*)
+				vendor=sequent
+				;;
+			-tpf*)
+				vendor=ibm
+				;;
+			-vxsim* | -vxworks* | -windiss*)
+				vendor=wrs
+				;;
+			-aux*)
+				vendor=apple
+				;;
+			-hms*)
+				vendor=hitachi
+				;;
+			-mpw* | -macos*)
+				vendor=apple
+				;;
+			-*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*)
+				vendor=atari
+				;;
+			-vos*)
+				vendor=stratus
+				;;
+		esac
+		basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"`
+		;;
+esac
+
+echo $basic_machine$os
+exit
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "timestamp='"
+# time-stamp-format: "%:y-%02m-%02d"
+# time-stamp-end: "'"
+# End:
diff --git a/pki/base/tps/configure b/pki/base/tps/configure
new file mode 100755
index 000000000..b7357fb8a
--- /dev/null
+++ b/pki/base/tps/configure
@@ -0,0 +1,20858 @@
+#! /bin/sh
+# Guess values for system-dependent variables and create Makefiles.
+# Generated by GNU Autoconf 2.65 for pki-tps 8.0.0.
+#
+# Report bugs to <http://bugzilla.redhat.com/>.
+#
+#
+# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
+# 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation,
+# Inc.
+#
+#
+# This configure script is free software; the Free Software Foundation
+# gives unlimited permission to copy, distribute and modify it.
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test "x$CONFIG_SHELL" = x; then
+  as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+"
+  as_required="as_fn_return () { (exit \$1); }
+as_fn_success () { as_fn_return 0; }
+as_fn_failure () { as_fn_return 1; }
+as_fn_ret_success () { return 0; }
+as_fn_ret_failure () { return 1; }
+
+exitcode=0
+as_fn_success || { exitcode=1; echo as_fn_success failed.; }
+as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; }
+as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; }
+as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; }
+if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then :
+
+else
+  exitcode=1; echo positional parameters were not saved.
+fi
+test x\$exitcode = x0 || exit 1"
+  as_suggested="  as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO
+  as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO
+  eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" &&
+  test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1
+test \$(( 1 + 1 )) = 2 || exit 1"
+  if (eval "$as_required") 2>/dev/null; then :
+  as_have_required=yes
+else
+  as_have_required=no
+fi
+  if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then :
+
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+as_found=false
+for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+  as_found=:
+  case $as_dir in #(
+	 /*)
+	   for as_base in sh bash ksh sh5; do
+	     # Try only shells that exist, to save several forks.
+	     as_shell=$as_dir/$as_base
+	     if { test -f "$as_shell" || test -f "$as_shell.exe"; } &&
+		    { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  CONFIG_SHELL=$as_shell as_have_required=yes
+		   if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then :
+  break 2
+fi
+fi
+	   done;;
+       esac
+  as_found=false
+done
+$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } &&
+	      { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then :
+  CONFIG_SHELL=$SHELL as_have_required=yes
+fi; }
+IFS=$as_save_IFS
+
+
+      if test "x$CONFIG_SHELL" != x; then :
+  # We cannot yet assume a decent shell, so we have to provide a
+	# neutralization value for shells without unset; and this also
+	# works around shells that cannot unset nonexistent variables.
+	BASH_ENV=/dev/null
+	ENV=/dev/null
+	(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV
+	export CONFIG_SHELL
+	exec "$CONFIG_SHELL" "$as_myself" ${1+"$@"}
+fi
+
+    if test x$as_have_required = xno; then :
+  $as_echo "$0: This script requires a shell more modern than all"
+  $as_echo "$0: the shells that I found on your system."
+  if test x${ZSH_VERSION+set} = xset ; then
+    $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should"
+    $as_echo "$0: be upgraded to zsh 4.3.4 or later."
+  else
+    $as_echo "$0: Please tell bug-autoconf@gnu.org and
+$0: http://bugzilla.redhat.com/ about your system,
+$0: including any error possibly output before this
+$0: message. Then install a modern shell, or manually run
+$0: the script under such a shell if you do have one."
+  fi
+  exit 1
+fi
+fi
+fi
+SHELL=${CONFIG_SHELL-/bin/sh}
+export SHELL
+# Unset more variables known to interfere with behavior of common tools.
+CLICOLOR_FORCE= GREP_OPTIONS=
+unset CLICOLOR_FORCE GREP_OPTIONS
+
+## --------------------- ##
+## M4sh Shell Functions. ##
+## --------------------- ##
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+# as_fn_error ERROR [LINENO LOG_FD]
+# ---------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with status $?, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$?; test $as_status -eq 0 && as_status=1
+  if test "$3"; then
+    as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3
+  fi
+  $as_echo "$as_me: error: $1" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+
+  as_lineno_1=$LINENO as_lineno_1a=$LINENO
+  as_lineno_2=$LINENO as_lineno_2a=$LINENO
+  eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" &&
+  test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || {
+  # Blame Lee E. McMahon (1931-1989) for sed's syntax.  :-)
+  sed -n '
+    p
+    /[$]LINENO/=
+  ' <$as_myself |
+    sed '
+      s/[$]LINENO.*/&-/
+      t lineno
+      b
+      :lineno
+      N
+      :loop
+      s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/
+      t loop
+      s/-\n.*//
+    ' >$as_me.lineno &&
+  chmod +x "$as_me.lineno" ||
+    { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; }
+
+  # Don't try to exec as it changes $[0], causing all sort of problems
+  # (the dirname of $[0] is not the place where we might find the
+  # original and so on.  Autoconf is especially sensitive to this).
+  . "./$as_me.lineno"
+  # Exit status is that of the last command.
+  exit
+}
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in #(
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+
+# Check that we are running under the correct shell.
+SHELL=${CONFIG_SHELL-/bin/sh}
+
+case X$lt_ECHO in
+X*--fallback-echo)
+  # Remove one level of quotation (which was required for Make).
+  ECHO=`echo "$lt_ECHO" | sed 's,\\\\\$\\$0,'$0','`
+  ;;
+esac
+
+ECHO=${lt_ECHO-echo}
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' ; then
+  # Yippee, $ECHO works!
+  :
+else
+  # Restart under the correct shell.
+  exec $SHELL "$0" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<_LT_EOF
+$*
+_LT_EOF
+  exit 0
+fi
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+if test -z "$lt_ECHO"; then
+  if test "X${echo_test_string+set}" != Xset; then
+    # find a string as large as possible, as long as the shell can cope with it
+    for cmd in 'sed 50q "$0"' 'sed 20q "$0"' 'sed 10q "$0"' 'sed 2q "$0"' 'echo test'; do
+      # expected sizes: less than 2Kb, 1Kb, 512 bytes, 16 bytes, ...
+      if { echo_test_string=`eval $cmd`; } 2>/dev/null &&
+	 { test "X$echo_test_string" = "X$echo_test_string"; } 2>/dev/null
+      then
+        break
+      fi
+    done
+  fi
+
+  if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+     echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+     test "X$echo_testing_string" = "X$echo_test_string"; then
+    :
+  else
+    # The Solaris, AIX, and Digital Unix default echo programs unquote
+    # backslashes.  This makes it impossible to quote backslashes using
+    #   echo "$something" | sed 's/\\/\\\\/g'
+    #
+    # So, first we look for a working echo in the user's PATH.
+
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for dir in $PATH /usr/ucb; do
+      IFS="$lt_save_ifs"
+      if (test -f $dir/echo || test -f $dir/echo$ac_exeext) &&
+         test "X`($dir/echo '\t') 2>/dev/null`" = 'X\t' &&
+         echo_testing_string=`($dir/echo "$echo_test_string") 2>/dev/null` &&
+         test "X$echo_testing_string" = "X$echo_test_string"; then
+        ECHO="$dir/echo"
+        break
+      fi
+    done
+    IFS="$lt_save_ifs"
+
+    if test "X$ECHO" = Xecho; then
+      # We didn't find a better echo, so look for alternatives.
+      if test "X`{ print -r '\t'; } 2>/dev/null`" = 'X\t' &&
+         echo_testing_string=`{ print -r "$echo_test_string"; } 2>/dev/null` &&
+         test "X$echo_testing_string" = "X$echo_test_string"; then
+        # This shell has a builtin print -r that does the trick.
+        ECHO='print -r'
+      elif { test -f /bin/ksh || test -f /bin/ksh$ac_exeext; } &&
+	   test "X$CONFIG_SHELL" != X/bin/ksh; then
+        # If we have ksh, try running configure again with it.
+        ORIGINAL_CONFIG_SHELL=${CONFIG_SHELL-/bin/sh}
+        export ORIGINAL_CONFIG_SHELL
+        CONFIG_SHELL=/bin/ksh
+        export CONFIG_SHELL
+        exec $CONFIG_SHELL "$0" --no-reexec ${1+"$@"}
+      else
+        # Try using printf.
+        ECHO='printf %s\n'
+        if test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t' &&
+	   echo_testing_string=`{ $ECHO "$echo_test_string"; } 2>/dev/null` &&
+	   test "X$echo_testing_string" = "X$echo_test_string"; then
+	  # Cool, printf works
+	  :
+        elif echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+	     test "X$echo_testing_string" = 'X\t' &&
+	     echo_testing_string=`($ORIGINAL_CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	     test "X$echo_testing_string" = "X$echo_test_string"; then
+	  CONFIG_SHELL=$ORIGINAL_CONFIG_SHELL
+	  export CONFIG_SHELL
+	  SHELL="$CONFIG_SHELL"
+	  export SHELL
+	  ECHO="$CONFIG_SHELL $0 --fallback-echo"
+        elif echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo '\t') 2>/dev/null` &&
+	     test "X$echo_testing_string" = 'X\t' &&
+	     echo_testing_string=`($CONFIG_SHELL "$0" --fallback-echo "$echo_test_string") 2>/dev/null` &&
+	     test "X$echo_testing_string" = "X$echo_test_string"; then
+	  ECHO="$CONFIG_SHELL $0 --fallback-echo"
+        else
+	  # maybe with a smaller string...
+	  prev=:
+
+	  for cmd in 'echo test' 'sed 2q "$0"' 'sed 10q "$0"' 'sed 20q "$0"' 'sed 50q "$0"'; do
+	    if { test "X$echo_test_string" = "X`eval $cmd`"; } 2>/dev/null
+	    then
+	      break
+	    fi
+	    prev="$cmd"
+	  done
+
+	  if test "$prev" != 'sed 50q "$0"'; then
+	    echo_test_string=`eval $prev`
+	    export echo_test_string
+	    exec ${ORIGINAL_CONFIG_SHELL-${CONFIG_SHELL-/bin/sh}} "$0" ${1+"$@"}
+	  else
+	    # Oops.  We lost completely, so just stick with echo.
+	    ECHO=echo
+	  fi
+        fi
+      fi
+    fi
+  fi
+fi
+
+# Copy echo and quote the copy suitably for passing to libtool from
+# the Makefile, instead of quoting the original, which is used later.
+lt_ECHO=$ECHO
+if test "X$lt_ECHO" = "X$CONFIG_SHELL $0 --fallback-echo"; then
+   lt_ECHO="$CONFIG_SHELL \\\$\$0 --fallback-echo"
+fi
+
+
+
+
+test -n "$DJDIR" || exec 7<&0 </dev/null
+exec 6>&1
+
+# Name of the host.
+# hostname on some systems (SVR3.2, Linux) returns a bogus exit status,
+# so uname gets run too.
+ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q`
+
+#
+# Initializations.
+#
+ac_default_prefix=/usr/local
+ac_clean_files=
+ac_config_libobj_dir=.
+LIBOBJS=
+cross_compiling=no
+subdirs=
+MFLAGS=
+MAKEFLAGS=
+
+# Identity of this package.
+PACKAGE_NAME='pki-tps'
+PACKAGE_TARNAME='pki-tps'
+PACKAGE_VERSION='8.0.0'
+PACKAGE_STRING='pki-tps 8.0.0'
+PACKAGE_BUGREPORT='http://bugzilla.redhat.com/'
+PACKAGE_URL=''
+
+# Factoring default headers for most tests.
+ac_includes_default="\
+#include <stdio.h>
+#ifdef HAVE_SYS_TYPES_H
+# include <sys/types.h>
+#endif
+#ifdef HAVE_SYS_STAT_H
+# include <sys/stat.h>
+#endif
+#ifdef STDC_HEADERS
+# include <stdlib.h>
+# include <stddef.h>
+#else
+# ifdef HAVE_STDLIB_H
+#  include <stdlib.h>
+# endif
+#endif
+#ifdef HAVE_STRING_H
+# if !defined STDC_HEADERS && defined HAVE_MEMORY_H
+#  include <memory.h>
+# endif
+# include <string.h>
+#endif
+#ifdef HAVE_STRINGS_H
+# include <strings.h>
+#endif
+#ifdef HAVE_INTTYPES_H
+# include <inttypes.h>
+#endif
+#ifdef HAVE_STDINT_H
+# include <stdint.h>
+#endif
+#ifdef HAVE_UNISTD_H
+# include <unistd.h>
+#endif"
+
+ac_header_list=
+ac_default_prefix=/opt
+ac_subst_vars='am__EXEEXT_FALSE
+am__EXEEXT_TRUE
+LTLIBOBJS
+apr_bindir
+apr_libdir
+apr_lib_version
+apr_lib
+apr_inc
+APRDIR
+svrcore_lib
+svrcore_inc
+sasl_libdir
+sasl_lib
+sasl_inc
+ldapsdk_bindir
+ldapsdk_libdir
+ldapsdk_lib
+ldapsdk_inc
+nss_libdir
+nss_lib
+nss_inc
+nspr_libdir
+nspr_lib
+nspr_inc
+PKG_CONFIG
+SOLARIS_FALSE
+SOLARIS_TRUE
+HPUX_FALSE
+HPUX_TRUE
+LINUX_FALSE
+LINUX_TRUE
+LIBCRUN
+LIBCSTD
+LIBDL
+LIBNSL
+LIBSOCKET
+initddir
+WINNT_FALSE
+WINNT_TRUE
+templatesdir
+setupdir
+scriptsdir
+samplesdir
+perl_templatesdir
+perl_servicedir
+perl_modulesdir
+perl_basedir
+logsdir
+licensedir
+docroot_tps_jsdir
+docroot_tps_imgdir
+docroot_tps_cssdir
+docroot_tps_configdir
+docroot_tokendbdir
+docroot_sow_jsdir
+docroot_sow_imagesdir
+docroot_sow_cssdir
+docroot_sowdir
+docroot_sodir
+docroot_homedir
+docroot_demodir
+docrootdir
+confdir
+cgibin_sowdir
+cgibin_sodir
+cgibin_homedir
+cgibin_demodir
+appletsdir
+apache_modulesdir
+aliasdir
+debug_defs
+LIBOBJS
+CXXCPP
+CPP
+OTOOL64
+OTOOL
+LIPO
+NMEDIT
+DSYMUTIL
+lt_ECHO
+RANLIB
+AR
+OBJDUMP
+LN_S
+NM
+ac_ct_DUMPBIN
+DUMPBIN
+LD
+FGREP
+EGREP
+GREP
+SED
+LIBTOOL
+am__fastdepCC_FALSE
+am__fastdepCC_TRUE
+CCDEPMODE
+ac_ct_CC
+CFLAGS
+CC
+am__fastdepCXX_FALSE
+am__fastdepCXX_TRUE
+CXXDEPMODE
+AMDEPBACKSLASH
+AMDEP_FALSE
+AMDEP_TRUE
+am__quote
+am__include
+DEPDIR
+OBJEXT
+EXEEXT
+ac_ct_CXX
+CPPFLAGS
+LDFLAGS
+CXXFLAGS
+CXX
+GENERIC_VERSION
+GENERIC_RELEASE
+GENERIC_LIBRARY_VERSION
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
+MAINT
+MAINTAINER_MODE_FALSE
+MAINTAINER_MODE_TRUE
+am__untar
+am__tar
+AMTAR
+am__leading_dot
+SET_MAKE
+AWK
+mkdir_p
+MKDIR_P
+INSTALL_STRIP_PROGRAM
+STRIP
+install_sh
+MAKEINFO
+AUTOHEADER
+AUTOMAKE
+AUTOCONF
+ACLOCAL
+VERSION
+PACKAGE
+CYGPATH_W
+am__isrc
+INSTALL_DATA
+INSTALL_SCRIPT
+INSTALL_PROGRAM
+target_alias
+host_alias
+build_alias
+LIBS
+ECHO_T
+ECHO_N
+ECHO_C
+DEFS
+mandir
+localedir
+libdir
+psdir
+pdfdir
+dvidir
+htmldir
+infodir
+docdir
+oldincludedir
+includedir
+localstatedir
+sharedstatedir
+sysconfdir
+datadir
+datarootdir
+libexecdir
+sbindir
+bindir
+program_transform_name
+prefix
+exec_prefix
+PACKAGE_URL
+PACKAGE_BUGREPORT
+PACKAGE_STRING
+PACKAGE_VERSION
+PACKAGE_TARNAME
+PACKAGE_NAME
+PATH_SEPARATOR
+SHELL'
+ac_subst_files=''
+ac_user_opts='
+enable_option_checking
+enable_maintainer_mode
+enable_dependency_tracking
+enable_static
+enable_shared
+with_pic
+enable_fast_install
+with_gnu_ld
+enable_libtool_lock
+enable_64bit
+enable_debug
+with_nspr
+with_nspr_inc
+with_nspr_lib
+with_nss
+with_nss_inc
+with_nss_lib
+with_openldap
+with_openldap_inc
+with_openldap_lib
+with_openldap_bin
+with_sasl
+with_sasl_inc
+with_sasl_lib
+with_svrcore
+with_svrcore_inc
+with_svrcore_lib
+with_apr
+with_apr_inc
+with_apr_lib
+with_apr_bin
+'
+      ac_precious_vars='build_alias
+host_alias
+target_alias
+CXX
+CXXFLAGS
+LDFLAGS
+LIBS
+CPPFLAGS
+CCC
+CC
+CFLAGS
+CPP
+CXXCPP'
+
+
+# Initialize some variables set by options.
+ac_init_help=
+ac_init_version=false
+ac_unrecognized_opts=
+ac_unrecognized_sep=
+# The variables have the same names as the options, with
+# dashes changed to underlines.
+cache_file=/dev/null
+exec_prefix=NONE
+no_create=
+no_recursion=
+prefix=NONE
+program_prefix=NONE
+program_suffix=NONE
+program_transform_name=s,x,x,
+silent=
+site=
+srcdir=
+verbose=
+x_includes=NONE
+x_libraries=NONE
+
+# Installation directory options.
+# These are left unexpanded so users can "make install exec_prefix=/foo"
+# and all the variables that are supposed to be based on exec_prefix
+# by default will actually change.
+# Use braces instead of parens because sh, perl, etc. also accept them.
+# (The list follows the same order as the GNU Coding Standards.)
+bindir='${exec_prefix}/bin'
+sbindir='${exec_prefix}/sbin'
+libexecdir='${exec_prefix}/libexec'
+datarootdir='${prefix}/share'
+datadir='${datarootdir}'
+sysconfdir='${prefix}/etc'
+sharedstatedir='${prefix}/com'
+localstatedir='${prefix}/var'
+includedir='${prefix}/include'
+oldincludedir='/usr/include'
+docdir='${datarootdir}/doc/${PACKAGE_TARNAME}'
+infodir='${datarootdir}/info'
+htmldir='${docdir}'
+dvidir='${docdir}'
+pdfdir='${docdir}'
+psdir='${docdir}'
+libdir='${exec_prefix}/lib'
+localedir='${datarootdir}/locale'
+mandir='${datarootdir}/man'
+
+ac_prev=
+ac_dashdash=
+for ac_option
+do
+  # If the previous option needs an argument, assign it.
+  if test -n "$ac_prev"; then
+    eval $ac_prev=\$ac_option
+    ac_prev=
+    continue
+  fi
+
+  case $ac_option in
+  *=*)	ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;;
+  *)	ac_optarg=yes ;;
+  esac
+
+  # Accept the important Cygnus configure options, so we can diagnose typos.
+
+  case $ac_dashdash$ac_option in
+  --)
+    ac_dashdash=yes ;;
+
+  -bindir | --bindir | --bindi | --bind | --bin | --bi)
+    ac_prev=bindir ;;
+  -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*)
+    bindir=$ac_optarg ;;
+
+  -build | --build | --buil | --bui | --bu)
+    ac_prev=build_alias ;;
+  -build=* | --build=* | --buil=* | --bui=* | --bu=*)
+    build_alias=$ac_optarg ;;
+
+  -cache-file | --cache-file | --cache-fil | --cache-fi \
+  | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c)
+    ac_prev=cache_file ;;
+  -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \
+  | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*)
+    cache_file=$ac_optarg ;;
+
+  --config-cache | -C)
+    cache_file=config.cache ;;
+
+  -datadir | --datadir | --datadi | --datad)
+    ac_prev=datadir ;;
+  -datadir=* | --datadir=* | --datadi=* | --datad=*)
+    datadir=$ac_optarg ;;
+
+  -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \
+  | --dataroo | --dataro | --datar)
+    ac_prev=datarootdir ;;
+  -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \
+  | --dataroot=* | --dataroo=* | --dataro=* | --datar=*)
+    datarootdir=$ac_optarg ;;
+
+  -disable-* | --disable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=no ;;
+
+  -docdir | --docdir | --docdi | --doc | --do)
+    ac_prev=docdir ;;
+  -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*)
+    docdir=$ac_optarg ;;
+
+  -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv)
+    ac_prev=dvidir ;;
+  -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*)
+    dvidir=$ac_optarg ;;
+
+  -enable-* | --enable-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid feature name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"enable_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval enable_$ac_useropt=\$ac_optarg ;;
+
+  -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \
+  | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \
+  | --exec | --exe | --ex)
+    ac_prev=exec_prefix ;;
+  -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \
+  | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \
+  | --exec=* | --exe=* | --ex=*)
+    exec_prefix=$ac_optarg ;;
+
+  -gas | --gas | --ga | --g)
+    # Obsolete; use --with-gas.
+    with_gas=yes ;;
+
+  -help | --help | --hel | --he | -h)
+    ac_init_help=long ;;
+  -help=r* | --help=r* | --hel=r* | --he=r* | -hr*)
+    ac_init_help=recursive ;;
+  -help=s* | --help=s* | --hel=s* | --he=s* | -hs*)
+    ac_init_help=short ;;
+
+  -host | --host | --hos | --ho)
+    ac_prev=host_alias ;;
+  -host=* | --host=* | --hos=* | --ho=*)
+    host_alias=$ac_optarg ;;
+
+  -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht)
+    ac_prev=htmldir ;;
+  -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \
+  | --ht=*)
+    htmldir=$ac_optarg ;;
+
+  -includedir | --includedir | --includedi | --included | --include \
+  | --includ | --inclu | --incl | --inc)
+    ac_prev=includedir ;;
+  -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \
+  | --includ=* | --inclu=* | --incl=* | --inc=*)
+    includedir=$ac_optarg ;;
+
+  -infodir | --infodir | --infodi | --infod | --info | --inf)
+    ac_prev=infodir ;;
+  -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*)
+    infodir=$ac_optarg ;;
+
+  -libdir | --libdir | --libdi | --libd)
+    ac_prev=libdir ;;
+  -libdir=* | --libdir=* | --libdi=* | --libd=*)
+    libdir=$ac_optarg ;;
+
+  -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \
+  | --libexe | --libex | --libe)
+    ac_prev=libexecdir ;;
+  -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \
+  | --libexe=* | --libex=* | --libe=*)
+    libexecdir=$ac_optarg ;;
+
+  -localedir | --localedir | --localedi | --localed | --locale)
+    ac_prev=localedir ;;
+  -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*)
+    localedir=$ac_optarg ;;
+
+  -localstatedir | --localstatedir | --localstatedi | --localstated \
+  | --localstate | --localstat | --localsta | --localst | --locals)
+    ac_prev=localstatedir ;;
+  -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \
+  | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*)
+    localstatedir=$ac_optarg ;;
+
+  -mandir | --mandir | --mandi | --mand | --man | --ma | --m)
+    ac_prev=mandir ;;
+  -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*)
+    mandir=$ac_optarg ;;
+
+  -nfp | --nfp | --nf)
+    # Obsolete; use --without-fp.
+    with_fp=no ;;
+
+  -no-create | --no-create | --no-creat | --no-crea | --no-cre \
+  | --no-cr | --no-c | -n)
+    no_create=yes ;;
+
+  -no-recursion | --no-recursion | --no-recursio | --no-recursi \
+  | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r)
+    no_recursion=yes ;;
+
+  -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \
+  | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \
+  | --oldin | --oldi | --old | --ol | --o)
+    ac_prev=oldincludedir ;;
+  -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \
+  | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \
+  | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*)
+    oldincludedir=$ac_optarg ;;
+
+  -prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
+    ac_prev=prefix ;;
+  -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
+    prefix=$ac_optarg ;;
+
+  -program-prefix | --program-prefix | --program-prefi | --program-pref \
+  | --program-pre | --program-pr | --program-p)
+    ac_prev=program_prefix ;;
+  -program-prefix=* | --program-prefix=* | --program-prefi=* \
+  | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*)
+    program_prefix=$ac_optarg ;;
+
+  -program-suffix | --program-suffix | --program-suffi | --program-suff \
+  | --program-suf | --program-su | --program-s)
+    ac_prev=program_suffix ;;
+  -program-suffix=* | --program-suffix=* | --program-suffi=* \
+  | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*)
+    program_suffix=$ac_optarg ;;
+
+  -program-transform-name | --program-transform-name \
+  | --program-transform-nam | --program-transform-na \
+  | --program-transform-n | --program-transform- \
+  | --program-transform | --program-transfor \
+  | --program-transfo | --program-transf \
+  | --program-trans | --program-tran \
+  | --progr-tra | --program-tr | --program-t)
+    ac_prev=program_transform_name ;;
+  -program-transform-name=* | --program-transform-name=* \
+  | --program-transform-nam=* | --program-transform-na=* \
+  | --program-transform-n=* | --program-transform-=* \
+  | --program-transform=* | --program-transfor=* \
+  | --program-transfo=* | --program-transf=* \
+  | --program-trans=* | --program-tran=* \
+  | --progr-tra=* | --program-tr=* | --program-t=*)
+    program_transform_name=$ac_optarg ;;
+
+  -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd)
+    ac_prev=pdfdir ;;
+  -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*)
+    pdfdir=$ac_optarg ;;
+
+  -psdir | --psdir | --psdi | --psd | --ps)
+    ac_prev=psdir ;;
+  -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*)
+    psdir=$ac_optarg ;;
+
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil)
+    silent=yes ;;
+
+  -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb)
+    ac_prev=sbindir ;;
+  -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \
+  | --sbi=* | --sb=*)
+    sbindir=$ac_optarg ;;
+
+  -sharedstatedir | --sharedstatedir | --sharedstatedi \
+  | --sharedstated | --sharedstate | --sharedstat | --sharedsta \
+  | --sharedst | --shareds | --shared | --share | --shar \
+  | --sha | --sh)
+    ac_prev=sharedstatedir ;;
+  -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \
+  | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \
+  | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \
+  | --sha=* | --sh=*)
+    sharedstatedir=$ac_optarg ;;
+
+  -site | --site | --sit)
+    ac_prev=site ;;
+  -site=* | --site=* | --sit=*)
+    site=$ac_optarg ;;
+
+  -srcdir | --srcdir | --srcdi | --srcd | --src | --sr)
+    ac_prev=srcdir ;;
+  -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*)
+    srcdir=$ac_optarg ;;
+
+  -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \
+  | --syscon | --sysco | --sysc | --sys | --sy)
+    ac_prev=sysconfdir ;;
+  -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \
+  | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*)
+    sysconfdir=$ac_optarg ;;
+
+  -target | --target | --targe | --targ | --tar | --ta | --t)
+    ac_prev=target_alias ;;
+  -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*)
+    target_alias=$ac_optarg ;;
+
+  -v | -verbose | --verbose | --verbos | --verbo | --verb)
+    verbose=yes ;;
+
+  -version | --version | --versio | --versi | --vers | -V)
+    ac_init_version=: ;;
+
+  -with-* | --with-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=\$ac_optarg ;;
+
+  -without-* | --without-*)
+    ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'`
+    # Reject names that are not valid shell variable names.
+    expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null &&
+      as_fn_error "invalid package name: $ac_useropt"
+    ac_useropt_orig=$ac_useropt
+    ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'`
+    case $ac_user_opts in
+      *"
+"with_$ac_useropt"
+"*) ;;
+      *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig"
+	 ac_unrecognized_sep=', ';;
+    esac
+    eval with_$ac_useropt=no ;;
+
+  --x)
+    # Obsolete; use --with-x.
+    with_x=yes ;;
+
+  -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \
+  | --x-incl | --x-inc | --x-in | --x-i)
+    ac_prev=x_includes ;;
+  -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \
+  | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*)
+    x_includes=$ac_optarg ;;
+
+  -x-libraries | --x-libraries | --x-librarie | --x-librari \
+  | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l)
+    ac_prev=x_libraries ;;
+  -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \
+  | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*)
+    x_libraries=$ac_optarg ;;
+
+  -*) as_fn_error "unrecognized option: \`$ac_option'
+Try \`$0 --help' for more information."
+    ;;
+
+  *=*)
+    ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='`
+    # Reject names that are not valid shell variable names.
+    case $ac_envvar in #(
+      '' | [0-9]* | *[!_$as_cr_alnum]* )
+      as_fn_error "invalid variable name: \`$ac_envvar'" ;;
+    esac
+    eval $ac_envvar=\$ac_optarg
+    export $ac_envvar ;;
+
+  *)
+    # FIXME: should be removed in autoconf 3.0.
+    $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2
+    expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null &&
+      $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2
+    : ${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}
+    ;;
+
+  esac
+done
+
+if test -n "$ac_prev"; then
+  ac_option=--`echo $ac_prev | sed 's/_/-/g'`
+  as_fn_error "missing argument to $ac_option"
+fi
+
+if test -n "$ac_unrecognized_opts"; then
+  case $enable_option_checking in
+    no) ;;
+    fatal) as_fn_error "unrecognized options: $ac_unrecognized_opts" ;;
+    *)     $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;;
+  esac
+fi
+
+# Check all directory arguments for consistency.
+for ac_var in	exec_prefix prefix bindir sbindir libexecdir datarootdir \
+		datadir sysconfdir sharedstatedir localstatedir includedir \
+		oldincludedir docdir infodir htmldir dvidir pdfdir psdir \
+		libdir localedir mandir
+do
+  eval ac_val=\$$ac_var
+  # Remove trailing slashes.
+  case $ac_val in
+    */ )
+      ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'`
+      eval $ac_var=\$ac_val;;
+  esac
+  # Be sure to have absolute directory names.
+  case $ac_val in
+    [\\/$]* | ?:[\\/]* )  continue;;
+    NONE | '' ) case $ac_var in *prefix ) continue;; esac;;
+  esac
+  as_fn_error "expected an absolute directory name for --$ac_var: $ac_val"
+done
+
+# There might be people who depend on the old broken behavior: `$host'
+# used to hold the argument of --host etc.
+# FIXME: To remove some day.
+build=$build_alias
+host=$host_alias
+target=$target_alias
+
+# FIXME: To remove some day.
+if test "x$host_alias" != x; then
+  if test "x$build_alias" = x; then
+    cross_compiling=maybe
+    $as_echo "$as_me: WARNING: If you wanted to set the --build type, don't use --host.
+    If a cross compiler is detected then cross compile mode will be used." >&2
+  elif test "x$build_alias" != "x$host_alias"; then
+    cross_compiling=yes
+  fi
+fi
+
+ac_tool_prefix=
+test -n "$host_alias" && ac_tool_prefix=$host_alias-
+
+test "$silent" = yes && exec 6>/dev/null
+
+
+ac_pwd=`pwd` && test -n "$ac_pwd" &&
+ac_ls_di=`ls -di .` &&
+ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` ||
+  as_fn_error "working directory cannot be determined"
+test "X$ac_ls_di" = "X$ac_pwd_ls_di" ||
+  as_fn_error "pwd does not report name of working directory"
+
+
+# Find the source files, if location was not specified.
+if test -z "$srcdir"; then
+  ac_srcdir_defaulted=yes
+  # Try the directory containing this script, then the parent directory.
+  ac_confdir=`$as_dirname -- "$as_myself" ||
+$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_myself" : 'X\(//\)[^/]' \| \
+	 X"$as_myself" : 'X\(//\)$' \| \
+	 X"$as_myself" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_myself" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  srcdir=$ac_confdir
+  if test ! -r "$srcdir/$ac_unique_file"; then
+    srcdir=..
+  fi
+else
+  ac_srcdir_defaulted=no
+fi
+if test ! -r "$srcdir/$ac_unique_file"; then
+  test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .."
+  as_fn_error "cannot find sources ($ac_unique_file) in $srcdir"
+fi
+ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work"
+ac_abs_confdir=`(
+	cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error "$ac_msg"
+	pwd)`
+# When building in place, set srcdir=.
+if test "$ac_abs_confdir" = "$ac_pwd"; then
+  srcdir=.
+fi
+# Remove unnecessary trailing slashes from srcdir.
+# Double slashes in file names in object file debugging info
+# mess up M-x gdb in Emacs.
+case $srcdir in
+*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;;
+esac
+for ac_var in $ac_precious_vars; do
+  eval ac_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_env_${ac_var}_value=\$${ac_var}
+  eval ac_cv_env_${ac_var}_set=\${${ac_var}+set}
+  eval ac_cv_env_${ac_var}_value=\$${ac_var}
+done
+
+#
+# Report the --help message.
+#
+if test "$ac_init_help" = "long"; then
+  # Omit some internal or obsolete options to make the list less imposing.
+  # This message is too long to be a string in the A/UX 3.1 sh.
+  cat <<_ACEOF
+\`configure' configures pki-tps 8.0.0 to adapt to many kinds of systems.
+
+Usage: $0 [OPTION]... [VAR=VALUE]...
+
+To assign environment variables (e.g., CC, CFLAGS...), specify them as
+VAR=VALUE.  See below for descriptions of some of the useful variables.
+
+Defaults for the options are specified in brackets.
+
+Configuration:
+  -h, --help              display this help and exit
+      --help=short        display options specific to this package
+      --help=recursive    display the short help of all the included packages
+  -V, --version           display version information and exit
+  -q, --quiet, --silent   do not print \`checking...' messages
+      --cache-file=FILE   cache test results in FILE [disabled]
+  -C, --config-cache      alias for \`--cache-file=config.cache'
+  -n, --no-create         do not create output files
+      --srcdir=DIR        find the sources in DIR [configure dir or \`..']
+
+Installation directories:
+  --prefix=PREFIX         install architecture-independent files in PREFIX
+                          [$ac_default_prefix]
+  --exec-prefix=EPREFIX   install architecture-dependent files in EPREFIX
+                          [PREFIX]
+
+By default, \`make install' will install all the files in
+\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc.  You can specify
+an installation prefix other than \`$ac_default_prefix' using \`--prefix',
+for instance \`--prefix=\$HOME'.
+
+For better control, use the options below.
+
+Fine tuning of the installation directories:
+  --bindir=DIR            user executables [EPREFIX/bin]
+  --sbindir=DIR           system admin executables [EPREFIX/sbin]
+  --libexecdir=DIR        program executables [EPREFIX/libexec]
+  --sysconfdir=DIR        read-only single-machine data [PREFIX/etc]
+  --sharedstatedir=DIR    modifiable architecture-independent data [PREFIX/com]
+  --localstatedir=DIR     modifiable single-machine data [PREFIX/var]
+  --libdir=DIR            object code libraries [EPREFIX/lib]
+  --includedir=DIR        C header files [PREFIX/include]
+  --oldincludedir=DIR     C header files for non-gcc [/usr/include]
+  --datarootdir=DIR       read-only arch.-independent data root [PREFIX/share]
+  --datadir=DIR           read-only architecture-independent data [DATAROOTDIR]
+  --infodir=DIR           info documentation [DATAROOTDIR/info]
+  --localedir=DIR         locale-dependent data [DATAROOTDIR/locale]
+  --mandir=DIR            man documentation [DATAROOTDIR/man]
+  --docdir=DIR            documentation root [DATAROOTDIR/doc/pki-tps]
+  --htmldir=DIR           html documentation [DOCDIR]
+  --dvidir=DIR            dvi documentation [DOCDIR]
+  --pdfdir=DIR            pdf documentation [DOCDIR]
+  --psdir=DIR             ps documentation [DOCDIR]
+_ACEOF
+
+  cat <<\_ACEOF
+
+Program names:
+  --program-prefix=PREFIX            prepend PREFIX to installed program names
+  --program-suffix=SUFFIX            append SUFFIX to installed program names
+  --program-transform-name=PROGRAM   run sed PROGRAM on installed program names
+
+System types:
+  --build=BUILD     configure for building on BUILD [guessed]
+  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
+_ACEOF
+fi
+
+if test -n "$ac_init_help"; then
+  case $ac_init_help in
+     short | recursive ) echo "Configuration of pki-tps 8.0.0:";;
+   esac
+  cat <<\_ACEOF
+
+Optional Features:
+  --disable-option-checking  ignore unrecognized --enable/--with options
+  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
+  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
+  --enable-maintainer-mode  enable make rules and dependencies not useful
+			  (and sometimes confusing) to the casual installer
+  --disable-dependency-tracking  speeds up one-time build
+  --enable-dependency-tracking   do not reject slow dependency extractors
+  --enable-static[=PKGS]  build static libraries [default=no]
+  --enable-shared[=PKGS]  build shared libraries [default=yes]
+  --enable-fast-install[=PKGS]
+                          optimize for fast installation [default=yes]
+  --disable-libtool-lock  avoid locking (might break parallel builds)
+  --enable-64bit         Enable 64-bit features
+  --enable-debug         Enable debug features
+
+Optional Packages:
+  --with-PACKAGE[=ARG]    use PACKAGE [ARG=yes]
+  --without-PACKAGE       do not use PACKAGE (same as --with-PACKAGE=no)
+  --with-pic              try to use only PIC/non-PIC objects [default=use
+                          both]
+  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]
+  --with-nspr=PATH        Netscape Portable Runtime (NSPR) directory
+  --with-nspr-inc=PATH        Netscape Portable Runtime (NSPR) include file directory
+  --with-nspr-lib=PATH        Netscape Portable Runtime (NSPR) library directory
+  --with-nss=PATH         Network Security Services (NSS) directory
+  --with-nss-inc=PATH         Network Security Services (NSS) include directory
+  --with-nss-lib=PATH         Network Security Services (NSS) library directory
+  --with-openldap[=PATH]  Use OpenLDAP - optional PATH is path to OpenLDAP SDK
+  --with-openldap-inc=PATH
+                          OpenLDAP SDK include directory
+  --with-openldap-lib=PATH
+                          OpenLDAP SDK library directory
+  --with-openldap-bin=PATH
+                          OpenLDAP SDK binary directory
+  --with-sasl=PATH   Use sasl from supplied path
+  --with-sasl-inc=PATH   SASL include file directory
+  --with-sasl-lib=PATH   SASL library directory
+  --with-svrcore[=PATH]   Use system installed svrcore - optional path for svrcore
+  --with-svrcore-inc=PATH   SVRCORE include file directory
+  --with-svrcore-lib=PATH   SVRCORE library directory
+  --with-apr=PATH        Apr directory
+  --with-apr-inc=PATH        Apr include file directory
+  --with-apr-lib=PATH        Apr library directory
+  --with-apr-bin=PATH        Apr executables directory
+
+Some influential environment variables:
+  CXX         C++ compiler command
+  CXXFLAGS    C++ compiler flags
+  LDFLAGS     linker flags, e.g. -L<lib dir> if you have libraries in a
+              nonstandard directory <lib dir>
+  LIBS        libraries to pass to the linker, e.g. -l<library>
+  CPPFLAGS    (Objective) C/C++ preprocessor flags, e.g. -I<include dir> if
+              you have headers in a nonstandard directory <include dir>
+  CC          C compiler command
+  CFLAGS      C compiler flags
+  CPP         C preprocessor
+  CXXCPP      C++ preprocessor
+
+Use these variables to override the choices made by `configure' or to help
+it to find libraries and programs with nonstandard names/locations.
+
+Report bugs to <http://bugzilla.redhat.com/>.
+_ACEOF
+ac_status=$?
+fi
+
+if test "$ac_init_help" = "recursive"; then
+  # If there are subdirs, report their specific --help.
+  for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue
+    test -d "$ac_dir" ||
+      { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } ||
+      continue
+    ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+    cd "$ac_dir" || { ac_status=$?; continue; }
+    # Check for guested configure.
+    if test -f "$ac_srcdir/configure.gnu"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure.gnu" --help=recursive
+    elif test -f "$ac_srcdir/configure"; then
+      echo &&
+      $SHELL "$ac_srcdir/configure" --help=recursive
+    else
+      $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2
+    fi || ac_status=$?
+    cd "$ac_pwd" || { ac_status=$?; break; }
+  done
+fi
+
+test -n "$ac_init_help" && exit $ac_status
+if $ac_init_version; then
+  cat <<\_ACEOF
+pki-tps configure 8.0.0
+generated by GNU Autoconf 2.65
+
+Copyright (C) 2009 Free Software Foundation, Inc.
+This configure script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it.
+_ACEOF
+  exit
+fi
+
+## ------------------------ ##
+## Autoconf initialization. ##
+## ------------------------ ##
+
+# ac_fn_cxx_try_compile LINENO
+# ----------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_compile
+
+# ac_fn_c_try_compile LINENO
+# --------------------------
+# Try to compile conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext
+  if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest.$ac_objext; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_compile
+
+# ac_fn_c_try_link LINENO
+# -----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_link
+
+# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists and can be compiled using the include files in
+# INCLUDES, setting the cache variable VAR accordingly.
+ac_fn_c_check_header_compile ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_compile
+
+# ac_fn_c_try_cpp LINENO
+# ----------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_c_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } >/dev/null && {
+	 test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" ||
+	 test ! -s conftest.err
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_cpp
+
+# ac_fn_c_try_run LINENO
+# ----------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes
+# that executables *can* be run.
+ac_fn_c_try_run ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && { ac_try='./conftest$ac_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: program exited with status $ac_status" >&5
+       $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+       ac_retval=$ac_status
+fi
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_c_try_run
+
+# ac_fn_c_check_func LINENO FUNC VAR
+# ----------------------------------
+# Tests whether FUNC exists, setting the cache variable VAR accordingly
+ac_fn_c_check_func ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Define $2 to an innocuous variant, in case <limits.h> declares $2.
+   For example, HP-UX 11i <limits.h> declares gettimeofday.  */
+#define $2 innocuous_$2
+
+/* System header to define __stub macros and hopefully few prototypes,
+    which can conflict with char $2 (); below.
+    Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+    <limits.h> exists even on freestanding compilers.  */
+
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+
+#undef $2
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char $2 ();
+/* The GNU C library defines this for functions which it implements
+    to always fail with ENOSYS.  Some functions are actually named
+    something starting with __ and the normal name is an alias.  */
+#if defined __stub_$2 || defined __stub___$2
+choke me
+#endif
+
+int
+main ()
+{
+return $2 ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_func
+
+# ac_fn_cxx_try_cpp LINENO
+# ------------------------
+# Try to preprocess conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_cpp ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { { ac_try="$ac_cpp conftest.$ac_ext"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } >/dev/null && {
+	 test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+    ac_retval=1
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_cpp
+
+# ac_fn_cxx_try_link LINENO
+# -------------------------
+# Try to link conftest.$ac_ext, and return whether this succeeded.
+ac_fn_cxx_try_link ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  rm -f conftest.$ac_objext conftest$ac_exeext
+  if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    grep -v '^ *+' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+    mv -f conftest.er1 conftest.err
+  fi
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && {
+	 test -z "$ac_cxx_werror_flag" ||
+	 test ! -s conftest.err
+       } && test -s conftest$ac_exeext && {
+	 test "$cross_compiling" = yes ||
+	 $as_test_x conftest$ac_exeext
+       }; then :
+  ac_retval=0
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+	ac_retval=1
+fi
+  # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information
+  # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would
+  # interfere with the next link command; also delete a directory that is
+  # left behind by Apple's compiler.  We do this before executing the actions.
+  rm -rf conftest.dSYM conftest_ipa8_conftest.oo
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+  as_fn_set_status $ac_retval
+
+} # ac_fn_cxx_try_link
+
+# ac_fn_c_check_header_mongrel LINENO HEADER VAR INCLUDES
+# -------------------------------------------------------
+# Tests whether HEADER exists, giving a warning if it cannot be compiled using
+# the include files in INCLUDES and setting the cache variable VAR
+# accordingly.
+ac_fn_c_check_header_mongrel ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+else
+  # Is the header compilable?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5
+$as_echo_n "checking $2 usability... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+#include <$2>
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_header_compiler=yes
+else
+  ac_header_compiler=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5
+$as_echo "$ac_header_compiler" >&6; }
+
+# Is the header present?
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5
+$as_echo_n "checking $2 presence... " >&6; }
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <$2>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  ac_header_preproc=yes
+else
+  ac_header_preproc=no
+fi
+rm -f conftest.err conftest.$ac_ext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5
+$as_echo "$ac_header_preproc" >&6; }
+
+# So?  What about this header?
+case $ac_header_compiler:$ac_header_preproc:$ac_c_preproc_warn_flag in #((
+  yes:no: )
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5
+$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+    ;;
+  no:yes:* )
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5
+$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2:     check for missing prerequisite headers?" >&5
+$as_echo "$as_me: WARNING: $2:     check for missing prerequisite headers?" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5
+$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&5
+$as_echo "$as_me: WARNING: $2:     section \"Present But Cannot Be Compiled\"" >&2;}
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
+$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
+( cat <<\_ASBOX
+## ------------------------------------------ ##
+## Report this to http://bugzilla.redhat.com/ ##
+## ------------------------------------------ ##
+_ASBOX
+     ) | sed "s/^/$as_me: WARNING:     /" >&2
+    ;;
+esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval "$3=\$ac_header_compiler"
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+fi
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_header_mongrel
+
+# ac_fn_c_check_type LINENO TYPE VAR INCLUDES
+# -------------------------------------------
+# Tests whether TYPE exists after having included INCLUDES, setting cache
+# variable VAR accordingly.
+ac_fn_c_check_type ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5
+$as_echo_n "checking for $2... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  eval "$3=no"
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+if (sizeof ($2))
+	 return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+if (sizeof (($2)))
+	    return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  eval "$3=yes"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_type
+
+# ac_fn_c_check_decl LINENO SYMBOL VAR
+# ------------------------------------
+# Tests whether SYMBOL is declared, setting cache variable VAR accordingly.
+ac_fn_c_check_decl ()
+{
+  as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $2 is declared" >&5
+$as_echo_n "checking whether $2 is declared... " >&6; }
+if { as_var=$3; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$4
+int
+main ()
+{
+#ifndef $2
+  (void) $2;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$3=yes"
+else
+  eval "$3=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$3
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+  eval $as_lineno_stack; test "x$as_lineno_stack" = x && { as_lineno=; unset as_lineno;}
+
+} # ac_fn_c_check_decl
+cat >config.log <<_ACEOF
+This file contains any messages produced by compilers while
+running configure, to aid debugging if configure makes a mistake.
+
+It was created by pki-tps $as_me 8.0.0, which was
+generated by GNU Autoconf 2.65.  Invocation command line was
+
+  $ $0 $@
+
+_ACEOF
+exec 5>>config.log
+{
+cat <<_ASUNAME
+## --------- ##
+## Platform. ##
+## --------- ##
+
+hostname = `(hostname || uname -n) 2>/dev/null | sed 1q`
+uname -m = `(uname -m) 2>/dev/null || echo unknown`
+uname -r = `(uname -r) 2>/dev/null || echo unknown`
+uname -s = `(uname -s) 2>/dev/null || echo unknown`
+uname -v = `(uname -v) 2>/dev/null || echo unknown`
+
+/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown`
+/bin/uname -X     = `(/bin/uname -X) 2>/dev/null     || echo unknown`
+
+/bin/arch              = `(/bin/arch) 2>/dev/null              || echo unknown`
+/usr/bin/arch -k       = `(/usr/bin/arch -k) 2>/dev/null       || echo unknown`
+/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown`
+/usr/bin/hostinfo      = `(/usr/bin/hostinfo) 2>/dev/null      || echo unknown`
+/bin/machine           = `(/bin/machine) 2>/dev/null           || echo unknown`
+/usr/bin/oslevel       = `(/usr/bin/oslevel) 2>/dev/null       || echo unknown`
+/bin/universe          = `(/bin/universe) 2>/dev/null          || echo unknown`
+
+_ASUNAME
+
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    $as_echo "PATH: $as_dir"
+  done
+IFS=$as_save_IFS
+
+} >&5
+
+cat >&5 <<_ACEOF
+
+
+## ----------- ##
+## Core tests. ##
+## ----------- ##
+
+_ACEOF
+
+
+# Keep a trace of the command line.
+# Strip out --no-create and --no-recursion so they do not pile up.
+# Strip out --silent because we don't want to record it for future runs.
+# Also quote any args containing shell meta-characters.
+# Make two passes to allow for proper duplicate-argument suppression.
+ac_configure_args=
+ac_configure_args0=
+ac_configure_args1=
+ac_must_keep_next=false
+for ac_pass in 1 2
+do
+  for ac_arg
+  do
+    case $ac_arg in
+    -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;;
+    -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+    | -silent | --silent | --silen | --sile | --sil)
+      continue ;;
+    *\'*)
+      ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    case $ac_pass in
+    1) as_fn_append ac_configure_args0 " '$ac_arg'" ;;
+    2)
+      as_fn_append ac_configure_args1 " '$ac_arg'"
+      if test $ac_must_keep_next = true; then
+	ac_must_keep_next=false # Got value, back to normal.
+      else
+	case $ac_arg in
+	  *=* | --config-cache | -C | -disable-* | --disable-* \
+	  | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \
+	  | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \
+	  | -with-* | --with-* | -without-* | --without-* | --x)
+	    case "$ac_configure_args0 " in
+	      "$ac_configure_args1"*" '$ac_arg' "* ) continue ;;
+	    esac
+	    ;;
+	  -* ) ac_must_keep_next=true ;;
+	esac
+      fi
+      as_fn_append ac_configure_args " '$ac_arg'"
+      ;;
+    esac
+  done
+done
+{ ac_configure_args0=; unset ac_configure_args0;}
+{ ac_configure_args1=; unset ac_configure_args1;}
+
+# When interrupted or exit'd, cleanup temporary files, and complete
+# config.log.  We remove comments because anyway the quotes in there
+# would cause problems or look ugly.
+# WARNING: Use '\'' to represent an apostrophe within the trap.
+# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug.
+trap 'exit_status=$?
+  # Save into config.log some information that might help in debugging.
+  {
+    echo
+
+    cat <<\_ASBOX
+## ---------------- ##
+## Cache variables. ##
+## ---------------- ##
+_ASBOX
+    echo
+    # The following way of writing the cache mishandles newlines in values,
+(
+  for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+  (set) 2>&1 |
+    case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      sed -n \
+	"s/'\''/'\''\\\\'\'''\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p"
+      ;; #(
+    *)
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+)
+    echo
+
+    cat <<\_ASBOX
+## ----------------- ##
+## Output variables. ##
+## ----------------- ##
+_ASBOX
+    echo
+    for ac_var in $ac_subst_vars
+    do
+      eval ac_val=\$$ac_var
+      case $ac_val in
+      *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+      esac
+      $as_echo "$ac_var='\''$ac_val'\''"
+    done | sort
+    echo
+
+    if test -n "$ac_subst_files"; then
+      cat <<\_ASBOX
+## ------------------- ##
+## File substitutions. ##
+## ------------------- ##
+_ASBOX
+      echo
+      for ac_var in $ac_subst_files
+      do
+	eval ac_val=\$$ac_var
+	case $ac_val in
+	*\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;;
+	esac
+	$as_echo "$ac_var='\''$ac_val'\''"
+      done | sort
+      echo
+    fi
+
+    if test -s confdefs.h; then
+      cat <<\_ASBOX
+## ----------- ##
+## confdefs.h. ##
+## ----------- ##
+_ASBOX
+      echo
+      cat confdefs.h
+      echo
+    fi
+    test "$ac_signal" != 0 &&
+      $as_echo "$as_me: caught signal $ac_signal"
+    $as_echo "$as_me: exit $exit_status"
+  } >&5
+  rm -f core *.core core.conftest.* &&
+    rm -f -r conftest* confdefs* conf$$* $ac_clean_files &&
+    exit $exit_status
+' 0
+for ac_signal in 1 2 13 15; do
+  trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal
+done
+ac_signal=0
+
+# confdefs.h avoids OS command line length limits that DEFS can exceed.
+rm -f -r conftest* confdefs.h
+
+$as_echo "/* confdefs.h */" > confdefs.h
+
+# Predefined preprocessor variables.
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_NAME "$PACKAGE_NAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_TARNAME "$PACKAGE_TARNAME"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_VERSION "$PACKAGE_VERSION"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_STRING "$PACKAGE_STRING"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT"
+_ACEOF
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE_URL "$PACKAGE_URL"
+_ACEOF
+
+
+# Let the site file select an alternate cache file if it wants to.
+# Prefer an explicitly selected file to automatically selected ones.
+ac_site_file1=NONE
+ac_site_file2=NONE
+if test -n "$CONFIG_SITE"; then
+  ac_site_file1=$CONFIG_SITE
+elif test "x$prefix" != xNONE; then
+  ac_site_file1=$prefix/share/config.site
+  ac_site_file2=$prefix/etc/config.site
+else
+  ac_site_file1=$ac_default_prefix/share/config.site
+  ac_site_file2=$ac_default_prefix/etc/config.site
+fi
+for ac_site_file in "$ac_site_file1" "$ac_site_file2"
+do
+  test "x$ac_site_file" = xNONE && continue
+  if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5
+$as_echo "$as_me: loading site script $ac_site_file" >&6;}
+    sed 's/^/| /' "$ac_site_file" >&5
+    . "$ac_site_file"
+  fi
+done
+
+if test -r "$cache_file"; then
+  # Some versions of bash will fail to source /dev/null (special files
+  # actually), so we avoid doing that.  DJGPP emulates it as a regular file.
+  if test /dev/null != "$cache_file" && test -f "$cache_file"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5
+$as_echo "$as_me: loading cache $cache_file" >&6;}
+    case $cache_file in
+      [\\/]* | ?:[\\/]* ) . "$cache_file";;
+      *)                      . "./$cache_file";;
+    esac
+  fi
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5
+$as_echo "$as_me: creating cache $cache_file" >&6;}
+  >$cache_file
+fi
+
+as_fn_append ac_header_list " stdlib.h"
+as_fn_append ac_header_list " unistd.h"
+as_fn_append ac_header_list " sys/param.h"
+# Check that the precious variables saved in the cache have kept the same
+# value.
+ac_cache_corrupted=false
+for ac_var in $ac_precious_vars; do
+  eval ac_old_set=\$ac_cv_env_${ac_var}_set
+  eval ac_new_set=\$ac_env_${ac_var}_set
+  eval ac_old_val=\$ac_cv_env_${ac_var}_value
+  eval ac_new_val=\$ac_env_${ac_var}_value
+  case $ac_old_set,$ac_new_set in
+    set,)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,set)
+      { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5
+$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;}
+      ac_cache_corrupted=: ;;
+    ,);;
+    *)
+      if test "x$ac_old_val" != "x$ac_new_val"; then
+	# differences in whitespace do not lead to failure.
+	ac_old_val_w=`echo x $ac_old_val`
+	ac_new_val_w=`echo x $ac_new_val`
+	if test "$ac_old_val_w" != "$ac_new_val_w"; then
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5
+$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;}
+	  ac_cache_corrupted=:
+	else
+	  { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5
+$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;}
+	  eval $ac_var=\$ac_old_val
+	fi
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   former value:  \`$ac_old_val'" >&5
+$as_echo "$as_me:   former value:  \`$ac_old_val'" >&2;}
+	{ $as_echo "$as_me:${as_lineno-$LINENO}:   current value: \`$ac_new_val'" >&5
+$as_echo "$as_me:   current value: \`$ac_new_val'" >&2;}
+      fi;;
+  esac
+  # Pass precious variables to config.status.
+  if test "$ac_new_set" = set; then
+    case $ac_new_val in
+    *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;;
+    *) ac_arg=$ac_var=$ac_new_val ;;
+    esac
+    case " $ac_configure_args " in
+      *" '$ac_arg' "*) ;; # Avoid dups.  Use of quotes ensures accuracy.
+      *) as_fn_append ac_configure_args " '$ac_arg'" ;;
+    esac
+  fi
+done
+if $ac_cache_corrupted; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+  { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5
+$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;}
+  as_fn_error "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5
+fi
+## -------------------- ##
+## Main body of script. ##
+## -------------------- ##
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# AC_CONFIG_HEADER must be called right after AC_INIT.
+ac_config_headers="$ac_config_headers config.h"
+
+am__api_version='1.11'
+
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+  for ac_t in install-sh install.sh shtool; do
+    if test -f "$ac_dir/$ac_t"; then
+      ac_aux_dir=$ac_dir
+      ac_install_sh="$ac_aux_dir/$ac_t -c"
+      break 2
+    fi
+  done
+done
+if test -z "$ac_aux_dir"; then
+  as_fn_error "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess"  # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub"  # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure"  # Please don't use this var.
+
+
+# Find a good install program.  We prefer a C program (faster),
+# so one script is as good as another.  But avoid the broken or
+# incompatible versions:
+# SysV /etc/install, /usr/sbin/install
+# SunOS /usr/etc/install
+# IRIX /sbin/install
+# AIX /bin/install
+# AmigaOS /C/install, which installs bootblocks on floppy discs
+# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag
+# AFS /usr/afsws/bin/install, which mishandles nonexistent args
+# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
+# OS/2's system install, which has a completely different semantic
+# ./install, which can be erroneously created by make from ./install.sh.
+# Reject install programs that cannot install multiple files.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5
+$as_echo_n "checking for a BSD-compatible install... " >&6; }
+if test -z "$INSTALL"; then
+if test "${ac_cv_path_install+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    # Account for people who put trailing slashes in PATH elements.
+case $as_dir/ in #((
+  ./ | .// | /[cC]/* | \
+  /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \
+  ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \
+  /usr/ucb/* ) ;;
+  *)
+    # OSF1 and SCO ODT 3.0 have their own names for install.
+    # Don't use installbsd from OSF since it installs stuff as root
+    # by default.
+    for ac_prog in ginstall scoinst install; do
+      for ac_exec_ext in '' $ac_executable_extensions; do
+	if { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; }; then
+	  if test $ac_prog = install &&
+	    grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # AIX install.  It has an incompatible calling convention.
+	    :
+	  elif test $ac_prog = install &&
+	    grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then
+	    # program-specific install script used by HP pwplus--don't use.
+	    :
+	  else
+	    rm -rf conftest.one conftest.two conftest.dir
+	    echo one > conftest.one
+	    echo two > conftest.two
+	    mkdir conftest.dir
+	    if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" &&
+	      test -s conftest.one && test -s conftest.two &&
+	      test -s conftest.dir/conftest.one &&
+	      test -s conftest.dir/conftest.two
+	    then
+	      ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c"
+	      break 3
+	    fi
+	  fi
+	fi
+      done
+    done
+    ;;
+esac
+
+  done
+IFS=$as_save_IFS
+
+rm -rf conftest.one conftest.two conftest.dir
+
+fi
+  if test "${ac_cv_path_install+set}" = set; then
+    INSTALL=$ac_cv_path_install
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for INSTALL within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    INSTALL=$ac_install_sh
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5
+$as_echo "$INSTALL" >&6; }
+
+# Use test -z because SunOS4 sh mishandles braces in ${var-val}.
+# It thinks the first close brace ends the variable substitution.
+test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}'
+
+test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}'
+
+test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5
+$as_echo_n "checking whether build environment is sane... " >&6; }
+# Just in case
+sleep 1
+echo timestamp > conftest.file
+# Reject unsafe characters in $srcdir or the absolute working directory
+# name.  Accept space and tab only in the latter.
+am_lf='
+'
+case `pwd` in
+  *[\\\"\#\$\&\'\`$am_lf]*)
+    as_fn_error "unsafe absolute working directory name" "$LINENO" 5;;
+esac
+case $srcdir in
+  *[\\\"\#\$\&\'\`$am_lf\ \	]*)
+    as_fn_error "unsafe srcdir value: \`$srcdir'" "$LINENO" 5;;
+esac
+
+# Do `set' in a subshell so we don't clobber the current shell's
+# arguments.  Must try -L first in case configure is actually a
+# symlink; some systems play weird games with the mod time of symlinks
+# (eg FreeBSD returns the mod time of the symlink's containing
+# directory).
+if (
+   set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null`
+   if test "$*" = "X"; then
+      # -L didn't work.
+      set X `ls -t "$srcdir/configure" conftest.file`
+   fi
+   rm -f conftest.file
+   if test "$*" != "X $srcdir/configure conftest.file" \
+      && test "$*" != "X conftest.file $srcdir/configure"; then
+
+      # If neither matched, then we have a broken ls.  This can happen
+      # if, for instance, CONFIG_SHELL is bash and it inherits a
+      # broken ls alias from the environment.  This has actually
+      # happened.  Such a system could not be considered "sane".
+      as_fn_error "ls -t appears to fail.  Make sure there is not a broken
+alias in your environment" "$LINENO" 5
+   fi
+
+   test "$2" = conftest.file
+   )
+then
+   # Ok.
+   :
+else
+   as_fn_error "newly created file is older than distributed files!
+Check your system clock" "$LINENO" 5
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+test "$program_prefix" != NONE &&
+  program_transform_name="s&^&$program_prefix&;$program_transform_name"
+# Use a double $ so make ignores it.
+test "$program_suffix" != NONE &&
+  program_transform_name="s&\$&$program_suffix&;$program_transform_name"
+# Double any \ or $.
+# By default was `s,x,x', remove it if useless.
+ac_script='s/[\\$]/&&/g;s/;s,x,x,$//'
+program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"`
+
+# expand $ac_aux_dir to an absolute path
+am_aux_dir=`cd $ac_aux_dir && pwd`
+
+if test x"${MISSING+set}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;;
+  *)
+    MISSING="\${SHELL} $am_aux_dir/missing" ;;
+  esac
+fi
+# Use eval to expand $SHELL
+if eval "$MISSING --run true"; then
+  am_missing_run="$MISSING --run "
+else
+  am_missing_run=
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`missing' script is too old or missing" >&5
+$as_echo "$as_me: WARNING: \`missing' script is too old or missing" >&2;}
+fi
+
+if test x"${install_sh}" != xset; then
+  case $am_aux_dir in
+  *\ * | *\	*)
+    install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;;
+  *)
+    install_sh="\${SHELL} $am_aux_dir/install-sh"
+  esac
+fi
+
+# Installed binaries are usually stripped using `strip' when the user
+# run `make install-strip'.  However `strip' might not be the right
+# tool to use in cross-compilation environments, therefore Automake
+# will honor the `STRIP' environment variable to overrule this program.
+if test "$cross_compiling" != no; then
+  if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+fi
+INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5
+$as_echo_n "checking for a thread-safe mkdir -p... " >&6; }
+if test -z "$MKDIR_P"; then
+  if test "${ac_cv_path_mkdir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in mkdir gmkdir; do
+	 for ac_exec_ext in '' $ac_executable_extensions; do
+	   { test -f "$as_dir/$ac_prog$ac_exec_ext" && $as_test_x "$as_dir/$ac_prog$ac_exec_ext"; } || continue
+	   case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #(
+	     'mkdir (GNU coreutils) '* | \
+	     'mkdir (coreutils) '* | \
+	     'mkdir (fileutils) '4.1*)
+	       ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext
+	       break 3;;
+	   esac
+	 done
+       done
+  done
+IFS=$as_save_IFS
+
+fi
+
+  test -d ./--version && rmdir ./--version
+  if test "${ac_cv_path_mkdir+set}" = set; then
+    MKDIR_P="$ac_cv_path_mkdir -p"
+  else
+    # As a last resort, use the slow shell script.  Don't cache a
+    # value for MKDIR_P within a source directory, because that will
+    # break other packages using the cache if that directory is
+    # removed, or if the value is a relative name.
+    MKDIR_P="$ac_install_sh -d"
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5
+$as_echo "$MKDIR_P" >&6; }
+
+mkdir_p="$MKDIR_P"
+case $mkdir_p in
+  [\\/$]* | ?:[\\/]*) ;;
+  */*) mkdir_p="\$(top_builddir)/$mkdir_p" ;;
+esac
+
+for ac_prog in gawk mawk nawk awk
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AWK+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AWK"; then
+  ac_cv_prog_AWK="$AWK" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AWK="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AWK=$ac_cv_prog_AWK
+if test -n "$AWK"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5
+$as_echo "$AWK" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$AWK" && break
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5
+$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; }
+set x ${MAKE-make}
+ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'`
+if { as_var=ac_cv_prog_make_${ac_make}_set; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat >conftest.make <<\_ACEOF
+SHELL = /bin/sh
+all:
+	@echo '@@@%%%=$(MAKE)=@@@%%%'
+_ACEOF
+# GNU make sometimes prints "make[1]: Entering...", which would confuse us.
+case `${MAKE-make} -f conftest.make 2>/dev/null` in
+  *@@@%%%=?*=@@@%%%*)
+    eval ac_cv_prog_make_${ac_make}_set=yes;;
+  *)
+    eval ac_cv_prog_make_${ac_make}_set=no;;
+esac
+rm -f conftest.make
+fi
+if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+  SET_MAKE=
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  SET_MAKE="MAKE=${MAKE-make}"
+fi
+
+rm -rf .tst 2>/dev/null
+mkdir .tst 2>/dev/null
+if test -d .tst; then
+  am__leading_dot=.
+else
+  am__leading_dot=_
+fi
+rmdir .tst 2>/dev/null
+
+if test "`cd $srcdir && pwd`" != "`pwd`"; then
+  # Use -I$(srcdir) only when $(srcdir) != ., so that make's output
+  # is not polluted with repeated "-I."
+  am__isrc=' -I$(srcdir)'
+  # test to see if srcdir already configured
+  if test -f $srcdir/config.status; then
+    as_fn_error "source directory already configured; run \"make distclean\" there first" "$LINENO" 5
+  fi
+fi
+
+# test whether we have cygpath
+if test -z "$CYGPATH_W"; then
+  if (cygpath --version) >/dev/null 2>/dev/null; then
+    CYGPATH_W='cygpath -w'
+  else
+    CYGPATH_W=echo
+  fi
+fi
+
+
+# Define the identity of the package.
+ PACKAGE='pki-tps'
+ VERSION='8.0.0'
+
+
+cat >>confdefs.h <<_ACEOF
+#define PACKAGE "$PACKAGE"
+_ACEOF
+
+
+cat >>confdefs.h <<_ACEOF
+#define VERSION "$VERSION"
+_ACEOF
+
+# Some tools Automake needs.
+
+ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"}
+
+
+AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"}
+
+
+AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"}
+
+
+AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"}
+
+
+MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"}
+
+# We need awk for the "check" target.  The system "awk" is bad on
+# some platforms.
+# Always define AMTAR for backward compatibility.
+
+AMTAR=${AMTAR-"${am_missing_run}tar"}
+
+am__tar='${AMTAR} chof - "$$tardir"'; am__untar='${AMTAR} xf -'
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable maintainer-specific portions of Makefiles" >&5
+$as_echo_n "checking whether to enable maintainer-specific portions of Makefiles... " >&6; }
+    # Check whether --enable-maintainer-mode was given.
+if test "${enable_maintainer_mode+set}" = set; then :
+  enableval=$enable_maintainer_mode; USE_MAINTAINER_MODE=$enableval
+else
+  USE_MAINTAINER_MODE=no
+fi
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $USE_MAINTAINER_MODE" >&5
+$as_echo "$USE_MAINTAINER_MODE" >&6; }
+   if test $USE_MAINTAINER_MODE = yes; then
+  MAINTAINER_MODE_TRUE=
+  MAINTAINER_MODE_FALSE='#'
+else
+  MAINTAINER_MODE_TRUE='#'
+  MAINTAINER_MODE_FALSE=
+fi
+
+  MAINT=$MAINTAINER_MODE_TRUE
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+  as_fn_error "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if test "${ac_cv_build+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+  ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+  as_fn_error "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+  as_fn_error "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if test "${ac_cv_host+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "x$host_alias" = x; then
+  ac_cv_host=$ac_cv_build
+else
+  ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+    as_fn_error "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
+
+# Library versioning.
+GENERIC_MAJOR_VERSION=1
+GENERIC_MINOR_VERSION=0
+GENERIC_MICRO_VERSION=0
+GENERIC_LIBRARY_VERSION=0:0:0
+
+GENERIC_VERSION=$GENERIC_MAJOR_VERSION.$GENERIC_MINOR_VERSION.$GENERIC_MICRO_VERSION
+GENERIC_RELEASE=$GENERIC_MAJOR_VERSION.$GENERIC_MINOR_VERSION
+
+
+VERSION=$GENERIC_VERSION
+
+# Checks for programs.
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+  if test -n "$CCC"; then
+    CXX=$CCC
+  else
+    if test -n "$ac_tool_prefix"; then
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CXX"; then
+  ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CXX" && break
+  done
+fi
+if test -z "$CXX"; then
+  ac_ct_CXX=$CXX
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CXX"; then
+  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CXX="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CXX" && break
+done
+
+  if test "x$ac_ct_CXX" = x; then
+    CXX="g++"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CXX=$ac_ct_CXX
+  fi
+fi
+
+  fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out"
+# Try to create an executable without -o first, disregard a.out.
+# It will help us diagnose broken compilers, and finding out an intuition
+# of exeext.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C++ compiler works" >&5
+$as_echo_n "checking whether the C++ compiler works... " >&6; }
+ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'`
+
+# The possible output files:
+ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*"
+
+ac_rmfiles=
+for ac_file in $ac_files
+do
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    * ) ac_rmfiles="$ac_rmfiles $ac_file";;
+  esac
+done
+rm -f $ac_rmfiles
+
+if { { ac_try="$ac_link_default"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link_default") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # Autoconf-2.13 could set the ac_cv_exeext variable to `no'.
+# So ignore a value of `no', otherwise this would lead to `EXEEXT = no'
+# in a Makefile.  We should not override ac_cv_exeext if it was cached,
+# so that the user can short-circuit this test for compilers unknown to
+# Autoconf.
+for ac_file in $ac_files ''
+do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj )
+	;;
+    [ab].out )
+	# We found the default executable, but exeext='' is most
+	# certainly right.
+	break;;
+    *.* )
+	if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no;
+	then :; else
+	   ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	fi
+	# We set ac_cv_exeext here because the later test for it is not
+	# safe: cross compilers may not add the suffix if given an `-o'
+	# argument, so we may need to know it at that point already.
+	# Even if this section looks crufty: it has the advantage of
+	# actually working.
+	break;;
+    * )
+	break;;
+  esac
+done
+test "$ac_cv_exeext" = no && ac_cv_exeext=
+
+else
+  ac_file=''
+fi
+if test -z "$ac_file"; then :
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+$as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+{ as_fn_set_status 77
+as_fn_error "C++ compiler cannot create executables
+See \`config.log' for more details." "$LINENO" 5; }; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler default output file name" >&5
+$as_echo_n "checking for C++ compiler default output file name... " >&6; }
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5
+$as_echo "$ac_file" >&6; }
+ac_exeext=$ac_cv_exeext
+
+rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5
+$as_echo_n "checking for suffix of executables... " >&6; }
+if { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  # If both `conftest.exe' and `conftest' are `present' (well, observable)
+# catch `conftest.exe'.  For instance with Cygwin, `ls conftest' will
+# work properly (i.e., refer to `conftest.exe'), while it won't with
+# `rm'.
+for ac_file in conftest.exe conftest conftest.*; do
+  test -f "$ac_file" || continue
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;;
+    *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'`
+	  break;;
+    * ) break;;
+  esac
+done
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot compute suffix of executables: cannot compile and link
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+rm -f conftest conftest$ac_cv_exeext
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5
+$as_echo "$ac_cv_exeext" >&6; }
+
+rm -f conftest.$ac_ext
+EXEEXT=$ac_cv_exeext
+ac_exeext=$EXEEXT
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdio.h>
+int
+main ()
+{
+FILE *f = fopen ("conftest.out", "w");
+ return ferror (f) || fclose (f) != 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+ac_clean_files="$ac_clean_files conftest.out"
+# Check that the compiler produces executables we can run.  If not, either
+# the compiler is broken, or we cross compile.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5
+$as_echo_n "checking whether we are cross compiling... " >&6; }
+if test "$cross_compiling" != yes; then
+  { { ac_try="$ac_link"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_link") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+  if { ac_try='./conftest$ac_cv_exeext'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+    cross_compiling=no
+  else
+    if test "$cross_compiling" = maybe; then
+	cross_compiling=yes
+    else
+	{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot run C++ compiled programs.
+If you meant to cross compile, use \`--host'.
+See \`config.log' for more details." "$LINENO" 5; }
+    fi
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5
+$as_echo "$cross_compiling" >&6; }
+
+rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out
+ac_clean_files=$ac_clean_files_save
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5
+$as_echo_n "checking for suffix of object files... " >&6; }
+if test "${ac_cv_objext+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+rm -f conftest.o conftest.obj
+if { { ac_try="$ac_compile"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compile") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then :
+  for ac_file in conftest.o conftest.obj conftest.*; do
+  test -f "$ac_file" || continue;
+  case $ac_file in
+    *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;;
+    *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'`
+       break;;
+  esac
+done
+else
+  $as_echo "$as_me: failed program was:" >&5
+sed 's/^/| /' conftest.$ac_ext >&5
+
+{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "cannot compute suffix of object files: cannot compile
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+rm -f conftest.$ac_cv_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5
+$as_echo "$ac_cv_objext" >&6; }
+OBJEXT=$ac_cv_objext
+ac_objext=$OBJEXT
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GXX=yes
+else
+  GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+   ac_cxx_werror_flag=yes
+   ac_cv_prog_cxx_g=no
+   CXXFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+else
+  CXXFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+  ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+	 CXXFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+  CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+  if test "$GXX" = yes; then
+    CXXFLAGS="-g -O2"
+  else
+    CXXFLAGS="-g"
+  fi
+else
+  if test "$GXX" = yes; then
+    CXXFLAGS="-O2"
+  else
+    CXXFLAGS=
+  fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+DEPDIR="${am__leading_dot}deps"
+
+ac_config_commands="$ac_config_commands depfiles"
+
+
+am_make=${MAKE-make}
+cat > confinc << 'END'
+am__doit:
+	@echo this is the am__doit target
+.PHONY: am__doit
+END
+# If we don't find an include directive, just comment out the code.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for style of include used by $am_make" >&5
+$as_echo_n "checking for style of include used by $am_make... " >&6; }
+am__include="#"
+am__quote=
+_am_result=none
+# First try GNU make style include.
+echo "include confinc" > confmf
+# Ignore all kinds of additional output from `make'.
+case `$am_make -s -f confmf 2> /dev/null` in #(
+*the\ am__doit\ target*)
+  am__include=include
+  am__quote=
+  _am_result=GNU
+  ;;
+esac
+# Now try BSD make style include.
+if test "$am__include" = "#"; then
+   echo '.include "confinc"' > confmf
+   case `$am_make -s -f confmf 2> /dev/null` in #(
+   *the\ am__doit\ target*)
+     am__include=.include
+     am__quote="\""
+     _am_result=BSD
+     ;;
+   esac
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $_am_result" >&5
+$as_echo "$_am_result" >&6; }
+rm -f confinc confmf
+
+# Check whether --enable-dependency-tracking was given.
+if test "${enable_dependency_tracking+set}" = set; then :
+  enableval=$enable_dependency_tracking;
+fi
+
+if test "x$enable_dependency_tracking" != xno; then
+  am_depcomp="$ac_aux_dir/depcomp"
+  AMDEPBACKSLASH='\'
+fi
+ if test "x$enable_dependency_tracking" != xno; then
+  AMDEP_TRUE=
+  AMDEP_FALSE='#'
+else
+  AMDEP_TRUE='#'
+  AMDEP_FALSE=
+fi
+
+
+
+depcc="$CXX"  am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CXX_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CXX_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+  am__fastdepCXX_TRUE=
+  am__fastdepCXX_FALSE='#'
+else
+  am__fastdepCXX_TRUE='#'
+  am__fastdepCXX_FALSE=
+fi
+
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_CC"; then
+  ac_ct_CC=$CC
+  # Extract the first word of "gcc", so it can be a program name with args.
+set dummy gcc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="gcc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+else
+  CC="$ac_cv_prog_CC"
+fi
+
+if test -z "$CC"; then
+          if test -n "$ac_tool_prefix"; then
+    # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args.
+set dummy ${ac_tool_prefix}cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="${ac_tool_prefix}cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  fi
+fi
+if test -z "$CC"; then
+  # Extract the first word of "cc", so it can be a program name with args.
+set dummy cc; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+  ac_prog_rejected=no
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then
+       ac_prog_rejected=yes
+       continue
+     fi
+    ac_cv_prog_CC="cc"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+if test $ac_prog_rejected = yes; then
+  # We found a bogon in the path, so make sure we never use it.
+  set dummy $ac_cv_prog_CC
+  shift
+  if test $# != 0; then
+    # We chose a different compiler from the bogus one.
+    # However, it has the same basename, so the bogon will be chosen
+    # first if we set CC to just the basename; use the full file name.
+    shift
+    ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@"
+  fi
+fi
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$CC"; then
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in cl.exe
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CC"; then
+  ac_cv_prog_CC="$CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CC="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CC=$ac_cv_prog_CC
+if test -n "$CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5
+$as_echo "$CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CC" && break
+  done
+fi
+if test -z "$CC"; then
+  ac_ct_CC=$CC
+  for ac_prog in cl.exe
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CC+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CC"; then
+  ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CC="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CC=$ac_cv_prog_ac_ct_CC
+if test -n "$ac_ct_CC"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5
+$as_echo "$ac_ct_CC" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CC" && break
+done
+
+  if test "x$ac_ct_CC" = x; then
+    CC=""
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CC=$ac_ct_CC
+  fi
+fi
+
+fi
+
+
+test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "no acceptable C compiler found in \$PATH
+See \`config.log' for more details." "$LINENO" 5; }
+
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5
+$as_echo_n "checking whether we are using the GNU C compiler... " >&6; }
+if test "${ac_cv_c_compiler_gnu+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_c_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5
+$as_echo "$ac_cv_c_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GCC=yes
+else
+  GCC=
+fi
+ac_test_CFLAGS=${CFLAGS+set}
+ac_save_CFLAGS=$CFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5
+$as_echo_n "checking whether $CC accepts -g... " >&6; }
+if test "${ac_cv_prog_cc_g+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_c_werror_flag=$ac_c_werror_flag
+   ac_c_werror_flag=yes
+   ac_cv_prog_cc_g=no
+   CFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+else
+  CFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+
+else
+  ac_c_werror_flag=$ac_save_c_werror_flag
+	 CFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_c_werror_flag=$ac_save_c_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5
+$as_echo "$ac_cv_prog_cc_g" >&6; }
+if test "$ac_test_CFLAGS" = set; then
+  CFLAGS=$ac_save_CFLAGS
+elif test $ac_cv_prog_cc_g = yes; then
+  if test "$GCC" = yes; then
+    CFLAGS="-g -O2"
+  else
+    CFLAGS="-g"
+  fi
+else
+  if test "$GCC" = yes; then
+    CFLAGS="-O2"
+  else
+    CFLAGS=
+  fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5
+$as_echo_n "checking for $CC option to accept ISO C89... " >&6; }
+if test "${ac_cv_prog_cc_c89+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_cv_prog_cc_c89=no
+ac_save_CC=$CC
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdarg.h>
+#include <stdio.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+/* Most of the following tests are stolen from RCS 5.7's src/conf.sh.  */
+struct buf { int x; };
+FILE * (*rcsopen) (struct buf *, struct stat *, int);
+static char *e (p, i)
+     char **p;
+     int i;
+{
+  return p[i];
+}
+static char *f (char * (*g) (char **, int), char **p, ...)
+{
+  char *s;
+  va_list v;
+  va_start (v,p);
+  s = g (p, va_arg (v,int));
+  va_end (v);
+  return s;
+}
+
+/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default.  It has
+   function prototypes and stuff, but not '\xHH' hex character constants.
+   These don't provoke an error unfortunately, instead are silently treated
+   as 'x'.  The following induces an error, until -std is added to get
+   proper ANSI mode.  Curiously '\x00'!='x' always comes out true, for an
+   array size at least.  It's necessary to write '\x00'==0 to get something
+   that's true only with -std.  */
+int osf4_cc_array ['\x00' == 0 ? 1 : -1];
+
+/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters
+   inside strings and character constants.  */
+#define FOO(x) 'x'
+int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1];
+
+int test (int i, double x);
+struct s1 {int (*f) (int a);};
+struct s2 {int (*f) (double a);};
+int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int);
+int argc;
+char **argv;
+int
+main ()
+{
+return f (e, argv, 0) != argv[0]  ||  f (e, argv, 1) != argv[1];
+  ;
+  return 0;
+}
+_ACEOF
+for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \
+	-Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__"
+do
+  CC="$ac_save_CC $ac_arg"
+  if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_prog_cc_c89=$ac_arg
+fi
+rm -f core conftest.err conftest.$ac_objext
+  test "x$ac_cv_prog_cc_c89" != "xno" && break
+done
+rm -f conftest.$ac_ext
+CC=$ac_save_CC
+
+fi
+# AC_CACHE_VAL
+case "x$ac_cv_prog_cc_c89" in
+  x)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5
+$as_echo "none needed" >&6; } ;;
+  xno)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5
+$as_echo "unsupported" >&6; } ;;
+  *)
+    CC="$CC $ac_cv_prog_cc_c89"
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5
+$as_echo "$ac_cv_prog_cc_c89" >&6; } ;;
+esac
+if test "x$ac_cv_prog_cc_c89" != xno; then :
+
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CC"   am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CC_dependencies_compiler_type+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CC_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CC_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CC_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; }
+CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then
+  am__fastdepCC_TRUE=
+  am__fastdepCC_FALSE='#'
+else
+  am__fastdepCC_TRUE='#'
+  am__fastdepCC_FALSE=
+fi
+
+
+if test "x$CC" != xcc; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5
+$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5
+$as_echo_n "checking whether cc understands -c and -o together... " >&6; }
+fi
+set dummy $CC; ac_cc=`$as_echo "$2" |
+		      sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+if { as_var=ac_cv_prog_cc_${ac_cc}_c_o; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+# Make sure it works both with $CC and with simple cc.
+# We do the test twice because some compilers refuse to overwrite an
+# existing .o file with -o, though they will create one.
+ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+rm -f conftest2.*
+if { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } &&
+   test -f conftest2.$ac_objext && { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; };
+then
+  eval ac_cv_prog_cc_${ac_cc}_c_o=yes
+  if test "x$CC" != xcc; then
+    # Test first that cc exists at all.
+    if { ac_try='cc -c conftest.$ac_ext >&5'
+  { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; }; then
+      ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5'
+      rm -f conftest2.*
+      if { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } &&
+	 test -f conftest2.$ac_objext && { { case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_try") 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; };
+      then
+	# cc works too.
+	:
+      else
+	# cc exists but doesn't like -o.
+	eval ac_cv_prog_cc_${ac_cc}_c_o=no
+      fi
+    fi
+  fi
+else
+  eval ac_cv_prog_cc_${ac_cc}_c_o=no
+fi
+rm -f core conftest*
+
+fi
+if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+
+$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h
+
+fi
+
+# FIXME: we rely on the cache variable name because
+# there is no other way.
+set dummy $CC
+am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'`
+eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o
+if test "$am_t" != yes; then
+   # Losing compiler, so override with the script.
+   # FIXME: It is wrong to rewrite CC.
+   # But if we don't then we get into trouble of one sort or another.
+   # A longer-term fix would be to have automake use am__CC in this case,
+   # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)"
+   CC="$am_aux_dir/compile $CC"
+fi
+
+
+# disable static libs by default - we only use a couple
+# Check whether --enable-static was given.
+if test "${enable_static+set}" = set; then :
+  enableval=$enable_static; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_static=yes ;;
+    no) enable_static=no ;;
+    *)
+     enable_static=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_static=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_static=no
+fi
+
+
+
+
+
+
+
+
+
+case `pwd` in
+  *\ * | *\	*)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5
+$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;;
+esac
+
+
+
+macro_version='2.2.6b'
+macro_revision='1.3017'
+
+
+
+
+
+
+
+
+
+
+
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5
+$as_echo_n "checking for a sed that does not truncate output... " >&6; }
+if test "${ac_cv_path_SED+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+            ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/
+     for ac_i in 1 2 3 4 5 6 7; do
+       ac_script="$ac_script$as_nl$ac_script"
+     done
+     echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed
+     { ac_script=; unset ac_script;}
+     if test -z "$SED"; then
+  ac_path_SED_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in sed gsed; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_SED="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_SED" && $as_test_x "$ac_path_SED"; } || continue
+# Check for GNU ac_path_SED and select it if it is found.
+  # Check for GNU $ac_path_SED
+case `"$ac_path_SED" --version 2>&1` in
+*GNU*)
+  ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo '' >> "conftest.nl"
+    "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_SED_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_SED="$ac_path_SED"
+      ac_path_SED_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_SED_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_SED"; then
+    as_fn_error "no acceptable sed could be found in \$PATH" "$LINENO" 5
+  fi
+else
+  ac_cv_path_SED=$SED
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5
+$as_echo "$ac_cv_path_SED" >&6; }
+ SED="$ac_cv_path_SED"
+  rm -f conftest.sed
+
+test -z "$SED" && SED=sed
+Xsed="$SED -e 1s/^X//"
+
+
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5
+$as_echo_n "checking for grep that handles long lines and -e... " >&6; }
+if test "${ac_cv_path_GREP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$GREP"; then
+  ac_path_GREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in grep ggrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_GREP" && $as_test_x "$ac_path_GREP"; } || continue
+# Check for GNU ac_path_GREP and select it if it is found.
+  # Check for GNU $ac_path_GREP
+case `"$ac_path_GREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'GREP' >> "conftest.nl"
+    "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_GREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_GREP="$ac_path_GREP"
+      ac_path_GREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_GREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_GREP"; then
+    as_fn_error "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_GREP=$GREP
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5
+$as_echo "$ac_cv_path_GREP" >&6; }
+ GREP="$ac_cv_path_GREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5
+$as_echo_n "checking for egrep... " >&6; }
+if test "${ac_cv_path_EGREP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo a | $GREP -E '(a|b)' >/dev/null 2>&1
+   then ac_cv_path_EGREP="$GREP -E"
+   else
+     if test -z "$EGREP"; then
+  ac_path_EGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in egrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_EGREP" && $as_test_x "$ac_path_EGREP"; } || continue
+# Check for GNU ac_path_EGREP and select it if it is found.
+  # Check for GNU $ac_path_EGREP
+case `"$ac_path_EGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'EGREP' >> "conftest.nl"
+    "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_EGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_EGREP="$ac_path_EGREP"
+      ac_path_EGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_EGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_EGREP"; then
+    as_fn_error "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_EGREP=$EGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5
+$as_echo "$ac_cv_path_EGREP" >&6; }
+ EGREP="$ac_cv_path_EGREP"
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5
+$as_echo_n "checking for fgrep... " >&6; }
+if test "${ac_cv_path_FGREP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1
+   then ac_cv_path_FGREP="$GREP -F"
+   else
+     if test -z "$FGREP"; then
+  ac_path_FGREP_found=false
+  # Loop through the user's path and test for each of PROGNAME-LIST
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_prog in fgrep; do
+    for ac_exec_ext in '' $ac_executable_extensions; do
+      ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext"
+      { test -f "$ac_path_FGREP" && $as_test_x "$ac_path_FGREP"; } || continue
+# Check for GNU ac_path_FGREP and select it if it is found.
+  # Check for GNU $ac_path_FGREP
+case `"$ac_path_FGREP" --version 2>&1` in
+*GNU*)
+  ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;;
+*)
+  ac_count=0
+  $as_echo_n 0123456789 >"conftest.in"
+  while :
+  do
+    cat "conftest.in" "conftest.in" >"conftest.tmp"
+    mv "conftest.tmp" "conftest.in"
+    cp "conftest.in" "conftest.nl"
+    $as_echo 'FGREP' >> "conftest.nl"
+    "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break
+    diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break
+    as_fn_arith $ac_count + 1 && ac_count=$as_val
+    if test $ac_count -gt ${ac_path_FGREP_max-0}; then
+      # Best one so far, save it but keep looking for a better one
+      ac_cv_path_FGREP="$ac_path_FGREP"
+      ac_path_FGREP_max=$ac_count
+    fi
+    # 10*(2^10) chars as input seems more than enough
+    test $ac_count -gt 10 && break
+  done
+  rm -f conftest.in conftest.tmp conftest.nl conftest.out;;
+esac
+
+      $ac_path_FGREP_found && break 3
+    done
+  done
+  done
+IFS=$as_save_IFS
+  if test -z "$ac_cv_path_FGREP"; then
+    as_fn_error "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5
+  fi
+else
+  ac_cv_path_FGREP=$FGREP
+fi
+
+   fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5
+$as_echo "$ac_cv_path_FGREP" >&6; }
+ FGREP="$ac_cv_path_FGREP"
+
+
+test -z "$GREP" && GREP=grep
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+  withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5
+$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; }
+if test "${lt_cv_path_NM+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NM"; then
+  # Let the user override the test.
+  lt_cv_path_NM="$NM"
+else
+  lt_nm_to_check="${ac_tool_prefix}nm"
+  if test -n "$ac_tool_prefix" && test "$build" = "$host"; then
+    lt_nm_to_check="$lt_nm_to_check nm"
+  fi
+  for lt_tmp_nm in $lt_nm_to_check; do
+    lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+    for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do
+      IFS="$lt_save_ifs"
+      test -z "$ac_dir" && ac_dir=.
+      tmp_nm="$ac_dir/$lt_tmp_nm"
+      if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext" ; then
+	# Check to see if the nm accepts a BSD-compat flag.
+	# Adding the `sed 1q' prevents false positives on HP-UX, which says:
+	#   nm: unknown option "B" ignored
+	# Tru64's nm complains that /dev/null is an invalid object file
+	case `"$tmp_nm" -B /dev/null 2>&1 | sed '1q'` in
+	*/dev/null* | *'Invalid file or object type'*)
+	  lt_cv_path_NM="$tmp_nm -B"
+	  break
+	  ;;
+	*)
+	  case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in
+	  */dev/null*)
+	    lt_cv_path_NM="$tmp_nm -p"
+	    break
+	    ;;
+	  *)
+	    lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but
+	    continue # so that we can try to find one that supports BSD flags
+	    ;;
+	  esac
+	  ;;
+	esac
+      fi
+    done
+    IFS="$lt_save_ifs"
+  done
+  : ${lt_cv_path_NM=no}
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5
+$as_echo "$lt_cv_path_NM" >&6; }
+if test "$lt_cv_path_NM" != "no"; then
+  NM="$lt_cv_path_NM"
+else
+  # Didn't find any BSD compatible name lister, look for dumpbin.
+  if test -n "$ac_tool_prefix"; then
+  for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DUMPBIN+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DUMPBIN"; then
+  ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DUMPBIN=$ac_cv_prog_DUMPBIN
+if test -n "$DUMPBIN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5
+$as_echo "$DUMPBIN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$DUMPBIN" && break
+  done
+fi
+if test -z "$DUMPBIN"; then
+  ac_ct_DUMPBIN=$DUMPBIN
+  for ac_prog in "dumpbin -symbols" "link -dump -symbols"
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DUMPBIN+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DUMPBIN"; then
+  ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_DUMPBIN="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN
+if test -n "$ac_ct_DUMPBIN"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5
+$as_echo "$ac_ct_DUMPBIN" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_DUMPBIN" && break
+done
+
+  if test "x$ac_ct_DUMPBIN" = x; then
+    DUMPBIN=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DUMPBIN=$ac_ct_DUMPBIN
+  fi
+fi
+
+
+  if test "$DUMPBIN" != ":"; then
+    NM="$DUMPBIN"
+  fi
+fi
+test -z "$NM" && NM=nm
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5
+$as_echo_n "checking the name lister ($NM) interface... " >&6; }
+if test "${lt_cv_nm_interface+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_nm_interface="BSD nm"
+  echo "int some_variable = 0;" > conftest.$ac_ext
+  (eval echo "\"\$as_me:5402: $ac_compile\"" >&5)
+  (eval "$ac_compile" 2>conftest.err)
+  cat conftest.err >&5
+  (eval echo "\"\$as_me:5405: $NM \\\"conftest.$ac_objext\\\"\"" >&5)
+  (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out)
+  cat conftest.err >&5
+  (eval echo "\"\$as_me:5408: output\"" >&5)
+  cat conftest.out >&5
+  if $GREP 'External.*some_variable' conftest.out > /dev/null; then
+    lt_cv_nm_interface="MS dumpbin"
+  fi
+  rm -f conftest*
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5
+$as_echo "$lt_cv_nm_interface" >&6; }
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5
+$as_echo_n "checking whether ln -s works... " >&6; }
+LN_S=$as_ln_s
+if test "$LN_S" = "ln -s"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5
+$as_echo "no, using $LN_S" >&6; }
+fi
+
+# find the maximum length of command line arguments
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5
+$as_echo_n "checking the maximum length of command line arguments... " >&6; }
+if test "${lt_cv_sys_max_cmd_len+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+    i=0
+  teststring="ABCD"
+
+  case $build_os in
+  msdosdjgpp*)
+    # On DJGPP, this test can blow up pretty badly due to problems in libc
+    # (any single argument exceeding 2000 bytes causes a buffer overrun
+    # during glob expansion).  Even if it were fixed, the result of this
+    # check would be larger than it should be.
+    lt_cv_sys_max_cmd_len=12288;    # 12K is about right
+    ;;
+
+  gnu*)
+    # Under GNU Hurd, this test is not required because there is
+    # no limit to the length of command line arguments.
+    # Libtool will interpret -1 as no limit whatsoever
+    lt_cv_sys_max_cmd_len=-1;
+    ;;
+
+  cygwin* | mingw* | cegcc*)
+    # On Win9x/ME, this test blows up -- it succeeds, but takes
+    # about 5 minutes as the teststring grows exponentially.
+    # Worse, since 9x/ME are not pre-emptively multitasking,
+    # you end up with a "frozen" computer, even though with patience
+    # the test eventually succeeds (with a max line length of 256k).
+    # Instead, let's just punt: use the minimum linelength reported by
+    # all of the supported platforms: 8192 (on NT/2K/XP).
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  amigaos*)
+    # On AmigaOS with pdksh, this test takes hours, literally.
+    # So we just punt and use a minimum line length of 8192.
+    lt_cv_sys_max_cmd_len=8192;
+    ;;
+
+  netbsd* | freebsd* | openbsd* | darwin* | dragonfly*)
+    # This has been around since 386BSD, at least.  Likely further.
+    if test -x /sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax`
+    elif test -x /usr/sbin/sysctl; then
+      lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax`
+    else
+      lt_cv_sys_max_cmd_len=65536	# usable default for all BSDs
+    fi
+    # And add a safety zone
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+    lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    ;;
+
+  interix*)
+    # We know the value 262144 and hardcode it with a safety zone (like BSD)
+    lt_cv_sys_max_cmd_len=196608
+    ;;
+
+  osf*)
+    # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure
+    # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not
+    # nice to cause kernel panics so lets avoid the loop below.
+    # First set a reasonable default.
+    lt_cv_sys_max_cmd_len=16384
+    #
+    if test -x /sbin/sysconfig; then
+      case `/sbin/sysconfig -q proc exec_disable_arg_limit` in
+        *1*) lt_cv_sys_max_cmd_len=-1 ;;
+      esac
+    fi
+    ;;
+  sco3.2v5*)
+    lt_cv_sys_max_cmd_len=102400
+    ;;
+  sysv5* | sco5v6* | sysv4.2uw2*)
+    kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null`
+    if test -n "$kargmax"; then
+      lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[	 ]//'`
+    else
+      lt_cv_sys_max_cmd_len=32768
+    fi
+    ;;
+  *)
+    lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null`
+    if test -n "$lt_cv_sys_max_cmd_len"; then
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4`
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3`
+    else
+      # Make teststring a little bigger before we do anything with it.
+      # a 1K string should be a reasonable start.
+      for i in 1 2 3 4 5 6 7 8 ; do
+        teststring=$teststring$teststring
+      done
+      SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}}
+      # If test is not a shell built-in, we'll probably end up computing a
+      # maximum length that is only half of the actual maximum length, but
+      # we can't tell.
+      while { test "X"`$SHELL $0 --fallback-echo "X$teststring$teststring" 2>/dev/null` \
+	         = "XX$teststring$teststring"; } >/dev/null 2>&1 &&
+	      test $i != 17 # 1/2 MB should be enough
+      do
+        i=`expr $i + 1`
+        teststring=$teststring$teststring
+      done
+      # Only check the string length outside the loop.
+      lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1`
+      teststring=
+      # Add a significant safety factor because C++ compilers can tack on
+      # massive amounts of additional arguments before passing them to the
+      # linker.  It appears as though 1/2 is a usable value.
+      lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2`
+    fi
+    ;;
+  esac
+
+fi
+
+if test -n $lt_cv_sys_max_cmd_len ; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5
+$as_echo "$lt_cv_sys_max_cmd_len" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5
+$as_echo "none" >&6; }
+fi
+max_cmd_len=$lt_cv_sys_max_cmd_len
+
+
+
+
+
+
+: ${CP="cp -f"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands some XSI constructs" >&5
+$as_echo_n "checking whether the shell understands some XSI constructs... " >&6; }
+# Try some XSI features
+xsi_shell=no
+( _lt_dummy="a/b/c"
+  test "${_lt_dummy##*/},${_lt_dummy%/*},"${_lt_dummy%"$_lt_dummy"}, \
+      = c,a/b,, \
+    && eval 'test $(( 1 + 1 )) -eq 2 \
+    && test "${#_lt_dummy}" -eq 5' ) >/dev/null 2>&1 \
+  && xsi_shell=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $xsi_shell" >&5
+$as_echo "$xsi_shell" >&6; }
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the shell understands \"+=\"" >&5
+$as_echo_n "checking whether the shell understands \"+=\"... " >&6; }
+lt_shell_append=no
+( foo=bar; set foo baz; eval "$1+=\$2" && test "$foo" = barbaz ) \
+    >/dev/null 2>&1 \
+  && lt_shell_append=yes
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_shell_append" >&5
+$as_echo "$lt_shell_append" >&6; }
+
+
+if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then
+  lt_unset=unset
+else
+  lt_unset=false
+fi
+
+
+
+
+
+# test EBCDIC or ASCII
+case `echo X|tr X '\101'` in
+ A) # ASCII based system
+    # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr
+  lt_SP2NL='tr \040 \012'
+  lt_NL2SP='tr \015\012 \040\040'
+  ;;
+ *) # EBCDIC based system
+  lt_SP2NL='tr \100 \n'
+  lt_NL2SP='tr \r\n \100\100'
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5
+$as_echo_n "checking for $LD option to reload object files... " >&6; }
+if test "${lt_cv_ld_reload_flag+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_reload_flag='-r'
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5
+$as_echo "$lt_cv_ld_reload_flag" >&6; }
+reload_flag=$lt_cv_ld_reload_flag
+case $reload_flag in
+"" | " "*) ;;
+*) reload_flag=" $reload_flag" ;;
+esac
+reload_cmds='$LD$reload_flag -o $output$reload_objs'
+case $host_os in
+  darwin*)
+    if test "$GCC" = yes; then
+      reload_cmds='$LTCC $LTCFLAGS -nostdlib ${wl}-r -o $output$reload_objs'
+    else
+      reload_cmds='$LD$reload_flag -o $output$reload_objs'
+    fi
+    ;;
+esac
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args.
+set dummy ${ac_tool_prefix}objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OBJDUMP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OBJDUMP"; then
+  ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OBJDUMP=$ac_cv_prog_OBJDUMP
+if test -n "$OBJDUMP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5
+$as_echo "$OBJDUMP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OBJDUMP"; then
+  ac_ct_OBJDUMP=$OBJDUMP
+  # Extract the first word of "objdump", so it can be a program name with args.
+set dummy objdump; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OBJDUMP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OBJDUMP"; then
+  ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_OBJDUMP="objdump"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP
+if test -n "$ac_ct_OBJDUMP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5
+$as_echo "$ac_ct_OBJDUMP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OBJDUMP" = x; then
+    OBJDUMP="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OBJDUMP=$ac_ct_OBJDUMP
+  fi
+else
+  OBJDUMP="$ac_cv_prog_OBJDUMP"
+fi
+
+test -z "$OBJDUMP" && OBJDUMP=objdump
+
+
+
+
+
+
+
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5
+$as_echo_n "checking how to recognize dependent libraries... " >&6; }
+if test "${lt_cv_deplibs_check_method+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_file_magic_cmd='$MAGIC_CMD'
+lt_cv_file_magic_test_file=
+lt_cv_deplibs_check_method='unknown'
+# Need to set the preceding variable on all platforms that support
+# interlibrary dependencies.
+# 'none' -- dependencies not supported.
+# `unknown' -- same as none, but documents that we really don't know.
+# 'pass_all' -- all dependencies passed with no checks.
+# 'test_compile' -- check by making test program.
+# 'file_magic [[regex]]' -- check by looking for files in library path
+# which responds to the $file_magic_cmd with a given extended regex.
+# If you have `file' or equivalent on your system and you're not sure
+# whether `pass_all' will *always* work, you probably want this one.
+
+case $host_os in
+aix[4-9]*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+beos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+bsdi[45]*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)'
+  lt_cv_file_magic_cmd='/usr/bin/file -L'
+  lt_cv_file_magic_test_file=/shlib/libc.so
+  ;;
+
+cygwin*)
+  # func_win32_libid is a shell function defined in ltmain.sh
+  lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+  lt_cv_file_magic_cmd='func_win32_libid'
+  ;;
+
+mingw* | pw32*)
+  # Base MSYS/MinGW do not provide the 'file' command needed by
+  # func_win32_libid shell function, so use a weaker test based on 'objdump',
+  # unless we find 'file', for example because we are cross-compiling.
+  if ( file / ) >/dev/null 2>&1; then
+    lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL'
+    lt_cv_file_magic_cmd='func_win32_libid'
+  else
+    lt_cv_deplibs_check_method='file_magic file format pei*-i386(.*architecture: i386)?'
+    lt_cv_file_magic_cmd='$OBJDUMP -f'
+  fi
+  ;;
+
+cegcc)
+  # use the weaker test based on 'objdump'. See mingw*.
+  lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?'
+  lt_cv_file_magic_cmd='$OBJDUMP -f'
+  ;;
+
+darwin* | rhapsody*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+freebsd* | dragonfly*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    case $host_cpu in
+    i*86 )
+      # Not sure whether the presence of OpenBSD here was a mistake.
+      # Let's accept both of them until this is cleared up.
+      lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library'
+      lt_cv_file_magic_cmd=/usr/bin/file
+      lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*`
+      ;;
+    esac
+  else
+    lt_cv_deplibs_check_method=pass_all
+  fi
+  ;;
+
+gnu*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+hpux10.20* | hpux11*)
+  lt_cv_file_magic_cmd=/usr/bin/file
+  case $host_cpu in
+  ia64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64'
+    lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so
+    ;;
+  hppa*64*)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - PA-RISC [0-9].[0-9]'
+    lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl
+    ;;
+  *)
+    lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9].[0-9]) shared library'
+    lt_cv_file_magic_test_file=/usr/lib/libc.sl
+    ;;
+  esac
+  ;;
+
+interix[3-9]*)
+  # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here
+  lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$'
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $LD in
+  *-32|*"-32 ") libmagic=32-bit;;
+  *-n32|*"-n32 ") libmagic=N32;;
+  *-64|*"-64 ") libmagic=64-bit;;
+  *) libmagic=never-match;;
+  esac
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+netbsd*)
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$'
+  fi
+  ;;
+
+newos6*)
+  lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)'
+  lt_cv_file_magic_cmd=/usr/bin/file
+  lt_cv_file_magic_test_file=/usr/lib/libnls.so
+  ;;
+
+*nto* | *qnx*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+openbsd*)
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$'
+  else
+    lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$'
+  fi
+  ;;
+
+osf3* | osf4* | osf5*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+rdos*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+solaris*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+
+sysv4 | sysv4.3*)
+  case $host_vendor in
+  motorola)
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]'
+    lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*`
+    ;;
+  ncr)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  sequent)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )'
+    ;;
+  sni)
+    lt_cv_file_magic_cmd='/bin/file'
+    lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib"
+    lt_cv_file_magic_test_file=/lib/libc.so
+    ;;
+  siemens)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  pc)
+    lt_cv_deplibs_check_method=pass_all
+    ;;
+  esac
+  ;;
+
+tpf*)
+  lt_cv_deplibs_check_method=pass_all
+  ;;
+esac
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5
+$as_echo "$lt_cv_deplibs_check_method" >&6; }
+file_magic_cmd=$lt_cv_file_magic_cmd
+deplibs_check_method=$lt_cv_deplibs_check_method
+test -z "$deplibs_check_method" && deplibs_check_method=unknown
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ar", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_AR+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$AR"; then
+  ac_cv_prog_AR="$AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_AR="${ac_tool_prefix}ar"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+AR=$ac_cv_prog_AR
+if test -n "$AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5
+$as_echo "$AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_AR"; then
+  ac_ct_AR=$AR
+  # Extract the first word of "ar", so it can be a program name with args.
+set dummy ar; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_AR+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_AR"; then
+  ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_AR="ar"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_AR=$ac_cv_prog_ac_ct_AR
+if test -n "$ac_ct_AR"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5
+$as_echo "$ac_ct_AR" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_AR" = x; then
+    AR="false"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    AR=$ac_ct_AR
+  fi
+else
+  AR="$ac_cv_prog_AR"
+fi
+
+test -z "$AR" && AR=ar
+test -z "$AR_FLAGS" && AR_FLAGS=cru
+
+
+
+
+
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args.
+set dummy ${ac_tool_prefix}strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_STRIP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$STRIP"; then
+  ac_cv_prog_STRIP="$STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_STRIP="${ac_tool_prefix}strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+STRIP=$ac_cv_prog_STRIP
+if test -n "$STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5
+$as_echo "$STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_STRIP"; then
+  ac_ct_STRIP=$STRIP
+  # Extract the first word of "strip", so it can be a program name with args.
+set dummy strip; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_STRIP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_STRIP"; then
+  ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_STRIP="strip"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP
+if test -n "$ac_ct_STRIP"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5
+$as_echo "$ac_ct_STRIP" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_STRIP" = x; then
+    STRIP=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    STRIP=$ac_ct_STRIP
+  fi
+else
+  STRIP="$ac_cv_prog_STRIP"
+fi
+
+test -z "$STRIP" && STRIP=:
+
+
+
+
+
+
+if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args.
+set dummy ${ac_tool_prefix}ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_RANLIB+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$RANLIB"; then
+  ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+RANLIB=$ac_cv_prog_RANLIB
+if test -n "$RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5
+$as_echo "$RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_RANLIB"; then
+  ac_ct_RANLIB=$RANLIB
+  # Extract the first word of "ranlib", so it can be a program name with args.
+set dummy ranlib; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_RANLIB+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_RANLIB"; then
+  ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_RANLIB="ranlib"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB
+if test -n "$ac_ct_RANLIB"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5
+$as_echo "$ac_ct_RANLIB" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_RANLIB" = x; then
+    RANLIB=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    RANLIB=$ac_ct_RANLIB
+  fi
+else
+  RANLIB="$ac_cv_prog_RANLIB"
+fi
+
+test -z "$RANLIB" && RANLIB=:
+
+
+
+
+
+
+# Determine commands to create old-style static archives.
+old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs'
+old_postinstall_cmds='chmod 644 $oldlib'
+old_postuninstall_cmds=
+
+if test -n "$RANLIB"; then
+  case $host_os in
+  openbsd*)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$oldlib"
+    ;;
+  *)
+    old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$oldlib"
+    ;;
+  esac
+  old_archive_cmds="$old_archive_cmds~\$RANLIB \$oldlib"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+# Check for command to grab the raw symbol name followed by C symbol from nm.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5
+$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; }
+if test "${lt_cv_sys_global_symbol_pipe+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+
+# These are sane defaults that work on at least a few old systems.
+# [They come from Ultrix.  What could be older than Ultrix?!! ;)]
+
+# Character class describing NM global symbol codes.
+symcode='[BCDEGRST]'
+
+# Regexp to match symbols that can be accessed directly from C.
+sympat='\([_A-Za-z][_A-Za-z0-9]*\)'
+
+# Define system-specific variables.
+case $host_os in
+aix*)
+  symcode='[BCDT]'
+  ;;
+cygwin* | mingw* | pw32* | cegcc*)
+  symcode='[ABCDGISTW]'
+  ;;
+hpux*)
+  if test "$host_cpu" = ia64; then
+    symcode='[ABCDEGRST]'
+  fi
+  ;;
+irix* | nonstopux*)
+  symcode='[BCDEGRST]'
+  ;;
+osf*)
+  symcode='[BCDEGQRST]'
+  ;;
+solaris*)
+  symcode='[BDRT]'
+  ;;
+sco3.2v5*)
+  symcode='[DT]'
+  ;;
+sysv4.2uw2*)
+  symcode='[DT]'
+  ;;
+sysv5* | sco5v6* | unixware* | OpenUNIX*)
+  symcode='[ABDT]'
+  ;;
+sysv4)
+  symcode='[DFNSTU]'
+  ;;
+esac
+
+# If we're using GNU nm, then use its standard symbol codes.
+case `$NM -V 2>&1` in
+*GNU* | *'with BFD'*)
+  symcode='[ABCDGIRSTW]' ;;
+esac
+
+# Transform an extracted symbol line into a proper C declaration.
+# Some systems (esp. on ia64) link data and code symbols differently,
+# so use this general approach.
+lt_cv_sys_global_symbol_to_cdecl="sed -n -e 's/^T .* \(.*\)$/extern int \1();/p' -e 's/^$symcode* .* \(.*\)$/extern char \1;/p'"
+
+# Transform an extracted symbol line into symbol name and symbol address
+lt_cv_sys_global_symbol_to_c_name_address="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"\2\", (void *) \&\2},/p'"
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n -e 's/^: \([^ ]*\) $/  {\\\"\1\\\", (void *) 0},/p' -e 's/^$symcode* \([^ ]*\) \(lib[^ ]*\)$/  {\"\2\", (void *) \&\2},/p' -e 's/^$symcode* \([^ ]*\) \([^ ]*\)$/  {\"lib\2\", (void *) \&\2},/p'"
+
+# Handle CRLF in mingw tool chain
+opt_cr=
+case $build_os in
+mingw*)
+  opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp
+  ;;
+esac
+
+# Try without a prefix underscore, then with it.
+for ac_symprfx in "" "_"; do
+
+  # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol.
+  symxfrm="\\1 $ac_symprfx\\2 \\2"
+
+  # Write the raw and C identifiers.
+  if test "$lt_cv_nm_interface" = "MS dumpbin"; then
+    # Fake it for dumpbin and say T for any non-static function
+    # and D for any global variable.
+    # Also find C++ and __fastcall symbols from MSVC++,
+    # which start with @ or ?.
+    lt_cv_sys_global_symbol_pipe="$AWK '"\
+"     {last_section=section; section=\$ 3};"\
+"     /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\
+"     \$ 0!~/External *\|/{next};"\
+"     / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\
+"     {if(hide[section]) next};"\
+"     {f=0}; \$ 0~/\(\).*\|/{f=1}; {printf f ? \"T \" : \"D \"};"\
+"     {split(\$ 0, a, /\||\r/); split(a[2], s)};"\
+"     s[1]~/^[@?]/{print s[1], s[1]; next};"\
+"     s[1]~prfx {split(s[1],t,\"@\"); print t[1], substr(t[1],length(prfx))}"\
+"     ' prfx=^$ac_symprfx"
+  else
+    lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[	 ]\($symcode$symcode*\)[	 ][	 ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'"
+  fi
+
+  # Check to see that the pipe works correctly.
+  pipe_works=no
+
+  rm -f conftest*
+  cat > conftest.$ac_ext <<_LT_EOF
+#ifdef __cplusplus
+extern "C" {
+#endif
+char nm_test_var;
+void nm_test_func(void);
+void nm_test_func(void){}
+#ifdef __cplusplus
+}
+#endif
+int main(){nm_test_var='a';nm_test_func();return(0);}
+_LT_EOF
+
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    # Now try to grab the symbols.
+    nlist=conftest.nm
+    if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist\""; } >&5
+  (eval $NM conftest.$ac_objext \| $lt_cv_sys_global_symbol_pipe \> $nlist) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s "$nlist"; then
+      # Try sorting and uniquifying the output.
+      if sort "$nlist" | uniq > "$nlist"T; then
+	mv -f "$nlist"T "$nlist"
+      else
+	rm -f "$nlist"T
+      fi
+
+      # Make sure that we snagged all the symbols we need.
+      if $GREP ' nm_test_var$' "$nlist" >/dev/null; then
+	if $GREP ' nm_test_func$' "$nlist" >/dev/null; then
+	  cat <<_LT_EOF > conftest.$ac_ext
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+_LT_EOF
+	  # Now generate the symbol file.
+	  eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext'
+
+	  cat <<_LT_EOF >> conftest.$ac_ext
+
+/* The mapping between symbol names and symbols.  */
+const struct {
+  const char *name;
+  void       *address;
+}
+lt__PROGRAM__LTX_preloaded_symbols[] =
+{
+  { "@PROGRAM@", (void *) 0 },
+_LT_EOF
+	  $SED "s/^$symcode$symcode* \(.*\) \(.*\)$/  {\"\2\", (void *) \&\2},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext
+	  cat <<\_LT_EOF >> conftest.$ac_ext
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt__PROGRAM__LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif
+_LT_EOF
+	  # Now try linking the two files.
+	  mv conftest.$ac_objext conftstm.$ac_objext
+	  lt_save_LIBS="$LIBS"
+	  lt_save_CFLAGS="$CFLAGS"
+	  LIBS="conftstm.$ac_objext"
+	  CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag"
+	  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest${ac_exeext}; then
+	    pipe_works=yes
+	  fi
+	  LIBS="$lt_save_LIBS"
+	  CFLAGS="$lt_save_CFLAGS"
+	else
+	  echo "cannot find nm_test_func in $nlist" >&5
+	fi
+      else
+	echo "cannot find nm_test_var in $nlist" >&5
+      fi
+    else
+      echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5
+    fi
+  else
+    echo "$progname: failed program was:" >&5
+    cat conftest.$ac_ext >&5
+  fi
+  rm -rf conftest* conftst*
+
+  # Do not use the global_symbol_pipe unless it works.
+  if test "$pipe_works" = yes; then
+    break
+  else
+    lt_cv_sys_global_symbol_pipe=
+  fi
+done
+
+fi
+
+if test -z "$lt_cv_sys_global_symbol_pipe"; then
+  lt_cv_sys_global_symbol_to_cdecl=
+fi
+if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5
+$as_echo "failed" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5
+$as_echo "ok" >&6; }
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --enable-libtool-lock was given.
+if test "${enable_libtool_lock+set}" = set; then :
+  enableval=$enable_libtool_lock;
+fi
+
+test "x$enable_libtool_lock" != xno && enable_libtool_lock=yes
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case $host in
+ia64-*-hpux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.$ac_objext` in
+      *ELF-32*)
+	HPUX_IA64_MODE="32"
+	;;
+      *ELF-64*)
+	HPUX_IA64_MODE="64"
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '#line 6614 "configure"' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    if test "$lt_cv_prog_gnu_ld" = yes; then
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -melf32bsmip"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -melf32bmipn32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -melf64bmip"
+	;;
+      esac
+    else
+      case `/usr/bin/file conftest.$ac_objext` in
+	*32-bit*)
+	  LD="${LD-ld} -32"
+	  ;;
+	*N32*)
+	  LD="${LD-ld} -n32"
+	  ;;
+	*64-bit*)
+	  LD="${LD-ld} -64"
+	  ;;
+      esac
+    fi
+  fi
+  rm -rf conftest*
+  ;;
+
+x86_64-*kfreebsd*-gnu|x86_64-*linux*|ppc*-*linux*|powerpc*-*linux*| \
+s390*-*linux*|s390*-*tpf*|sparc*-*linux*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.o` in
+      *32-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_i386_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_i386"
+	    ;;
+	  ppc64-*linux*|powerpc64-*linux*)
+	    LD="${LD-ld} -m elf32ppclinux"
+	    ;;
+	  s390x-*linux*)
+	    LD="${LD-ld} -m elf_s390"
+	    ;;
+	  sparc64-*linux*)
+	    LD="${LD-ld} -m elf32_sparc"
+	    ;;
+	esac
+	;;
+      *64-bit*)
+	case $host in
+	  x86_64-*kfreebsd*-gnu)
+	    LD="${LD-ld} -m elf_x86_64_fbsd"
+	    ;;
+	  x86_64-*linux*)
+	    LD="${LD-ld} -m elf_x86_64"
+	    ;;
+	  ppc*-*linux*|powerpc*-*linux*)
+	    LD="${LD-ld} -m elf64ppc"
+	    ;;
+	  s390*-*linux*|s390*-*tpf*)
+	    LD="${LD-ld} -m elf64_s390"
+	    ;;
+	  sparc*-*linux*)
+	    LD="${LD-ld} -m elf64_sparc"
+	    ;;
+	esac
+	;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5
+$as_echo_n "checking whether the C compiler needs -belf... " >&6; }
+if test "${lt_cv_cc_needs_belf+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+     cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_cc_needs_belf=yes
+else
+  lt_cv_cc_needs_belf=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+     ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5
+$as_echo "$lt_cv_cc_needs_belf" >&6; }
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+sparc*-*solaris*)
+  # Find out which ABI we are using.
+  echo 'int i;' > conftest.$ac_ext
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+    case `/usr/bin/file conftest.o` in
+    *64-bit*)
+      case $lt_cv_prog_gnu_ld in
+      yes*) LD="${LD-ld} -m elf64_sparc" ;;
+      *)
+	if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then
+	  LD="${LD-ld} -64"
+	fi
+	;;
+      esac
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+esac
+
+need_locks="$enable_libtool_lock"
+
+
+  case $host_os in
+    rhapsody* | darwin*)
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args.
+set dummy ${ac_tool_prefix}dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_DSYMUTIL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$DSYMUTIL"; then
+  ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+DSYMUTIL=$ac_cv_prog_DSYMUTIL
+if test -n "$DSYMUTIL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5
+$as_echo "$DSYMUTIL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_DSYMUTIL"; then
+  ac_ct_DSYMUTIL=$DSYMUTIL
+  # Extract the first word of "dsymutil", so it can be a program name with args.
+set dummy dsymutil; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_DSYMUTIL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_DSYMUTIL"; then
+  ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_DSYMUTIL="dsymutil"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL
+if test -n "$ac_ct_DSYMUTIL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5
+$as_echo "$ac_ct_DSYMUTIL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_DSYMUTIL" = x; then
+    DSYMUTIL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    DSYMUTIL=$ac_ct_DSYMUTIL
+  fi
+else
+  DSYMUTIL="$ac_cv_prog_DSYMUTIL"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args.
+set dummy ${ac_tool_prefix}nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_NMEDIT+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$NMEDIT"; then
+  ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+NMEDIT=$ac_cv_prog_NMEDIT
+if test -n "$NMEDIT"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5
+$as_echo "$NMEDIT" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_NMEDIT"; then
+  ac_ct_NMEDIT=$NMEDIT
+  # Extract the first word of "nmedit", so it can be a program name with args.
+set dummy nmedit; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_NMEDIT+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_NMEDIT"; then
+  ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_NMEDIT="nmedit"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT
+if test -n "$ac_ct_NMEDIT"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5
+$as_echo "$ac_ct_NMEDIT" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_NMEDIT" = x; then
+    NMEDIT=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    NMEDIT=$ac_ct_NMEDIT
+  fi
+else
+  NMEDIT="$ac_cv_prog_NMEDIT"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args.
+set dummy ${ac_tool_prefix}lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_LIPO+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$LIPO"; then
+  ac_cv_prog_LIPO="$LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_LIPO="${ac_tool_prefix}lipo"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+LIPO=$ac_cv_prog_LIPO
+if test -n "$LIPO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5
+$as_echo "$LIPO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_LIPO"; then
+  ac_ct_LIPO=$LIPO
+  # Extract the first word of "lipo", so it can be a program name with args.
+set dummy lipo; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_LIPO+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_LIPO"; then
+  ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_LIPO="lipo"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO
+if test -n "$ac_ct_LIPO"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5
+$as_echo "$ac_ct_LIPO" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_LIPO" = x; then
+    LIPO=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    LIPO=$ac_ct_LIPO
+  fi
+else
+  LIPO="$ac_cv_prog_LIPO"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OTOOL"; then
+  ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_OTOOL="${ac_tool_prefix}otool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL=$ac_cv_prog_OTOOL
+if test -n "$OTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5
+$as_echo "$OTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL"; then
+  ac_ct_OTOOL=$OTOOL
+  # Extract the first word of "otool", so it can be a program name with args.
+set dummy otool; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OTOOL"; then
+  ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_OTOOL="otool"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL
+if test -n "$ac_ct_OTOOL"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5
+$as_echo "$ac_ct_OTOOL" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OTOOL" = x; then
+    OTOOL=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OTOOL=$ac_ct_OTOOL
+  fi
+else
+  OTOOL="$ac_cv_prog_OTOOL"
+fi
+
+    if test -n "$ac_tool_prefix"; then
+  # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args.
+set dummy ${ac_tool_prefix}otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_OTOOL64+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$OTOOL64"; then
+  ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+OTOOL64=$ac_cv_prog_OTOOL64
+if test -n "$OTOOL64"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5
+$as_echo "$OTOOL64" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+fi
+if test -z "$ac_cv_prog_OTOOL64"; then
+  ac_ct_OTOOL64=$OTOOL64
+  # Extract the first word of "otool64", so it can be a program name with args.
+set dummy otool64; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_OTOOL64+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_OTOOL64"; then
+  ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_OTOOL64="otool64"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64
+if test -n "$ac_ct_OTOOL64"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5
+$as_echo "$ac_ct_OTOOL64" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+  if test "x$ac_ct_OTOOL64" = x; then
+    OTOOL64=":"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    OTOOL64=$ac_ct_OTOOL64
+  fi
+else
+  OTOOL64="$ac_cv_prog_OTOOL64"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5
+$as_echo_n "checking for -single_module linker flag... " >&6; }
+if test "${lt_cv_apple_cc_single_mod+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_apple_cc_single_mod=no
+      if test -z "${LT_MULTI_MODULE}"; then
+	# By default we will add the -single_module flag. You can override
+	# by either setting the environment variable LT_MULTI_MODULE
+	# non-empty at configure time, or by adding -multi_module to the
+	# link flags.
+	rm -rf libconftest.dylib*
+	echo "int foo(void){return 1;}" > conftest.c
+	echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+-dynamiclib -Wl,-single_module conftest.c" >&5
+	$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \
+	  -dynamiclib -Wl,-single_module conftest.c 2>conftest.err
+        _lt_result=$?
+	if test -f libconftest.dylib && test ! -s conftest.err && test $_lt_result = 0; then
+	  lt_cv_apple_cc_single_mod=yes
+	else
+	  cat conftest.err >&5
+	fi
+	rm -rf libconftest.dylib*
+	rm -f conftest.*
+      fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5
+$as_echo "$lt_cv_apple_cc_single_mod" >&6; }
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5
+$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; }
+if test "${lt_cv_ld_exported_symbols_list+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_ld_exported_symbols_list=no
+      save_LDFLAGS=$LDFLAGS
+      echo "_main" > conftest.sym
+      LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym"
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  lt_cv_ld_exported_symbols_list=yes
+else
+  lt_cv_ld_exported_symbols_list=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+	LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5
+$as_echo "$lt_cv_ld_exported_symbols_list" >&6; }
+    case $host_os in
+    rhapsody* | darwin1.[012])
+      _lt_dar_allow_undefined='${wl}-undefined ${wl}suppress' ;;
+    darwin1.*)
+      _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+    darwin*) # darwin 5.x on
+      # if running on 10.5 or later, the deployment target defaults
+      # to the OS version, if on x86, and 10.4, the deployment
+      # target defaults to 10.4. Don't you love it?
+      case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in
+	10.0,*86*-darwin8*|10.0,*-darwin[91]*)
+	  _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+	10.[012]*)
+	  _lt_dar_allow_undefined='${wl}-flat_namespace ${wl}-undefined ${wl}suppress' ;;
+	10.*)
+	  _lt_dar_allow_undefined='${wl}-undefined ${wl}dynamic_lookup' ;;
+      esac
+    ;;
+  esac
+    if test "$lt_cv_apple_cc_single_mod" = "yes"; then
+      _lt_dar_single_mod='$single_module'
+    fi
+    if test "$lt_cv_ld_exported_symbols_list" = "yes"; then
+      _lt_dar_export_syms=' ${wl}-exported_symbols_list,$output_objdir/${libname}-symbols.expsym'
+    else
+      _lt_dar_export_syms='~$NMEDIT -s $output_objdir/${libname}-symbols.expsym ${lib}'
+    fi
+    if test "$DSYMUTIL" != ":"; then
+      _lt_dsymutil='~$DSYMUTIL $lib || :'
+    else
+      _lt_dsymutil=
+    fi
+    ;;
+  esac
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5
+$as_echo_n "checking how to run the C preprocessor... " >&6; }
+# On Suns, sometimes $CPP names a directory.
+if test -n "$CPP" && test -d "$CPP"; then
+  CPP=
+fi
+if test -z "$CPP"; then
+  if test "${ac_cv_prog_CPP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+      # Double quotes because CPP needs to be expanded
+    for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+  break
+fi
+
+    done
+    ac_cv_prog_CPP=$CPP
+
+fi
+  CPP=$ac_cv_prog_CPP
+else
+  ac_cv_prog_CPP=$CPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5
+$as_echo "$CPP" >&6; }
+ac_preproc_ok=false
+for ac_c_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_c_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+as_fn_error "C preprocessor \"$CPP\" fails sanity check
+See \`config.log' for more details." "$LINENO" 5; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+# On IRIX 5.3, sys/types and inttypes.h are conflicting.
+for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \
+		  inttypes.h stdint.h unistd.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+for ac_header in dlfcn.h
+do :
+  ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default
+"
+if test "x$ac_cv_header_dlfcn_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_DLFCN_H 1
+_ACEOF
+
+fi
+
+done
+
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+if test -z "$CXX"; then
+  if test -n "$CCC"; then
+    CXX=$CCC
+  else
+    if test -n "$ac_tool_prefix"; then
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+  do
+    # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args.
+set dummy $ac_tool_prefix$ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$CXX"; then
+  ac_cv_prog_CXX="$CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_CXX="$ac_tool_prefix$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+CXX=$ac_cv_prog_CXX
+if test -n "$CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5
+$as_echo "$CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    test -n "$CXX" && break
+  done
+fi
+if test -z "$CXX"; then
+  ac_ct_CXX=$CXX
+  for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC
+do
+  # Extract the first word of "$ac_prog", so it can be a program name with args.
+set dummy $ac_prog; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_prog_ac_ct_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -n "$ac_ct_CXX"; then
+  ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test.
+else
+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_prog_ac_ct_CXX="$ac_prog"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+fi
+fi
+ac_ct_CXX=$ac_cv_prog_ac_ct_CXX
+if test -n "$ac_ct_CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5
+$as_echo "$ac_ct_CXX" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  test -n "$ac_ct_CXX" && break
+done
+
+  if test "x$ac_ct_CXX" = x; then
+    CXX="g++"
+  else
+    case $cross_compiling:$ac_tool_warned in
+yes:)
+{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5
+$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;}
+ac_tool_warned=yes ;;
+esac
+    CXX=$ac_ct_CXX
+  fi
+fi
+
+  fi
+fi
+# Provide some information about the compiler.
+$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5
+set X $ac_compile
+ac_compiler=$2
+for ac_option in --version -v -V -qversion; do
+  { { ac_try="$ac_compiler $ac_option >&5"
+case "(($ac_try" in
+  *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
+  *) ac_try_echo=$ac_try;;
+esac
+eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\""
+$as_echo "$ac_try_echo"; } >&5
+  (eval "$ac_compiler $ac_option >&5") 2>conftest.err
+  ac_status=$?
+  if test -s conftest.err; then
+    sed '10a\
+... rest of stderr output deleted ...
+         10q' conftest.err >conftest.er1
+    cat conftest.er1 >&5
+  fi
+  rm -f conftest.er1 conftest.err
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5
+$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; }
+if test "${ac_cv_cxx_compiler_gnu+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+#ifndef __GNUC__
+       choke me
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_compiler_gnu=yes
+else
+  ac_compiler_gnu=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+ac_cv_cxx_compiler_gnu=$ac_compiler_gnu
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5
+$as_echo "$ac_cv_cxx_compiler_gnu" >&6; }
+if test $ac_compiler_gnu = yes; then
+  GXX=yes
+else
+  GXX=
+fi
+ac_test_CXXFLAGS=${CXXFLAGS+set}
+ac_save_CXXFLAGS=$CXXFLAGS
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5
+$as_echo_n "checking whether $CXX accepts -g... " >&6; }
+if test "${ac_cv_prog_cxx_g+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_save_cxx_werror_flag=$ac_cxx_werror_flag
+   ac_cxx_werror_flag=yes
+   ac_cv_prog_cxx_g=no
+   CXXFLAGS="-g"
+   cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+else
+  CXXFLAGS=""
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+
+else
+  ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+	 CXXFLAGS="-g"
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_compile "$LINENO"; then :
+  ac_cv_prog_cxx_g=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+   ac_cxx_werror_flag=$ac_save_cxx_werror_flag
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5
+$as_echo "$ac_cv_prog_cxx_g" >&6; }
+if test "$ac_test_CXXFLAGS" = set; then
+  CXXFLAGS=$ac_save_CXXFLAGS
+elif test $ac_cv_prog_cxx_g = yes; then
+  if test "$GXX" = yes; then
+    CXXFLAGS="-g -O2"
+  else
+    CXXFLAGS="-g"
+  fi
+else
+  if test "$GXX" = yes; then
+    CXXFLAGS="-O2"
+  else
+    CXXFLAGS=
+  fi
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+depcc="$CXX"  am_compiler_list=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5
+$as_echo_n "checking dependency style of $depcc... " >&6; }
+if test "${am_cv_CXX_dependencies_compiler_type+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then
+  # We make a subdir and do the tests there.  Otherwise we can end up
+  # making bogus files that we don't know about and never remove.  For
+  # instance it was reported that on HP-UX the gcc test will end up
+  # making a dummy file named `D' -- because `-MD' means `put the output
+  # in D'.
+  mkdir conftest.dir
+  # Copy depcomp to subdir because otherwise we won't find it if we're
+  # using a relative directory.
+  cp "$am_depcomp" conftest.dir
+  cd conftest.dir
+  # We will build objects and dependencies in a subdirectory because
+  # it helps to detect inapplicable dependency modes.  For instance
+  # both Tru64's cc and ICC support -MD to output dependencies as a
+  # side effect of compilation, but ICC will put the dependencies in
+  # the current directory while Tru64 will put them in the object
+  # directory.
+  mkdir sub
+
+  am_cv_CXX_dependencies_compiler_type=none
+  if test "$am_compiler_list" = ""; then
+     am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp`
+  fi
+  am__universal=false
+  case " $depcc " in #(
+     *\ -arch\ *\ -arch\ *) am__universal=true ;;
+     esac
+
+  for depmode in $am_compiler_list; do
+    # Setup a source with many dependencies, because some compilers
+    # like to wrap large dependency lists on column 80 (with \), and
+    # we should not choose a depcomp mode which is confused by this.
+    #
+    # We need to recreate these files for each test, as the compiler may
+    # overwrite some of them when testing with obscure command lines.
+    # This happens at least with the AIX C compiler.
+    : > sub/conftest.c
+    for i in 1 2 3 4 5 6; do
+      echo '#include "conftst'$i'.h"' >> sub/conftest.c
+      # Using `: > sub/conftst$i.h' creates only sub/conftst1.h with
+      # Solaris 8's {/usr,}/bin/sh.
+      touch sub/conftst$i.h
+    done
+    echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf
+
+    # We check with `-c' and `-o' for the sake of the "dashmstdout"
+    # mode.  It turns out that the SunPro C++ compiler does not properly
+    # handle `-M -o', and we need to detect this.  Also, some Intel
+    # versions had trouble with output in subdirs
+    am__obj=sub/conftest.${OBJEXT-o}
+    am__minus_obj="-o $am__obj"
+    case $depmode in
+    gcc)
+      # This depmode causes a compiler race in universal mode.
+      test "$am__universal" = false || continue
+      ;;
+    nosideeffect)
+      # after this tag, mechanisms are not by side-effect, so they'll
+      # only be used when explicitly requested
+      if test "x$enable_dependency_tracking" = xyes; then
+	continue
+      else
+	break
+      fi
+      ;;
+    msvisualcpp | msvcmsys)
+      # This compiler won't grok `-c -o', but also, the minuso test has
+      # not run yet.  These depmodes are late enough in the game, and
+      # so weak that their functioning should not be impacted.
+      am__obj=conftest.${OBJEXT-o}
+      am__minus_obj=
+      ;;
+    none) break ;;
+    esac
+    if depmode=$depmode \
+       source=sub/conftest.c object=$am__obj \
+       depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \
+       $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \
+         >/dev/null 2>conftest.err &&
+       grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 &&
+       grep $am__obj sub/conftest.Po > /dev/null 2>&1 &&
+       ${MAKE-make} -s -f confmf > /dev/null 2>&1; then
+      # icc doesn't choke on unknown options, it will just issue warnings
+      # or remarks (even with -Werror).  So we grep stderr for any message
+      # that says an option was ignored or not supported.
+      # When given -MP, icc 7.0 and 7.1 complain thusly:
+      #   icc: Command line warning: ignoring option '-M'; no argument required
+      # The diagnosis changed in icc 8.0:
+      #   icc: Command line remark: option '-MP' not supported
+      if (grep 'ignoring option' conftest.err ||
+          grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else
+        am_cv_CXX_dependencies_compiler_type=$depmode
+        break
+      fi
+    fi
+  done
+
+  cd ..
+  rm -rf conftest.dir
+else
+  am_cv_CXX_dependencies_compiler_type=none
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5
+$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; }
+CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type
+
+ if
+  test "x$enable_dependency_tracking" != xno \
+  && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then
+  am__fastdepCXX_TRUE=
+  am__fastdepCXX_FALSE='#'
+else
+  am__fastdepCXX_TRUE='#'
+  am__fastdepCXX_FALSE=
+fi
+
+
+if test -n "$CXX" && ( test "X$CXX" != "Xno" &&
+    ( (test "X$CXX" = "Xg++" && `g++ -v >/dev/null 2>&1` ) ||
+    (test "X$CXX" != "Xg++"))) ; then
+  ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5
+$as_echo_n "checking how to run the C++ preprocessor... " >&6; }
+if test -z "$CXXCPP"; then
+  if test "${ac_cv_prog_CXXCPP+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+      # Double quotes because CXXCPP needs to be expanded
+    for CXXCPP in "$CXX -E" "/lib/cpp"
+    do
+      ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+  break
+fi
+
+    done
+    ac_cv_prog_CXXCPP=$CXXCPP
+
+fi
+  CXXCPP=$ac_cv_prog_CXXCPP
+else
+  ac_cv_prog_CXXCPP=$CXXCPP
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5
+$as_echo "$CXXCPP" >&6; }
+ac_preproc_ok=false
+for ac_cxx_preproc_warn_flag in '' yes
+do
+  # Use a header file that comes with gcc, so configuring glibc
+  # with a fresh cross-compiler works.
+  # Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
+  # <limits.h> exists even on freestanding compilers.
+  # On the NeXT, cc -E runs the code through the compiler's parser,
+  # not just through cpp. "Syntax error" is here to catch this case.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#ifdef __STDC__
+# include <limits.h>
+#else
+# include <assert.h>
+#endif
+		     Syntax error
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+
+else
+  # Broken: fails on valid input.
+continue
+fi
+rm -f conftest.err conftest.$ac_ext
+
+  # OK, works on sane cases.  Now check whether nonexistent headers
+  # can be detected and how.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ac_nonexistent.h>
+_ACEOF
+if ac_fn_cxx_try_cpp "$LINENO"; then :
+  # Broken: success on invalid input.
+continue
+else
+  # Passes both tests.
+ac_preproc_ok=:
+break
+fi
+rm -f conftest.err conftest.$ac_ext
+
+done
+# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped.
+rm -f conftest.err conftest.$ac_ext
+if $ac_preproc_ok; then :
+
+else
+  { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5
+$as_echo "$as_me: error: in \`$ac_pwd':" >&2;}
+_lt_caught_CXX_error=yes; }
+fi
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+else
+  _lt_caught_CXX_error=yes
+fi
+
+
+
+
+
+# Set options
+
+
+
+        enable_dlopen=no
+
+
+  enable_win32_dll=no
+
+
+            # Check whether --enable-shared was given.
+if test "${enable_shared+set}" = set; then :
+  enableval=$enable_shared; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_shared=yes ;;
+    no) enable_shared=no ;;
+    *)
+      enable_shared=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_shared=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_shared=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# Check whether --with-pic was given.
+if test "${with_pic+set}" = set; then :
+  withval=$with_pic; pic_mode="$withval"
+else
+  pic_mode=default
+fi
+
+
+test -z "$pic_mode" && pic_mode=default
+
+
+
+
+
+
+
+  # Check whether --enable-fast-install was given.
+if test "${enable_fast_install+set}" = set; then :
+  enableval=$enable_fast_install; p=${PACKAGE-default}
+    case $enableval in
+    yes) enable_fast_install=yes ;;
+    no) enable_fast_install=no ;;
+    *)
+      enable_fast_install=no
+      # Look at the argument we got.  We use all the common list separators.
+      lt_save_ifs="$IFS"; IFS="${IFS}$PATH_SEPARATOR,"
+      for pkg in $enableval; do
+	IFS="$lt_save_ifs"
+	if test "X$pkg" = "X$p"; then
+	  enable_fast_install=yes
+	fi
+      done
+      IFS="$lt_save_ifs"
+      ;;
+    esac
+else
+  enable_fast_install=yes
+fi
+
+
+
+
+
+
+
+
+
+
+
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ltmain"
+
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+test -z "$LN_S" && LN_S="ln -s"
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+if test -n "${ZSH_VERSION+set}" ; then
+   setopt NO_GLOB_SUBST
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5
+$as_echo_n "checking for objdir... " >&6; }
+if test "${lt_cv_objdir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f .libs 2>/dev/null
+mkdir .libs 2>/dev/null
+if test -d .libs; then
+  lt_cv_objdir=.libs
+else
+  # MS-DOS does not allow filenames that begin with a dot.
+  lt_cv_objdir=_libs
+fi
+rmdir .libs 2>/dev/null
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5
+$as_echo "$lt_cv_objdir" >&6; }
+objdir=$lt_cv_objdir
+
+
+
+
+
+cat >>confdefs.h <<_ACEOF
+#define LT_OBJDIR "$lt_cv_objdir/"
+_ACEOF
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+case $host_os in
+aix3*)
+  # AIX sometimes has problems with the GCC collect2 program.  For some
+  # reason, if we set the COLLECT_NAMES environment variable, the problems
+  # vanish in a puff of smoke.
+  if test "X${COLLECT_NAMES+set}" != Xset; then
+    COLLECT_NAMES=
+    export COLLECT_NAMES
+  fi
+  ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+sed_quote_subst='s/\(["`$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Sed substitution to delay expansion of an escaped shell variable in a
+# double_quote_subst'ed string.
+delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g'
+
+# Sed substitution to delay expansion of an escaped single quote.
+delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g'
+
+# Sed substitution to avoid accidental globbing in evaled expressions
+no_glob_subst='s/\*/\\\*/g'
+
+# Global variables:
+ofile=libtool
+can_build_shared=yes
+
+# All known linkers require a `.a' archive for static linking (except MSVC,
+# which needs '.lib').
+libext=a
+
+with_gnu_ld="$lt_cv_prog_gnu_ld"
+
+old_CC="$CC"
+old_CFLAGS="$CFLAGS"
+
+# Set sane defaults for various variables
+test -z "$CC" && CC=cc
+test -z "$LTCC" && LTCC=$CC
+test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS
+test -z "$LD" && LD=ld
+test -z "$ac_objext" && ac_objext=o
+
+for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+# Only perform the check for file, if the check method requires it
+test -z "$MAGIC_CMD" && MAGIC_CMD=file
+case $deplibs_check_method in
+file_magic*)
+  if test "$file_magic_cmd" = '$MAGIC_CMD'; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5
+$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/${ac_tool_prefix}file; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/${ac_tool_prefix}file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+
+
+
+if test -z "$lt_cv_path_MAGIC_CMD"; then
+  if test -n "$ac_tool_prefix"; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5
+$as_echo_n "checking for file... " >&6; }
+if test "${lt_cv_path_MAGIC_CMD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $MAGIC_CMD in
+[\\/*] |  ?:[\\/]*)
+  lt_cv_path_MAGIC_CMD="$MAGIC_CMD" # Let the user override the test with a path.
+  ;;
+*)
+  lt_save_MAGIC_CMD="$MAGIC_CMD"
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  ac_dummy="/usr/bin$PATH_SEPARATOR$PATH"
+  for ac_dir in $ac_dummy; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/file; then
+      lt_cv_path_MAGIC_CMD="$ac_dir/file"
+      if test -n "$file_magic_test_file"; then
+	case $deplibs_check_method in
+	"file_magic "*)
+	  file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"`
+	  MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+	  if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null |
+	    $EGREP "$file_magic_regex" > /dev/null; then
+	    :
+	  else
+	    cat <<_LT_EOF 1>&2
+
+*** Warning: the command libtool uses to detect shared libraries,
+*** $file_magic_cmd, produces output that libtool cannot recognize.
+*** The result is that libtool may fail to recognize shared libraries
+*** as such.  This will affect the creation of libtool libraries that
+*** depend on shared libraries, but programs linked with such libtool
+*** libraries will work regardless of this problem.  Nevertheless, you
+*** may want to report the problem to your system manager and/or to
+*** bug-libtool@gnu.org
+
+_LT_EOF
+	  fi ;;
+	esac
+      fi
+      break
+    fi
+  done
+  IFS="$lt_save_ifs"
+  MAGIC_CMD="$lt_save_MAGIC_CMD"
+  ;;
+esac
+fi
+
+MAGIC_CMD="$lt_cv_path_MAGIC_CMD"
+if test -n "$MAGIC_CMD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5
+$as_echo "$MAGIC_CMD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  else
+    MAGIC_CMD=:
+  fi
+fi
+
+  fi
+  ;;
+esac
+
+# Use C for the default configuration in the libtool script
+
+lt_save_CC="$CC"
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+# Source file extension for C test sources.
+ac_ext=c
+
+# Object file extension for compiled C test sources.
+objext=o
+objext=$objext
+
+# Code to be used in simple compile tests
+lt_simple_compile_test_code="int some_variable = 0;"
+
+# Code to be used in simple link tests
+lt_simple_link_test_code='int main(){return(0);}'
+
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+# Save the default compiler, since it gets overwritten when the other
+# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP.
+compiler_DEFAULT=$CC
+
+# save warnings/boilerplate of simple test code
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+## CAVEAT EMPTOR:
+## There is no encapsulation within the following macros, do not change
+## the running order or otherwise move them around unless you know exactly
+## what you are doing...
+if test -n "$compiler"; then
+
+lt_prog_compiler_no_builtin_flag=
+
+if test "$GCC" = yes; then
+  lt_prog_compiler_no_builtin_flag=' -fno-builtin'
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5
+$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; }
+if test "${lt_cv_prog_compiler_rtti_exceptions+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_rtti_exceptions=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="-fno-rtti -fno-exceptions"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:8641: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:8645: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_rtti_exceptions=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5
+$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; }
+
+if test x"$lt_cv_prog_compiler_rtti_exceptions" = xyes; then
+    lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions"
+else
+    :
+fi
+
+fi
+
+
+
+
+
+
+  lt_prog_compiler_wl=
+lt_prog_compiler_pic=
+lt_prog_compiler_static=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+  if test "$GCC" = yes; then
+    lt_prog_compiler_wl='-Wl,'
+    lt_prog_compiler_static='-static'
+
+    case $host_os in
+      aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            lt_prog_compiler_pic='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the `-m68020' flag to GCC prevents building anything better,
+            # like `-m68040'.
+            lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      ;;
+
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic='-fno-common'
+      ;;
+
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='-fPIC'
+	;;
+      esac
+      ;;
+
+    interix[3-9]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+
+    msdosdjgpp*)
+      # Just because we use GCC doesn't mean we suddenly get shared libraries
+      # on systems that don't support them.
+      lt_prog_compiler_can_build_shared=no
+      enable_shared=no
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic=-Kconform_pic
+      fi
+      ;;
+
+    *)
+      lt_prog_compiler_pic='-fPIC'
+      ;;
+    esac
+  else
+    # PORTME Check for flag to pass linker flags through the system compiler.
+    case $host_os in
+    aix*)
+      lt_prog_compiler_wl='-Wl,'
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static='-Bstatic'
+      else
+	lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp'
+      fi
+      ;;
+
+    mingw* | cygwin* | pw32* | os2* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      lt_prog_compiler_pic='-DDLL_EXPORT'
+      ;;
+
+    hpux9* | hpux10* | hpux11*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but
+      # not for PA HP-UX.
+      case $host_cpu in
+      hppa*64*|ia64*)
+	# +Z the default
+	;;
+      *)
+	lt_prog_compiler_pic='+Z'
+	;;
+      esac
+      # Is there a better lt_prog_compiler_static that works with the bundled CC?
+      lt_prog_compiler_static='${wl}-a ${wl}archive'
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      lt_prog_compiler_wl='-Wl,'
+      # PIC (with -KPIC) is the default.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    linux* | k*bsd*-gnu)
+      case $cc_basename in
+      # old Intel for x86_64 which still supported -KPIC.
+      ecc*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-KPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # icc used to be incompatible with GCC.
+      # ICC 10 doesn't accept -KPIC any more.
+      icc* | ifort*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fPIC'
+	lt_prog_compiler_static='-static'
+        ;;
+      # Lahey Fortran 8.1.
+      lf95*)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='--shared'
+	lt_prog_compiler_static='--static'
+	;;
+      pgcc* | pgf77* | pgf90* | pgf95*)
+        # Portland Group compilers (*not* the Pentium gcc compiler,
+	# which looks to be a dead project)
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-fpic'
+	lt_prog_compiler_static='-Bstatic'
+        ;;
+      ccc*)
+        lt_prog_compiler_wl='-Wl,'
+        # All Alpha code is PIC.
+        lt_prog_compiler_static='-non_shared'
+        ;;
+      xl*)
+	# IBM XL C 8.0/Fortran 10.1 on PPC
+	lt_prog_compiler_wl='-Wl,'
+	lt_prog_compiler_pic='-qpic'
+	lt_prog_compiler_static='-qstaticlink'
+	;;
+      *)
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)
+	  # Sun C 5.9
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl='-Wl,'
+	  ;;
+	*Sun\ F*)
+	  # Sun Fortran 8.3 passes all unrecognized flags to the linker
+	  lt_prog_compiler_pic='-KPIC'
+	  lt_prog_compiler_static='-Bstatic'
+	  lt_prog_compiler_wl=''
+	  ;;
+	esac
+	;;
+      esac
+      ;;
+
+    newsos6)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *nto* | *qnx*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic='-fPIC -shared'
+      ;;
+
+    osf3* | osf4* | osf5*)
+      lt_prog_compiler_wl='-Wl,'
+      # All OSF/1 code is PIC.
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    rdos*)
+      lt_prog_compiler_static='-non_shared'
+      ;;
+
+    solaris*)
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      case $cc_basename in
+      f77* | f90* | f95*)
+	lt_prog_compiler_wl='-Qoption ld ';;
+      *)
+	lt_prog_compiler_wl='-Wl,';;
+      esac
+      ;;
+
+    sunos4*)
+      lt_prog_compiler_wl='-Qoption ld '
+      lt_prog_compiler_pic='-PIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4 | sysv4.2uw2* | sysv4.3*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec ;then
+	lt_prog_compiler_pic='-Kconform_pic'
+	lt_prog_compiler_static='-Bstatic'
+      fi
+      ;;
+
+    sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_pic='-KPIC'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    unicos*)
+      lt_prog_compiler_wl='-Wl,'
+      lt_prog_compiler_can_build_shared=no
+      ;;
+
+    uts4*)
+      lt_prog_compiler_pic='-pic'
+      lt_prog_compiler_static='-Bstatic'
+      ;;
+
+    *)
+      lt_prog_compiler_can_build_shared=no
+      ;;
+    esac
+  fi
+
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic=
+    ;;
+  *)
+    lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC"
+    ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic" >&5
+$as_echo "$lt_prog_compiler_pic" >&6; }
+
+
+
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic_works=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic -DPIC"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:8980: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:8984: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_pic_works=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works" = xyes; then
+    case $lt_prog_compiler_pic in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;;
+     esac
+else
+    lt_prog_compiler_pic=
+     lt_prog_compiler_can_build_shared=no
+fi
+
+fi
+
+
+
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_static_works=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler_static_works=yes
+       fi
+     else
+       lt_cv_prog_compiler_static_works=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5
+$as_echo "$lt_cv_prog_compiler_static_works" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works" = xyes; then
+    :
+else
+    lt_prog_compiler_static=
+fi
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:9085: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:9089: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:9140: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:9144: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5
+$as_echo "$lt_cv_prog_compiler_c_o" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+  if test "$hard_links" = no; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+  runpath_var=
+  allow_undefined_flag=
+  always_export_symbols=no
+  archive_cmds=
+  archive_expsym_cmds=
+  compiler_needs_object=no
+  enable_shared_with_static_runtimes=no
+  export_dynamic_flag_spec=
+  export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  hardcode_automatic=no
+  hardcode_direct=no
+  hardcode_direct_absolute=no
+  hardcode_libdir_flag_spec=
+  hardcode_libdir_flag_spec_ld=
+  hardcode_libdir_separator=
+  hardcode_minus_L=no
+  hardcode_shlibpath_var=unsupported
+  inherit_rpath=no
+  link_all_deplibs=unknown
+  module_cmds=
+  module_expsym_cmds=
+  old_archive_from_new_cmds=
+  old_archive_from_expsyms_cmds=
+  thread_safe_flag_spec=
+  whole_archive_flag_spec=
+  # include_expsyms should be a list of space-separated symbols to be *always*
+  # included in the symbol list
+  include_expsyms=
+  # exclude_expsyms can be an extended regexp of symbols to exclude
+  # it will be wrapped by ` (' and `)$', so one must not match beginning or
+  # end of line.  Example: `a|bc|.*d.*' will exclude the symbols `a' and `bc',
+  # as well as any symbol that contains `d'.
+  exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+  # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out
+  # platforms (ab)use it in PIC code, but their linkers get confused if
+  # the symbol is explicitly referenced.  Since portable code cannot
+  # rely on this symbol name, it's probably fine to never include it in
+  # preloaded symbol tables.
+  # Exclude shared library initialization/finalization symbols.
+  extract_expsyms_cmds=
+
+  case $host_os in
+  cygwin* | mingw* | pw32* | cegcc*)
+    # FIXME: the MSVC++ port hasn't been tested in a loooong time
+    # When not using gcc, we currently assume that we are using
+    # Microsoft Visual C++.
+    if test "$GCC" != yes; then
+      with_gnu_ld=no
+    fi
+    ;;
+  interix*)
+    # we just hope/assume this is gcc and not c89 (= MSVC++)
+    with_gnu_ld=yes
+    ;;
+  openbsd*)
+    with_gnu_ld=no
+    ;;
+  esac
+
+  ld_shlibs=yes
+  if test "$with_gnu_ld" = yes; then
+    # If archive_cmds runs LD, not CC, wlarc should be empty
+    wlarc='${wl}'
+
+    # Set some defaults for GNU ld with shared library support. These
+    # are reset later if shared libraries are not supported. Putting them
+    # here allows them to be overridden if necessary.
+    runpath_var=LD_RUN_PATH
+    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+    export_dynamic_flag_spec='${wl}--export-dynamic'
+    # ancient GNU ld didn't support --whole-archive et. al.
+    if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then
+      whole_archive_flag_spec="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+    else
+      whole_archive_flag_spec=
+    fi
+    supports_anon_versioning=no
+    case `$LD -v 2>&1` in
+      *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11
+      *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ...
+      *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ...
+      *\ 2.11.*) ;; # other 2.11 versions
+      *) supports_anon_versioning=yes ;;
+    esac
+
+    # See if GNU ld supports shared libraries.
+    case $host_os in
+    aix[3-9]*)
+      # On AIX/PPC, the GNU linker is very broken
+      if test "$host_cpu" != ia64; then
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: the GNU linker, at least up to release 2.9.1, is reported
+*** to be unable to reliably create shared libraries on AIX.
+*** Therefore, libtool is disabling shared libraries support.  If you
+*** really care for shared libraries, you may want to modify your PATH
+*** so that a non-GNU linker is found, and then restart.
+
+_LT_EOF
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+            archive_expsym_cmds=''
+        ;;
+      m68k)
+            archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_minus_L=yes
+        ;;
+      esac
+      ;;
+
+    beos*)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	allow_undefined_flag=unsupported
+	# Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	# support --undefined.  This deserves some investigation.  FIXME
+	archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless,
+      # as there is no search path for DLLs.
+      hardcode_libdir_flag_spec='-L$libdir'
+      allow_undefined_flag=unsupported
+      always_export_symbols=no
+      enable_shared_with_static_runtimes=yes
+      export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols'
+
+      if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+        archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+	# If the export-symbols file already is a .def file (1st line
+	# is EXPORTS), use it as is; otherwise, prepend...
+	archive_expsym_cmds='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	  cp $export_symbols $output_objdir/$soname.def;
+	else
+	  echo EXPORTS > $output_objdir/$soname.def;
+	  cat $export_symbols >> $output_objdir/$soname.def;
+	fi~
+	$CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    interix[3-9]*)
+      hardcode_direct=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+      export_dynamic_flag_spec='${wl}-E'
+      # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+      # Instead, shared libraries are loaded at an image base (0x10000000 by
+      # default) and relocated if they conflict, which is a slow very memory
+      # consuming and fragmenting process.  To avoid this, we pick a random,
+      # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+      # time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+      archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      archive_expsym_cmds='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+      ;;
+
+    gnu* | linux* | tpf* | k*bsd*-gnu)
+      tmp_diet=no
+      if test "$host_os" = linux-dietlibc; then
+	case $cc_basename in
+	  diet\ *) tmp_diet=yes;;	# linux-dietlibc with static linking (!diet-dyn)
+	esac
+      fi
+      if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \
+	 && test "$tmp_diet" = no
+      then
+	tmp_addflag=
+	tmp_sharedflag='-shared'
+	case $cc_basename,$host_cpu in
+        pgcc*)				# Portland Group C compiler
+	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag'
+	  ;;
+	pgf77* | pgf90* | pgf95*)	# Portland Group f77 and f90 compilers
+	  whole_archive_flag_spec='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  tmp_addflag=' $pic_flag -Mnomain' ;;
+	ecc*,ia64* | icc*,ia64*)	# Intel C compiler on ia64
+	  tmp_addflag=' -i_dynamic' ;;
+	efc*,ia64* | ifort*,ia64*)	# Intel Fortran compiler on ia64
+	  tmp_addflag=' -i_dynamic -nofor_main' ;;
+	ifc* | ifort*)			# Intel Fortran compiler
+	  tmp_addflag=' -nofor_main' ;;
+	lf95*)				# Lahey Fortran 8.1
+	  whole_archive_flag_spec=
+	  tmp_sharedflag='--shared' ;;
+	xl[cC]*)			# IBM XL C 8.0 on PPC (deal with xlf below)
+	  tmp_sharedflag='-qmkshrobj'
+	  tmp_addflag= ;;
+	esac
+	case `$CC -V 2>&1 | sed 5q` in
+	*Sun\ C*)			# Sun C 5.9
+	  whole_archive_flag_spec='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	  compiler_needs_object=yes
+	  tmp_sharedflag='-G' ;;
+	*Sun\ F*)			# Sun Fortran 8.3
+	  tmp_sharedflag='-G' ;;
+	esac
+	archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+
+        if test "x$supports_anon_versioning" = xyes; then
+          archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+	    cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+	    echo "local: *; };" >> $output_objdir/$libname.ver~
+	    $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+        fi
+
+	case $cc_basename in
+	xlf*)
+	  # IBM XL Fortran 10.1 on PPC cannot create shared libs itself
+	  whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive'
+	  hardcode_libdir_flag_spec=
+	  hardcode_libdir_flag_spec_ld='-rpath $libdir'
+	  archive_cmds='$LD -shared $libobjs $deplibs $compiler_flags -soname $soname -o $lib'
+	  if test "x$supports_anon_versioning" = xyes; then
+	    archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~
+	      cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+	      echo "local: *; };" >> $output_objdir/$libname.ver~
+	      $LD -shared $libobjs $deplibs $compiler_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib'
+	  fi
+	  ;;
+	esac
+      else
+        ld_shlibs=no
+      fi
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib'
+	wlarc=
+      else
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      fi
+      ;;
+
+    solaris*)
+      if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: The releases 2.8.* of the GNU linker cannot reliably
+*** create shared libraries on Solaris systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.9.1 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+      elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*)
+      case `$LD -v 2>&1` in
+        *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*)
+	ld_shlibs=no
+	cat <<_LT_EOF 1>&2
+
+*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 can not
+*** reliably create shared libraries on SCO systems.  Therefore, libtool
+*** is disabling shared libraries support.  We urge you to upgrade GNU
+*** binutils to release 2.16.91.0.3 or newer.  Another option is to modify
+*** your PATH or compiler configuration so that the native linker is
+*** used, and then restart.
+
+_LT_EOF
+	;;
+	*)
+	  # For security reasons, it is highly recommended that you always
+	  # use absolute paths for naming shared libraries, and exclude the
+	  # DT_RUNPATH tag from executables and libraries.  But doing so
+	  # requires that you compile everything twice, which is a pain.
+	  if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	    hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+	    archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+	  else
+	    ld_shlibs=no
+	  fi
+	;;
+      esac
+      ;;
+
+    sunos4*)
+      archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      wlarc=
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+      else
+	ld_shlibs=no
+      fi
+      ;;
+    esac
+
+    if test "$ld_shlibs" = no; then
+      runpath_var=
+      hardcode_libdir_flag_spec=
+      export_dynamic_flag_spec=
+      whole_archive_flag_spec=
+    fi
+  else
+    # PORTME fill in a description of your system's linker (not GNU ld)
+    case $host_os in
+    aix3*)
+      allow_undefined_flag=unsupported
+      always_export_symbols=yes
+      archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname'
+      # Note: this linker hardcodes the directories in LIBPATH if there
+      # are no directories specified by -L.
+      hardcode_minus_L=yes
+      if test "$GCC" = yes && test -z "$lt_prog_compiler_static"; then
+	# Neither direct hardcoding nor static linking is supported with a
+	# broken collect2.
+	hardcode_direct=unsupported
+      fi
+      ;;
+
+    aix[4-9]*)
+      if test "$host_cpu" = ia64; then
+	# On IA64, the linker does run time linking by default, so we don't
+	# have to do anything special.
+	aix_use_runtimelinking=no
+	exp_sym_flag='-Bexport'
+	no_entry_flag=""
+      else
+	# If we're using GNU nm, then we don't want the "-C" option.
+	# -C means demangle to AIX nm, but means don't demangle with GNU nm
+	if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+	  export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+	else
+	  export_symbols_cmds='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+	fi
+	aix_use_runtimelinking=no
+
+	# Test if we are trying to use run time linking or normal
+	# AIX style linking. If -brtl is somewhere in LDFLAGS, we
+	# need to do runtime linking.
+	case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+	  for ld_flag in $LDFLAGS; do
+	  if (test $ld_flag = "-brtl" || test $ld_flag = "-Wl,-brtl"); then
+	    aix_use_runtimelinking=yes
+	    break
+	  fi
+	  done
+	  ;;
+	esac
+
+	exp_sym_flag='-bexport'
+	no_entry_flag='-bnoentry'
+      fi
+
+      # When large executables or shared objects are built, AIX ld can
+      # have problems creating the table of contents.  If linking a library
+      # or program results in "error TOC overflow" add -mminimal-toc to
+      # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+      # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+      archive_cmds=''
+      hardcode_direct=yes
+      hardcode_direct_absolute=yes
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      file_list_spec='${wl}-f,'
+
+      if test "$GCC" = yes; then
+	case $host_os in aix4.[012]|aix4.[012].*)
+	# We only want to do this on AIX 4.2 and lower, the check
+	# below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	   strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	  # We have reworked collect2
+	  :
+	  else
+	  # We have old collect2
+	  hardcode_direct=unsupported
+	  # It fails to find uninstalled libraries when the uninstalled
+	  # path is not listed in the libpath.  Setting hardcode_minus_L
+	  # to unsupported forces relinking
+	  hardcode_minus_L=yes
+	  hardcode_libdir_flag_spec='-L$libdir'
+	  hardcode_libdir_separator=
+	  fi
+	  ;;
+	esac
+	shared_flag='-shared'
+	if test "$aix_use_runtimelinking" = yes; then
+	  shared_flag="$shared_flag "'${wl}-G'
+	fi
+      else
+	# not using gcc
+	if test "$host_cpu" = ia64; then
+	# VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	# chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+	else
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag='${wl}-G'
+	  else
+	    shared_flag='${wl}-bM:SRE'
+	  fi
+	fi
+      fi
+
+      export_dynamic_flag_spec='${wl}-bexpall'
+      # It seems that -bexpall does not export symbols beginning with
+      # underscore (_), so it is better to generate a list of symbols to export.
+      always_export_symbols=yes
+      if test "$aix_use_runtimelinking" = yes; then
+	# Warning - without using the other runtime loading flags (-brtl),
+	# -berok will link without error, but may produce a broken library.
+	allow_undefined_flag='-berok'
+        # Determine the default libpath from the value encoded in an
+        # empty executable.
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+        hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+        archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+      else
+	if test "$host_cpu" = ia64; then
+	  hardcode_libdir_flag_spec='${wl}-R $libdir:/usr/lib:/lib'
+	  allow_undefined_flag="-z nodefs"
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+	else
+	 # Determine the default libpath from the value encoded in an
+	 # empty executable.
+	 cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	 hardcode_libdir_flag_spec='${wl}-blibpath:$libdir:'"$aix_libpath"
+	  # Warning - without using the other run time loading flags,
+	  # -berok will link without error, but may produce a broken library.
+	  no_undefined_flag=' ${wl}-bernotok'
+	  allow_undefined_flag=' ${wl}-berok'
+	  # Exported symbols can be pulled into shared objects from archives
+	  whole_archive_flag_spec='$convenience'
+	  archive_cmds_need_lc=yes
+	  # This is similar to how AIX traditionally builds its shared libraries.
+	  archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+	fi
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+            archive_expsym_cmds=''
+        ;;
+      m68k)
+            archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)'
+            hardcode_libdir_flag_spec='-L$libdir'
+            hardcode_minus_L=yes
+        ;;
+      esac
+      ;;
+
+    bsdi[45]*)
+      export_dynamic_flag_spec=-rdynamic
+      ;;
+
+    cygwin* | mingw* | pw32* | cegcc*)
+      # When not using gcc, we currently assume that we are using
+      # Microsoft Visual C++.
+      # hardcode_libdir_flag_spec is actually meaningless, as there is
+      # no search path for DLLs.
+      hardcode_libdir_flag_spec=' '
+      allow_undefined_flag=unsupported
+      # Tell ltmain to make .lib files, not .a files.
+      libext=lib
+      # Tell ltmain to make .dll files, not .so files.
+      shrext_cmds=".dll"
+      # FIXME: Setting linknames here is a bad hack.
+      archive_cmds='$CC -o $lib $libobjs $compiler_flags `$ECHO "X$deplibs" | $Xsed -e '\''s/ -lc$//'\''` -link -dll~linknames='
+      # The linker will automatically build a .lib file if we build a DLL.
+      old_archive_from_new_cmds='true'
+      # FIXME: Should let the user specify the lib program.
+      old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs'
+      fix_srcfile_path='`cygpath -w "$srcfile"`'
+      enable_shared_with_static_runtimes=yes
+      ;;
+
+    darwin* | rhapsody*)
+
+
+  archive_cmds_need_lc=no
+  hardcode_direct=no
+  hardcode_automatic=yes
+  hardcode_shlibpath_var=unsupported
+  whole_archive_flag_spec=''
+  link_all_deplibs=yes
+  allow_undefined_flag="$_lt_dar_allow_undefined"
+  case $cc_basename in
+     ifort*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test "$_lt_dar_can_shared" = "yes"; then
+    output_verbose_link_cmd=echo
+    archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+    module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+    archive_expsym_cmds="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+    module_expsym_cmds="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+
+  else
+  ld_shlibs=no
+  fi
+
+      ;;
+
+    dgux*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    freebsd1*)
+      ld_shlibs=no
+      ;;
+
+    # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor
+    # support.  Future versions do this automatically, but an explicit c++rt0.o
+    # does not break anything, and helps significantly (at the cost of a little
+    # extra space).
+    freebsd2.2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # Unfortunately, older versions of FreeBSD 2 do not have this feature.
+    freebsd2*)
+      archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    # FreeBSD 3 and greater uses gcc -shared to do shared libraries.
+    freebsd* | dragonfly*)
+      archive_cmds='$CC -shared -o $lib $libobjs $deplibs $compiler_flags'
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    hpux9*)
+      if test "$GCC" = yes; then
+	archive_cmds='$RM $output_objdir/$soname~$CC -shared -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      else
+	archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+      fi
+      hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_direct=yes
+
+      # hardcode_minus_L: Not really in the search PATH,
+      # but as the default location of the library.
+      hardcode_minus_L=yes
+      export_dynamic_flag_spec='${wl}-E'
+      ;;
+
+    hpux10*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+	hardcode_libdir_flag_spec_ld='+b $libdir'
+	hardcode_libdir_separator=:
+	hardcode_direct=yes
+	hardcode_direct_absolute=yes
+	export_dynamic_flag_spec='${wl}-E'
+	# hardcode_minus_L: Not really in the search PATH,
+	# but as the default location of the library.
+	hardcode_minus_L=yes
+      fi
+      ;;
+
+    hpux11*)
+      if test "$GCC" = yes -a "$with_gnu_ld" = no; then
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -shared ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -shared -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      else
+	case $host_cpu in
+	hppa*64*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	ia64*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	esac
+      fi
+      if test "$with_gnu_ld" = no; then
+	hardcode_libdir_flag_spec='${wl}+b ${wl}$libdir'
+	hardcode_libdir_separator=:
+
+	case $host_cpu in
+	hppa*64*|ia64*)
+	  hardcode_direct=no
+	  hardcode_shlibpath_var=no
+	  ;;
+	*)
+	  hardcode_direct=yes
+	  hardcode_direct_absolute=yes
+	  export_dynamic_flag_spec='${wl}-E'
+
+	  # hardcode_minus_L: Not really in the search PATH,
+	  # but as the default location of the library.
+	  hardcode_minus_L=yes
+	  ;;
+	esac
+      fi
+      ;;
+
+    irix5* | irix6* | nonstopux*)
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	# Try to use the -exported_symbol ld option, if it does not
+	# work, assume that -exports_file does not work either and
+	# implicitly export all symbols.
+        save_LDFLAGS="$LDFLAGS"
+        LDFLAGS="$LDFLAGS -shared ${wl}-exported_symbol ${wl}foo ${wl}-update_registry ${wl}/dev/null"
+        cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+int foo(void) {}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations ${wl}-exports_file ${wl}$export_symbols -o $lib'
+
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+        LDFLAGS="$save_LDFLAGS"
+      else
+	archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -exports_file $export_symbols -o $lib'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      inherit_rpath=yes
+      link_all_deplibs=yes
+      ;;
+
+    netbsd*)
+      if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'  # a.out
+      else
+	archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags'      # ELF
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_direct=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    newsos6)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_direct=yes
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      hardcode_shlibpath_var=no
+      ;;
+
+    *nto* | *qnx*)
+      ;;
+
+    openbsd*)
+      if test -f /usr/libexec/ld.so; then
+	hardcode_direct=yes
+	hardcode_shlibpath_var=no
+	hardcode_direct_absolute=yes
+	if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	  archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags ${wl}-retain-symbols-file,$export_symbols'
+	  hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+	  export_dynamic_flag_spec='${wl}-E'
+	else
+	  case $host_os in
+	   openbsd[01].* | openbsd2.[0-7] | openbsd2.[0-7].*)
+	     archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags'
+	     hardcode_libdir_flag_spec='-R$libdir'
+	     ;;
+	   *)
+	     archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags'
+	     hardcode_libdir_flag_spec='${wl}-rpath,$libdir'
+	     ;;
+	  esac
+	fi
+      else
+	ld_shlibs=no
+      fi
+      ;;
+
+    os2*)
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_minus_L=yes
+      allow_undefined_flag=unsupported
+      archive_cmds='$ECHO "LIBRARY $libname INITINSTANCE" > $output_objdir/$libname.def~$ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~$ECHO DATA >> $output_objdir/$libname.def~$ECHO " SINGLE NONSHARED" >> $output_objdir/$libname.def~$ECHO EXPORTS >> $output_objdir/$libname.def~emxexp $libobjs >> $output_objdir/$libname.def~$CC -Zdll -Zcrtdll -o $lib $libobjs $deplibs $compiler_flags $output_objdir/$libname.def'
+      old_archive_from_new_cmds='emximp -o $output_objdir/$libname.a $output_objdir/$libname.def'
+      ;;
+
+    osf3*)
+      if test "$GCC" = yes; then
+	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      hardcode_libdir_separator=:
+      ;;
+
+    osf4* | osf5*)	# as osf3* with the addition of -msym flag
+      if test "$GCC" = yes; then
+	allow_undefined_flag=' ${wl}-expect_unresolved ${wl}\*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	hardcode_libdir_flag_spec='${wl}-rpath ${wl}$libdir'
+      else
+	allow_undefined_flag=' -expect_unresolved \*'
+	archive_cmds='$CC -shared${allow_undefined_flag} $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~
+	$CC -shared${allow_undefined_flag} ${wl}-input ${wl}$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~$RM $lib.exp'
+
+	# Both c and cxx compiler support -rpath directly
+	hardcode_libdir_flag_spec='-rpath $libdir'
+      fi
+      archive_cmds_need_lc='no'
+      hardcode_libdir_separator=:
+      ;;
+
+    solaris*)
+      no_undefined_flag=' -z defs'
+      if test "$GCC" = yes; then
+	wlarc='${wl}'
+	archive_cmds='$CC -shared ${wl}-z ${wl}text ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $CC -shared ${wl}-z ${wl}text ${wl}-M ${wl}$lib.exp ${wl}-h ${wl}$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+      else
+	case `$CC -V 2>&1` in
+	*"Compilers 5.0"*)
+	  wlarc=''
+	  archive_cmds='$LD -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $LD -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp'
+	  ;;
+	*)
+	  wlarc='${wl}'
+	  archive_cmds='$CC -G${allow_undefined_flag} -h $soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	  $CC -G${allow_undefined_flag} -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp'
+	  ;;
+	esac
+      fi
+      hardcode_libdir_flag_spec='-R$libdir'
+      hardcode_shlibpath_var=no
+      case $host_os in
+      solaris2.[0-5] | solaris2.[0-5].*) ;;
+      *)
+	# The compiler driver will combine and reorder linker options,
+	# but understands `-z linker_flag'.  GCC discards it without `$wl',
+	# but is careful enough not to reorder.
+	# Supported since Solaris 2.6 (maybe 2.5.1?)
+	if test "$GCC" = yes; then
+	  whole_archive_flag_spec='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+	else
+	  whole_archive_flag_spec='-z allextract$convenience -z defaultextract'
+	fi
+	;;
+      esac
+      link_all_deplibs=yes
+      ;;
+
+    sunos4*)
+      if test "x$host_vendor" = xsequent; then
+	# Use $CC to link under sequent, because it throws in some extra .o
+	# files that make .init and .fini sections work.
+	archive_cmds='$CC -G ${wl}-h $soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags'
+      fi
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_direct=yes
+      hardcode_minus_L=yes
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4)
+      case $host_vendor in
+	sni)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=yes # is this really true???
+	;;
+	siemens)
+	  ## LD is ld it makes a PLAMLIB
+	  ## CC just makes a GrossModule.
+	  archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags'
+	  reload_cmds='$CC -r -o $output$reload_objs'
+	  hardcode_direct=no
+        ;;
+	motorola)
+	  archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	  hardcode_direct=no #Motorola manual says yes, but my tests say they lie
+	;;
+      esac
+      runpath_var='LD_RUN_PATH'
+      hardcode_shlibpath_var=no
+      ;;
+
+    sysv4.3*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_shlibpath_var=no
+      export_dynamic_flag_spec='-Bexport'
+      ;;
+
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+	hardcode_shlibpath_var=no
+	runpath_var=LD_RUN_PATH
+	hardcode_runpath_var=yes
+	ld_shlibs=yes
+      fi
+      ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+      no_undefined_flag='${wl}-z,text'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    sysv5* | sco3.2v5* | sco5v6*)
+      # Note: We can NOT use -z defs as we might desire, because we do not
+      # link with -lc, and that would cause any symbols used from libc to
+      # always be unresolved, which means just about no library would
+      # ever link correctly.  If we're not using GNU ld we use -z text
+      # though, which does catch some bad symbols but isn't as heavy-handed
+      # as -z defs.
+      no_undefined_flag='${wl}-z,text'
+      allow_undefined_flag='${wl}-z,nodefs'
+      archive_cmds_need_lc=no
+      hardcode_shlibpath_var=no
+      hardcode_libdir_flag_spec='${wl}-R,$libdir'
+      hardcode_libdir_separator=':'
+      link_all_deplibs=yes
+      export_dynamic_flag_spec='${wl}-Bexport'
+      runpath_var='LD_RUN_PATH'
+
+      if test "$GCC" = yes; then
+	archive_cmds='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      else
+	archive_cmds='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	archive_expsym_cmds='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+      fi
+      ;;
+
+    uts4*)
+      archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags'
+      hardcode_libdir_flag_spec='-L$libdir'
+      hardcode_shlibpath_var=no
+      ;;
+
+    *)
+      ld_shlibs=no
+      ;;
+    esac
+
+    if test x$host_vendor = xsni; then
+      case $host in
+      sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*)
+	export_dynamic_flag_spec='${wl}-Blargedynsym'
+	;;
+      esac
+    fi
+  fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5
+$as_echo "$ld_shlibs" >&6; }
+test "$ld_shlibs" = no && can_build_shared=no
+
+with_gnu_ld=$with_gnu_ld
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+      $RM conftest*
+      echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl
+	pic_flag=$lt_prog_compiler_pic
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag
+        allow_undefined_flag=
+        if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+  (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+        then
+	  archive_cmds_need_lc=no
+        else
+	  archive_cmds_need_lc=yes
+        fi
+        allow_undefined_flag=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $RM conftest*
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc" >&5
+$as_echo "$archive_cmds_need_lc" >&6; }
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+if test "$GCC" = yes; then
+  case $host_os in
+    darwin*) lt_awk_arg="/^libraries:/,/LR/" ;;
+    *) lt_awk_arg="/^libraries:/" ;;
+  esac
+  lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+  if $ECHO "$lt_search_path_spec" | $GREP ';' >/dev/null ; then
+    # if the path contains ";" then we assume it to be the separator
+    # otherwise default to the standard path separator (i.e. ":") - it is
+    # assumed that no part of a normal pathname contains ";" but that should
+    # okay in the real world where ";" in dirpaths is itself problematic.
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED -e 's/;/ /g'`
+  else
+    lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+  fi
+  # Ok, now we have the path, separated by spaces, we can step through it
+  # and add multilib dir if necessary.
+  lt_tmp_lt_search_path_spec=
+  lt_multi_os_dir=`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null`
+  for lt_sys_path in $lt_search_path_spec; do
+    if test -d "$lt_sys_path/$lt_multi_os_dir"; then
+      lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path/$lt_multi_os_dir"
+    else
+      test -d "$lt_sys_path" && \
+	lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path"
+    fi
+  done
+  lt_search_path_spec=`$ECHO $lt_tmp_lt_search_path_spec | awk '
+BEGIN {RS=" "; FS="/|\n";} {
+  lt_foo="";
+  lt_count=0;
+  for (lt_i = NF; lt_i > 0; lt_i--) {
+    if ($lt_i != "" && $lt_i != ".") {
+      if ($lt_i == "..") {
+        lt_count++;
+      } else {
+        if (lt_count == 0) {
+          lt_foo="/" $lt_i lt_foo;
+        } else {
+          lt_count--;
+        }
+      }
+    }
+  }
+  if (lt_foo != "") { lt_freq[lt_foo]++; }
+  if (lt_freq[lt_foo] == 1) { print lt_foo; }
+}'`
+  sys_lib_search_path_spec=`$ECHO $lt_search_path_spec`
+else
+  sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib"
+fi
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix[4-9]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+  sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib"
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix[3-9]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # Some binutils ld are patched to set DT_RUNPATH
+  save_LDFLAGS=$LDFLAGS
+  save_libdir=$libdir
+  eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \
+       LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\""
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  if  ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+  shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  LDFLAGS=$save_LDFLAGS
+  libdir=$save_libdir
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Add ABI-specific directories to the system library path.
+  sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*)	need_version=yes ;;
+    *)				need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+  sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+  sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action=
+if test -n "$hardcode_libdir_flag_spec" ||
+   test -n "$runpath_var" ||
+   test "X$hardcode_automatic" = "Xyes" ; then
+
+  # We can hardcode non-existent directories.
+  if test "$hardcode_direct" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_TAGVAR(hardcode_shlibpath_var, )" != no &&
+     test "$hardcode_minus_L" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5
+$as_echo "$hardcode_action" >&6; }
+
+if test "$hardcode_action" = relink ||
+   test "$inherit_rpath" = yes; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+
+
+
+
+  if test "x$enable_dlopen" != xyes; then
+  enable_dlopen=unknown
+  enable_dlopen_self=unknown
+  enable_dlopen_self_static=unknown
+else
+  lt_cv_dlopen=no
+  lt_cv_dlopen_libs=
+
+  case $host_os in
+  beos*)
+    lt_cv_dlopen="load_add_on"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+    ;;
+
+  mingw* | pw32* | cegcc*)
+    lt_cv_dlopen="LoadLibrary"
+    lt_cv_dlopen_libs=
+    ;;
+
+  cygwin*)
+    lt_cv_dlopen="dlopen"
+    lt_cv_dlopen_libs=
+    ;;
+
+  darwin*)
+  # if libdl is installed we need to link against it
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+
+    lt_cv_dlopen="dyld"
+    lt_cv_dlopen_libs=
+    lt_cv_dlopen_self=yes
+
+fi
+
+    ;;
+
+  *)
+    ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load"
+if test "x$ac_cv_func_shl_load" = x""yes; then :
+  lt_cv_dlopen="shl_load"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5
+$as_echo_n "checking for shl_load in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_shl_load+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char shl_load ();
+int
+main ()
+{
+return shl_load ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dld_shl_load=yes
+else
+  ac_cv_lib_dld_shl_load=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5
+$as_echo "$ac_cv_lib_dld_shl_load" >&6; }
+if test "x$ac_cv_lib_dld_shl_load" = x""yes; then :
+  lt_cv_dlopen="shl_load" lt_cv_dlopen_libs="-ldld"
+else
+  ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen"
+if test "x$ac_cv_func_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5
+$as_echo_n "checking for dlopen in -ldl... " >&6; }
+if test "${ac_cv_lib_dl_dlopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dl_dlopen=yes
+else
+  ac_cv_lib_dl_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5
+$as_echo "$ac_cv_lib_dl_dlopen" >&6; }
+if test "x$ac_cv_lib_dl_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-ldl"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5
+$as_echo_n "checking for dlopen in -lsvld... " >&6; }
+if test "${ac_cv_lib_svld_dlopen+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dlopen ();
+int
+main ()
+{
+return dlopen ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_svld_dlopen=yes
+else
+  ac_cv_lib_svld_dlopen=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5
+$as_echo "$ac_cv_lib_svld_dlopen" >&6; }
+if test "x$ac_cv_lib_svld_dlopen" = x""yes; then :
+  lt_cv_dlopen="dlopen" lt_cv_dlopen_libs="-lsvld"
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5
+$as_echo_n "checking for dld_link in -ldld... " >&6; }
+if test "${ac_cv_lib_dld_dld_link+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-ldld  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char dld_link ();
+int
+main ()
+{
+return dld_link ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_dld_dld_link=yes
+else
+  ac_cv_lib_dld_dld_link=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5
+$as_echo "$ac_cv_lib_dld_dld_link" >&6; }
+if test "x$ac_cv_lib_dld_dld_link" = x""yes; then :
+  lt_cv_dlopen="dld_link" lt_cv_dlopen_libs="-ldld"
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+
+fi
+
+    ;;
+  esac
+
+  if test "x$lt_cv_dlopen" != xno; then
+    enable_dlopen=yes
+  else
+    enable_dlopen=no
+  fi
+
+  case $lt_cv_dlopen in
+  dlopen)
+    save_CPPFLAGS="$CPPFLAGS"
+    test "x$ac_cv_header_dlfcn_h" = xyes && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H"
+
+    save_LDFLAGS="$LDFLAGS"
+    wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\"
+
+    save_LIBS="$LIBS"
+    LIBS="$lt_cv_dlopen_libs $LIBS"
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5
+$as_echo_n "checking whether a program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  	  if test "$cross_compiling" = yes; then :
+  lt_cv_dlopen_self=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+#line 11510 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}
+_LT_EOF
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5
+$as_echo "$lt_cv_dlopen_self" >&6; }
+
+    if test "x$lt_cv_dlopen_self" = xyes; then
+      wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5
+$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; }
+if test "${lt_cv_dlopen_self_static+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  	  if test "$cross_compiling" = yes; then :
+  lt_cv_dlopen_self_static=cross
+else
+  lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2
+  lt_status=$lt_dlunknown
+  cat > conftest.$ac_ext <<_LT_EOF
+#line 11606 "configure"
+#include "confdefs.h"
+
+#if HAVE_DLFCN_H
+#include <dlfcn.h>
+#endif
+
+#include <stdio.h>
+
+#ifdef RTLD_GLOBAL
+#  define LT_DLGLOBAL		RTLD_GLOBAL
+#else
+#  ifdef DL_GLOBAL
+#    define LT_DLGLOBAL		DL_GLOBAL
+#  else
+#    define LT_DLGLOBAL		0
+#  endif
+#endif
+
+/* We may have to define LT_DLLAZY_OR_NOW in the command line if we
+   find out it does not work in some platform. */
+#ifndef LT_DLLAZY_OR_NOW
+#  ifdef RTLD_LAZY
+#    define LT_DLLAZY_OR_NOW		RTLD_LAZY
+#  else
+#    ifdef DL_LAZY
+#      define LT_DLLAZY_OR_NOW		DL_LAZY
+#    else
+#      ifdef RTLD_NOW
+#        define LT_DLLAZY_OR_NOW	RTLD_NOW
+#      else
+#        ifdef DL_NOW
+#          define LT_DLLAZY_OR_NOW	DL_NOW
+#        else
+#          define LT_DLLAZY_OR_NOW	0
+#        endif
+#      endif
+#    endif
+#  endif
+#endif
+
+void fnord() { int i=42;}
+int main ()
+{
+  void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW);
+  int status = $lt_dlunknown;
+
+  if (self)
+    {
+      if (dlsym (self,"fnord"))       status = $lt_dlno_uscore;
+      else if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore;
+      /* dlclose (self); */
+    }
+  else
+    puts (dlerror ());
+
+  return status;
+}
+_LT_EOF
+  if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5
+  (eval $ac_link) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } && test -s conftest${ac_exeext} 2>/dev/null; then
+    (./conftest; exit; ) >&5 2>/dev/null
+    lt_status=$?
+    case x$lt_status in
+      x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;;
+      x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;;
+    esac
+  else :
+    # compilation failed
+    lt_cv_dlopen_self_static=no
+  fi
+fi
+rm -fr conftest*
+
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5
+$as_echo "$lt_cv_dlopen_self_static" >&6; }
+    fi
+
+    CPPFLAGS="$save_CPPFLAGS"
+    LDFLAGS="$save_LDFLAGS"
+    LIBS="$save_LIBS"
+    ;;
+  esac
+
+  case $lt_cv_dlopen_self in
+  yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;;
+  *) enable_dlopen_self=unknown ;;
+  esac
+
+  case $lt_cv_dlopen_self_static in
+  yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;;
+  *) enable_dlopen_self_static=unknown ;;
+  esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+striplib=
+old_striplib=
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5
+$as_echo_n "checking whether stripping libraries is possible... " >&6; }
+if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then
+  test -z "$old_striplib" && old_striplib="$STRIP --strip-debug"
+  test -z "$striplib" && striplib="$STRIP --strip-unneeded"
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+else
+# FIXME - insert some real tests, host_os isn't really good enough
+  case $host_os in
+  darwin*)
+    if test -n "$STRIP" ; then
+      striplib="$STRIP -x"
+      old_striplib="$STRIP -S"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+    else
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    fi
+    ;;
+  *)
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    ;;
+  esac
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+  # Report which library types will actually be built
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5
+$as_echo_n "checking if libtool supports shared libraries... " >&6; }
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5
+$as_echo "$can_build_shared" >&6; }
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5
+$as_echo_n "checking whether to build shared libraries... " >&6; }
+  test "$can_build_shared" = "no" && enable_shared=no
+
+  # On AIX, shared libraries and static libraries use the same namespace, and
+  # are all built from PIC.
+  case $host_os in
+  aix3*)
+    test "$enable_shared" = yes && enable_static=no
+    if test -n "$RANLIB"; then
+      archive_cmds="$archive_cmds~\$RANLIB \$lib"
+      postinstall_cmds='$RANLIB $lib'
+    fi
+    ;;
+
+  aix[4-9]*)
+    if test "$host_cpu" != ia64 && test "$aix_use_runtimelinking" = no ; then
+      test "$enable_shared" = yes && enable_static=no
+    fi
+    ;;
+  esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5
+$as_echo "$enable_shared" >&6; }
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5
+$as_echo_n "checking whether to build static libraries... " >&6; }
+  # Make sure either enable_shared or enable_static is yes.
+  test "$enable_shared" = yes || enable_static=yes
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5
+$as_echo "$enable_static" >&6; }
+
+
+
+
+fi
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+CC="$lt_save_CC"
+
+
+ac_ext=cpp
+ac_cpp='$CXXCPP $CPPFLAGS'
+ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_cxx_compiler_gnu
+
+archive_cmds_need_lc_CXX=no
+allow_undefined_flag_CXX=
+always_export_symbols_CXX=no
+archive_expsym_cmds_CXX=
+compiler_needs_object_CXX=no
+export_dynamic_flag_spec_CXX=
+hardcode_direct_CXX=no
+hardcode_direct_absolute_CXX=no
+hardcode_libdir_flag_spec_CXX=
+hardcode_libdir_flag_spec_ld_CXX=
+hardcode_libdir_separator_CXX=
+hardcode_minus_L_CXX=no
+hardcode_shlibpath_var_CXX=unsupported
+hardcode_automatic_CXX=no
+inherit_rpath_CXX=no
+module_cmds_CXX=
+module_expsym_cmds_CXX=
+link_all_deplibs_CXX=unknown
+old_archive_cmds_CXX=$old_archive_cmds
+no_undefined_flag_CXX=
+whole_archive_flag_spec_CXX=
+enable_shared_with_static_runtimes_CXX=no
+
+# Source file extension for C++ test sources.
+ac_ext=cpp
+
+# Object file extension for compiled C++ test sources.
+objext=o
+objext_CXX=$objext
+
+# No sense in running all these tests if we already determined that
+# the CXX compiler isn't working.  Some variables (like enable_shared)
+# are currently assumed to apply to all compilers on this platform,
+# and will be corrupted by setting them based on a non-working compiler.
+if test "$_lt_caught_CXX_error" != yes; then
+  # Code to be used in simple compile tests
+  lt_simple_compile_test_code="int some_variable = 0;"
+
+  # Code to be used in simple link tests
+  lt_simple_link_test_code='int main(int, char *[]) { return(0); }'
+
+  # ltmain only uses $CC for tagged configurations so make sure $CC is set.
+
+
+
+
+
+
+# If no C compiler was specified, use CC.
+LTCC=${LTCC-"$CC"}
+
+# If no C compiler flags were specified, use CFLAGS.
+LTCFLAGS=${LTCFLAGS-"$CFLAGS"}
+
+# Allow CC to be a program name with arguments.
+compiler=$CC
+
+
+  # save warnings/boilerplate of simple test code
+  ac_outfile=conftest.$ac_objext
+echo "$lt_simple_compile_test_code" >conftest.$ac_ext
+eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_compiler_boilerplate=`cat conftest.err`
+$RM conftest*
+
+  ac_outfile=conftest.$ac_objext
+echo "$lt_simple_link_test_code" >conftest.$ac_ext
+eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err
+_lt_linker_boilerplate=`cat conftest.err`
+$RM -r conftest*
+
+
+  # Allow CC to be a program name with arguments.
+  lt_save_CC=$CC
+  lt_save_LD=$LD
+  lt_save_GCC=$GCC
+  GCC=$GXX
+  lt_save_with_gnu_ld=$with_gnu_ld
+  lt_save_path_LD=$lt_cv_path_LD
+  if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then
+    lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx
+  else
+    $as_unset lt_cv_prog_gnu_ld
+  fi
+  if test -n "${lt_cv_path_LDCXX+set}"; then
+    lt_cv_path_LD=$lt_cv_path_LDCXX
+  else
+    $as_unset lt_cv_path_LD
+  fi
+  test -z "${LDCXX+set}" || LD=$LDCXX
+  CC=${CXX-"c++"}
+  compiler=$CC
+  compiler_CXX=$CC
+  for cc_temp in $compiler""; do
+  case $cc_temp in
+    compile | *[\\/]compile | ccache | *[\\/]ccache ) ;;
+    distcc | *[\\/]distcc | purify | *[\\/]purify ) ;;
+    \-*) ;;
+    *) break;;
+  esac
+done
+cc_basename=`$ECHO "X$cc_temp" | $Xsed -e 's%.*/%%' -e "s%^$host_alias-%%"`
+
+
+  if test -n "$compiler"; then
+    # We don't want -fno-exception when compiling C++ code, so set the
+    # no_builtin_flag separately
+    if test "$GXX" = yes; then
+      lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin'
+    else
+      lt_prog_compiler_no_builtin_flag_CXX=
+    fi
+
+    if test "$GXX" = yes; then
+      # Set up default GNU C++ configuration
+
+
+
+# Check whether --with-gnu-ld was given.
+if test "${with_gnu_ld+set}" = set; then :
+  withval=$with_gnu_ld; test "$withval" = no || with_gnu_ld=yes
+else
+  with_gnu_ld=no
+fi
+
+ac_prog=ld
+if test "$GCC" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5
+$as_echo_n "checking for ld used by $CC... " >&6; }
+  case $host in
+  *-*-mingw*)
+    # gcc leaves a trailing carriage return which upsets mingw
+    ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;;
+  *)
+    ac_prog=`($CC -print-prog-name=ld) 2>&5` ;;
+  esac
+  case $ac_prog in
+    # Accept absolute paths.
+    [\\/]* | ?:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+      # Canonicalize the pathname of ld
+      ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'`
+      while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5
+$as_echo_n "checking for GNU ld... " >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5
+$as_echo_n "checking for non-GNU ld... " >&6; }
+fi
+if test "${lt_cv_path_LD+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test -z "$LD"; then
+  lt_save_ifs="$IFS"; IFS=$PATH_SEPARATOR
+  for ac_dir in $PATH; do
+    IFS="$lt_save_ifs"
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      lt_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some variants of GNU ld only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      case `"$lt_cv_path_LD" -v 2>&1 </dev/null` in
+      *GNU* | *'with BFD'*)
+	test "$with_gnu_ld" != no && break
+	;;
+      *)
+	test "$with_gnu_ld" != yes && break
+	;;
+      esac
+    fi
+  done
+  IFS="$lt_save_ifs"
+else
+  lt_cv_path_LD="$LD" # Let the user override the test with a path.
+fi
+fi
+
+LD="$lt_cv_path_LD"
+if test -n "$LD"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LD" >&5
+$as_echo "$LD" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+test -z "$LD" && as_fn_error "no acceptable ld found in \$PATH" "$LINENO" 5
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5
+$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; }
+if test "${lt_cv_prog_gnu_ld+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  # I'd rather use --version here, but apparently some GNU lds only accept -v.
+case `$LD -v 2>&1 </dev/null` in
+*GNU* | *'with BFD'*)
+  lt_cv_prog_gnu_ld=yes
+  ;;
+*)
+  lt_cv_prog_gnu_ld=no
+  ;;
+esac
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_gnu_ld" >&5
+$as_echo "$lt_cv_prog_gnu_ld" >&6; }
+with_gnu_ld=$lt_cv_prog_gnu_ld
+
+
+
+
+
+
+
+      # Check if GNU C++ uses GNU ld as the underlying linker, since the
+      # archiving commands below assume that GNU ld is being used.
+      if test "$with_gnu_ld" = yes; then
+        archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+        archive_expsym_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+
+        hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+        export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+        # If archive_cmds runs LD, not CC, wlarc should be empty
+        # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to
+        #     investigate it a little bit more. (MM)
+        wlarc='${wl}'
+
+        # ancient GNU ld didn't support --whole-archive et. al.
+        if eval "`$CC -print-prog-name=ld` --help 2>&1" |
+	  $GREP 'no-whole-archive' > /dev/null; then
+          whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+        else
+          whole_archive_flag_spec_CXX=
+        fi
+      else
+        with_gnu_ld=no
+        wlarc=
+
+        # A generic and very simple default shared library creation
+        # command for GNU C++ for the case where it uses the native
+        # linker, instead of GNU ld.  If possible, this setting should
+        # overridden to take advantage of the native linker features on
+        # the platform it is being used on.
+        archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+      fi
+
+      # Commands to make compiler produce verbose output that lists
+      # what "hidden" libraries, object files and flags are used when
+      # linking a shared library.
+      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+    else
+      GXX=no
+      with_gnu_ld=no
+      wlarc=
+    fi
+
+    # PORTME: fill in a description of your system's C++ link characteristics
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+    ld_shlibs_CXX=yes
+    case $host_os in
+      aix3*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+      aix[4-9]*)
+        if test "$host_cpu" = ia64; then
+          # On IA64, the linker does run time linking by default, so we don't
+          # have to do anything special.
+          aix_use_runtimelinking=no
+          exp_sym_flag='-Bexport'
+          no_entry_flag=""
+        else
+          aix_use_runtimelinking=no
+
+          # Test if we are trying to use run time linking or normal
+          # AIX style linking. If -brtl is somewhere in LDFLAGS, we
+          # need to do runtime linking.
+          case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*)
+	    for ld_flag in $LDFLAGS; do
+	      case $ld_flag in
+	      *-brtl*)
+	        aix_use_runtimelinking=yes
+	        break
+	        ;;
+	      esac
+	    done
+	    ;;
+          esac
+
+          exp_sym_flag='-bexport'
+          no_entry_flag='-bnoentry'
+        fi
+
+        # When large executables or shared objects are built, AIX ld can
+        # have problems creating the table of contents.  If linking a library
+        # or program results in "error TOC overflow" add -mminimal-toc to
+        # CXXFLAGS/CFLAGS for g++/gcc.  In the cases where that is not
+        # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS.
+
+        archive_cmds_CXX=''
+        hardcode_direct_CXX=yes
+        hardcode_direct_absolute_CXX=yes
+        hardcode_libdir_separator_CXX=':'
+        link_all_deplibs_CXX=yes
+        file_list_spec_CXX='${wl}-f,'
+
+        if test "$GXX" = yes; then
+          case $host_os in aix4.[012]|aix4.[012].*)
+          # We only want to do this on AIX 4.2 and lower, the check
+          # below for broken collect2 doesn't work under 4.3+
+	  collect2name=`${CC} -print-prog-name=collect2`
+	  if test -f "$collect2name" &&
+	     strings "$collect2name" | $GREP resolve_lib_name >/dev/null
+	  then
+	    # We have reworked collect2
+	    :
+	  else
+	    # We have old collect2
+	    hardcode_direct_CXX=unsupported
+	    # It fails to find uninstalled libraries when the uninstalled
+	    # path is not listed in the libpath.  Setting hardcode_minus_L
+	    # to unsupported forces relinking
+	    hardcode_minus_L_CXX=yes
+	    hardcode_libdir_flag_spec_CXX='-L$libdir'
+	    hardcode_libdir_separator_CXX=
+	  fi
+          esac
+          shared_flag='-shared'
+	  if test "$aix_use_runtimelinking" = yes; then
+	    shared_flag="$shared_flag "'${wl}-G'
+	  fi
+        else
+          # not using gcc
+          if test "$host_cpu" = ia64; then
+	  # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release
+	  # chokes on -Wl,-G. The following line is correct:
+	  shared_flag='-G'
+          else
+	    if test "$aix_use_runtimelinking" = yes; then
+	      shared_flag='${wl}-G'
+	    else
+	      shared_flag='${wl}-bM:SRE'
+	    fi
+          fi
+        fi
+
+        export_dynamic_flag_spec_CXX='${wl}-bexpall'
+        # It seems that -bexpall does not export symbols beginning with
+        # underscore (_), so it is better to generate a list of symbols to
+	# export.
+        always_export_symbols_CXX=yes
+        if test "$aix_use_runtimelinking" = yes; then
+          # Warning - without using the other runtime loading flags (-brtl),
+          # -berok will link without error, but may produce a broken library.
+          allow_undefined_flag_CXX='-berok'
+          # Determine the default libpath from the value encoded in an empty
+          # executable.
+          cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+          hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+
+          archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags `if test "x${allow_undefined_flag}" != "x"; then $ECHO "X${wl}${allow_undefined_flag}" | $Xsed; else :; fi` '"\${wl}$exp_sym_flag:\$export_symbols $shared_flag"
+        else
+          if test "$host_cpu" = ia64; then
+	    hardcode_libdir_flag_spec_CXX='${wl}-R $libdir:/usr/lib:/lib'
+	    allow_undefined_flag_CXX="-z nodefs"
+	    archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\${wl}$no_entry_flag"' $compiler_flags ${wl}${allow_undefined_flag} '"\${wl}$exp_sym_flag:\$export_symbols"
+          else
+	    # Determine the default libpath from the value encoded in an
+	    # empty executable.
+	    cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+
+lt_aix_libpath_sed='
+    /Import File Strings/,/^$/ {
+	/^0/ {
+	    s/^0  *\(.*\)$/\1/
+	    p
+	}
+    }'
+aix_libpath=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+# Check for a 64-bit object if we didn't find anything.
+if test -z "$aix_libpath"; then
+  aix_libpath=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"`
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+if test -z "$aix_libpath"; then aix_libpath="/usr/lib:/lib"; fi
+
+	    hardcode_libdir_flag_spec_CXX='${wl}-blibpath:$libdir:'"$aix_libpath"
+	    # Warning - without using the other run time loading flags,
+	    # -berok will link without error, but may produce a broken library.
+	    no_undefined_flag_CXX=' ${wl}-bernotok'
+	    allow_undefined_flag_CXX=' ${wl}-berok'
+	    # Exported symbols can be pulled into shared objects from archives
+	    whole_archive_flag_spec_CXX='$convenience'
+	    archive_cmds_need_lc_CXX=yes
+	    # This is similar to how AIX traditionally builds its shared
+	    # libraries.
+	    archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs ${wl}-bnoentry $compiler_flags ${wl}-bE:$export_symbols${allow_undefined_flag}~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$soname'
+          fi
+        fi
+        ;;
+
+      beos*)
+	if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then
+	  allow_undefined_flag_CXX=unsupported
+	  # Joseph Beckenbach <jrb3@best.com> says some releases of gcc
+	  # support --undefined.  This deserves some investigation.  FIXME
+	  archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	else
+	  ld_shlibs_CXX=no
+	fi
+	;;
+
+      chorus*)
+        case $cc_basename in
+          *)
+	  # FIXME: insert proper C++ library support
+	  ld_shlibs_CXX=no
+	  ;;
+        esac
+        ;;
+
+      cygwin* | mingw* | pw32* | cegcc*)
+        # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless,
+        # as there is no search path for DLLs.
+        hardcode_libdir_flag_spec_CXX='-L$libdir'
+        allow_undefined_flag_CXX=unsupported
+        always_export_symbols_CXX=no
+        enable_shared_with_static_runtimes_CXX=yes
+
+        if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then
+          archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+          # If the export-symbols file already is a .def file (1st line
+          # is EXPORTS), use it as is; otherwise, prepend...
+          archive_expsym_cmds_CXX='if test "x`$SED 1q $export_symbols`" = xEXPORTS; then
+	    cp $export_symbols $output_objdir/$soname.def;
+          else
+	    echo EXPORTS > $output_objdir/$soname.def;
+	    cat $export_symbols >> $output_objdir/$soname.def;
+          fi~
+          $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname ${wl}--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib'
+        else
+          ld_shlibs_CXX=no
+        fi
+        ;;
+      darwin* | rhapsody*)
+
+
+  archive_cmds_need_lc_CXX=no
+  hardcode_direct_CXX=no
+  hardcode_automatic_CXX=yes
+  hardcode_shlibpath_var_CXX=unsupported
+  whole_archive_flag_spec_CXX=''
+  link_all_deplibs_CXX=yes
+  allow_undefined_flag_CXX="$_lt_dar_allow_undefined"
+  case $cc_basename in
+     ifort*) _lt_dar_can_shared=yes ;;
+     *) _lt_dar_can_shared=$GCC ;;
+  esac
+  if test "$_lt_dar_can_shared" = "yes"; then
+    output_verbose_link_cmd=echo
+    archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod${_lt_dsymutil}"
+    module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dsymutil}"
+    archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring ${_lt_dar_single_mod}${_lt_dar_export_syms}${_lt_dsymutil}"
+    module_expsym_cmds_CXX="sed -e 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags${_lt_dar_export_syms}${_lt_dsymutil}"
+       if test "$lt_cv_apple_cc_single_mod" != "yes"; then
+      archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dsymutil}"
+      archive_expsym_cmds_CXX="sed 's,^,_,' < \$export_symbols > \$output_objdir/\${libname}-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \${lib}-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \${lib}-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring${_lt_dar_export_syms}${_lt_dsymutil}"
+    fi
+
+  else
+  ld_shlibs_CXX=no
+  fi
+
+	;;
+
+      dgux*)
+        case $cc_basename in
+          ec++*)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          ghcx*)
+	    # Green Hills C++ Compiler
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+        esac
+        ;;
+
+      freebsd[12]*)
+        # C++ shared libraries reported to be fairly broken before
+	# switch to ELF
+        ld_shlibs_CXX=no
+        ;;
+
+      freebsd-elf*)
+        archive_cmds_need_lc_CXX=no
+        ;;
+
+      freebsd* | dragonfly*)
+        # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF
+        # conventions
+        ld_shlibs_CXX=yes
+        ;;
+
+      gnu*)
+        ;;
+
+      hpux9*)
+        hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+        hardcode_libdir_separator_CXX=:
+        export_dynamic_flag_spec_CXX='${wl}-E'
+        hardcode_direct_CXX=yes
+        hardcode_minus_L_CXX=yes # Not in the search PATH,
+				             # but as the default
+				             # location of the library.
+
+        case $cc_basename in
+          CC*)
+            # FIXME: insert proper C++ library support
+            ld_shlibs_CXX=no
+            ;;
+          aCC*)
+            archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+            # Commands to make compiler produce verbose output that lists
+            # what "hidden" libraries, object files and flags are used when
+            # linking a shared library.
+            #
+            # There doesn't appear to be a way to prevent this compiler from
+            # explicitly linking system object files so we need to strip them
+            # from the output so that they don't get included in the library
+            # dependencies.
+            output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+            ;;
+          *)
+            if test "$GXX" = yes; then
+              archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib -fPIC ${wl}+b ${wl}$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test $output_objdir/$soname = $lib || mv $output_objdir/$soname $lib'
+            else
+              # FIXME: insert proper C++ library support
+              ld_shlibs_CXX=no
+            fi
+            ;;
+        esac
+        ;;
+
+      hpux10*|hpux11*)
+        if test $with_gnu_ld = no; then
+	  hardcode_libdir_flag_spec_CXX='${wl}+b ${wl}$libdir'
+	  hardcode_libdir_separator_CXX=:
+
+          case $host_cpu in
+            hppa*64*|ia64*)
+              ;;
+            *)
+	      export_dynamic_flag_spec_CXX='${wl}-E'
+              ;;
+          esac
+        fi
+        case $host_cpu in
+          hppa*64*|ia64*)
+            hardcode_direct_CXX=no
+            hardcode_shlibpath_var_CXX=no
+            ;;
+          *)
+            hardcode_direct_CXX=yes
+            hardcode_direct_absolute_CXX=yes
+            hardcode_minus_L_CXX=yes # Not in the search PATH,
+					         # but as the default
+					         # location of the library.
+            ;;
+        esac
+
+        case $cc_basename in
+          CC*)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          aCC*)
+	    case $host_cpu in
+	      hppa*64*)
+	        archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      ia64*)
+	        archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	      *)
+	        archive_cmds_CXX='$CC -b ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	        ;;
+	    esac
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+	    ;;
+          *)
+	    if test "$GXX" = yes; then
+	      if test $with_gnu_ld = no; then
+	        case $host_cpu in
+	          hppa*64*)
+	            archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          ia64*)
+	            archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	          *)
+	            archive_cmds_CXX='$CC -shared -nostdlib -fPIC ${wl}+h ${wl}$soname ${wl}+b ${wl}$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	            ;;
+	        esac
+	      fi
+	    else
+	      # FIXME: insert proper C++ library support
+	      ld_shlibs_CXX=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      interix[3-9]*)
+	hardcode_direct_CXX=no
+	hardcode_shlibpath_var_CXX=no
+	hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	export_dynamic_flag_spec_CXX='${wl}-E'
+	# Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc.
+	# Instead, shared libraries are loaded at an image base (0x10000000 by
+	# default) and relocated if they conflict, which is a slow very memory
+	# consuming and fragmenting process.  To avoid this, we pick a random,
+	# 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link
+	# time.  Moving up from 0x10000000 also allows more sbrk(2) space.
+	archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	archive_expsym_cmds_CXX='sed "s,^,_," $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags ${wl}-h,$soname ${wl}--retain-symbols-file,$output_objdir/$soname.expsym ${wl}--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib'
+	;;
+      irix5* | irix6*)
+        case $cc_basename in
+          CC*)
+	    # SGI C++
+	    archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -ar", where "CC" is the IRIX C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    if test "$GXX" = yes; then
+	      if test "$with_gnu_ld" = no; then
+	        archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+	      else
+	        archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` -o $lib'
+	      fi
+	    fi
+	    link_all_deplibs_CXX=yes
+	    ;;
+        esac
+        hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+        hardcode_libdir_separator_CXX=:
+        inherit_rpath_CXX=yes
+        ;;
+
+      linux* | k*bsd*-gnu)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+	    archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib ${wl}-retain-symbols-file,$export_symbols; mv \$templib $lib'
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+
+	    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	    export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -Bstatic", where "CC" is the KAI C++ compiler.
+	    old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs'
+	    ;;
+	  icpc* | ecpc* )
+	    # Intel C++
+	    with_gnu_ld=yes
+	    # version 8.0 and above of icpc choke on multiply defined symbols
+	    # if we add $predep_objects and $postdep_objects, however 7.1 and
+	    # earlier do not add the objects themselves.
+	    case `$CC -V 2>&1` in
+	      *"Version 7."*)
+	        archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+		archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	      *)  # Version 8.0 or newer
+	        tmp_idyn=
+	        case $host_cpu in
+		  ia64*) tmp_idyn=' -i_dynamic';;
+		esac
+	        archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+		archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-retain-symbols-file $wl$export_symbols -o $lib'
+		;;
+	    esac
+	    archive_cmds_need_lc_CXX=no
+	    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	    export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+	    whole_archive_flag_spec_CXX='${wl}--whole-archive$convenience ${wl}--no-whole-archive'
+	    ;;
+          pgCC* | pgcpp*)
+            # Portland Group C++ compiler
+	    case `$CC -V` in
+	    *pgCC\ [1-5]* | *pgcpp\ [1-5]*)
+	      prelink_cmds_CXX='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~
+		compile_command="$compile_command `find $tpldir -name \*.o | $NL2SP`"'
+	      old_archive_cmds_CXX='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~
+		$AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | $NL2SP`~
+		$RANLIB $oldlib'
+	      archive_cmds_CXX='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+		$CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+	      archive_expsym_cmds_CXX='tpldir=Template.dir~
+		rm -rf $tpldir~
+		$CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~
+		$CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | $NL2SP` $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+	      ;;
+	    *) # Version 6 will use weak symbols
+	      archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname -o $lib'
+	      archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname ${wl}-retain-symbols-file ${wl}$export_symbols -o $lib'
+	      ;;
+	    esac
+
+	    hardcode_libdir_flag_spec_CXX='${wl}--rpath ${wl}$libdir'
+	    export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+	    whole_archive_flag_spec_CXX='${wl}--whole-archive`for conv in $convenience\"\"; do test  -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+            ;;
+	  cxx*)
+	    # Compaq C++
+	    archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $wl$soname  -o $lib ${wl}-retain-symbols-file $wl$export_symbols'
+
+	    runpath_var=LD_RUN_PATH
+	    hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+	    hardcode_libdir_separator_CXX=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+	    ;;
+	  xl*)
+	    # IBM XL 8.0 on PPC, with GNU ld
+	    hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+	    export_dynamic_flag_spec_CXX='${wl}--export-dynamic'
+	    archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname -o $lib'
+	    if test "x$supports_anon_versioning" = xyes; then
+	      archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~
+		cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~
+		echo "local: *; };" >> $output_objdir/$libname.ver~
+		$CC -qmkshrobj $libobjs $deplibs $compiler_flags ${wl}-soname $wl$soname ${wl}-version-script ${wl}$output_objdir/$libname.ver -o $lib'
+	    fi
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      no_undefined_flag_CXX=' -zdefs'
+	      archive_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	      archive_expsym_cmds_CXX='$CC -G${allow_undefined_flag} -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file ${wl}$export_symbols'
+	      hardcode_libdir_flag_spec_CXX='-R$libdir'
+	      whole_archive_flag_spec_CXX='${wl}--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; $ECHO \"$new_convenience\"` ${wl}--no-whole-archive'
+	      compiler_needs_object_CXX=yes
+
+	      # Not sure whether something based on
+	      # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1
+	      # would be better.
+	      output_verbose_link_cmd='echo'
+
+	      # Archives containing C++ object files must be created using
+	      # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	      # necessary to make sure instantiated templates are included
+	      # in the archive.
+	      old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+
+      lynxos*)
+        # FIXME: insert proper C++ library support
+	ld_shlibs_CXX=no
+	;;
+
+      m88k*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+	;;
+
+      mvs*)
+        case $cc_basename in
+          cxx*)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+	  *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+	esac
+	;;
+
+      netbsd*)
+        if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+	  archive_cmds_CXX='$LD -Bshareable  -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags'
+	  wlarc=
+	  hardcode_libdir_flag_spec_CXX='-R$libdir'
+	  hardcode_direct_CXX=yes
+	  hardcode_shlibpath_var_CXX=no
+	fi
+	# Workaround some broken pre-1.5 toolchains
+	output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"'
+	;;
+
+      *nto* | *qnx*)
+        ld_shlibs_CXX=yes
+	;;
+
+      openbsd2*)
+        # C++ shared libraries are fairly broken
+	ld_shlibs_CXX=no
+	;;
+
+      openbsd*)
+	if test -f /usr/libexec/ld.so; then
+	  hardcode_direct_CXX=yes
+	  hardcode_shlibpath_var_CXX=no
+	  hardcode_direct_absolute_CXX=yes
+	  archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib'
+	  hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	  if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+	    archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-retain-symbols-file,$export_symbols -o $lib'
+	    export_dynamic_flag_spec_CXX='${wl}-E'
+	    whole_archive_flag_spec_CXX="$wlarc"'--whole-archive$convenience '"$wlarc"'--no-whole-archive'
+	  fi
+	  output_verbose_link_cmd=echo
+	else
+	  ld_shlibs_CXX=no
+	fi
+	;;
+
+      osf3* | osf4* | osf5*)
+        case $cc_basename in
+          KCC*)
+	    # Kuck and Associates, Inc. (KAI) C++ Compiler
+
+	    # KCC will only create a shared library if the output file
+	    # ends with ".so" (or ".sl" for HP-UX), so rename the library
+	    # to its proper name (with version) after linking.
+	    archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\${tempext}\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib'
+
+	    hardcode_libdir_flag_spec_CXX='${wl}-rpath,$libdir'
+	    hardcode_libdir_separator_CXX=:
+
+	    # Archives containing C++ object files must be created using
+	    # the KAI C++ compiler.
+	    case $host in
+	      osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;;
+	      *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;;
+	    esac
+	    ;;
+          RCC*)
+	    # Rational C++ 2.4.1
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          cxx*)
+	    case $host in
+	      osf3*)
+	        allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+	        archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname $soname `test -n "$verstring" && $ECHO "X${wl}-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	        hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+		;;
+	      *)
+	        allow_undefined_flag_CXX=' -expect_unresolved \*'
+	        archive_cmds_CXX='$CC -shared${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib'
+	        archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~
+	          echo "-hidden">> $lib.exp~
+	          $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname ${wl}-input ${wl}$lib.exp  `test -n "$verstring" && $ECHO "X-set_version $verstring" | $Xsed` -update_registry ${output_objdir}/so_locations -o $lib~
+	          $RM $lib.exp'
+	        hardcode_libdir_flag_spec_CXX='-rpath $libdir'
+		;;
+	    esac
+
+	    hardcode_libdir_separator_CXX=:
+
+	    # Commands to make compiler produce verbose output that lists
+	    # what "hidden" libraries, object files and flags are used when
+	    # linking a shared library.
+	    #
+	    # There doesn't appear to be a way to prevent this compiler from
+	    # explicitly linking system object files so we need to strip them
+	    # from the output so that they don't get included in the library
+	    # dependencies.
+	    output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`$ECHO "X$templist" | $Xsed -e "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list=""; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; $ECHO "X$list" | $Xsed'
+	    ;;
+	  *)
+	    if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	      allow_undefined_flag_CXX=' ${wl}-expect_unresolved ${wl}\*'
+	      case $host in
+	        osf3*)
+	          archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "X${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+		  ;;
+	        *)
+	          archive_cmds_CXX='$CC -shared -nostdlib ${allow_undefined_flag} $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-msym ${wl}-soname ${wl}$soname `test -n "$verstring" && $ECHO "${wl}-set_version ${wl}$verstring" | $Xsed` ${wl}-update_registry ${wl}${output_objdir}/so_locations -o $lib'
+		  ;;
+	      esac
+
+	      hardcode_libdir_flag_spec_CXX='${wl}-rpath ${wl}$libdir'
+	      hardcode_libdir_separator_CXX=:
+
+	      # Commands to make compiler produce verbose output that lists
+	      # what "hidden" libraries, object files and flags are used when
+	      # linking a shared library.
+	      output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+
+	    else
+	      # FIXME: insert proper C++ library support
+	      ld_shlibs_CXX=no
+	    fi
+	    ;;
+        esac
+        ;;
+
+      psos*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+
+      sunos4*)
+        case $cc_basename in
+          CC*)
+	    # Sun C++ 4.x
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          lcc*)
+	    # Lucid
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+        esac
+        ;;
+
+      solaris*)
+        case $cc_basename in
+          CC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+            archive_cmds_need_lc_CXX=yes
+	    no_undefined_flag_CXX=' -zdefs'
+	    archive_cmds_CXX='$CC -G${allow_undefined_flag}  -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags'
+	    archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+	      $CC -G${allow_undefined_flag} ${wl}-M ${wl}$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	    hardcode_libdir_flag_spec_CXX='-R$libdir'
+	    hardcode_shlibpath_var_CXX=no
+	    case $host_os in
+	      solaris2.[0-5] | solaris2.[0-5].*) ;;
+	      *)
+		# The compiler driver will combine and reorder linker options,
+		# but understands `-z linker_flag'.
+	        # Supported since Solaris 2.6 (maybe 2.5.1?)
+		whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract'
+	        ;;
+	    esac
+	    link_all_deplibs_CXX=yes
+
+	    output_verbose_link_cmd='echo'
+
+	    # Archives containing C++ object files must be created using
+	    # "CC -xar", where "CC" is the Sun C++ compiler.  This is
+	    # necessary to make sure instantiated templates are included
+	    # in the archive.
+	    old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs'
+	    ;;
+          gcx*)
+	    # Green Hills C++ Compiler
+	    archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+
+	    # The C++ compiler must be used to create the archive.
+	    old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs'
+	    ;;
+          *)
+	    # GNU C++ compiler with Solaris linker
+	    if test "$GXX" = yes && test "$with_gnu_ld" = no; then
+	      no_undefined_flag_CXX=' ${wl}-z ${wl}defs'
+	      if $CC --version | $GREP -v '^2\.7' > /dev/null; then
+	        archive_cmds_CXX='$CC -shared -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	        archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+		  $CC -shared -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+	      else
+	        # g++ 2.7 appears to require `-G' NOT `-shared' on this
+	        # platform.
+	        archive_cmds_CXX='$CC -G -nostdlib $LDFLAGS $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags ${wl}-h $wl$soname -o $lib'
+	        archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~
+		  $CC -G -nostdlib ${wl}-M $wl$lib.exp -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp'
+
+	        # Commands to make compiler produce verbose output that lists
+	        # what "hidden" libraries, object files and flags are used when
+	        # linking a shared library.
+	        output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP "\-L"'
+	      fi
+
+	      hardcode_libdir_flag_spec_CXX='${wl}-R $wl$libdir'
+	      case $host_os in
+		solaris2.[0-5] | solaris2.[0-5].*) ;;
+		*)
+		  whole_archive_flag_spec_CXX='${wl}-z ${wl}allextract$convenience ${wl}-z ${wl}defaultextract'
+		  ;;
+	      esac
+	    fi
+	    ;;
+        esac
+        ;;
+
+    sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*)
+      no_undefined_flag_CXX='${wl}-z,text'
+      archive_cmds_need_lc_CXX=no
+      hardcode_shlibpath_var_CXX=no
+      runpath_var='LD_RUN_PATH'
+
+      case $cc_basename in
+        CC*)
+	  archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+	*)
+	  archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	  ;;
+      esac
+      ;;
+
+      sysv5* | sco3.2v5* | sco5v6*)
+	# Note: We can NOT use -z defs as we might desire, because we do not
+	# link with -lc, and that would cause any symbols used from libc to
+	# always be unresolved, which means just about no library would
+	# ever link correctly.  If we're not using GNU ld we use -z text
+	# though, which does catch some bad symbols but isn't as heavy-handed
+	# as -z defs.
+	no_undefined_flag_CXX='${wl}-z,text'
+	allow_undefined_flag_CXX='${wl}-z,nodefs'
+	archive_cmds_need_lc_CXX=no
+	hardcode_shlibpath_var_CXX=no
+	hardcode_libdir_flag_spec_CXX='${wl}-R,$libdir'
+	hardcode_libdir_separator_CXX=':'
+	link_all_deplibs_CXX=yes
+	export_dynamic_flag_spec_CXX='${wl}-Bexport'
+	runpath_var='LD_RUN_PATH'
+
+	case $cc_basename in
+          CC*)
+	    archive_cmds_CXX='$CC -G ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    archive_expsym_cmds_CXX='$CC -G ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    ;;
+	  *)
+	    archive_cmds_CXX='$CC -shared ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    archive_expsym_cmds_CXX='$CC -shared ${wl}-Bexport:$export_symbols ${wl}-h,$soname -o $lib $libobjs $deplibs $compiler_flags'
+	    ;;
+	esac
+      ;;
+
+      tandem*)
+        case $cc_basename in
+          NCC*)
+	    # NonStop-UX NCC 3.20
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+          *)
+	    # FIXME: insert proper C++ library support
+	    ld_shlibs_CXX=no
+	    ;;
+        esac
+        ;;
+
+      vxworks*)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+
+      *)
+        # FIXME: insert proper C++ library support
+        ld_shlibs_CXX=no
+        ;;
+    esac
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+    test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+    GCC_CXX="$GXX"
+    LD_CXX="$LD"
+
+    ## CAVEAT EMPTOR:
+    ## There is no encapsulation within the following macros, do not change
+    ## the running order or otherwise move them around unless you know exactly
+    ## what you are doing...
+    # Dependencies to place before and after the object being linked:
+predep_objects_CXX=
+postdep_objects_CXX=
+predeps_CXX=
+postdeps_CXX=
+compiler_lib_search_path_CXX=
+
+cat > conftest.$ac_ext <<_LT_EOF
+class Foo
+{
+public:
+  Foo (void) { a = 0; }
+private:
+  int a;
+};
+_LT_EOF
+
+if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }; then
+  # Parse the compiler output and extract the necessary
+  # objects, libraries and library flags.
+
+  # Sentinel used to keep track of whether or not we are before
+  # the conftest object file.
+  pre_test_object_deps_done=no
+
+  for p in `eval "$output_verbose_link_cmd"`; do
+    case $p in
+
+    -L* | -R* | -l*)
+       # Some compilers place space between "-{L,R}" and the path.
+       # Remove the space.
+       if test $p = "-L" ||
+          test $p = "-R"; then
+	 prev=$p
+	 continue
+       else
+	 prev=
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 case $p in
+	 -L* | -R*)
+	   # Internal compiler library paths should come after those
+	   # provided the user.  The postdeps already come after the
+	   # user supplied libs so there is no need to process them.
+	   if test -z "$compiler_lib_search_path_CXX"; then
+	     compiler_lib_search_path_CXX="${prev}${p}"
+	   else
+	     compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} ${prev}${p}"
+	   fi
+	   ;;
+	 # The "-l" case would never come before the object being
+	 # linked, so don't bother handling this case.
+	 esac
+       else
+	 if test -z "$postdeps_CXX"; then
+	   postdeps_CXX="${prev}${p}"
+	 else
+	   postdeps_CXX="${postdeps_CXX} ${prev}${p}"
+	 fi
+       fi
+       ;;
+
+    *.$objext)
+       # This assumes that the test object file only shows up
+       # once in the compiler output.
+       if test "$p" = "conftest.$objext"; then
+	 pre_test_object_deps_done=yes
+	 continue
+       fi
+
+       if test "$pre_test_object_deps_done" = no; then
+	 if test -z "$predep_objects_CXX"; then
+	   predep_objects_CXX="$p"
+	 else
+	   predep_objects_CXX="$predep_objects_CXX $p"
+	 fi
+       else
+	 if test -z "$postdep_objects_CXX"; then
+	   postdep_objects_CXX="$p"
+	 else
+	   postdep_objects_CXX="$postdep_objects_CXX $p"
+	 fi
+       fi
+       ;;
+
+    *) ;; # Ignore the rest.
+
+    esac
+  done
+
+  # Clean up.
+  rm -f a.out a.exe
+else
+  echo "libtool.m4: error: problem compiling CXX test program"
+fi
+
+$RM -f confest.$objext
+
+# PORTME: override above test on systems where it is broken
+case $host_os in
+interix[3-9]*)
+  # Interix 3.5 installs completely hosed .la files for C++, so rather than
+  # hack all around it, let's just trust "g++" to DTRT.
+  predep_objects_CXX=
+  postdep_objects_CXX=
+  postdeps_CXX=
+  ;;
+
+linux*)
+  case `$CC -V 2>&1 | sed 5q` in
+  *Sun\ C*)
+    # Sun C++ 5.9
+
+    # The more standards-conforming stlport4 library is
+    # incompatible with the Cstd library. Avoid specifying
+    # it if it's in CXXFLAGS. Ignore libCrun as
+    # -library=stlport4 depends on it.
+    case " $CXX $CXXFLAGS " in
+    *" -library=stlport4 "*)
+      solaris_use_stlport4=yes
+      ;;
+    esac
+
+    if test "$solaris_use_stlport4" != yes; then
+      postdeps_CXX='-library=Cstd -library=Crun'
+    fi
+    ;;
+  esac
+  ;;
+
+solaris*)
+  case $cc_basename in
+  CC*)
+    # The more standards-conforming stlport4 library is
+    # incompatible with the Cstd library. Avoid specifying
+    # it if it's in CXXFLAGS. Ignore libCrun as
+    # -library=stlport4 depends on it.
+    case " $CXX $CXXFLAGS " in
+    *" -library=stlport4 "*)
+      solaris_use_stlport4=yes
+      ;;
+    esac
+
+    # Adding this requires a known-good setup of shared libraries for
+    # Sun compiler versions before 5.6, else PIC objects from an old
+    # archive will be linked into the output, leading to subtle bugs.
+    if test "$solaris_use_stlport4" != yes; then
+      postdeps_CXX='-library=Cstd -library=Crun'
+    fi
+    ;;
+  esac
+  ;;
+esac
+
+
+case " $postdeps_CXX " in
+*" -lc "*) archive_cmds_need_lc_CXX=no ;;
+esac
+ compiler_lib_search_dirs_CXX=
+if test -n "${compiler_lib_search_path_CXX}"; then
+ compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | ${SED} -e 's! -L! !g' -e 's!^ !!'`
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    lt_prog_compiler_wl_CXX=
+lt_prog_compiler_pic_CXX=
+lt_prog_compiler_static_CXX=
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5
+$as_echo_n "checking for $compiler option to produce PIC... " >&6; }
+
+  # C++ specific cases for pic, static, wl, etc.
+  if test "$GXX" = yes; then
+    lt_prog_compiler_wl_CXX='-Wl,'
+    lt_prog_compiler_static_CXX='-static'
+
+    case $host_os in
+    aix*)
+      # All AIX code is PIC.
+      if test "$host_cpu" = ia64; then
+	# AIX 5 now supports IA64 processor
+	lt_prog_compiler_static_CXX='-Bstatic'
+      fi
+      ;;
+
+    amigaos*)
+      case $host_cpu in
+      powerpc)
+            # see comment about AmigaOS4 .so support
+            lt_prog_compiler_pic_CXX='-fPIC'
+        ;;
+      m68k)
+            # FIXME: we need at least 68020 code to build shared libraries, but
+            # adding the `-m68020' flag to GCC prevents building anything better,
+            # like `-m68040'.
+            lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4'
+        ;;
+      esac
+      ;;
+
+    beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*)
+      # PIC is the default for these OSes.
+      ;;
+    mingw* | cygwin* | os2* | pw32* | cegcc*)
+      # This hack is so that the source file can tell whether it is being
+      # built for inclusion in a dll (and should export symbols for example).
+      # Although the cygwin gcc ignores -fPIC, still need this for old-style
+      # (--disable-auto-import) libraries
+      lt_prog_compiler_pic_CXX='-DDLL_EXPORT'
+      ;;
+    darwin* | rhapsody*)
+      # PIC is the default on this platform
+      # Common symbols not allowed in MH_DYLIB files
+      lt_prog_compiler_pic_CXX='-fno-common'
+      ;;
+    *djgpp*)
+      # DJGPP does not support shared libraries at all
+      lt_prog_compiler_pic_CXX=
+      ;;
+    interix[3-9]*)
+      # Interix 3.x gcc -fpic/-fPIC options generate broken code.
+      # Instead, we relocate shared libraries at runtime.
+      ;;
+    sysv4*MP*)
+      if test -d /usr/nec; then
+	lt_prog_compiler_pic_CXX=-Kconform_pic
+      fi
+      ;;
+    hpux*)
+      # PIC is the default for 64-bit PA HP-UX, but not for 32-bit
+      # PA HP-UX.  On IA64 HP-UX, PIC is the default but the pic flag
+      # sets the default TLS model and affects inlining.
+      case $host_cpu in
+      hppa*64*)
+	;;
+      *)
+	lt_prog_compiler_pic_CXX='-fPIC'
+	;;
+      esac
+      ;;
+    *qnx* | *nto*)
+      # QNX uses GNU C++, but need to define -shared option too, otherwise
+      # it will coredump.
+      lt_prog_compiler_pic_CXX='-fPIC -shared'
+      ;;
+    *)
+      lt_prog_compiler_pic_CXX='-fPIC'
+      ;;
+    esac
+  else
+    case $host_os in
+      aix[4-9]*)
+	# All AIX code is PIC.
+	if test "$host_cpu" = ia64; then
+	  # AIX 5 now supports IA64 processor
+	  lt_prog_compiler_static_CXX='-Bstatic'
+	else
+	  lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp'
+	fi
+	;;
+      chorus*)
+	case $cc_basename in
+	cxch68*)
+	  # Green Hills C++ Compiler
+	  # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a"
+	  ;;
+	esac
+	;;
+      dgux*)
+	case $cc_basename in
+	  ec++*)
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    ;;
+	  ghcx*)
+	    # Green Hills C++ Compiler
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      freebsd* | dragonfly*)
+	# FreeBSD uses GNU C++
+	;;
+      hpux9* | hpux10* | hpux11*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+	    if test "$host_cpu" != ia64; then
+	      lt_prog_compiler_pic_CXX='+Z'
+	    fi
+	    ;;
+	  aCC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='${wl}-a ${wl}archive'
+	    case $host_cpu in
+	    hppa*64*|ia64*)
+	      # +Z the default
+	      ;;
+	    *)
+	      lt_prog_compiler_pic_CXX='+Z'
+	      ;;
+	    esac
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      interix*)
+	# This is c89, which is MS Visual C++ (no shared libs)
+	# Anyone wants to do a port?
+	;;
+      irix5* | irix6* | nonstopux*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    # CC pic flag -KPIC is the default.
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      linux* | k*bsd*-gnu)
+	case $cc_basename in
+	  KCC*)
+	    # KAI C++ Compiler
+	    lt_prog_compiler_wl_CXX='--backend -Wl,'
+	    lt_prog_compiler_pic_CXX='-fPIC'
+	    ;;
+	  ecpc* )
+	    # old Intel C++ for x86_64 which still supported -KPIC.
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-static'
+	    ;;
+	  icpc* )
+	    # Intel C++, used to be incompatible with GCC.
+	    # ICC 10 doesn't accept -KPIC any more.
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-fPIC'
+	    lt_prog_compiler_static_CXX='-static'
+	    ;;
+	  pgCC* | pgcpp*)
+	    # Portland Group C++ compiler
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-fpic'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	  cxx*)
+	    # Compaq C++
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    lt_prog_compiler_pic_CXX=
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    ;;
+	  xlc* | xlC*)
+	    # IBM XL 8.0 on PPC
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-qpic'
+	    lt_prog_compiler_static_CXX='-qstaticlink'
+	    ;;
+	  *)
+	    case `$CC -V 2>&1 | sed 5q` in
+	    *Sun\ C*)
+	      # Sun C++ 5.9
+	      lt_prog_compiler_pic_CXX='-KPIC'
+	      lt_prog_compiler_static_CXX='-Bstatic'
+	      lt_prog_compiler_wl_CXX='-Qoption ld '
+	      ;;
+	    esac
+	    ;;
+	esac
+	;;
+      lynxos*)
+	;;
+      m88k*)
+	;;
+      mvs*)
+	case $cc_basename in
+	  cxx*)
+	    lt_prog_compiler_pic_CXX='-W c,exportall'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      netbsd*)
+	;;
+      *qnx* | *nto*)
+        # QNX uses GNU C++, but need to define -shared option too, otherwise
+        # it will coredump.
+        lt_prog_compiler_pic_CXX='-fPIC -shared'
+        ;;
+      osf3* | osf4* | osf5*)
+	case $cc_basename in
+	  KCC*)
+	    lt_prog_compiler_wl_CXX='--backend -Wl,'
+	    ;;
+	  RCC*)
+	    # Rational C++ 2.4.1
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  cxx*)
+	    # Digital/Compaq C++
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    # Make sure the PIC flag is empty.  It appears that all Alpha
+	    # Linux and Compaq Tru64 Unix objects are PIC.
+	    lt_prog_compiler_pic_CXX=
+	    lt_prog_compiler_static_CXX='-non_shared'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      psos*)
+	;;
+      solaris*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.2, 5.x and Centerline C++
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    lt_prog_compiler_wl_CXX='-Qoption ld '
+	    ;;
+	  gcx*)
+	    # Green Hills C++ Compiler
+	    lt_prog_compiler_pic_CXX='-PIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sunos4*)
+	case $cc_basename in
+	  CC*)
+	    # Sun C++ 4.x
+	    lt_prog_compiler_pic_CXX='-pic'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	  lcc*)
+	    # Lucid
+	    lt_prog_compiler_pic_CXX='-pic'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*)
+	case $cc_basename in
+	  CC*)
+	    lt_prog_compiler_wl_CXX='-Wl,'
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    lt_prog_compiler_static_CXX='-Bstatic'
+	    ;;
+	esac
+	;;
+      tandem*)
+	case $cc_basename in
+	  NCC*)
+	    # NonStop-UX NCC 3.20
+	    lt_prog_compiler_pic_CXX='-KPIC'
+	    ;;
+	  *)
+	    ;;
+	esac
+	;;
+      vxworks*)
+	;;
+      *)
+	lt_prog_compiler_can_build_shared_CXX=no
+	;;
+    esac
+  fi
+
+case $host_os in
+  # For platforms which do not support PIC, -DPIC is meaningless:
+  *djgpp*)
+    lt_prog_compiler_pic_CXX=
+    ;;
+  *)
+    lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC"
+    ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_prog_compiler_pic_CXX" >&5
+$as_echo "$lt_prog_compiler_pic_CXX" >&6; }
+
+
+
+#
+# Check to make sure the PIC flag actually works.
+#
+if test -n "$lt_prog_compiler_pic_CXX"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5
+$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; }
+if test "${lt_cv_prog_compiler_pic_works_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_pic_works_CXX=no
+   ac_outfile=conftest.$ac_objext
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+   lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   # The option is referenced via a variable to avoid confusing sed.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:13562: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>conftest.err)
+   ac_status=$?
+   cat conftest.err >&5
+   echo "$as_me:13566: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s "$ac_outfile"; then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings other than the usual output.
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' >conftest.exp
+     $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+     if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_pic_works_CXX=yes
+     fi
+   fi
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; }
+
+if test x"$lt_cv_prog_compiler_pic_works_CXX" = xyes; then
+    case $lt_prog_compiler_pic_CXX in
+     "" | " "*) ;;
+     *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;;
+     esac
+else
+    lt_prog_compiler_pic_CXX=
+     lt_prog_compiler_can_build_shared_CXX=no
+fi
+
+fi
+
+
+
+#
+# Check to make sure the static flag actually works.
+#
+wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5
+$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; }
+if test "${lt_cv_prog_compiler_static_works_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_static_works_CXX=no
+   save_LDFLAGS="$LDFLAGS"
+   LDFLAGS="$LDFLAGS $lt_tmp_static_flag"
+   echo "$lt_simple_link_test_code" > conftest.$ac_ext
+   if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then
+     # The linker can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     if test -s conftest.err; then
+       # Append any errors to the config.log.
+       cat conftest.err 1>&5
+       $ECHO "X$_lt_linker_boilerplate" | $Xsed -e '/^$/d' > conftest.exp
+       $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2
+       if diff conftest.exp conftest.er2 >/dev/null; then
+         lt_cv_prog_compiler_static_works_CXX=yes
+       fi
+     else
+       lt_cv_prog_compiler_static_works_CXX=yes
+     fi
+   fi
+   $RM -r conftest*
+   LDFLAGS="$save_LDFLAGS"
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; }
+
+if test x"$lt_cv_prog_compiler_static_works_CXX" = xyes; then
+    :
+else
+    lt_prog_compiler_static_CXX=
+fi
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o_CXX=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:13661: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:13665: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_CXX=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5
+$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; }
+if test "${lt_cv_prog_compiler_c_o_CXX+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  lt_cv_prog_compiler_c_o_CXX=no
+   $RM -r conftest 2>/dev/null
+   mkdir conftest
+   cd conftest
+   mkdir out
+   echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+   lt_compiler_flag="-o out/conftest2.$ac_objext"
+   # Insert the option either (1) after the last *FLAGS variable, or
+   # (2) before a word containing "conftest.", or (3) at the end.
+   # Note that $ac_compile itself does not contain backslashes and begins
+   # with a dollar sign (not a hyphen), so the echo should work correctly.
+   lt_compile=`echo "$ac_compile" | $SED \
+   -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \
+   -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \
+   -e 's:$: $lt_compiler_flag:'`
+   (eval echo "\"\$as_me:13713: $lt_compile\"" >&5)
+   (eval "$lt_compile" 2>out/conftest.err)
+   ac_status=$?
+   cat out/conftest.err >&5
+   echo "$as_me:13717: \$? = $ac_status" >&5
+   if (exit $ac_status) && test -s out/conftest2.$ac_objext
+   then
+     # The compiler can only warn and ignore the option if not recognized
+     # So say no if there are warnings
+     $ECHO "X$_lt_compiler_boilerplate" | $Xsed -e '/^$/d' > out/conftest.exp
+     $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2
+     if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then
+       lt_cv_prog_compiler_c_o_CXX=yes
+     fi
+   fi
+   chmod u+w . 2>&5
+   $RM conftest*
+   # SGI C++ compiler will create directory out/ii_files/ for
+   # template instantiation
+   test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files
+   $RM out/* && rmdir out
+   cd ..
+   $RM -r conftest
+   $RM conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5
+$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; }
+
+
+
+
+hard_links="nottested"
+if test "$lt_cv_prog_compiler_c_o_CXX" = no && test "$need_locks" != no; then
+  # do not overwrite the value of need_locks provided by the user
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5
+$as_echo_n "checking if we can lock with hard links... " >&6; }
+  hard_links=yes
+  $RM conftest*
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  touch conftest.a
+  ln conftest.a conftest.b 2>&5 || hard_links=no
+  ln conftest.a conftest.b 2>/dev/null && hard_links=no
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5
+$as_echo "$hard_links" >&6; }
+  if test "$hard_links" = no; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&5
+$as_echo "$as_me: WARNING: \`$CC' does not support \`-c -o', so \`make -j' may be unsafe" >&2;}
+    need_locks=warn
+  fi
+else
+  need_locks=no
+fi
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5
+$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; }
+
+  export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  case $host_os in
+  aix[4-9]*)
+    # If we're using GNU nm, then we don't want the "-C" option.
+    # -C means demangle to AIX nm, but means don't demangle with GNU nm
+    if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then
+      export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+    else
+      export_symbols_cmds_CXX='$NM -BCpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B")) && (substr(\$ 3,1,1) != ".")) { print \$ 3 } }'\'' | sort -u > $export_symbols'
+    fi
+    ;;
+  pw32*)
+    export_symbols_cmds_CXX="$ltdll_cmds"
+  ;;
+  cygwin* | mingw* | cegcc*)
+    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;/^.*[ ]__nm__/s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  *)
+    export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols'
+  ;;
+  esac
+  exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*'
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5
+$as_echo "$ld_shlibs_CXX" >&6; }
+test "$ld_shlibs_CXX" = no && can_build_shared=no
+
+with_gnu_ld_CXX=$with_gnu_ld
+
+
+
+
+
+
+#
+# Do we need to explicitly link libc?
+#
+case "x$archive_cmds_need_lc_CXX" in
+x|xyes)
+  # Assume -lc should be added
+  archive_cmds_need_lc_CXX=yes
+
+  if test "$enable_shared" = yes && test "$GCC" = yes; then
+    case $archive_cmds_CXX in
+    *'~'*)
+      # FIXME: we may have to deal with multi-command sequences.
+      ;;
+    '$CC '*)
+      # Test whether the compiler implicitly links with -lc since on some
+      # systems, -lgcc has to come before -lc. If gcc already passes -lc
+      # to ld, don't add -lc before -lgcc.
+      { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5
+$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; }
+      $RM conftest*
+      echo "$lt_simple_compile_test_code" > conftest.$ac_ext
+
+      if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5
+  (eval $ac_compile) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; } 2>conftest.err; then
+        soname=conftest
+        lib=conftest
+        libobjs=conftest.$ac_objext
+        deplibs=
+        wl=$lt_prog_compiler_wl_CXX
+	pic_flag=$lt_prog_compiler_pic_CXX
+        compiler_flags=-v
+        linker_flags=-v
+        verstring=
+        output_objdir=.
+        libname=conftest
+        lt_save_allow_undefined_flag=$allow_undefined_flag_CXX
+        allow_undefined_flag_CXX=
+        if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5
+  (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5
+  ac_status=$?
+  $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5
+  test $ac_status = 0; }
+        then
+	  archive_cmds_need_lc_CXX=no
+        else
+	  archive_cmds_need_lc_CXX=yes
+        fi
+        allow_undefined_flag_CXX=$lt_save_allow_undefined_flag
+      else
+        cat conftest.err 1>&5
+      fi
+      $RM conftest*
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: $archive_cmds_need_lc_CXX" >&5
+$as_echo "$archive_cmds_need_lc_CXX" >&6; }
+      ;;
+    esac
+  fi
+  ;;
+esac
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5
+$as_echo_n "checking dynamic linker characteristics... " >&6; }
+
+library_names_spec=
+libname_spec='lib$name'
+soname_spec=
+shrext_cmds=".so"
+postinstall_cmds=
+postuninstall_cmds=
+finish_cmds=
+finish_eval=
+shlibpath_var=
+shlibpath_overrides_runpath=unknown
+version_type=none
+dynamic_linker="$host_os ld.so"
+sys_lib_dlsearch_path_spec="/lib /usr/lib"
+need_lib_prefix=unknown
+hardcode_into_libs=no
+
+# when you set need_version to no, make sure it does not cause -set_version
+# flags to be left without arguments
+need_version=unknown
+
+case $host_os in
+aix3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix $libname.a'
+  shlibpath_var=LIBPATH
+
+  # AIX 3 has no versioning support, so we append a major version to the name.
+  soname_spec='${libname}${release}${shared_ext}$major'
+  ;;
+
+aix[4-9]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  hardcode_into_libs=yes
+  if test "$host_cpu" = ia64; then
+    # AIX 5 supports IA64
+    library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
+    shlibpath_var=LD_LIBRARY_PATH
+  else
+    # With GCC up to 2.95.x, collect2 would create an import file
+    # for dependence libraries.  The import file would start with
+    # the line `#! .'.  This would cause the generated library to
+    # depend on `.', always an invalid library.  This was fixed in
+    # development snapshots of GCC prior to 3.0.
+    case $host_os in
+      aix4 | aix4.[01] | aix4.[01].*)
+      if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)'
+	   echo ' yes '
+	   echo '#endif'; } | ${CC} -E - | $GREP yes > /dev/null; then
+	:
+      else
+	can_build_shared=no
+      fi
+      ;;
+    esac
+    # AIX (on Power*) has no versioning support, so currently we can not hardcode correct
+    # soname into executable. Probably we can add versioning support to
+    # collect2, so additional links can be useful in future.
+    if test "$aix_use_runtimelinking" = yes; then
+      # If using run time linking (on AIX 4.2 or later) use lib<name>.so
+      # instead of lib<name>.a to let people know that these are not
+      # typical AIX shared libraries.
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    else
+      # We preserve .a as extension for shared libraries through AIX4.2
+      # and later when we are not doing run time linking.
+      library_names_spec='${libname}${release}.a $libname.a'
+      soname_spec='${libname}${release}${shared_ext}$major'
+    fi
+    shlibpath_var=LIBPATH
+  fi
+  ;;
+
+amigaos*)
+  case $host_cpu in
+  powerpc)
+    # Since July 2007 AmigaOS4 officially supports .so libraries.
+    # When compiling the executable, add -use-dynld -Lsobjs: to the compileline.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    ;;
+  m68k)
+    library_names_spec='$libname.ixlibrary $libname.a'
+    # Create ${libname}_ixlibrary.a entries in /sys/libs.
+    finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`$ECHO "X$lib" | $Xsed -e '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; test $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done'
+    ;;
+  esac
+  ;;
+
+beos*)
+  library_names_spec='${libname}${shared_ext}'
+  dynamic_linker="$host_os ld.so"
+  shlibpath_var=LIBRARY_PATH
+  ;;
+
+bsdi[45]*)
+  version_type=linux
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib"
+  sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib"
+  # the default ld.so.conf also contains /usr/contrib/lib and
+  # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow
+  # libtool to hard-code these into programs
+  ;;
+
+cygwin* | mingw* | pw32* | cegcc*)
+  version_type=windows
+  shrext_cmds=".dll"
+  need_version=no
+  need_lib_prefix=no
+
+  case $GCC,$host_os in
+  yes,cygwin* | yes,mingw* | yes,pw32* | yes,cegcc*)
+    library_names_spec='$libname.dll.a'
+    # DLL is installed to $(libdir)/../bin by postinstall_cmds
+    postinstall_cmds='base_file=`basename \${file}`~
+      dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\${base_file}'\''i; echo \$dlname'\''`~
+      dldir=$destdir/`dirname \$dlpath`~
+      test -d \$dldir || mkdir -p \$dldir~
+      $install_prog $dir/$dlname \$dldir/$dlname~
+      chmod a+x \$dldir/$dlname~
+      if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then
+        eval '\''$striplib \$dldir/$dlname'\'' || exit \$?;
+      fi'
+    postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~
+      dlpath=$dir/\$dldll~
+       $RM \$dlpath'
+    shlibpath_overrides_runpath=yes
+
+    case $host_os in
+    cygwin*)
+      # Cygwin DLLs use 'cyg' prefix rather than 'lib'
+      soname_spec='`echo ${libname} | sed -e 's/^lib/cyg/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec="/usr/lib /lib/w32api /lib /usr/local/lib"
+      ;;
+    mingw* | cegcc*)
+      # MinGW DLLs use traditional 'lib' prefix
+      soname_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      sys_lib_search_path_spec=`$CC -print-search-dirs | $GREP "^libraries:" | $SED -e "s/^libraries://" -e "s,=/,/,g"`
+      if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then
+        # It is most probably a Windows format PATH printed by
+        # mingw gcc, but we are running on Cygwin. Gcc prints its search
+        # path with ; separators, and with drive letters. We can handle the
+        # drive letters (cygwin fileutils understands them), so leave them,
+        # especially as we might pass files found there to a mingw objdump,
+        # which wouldn't understand a cygwinified path. Ahh.
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'`
+      else
+        sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED  -e "s/$PATH_SEPARATOR/ /g"`
+      fi
+      ;;
+    pw32*)
+      # pw32 DLLs use 'pw' prefix rather than 'lib'
+      library_names_spec='`echo ${libname} | sed -e 's/^lib/pw/'``echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext}'
+      ;;
+    esac
+    ;;
+
+  *)
+    library_names_spec='${libname}`echo ${release} | $SED -e 's/[.]/-/g'`${versuffix}${shared_ext} $libname.lib'
+    ;;
+  esac
+  dynamic_linker='Win32 ld.exe'
+  # FIXME: first we should search . and the directory the executable is in
+  shlibpath_var=PATH
+  ;;
+
+darwin* | rhapsody*)
+  dynamic_linker="$host_os dyld"
+  version_type=darwin
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${major}$shared_ext ${libname}$shared_ext'
+  soname_spec='${libname}${release}${major}$shared_ext'
+  shlibpath_overrides_runpath=yes
+  shlibpath_var=DYLD_LIBRARY_PATH
+  shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`'
+
+  sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib'
+  ;;
+
+dgux*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname$shared_ext'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+freebsd1*)
+  dynamic_linker=no
+  ;;
+
+freebsd* | dragonfly*)
+  # DragonFly does not have aout.  When/if they implement a new
+  # versioning mechanism, adjust this.
+  if test -x /usr/bin/objformat; then
+    objformat=`/usr/bin/objformat`
+  else
+    case $host_os in
+    freebsd[123]*) objformat=aout ;;
+    *) objformat=elf ;;
+    esac
+  fi
+  version_type=freebsd-$objformat
+  case $version_type in
+    freebsd-elf*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+      need_version=no
+      need_lib_prefix=no
+      ;;
+    freebsd-*)
+      library_names_spec='${libname}${release}${shared_ext}$versuffix $libname${shared_ext}$versuffix'
+      need_version=yes
+      ;;
+  esac
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_os in
+  freebsd2*)
+    shlibpath_overrides_runpath=yes
+    ;;
+  freebsd3.[01]* | freebsdelf3.[01]*)
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  freebsd3.[2-9]* | freebsdelf3.[2-9]* | \
+  freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1)
+    shlibpath_overrides_runpath=no
+    hardcode_into_libs=yes
+    ;;
+  *) # from 4.6 on, and DragonFly
+    shlibpath_overrides_runpath=yes
+    hardcode_into_libs=yes
+    ;;
+  esac
+  ;;
+
+gnu*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}${major} ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  hardcode_into_libs=yes
+  ;;
+
+hpux9* | hpux10* | hpux11*)
+  # Give a soname corresponding to the major version so that dld.sl refuses to
+  # link against other versions.
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  case $host_cpu in
+  ia64*)
+    shrext_cmds='.so'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.so"
+    shlibpath_var=LD_LIBRARY_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    if test "X$HPUX_IA64_MODE" = X32; then
+      sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib"
+    else
+      sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64"
+    fi
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  hppa*64*)
+    shrext_cmds='.sl'
+    hardcode_into_libs=yes
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
+    shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64"
+    sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec
+    ;;
+  *)
+    shrext_cmds='.sl'
+    dynamic_linker="$host_os dld.sl"
+    shlibpath_var=SHLIB_PATH
+    shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    ;;
+  esac
+  # HP-UX runs *really* slowly unless shared libraries are mode 555.
+  postinstall_cmds='chmod 555 $lib'
+  ;;
+
+interix[3-9]*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+irix5* | irix6* | nonstopux*)
+  case $host_os in
+    nonstopux*) version_type=nonstopux ;;
+    *)
+	if test "$lt_cv_prog_gnu_ld" = yes; then
+		version_type=linux
+	else
+		version_type=irix
+	fi ;;
+  esac
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext} $libname${shared_ext}'
+  case $host_os in
+  irix5* | nonstopux*)
+    libsuff= shlibsuff=
+    ;;
+  *)
+    case $LD in # libtool.m4 will add one of these switches to LD
+    *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ")
+      libsuff= shlibsuff= libmagic=32-bit;;
+    *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ")
+      libsuff=32 shlibsuff=N32 libmagic=N32;;
+    *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ")
+      libsuff=64 shlibsuff=64 libmagic=64-bit;;
+    *) libsuff= shlibsuff= libmagic=never-match;;
+    esac
+    ;;
+  esac
+  shlibpath_var=LD_LIBRARY${shlibsuff}_PATH
+  shlibpath_overrides_runpath=no
+  sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
+  sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
+  hardcode_into_libs=yes
+  ;;
+
+# No shared lib support for Linux oldld, aout, or coff.
+linux*oldld* | linux*aout* | linux*coff*)
+  dynamic_linker=no
+  ;;
+
+# This must be Linux ELF.
+linux* | k*bsd*-gnu)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  # Some binutils ld are patched to set DT_RUNPATH
+  save_LDFLAGS=$LDFLAGS
+  save_libdir=$libdir
+  eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \
+       LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\""
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_cxx_try_link "$LINENO"; then :
+  if  ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then :
+  shlibpath_overrides_runpath=yes
+fi
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+  LDFLAGS=$save_LDFLAGS
+  libdir=$save_libdir
+
+  # This implies no fast_install, which is unacceptable.
+  # Some rework will be needed to allow for fast_install
+  # before this can be enabled.
+  hardcode_into_libs=yes
+
+  # Add ABI-specific directories to the system library path.
+  sys_lib_dlsearch_path_spec="/lib64 /usr/lib64 /lib /usr/lib"
+
+  # Append ld.so.conf contents to the search path
+  if test -f /etc/ld.so.conf; then
+    lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[	 ]*hwcap[	 ]/d;s/[:,	]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;/^$/d' | tr '\n' ' '`
+    sys_lib_dlsearch_path_spec="$sys_lib_dlsearch_path_spec $lt_ld_extra"
+  fi
+
+  # We used to test for /lib/ld.so.1 and disable shared libraries on
+  # powerpc, because MkLinux only supported shared libraries with the
+  # GNU dynamic linker.  Since this was broken with cross compilers,
+  # most powerpc-linux boxes support dynamic linking these days and
+  # people can always --disable-shared, the test was removed, and we
+  # assume the GNU/Linux dynamic linker is in use.
+  dynamic_linker='GNU/Linux ld.so'
+  ;;
+
+netbsd*)
+  version_type=sunos
+  need_lib_prefix=no
+  need_version=no
+  if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+    finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+    dynamic_linker='NetBSD (a.out) ld.so'
+  else
+    library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major ${libname}${shared_ext}'
+    soname_spec='${libname}${release}${shared_ext}$major'
+    dynamic_linker='NetBSD ld.elf_so'
+  fi
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  ;;
+
+newsos6)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  ;;
+
+*nto* | *qnx*)
+  version_type=qnx
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  dynamic_linker='ldqnx.so'
+  ;;
+
+openbsd*)
+  version_type=sunos
+  sys_lib_dlsearch_path_spec="/usr/lib"
+  need_lib_prefix=no
+  # Some older versions of OpenBSD (3.3 at least) *do* need versioned libs.
+  case $host_os in
+    openbsd3.3 | openbsd3.3.*)	need_version=yes ;;
+    *)				need_version=no  ;;
+  esac
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`" || test "$host_os-$host_cpu" = "openbsd2.8-powerpc"; then
+    case $host_os in
+      openbsd2.[89] | openbsd2.[89].*)
+	shlibpath_overrides_runpath=no
+	;;
+      *)
+	shlibpath_overrides_runpath=yes
+	;;
+      esac
+  else
+    shlibpath_overrides_runpath=yes
+  fi
+  ;;
+
+os2*)
+  libname_spec='$name'
+  shrext_cmds=".dll"
+  need_lib_prefix=no
+  library_names_spec='$libname${shared_ext} $libname.a'
+  dynamic_linker='OS/2 ld.exe'
+  shlibpath_var=LIBPATH
+  ;;
+
+osf3* | osf4* | osf5*)
+  version_type=osf
+  need_lib_prefix=no
+  need_version=no
+  soname_spec='${libname}${release}${shared_ext}$major'
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib"
+  sys_lib_dlsearch_path_spec="$sys_lib_search_path_spec"
+  ;;
+
+rdos*)
+  dynamic_linker=no
+  ;;
+
+solaris*)
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  # ldd complains unless libraries are executable
+  postinstall_cmds='chmod +x $lib'
+  ;;
+
+sunos4*)
+  version_type=sunos
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${shared_ext}$versuffix'
+  finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  if test "$with_gnu_ld" = yes; then
+    need_lib_prefix=no
+  fi
+  need_version=yes
+  ;;
+
+sysv4 | sysv4.3*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  case $host_vendor in
+    sni)
+      shlibpath_overrides_runpath=no
+      need_lib_prefix=no
+      runpath_var=LD_RUN_PATH
+      ;;
+    siemens)
+      need_lib_prefix=no
+      ;;
+    motorola)
+      need_lib_prefix=no
+      need_version=no
+      shlibpath_overrides_runpath=no
+      sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib'
+      ;;
+  esac
+  ;;
+
+sysv4*MP*)
+  if test -d /usr/nec ;then
+    version_type=linux
+    library_names_spec='$libname${shared_ext}.$versuffix $libname${shared_ext}.$major $libname${shared_ext}'
+    soname_spec='$libname${shared_ext}.$major'
+    shlibpath_var=LD_LIBRARY_PATH
+  fi
+  ;;
+
+sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*)
+  version_type=freebsd-elf
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext} $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=yes
+  hardcode_into_libs=yes
+  if test "$with_gnu_ld" = yes; then
+    sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
+  else
+    sys_lib_search_path_spec='/usr/ccs/lib /usr/lib'
+    case $host_os in
+      sco3.2v5*)
+        sys_lib_search_path_spec="$sys_lib_search_path_spec /lib"
+	;;
+    esac
+  fi
+  sys_lib_dlsearch_path_spec='/usr/lib'
+  ;;
+
+tpf*)
+  # TPF is a cross-target only.  Preferred cross-host = GNU/Linux.
+  version_type=linux
+  need_lib_prefix=no
+  need_version=no
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  shlibpath_var=LD_LIBRARY_PATH
+  shlibpath_overrides_runpath=no
+  hardcode_into_libs=yes
+  ;;
+
+uts4*)
+  version_type=linux
+  library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
+  soname_spec='${libname}${release}${shared_ext}$major'
+  shlibpath_var=LD_LIBRARY_PATH
+  ;;
+
+*)
+  dynamic_linker=no
+  ;;
+esac
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5
+$as_echo "$dynamic_linker" >&6; }
+test "$dynamic_linker" = no && can_build_shared=no
+
+variables_saved_for_relink="PATH $shlibpath_var $runpath_var"
+if test "$GCC" = yes; then
+  variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH"
+fi
+
+if test "${lt_cv_sys_lib_search_path_spec+set}" = set; then
+  sys_lib_search_path_spec="$lt_cv_sys_lib_search_path_spec"
+fi
+if test "${lt_cv_sys_lib_dlsearch_path_spec+set}" = set; then
+  sys_lib_dlsearch_path_spec="$lt_cv_sys_lib_dlsearch_path_spec"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5
+$as_echo_n "checking how to hardcode library paths into programs... " >&6; }
+hardcode_action_CXX=
+if test -n "$hardcode_libdir_flag_spec_CXX" ||
+   test -n "$runpath_var_CXX" ||
+   test "X$hardcode_automatic_CXX" = "Xyes" ; then
+
+  # We can hardcode non-existent directories.
+  if test "$hardcode_direct_CXX" != no &&
+     # If the only mechanism to avoid hardcoding is shlibpath_var, we
+     # have to relink, otherwise we might link with an installed library
+     # when we should be linking with a yet-to-be-installed one
+     ## test "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" != no &&
+     test "$hardcode_minus_L_CXX" != no; then
+    # Linking always hardcodes the temporary library directory.
+    hardcode_action_CXX=relink
+  else
+    # We can link without hardcoding, and we can hardcode nonexisting dirs.
+    hardcode_action_CXX=immediate
+  fi
+else
+  # We cannot hardcode anything, or else we can only hardcode existing
+  # directories.
+  hardcode_action_CXX=unsupported
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5
+$as_echo "$hardcode_action_CXX" >&6; }
+
+if test "$hardcode_action_CXX" = relink ||
+   test "$inherit_rpath_CXX" = yes; then
+  # Fast installation is not supported
+  enable_fast_install=no
+elif test "$shlibpath_overrides_runpath" = yes ||
+     test "$enable_shared" = no; then
+  # Fast installation is not necessary
+  enable_fast_install=needless
+fi
+
+
+
+
+
+
+
+  fi # test -n "$compiler"
+
+  CC=$lt_save_CC
+  LDCXX=$LD
+  LD=$lt_save_LD
+  GCC=$lt_save_GCC
+  with_gnu_ld=$lt_save_with_gnu_ld
+  lt_cv_path_LDCXX=$lt_cv_path_LD
+  lt_cv_path_LD=$lt_save_path_LD
+  lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld
+  lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld
+fi # test "$_lt_caught_CXX_error" != yes
+
+ac_ext=c
+ac_cpp='$CPP $CPPFLAGS'
+ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
+ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
+ac_compiler_gnu=$ac_cv_c_compiler_gnu
+
+
+
+
+
+
+
+
+
+
+
+
+
+        ac_config_commands="$ac_config_commands libtool"
+
+
+
+
+# Only expand once:
+
+
+
+# Checks for header files.
+ac_header_dirent=no
+for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h; do
+  as_ac_Header=`$as_echo "ac_cv_header_dirent_$ac_hdr" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_hdr that defines DIR" >&5
+$as_echo_n "checking for $ac_hdr that defines DIR... " >&6; }
+if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <$ac_hdr>
+
+int
+main ()
+{
+if ((DIR *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  eval "$as_ac_Header=yes"
+else
+  eval "$as_ac_Header=no"
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+eval ac_res=\$$as_ac_Header
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_hdr" | $as_tr_cpp` 1
+_ACEOF
+
+ac_header_dirent=$ac_hdr; break
+fi
+
+done
+# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix.
+if test $ac_header_dirent = dirent.h; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' dir; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_opendir+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+  ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing opendir" >&5
+$as_echo_n "checking for library containing opendir... " >&6; }
+if test "${ac_cv_search_opendir+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_func_search_save_LIBS=$LIBS
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char opendir ();
+int
+main ()
+{
+return opendir ();
+  ;
+  return 0;
+}
+_ACEOF
+for ac_lib in '' x; do
+  if test -z "$ac_lib"; then
+    ac_res="none required"
+  else
+    ac_res=-l$ac_lib
+    LIBS="-l$ac_lib  $ac_func_search_save_LIBS"
+  fi
+  if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_search_opendir=$ac_res
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext
+  if test "${ac_cv_search_opendir+set}" = set; then :
+  break
+fi
+done
+if test "${ac_cv_search_opendir+set}" = set; then :
+
+else
+  ac_cv_search_opendir=no
+fi
+rm conftest.$ac_ext
+LIBS=$ac_func_search_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_opendir" >&5
+$as_echo "$ac_cv_search_opendir" >&6; }
+ac_res=$ac_cv_search_opendir
+if test "$ac_res" != no; then :
+  test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
+
+fi
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5
+$as_echo_n "checking for ANSI C header files... " >&6; }
+if test "${ac_cv_header_stdc+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+#include <stdarg.h>
+#include <string.h>
+#include <float.h>
+
+int
+main ()
+{
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdc=yes
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+
+if test $ac_cv_header_stdc = yes; then
+  # SunOS 4.x string.h does not declare mem*, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <string.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "memchr" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI.
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <stdlib.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "free" >/dev/null 2>&1; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f conftest*
+
+fi
+
+if test $ac_cv_header_stdc = yes; then
+  # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
+  if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <ctype.h>
+#include <stdlib.h>
+#if ((' ' & 0x0FF) == 0x020)
+# define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
+# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
+#else
+# define ISLOWER(c) \
+		   (('a' <= (c) && (c) <= 'i') \
+		     || ('j' <= (c) && (c) <= 'r') \
+		     || ('s' <= (c) && (c) <= 'z'))
+# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c))
+#endif
+
+#define XOR(e, f) (((e) && !(f)) || (!(e) && (f)))
+int
+main ()
+{
+  int i;
+  for (i = 0; i < 256; i++)
+    if (XOR (islower (i), ISLOWER (i))
+	|| toupper (i) != TOUPPER (i))
+      return 2;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+
+else
+  ac_cv_header_stdc=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5
+$as_echo "$ac_cv_header_stdc" >&6; }
+if test $ac_cv_header_stdc = yes; then
+
+$as_echo "#define STDC_HEADERS 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sys/wait.h that is POSIX.1 compatible" >&5
+$as_echo_n "checking for sys/wait.h that is POSIX.1 compatible... " >&6; }
+if test "${ac_cv_header_sys_wait_h+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/wait.h>
+#ifndef WEXITSTATUS
+# define WEXITSTATUS(stat_val) ((unsigned int) (stat_val) >> 8)
+#endif
+#ifndef WIFEXITED
+# define WIFEXITED(stat_val) (((stat_val) & 255) == 0)
+#endif
+
+int
+main ()
+{
+  int s;
+  wait (&s);
+  s = WIFEXITED (s) ? WEXITSTATUS (s) : 1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_sys_wait_h=yes
+else
+  ac_cv_header_sys_wait_h=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_sys_wait_h" >&5
+$as_echo "$ac_cv_header_sys_wait_h" >&6; }
+if test $ac_cv_header_sys_wait_h = yes; then
+
+$as_echo "#define HAVE_SYS_WAIT_H 1" >>confdefs.h
+
+fi
+
+for ac_header in arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/file.h sys/socket.h sys/time.h unistd.h
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_mongrel "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+# Checks for typedefs, structures, and compiler characteristics.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat file-mode macros are broken" >&5
+$as_echo_n "checking whether stat file-mode macros are broken... " >&6; }
+if test "${ac_cv_header_stat_broken+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/stat.h>
+
+#if defined S_ISBLK && defined S_IFDIR
+extern char c1[S_ISBLK (S_IFDIR) ? -1 : 1];
+#endif
+
+#if defined S_ISBLK && defined S_IFCHR
+extern char c2[S_ISBLK (S_IFCHR) ? -1 : 1];
+#endif
+
+#if defined S_ISLNK && defined S_IFREG
+extern char c3[S_ISLNK (S_IFREG) ? -1 : 1];
+#endif
+
+#if defined S_ISSOCK && defined S_IFREG
+extern char c4[S_ISSOCK (S_IFREG) ? -1 : 1];
+#endif
+
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stat_broken=no
+else
+  ac_cv_header_stat_broken=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stat_broken" >&5
+$as_echo "$ac_cv_header_stat_broken" >&6; }
+if test $ac_cv_header_stat_broken = yes; then
+
+$as_echo "#define STAT_MACROS_BROKEN 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for an ANSI C-conforming const" >&5
+$as_echo_n "checking for an ANSI C-conforming const... " >&6; }
+if test "${ac_cv_c_const+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+int
+main ()
+{
+/* FIXME: Include the comments suggested by Paul. */
+#ifndef __cplusplus
+  /* Ultrix mips cc rejects this.  */
+  typedef int charset[2];
+  const charset cs;
+  /* SunOS 4.1.1 cc rejects this.  */
+  char const *const *pcpcc;
+  char **ppc;
+  /* NEC SVR4.0.2 mips cc rejects this.  */
+  struct point {int x, y;};
+  static struct point const zero = {0,0};
+  /* AIX XL C 1.02.0.0 rejects this.
+     It does not let you subtract one const X* pointer from another in
+     an arm of an if-expression whose if-part is not a constant
+     expression */
+  const char *g = "string";
+  pcpcc = &g + (g ? g-g : 0);
+  /* HPUX 7.0 cc rejects these. */
+  ++pcpcc;
+  ppc = (char**) pcpcc;
+  pcpcc = (char const *const *) ppc;
+  { /* SCO 3.2v4 cc rejects this.  */
+    char *t;
+    char const *s = 0 ? (char *) 0 : (char const *) 0;
+
+    *t++ = 0;
+    if (s) return 0;
+  }
+  { /* Someone thinks the Sun supposedly-ANSI compiler will reject this.  */
+    int x[] = {25, 17};
+    const int *foo = &x[0];
+    ++foo;
+  }
+  { /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */
+    typedef const int *iptr;
+    iptr p = 0;
+    ++p;
+  }
+  { /* AIX XL C 1.02.0.0 rejects this saying
+       "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */
+    struct s { int j; const int *ap[3]; };
+    struct s *b; b->j = 5;
+  }
+  { /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */
+    const int foo = 10;
+    if (!foo) return 0;
+  }
+  return !cs[0] && !zero.x;
+#endif
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_c_const=yes
+else
+  ac_cv_c_const=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_const" >&5
+$as_echo "$ac_cv_c_const" >&6; }
+if test $ac_cv_c_const = no; then
+
+$as_echo "#define const /**/" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5
+$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; }
+if test "${ac_cv_header_stdbool_h+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+#include <stdbool.h>
+#ifndef bool
+ "error: bool is not defined"
+#endif
+#ifndef false
+ "error: false is not defined"
+#endif
+#if false
+ "error: false is not 0"
+#endif
+#ifndef true
+ "error: true is not defined"
+#endif
+#if true != 1
+ "error: true is not 1"
+#endif
+#ifndef __bool_true_false_are_defined
+ "error: __bool_true_false_are_defined is not defined"
+#endif
+
+	struct s { _Bool s: 1; _Bool t; } s;
+
+	char a[true == 1 ? 1 : -1];
+	char b[false == 0 ? 1 : -1];
+	char c[__bool_true_false_are_defined == 1 ? 1 : -1];
+	char d[(bool) 0.5 == true ? 1 : -1];
+	bool e = &s;
+	char f[(_Bool) 0.0 == false ? 1 : -1];
+	char g[true];
+	char h[sizeof (_Bool)];
+	char i[sizeof s.t];
+	enum { j = false, k = true, l = false * true, m = true * 256 };
+	/* The following fails for
+	   HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */
+	_Bool n[m];
+	char o[sizeof n == m * sizeof n[0] ? 1 : -1];
+	char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1];
+#	if defined __xlc__ || defined __GNUC__
+	 /* Catch a bug in IBM AIX xlc compiler version 6.0.0.0
+	    reported by James Lemley on 2005-10-05; see
+	    http://lists.gnu.org/archive/html/bug-coreutils/2005-10/msg00086.html
+	    This test is not quite right, since xlc is allowed to
+	    reject this program, as the initializer for xlcbug is
+	    not one of the forms that C requires support for.
+	    However, doing the test right would require a runtime
+	    test, and that would make cross-compilation harder.
+	    Let us hope that IBM fixes the xlc bug, and also adds
+	    support for this kind of constant expression.  In the
+	    meantime, this test will reject xlc, which is OK, since
+	    our stdbool.h substitute should suffice.  We also test
+	    this with GCC, where it should work, to detect more
+	    quickly whether someone messes up the test in the
+	    future.  */
+	 char digs[] = "0123456789";
+	 int xlcbug = 1 / (&(digs + 5)[-2 + (bool) 1] == &digs[4] ? 1 : -1);
+#	endif
+	/* Catch a bug in an HP-UX C compiler.  See
+	   http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html
+	   http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html
+	 */
+	_Bool q = true;
+	_Bool *pq = &q;
+
+int
+main ()
+{
+
+	*pq |= q;
+	*pq |= ! q;
+	/* Refer to every declared value, to avoid compiler optimizations.  */
+	return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l
+		+ !m + !n + !o + !p + !q + !pq);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_stdbool_h=yes
+else
+  ac_cv_header_stdbool_h=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5
+$as_echo "$ac_cv_header_stdbool_h" >&6; }
+ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default"
+if test "x$ac_cv_type__Bool" = x""yes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE__BOOL 1
+_ACEOF
+
+
+fi
+
+if test $ac_cv_header_stdbool_h = yes; then
+
+$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for uid_t in sys/types.h" >&5
+$as_echo_n "checking for uid_t in sys/types.h... " >&6; }
+if test "${ac_cv_type_uid_t+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+
+_ACEOF
+if (eval "$ac_cpp conftest.$ac_ext") 2>&5 |
+  $EGREP "uid_t" >/dev/null 2>&1; then :
+  ac_cv_type_uid_t=yes
+else
+  ac_cv_type_uid_t=no
+fi
+rm -f conftest*
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_uid_t" >&5
+$as_echo "$ac_cv_type_uid_t" >&6; }
+if test $ac_cv_type_uid_t = no; then
+
+$as_echo "#define uid_t int" >>confdefs.h
+
+
+$as_echo "#define gid_t int" >>confdefs.h
+
+fi
+
+ac_fn_c_check_type "$LINENO" "pid_t" "ac_cv_type_pid_t" "$ac_includes_default"
+if test "x$ac_cv_type_pid_t" = x""yes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define pid_t int
+_ACEOF
+
+fi
+
+ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
+if test "x$ac_cv_type_size_t" = x""yes; then :
+
+else
+
+cat >>confdefs.h <<_ACEOF
+#define size_t unsigned int
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time.h and sys/time.h may both be included" >&5
+$as_echo_n "checking whether time.h and sys/time.h may both be included... " >&6; }
+if test "${ac_cv_header_time+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <sys/time.h>
+#include <time.h>
+
+int
+main ()
+{
+if ((struct tm *) 0)
+return 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_header_time=yes
+else
+  ac_cv_header_time=no
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_time" >&5
+$as_echo "$ac_cv_header_time" >&6; }
+if test $ac_cv_header_time = yes; then
+
+$as_echo "#define TIME_WITH_SYS_TIME 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether struct tm is in sys/time.h or time.h" >&5
+$as_echo_n "checking whether struct tm is in sys/time.h or time.h... " >&6; }
+if test "${ac_cv_struct_tm+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <time.h>
+
+int
+main ()
+{
+struct tm tm;
+				     int *p = &tm.tm_sec;
+				     return !p;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_struct_tm=time.h
+else
+  ac_cv_struct_tm=sys/time.h
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_struct_tm" >&5
+$as_echo "$ac_cv_struct_tm" >&6; }
+if test $ac_cv_struct_tm = sys/time.h; then
+
+$as_echo "#define TM_IN_SYS_TIME 1" >>confdefs.h
+
+fi
+
+
+# Checks for library functions.
+for ac_header in unistd.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "unistd.h" "ac_cv_header_unistd_h" "$ac_includes_default"
+if test "x$ac_cv_header_unistd_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_UNISTD_H 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working chown" >&5
+$as_echo_n "checking for working chown... " >&6; }
+if test "${ac_cv_func_chown_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_chown_works=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+#include <fcntl.h>
+
+int
+main ()
+{
+  char *f = "conftest.chown";
+  struct stat before, after;
+
+  if (creat (f, 0600) < 0)
+    return 1;
+  if (stat (f, &before) < 0)
+    return 1;
+  if (chown (f, (uid_t) -1, (gid_t) -1) == -1)
+    return 1;
+  if (stat (f, &after) < 0)
+    return 1;
+  return ! (before.st_uid == after.st_uid && before.st_gid == after.st_gid);
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_chown_works=yes
+else
+  ac_cv_func_chown_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+rm -f conftest.chown
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_chown_works" >&5
+$as_echo "$ac_cv_func_chown_works" >&6; }
+if test $ac_cv_func_chown_works = yes; then
+
+$as_echo "#define HAVE_CHOWN 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether closedir returns void" >&5
+$as_echo_n "checking whether closedir returns void... " >&6; }
+if test "${ac_cv_func_closedir_void+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_closedir_void=yes
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+#include <$ac_header_dirent>
+#ifndef __cplusplus
+int closedir ();
+#endif
+
+int
+main ()
+{
+return closedir (opendir (".")) != 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_closedir_void=no
+else
+  ac_cv_func_closedir_void=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_closedir_void" >&5
+$as_echo "$ac_cv_func_closedir_void" >&6; }
+if test $ac_cv_func_closedir_void = yes; then
+
+$as_echo "#define CLOSEDIR_VOID 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for error_at_line" >&5
+$as_echo_n "checking for error_at_line... " >&6; }
+if test "${ac_cv_lib_error_at_line+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <error.h>
+int
+main ()
+{
+error_at_line (0, 0, "", 0, "an error occurred");
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_error_at_line=yes
+else
+  ac_cv_lib_error_at_line=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_error_at_line" >&5
+$as_echo "$ac_cv_lib_error_at_line" >&6; }
+if test $ac_cv_lib_error_at_line = no; then
+  case " $LIBOBJS " in
+  *" error.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS error.$ac_objext"
+ ;;
+esac
+
+fi
+
+for ac_header in vfork.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "vfork.h" "ac_cv_header_vfork_h" "$ac_includes_default"
+if test "x$ac_cv_header_vfork_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_VFORK_H 1
+_ACEOF
+
+fi
+
+done
+
+for ac_func in fork vfork
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+if test "x$ac_cv_func_fork" = xyes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working fork" >&5
+$as_echo_n "checking for working fork... " >&6; }
+if test "${ac_cv_func_fork_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_fork_works=cross
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+
+	  /* By Ruediger Kuhlmann. */
+	  return fork () < 0;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_fork_works=yes
+else
+  ac_cv_func_fork_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_fork_works" >&5
+$as_echo "$ac_cv_func_fork_works" >&6; }
+
+else
+  ac_cv_func_fork_works=$ac_cv_func_fork
+fi
+if test "x$ac_cv_func_fork_works" = xcross; then
+  case $host in
+    *-*-amigaos* | *-*-msdosdjgpp*)
+      # Override, as these systems have only a dummy fork() stub
+      ac_cv_func_fork_works=no
+      ;;
+    *)
+      ac_cv_func_fork_works=yes
+      ;;
+  esac
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&5
+$as_echo "$as_me: WARNING: result $ac_cv_func_fork_works guessed because of cross compilation" >&2;}
+fi
+ac_cv_func_vfork_works=$ac_cv_func_vfork
+if test "x$ac_cv_func_vfork" = xyes; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for working vfork" >&5
+$as_echo_n "checking for working vfork... " >&6; }
+if test "${ac_cv_func_vfork_works+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_vfork_works=cross
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+/* Thanks to Paul Eggert for this test.  */
+$ac_includes_default
+#include <sys/wait.h>
+#ifdef HAVE_VFORK_H
+# include <vfork.h>
+#endif
+/* On some sparc systems, changes by the child to local and incoming
+   argument registers are propagated back to the parent.  The compiler
+   is told about this with #include <vfork.h>, but some compilers
+   (e.g. gcc -O) don't grok <vfork.h>.  Test for this by using a
+   static variable whose address is put into a register that is
+   clobbered by the vfork.  */
+static void
+#ifdef __cplusplus
+sparc_address_test (int arg)
+# else
+sparc_address_test (arg) int arg;
+#endif
+{
+  static pid_t child;
+  if (!child) {
+    child = vfork ();
+    if (child < 0) {
+      perror ("vfork");
+      _exit(2);
+    }
+    if (!child) {
+      arg = getpid();
+      write(-1, "", 0);
+      _exit (arg);
+    }
+  }
+}
+
+int
+main ()
+{
+  pid_t parent = getpid ();
+  pid_t child;
+
+  sparc_address_test (0);
+
+  child = vfork ();
+
+  if (child == 0) {
+    /* Here is another test for sparc vfork register problems.  This
+       test uses lots of local variables, at least as many local
+       variables as main has allocated so far including compiler
+       temporaries.  4 locals are enough for gcc 1.40.3 on a Solaris
+       4.1.3 sparc, but we use 8 to be safe.  A buggy compiler should
+       reuse the register of parent for one of the local variables,
+       since it will think that parent can't possibly be used any more
+       in this routine.  Assigning to the local variable will thus
+       munge parent in the parent process.  */
+    pid_t
+      p = getpid(), p1 = getpid(), p2 = getpid(), p3 = getpid(),
+      p4 = getpid(), p5 = getpid(), p6 = getpid(), p7 = getpid();
+    /* Convince the compiler that p..p7 are live; otherwise, it might
+       use the same hardware register for all 8 local variables.  */
+    if (p != p1 || p != p2 || p != p3 || p != p4
+	|| p != p5 || p != p6 || p != p7)
+      _exit(1);
+
+    /* On some systems (e.g. IRIX 3.3), vfork doesn't separate parent
+       from child file descriptors.  If the child closes a descriptor
+       before it execs or exits, this munges the parent's descriptor
+       as well.  Test for this by closing stdout in the child.  */
+    _exit(close(fileno(stdout)) != 0);
+  } else {
+    int status;
+    struct stat st;
+
+    while (wait(&status) != child)
+      ;
+    return (
+	 /* Was there some problem with vforking?  */
+	 child < 0
+
+	 /* Did the child fail?  (This shouldn't happen.)  */
+	 || status
+
+	 /* Did the vfork/compiler bug occur?  */
+	 || parent != getpid()
+
+	 /* Did the file descriptor bug occur?  */
+	 || fstat(fileno(stdout), &st) != 0
+	 );
+  }
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_vfork_works=yes
+else
+  ac_cv_func_vfork_works=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_vfork_works" >&5
+$as_echo "$ac_cv_func_vfork_works" >&6; }
+
+fi;
+if test "x$ac_cv_func_fork_works" = xcross; then
+  ac_cv_func_vfork_works=$ac_cv_func_vfork
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&5
+$as_echo "$as_me: WARNING: result $ac_cv_func_vfork_works guessed because of cross compilation" >&2;}
+fi
+
+if test "x$ac_cv_func_vfork_works" = xyes; then
+
+$as_echo "#define HAVE_WORKING_VFORK 1" >>confdefs.h
+
+else
+
+$as_echo "#define vfork fork" >>confdefs.h
+
+fi
+if test "x$ac_cv_func_fork_works" = xyes; then
+
+$as_echo "#define HAVE_WORKING_FORK 1" >>confdefs.h
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5
+$as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; }
+if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f conftest.sym conftest.file
+echo >conftest.file
+if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+     /* Linux will dereference the symlink and fail, as required by POSIX.
+	That is better in the sense that it means we will not
+	have to compile and use the lstat wrapper.  */
+     return lstat ("conftest.sym/", &sbuf) == 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_lstat_dereferences_slashed_symlink=yes
+else
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+  # If the `ln -s' command failed, then we probably don't even
+  # have an lstat function.
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f conftest.sym conftest.file
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5
+$as_echo "$ac_cv_func_lstat_dereferences_slashed_symlink" >&6; }
+
+test $ac_cv_func_lstat_dereferences_slashed_symlink = yes &&
+
+cat >>confdefs.h <<_ACEOF
+#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
+_ACEOF
+
+
+if test "x$ac_cv_func_lstat_dereferences_slashed_symlink" = xno; then
+  case " $LIBOBJS " in
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext"
+ ;;
+esac
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat accepts an empty string" >&5
+$as_echo_n "checking whether lstat accepts an empty string... " >&6; }
+if test "${ac_cv_func_lstat_empty_string_bug+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_lstat_empty_string_bug=yes
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+  return lstat ("", &sbuf) == 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_lstat_empty_string_bug=no
+else
+  ac_cv_func_lstat_empty_string_bug=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_empty_string_bug" >&5
+$as_echo "$ac_cv_func_lstat_empty_string_bug" >&6; }
+if test $ac_cv_func_lstat_empty_string_bug = yes; then
+  case " $LIBOBJS " in
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext"
+ ;;
+esac
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_LSTAT_EMPTY_STRING_BUG 1
+_ACEOF
+
+fi
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether lstat correctly handles trailing slash" >&5
+$as_echo_n "checking whether lstat correctly handles trailing slash... " >&6; }
+if test "${ac_cv_func_lstat_dereferences_slashed_symlink+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  rm -f conftest.sym conftest.file
+echo >conftest.file
+if test "$as_ln_s" = "ln -s" && ln -s conftest.file conftest.sym; then
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+     /* Linux will dereference the symlink and fail, as required by POSIX.
+	That is better in the sense that it means we will not
+	have to compile and use the lstat wrapper.  */
+     return lstat ("conftest.sym/", &sbuf) == 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_lstat_dereferences_slashed_symlink=yes
+else
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+else
+  # If the `ln -s' command failed, then we probably don't even
+  # have an lstat function.
+  ac_cv_func_lstat_dereferences_slashed_symlink=no
+fi
+rm -f conftest.sym conftest.file
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_lstat_dereferences_slashed_symlink" >&5
+$as_echo "$ac_cv_func_lstat_dereferences_slashed_symlink" >&6; }
+
+test $ac_cv_func_lstat_dereferences_slashed_symlink = yes &&
+
+cat >>confdefs.h <<_ACEOF
+#define LSTAT_FOLLOWS_SLASHED_SYMLINK 1
+_ACEOF
+
+
+if test "x$ac_cv_func_lstat_dereferences_slashed_symlink" = xno; then
+  case " $LIBOBJS " in
+  *" lstat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS lstat.$ac_objext"
+ ;;
+esac
+
+fi
+
+for ac_header in stdlib.h
+do :
+  ac_fn_c_check_header_mongrel "$LINENO" "stdlib.h" "ac_cv_header_stdlib_h" "$ac_includes_default"
+if test "x$ac_cv_header_stdlib_h" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STDLIB_H 1
+_ACEOF
+
+fi
+
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU libc compatible malloc" >&5
+$as_echo_n "checking for GNU libc compatible malloc... " >&6; }
+if test "${ac_cv_func_malloc_0_nonnull+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_malloc_0_nonnull=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#if defined STDC_HEADERS || defined HAVE_STDLIB_H
+# include <stdlib.h>
+#else
+char *malloc ();
+#endif
+
+int
+main ()
+{
+return ! malloc (0);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_malloc_0_nonnull=yes
+else
+  ac_cv_func_malloc_0_nonnull=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_malloc_0_nonnull" >&5
+$as_echo "$ac_cv_func_malloc_0_nonnull" >&6; }
+if test $ac_cv_func_malloc_0_nonnull = yes; then :
+
+$as_echo "#define HAVE_MALLOC 1" >>confdefs.h
+
+else
+  $as_echo "#define HAVE_MALLOC 0" >>confdefs.h
+
+   case " $LIBOBJS " in
+  *" malloc.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS malloc.$ac_objext"
+ ;;
+esac
+
+
+$as_echo "#define malloc rpl_malloc" >>confdefs.h
+
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working memcmp" >&5
+$as_echo_n "checking for working memcmp... " >&6; }
+if test "${ac_cv_func_memcmp_working+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_memcmp_working=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+
+  /* Some versions of memcmp are not 8-bit clean.  */
+  char c0 = '\100', c1 = '\200', c2 = '\201';
+  if (memcmp(&c0, &c2, 1) >= 0 || memcmp(&c1, &c2, 1) >= 0)
+    return 1;
+
+  /* The Next x86 OpenStep bug shows up only when comparing 16 bytes
+     or more and with at least one buffer not starting on a 4-byte boundary.
+     William Lewis provided this test program.   */
+  {
+    char foo[21];
+    char bar[21];
+    int i;
+    for (i = 0; i < 4; i++)
+      {
+	char *a = foo + i;
+	char *b = bar + i;
+	strcpy (a, "--------01111111");
+	strcpy (b, "--------10000000");
+	if (memcmp (a, b, 16) >= 0)
+	  return 1;
+      }
+    return 0;
+  }
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_memcmp_working=yes
+else
+  ac_cv_func_memcmp_working=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_memcmp_working" >&5
+$as_echo "$ac_cv_func_memcmp_working" >&6; }
+test $ac_cv_func_memcmp_working = no && case " $LIBOBJS " in
+  *" memcmp.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS memcmp.$ac_objext"
+ ;;
+esac
+
+
+
+
+
+  for ac_header in $ac_header_list
+do :
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
+"
+eval as_val=\$$as_ac_Header
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+
+done
+
+
+
+
+
+
+
+
+for ac_func in getpagesize
+do :
+  ac_fn_c_check_func "$LINENO" "getpagesize" "ac_cv_func_getpagesize"
+if test "x$ac_cv_func_getpagesize" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_GETPAGESIZE 1
+_ACEOF
+
+fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for working mmap" >&5
+$as_echo_n "checking for working mmap... " >&6; }
+if test "${ac_cv_func_mmap_fixed_mapped+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_mmap_fixed_mapped=no
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+/* malloc might have been renamed as rpl_malloc. */
+#undef malloc
+
+/* Thanks to Mike Haertel and Jim Avera for this test.
+   Here is a matrix of mmap possibilities:
+	mmap private not fixed
+	mmap private fixed at somewhere currently unmapped
+	mmap private fixed at somewhere already mapped
+	mmap shared not fixed
+	mmap shared fixed at somewhere currently unmapped
+	mmap shared fixed at somewhere already mapped
+   For private mappings, we should verify that changes cannot be read()
+   back from the file, nor mmap's back from the file at a different
+   address.  (There have been systems where private was not correctly
+   implemented like the infamous i386 svr4.0, and systems where the
+   VM page cache was not coherent with the file system buffer cache
+   like early versions of FreeBSD and possibly contemporary NetBSD.)
+   For shared mappings, we should conversely verify that changes get
+   propagated back to all the places they're supposed to be.
+
+   Grep wants private fixed already mapped.
+   The main things grep needs to know about mmap are:
+   * does it exist and is it safe to write into the mmap'd area
+   * how to use it (BSD variants)  */
+
+#include <fcntl.h>
+#include <sys/mman.h>
+
+#if !defined STDC_HEADERS && !defined HAVE_STDLIB_H
+char *malloc ();
+#endif
+
+/* This mess was copied from the GNU getpagesize.h.  */
+#ifndef HAVE_GETPAGESIZE
+# ifdef _SC_PAGESIZE
+#  define getpagesize() sysconf(_SC_PAGESIZE)
+# else /* no _SC_PAGESIZE */
+#  ifdef HAVE_SYS_PARAM_H
+#   include <sys/param.h>
+#   ifdef EXEC_PAGESIZE
+#    define getpagesize() EXEC_PAGESIZE
+#   else /* no EXEC_PAGESIZE */
+#    ifdef NBPG
+#     define getpagesize() NBPG * CLSIZE
+#     ifndef CLSIZE
+#      define CLSIZE 1
+#     endif /* no CLSIZE */
+#    else /* no NBPG */
+#     ifdef NBPC
+#      define getpagesize() NBPC
+#     else /* no NBPC */
+#      ifdef PAGESIZE
+#       define getpagesize() PAGESIZE
+#      endif /* PAGESIZE */
+#     endif /* no NBPC */
+#    endif /* no NBPG */
+#   endif /* no EXEC_PAGESIZE */
+#  else /* no HAVE_SYS_PARAM_H */
+#   define getpagesize() 8192	/* punt totally */
+#  endif /* no HAVE_SYS_PARAM_H */
+# endif /* no _SC_PAGESIZE */
+
+#endif /* no HAVE_GETPAGESIZE */
+
+int
+main ()
+{
+  char *data, *data2, *data3;
+  const char *cdata2;
+  int i, pagesize;
+  int fd, fd2;
+
+  pagesize = getpagesize ();
+
+  /* First, make a file with some known garbage in it. */
+  data = (char *) malloc (pagesize);
+  if (!data)
+    return 1;
+  for (i = 0; i < pagesize; ++i)
+    *(data + i) = rand ();
+  umask (0);
+  fd = creat ("conftest.mmap", 0600);
+  if (fd < 0)
+    return 2;
+  if (write (fd, data, pagesize) != pagesize)
+    return 3;
+  close (fd);
+
+  /* Next, check that the tail of a page is zero-filled.  File must have
+     non-zero length, otherwise we risk SIGBUS for entire page.  */
+  fd2 = open ("conftest.txt", O_RDWR | O_CREAT | O_TRUNC, 0600);
+  if (fd2 < 0)
+    return 4;
+  cdata2 = "";
+  if (write (fd2, cdata2, 1) != 1)
+    return 5;
+  data2 = (char *) mmap (0, pagesize, PROT_READ | PROT_WRITE, MAP_SHARED, fd2, 0L);
+  if (data2 == MAP_FAILED)
+    return 6;
+  for (i = 0; i < pagesize; ++i)
+    if (*(data2 + i))
+      return 7;
+  close (fd2);
+  if (munmap (data2, pagesize))
+    return 8;
+
+  /* Next, try to mmap the file at a fixed address which already has
+     something else allocated at it.  If we can, also make sure that
+     we see the same garbage.  */
+  fd = open ("conftest.mmap", O_RDWR);
+  if (fd < 0)
+    return 9;
+  if (data2 != mmap (data2, pagesize, PROT_READ | PROT_WRITE,
+		     MAP_PRIVATE | MAP_FIXED, fd, 0L))
+    return 10;
+  for (i = 0; i < pagesize; ++i)
+    if (*(data + i) != *(data2 + i))
+      return 11;
+
+  /* Finally, make sure that changes to the mapped area do not
+     percolate back to the file as seen by read().  (This is a bug on
+     some variants of i386 svr4.0.)  */
+  for (i = 0; i < pagesize; ++i)
+    *(data2 + i) = *(data2 + i) + 1;
+  data3 = (char *) malloc (pagesize);
+  if (!data3)
+    return 12;
+  if (read (fd, data3, pagesize) != pagesize)
+    return 13;
+  for (i = 0; i < pagesize; ++i)
+    if (*(data + i) != *(data3 + i))
+      return 14;
+  close (fd);
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_mmap_fixed_mapped=yes
+else
+  ac_cv_func_mmap_fixed_mapped=no
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_mmap_fixed_mapped" >&5
+$as_echo "$ac_cv_func_mmap_fixed_mapped" >&6; }
+if test $ac_cv_func_mmap_fixed_mapped = yes; then
+
+$as_echo "#define HAVE_MMAP 1" >>confdefs.h
+
+fi
+rm -f conftest.mmap conftest.txt
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5
+$as_echo_n "checking return type of signal handlers... " >&6; }
+if test "${ac_cv_type_signal+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+#include <sys/types.h>
+#include <signal.h>
+
+int
+main ()
+{
+return *(signal (0, 0)) (0) == 1;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_type_signal=int
+else
+  ac_cv_type_signal=void
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_type_signal" >&5
+$as_echo "$ac_cv_type_signal" >&6; }
+
+cat >>confdefs.h <<_ACEOF
+#define RETSIGTYPE $ac_cv_type_signal
+_ACEOF
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stat accepts an empty string" >&5
+$as_echo_n "checking whether stat accepts an empty string... " >&6; }
+if test "${ac_cv_func_stat_empty_string_bug+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  if test "$cross_compiling" = yes; then :
+  ac_cv_func_stat_empty_string_bug=yes
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+struct stat sbuf;
+  return stat ("", &sbuf) == 0;
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_stat_empty_string_bug=no
+else
+  ac_cv_func_stat_empty_string_bug=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_stat_empty_string_bug" >&5
+$as_echo "$ac_cv_func_stat_empty_string_bug" >&6; }
+if test $ac_cv_func_stat_empty_string_bug = yes; then
+  case " $LIBOBJS " in
+  *" stat.$ac_objext "* ) ;;
+  *) LIBOBJS="$LIBOBJS stat.$ac_objext"
+ ;;
+esac
+
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STAT_EMPTY_STRING_BUG 1
+_ACEOF
+
+fi
+
+ac_fn_c_check_decl "$LINENO" "strerror_r" "ac_cv_have_decl_strerror_r" "$ac_includes_default"
+if test "x$ac_cv_have_decl_strerror_r" = x""yes; then :
+  ac_have_decl=1
+else
+  ac_have_decl=0
+fi
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_DECL_STRERROR_R $ac_have_decl
+_ACEOF
+
+for ac_func in strerror_r
+do :
+  ac_fn_c_check_func "$LINENO" "strerror_r" "ac_cv_func_strerror_r"
+if test "x$ac_cv_func_strerror_r" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STRERROR_R 1
+_ACEOF
+
+fi
+done
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether strerror_r returns char *" >&5
+$as_echo_n "checking whether strerror_r returns char *... " >&6; }
+if test "${ac_cv_func_strerror_r_char_p+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+
+    ac_cv_func_strerror_r_char_p=no
+    if test $ac_cv_have_decl_strerror_r = yes; then
+      cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+int
+main ()
+{
+
+	  char buf[100];
+	  char x = *strerror_r (0, buf, sizeof buf);
+	  char *p = strerror_r (0, buf, sizeof buf);
+	  return !p || x;
+
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_compile "$LINENO"; then :
+  ac_cv_func_strerror_r_char_p=yes
+fi
+rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
+    else
+      # strerror_r is not declared.  Choose between
+      # systems that have relatively inaccessible declarations for the
+      # function.  BeOS and DEC UNIX 4.0 fall in this category, but the
+      # former has a strerror_r that returns char*, while the latter
+      # has a strerror_r that returns `int'.
+      # This test should segfault on the DEC system.
+      if test "$cross_compiling" = yes; then :
+  :
+else
+  cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+$ac_includes_default
+	extern char *strerror_r ();
+int
+main ()
+{
+char buf[100];
+	  char x = *strerror_r (0, buf, sizeof buf);
+	  return ! isalpha (x);
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_run "$LINENO"; then :
+  ac_cv_func_strerror_r_char_p=yes
+fi
+rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \
+  conftest.$ac_objext conftest.beam conftest.$ac_ext
+fi
+
+    fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_func_strerror_r_char_p" >&5
+$as_echo "$ac_cv_func_strerror_r_char_p" >&6; }
+if test $ac_cv_func_strerror_r_char_p = yes; then
+
+$as_echo "#define STRERROR_R_CHAR_P 1" >>confdefs.h
+
+fi
+
+for ac_func in strftime
+do :
+  ac_fn_c_check_func "$LINENO" "strftime" "ac_cv_func_strftime"
+if test "x$ac_cv_func_strftime" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_STRFTIME 1
+_ACEOF
+
+else
+  # strftime is in -lintl on SCO UNIX.
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for strftime in -lintl" >&5
+$as_echo_n "checking for strftime in -lintl... " >&6; }
+if test "${ac_cv_lib_intl_strftime+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lintl  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char strftime ();
+int
+main ()
+{
+return strftime ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_intl_strftime=yes
+else
+  ac_cv_lib_intl_strftime=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_intl_strftime" >&5
+$as_echo "$ac_cv_lib_intl_strftime" >&6; }
+if test "x$ac_cv_lib_intl_strftime" = x""yes; then :
+  $as_echo "#define HAVE_STRFTIME 1" >>confdefs.h
+
+LIBS="-lintl $LIBS"
+fi
+
+fi
+done
+
+for ac_func in vprintf
+do :
+  ac_fn_c_check_func "$LINENO" "vprintf" "ac_cv_func_vprintf"
+if test "x$ac_cv_func_vprintf" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define HAVE_VPRINTF 1
+_ACEOF
+
+ac_fn_c_check_func "$LINENO" "_doprnt" "ac_cv_func__doprnt"
+if test "x$ac_cv_func__doprnt" = x""yes; then :
+
+$as_echo "#define HAVE_DOPRNT 1" >>confdefs.h
+
+fi
+
+fi
+done
+
+
+for ac_func in setrlimit endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset
+do :
+  as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
+ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
+eval as_val=\$$as_ac_var
+   if test "x$as_val" = x""yes; then :
+  cat >>confdefs.h <<_ACEOF
+#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
+_ACEOF
+
+fi
+done
+
+
+# Establish an optional "--enable-64bit" flag
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --enable-64bit" >&5
+$as_echo_n "checking for --enable-64bit... " >&6; }
+# Check whether --enable-64bit was given.
+if test "${enable_64bit+set}" = set; then :
+  enableval=$enable_64bit;
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+  USE_64=1
+
+else
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  USE_64=
+
+fi
+
+
+# For historical reasons, establish various "--enable-debug" flags
+# for both DeBuG (yes) and OPTimized (no) builds
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --enable-debug" >&5
+$as_echo_n "checking for --enable-debug... " >&6; }
+# Check whether --enable-debug was given.
+if test "${enable_debug+set}" = set; then :
+  enableval=$enable_debug;
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+  debug_defs="-DDEBUG -UNDEBUG -DTRACING"
+
+else
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  debug_defs="-UDEBUG -DNDEBUG -DTRIMMED"
+
+fi
+
+
+
+
+
+# installation paths - by default, configure will just
+# use /usr as the prefix for everything, which means
+# /usr/etc, /usr/opt, and /usr/var.  FHS sez to use
+# /etc, /opt, and /var.
+ac_default_prefix=/opt
+prefix=$ac_default_prefix
+exec_prefix=$prefix
+#sysconfdir='/etc'
+#localstatedir='/var'
+
+# relative to prefix
+aliasdir=/alias
+apache_modulesdir=/apache/modules
+appletsdir=/applets
+cgibin_demodir=/cgi-bin/demo
+cgibin_homedir=/cgi-bin/home
+cgibin_sodir=/cgi-bin/so
+cgibin_sowdir=/cgi-bin/sow
+confdir=/conf
+docrootdir=/docroot
+docroot_demodir=/docroot/demo
+docroot_homedir=/docroot/home
+docroot_sodir=/docroot/so
+docroot_sowdir=/docroot/sow
+docroot_sow_cssdir=/docroot/sow/css
+docroot_sow_imagesdir=/docroot/sow/images
+docroot_sow_jsdir=/docroot/sow/js
+docroot_tokendbdir=/docroot/tokendb
+docroot_tps_configdir=/docroot/tps/admin/console/config
+docroot_tps_cssdir=/docroot/tps/admin/console/css
+docroot_tps_imgdir=/docroot/tps/admin/console/img
+docroot_tps_jsdir=/docroot/tps/admin/console/js
+# relative to prefix
+licensedir=/doc
+logsdir=/logs/signedAudit
+perl_basedir=/perl/base
+perl_modulesdir=/perl/modules
+perl_servicedir=/perl/service
+perl_templatesdir=/perl/templates
+samplesdir=/samples
+scriptsdir=/scripts
+setupdir=/setup
+templatesdir=/templates
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# WINNT should be true if building on Windows system not using
+# cygnus, mingw, or the like and using cmd.exe as the shell
+ if false; then
+  WINNT_TRUE=
+  WINNT_FALSE='#'
+else
+  WINNT_TRUE='#'
+  WINNT_FALSE=
+fi
+
+
+# Deal with platform dependent defines
+case $host in
+  *-*-linux*)
+
+$as_echo "#define XP_UNIX /**/" >>confdefs.h
+
+
+$as_echo "#define linux 1" >>confdefs.h
+
+
+$as_echo "#define Linux /**/" >>confdefs.h
+
+
+$as_echo "#define LINUX /**/" >>confdefs.h
+
+
+$as_echo "#define LINUX2_0 /**/" >>confdefs.h
+
+
+$as_echo "#define LINUX2_2 /**/" >>confdefs.h
+
+
+$as_echo "#define LINUX2_4 /**/" >>confdefs.h
+
+
+$as_echo "#define LINUX2_6 /**/" >>confdefs.h
+
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+
+$as_echo "#define _BSD_SOURCE 1" >>confdefs.h
+
+
+$as_echo "#define _POSIX_SOURCE 1" >>confdefs.h
+
+
+$as_echo "#define _POSIX_C_SOURCE 199506L" >>confdefs.h
+
+
+$as_echo "#define _PR_NEED_FAKE_POLL /**/" >>confdefs.h
+
+
+$as_echo "#define _REENTRANT /**/" >>confdefs.h
+
+
+$as_echo "#define _SVID_SOURCE 1" >>confdefs.h
+
+
+$as_echo "#define HAVE_SIGNED_CHAR /**/" >>confdefs.h
+
+
+$as_echo "#define HAVE_SYS_BITYPES_H /**/" >>confdefs.h
+
+
+$as_echo "#define NEED_ENDIAN_H /**/" >>confdefs.h
+
+
+$as_echo "#define NEED_GETOPT_H /**/" >>confdefs.h
+
+
+$as_echo "#define NEED_IOCTL_H /**/" >>confdefs.h
+
+
+$as_echo "#define NEED_SYS_TIME_H /**/" >>confdefs.h
+
+
+$as_echo "#define NEED_UINT_T /**/" >>confdefs.h
+
+
+$as_echo "#define NET_SSL /**/" >>confdefs.h
+
+
+$as_echo "#define NO_INT64_T /**/" >>confdefs.h
+
+
+$as_echo "#define SW_THREADS /**/" >>confdefs.h
+
+
+$as_echo "#define USE_NODL_TABS /**/" >>confdefs.h
+
+    platform="linux"
+    # relative to sysconfdir
+    initddir=/rc.d/init.d
+
+    ;;
+  ia64-hp-hpux*)
+
+$as_echo "#define XP_UNIX /**/" >>confdefs.h
+
+
+$as_echo "#define hpux 1" >>confdefs.h
+
+
+$as_echo "#define HPUX /**/" >>confdefs.h
+
+
+$as_echo "#define HPUX11 1" >>confdefs.h
+
+
+$as_echo "#define HPUX11_23 1" >>confdefs.h
+
+
+$as_echo "#define CPU_ia64 /**/" >>confdefs.h
+
+
+$as_echo "#define OS_hpux 1" >>confdefs.h
+
+
+$as_echo "#define _POSIX_C_SOURCE 199506L" >>confdefs.h
+
+
+$as_echo "#define _HPUX_SOURCE /**/" >>confdefs.h
+
+    platform="hpux"
+    # relative to sysconfdir
+    initddir=/init.d
+
+    ;;
+  hppa*-hp-hpux*)
+
+$as_echo "#define XP_UNIX /**/" >>confdefs.h
+
+
+$as_echo "#define hpux 1" >>confdefs.h
+
+
+$as_echo "#define HPUX /**/" >>confdefs.h
+
+
+$as_echo "#define HPUX11 1" >>confdefs.h
+
+
+$as_echo "#define HPUX11_11 1" >>confdefs.h
+
+
+$as_echo "#define hppa /**/" >>confdefs.h
+
+
+$as_echo "#define CPU_hppa /**/" >>confdefs.h
+
+
+$as_echo "#define OS_hpux 1" >>confdefs.h
+
+
+$as_echo "#define _POSIX_C_SOURCE 199506L" >>confdefs.h
+
+
+$as_echo "#define _HPUX_SOURCE /**/" >>confdefs.h
+
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+
+$as_echo "#define HPUX_SOURCE /**/" >>confdefs.h
+
+
+$as_echo "#define HAVE_STRERROR /**/" >>confdefs.h
+
+
+$as_echo "#define NET_SSL /**/" >>confdefs.h
+
+
+$as_echo "#define SW_THREADS /**/" >>confdefs.h
+
+    platform="hpux"
+    # relative to sysconfdir
+    initddir=/init.d
+
+    ;;
+  sparc-sun-solaris*)
+
+$as_echo "#define XP_UNIX /**/" >>confdefs.h
+
+
+$as_echo "#define SVR4 /**/" >>confdefs.h
+
+
+$as_echo "#define __svr4 /**/" >>confdefs.h
+
+
+$as_echo "#define __svr4__ /**/" >>confdefs.h
+
+
+$as_echo "#define _SVID_GETTOD /**/" >>confdefs.h
+
+
+$as_echo "#define SOLARIS /**/" >>confdefs.h
+
+
+$as_echo "#define CPU_sparc /**/" >>confdefs.h
+
+
+$as_echo "#define OS_solaris 1" >>confdefs.h
+
+
+$as_echo "#define sunos5 1" >>confdefs.h
+
+
+$as_echo "#define OSVERSION 509" >>confdefs.h
+
+
+$as_echo "#define _REENTRANT /**/" >>confdefs.h
+
+    LIBSOCKET=-lsocket
+    LIBSOCKET=$LIBSOCKET
+
+    LIBNSL=-lnsl
+    LIBNSL=$LIBNSL
+
+    LIBDL=-ldl
+    LIBDL=$LIBDL
+
+    LIBCSTD=-lCstd
+    LIBCSTD=$LIBCSTD
+
+    LIBCRUN=-lCrun
+    LIBCRUN=$LIBCRUN
+
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+
+$as_echo "#define _PR_NTHREAD /**/" >>confdefs.h
+
+
+$as_echo "#define HAVE_WEAK_IO_SYMBOLS /**/" >>confdefs.h
+
+
+$as_echo "#define NET_SSL /**/" >>confdefs.h
+
+
+$as_echo "#define NS_USE_NATIVE /**/" >>confdefs.h
+
+
+$as_echo "#define NSPR /**/" >>confdefs.h
+
+
+$as_echo "#define NSPR20 /**/" >>confdefs.h
+
+
+$as_echo "#define SOLARIS_55_OR_GREATER /**/" >>confdefs.h
+
+
+$as_echo "#define SYSV /**/" >>confdefs.h
+
+    platform="solaris"
+    # relative to sysconfdir
+    initddir=/init.d
+
+    ;;
+  *)
+    platform=""
+    # relative to sysconfdir
+    initddir=/init.d
+
+    ;;
+esac
+
+ if test "$platform" = "linux"; then
+  LINUX_TRUE=
+  LINUX_FALSE='#'
+else
+  LINUX_TRUE='#'
+  LINUX_FALSE=
+fi
+
+ if test "$platform" = "hpux"; then
+  HPUX_TRUE=
+  HPUX_FALSE='#'
+else
+  HPUX_TRUE='#'
+  HPUX_FALSE=
+fi
+
+ if test "$platform" = "solaris"; then
+  SOLARIS_TRUE=
+  SOLARIS_FALSE='#'
+else
+  SOLARIS_TRUE='#'
+  SOLARIS_FALSE=
+fi
+
+
+# Check for library dependencies
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSPR..." >&5
+$as_echo "$as_me: checking for NSPR..." >&6;}
+
+# check for --with-nspr
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-nspr" >&5
+$as_echo_n "checking for --with-nspr... " >&6; }
+
+# Check whether --with-nspr was given.
+if test "${with_nspr+set}" = set; then :
+  withval=$with_nspr;
+  if test -e "$withval"/include/nspr.h -a -d "$withval"/lib
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    NSPRDIR=$withval
+    nspr_inc="-I$NSPRDIR/include"
+    nspr_lib="-L$NSPRDIR/lib"
+    nspr_libdir="$NSPRDIR/lib"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-nspr-inc
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-nspr-inc" >&5
+$as_echo_n "checking for --with-nspr-inc... " >&6; }
+
+# Check whether --with-nspr-inc was given.
+if test "${with_nspr_inc+set}" = set; then :
+  withval=$with_nspr_inc;
+  if test -e "$withval"/nspr.h
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    nspr_inc="-I$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-nspr-lib
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-nspr-lib" >&5
+$as_echo_n "checking for --with-nspr-lib... " >&6; }
+
+# Check whether --with-nspr-lib was given.
+if test "${with_nspr_lib+set}" = set; then :
+  withval=$with_nspr_lib;
+  if test -d "$withval"
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    nspr_lib="-L$withval"
+    nspr_libdir="$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# if NSPR is not found yet, try pkg-config
+
+# last resort
+if test -z "$nspr_inc" -o -z "$nspr_lib" -o -z "$nspr_libdir"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nspr with pkg-config" >&5
+$as_echo_n "checking for nspr with pkg-config... " >&6; }
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L nspr | sed -e s/-L// | sed -e s/\ *$//`
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system NSPR" >&5
+$as_echo "using system NSPR" >&6; }
+    elif $PKG_CONFIG --exists dirsec-nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I dirsec-nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L dirsec-nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L dirsec-nspr | sed -e s/-L// | sed -e s/\ *$//`
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system dirsec NSPR" >&5
+$as_echo "using system dirsec NSPR" >&6; }
+    else
+      as_fn_error "NSPR not found, specify with --with-nspr." "$LINENO" 5
+    fi
+  fi
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NSS..." >&5
+$as_echo "$as_me: checking for NSS..." >&6;}
+
+# check for --with-nss
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-nss" >&5
+$as_echo_n "checking for --with-nss... " >&6; }
+
+# Check whether --with-nss was given.
+if test "${with_nss+set}" = set; then :
+  withval=$with_nss;
+  if test -e "$withval"/include/nss.h -a -d "$withval"/lib
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    NSSDIR=$withval
+    nss_inc="-I$NSSDIR/include"
+    nss_lib="-L$NSSDIR/lib"
+    nss_libdir="$NSSDIR/lib"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-nss-inc
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-nss-inc" >&5
+$as_echo_n "checking for --with-nss-inc... " >&6; }
+
+# Check whether --with-nss-inc was given.
+if test "${with_nss_inc+set}" = set; then :
+  withval=$with_nss_inc;
+  if test -e "$withval"/nss.h
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    nss_inc="-I$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-nss-lib
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-nss-lib" >&5
+$as_echo_n "checking for --with-nss-lib... " >&6; }
+
+# Check whether --with-nss-lib was given.
+if test "${with_nss_lib+set}" = set; then :
+  withval=$with_nss_lib;
+  if test -d "$withval"
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    nss_lib="-L$withval"
+    nss_libdir="$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# if NSS is not found yet, try pkg-config
+
+# last resort
+if test -z "$nss_inc" -o -z "$nss_lib" -o -z "$nss_libdir"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for nss with pkg-config" >&5
+$as_echo_n "checking for nss with pkg-config... " >&6; }
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L nss | sed -e s/-L// | sed -e s/\ *$//`
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system NSS" >&5
+$as_echo "using system NSS" >&6; }
+    elif $PKG_CONFIG --exists dirsec-nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I dirsec-nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L dirsec-nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L dirsec-nss | sed -e s/-L// | sed -e s/\ *$//`
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system dirsec NSS" >&5
+$as_echo "using system dirsec NSS" >&6; }
+    else
+      as_fn_error "NSS not found, specify with --with-nss." "$LINENO" 5
+    fi
+  fi
+fi
+
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenLDAP..." >&5
+$as_echo "$as_me: checking for OpenLDAP..." >&6;}
+
+# check for --with-openldap
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-openldap" >&5
+$as_echo_n "checking for --with-openldap... " >&6; }
+
+# Check whether --with-openldap was given.
+if test "${with_openldap+set}" = set; then :
+  withval=$with_openldap;
+  if test "$withval" = yes
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system OpenLDAP" >&5
+$as_echo "using system OpenLDAP" >&6; }
+  elif test "$withval" = no
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+  elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    OPENLDAPDIR=$withval
+    openldap_incdir="$OPENLDAPDIR/include"
+    openldap_inc="-I$openldap_incdir"
+    openldap_lib="-L$OPENLDAPDIR/lib"
+    openldap_libdir="$OPENLDAPDIR/lib"
+    openldap_bindir="$OPENLDAPDIR/bin"
+    with_openldap=yes
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-openldap-inc
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-openldap-inc" >&5
+$as_echo_n "checking for --with-openldap-inc... " >&6; }
+
+# Check whether --with-openldap-inc was given.
+if test "${with_openldap_inc+set}" = set; then :
+  withval=$with_openldap_inc;
+  if test -e "$withval"/ldap.h
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    openldap_incdir="$withval"
+    openldap_inc="-I$withval"
+    with_openldap=yes
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-openldap-lib
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-openldap-lib" >&5
+$as_echo_n "checking for --with-openldap-lib... " >&6; }
+
+# Check whether --with-openldap-lib was given.
+if test "${with_openldap_lib+set}" = set; then :
+  withval=$with_openldap_lib;
+  if test -d "$withval"
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    openldap_lib="-L$withval"
+    openldap_libdir="$withval"
+    with_openldap=yes
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-openldap-bin
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-openldap-bin" >&5
+$as_echo_n "checking for --with-openldap-bin... " >&6; }
+
+# Check whether --with-openldap-bin was given.
+if test "${with_openldap_bin+set}" = set; then :
+  withval=$with_openldap_bin;
+  if test -d "$withval"
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    openldap_bindir="$withval"
+    with_openldap=yes
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# if OPENLDAP is not found yet, try pkg-config
+
+if test "$with_openldap" = yes ; then # user wants to use openldap, but didn't specify paths
+  if test -z "$openldap_inc" -o -z "$openldap_lib" -o -z "$openldap_libdir" -o -z "$openldap_bindir"; then
+    # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for OpenLDAP with pkg-config" >&5
+$as_echo_n "checking for OpenLDAP with pkg-config... " >&6; }
+    if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists openldap; then
+      openldap_inc=`$PKG_CONFIG --cflags-only-I openldap`
+      openldap_lib=`$PKG_CONFIG --libs-only-L openldap`
+      openldap_libdir=`$PKG_CONFIG --libs-only-L openldap | sed -e s/-L// | sed -e s/\ .*$//`
+      openldap_bindir=`$PKG_CONFIG --variable=bindir openldap`
+      openldap_incdir=`$PKG_CONFIG --variable=includedir openldap`
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system OpenLDAP from pkg-config" >&5
+$as_echo "using system OpenLDAP from pkg-config" >&6; }
+    else
+      openldap_incdir="/usr/include"
+      openldap_inc="-I$openldap_incdir"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: no OpenLDAP pkg-config files" >&5
+$as_echo "no OpenLDAP pkg-config files" >&6; }
+    fi
+  fi
+fi
+
+
+if test "$with_openldap" = yes ; then
+  save_cppflags="$CPPFLAGS"
+  CPPFLAGS="$openldap_inc $nss_inc $nspr_inc"
+  ac_fn_c_check_header_mongrel "$LINENO" "ldap_features.h" "ac_cv_header_ldap_features_h" "$ac_includes_default"
+if test "x$ac_cv_header_ldap_features_h" = x""yes; then :
+
+else
+  as_fn_error "specified with-openldap but ldap_features.h not found" "$LINENO" 5
+fi
+
+
+    ol_ver_maj=`grep LDAP_VENDOR_VERSION_MAJOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+  ol_ver_min=`grep LDAP_VENDOR_VERSION_MINOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+  ol_ver_pat=`grep LDAP_VENDOR_VERSION_PATCH $openldap_incdir/ldap_features.h | awk '{print $3}'`
+    ol_libver="-${ol_ver_maj}.${ol_ver_min}"
+    save_ldflags="$LDFLAGS"
+  LDFLAGS="$openldap_lib $LDFLAGS"
+  as_ac_Lib=`$as_echo "ac_cv_lib_ldap$ol_libver''_ldap_initialize" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_initialize in -lldap$ol_libver" >&5
+$as_echo_n "checking for ldap_initialize in -lldap$ol_libver... " >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap$ol_libver  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ldap_initialize ();
+int
+main ()
+{
+return ldap_initialize ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$as_ac_Lib=yes"
+else
+  eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Lib
+   if test "x$as_val" = x""yes; then :
+  have_ldap_lib=1
+fi
+
+  if test -z "$have_ldap_lib" ; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_initialize in -lldap" >&5
+$as_echo_n "checking for ldap_initialize in -lldap... " >&6; }
+if test "${ac_cv_lib_ldap_ldap_initialize+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ldap_initialize ();
+int
+main ()
+{
+return ldap_initialize ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_ldap_ldap_initialize=yes
+else
+  ac_cv_lib_ldap_ldap_initialize=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_ldap_ldap_initialize" >&5
+$as_echo "$ac_cv_lib_ldap_ldap_initialize" >&6; }
+if test "x$ac_cv_lib_ldap_ldap_initialize" = x""yes; then :
+  unset ol_libver
+else
+  as_fn_error "specified with-openldap but libldap not found" "$LINENO" 5
+fi
+
+  fi
+    as_ac_Lib=`$as_echo "ac_cv_lib_ldap$ol_libver''_ldap_url_parse_ext" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldap_url_parse_ext in -lldap$ol_libver" >&5
+$as_echo_n "checking for ldap_url_parse_ext in -lldap$ol_libver... " >&6; }
+if { as_var=$as_ac_Lib; eval "test \"\${$as_var+set}\" = set"; }; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lldap$ol_libver  $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char ldap_url_parse_ext ();
+int
+main ()
+{
+return ldap_url_parse_ext ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  eval "$as_ac_Lib=yes"
+else
+  eval "$as_ac_Lib=no"
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+eval ac_res=\$$as_ac_Lib
+	       { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5
+$as_echo "$ac_res" >&6; }
+eval as_val=\$$as_ac_Lib
+   if test "x$as_val" = x""yes; then :
+
+$as_echo "#define HAVE_LDAP_URL_PARSE_EXT 1" >>confdefs.h
+
+fi
+
+  LDFLAGS="$save_ldflags"
+  CPPFLAGS="$save_cppflags"
+
+
+$as_echo "#define USE_OPENLDAP 1" >>confdefs.h
+
+  # where to find ldapsearch, et. al.
+  ldaptool_bindir=$openldap_bindir
+  # default options to pass to the tools
+  # use -x because all of our scripts use simple bind
+  ldaptool_opts=-x
+  # get plain output from ldapsearch - no version, no comments
+  plainldif_opts=-LLL
+fi
+
+
+
+# Configure paths for SASL
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sasl..." >&5
+$as_echo "$as_me: checking for sasl..." >&6;}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-sasl" >&5
+$as_echo_n "checking for --with-sasl... " >&6; }
+
+# Check whether --with-sasl was given.
+if test "${with_sasl+set}" = set; then :
+  withval=$with_sasl;
+      if test "$withval" = "yes"; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+                if test -f /usr/include/sasl/sasl.h; then
+          sasl_inc="-I/usr/include/sasl"
+        elif test -f /usr/include/sasl.h; then
+          sasl_inc="-I/usr/include"
+        else
+          as_fn_error "sasl.h not found" "$LINENO" 5
+        fi
+
+            elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+
+        if test -f "$withval/include/sasl/sasl.h"; then
+          sasl_inc="-I$withval/include/sasl"
+        elif test -f "$withval/include/sasl.h"; then
+          sasl_inc="-I$withval/include"
+        else
+          as_fn_error "sasl.h not found" "$LINENO" 5
+        fi
+
+        sasl_lib="-L$withval/lib"
+        sasl_libdir="$withval/lib"
+      else
+          { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+          as_fn_error "sasl not found in $withval" "$LINENO" 5
+      fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-sasl-inc" >&5
+$as_echo_n "checking for --with-sasl-inc... " >&6; }
+
+# Check whether --with-sasl-inc was given.
+if test "${with_sasl_inc+set}" = set; then :
+  withval=$with_sasl_inc;
+      if test -f "$withval"/sasl.h; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+        sasl_inc="-I$withval"
+      else
+        echo
+        as_fn_error "$withval/sasl.h not found" "$LINENO" 5
+      fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-sasl-lib" >&5
+$as_echo_n "checking for --with-sasl-lib... " >&6; }
+
+# Check whether --with-sasl-lib was given.
+if test "${with_sasl_lib+set}" = set; then :
+  withval=$with_sasl_lib;
+      if test -d "$withval"; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+        sasl_lib="-L$withval"
+        sasl_libdir="$withval"
+      else
+        echo
+        as_fn_error "$withval not found" "$LINENO" 5
+      fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test -z "$sasl_inc"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for sasl.h" >&5
+$as_echo_n "checking for sasl.h... " >&6; }
+    if test -f /usr/include/sasl/sasl.h; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using /usr/include/sasl/sasl.h" >&5
+$as_echo "using /usr/include/sasl/sasl.h" >&6; }
+    sasl_inc="-I/usr/include/sasl"
+  elif test -f /usr/include/sasl.h; then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using /usr/include/sasl.h" >&5
+$as_echo "using /usr/include/sasl.h" >&6; }
+    sasl_inc="-I/usr/include"
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+    as_fn_error "sasl not found, specify with --with-sasl." "$LINENO" 5
+  fi
+fi
+
+
+# Configure paths for SVRCORE
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for svrcore..." >&5
+$as_echo "$as_me: checking for svrcore..." >&6;}
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-svrcore" >&5
+$as_echo_n "checking for --with-svrcore... " >&6; }
+
+# Check whether --with-svrcore was given.
+if test "${with_svrcore+set}" = set; then :
+  withval=$with_svrcore;
+      if test "$withval" = "yes"; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+
+                if test -f /usr/include/svrcore.h; then
+          svrcore_inc="-I/usr/include"
+        else
+          as_fn_error "svrcore.h not found" "$LINENO" 5
+        fi
+
+            elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+
+        if test -f "$withval/include/svrcore.h"; then
+          svrcore_inc="-I$withval/include"
+        else
+          as_fn_error "svrcore.h not found" "$LINENO" 5
+        fi
+
+        svrcore_lib="-L$withval/lib"
+      else
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
+$as_echo "yes" >&6; }
+        as_fn_error "svrcore not found in $withval" "$LINENO" 5
+      fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-svrcore-inc" >&5
+$as_echo_n "checking for --with-svrcore-inc... " >&6; }
+
+# Check whether --with-svrcore-inc was given.
+if test "${with_svrcore_inc+set}" = set; then :
+  withval=$with_svrcore_inc;
+      if test -f "$withval"/svrcore.h; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+        svrcore_inc="-I$withval"
+      else
+        echo
+        as_fn_error "$withval/svrcore.h not found" "$LINENO" 5
+      fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-svrcore-lib" >&5
+$as_echo_n "checking for --with-svrcore-lib... " >&6; }
+
+# Check whether --with-svrcore-lib was given.
+if test "${with_svrcore_lib+set}" = set; then :
+  withval=$with_svrcore_lib;
+      if test -d "$withval"; then
+        { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+        svrcore_lib="-L$withval"
+      else
+        echo
+        as_fn_error "$withval not found" "$LINENO" 5
+      fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+  # Extract the first word of "pkg-config", so it can be a program name with args.
+set dummy pkg-config; ac_word=$2
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
+$as_echo_n "checking for $ac_word... " >&6; }
+if test "${ac_cv_path_PKG_CONFIG+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  case $PKG_CONFIG in
+  [\\/]* | ?:[\\/]*)
+  ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path.
+  ;;
+  *)
+  as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    for ac_exec_ext in '' $ac_executable_extensions; do
+  if { test -f "$as_dir/$ac_word$ac_exec_ext" && $as_test_x "$as_dir/$ac_word$ac_exec_ext"; }; then
+    ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext"
+    $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
+    break 2
+  fi
+done
+  done
+IFS=$as_save_IFS
+
+  ;;
+esac
+fi
+PKG_CONFIG=$ac_cv_path_PKG_CONFIG
+if test -n "$PKG_CONFIG"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5
+$as_echo "$PKG_CONFIG" >&6; }
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for svrcore with pkg-config" >&5
+$as_echo_n "checking for svrcore with pkg-config... " >&6; }
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists svrcore; then
+      svrcore_inc=`$PKG_CONFIG --cflags-only-I svrcore`
+      svrcore_lib=`$PKG_CONFIG --libs-only-L svrcore`
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system svrcore" >&5
+$as_echo "using system svrcore" >&6; }
+    fi
+  fi
+fi
+
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: checking for SVRCORE_GetRegisteredPinObj in -lsvrcore" >&5
+$as_echo_n "checking for SVRCORE_GetRegisteredPinObj in -lsvrcore... " >&6; }
+if test "${ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj+set}" = set; then :
+  $as_echo_n "(cached) " >&6
+else
+  ac_check_lib_save_LIBS=$LIBS
+LIBS="-lsvrcore $nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4 $LIBS"
+cat confdefs.h - <<_ACEOF >conftest.$ac_ext
+/* end confdefs.h.  */
+
+/* Override any GCC internal prototype to avoid an error.
+   Use char because int might match the return type of a GCC
+   builtin and then its argument prototype would still apply.  */
+#ifdef __cplusplus
+extern "C"
+#endif
+char SVRCORE_GetRegisteredPinObj ();
+int
+main ()
+{
+return SVRCORE_GetRegisteredPinObj ();
+  ;
+  return 0;
+}
+_ACEOF
+if ac_fn_c_try_link "$LINENO"; then :
+  ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj=yes
+else
+  ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj=no
+fi
+rm -f core conftest.err conftest.$ac_objext \
+    conftest$ac_exeext conftest.$ac_ext
+LIBS=$ac_check_lib_save_LIBS
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj" >&5
+$as_echo "$ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj" >&6; }
+if test "x$ac_cv_lib_svrcore_SVRCORE_GetRegisteredPinObj" = x""yes; then :
+  havesvrcore=1
+fi
+
+  if test -n "$havesvrcore" ; then
+    save_cppflags="$CPPFLAGS"
+    CPPFLAGS="$nss_inc $nspr_inc"
+    ac_fn_c_check_header_mongrel "$LINENO" "svrcore.h" "ac_cv_header_svrcore_h" "$ac_includes_default"
+if test "x$ac_cv_header_svrcore_h" = x""yes; then :
+  havesvrcore=1
+else
+  havesvrcore=
+fi
+
+
+    CPPFLAGS="$save_cppflags"
+  fi
+  if test -z "$havesvrcore" ; then
+    as_fn_error "svrcore not found, specify with --with-svrcore." "$LINENO" 5
+  fi
+fi
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for Apr..." >&5
+$as_echo "$as_me: checking for Apr..." >&6;}
+
+# check for --with-apr
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-apr" >&5
+$as_echo_n "checking for --with-apr... " >&6; }
+
+# Check whether --with-apr was given.
+if test "${with_apr+set}" = set; then :
+  withval=$with_apr;
+  if test -e "$withval"/include/apr-0/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-0"
+    apr_lib_version="apr-0"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        as_fn_error "unconfigured platform $host" "$LINENO" 5
+        ;;
+    esac
+  elif test -e "$withval"/include/apr-1/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-1"
+    apr_lib_version="apr-1"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        as_fn_error "unconfigured platform $host" "$LINENO" 5
+        ;;
+    esac
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-apr-inc
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-apr-inc" >&5
+$as_echo_n "checking for --with-apr-inc... " >&6; }
+
+# Check whether --with-apr-inc was given.
+if test "${with_apr_inc+set}" = set; then :
+  withval=$with_apr_inc;
+  if test -e "$withval"/apr.h
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    APRDIR=$withval/..
+    apr_inc="-DAPRDIR -I$withval/.. -I$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-apr-lib
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-apr-lib" >&5
+$as_echo_n "checking for --with-apr-lib... " >&6; }
+
+# Check whether --with-apr-lib was given.
+if test "${with_apr_lib+set}" = set; then :
+  withval=$with_apr_lib;
+  if test -d "$withval"
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    apr_lib="-L$withval"
+    apr_libdir="$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+  if test -e "$withval/libapr-0.so"
+  then
+    apr_lib_version="apr-0"
+  elif test -e "$withval/libapr-1.so"
+  then
+    apr_lib_version="apr-1"
+  else
+    as_fn_error "libapr in $withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for --with-apr-bin
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for --with-apr-bin" >&5
+$as_echo_n "checking for --with-apr-bin... " >&6; }
+
+# Check whether --with-apr-bin was given.
+if test "${with_apr_bin+set}" = set; then :
+  withval=$with_apr_bin;
+  if test -d "$withval"
+  then
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using $withval" >&5
+$as_echo "using $withval" >&6; }
+    apr_bindir="$withval"
+  else
+    echo
+    as_fn_error "$withval not found" "$LINENO" 5
+  fi
+
+else
+  { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
+$as_echo "no" >&6; }
+fi
+
+
+# check for Apr in well-known locations
+# e. g. - on certain platforms, check for the presence
+#         of a "Fortitude"-enabled web-server first
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for APR in well-known locations" >&5
+$as_echo_n "checking for APR in well-known locations... " >&6; }
+case $host in
+  *-*-linux*)
+    if test -f /usr/include/apr-0/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-0"
+    elif test -f /usr/include/apr-1/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-1"
+    else
+      as_fn_error "apr.h not found" "$LINENO" 5
+    fi
+    if test -n "$USE_64"
+    then
+      if test -e /usr/lib64/libapr-0.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib64/libapr-1.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-1"
+      else
+        as_fn_error "libapr not found" "$LINENO" 5
+      fi
+    else
+      if test -e /usr/lib/libapr-0.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib/libapr-1.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-1"
+      else
+        as_fn_error "libapr not found" "$LINENO" 5
+      fi
+    fi
+    if test -x /usr/bin/apr-config
+    then
+      apr_bindir="/usr/bin"
+    elif test -x /usr/bin/apr-1-config
+    then
+      apr_bindir="/usr/bin"
+    else
+      as_fn_error "apr-config or apr-1-config not found" "$LINENO" 5
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system Apr in /usr" >&5
+$as_echo "using system Apr in /usr" >&6; }
+    ;;
+  sparc-sun-solaris*)
+    if test -d /opt/fortitude
+    then
+      if test -f /opt/fortitude/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/opt/fortitude/include -I/opt/fortitude/include/apr-0"
+      else
+        as_fn_error "/opt/fortitude/include/apr-0/apr.h not found" "$LINENO" 5
+      fi
+      if test -n "$USE_64"
+      then
+        #############################################################
+        ###  NOTE:  The 64-bit Fortitude "sparcv9" libraries and  ###
+        ###         programs are now under "/opt/fortitude/lib"   ###
+        ###         and "/opt/fortitude/bin" rather than          ###
+        ###         "/opt/fortitude/lib/sparcv9" and              ###
+        ###         "/opt/fortitude/bin/sparcv9"!!!               ###
+        ###                                                       ###
+        ###         To help guard against any future movement     ###
+        ###         of any of these libraries and/or programs,    ###
+        ###         this m4 file will first check under the       ###
+        ###         "sparcv9" directory, and then the directory   ###
+        ###         immediately above the "sparcv9" directory.    ###
+        #############################################################
+        if test -e /opt/fortitude/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib/sparcv9"
+          apr_libdir="/opt/fortitude/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          if test -e /opt/fortitude/lib/libapr-0.so
+          then
+            apr_lib="-L/opt/fortitude/lib"
+            apr_libdir="/opt/fortitude/lib"
+            apr_lib_version="apr-0"
+          else
+            as_fn_error "Fortitude-enabled libapr-0.so not found" "$LINENO" 5
+          fi
+        fi
+        if test -x /opt/fortitude/bin/sparcv9/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin/sparcv9"
+        else
+          if test -x /opt/fortitude/bin/apr-config
+          then
+            apr_bindir="/opt/fortitude/bin"
+          else
+            as_fn_error "Fortitude-enabled apr-config not found" "$LINENO" 5
+          fi
+        fi
+      else
+        if test -e /opt/fortitude/lib/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib"
+          apr_libdir="/opt/fortitude/lib"
+          apr_lib_version="apr-0"
+        else
+          as_fn_error "/opt/fortitude/lib/libapr-0.so not found" "$LINENO" 5
+        fi
+        if test -x /opt/fortitude/bin/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin"
+        else
+          as_fn_error "/opt/fortitude/bin/apr-config not found" "$LINENO" 5
+        fi
+      fi
+      { $as_echo "$as_me:${as_lineno-$LINENO}: result: using Fortitude-enabled Apr in /opt/fortitude" >&5
+$as_echo "using Fortitude-enabled Apr in /opt/fortitude" >&6; }
+    else
+      if test -f /usr/local/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/usr/local/include -I/usr/local/include/apr-0"
+      else
+        as_fn_error "/usr/local/include/apr-0/apr.h not found" "$LINENO" 5
+      fi
+      if test -n "$USE_64"
+      then
+        if test -e /usr/local/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib/sparcv9"
+          apr_libdir="/usr/local/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          as_fn_error "/usr/local/lib/sparcv9/libapr-0.so not found" "$LINENO" 5
+        fi
+        if test -x /usr/local/bin/sparcv9/apr-config
+        then
+          apr_bindir="/usr/local/bin/sparcv9"
+        else
+          as_fn_error "/usr/local/bin/sparcv9/apr-config not found" "$LINENO" 5
+        fi
+      else
+        if test -e /usr/local/lib/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib"
+          apr_libdir="/usr/local/lib"
+          apr_lib_version="apr-0"
+        else
+          as_fn_error "/usr/local/lib/libapr-0.so not found" "$LINENO" 5
+        fi
+        if test -x /usr/local/bin/apr-config
+        then
+          apr_bindir="/usr/local/bin"
+        else
+          as_fn_error "/usr/local/bin/apr-config not found" "$LINENO" 5
+        fi
+      fi
+    fi
+    { $as_echo "$as_me:${as_lineno-$LINENO}: result: using system Apr in /usr/local" >&5
+$as_echo "using system Apr in /usr/local" >&6; }
+    ;;
+  *)
+    as_fn_error "unconfigured platform $host" "$LINENO" 5
+    ;;
+esac
+
+# if Apr has not been found, print an error and exit
+if test -z "$apr_inc"
+then
+  as_fn_error "Apr include file directory not found, specify with --with-apr." "$LINENO" 5
+fi
+if test -z "$apr_lib" -o -z "$apr_libdir"
+then
+  as_fn_error "Apr library directory not found, specify with --with-apr." "$LINENO" 5
+fi
+if test -z "$apr_bindir"
+then
+  as_fn_error "Apr executables directory not found, specify with --with-apr." "$LINENO" 5
+fi
+if test -z "$apr_lib_version"
+then
+  as_fn_error "Apr library version not found, specify with --with-apr." "$LINENO" 5
+fi
+
+
+
+# write out paths for binary components
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+# libtool on fedora/rhel contains some gcc-isms which cause problems
+# if not using gcc (e.g. Forte on Solaris, aCC on HP-UX)
+# we remove them here
+if test "$GCC" != yes ; then
+   { $as_echo "$as_me:${as_lineno-$LINENO}: Not using gcc - fixing libtool to remove gcc-isms . . ." >&5
+$as_echo "$as_me: Not using gcc - fixing libtool to remove gcc-isms . . ." >&6;}
+   cp -p libtool libtool.orig
+   cp -p libtool libtool.tmp
+   # dnl note the special chars [ and ] - since m4 treats [ and ] specially,
+   # we have to use the quadrigraph [ for [ and ] for ] - and you thought
+   # perl produced write-only code . . .
+   sed -e '/^gcc_dir/ d' \
+       -e '/^gcc_ver/ d' \
+       -e 's/^predep_objects=.*echo \("[^"]*"\).*$/predep_objects=\1/' \
+       -e 's/^postdep_objects=.*echo \("[^"]*"\).*$/postdep_objects=\1/' \
+       -e 's/^compiler_lib_search_path=.*echo \("[^"]*"\).*$/compiler_lib_search_path=\1/' \
+       -e 's/^sys_lib_search_path_spec=.*echo \("[^"]*"\).*$/sys_lib_search_path_spec=\1/' \
+       libtool > libtool.tmp
+   cp -p libtool.tmp libtool
+   rm -f libtool.tmp
+fi
+
+ac_config_files="$ac_config_files Makefile"
+
+
+cat >confcache <<\_ACEOF
+# This file is a shell script that caches the results of configure
+# tests run on this system so they can be shared between configure
+# scripts and configure runs, see configure's option --config-cache.
+# It is not useful on other systems.  If it contains results you don't
+# want to keep, you may remove or edit it.
+#
+# config.status only pays attention to the cache file if you give it
+# the --recheck option to rerun configure.
+#
+# `ac_cv_env_foo' variables (set or unset) will be overridden when
+# loading this file, other *unset* `ac_cv_foo' will be assigned the
+# following values.
+
+_ACEOF
+
+# The following way of writing the cache mishandles newlines in values,
+# but we know of no workaround that is simple, portable, and efficient.
+# So, we kill variables containing newlines.
+# Ultrix sh set writes to stderr and can't be redirected directly,
+# and sets the high bit in the cache file unless we assign to the vars.
+(
+  for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do
+    eval ac_val=\$$ac_var
+    case $ac_val in #(
+    *${as_nl}*)
+      case $ac_var in #(
+      *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5
+$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;;
+      esac
+      case $ac_var in #(
+      _ | IFS | as_nl) ;; #(
+      BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #(
+      *) { eval $ac_var=; unset $ac_var;} ;;
+      esac ;;
+    esac
+  done
+
+  (set) 2>&1 |
+    case $as_nl`(ac_space=' '; set) 2>&1` in #(
+    *${as_nl}ac_space=\ *)
+      # `set' does not quote correctly, so add quotes: double-quote
+      # substitution turns \\\\ into \\, and sed turns \\ into \.
+      sed -n \
+	"s/'/'\\\\''/g;
+	  s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p"
+      ;; #(
+    *)
+      # `set' quotes correctly as required by POSIX, so do not add quotes.
+      sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p"
+      ;;
+    esac |
+    sort
+) |
+  sed '
+     /^ac_cv_env_/b end
+     t clear
+     :clear
+     s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/
+     t end
+     s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/
+     :end' >>confcache
+if diff "$cache_file" confcache >/dev/null 2>&1; then :; else
+  if test -w "$cache_file"; then
+    test "x$cache_file" != "x/dev/null" &&
+      { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5
+$as_echo "$as_me: updating cache $cache_file" >&6;}
+    cat confcache >$cache_file
+  else
+    { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5
+$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;}
+  fi
+fi
+rm -f confcache
+
+test "x$prefix" = xNONE && prefix=$ac_default_prefix
+# Let make expand exec_prefix.
+test "x$exec_prefix" = xNONE && exec_prefix='${prefix}'
+
+DEFS=-DHAVE_CONFIG_H
+
+ac_libobjs=
+ac_ltlibobjs=
+for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue
+  # 1. Remove the extension, and $U if already installed.
+  ac_script='s/\$U\././;s/\.o$//;s/\.obj$//'
+  ac_i=`$as_echo "$ac_i" | sed "$ac_script"`
+  # 2. Prepend LIBOBJDIR.  When used with automake>=1.10 LIBOBJDIR
+  #    will be set to the directory where LIBOBJS objects are built.
+  as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext"
+  as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo'
+done
+LIBOBJS=$ac_libobjs
+
+LTLIBOBJS=$ac_ltlibobjs
+
+
+ if test -n "$EXEEXT"; then
+  am__EXEEXT_TRUE=
+  am__EXEEXT_FALSE='#'
+else
+  am__EXEEXT_TRUE='#'
+  am__EXEEXT_FALSE=
+fi
+
+if test -z "${MAINTAINER_MODE_TRUE}" && test -z "${MAINTAINER_MODE_FALSE}"; then
+  as_fn_error "conditional \"MAINTAINER_MODE\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then
+  as_fn_error "conditional \"AMDEP\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+  as_fn_error "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then
+  as_fn_error "conditional \"am__fastdepCC\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then
+  as_fn_error "conditional \"am__fastdepCXX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${WINNT_TRUE}" && test -z "${WINNT_FALSE}"; then
+  as_fn_error "conditional \"WINNT\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${LINUX_TRUE}" && test -z "${LINUX_FALSE}"; then
+  as_fn_error "conditional \"LINUX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${HPUX_TRUE}" && test -z "${HPUX_FALSE}"; then
+  as_fn_error "conditional \"HPUX\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+if test -z "${SOLARIS_TRUE}" && test -z "${SOLARIS_FALSE}"; then
+  as_fn_error "conditional \"SOLARIS\" was never defined.
+Usually this means the macro was only invoked conditionally." "$LINENO" 5
+fi
+
+: ${CONFIG_STATUS=./config.status}
+ac_write_fail=0
+ac_clean_files_save=$ac_clean_files
+ac_clean_files="$ac_clean_files $CONFIG_STATUS"
+{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5
+$as_echo "$as_me: creating $CONFIG_STATUS" >&6;}
+as_write_fail=0
+cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1
+#! $SHELL
+# Generated by $as_me.
+# Run this file to recreate the current configuration.
+# Compiler output produced by configure, useful for debugging
+# configure, is in config.log if it exists.
+
+debug=false
+ac_cs_recheck=false
+ac_cs_silent=false
+
+SHELL=\${CONFIG_SHELL-$SHELL}
+export SHELL
+_ASEOF
+cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1
+## -------------------- ##
+## M4sh Initialization. ##
+## -------------------- ##
+
+# Be more Bourne compatible
+DUALCASE=1; export DUALCASE # for MKS sh
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then :
+  emulate sh
+  NULLCMD=:
+  # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in #(
+  *posix*) :
+    set -o posix ;; #(
+  *) :
+     ;;
+esac
+fi
+
+
+as_nl='
+'
+export as_nl
+# Printing a long string crashes Solaris 7 /usr/bin/printf.
+as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo
+as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo
+# Prefer a ksh shell builtin over an external printf program on Solaris,
+# but without wasting forks for bash or zsh.
+if test -z "$BASH_VERSION$ZSH_VERSION" \
+    && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='print -r --'
+  as_echo_n='print -rn --'
+elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then
+  as_echo='printf %s\n'
+  as_echo_n='printf %s'
+else
+  if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then
+    as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"'
+    as_echo_n='/usr/ucb/echo -n'
+  else
+    as_echo_body='eval expr "X$1" : "X\\(.*\\)"'
+    as_echo_n_body='eval
+      arg=$1;
+      case $arg in #(
+      *"$as_nl"*)
+	expr "X$arg" : "X\\(.*\\)$as_nl";
+	arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;;
+      esac;
+      expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl"
+    '
+    export as_echo_n_body
+    as_echo_n='sh -c $as_echo_n_body as_echo'
+  fi
+  export as_echo_body
+  as_echo='sh -c $as_echo_body as_echo'
+fi
+
+# The user is always right.
+if test "${PATH_SEPARATOR+set}" != set; then
+  PATH_SEPARATOR=:
+  (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && {
+    (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 ||
+      PATH_SEPARATOR=';'
+  }
+fi
+
+
+# IFS
+# We need space, tab and new line, in precisely that order.  Quoting is
+# there to prevent editors from complaining about space-tab.
+# (If _AS_PATH_WALK were called with IFS unset, it would disable word
+# splitting by setting IFS to empty value.)
+IFS=" ""	$as_nl"
+
+# Find who we are.  Look in the path if we contain no directory separator.
+case $0 in #((
+  *[\\/]* ) as_myself=$0 ;;
+  *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
+for as_dir in $PATH
+do
+  IFS=$as_save_IFS
+  test -z "$as_dir" && as_dir=.
+    test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break
+  done
+IFS=$as_save_IFS
+
+     ;;
+esac
+# We did not find ourselves, most probably we were run as `sh COMMAND'
+# in which case we are not to be found in the path.
+if test "x$as_myself" = x; then
+  as_myself=$0
+fi
+if test ! -f "$as_myself"; then
+  $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2
+  exit 1
+fi
+
+# Unset variables that we do not need and which cause bugs (e.g. in
+# pre-3.0 UWIN ksh).  But do not cause bugs in bash 2.01; the "|| exit 1"
+# suppresses any "Segmentation fault" message there.  '((' could
+# trigger a bug in pdksh 5.2.14.
+for as_var in BASH_ENV ENV MAIL MAILPATH
+do eval test x\${$as_var+set} = xset \
+  && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || :
+done
+PS1='$ '
+PS2='> '
+PS4='+ '
+
+# NLS nuisances.
+LC_ALL=C
+export LC_ALL
+LANGUAGE=C
+export LANGUAGE
+
+# CDPATH.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+
+# as_fn_error ERROR [LINENO LOG_FD]
+# ---------------------------------
+# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are
+# provided, also output the error to LOG_FD, referencing LINENO. Then exit the
+# script with status $?, using 1 if that was 0.
+as_fn_error ()
+{
+  as_status=$?; test $as_status -eq 0 && as_status=1
+  if test "$3"; then
+    as_lineno=${as_lineno-"$2"} as_lineno_stack=as_lineno_stack=$as_lineno_stack
+    $as_echo "$as_me:${as_lineno-$LINENO}: error: $1" >&$3
+  fi
+  $as_echo "$as_me: error: $1" >&2
+  as_fn_exit $as_status
+} # as_fn_error
+
+
+# as_fn_set_status STATUS
+# -----------------------
+# Set $? to STATUS, without forking.
+as_fn_set_status ()
+{
+  return $1
+} # as_fn_set_status
+
+# as_fn_exit STATUS
+# -----------------
+# Exit the shell with STATUS, even in a "trap 0" or "set -e" context.
+as_fn_exit ()
+{
+  set +e
+  as_fn_set_status $1
+  exit $1
+} # as_fn_exit
+
+# as_fn_unset VAR
+# ---------------
+# Portably unset VAR.
+as_fn_unset ()
+{
+  { eval $1=; unset $1;}
+}
+as_unset=as_fn_unset
+# as_fn_append VAR VALUE
+# ----------------------
+# Append the text in VALUE to the end of the definition contained in VAR. Take
+# advantage of any shell optimizations that allow amortized linear growth over
+# repeated appends, instead of the typical quadratic growth present in naive
+# implementations.
+if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then :
+  eval 'as_fn_append ()
+  {
+    eval $1+=\$2
+  }'
+else
+  as_fn_append ()
+  {
+    eval $1=\$$1\$2
+  }
+fi # as_fn_append
+
+# as_fn_arith ARG...
+# ------------------
+# Perform arithmetic evaluation on the ARGs, and store the result in the
+# global $as_val. Take advantage of shells that can avoid forks. The arguments
+# must be portable across $(()) and expr.
+if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then :
+  eval 'as_fn_arith ()
+  {
+    as_val=$(( $* ))
+  }'
+else
+  as_fn_arith ()
+  {
+    as_val=`expr "$@" || test $? -eq 1`
+  }
+fi # as_fn_arith
+
+
+if expr a : '\(a\)' >/dev/null 2>&1 &&
+   test "X`expr 00001 : '.*\(...\)'`" = X001; then
+  as_expr=expr
+else
+  as_expr=false
+fi
+
+if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then
+  as_basename=basename
+else
+  as_basename=false
+fi
+
+if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then
+  as_dirname=dirname
+else
+  as_dirname=false
+fi
+
+as_me=`$as_basename -- "$0" ||
+$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \
+	 X"$0" : 'X\(//\)$' \| \
+	 X"$0" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X/"$0" |
+    sed '/^.*\/\([^/][^/]*\)\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\/\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+
+# Avoid depending upon Character Ranges.
+as_cr_letters='abcdefghijklmnopqrstuvwxyz'
+as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
+as_cr_Letters=$as_cr_letters$as_cr_LETTERS
+as_cr_digits='0123456789'
+as_cr_alnum=$as_cr_Letters$as_cr_digits
+
+ECHO_C= ECHO_N= ECHO_T=
+case `echo -n x` in #(((((
+-n*)
+  case `echo 'xy\c'` in
+  *c*) ECHO_T='	';;	# ECHO_T is single tab character.
+  xy)  ECHO_C='\c';;
+  *)   echo `echo ksh88 bug on AIX 6.1` > /dev/null
+       ECHO_T='	';;
+  esac;;
+*)
+  ECHO_N='-n';;
+esac
+
+rm -f conf$$ conf$$.exe conf$$.file
+if test -d conf$$.dir; then
+  rm -f conf$$.dir/conf$$.file
+else
+  rm -f conf$$.dir
+  mkdir conf$$.dir 2>/dev/null
+fi
+if (echo >conf$$.file) 2>/dev/null; then
+  if ln -s conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s='ln -s'
+    # ... but there are two gotchas:
+    # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail.
+    # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable.
+    # In both cases, we have to default to `cp -p'.
+    ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe ||
+      as_ln_s='cp -p'
+  elif ln conf$$.file conf$$ 2>/dev/null; then
+    as_ln_s=ln
+  else
+    as_ln_s='cp -p'
+  fi
+else
+  as_ln_s='cp -p'
+fi
+rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file
+rmdir conf$$.dir 2>/dev/null
+
+
+# as_fn_mkdir_p
+# -------------
+# Create "$as_dir" as a directory, including parents if necessary.
+as_fn_mkdir_p ()
+{
+
+  case $as_dir in #(
+  -*) as_dir=./$as_dir;;
+  esac
+  test -d "$as_dir" || eval $as_mkdir_p || {
+    as_dirs=
+    while :; do
+      case $as_dir in #(
+      *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'(
+      *) as_qdir=$as_dir;;
+      esac
+      as_dirs="'$as_qdir' $as_dirs"
+      as_dir=`$as_dirname -- "$as_dir" ||
+$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$as_dir" : 'X\(//\)[^/]' \| \
+	 X"$as_dir" : 'X\(//\)$' \| \
+	 X"$as_dir" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$as_dir" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      test -d "$as_dir" && break
+    done
+    test -z "$as_dirs" || eval "mkdir $as_dirs"
+  } || test -d "$as_dir" || as_fn_error "cannot create directory $as_dir"
+
+
+} # as_fn_mkdir_p
+if mkdir -p . 2>/dev/null; then
+  as_mkdir_p='mkdir -p "$as_dir"'
+else
+  test -d ./-p && rmdir ./-p
+  as_mkdir_p=false
+fi
+
+if test -x / >/dev/null 2>&1; then
+  as_test_x='test -x'
+else
+  if ls -dL / >/dev/null 2>&1; then
+    as_ls_L_option=L
+  else
+    as_ls_L_option=
+  fi
+  as_test_x='
+    eval sh -c '\''
+      if test -d "$1"; then
+	test -d "$1/.";
+      else
+	case $1 in #(
+	-*)set "./$1";;
+	esac;
+	case `ls -ld'$as_ls_L_option' "$1" 2>/dev/null` in #((
+	???[sx]*):;;*)false;;esac;fi
+    '\'' sh
+  '
+fi
+as_executable_p=$as_test_x
+
+# Sed expression to map a string onto a valid CPP name.
+as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'"
+
+# Sed expression to map a string onto a valid variable name.
+as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'"
+
+
+exec 6>&1
+## ----------------------------------- ##
+## Main body of $CONFIG_STATUS script. ##
+## ----------------------------------- ##
+_ASEOF
+test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# Save the log message, to keep $0 and so on meaningful, and to
+# report actual input values of CONFIG_FILES etc. instead of their
+# values after options handling.
+ac_log="
+This file was extended by pki-tps $as_me 8.0.0, which was
+generated by GNU Autoconf 2.65.  Invocation command line was
+
+  CONFIG_FILES    = $CONFIG_FILES
+  CONFIG_HEADERS  = $CONFIG_HEADERS
+  CONFIG_LINKS    = $CONFIG_LINKS
+  CONFIG_COMMANDS = $CONFIG_COMMANDS
+  $ $0 $@
+
+on `(hostname || uname -n) 2>/dev/null | sed 1q`
+"
+
+_ACEOF
+
+case $ac_config_files in *"
+"*) set x $ac_config_files; shift; ac_config_files=$*;;
+esac
+
+case $ac_config_headers in *"
+"*) set x $ac_config_headers; shift; ac_config_headers=$*;;
+esac
+
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+# Files that config.status was made for.
+config_files="$ac_config_files"
+config_headers="$ac_config_headers"
+config_commands="$ac_config_commands"
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+ac_cs_usage="\
+\`$as_me' instantiates files and other configuration actions
+from templates according to the current configuration.  Unless the files
+and actions are specified as TAGs, all are instantiated by default.
+
+Usage: $0 [OPTION]... [TAG]...
+
+  -h, --help       print this help, then exit
+  -V, --version    print version number and configuration settings, then exit
+      --config     print configuration, then exit
+  -q, --quiet, --silent
+                   do not print progress messages
+  -d, --debug      don't remove temporary files
+      --recheck    update $as_me by reconfiguring in the same conditions
+      --file=FILE[:TEMPLATE]
+                   instantiate the configuration file FILE
+      --header=FILE[:TEMPLATE]
+                   instantiate the configuration header FILE
+
+Configuration files:
+$config_files
+
+Configuration headers:
+$config_headers
+
+Configuration commands:
+$config_commands
+
+Report bugs to <http://bugzilla.redhat.com/>."
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
+ac_cs_version="\\
+pki-tps config.status 8.0.0
+configured by $0, generated by GNU Autoconf 2.65,
+  with options \\"\$ac_cs_config\\"
+
+Copyright (C) 2009 Free Software Foundation, Inc.
+This config.status script is free software; the Free Software Foundation
+gives unlimited permission to copy, distribute and modify it."
+
+ac_pwd='$ac_pwd'
+srcdir='$srcdir'
+INSTALL='$INSTALL'
+MKDIR_P='$MKDIR_P'
+AWK='$AWK'
+test -n "\$AWK" || AWK=awk
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# The default lists apply if the user does not specify any file.
+ac_need_defaults=:
+while test $# != 0
+do
+  case $1 in
+  --*=*)
+    ac_option=`expr "X$1" : 'X\([^=]*\)='`
+    ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'`
+    ac_shift=:
+    ;;
+  *)
+    ac_option=$1
+    ac_optarg=$2
+    ac_shift=shift
+    ;;
+  esac
+
+  case $ac_option in
+  # Handling of the options.
+  -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
+    ac_cs_recheck=: ;;
+  --version | --versio | --versi | --vers | --ver | --ve | --v | -V )
+    $as_echo "$ac_cs_version"; exit ;;
+  --config | --confi | --conf | --con | --co | --c )
+    $as_echo "$ac_cs_config"; exit ;;
+  --debug | --debu | --deb | --de | --d | -d )
+    debug=: ;;
+  --file | --fil | --fi | --f )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_FILES " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --header | --heade | --head | --hea )
+    $ac_shift
+    case $ac_optarg in
+    *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;;
+    esac
+    as_fn_append CONFIG_HEADERS " '$ac_optarg'"
+    ac_need_defaults=false;;
+  --he | --h)
+    # Conflict between --help and --header
+    as_fn_error "ambiguous option: \`$1'
+Try \`$0 --help' for more information.";;
+  --help | --hel | -h )
+    $as_echo "$ac_cs_usage"; exit ;;
+  -q | -quiet | --quiet | --quie | --qui | --qu | --q \
+  | -silent | --silent | --silen | --sile | --sil | --si | --s)
+    ac_cs_silent=: ;;
+
+  # This is an error.
+  -*) as_fn_error "unrecognized option: \`$1'
+Try \`$0 --help' for more information." ;;
+
+  *) as_fn_append ac_config_targets " $1"
+     ac_need_defaults=false ;;
+
+  esac
+  shift
+done
+
+ac_configure_extra_args=
+
+if $ac_cs_silent; then
+  exec 6>/dev/null
+  ac_configure_extra_args="$ac_configure_extra_args --silent"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+if \$ac_cs_recheck; then
+  set X '$SHELL' '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion
+  shift
+  \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6
+  CONFIG_SHELL='$SHELL'
+  export CONFIG_SHELL
+  exec "\$@"
+fi
+
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+exec 5>>config.log
+{
+  echo
+  sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX
+## Running $as_me. ##
+_ASBOX
+  $as_echo "$ac_log"
+} >&5
+
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+#
+# INIT-COMMANDS
+#
+AMDEP_TRUE="$AMDEP_TRUE" ac_aux_dir="$ac_aux_dir"
+
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+sed_quote_subst='$sed_quote_subst'
+double_quote_subst='$double_quote_subst'
+delay_variable_subst='$delay_variable_subst'
+enable_static='`$ECHO "X$enable_static" | $Xsed -e "$delay_single_quote_subst"`'
+macro_version='`$ECHO "X$macro_version" | $Xsed -e "$delay_single_quote_subst"`'
+macro_revision='`$ECHO "X$macro_revision" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared='`$ECHO "X$enable_shared" | $Xsed -e "$delay_single_quote_subst"`'
+pic_mode='`$ECHO "X$pic_mode" | $Xsed -e "$delay_single_quote_subst"`'
+enable_fast_install='`$ECHO "X$enable_fast_install" | $Xsed -e "$delay_single_quote_subst"`'
+host_alias='`$ECHO "X$host_alias" | $Xsed -e "$delay_single_quote_subst"`'
+host='`$ECHO "X$host" | $Xsed -e "$delay_single_quote_subst"`'
+host_os='`$ECHO "X$host_os" | $Xsed -e "$delay_single_quote_subst"`'
+build_alias='`$ECHO "X$build_alias" | $Xsed -e "$delay_single_quote_subst"`'
+build='`$ECHO "X$build" | $Xsed -e "$delay_single_quote_subst"`'
+build_os='`$ECHO "X$build_os" | $Xsed -e "$delay_single_quote_subst"`'
+SED='`$ECHO "X$SED" | $Xsed -e "$delay_single_quote_subst"`'
+Xsed='`$ECHO "X$Xsed" | $Xsed -e "$delay_single_quote_subst"`'
+GREP='`$ECHO "X$GREP" | $Xsed -e "$delay_single_quote_subst"`'
+EGREP='`$ECHO "X$EGREP" | $Xsed -e "$delay_single_quote_subst"`'
+FGREP='`$ECHO "X$FGREP" | $Xsed -e "$delay_single_quote_subst"`'
+LD='`$ECHO "X$LD" | $Xsed -e "$delay_single_quote_subst"`'
+NM='`$ECHO "X$NM" | $Xsed -e "$delay_single_quote_subst"`'
+LN_S='`$ECHO "X$LN_S" | $Xsed -e "$delay_single_quote_subst"`'
+max_cmd_len='`$ECHO "X$max_cmd_len" | $Xsed -e "$delay_single_quote_subst"`'
+ac_objext='`$ECHO "X$ac_objext" | $Xsed -e "$delay_single_quote_subst"`'
+exeext='`$ECHO "X$exeext" | $Xsed -e "$delay_single_quote_subst"`'
+lt_unset='`$ECHO "X$lt_unset" | $Xsed -e "$delay_single_quote_subst"`'
+lt_SP2NL='`$ECHO "X$lt_SP2NL" | $Xsed -e "$delay_single_quote_subst"`'
+lt_NL2SP='`$ECHO "X$lt_NL2SP" | $Xsed -e "$delay_single_quote_subst"`'
+reload_flag='`$ECHO "X$reload_flag" | $Xsed -e "$delay_single_quote_subst"`'
+reload_cmds='`$ECHO "X$reload_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+OBJDUMP='`$ECHO "X$OBJDUMP" | $Xsed -e "$delay_single_quote_subst"`'
+deplibs_check_method='`$ECHO "X$deplibs_check_method" | $Xsed -e "$delay_single_quote_subst"`'
+file_magic_cmd='`$ECHO "X$file_magic_cmd" | $Xsed -e "$delay_single_quote_subst"`'
+AR='`$ECHO "X$AR" | $Xsed -e "$delay_single_quote_subst"`'
+AR_FLAGS='`$ECHO "X$AR_FLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+STRIP='`$ECHO "X$STRIP" | $Xsed -e "$delay_single_quote_subst"`'
+RANLIB='`$ECHO "X$RANLIB" | $Xsed -e "$delay_single_quote_subst"`'
+old_postinstall_cmds='`$ECHO "X$old_postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_postuninstall_cmds='`$ECHO "X$old_postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds='`$ECHO "X$old_archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+CC='`$ECHO "X$CC" | $Xsed -e "$delay_single_quote_subst"`'
+CFLAGS='`$ECHO "X$CFLAGS" | $Xsed -e "$delay_single_quote_subst"`'
+compiler='`$ECHO "X$compiler" | $Xsed -e "$delay_single_quote_subst"`'
+GCC='`$ECHO "X$GCC" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_pipe='`$ECHO "X$lt_cv_sys_global_symbol_pipe" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_cdecl='`$ECHO "X$lt_cv_sys_global_symbol_to_cdecl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "X$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+objdir='`$ECHO "X$objdir" | $Xsed -e "$delay_single_quote_subst"`'
+SHELL='`$ECHO "X$SHELL" | $Xsed -e "$delay_single_quote_subst"`'
+ECHO='`$ECHO "X$ECHO" | $Xsed -e "$delay_single_quote_subst"`'
+MAGIC_CMD='`$ECHO "X$MAGIC_CMD" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag='`$ECHO "X$lt_prog_compiler_no_builtin_flag" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl='`$ECHO "X$lt_prog_compiler_wl" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic='`$ECHO "X$lt_prog_compiler_pic" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static='`$ECHO "X$lt_prog_compiler_static" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o='`$ECHO "X$lt_cv_prog_compiler_c_o" | $Xsed -e "$delay_single_quote_subst"`'
+need_locks='`$ECHO "X$need_locks" | $Xsed -e "$delay_single_quote_subst"`'
+DSYMUTIL='`$ECHO "X$DSYMUTIL" | $Xsed -e "$delay_single_quote_subst"`'
+NMEDIT='`$ECHO "X$NMEDIT" | $Xsed -e "$delay_single_quote_subst"`'
+LIPO='`$ECHO "X$LIPO" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL='`$ECHO "X$OTOOL" | $Xsed -e "$delay_single_quote_subst"`'
+OTOOL64='`$ECHO "X$OTOOL64" | $Xsed -e "$delay_single_quote_subst"`'
+libext='`$ECHO "X$libext" | $Xsed -e "$delay_single_quote_subst"`'
+shrext_cmds='`$ECHO "X$shrext_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+extract_expsyms_cmds='`$ECHO "X$extract_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc='`$ECHO "X$archive_cmds_need_lc" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes='`$ECHO "X$enable_shared_with_static_runtimes" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec='`$ECHO "X$export_dynamic_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec='`$ECHO "X$whole_archive_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object='`$ECHO "X$compiler_needs_object" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds='`$ECHO "X$old_archive_from_new_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds='`$ECHO "X$old_archive_from_expsyms_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds='`$ECHO "X$archive_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds='`$ECHO "X$archive_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds='`$ECHO "X$module_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds='`$ECHO "X$module_expsym_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld='`$ECHO "X$with_gnu_ld" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag='`$ECHO "X$allow_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag='`$ECHO "X$no_undefined_flag" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec='`$ECHO "X$hardcode_libdir_flag_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld='`$ECHO "X$hardcode_libdir_flag_spec_ld" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator='`$ECHO "X$hardcode_libdir_separator" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct='`$ECHO "X$hardcode_direct" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute='`$ECHO "X$hardcode_direct_absolute" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L='`$ECHO "X$hardcode_minus_L" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var='`$ECHO "X$hardcode_shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic='`$ECHO "X$hardcode_automatic" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath='`$ECHO "X$inherit_rpath" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs='`$ECHO "X$link_all_deplibs" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path='`$ECHO "X$fix_srcfile_path" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols='`$ECHO "X$always_export_symbols" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds='`$ECHO "X$export_symbols_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms='`$ECHO "X$exclude_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms='`$ECHO "X$include_expsyms" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds='`$ECHO "X$prelink_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec='`$ECHO "X$file_list_spec" | $Xsed -e "$delay_single_quote_subst"`'
+variables_saved_for_relink='`$ECHO "X$variables_saved_for_relink" | $Xsed -e "$delay_single_quote_subst"`'
+need_lib_prefix='`$ECHO "X$need_lib_prefix" | $Xsed -e "$delay_single_quote_subst"`'
+need_version='`$ECHO "X$need_version" | $Xsed -e "$delay_single_quote_subst"`'
+version_type='`$ECHO "X$version_type" | $Xsed -e "$delay_single_quote_subst"`'
+runpath_var='`$ECHO "X$runpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_var='`$ECHO "X$shlibpath_var" | $Xsed -e "$delay_single_quote_subst"`'
+shlibpath_overrides_runpath='`$ECHO "X$shlibpath_overrides_runpath" | $Xsed -e "$delay_single_quote_subst"`'
+libname_spec='`$ECHO "X$libname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+library_names_spec='`$ECHO "X$library_names_spec" | $Xsed -e "$delay_single_quote_subst"`'
+soname_spec='`$ECHO "X$soname_spec" | $Xsed -e "$delay_single_quote_subst"`'
+postinstall_cmds='`$ECHO "X$postinstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+postuninstall_cmds='`$ECHO "X$postuninstall_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_cmds='`$ECHO "X$finish_cmds" | $Xsed -e "$delay_single_quote_subst"`'
+finish_eval='`$ECHO "X$finish_eval" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_into_libs='`$ECHO "X$hardcode_into_libs" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_search_path_spec='`$ECHO "X$sys_lib_search_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+sys_lib_dlsearch_path_spec='`$ECHO "X$sys_lib_dlsearch_path_spec" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action='`$ECHO "X$hardcode_action" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen='`$ECHO "X$enable_dlopen" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self='`$ECHO "X$enable_dlopen_self" | $Xsed -e "$delay_single_quote_subst"`'
+enable_dlopen_self_static='`$ECHO "X$enable_dlopen_self_static" | $Xsed -e "$delay_single_quote_subst"`'
+old_striplib='`$ECHO "X$old_striplib" | $Xsed -e "$delay_single_quote_subst"`'
+striplib='`$ECHO "X$striplib" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_dirs='`$ECHO "X$compiler_lib_search_dirs" | $Xsed -e "$delay_single_quote_subst"`'
+predep_objects='`$ECHO "X$predep_objects" | $Xsed -e "$delay_single_quote_subst"`'
+postdep_objects='`$ECHO "X$postdep_objects" | $Xsed -e "$delay_single_quote_subst"`'
+predeps='`$ECHO "X$predeps" | $Xsed -e "$delay_single_quote_subst"`'
+postdeps='`$ECHO "X$postdeps" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_path='`$ECHO "X$compiler_lib_search_path" | $Xsed -e "$delay_single_quote_subst"`'
+LD_CXX='`$ECHO "X$LD_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_cmds_CXX='`$ECHO "X$old_archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_CXX='`$ECHO "X$compiler_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+GCC_CXX='`$ECHO "X$GCC_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "X$lt_prog_compiler_no_builtin_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_wl_CXX='`$ECHO "X$lt_prog_compiler_wl_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_pic_CXX='`$ECHO "X$lt_prog_compiler_pic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_prog_compiler_static_CXX='`$ECHO "X$lt_prog_compiler_static_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+lt_cv_prog_compiler_c_o_CXX='`$ECHO "X$lt_cv_prog_compiler_c_o_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_need_lc_CXX='`$ECHO "X$archive_cmds_need_lc_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+enable_shared_with_static_runtimes_CXX='`$ECHO "X$enable_shared_with_static_runtimes_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+export_dynamic_flag_spec_CXX='`$ECHO "X$export_dynamic_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+whole_archive_flag_spec_CXX='`$ECHO "X$whole_archive_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_needs_object_CXX='`$ECHO "X$compiler_needs_object_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_new_cmds_CXX='`$ECHO "X$old_archive_from_new_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+old_archive_from_expsyms_cmds_CXX='`$ECHO "X$old_archive_from_expsyms_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_cmds_CXX='`$ECHO "X$archive_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+archive_expsym_cmds_CXX='`$ECHO "X$archive_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+module_cmds_CXX='`$ECHO "X$module_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+module_expsym_cmds_CXX='`$ECHO "X$module_expsym_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+with_gnu_ld_CXX='`$ECHO "X$with_gnu_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+allow_undefined_flag_CXX='`$ECHO "X$allow_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+no_undefined_flag_CXX='`$ECHO "X$no_undefined_flag_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_CXX='`$ECHO "X$hardcode_libdir_flag_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_flag_spec_ld_CXX='`$ECHO "X$hardcode_libdir_flag_spec_ld_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_libdir_separator_CXX='`$ECHO "X$hardcode_libdir_separator_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_CXX='`$ECHO "X$hardcode_direct_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_direct_absolute_CXX='`$ECHO "X$hardcode_direct_absolute_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_minus_L_CXX='`$ECHO "X$hardcode_minus_L_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_shlibpath_var_CXX='`$ECHO "X$hardcode_shlibpath_var_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_automatic_CXX='`$ECHO "X$hardcode_automatic_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+inherit_rpath_CXX='`$ECHO "X$inherit_rpath_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+link_all_deplibs_CXX='`$ECHO "X$link_all_deplibs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+fix_srcfile_path_CXX='`$ECHO "X$fix_srcfile_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+always_export_symbols_CXX='`$ECHO "X$always_export_symbols_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+export_symbols_cmds_CXX='`$ECHO "X$export_symbols_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+exclude_expsyms_CXX='`$ECHO "X$exclude_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+include_expsyms_CXX='`$ECHO "X$include_expsyms_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+prelink_cmds_CXX='`$ECHO "X$prelink_cmds_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+file_list_spec_CXX='`$ECHO "X$file_list_spec_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+hardcode_action_CXX='`$ECHO "X$hardcode_action_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_dirs_CXX='`$ECHO "X$compiler_lib_search_dirs_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+predep_objects_CXX='`$ECHO "X$predep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+postdep_objects_CXX='`$ECHO "X$postdep_objects_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+predeps_CXX='`$ECHO "X$predeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+postdeps_CXX='`$ECHO "X$postdeps_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+compiler_lib_search_path_CXX='`$ECHO "X$compiler_lib_search_path_CXX" | $Xsed -e "$delay_single_quote_subst"`'
+
+LTCC='$LTCC'
+LTCFLAGS='$LTCFLAGS'
+compiler='$compiler_DEFAULT'
+
+# Quote evaled strings.
+for var in SED \
+GREP \
+EGREP \
+FGREP \
+LD \
+NM \
+LN_S \
+lt_SP2NL \
+lt_NL2SP \
+reload_flag \
+OBJDUMP \
+deplibs_check_method \
+file_magic_cmd \
+AR \
+AR_FLAGS \
+STRIP \
+RANLIB \
+CC \
+CFLAGS \
+compiler \
+lt_cv_sys_global_symbol_pipe \
+lt_cv_sys_global_symbol_to_cdecl \
+lt_cv_sys_global_symbol_to_c_name_address \
+lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \
+SHELL \
+ECHO \
+lt_prog_compiler_no_builtin_flag \
+lt_prog_compiler_wl \
+lt_prog_compiler_pic \
+lt_prog_compiler_static \
+lt_cv_prog_compiler_c_o \
+need_locks \
+DSYMUTIL \
+NMEDIT \
+LIPO \
+OTOOL \
+OTOOL64 \
+shrext_cmds \
+export_dynamic_flag_spec \
+whole_archive_flag_spec \
+compiler_needs_object \
+with_gnu_ld \
+allow_undefined_flag \
+no_undefined_flag \
+hardcode_libdir_flag_spec \
+hardcode_libdir_flag_spec_ld \
+hardcode_libdir_separator \
+fix_srcfile_path \
+exclude_expsyms \
+include_expsyms \
+file_list_spec \
+variables_saved_for_relink \
+libname_spec \
+library_names_spec \
+soname_spec \
+finish_eval \
+old_striplib \
+striplib \
+compiler_lib_search_dirs \
+predep_objects \
+postdep_objects \
+predeps \
+postdeps \
+compiler_lib_search_path \
+LD_CXX \
+compiler_CXX \
+lt_prog_compiler_no_builtin_flag_CXX \
+lt_prog_compiler_wl_CXX \
+lt_prog_compiler_pic_CXX \
+lt_prog_compiler_static_CXX \
+lt_cv_prog_compiler_c_o_CXX \
+export_dynamic_flag_spec_CXX \
+whole_archive_flag_spec_CXX \
+compiler_needs_object_CXX \
+with_gnu_ld_CXX \
+allow_undefined_flag_CXX \
+no_undefined_flag_CXX \
+hardcode_libdir_flag_spec_CXX \
+hardcode_libdir_flag_spec_ld_CXX \
+hardcode_libdir_separator_CXX \
+fix_srcfile_path_CXX \
+exclude_expsyms_CXX \
+include_expsyms_CXX \
+file_list_spec_CXX \
+compiler_lib_search_dirs_CXX \
+predep_objects_CXX \
+postdep_objects_CXX \
+predeps_CXX \
+postdeps_CXX \
+compiler_lib_search_path_CXX; do
+    case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+    *[\\\\\\\`\\"\\\$]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$sed_quote_subst\\"\\\`\\\\\\""
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Double-quote double-evaled strings.
+for var in reload_cmds \
+old_postinstall_cmds \
+old_postuninstall_cmds \
+old_archive_cmds \
+extract_expsyms_cmds \
+old_archive_from_new_cmds \
+old_archive_from_expsyms_cmds \
+archive_cmds \
+archive_expsym_cmds \
+module_cmds \
+module_expsym_cmds \
+export_symbols_cmds \
+prelink_cmds \
+postinstall_cmds \
+postuninstall_cmds \
+finish_cmds \
+sys_lib_search_path_spec \
+sys_lib_dlsearch_path_spec \
+old_archive_cmds_CXX \
+old_archive_from_new_cmds_CXX \
+old_archive_from_expsyms_cmds_CXX \
+archive_cmds_CXX \
+archive_expsym_cmds_CXX \
+module_cmds_CXX \
+module_expsym_cmds_CXX \
+export_symbols_cmds_CXX \
+prelink_cmds_CXX; do
+    case \`eval \\\\\$ECHO "X\\\\\$\$var"\` in
+    *[\\\\\\\`\\"\\\$]*)
+      eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"X\\\$\$var\\" | \\\$Xsed -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\""
+      ;;
+    *)
+      eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\""
+      ;;
+    esac
+done
+
+# Fix-up fallback echo if it was mangled by the above quoting rules.
+case \$lt_ECHO in
+*'\\\$0 --fallback-echo"')  lt_ECHO=\`\$ECHO "X\$lt_ECHO" | \$Xsed -e 's/\\\\\\\\\\\\\\\$0 --fallback-echo"\$/\$0 --fallback-echo"/'\`
+  ;;
+esac
+
+ac_aux_dir='$ac_aux_dir'
+xsi_shell='$xsi_shell'
+lt_shell_append='$lt_shell_append'
+
+# See if we are running on zsh, and set the options which allow our
+# commands through without removal of \ escapes INIT.
+if test -n "\${ZSH_VERSION+set}" ; then
+   setopt NO_GLOB_SUBST
+fi
+
+
+    PACKAGE='$PACKAGE'
+    VERSION='$VERSION'
+    TIMESTAMP='$TIMESTAMP'
+    RM='$RM'
+    ofile='$ofile'
+
+
+
+
+
+
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+
+# Handling of arguments.
+for ac_config_target in $ac_config_targets
+do
+  case $ac_config_target in
+    "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
+    "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;;
+    "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
+    "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
+
+  *) as_fn_error "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
+  esac
+done
+
+
+# If the user did not use the arguments to specify the items to instantiate,
+# then the envvar interface is used.  Set only those that are not.
+# We use the long form for the default assignment because of an extremely
+# bizarre bug on SunOS 4.1.3.
+if $ac_need_defaults; then
+  test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files
+  test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers
+  test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands
+fi
+
+# Have a temporary directory for convenience.  Make it in the build tree
+# simply because there is no reason against having it here, and in addition,
+# creating and moving files from /tmp can sometimes cause problems.
+# Hook for its removal unless debugging.
+# Note that there is a small window in which the directory will not be cleaned:
+# after its creation but before its name has been assigned to `$tmp'.
+$debug ||
+{
+  tmp=
+  trap 'exit_status=$?
+  { test -z "$tmp" || test ! -d "$tmp" || rm -fr "$tmp"; } && exit $exit_status
+' 0
+  trap 'as_fn_exit 1' 1 2 13 15
+}
+# Create a (secure) tmp directory for tmp files.
+
+{
+  tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` &&
+  test -n "$tmp" && test -d "$tmp"
+}  ||
+{
+  tmp=./conf$$-$RANDOM
+  (umask 077 && mkdir "$tmp")
+} || as_fn_error "cannot create a temporary directory in ." "$LINENO" 5
+
+# Set up the scripts for CONFIG_FILES section.
+# No need to generate them if there are no CONFIG_FILES.
+# This happens for instance with `./config.status config.h'.
+if test -n "$CONFIG_FILES"; then
+
+
+ac_cr=`echo X | tr X '\015'`
+# On cygwin, bash can eat \r inside `` if the user requested igncr.
+# But we know of no other shell where ac_cr would be empty at this
+# point, so we can use a bashism as a fallback.
+if test "x$ac_cr" = x; then
+  eval ac_cr=\$\'\\r\'
+fi
+ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' </dev/null 2>/dev/null`
+if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then
+  ac_cs_awk_cr='\r'
+else
+  ac_cs_awk_cr=$ac_cr
+fi
+
+echo 'BEGIN {' >"$tmp/subs1.awk" &&
+_ACEOF
+
+
+{
+  echo "cat >conf$$subs.awk <<_ACEOF" &&
+  echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' &&
+  echo "_ACEOF"
+} >conf$$subs.sh ||
+  as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+ac_delim_num=`echo "$ac_subst_vars" | grep -c '$'`
+ac_delim='%!_!# '
+for ac_last_try in false false false false false :; do
+  . ./conf$$subs.sh ||
+    as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+
+  ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X`
+  if test $ac_delim_n = $ac_delim_num; then
+    break
+  elif $ac_last_try; then
+    as_fn_error "could not make $CONFIG_STATUS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+rm -f conf$$subs.sh
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+cat >>"\$tmp/subs1.awk" <<\\_ACAWK &&
+_ACEOF
+sed -n '
+h
+s/^/S["/; s/!.*/"]=/
+p
+g
+s/^[^!]*!//
+:repl
+t repl
+s/'"$ac_delim"'$//
+t delim
+:nl
+h
+s/\(.\{148\}\)..*/\1/
+t more1
+s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/
+p
+n
+b repl
+:more1
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t nl
+:delim
+h
+s/\(.\{148\}\)..*/\1/
+t more2
+s/["\\]/\\&/g; s/^/"/; s/$/"/
+p
+b
+:more2
+s/["\\]/\\&/g; s/^/"/; s/$/"\\/
+p
+g
+s/.\{148\}//
+t delim
+' <conf$$subs.awk | sed '
+/^[^""]/{
+  N
+  s/\n//
+}
+' >>$CONFIG_STATUS || ac_write_fail=1
+rm -f conf$$subs.awk
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+_ACAWK
+cat >>"\$tmp/subs1.awk" <<_ACAWK &&
+  for (key in S) S_is_set[key] = 1
+  FS = ""
+
+}
+{
+  line = $ 0
+  nfields = split(line, field, "@")
+  substed = 0
+  len = length(field[1])
+  for (i = 2; i < nfields; i++) {
+    key = field[i]
+    keylen = length(key)
+    if (S_is_set[key]) {
+      value = S[key]
+      line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3)
+      len += length(value) + length(field[++i])
+      substed = 1
+    } else
+      len += 1 + keylen
+  }
+
+  print line
+}
+
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then
+  sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g"
+else
+  cat
+fi < "$tmp/subs1.awk" > "$tmp/subs.awk" \
+  || as_fn_error "could not setup config files machinery" "$LINENO" 5
+_ACEOF
+
+# VPATH may cause trouble with some makes, so we remove $(srcdir),
+# ${srcdir} and @srcdir@ from VPATH if srcdir is ".", strip leading and
+# trailing colons and then remove the whole line if VPATH becomes empty
+# (actually we leave an empty line to preserve line numbers).
+if test "x$srcdir" = x.; then
+  ac_vpsub='/^[	 ]*VPATH[	 ]*=/{
+s/:*\$(srcdir):*/:/
+s/:*\${srcdir}:*/:/
+s/:*@srcdir@:*/:/
+s/^\([^=]*=[	 ]*\):*/\1/
+s/:*$//
+s/^[^=]*=[	 ]*$//
+}'
+fi
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+fi # test -n "$CONFIG_FILES"
+
+# Set up the scripts for CONFIG_HEADERS section.
+# No need to generate them if there are no CONFIG_HEADERS.
+# This happens for instance with `./config.status Makefile'.
+if test -n "$CONFIG_HEADERS"; then
+cat >"$tmp/defines.awk" <<\_ACAWK ||
+BEGIN {
+_ACEOF
+
+# Transform confdefs.h into an awk script `defines.awk', embedded as
+# here-document in config.status, that substitutes the proper values into
+# config.h.in to produce config.h.
+
+# Create a delimiter string that does not exist in confdefs.h, to ease
+# handling of long lines.
+ac_delim='%!_!# '
+for ac_last_try in false false :; do
+  ac_t=`sed -n "/$ac_delim/p" confdefs.h`
+  if test -z "$ac_t"; then
+    break
+  elif $ac_last_try; then
+    as_fn_error "could not make $CONFIG_HEADERS" "$LINENO" 5
+  else
+    ac_delim="$ac_delim!$ac_delim _$ac_delim!! "
+  fi
+done
+
+# For the awk script, D is an array of macro values keyed by name,
+# likewise P contains macro parameters if any.  Preserve backslash
+# newline sequences.
+
+ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]*
+sed -n '
+s/.\{148\}/&'"$ac_delim"'/g
+t rset
+:rset
+s/^[	 ]*#[	 ]*define[	 ][	 ]*/ /
+t def
+d
+:def
+s/\\$//
+t bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3"/p
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2"/p
+d
+:bsnl
+s/["\\]/\\&/g
+s/^ \('"$ac_word_re"'\)\(([^()]*)\)[	 ]*\(.*\)/P["\1"]="\2"\
+D["\1"]=" \3\\\\\\n"\\/p
+t cont
+s/^ \('"$ac_word_re"'\)[	 ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p
+t cont
+d
+:cont
+n
+s/.\{148\}/&'"$ac_delim"'/g
+t clear
+:clear
+s/\\$//
+t bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/"/p
+d
+:bsnlc
+s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p
+b cont
+' <confdefs.h | sed '
+s/'"$ac_delim"'/"\\\
+"/g' >>$CONFIG_STATUS || ac_write_fail=1
+
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  for (key in D) D_is_set[key] = 1
+  FS = ""
+}
+/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ {
+  line = \$ 0
+  split(line, arg, " ")
+  if (arg[1] == "#") {
+    defundef = arg[2]
+    mac1 = arg[3]
+  } else {
+    defundef = substr(arg[1], 2)
+    mac1 = arg[2]
+  }
+  split(mac1, mac2, "(") #)
+  macro = mac2[1]
+  prefix = substr(line, 1, index(line, defundef) - 1)
+  if (D_is_set[macro]) {
+    # Preserve the white space surrounding the "#".
+    print prefix "define", macro P[macro] D[macro]
+    next
+  } else {
+    # Replace #undef with comments.  This is necessary, for example,
+    # in the case of _POSIX_SOURCE, which is predefined and required
+    # on some systems where configure will not decide to define it.
+    if (defundef == "undef") {
+      print "/*", prefix defundef, macro, "*/"
+      next
+    }
+  }
+}
+{ print }
+_ACAWK
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+  as_fn_error "could not setup config headers machinery" "$LINENO" 5
+fi # test -n "$CONFIG_HEADERS"
+
+
+eval set X "  :F $CONFIG_FILES  :H $CONFIG_HEADERS    :C $CONFIG_COMMANDS"
+shift
+for ac_tag
+do
+  case $ac_tag in
+  :[FHLC]) ac_mode=$ac_tag; continue;;
+  esac
+  case $ac_mode$ac_tag in
+  :[FHL]*:*);;
+  :L* | :C*:*) as_fn_error "invalid tag \`$ac_tag'" "$LINENO" 5;;
+  :[FH]-) ac_tag=-:-;;
+  :[FH]*) ac_tag=$ac_tag:$ac_tag.in;;
+  esac
+  ac_save_IFS=$IFS
+  IFS=:
+  set x $ac_tag
+  IFS=$ac_save_IFS
+  shift
+  ac_file=$1
+  shift
+
+  case $ac_mode in
+  :L) ac_source=$1;;
+  :[FH])
+    ac_file_inputs=
+    for ac_f
+    do
+      case $ac_f in
+      -) ac_f="$tmp/stdin";;
+      *) # Look for the file first in the build tree, then in the source tree
+	 # (if the path is not absolute).  The absolute path cannot be DOS-style,
+	 # because $ac_f cannot contain `:'.
+	 test -f "$ac_f" ||
+	   case $ac_f in
+	   [\\/$]*) false;;
+	   *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";;
+	   esac ||
+	   as_fn_error "cannot find input file: \`$ac_f'" "$LINENO" 5;;
+      esac
+      case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac
+      as_fn_append ac_file_inputs " '$ac_f'"
+    done
+
+    # Let's still pretend it is `configure' which instantiates (i.e., don't
+    # use $as_me), people would be surprised to read:
+    #    /* config.h.  Generated by config.status.  */
+    configure_input='Generated from '`
+	  $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g'
+	`' by configure.'
+    if test x"$ac_file" != x-; then
+      configure_input="$ac_file.  $configure_input"
+      { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5
+$as_echo "$as_me: creating $ac_file" >&6;}
+    fi
+    # Neutralize special characters interpreted by sed in replacement strings.
+    case $configure_input in #(
+    *\&* | *\|* | *\\* )
+       ac_sed_conf_input=`$as_echo "$configure_input" |
+       sed 's/[\\\\&|]/\\\\&/g'`;; #(
+    *) ac_sed_conf_input=$configure_input;;
+    esac
+
+    case $ac_tag in
+    *:-:* | *:-) cat >"$tmp/stdin" \
+      || as_fn_error "could not create $ac_file" "$LINENO" 5 ;;
+    esac
+    ;;
+  esac
+
+  ac_dir=`$as_dirname -- "$ac_file" ||
+$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$ac_file" : 'X\(//\)[^/]' \| \
+	 X"$ac_file" : 'X\(//\)$' \| \
+	 X"$ac_file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$ac_file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+  as_dir="$ac_dir"; as_fn_mkdir_p
+  ac_builddir=.
+
+case "$ac_dir" in
+.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;;
+*)
+  ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'`
+  # A ".." for each directory in $ac_dir_suffix.
+  ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'`
+  case $ac_top_builddir_sub in
+  "") ac_top_builddir_sub=. ac_top_build_prefix= ;;
+  *)  ac_top_build_prefix=$ac_top_builddir_sub/ ;;
+  esac ;;
+esac
+ac_abs_top_builddir=$ac_pwd
+ac_abs_builddir=$ac_pwd$ac_dir_suffix
+# for backward compatibility:
+ac_top_builddir=$ac_top_build_prefix
+
+case $srcdir in
+  .)  # We are building in place.
+    ac_srcdir=.
+    ac_top_srcdir=$ac_top_builddir_sub
+    ac_abs_top_srcdir=$ac_pwd ;;
+  [\\/]* | ?:[\\/]* )  # Absolute name.
+    ac_srcdir=$srcdir$ac_dir_suffix;
+    ac_top_srcdir=$srcdir
+    ac_abs_top_srcdir=$srcdir ;;
+  *) # Relative name.
+    ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix
+    ac_top_srcdir=$ac_top_build_prefix$srcdir
+    ac_abs_top_srcdir=$ac_pwd/$srcdir ;;
+esac
+ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix
+
+
+  case $ac_mode in
+  :F)
+  #
+  # CONFIG_FILE
+  #
+
+  case $INSTALL in
+  [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;;
+  *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;;
+  esac
+  ac_MKDIR_P=$MKDIR_P
+  case $MKDIR_P in
+  [\\/$]* | ?:[\\/]* ) ;;
+  */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;;
+  esac
+_ACEOF
+
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+# If the template does not know about datarootdir, expand it.
+# FIXME: This hack should be removed a few years after 2.60.
+ac_datarootdir_hack=; ac_datarootdir_seen=
+ac_sed_dataroot='
+/datarootdir/ {
+  p
+  q
+}
+/@datadir@/p
+/@docdir@/p
+/@infodir@/p
+/@localedir@/p
+/@mandir@/p'
+case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in
+*datarootdir*) ac_datarootdir_seen=yes;;
+*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*)
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5
+$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;}
+_ACEOF
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+  ac_datarootdir_hack='
+  s&@datadir@&$datadir&g
+  s&@docdir@&$docdir&g
+  s&@infodir@&$infodir&g
+  s&@localedir@&$localedir&g
+  s&@mandir@&$mandir&g
+  s&\\\${datarootdir}&$datarootdir&g' ;;
+esac
+_ACEOF
+
+# Neutralize VPATH when `$srcdir' = `.'.
+# Shell code in configure.ac might set extrasub.
+# FIXME: do we really want to maintain this feature?
+cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
+ac_sed_extra="$ac_vpsub
+$extrasub
+_ACEOF
+cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
+:t
+/@[a-zA-Z_][a-zA-Z_0-9]*@/!b
+s|@configure_input@|$ac_sed_conf_input|;t t
+s&@top_builddir@&$ac_top_builddir_sub&;t t
+s&@top_build_prefix@&$ac_top_build_prefix&;t t
+s&@srcdir@&$ac_srcdir&;t t
+s&@abs_srcdir@&$ac_abs_srcdir&;t t
+s&@top_srcdir@&$ac_top_srcdir&;t t
+s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t
+s&@builddir@&$ac_builddir&;t t
+s&@abs_builddir@&$ac_abs_builddir&;t t
+s&@abs_top_builddir@&$ac_abs_top_builddir&;t t
+s&@INSTALL@&$ac_INSTALL&;t t
+s&@MKDIR_P@&$ac_MKDIR_P&;t t
+$ac_datarootdir_hack
+"
+eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$tmp/subs.awk" >$tmp/out \
+  || as_fn_error "could not create $ac_file" "$LINENO" 5
+
+test -z "$ac_datarootdir_hack$ac_datarootdir_seen" &&
+  { ac_out=`sed -n '/\${datarootdir}/p' "$tmp/out"`; test -n "$ac_out"; } &&
+  { ac_out=`sed -n '/^[	 ]*datarootdir[	 ]*:*=/p' "$tmp/out"`; test -z "$ac_out"; } &&
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&5
+$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir'
+which seems to be undefined.  Please make sure it is defined." >&2;}
+
+  rm -f "$tmp/stdin"
+  case $ac_file in
+  -) cat "$tmp/out" && rm -f "$tmp/out";;
+  *) rm -f "$ac_file" && mv "$tmp/out" "$ac_file";;
+  esac \
+  || as_fn_error "could not create $ac_file" "$LINENO" 5
+ ;;
+  :H)
+  #
+  # CONFIG_HEADER
+  #
+  if test x"$ac_file" != x-; then
+    {
+      $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs"
+    } >"$tmp/config.h" \
+      || as_fn_error "could not create $ac_file" "$LINENO" 5
+    if diff "$ac_file" "$tmp/config.h" >/dev/null 2>&1; then
+      { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5
+$as_echo "$as_me: $ac_file is unchanged" >&6;}
+    else
+      rm -f "$ac_file"
+      mv "$tmp/config.h" "$ac_file" \
+	|| as_fn_error "could not create $ac_file" "$LINENO" 5
+    fi
+  else
+    $as_echo "/* $configure_input  */" \
+      && eval '$AWK -f "$tmp/defines.awk"' "$ac_file_inputs" \
+      || as_fn_error "could not create -" "$LINENO" 5
+  fi
+# Compute "$ac_file"'s index in $config_headers.
+_am_arg="$ac_file"
+_am_stamp_count=1
+for _am_header in $config_headers :; do
+  case $_am_header in
+    $_am_arg | $_am_arg:* )
+      break ;;
+    * )
+      _am_stamp_count=`expr $_am_stamp_count + 1` ;;
+  esac
+done
+echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" ||
+$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$_am_arg" : 'X\(//\)[^/]' \| \
+	 X"$_am_arg" : 'X\(//\)$' \| \
+	 X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$_am_arg" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`/stamp-h$_am_stamp_count
+ ;;
+
+  :C)  { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5
+$as_echo "$as_me: executing $ac_file commands" >&6;}
+ ;;
+  esac
+
+
+  case $ac_file$ac_mode in
+    "depfiles":C) test x"$AMDEP_TRUE" != x"" || {
+  # Autoconf 2.62 quotes --file arguments for eval, but not when files
+  # are listed without --file.  Let's play safe and only enable the eval
+  # if we detect the quoting.
+  case $CONFIG_FILES in
+  *\'*) eval set x "$CONFIG_FILES" ;;
+  *)   set x $CONFIG_FILES ;;
+  esac
+  shift
+  for mf
+  do
+    # Strip MF so we end up with the name of the file.
+    mf=`echo "$mf" | sed -e 's/:.*$//'`
+    # Check whether this is an Automake generated Makefile or not.
+    # We used to match only the files named `Makefile.in', but
+    # some people rename them; so instead we look at the file content.
+    # Grep'ing the first line is not enough: some people post-process
+    # each Makefile.in and add a new line on top of each file to say so.
+    # Grep'ing the whole file is not good either: AIX grep has a line
+    # limit of 2048, but all sed's we know have understand at least 4000.
+    if sed -n 's,^#.*generated by automake.*,X,p' "$mf" | grep X >/dev/null 2>&1; then
+      dirpart=`$as_dirname -- "$mf" ||
+$as_expr X"$mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$mf" : 'X\(//\)[^/]' \| \
+	 X"$mf" : 'X\(//\)$' \| \
+	 X"$mf" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$mf" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+    else
+      continue
+    fi
+    # Extract the definition of DEPDIR, am__include, and am__quote
+    # from the Makefile without running `make'.
+    DEPDIR=`sed -n 's/^DEPDIR = //p' < "$mf"`
+    test -z "$DEPDIR" && continue
+    am__include=`sed -n 's/^am__include = //p' < "$mf"`
+    test -z "am__include" && continue
+    am__quote=`sed -n 's/^am__quote = //p' < "$mf"`
+    # When using ansi2knr, U may be empty or an underscore; expand it
+    U=`sed -n 's/^U = //p' < "$mf"`
+    # Find all dependency output files, they are included files with
+    # $(DEPDIR) in their names.  We invoke sed twice because it is the
+    # simplest approach to changing $(DEPDIR) to its actual value in the
+    # expansion.
+    for file in `sed -n "
+      s/^$am__include $am__quote\(.*(DEPDIR).*\)$am__quote"'$/\1/p' <"$mf" | \
+	 sed -e 's/\$(DEPDIR)/'"$DEPDIR"'/g' -e 's/\$U/'"$U"'/g'`; do
+      # Make sure the directory exists.
+      test -f "$dirpart/$file" && continue
+      fdir=`$as_dirname -- "$file" ||
+$as_expr X"$file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	 X"$file" : 'X\(//\)[^/]' \| \
+	 X"$file" : 'X\(//\)$' \| \
+	 X"$file" : 'X\(/\)' \| . 2>/dev/null ||
+$as_echo X"$file" |
+    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)[^/].*/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\/\)$/{
+	    s//\1/
+	    q
+	  }
+	  /^X\(\/\).*/{
+	    s//\1/
+	    q
+	  }
+	  s/.*/./; q'`
+      as_dir=$dirpart/$fdir; as_fn_mkdir_p
+      # echo "creating $dirpart/$file"
+      echo '# dummy' > "$dirpart/$file"
+    done
+  done
+}
+ ;;
+    "libtool":C)
+
+    # See if we are running on zsh, and set the options which allow our
+    # commands through without removal of \ escapes.
+    if test -n "${ZSH_VERSION+set}" ; then
+      setopt NO_GLOB_SUBST
+    fi
+
+    cfgfile="${ofile}T"
+    trap "$RM \"$cfgfile\"; exit 1" 1 2 15
+    $RM "$cfgfile"
+
+    cat <<_LT_EOF >> "$cfgfile"
+#! $SHELL
+
+# `$ECHO "$ofile" | sed 's%^.*/%%'` - Provide generalized library-building support services.
+# Generated automatically by $as_me ($PACKAGE$TIMESTAMP) $VERSION
+# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`:
+# NOTE: Changes made to this file will be lost: look at ltmain.sh.
+#
+#   Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005,
+#                 2006, 2007, 2008 Free Software Foundation, Inc.
+#   Written by Gordon Matzigkeit, 1996
+#
+#   This file is part of GNU Libtool.
+#
+# GNU Libtool is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 2 of
+# the License, or (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING.  If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html, or
+# obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+
+# The names of the tagged configurations supported by this script.
+available_tags="CXX "
+
+# ### BEGIN LIBTOOL CONFIG
+
+# Whether or not to build static libraries.
+build_old_libs=$enable_static
+
+# Which release of libtool.m4 was used?
+macro_version=$macro_version
+macro_revision=$macro_revision
+
+# Whether or not to build shared libraries.
+build_libtool_libs=$enable_shared
+
+# What type of objects to build.
+pic_mode=$pic_mode
+
+# Whether or not to optimize for fast installation.
+fast_install=$enable_fast_install
+
+# The host system.
+host_alias=$host_alias
+host=$host
+host_os=$host_os
+
+# The build system.
+build_alias=$build_alias
+build=$build
+build_os=$build_os
+
+# A sed program that does not truncate output.
+SED=$lt_SED
+
+# Sed that helps us avoid accidentally triggering echo(1) options like -n.
+Xsed="\$SED -e 1s/^X//"
+
+# A grep program that handles long lines.
+GREP=$lt_GREP
+
+# An ERE matcher.
+EGREP=$lt_EGREP
+
+# A literal string matcher.
+FGREP=$lt_FGREP
+
+# A BSD- or MS-compatible name lister.
+NM=$lt_NM
+
+# Whether we need soft or hard links.
+LN_S=$lt_LN_S
+
+# What is the maximum length of a command?
+max_cmd_len=$max_cmd_len
+
+# Object file suffix (normally "o").
+objext=$ac_objext
+
+# Executable file suffix (normally "").
+exeext=$exeext
+
+# whether the shell understands "unset".
+lt_unset=$lt_unset
+
+# turn spaces into newlines.
+SP2NL=$lt_lt_SP2NL
+
+# turn newlines into spaces.
+NL2SP=$lt_lt_NL2SP
+
+# How to create reloadable object files.
+reload_flag=$lt_reload_flag
+reload_cmds=$lt_reload_cmds
+
+# An object symbol dumper.
+OBJDUMP=$lt_OBJDUMP
+
+# Method to check whether dependent libraries are shared objects.
+deplibs_check_method=$lt_deplibs_check_method
+
+# Command to use when deplibs_check_method == "file_magic".
+file_magic_cmd=$lt_file_magic_cmd
+
+# The archiver.
+AR=$lt_AR
+AR_FLAGS=$lt_AR_FLAGS
+
+# A symbol stripping program.
+STRIP=$lt_STRIP
+
+# Commands used to install an old-style archive.
+RANLIB=$lt_RANLIB
+old_postinstall_cmds=$lt_old_postinstall_cmds
+old_postuninstall_cmds=$lt_old_postuninstall_cmds
+
+# A C compiler.
+LTCC=$lt_CC
+
+# LTCC compiler flags.
+LTCFLAGS=$lt_CFLAGS
+
+# Take the output of nm and produce a listing of raw symbols and C names.
+global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe
+
+# Transform the output of nm in a proper C declaration.
+global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl
+
+# Transform the output of nm in a C name address pair.
+global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address
+
+# Transform the output of nm in a C name address pair when lib prefix is needed.
+global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix
+
+# The name of the directory that contains temporary libtool files.
+objdir=$objdir
+
+# Shell to use when invoking shell scripts.
+SHELL=$lt_SHELL
+
+# An echo program that does not interpret backslashes.
+ECHO=$lt_ECHO
+
+# Used to examine libraries when file_magic_cmd begins with "file".
+MAGIC_CMD=$MAGIC_CMD
+
+# Must we lock files when doing compilation?
+need_locks=$lt_need_locks
+
+# Tool to manipulate archived DWARF debug symbol files on Mac OS X.
+DSYMUTIL=$lt_DSYMUTIL
+
+# Tool to change global to local symbols on Mac OS X.
+NMEDIT=$lt_NMEDIT
+
+# Tool to manipulate fat objects and archives on Mac OS X.
+LIPO=$lt_LIPO
+
+# ldd/readelf like tool for Mach-O binaries on Mac OS X.
+OTOOL=$lt_OTOOL
+
+# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4.
+OTOOL64=$lt_OTOOL64
+
+# Old archive suffix (normally "a").
+libext=$libext
+
+# Shared library suffix (normally ".so").
+shrext_cmds=$lt_shrext_cmds
+
+# The commands to extract the exported symbol list from a shared archive.
+extract_expsyms_cmds=$lt_extract_expsyms_cmds
+
+# Variables whose values should be saved in libtool wrapper scripts and
+# restored at link time.
+variables_saved_for_relink=$lt_variables_saved_for_relink
+
+# Do we need the "lib" prefix for modules?
+need_lib_prefix=$need_lib_prefix
+
+# Do we need a version for libraries?
+need_version=$need_version
+
+# Library versioning type.
+version_type=$version_type
+
+# Shared library runtime path variable.
+runpath_var=$runpath_var
+
+# Shared library path variable.
+shlibpath_var=$shlibpath_var
+
+# Is shlibpath searched before the hard-coded library search path?
+shlibpath_overrides_runpath=$shlibpath_overrides_runpath
+
+# Format of library name prefix.
+libname_spec=$lt_libname_spec
+
+# List of archive names.  First name is the real one, the rest are links.
+# The last name is the one that the linker finds with -lNAME
+library_names_spec=$lt_library_names_spec
+
+# The coded name of the library, if different from the real name.
+soname_spec=$lt_soname_spec
+
+# Command to use after installation of a shared archive.
+postinstall_cmds=$lt_postinstall_cmds
+
+# Command to use after uninstallation of a shared archive.
+postuninstall_cmds=$lt_postuninstall_cmds
+
+# Commands used to finish a libtool library installation in a directory.
+finish_cmds=$lt_finish_cmds
+
+# As "finish_cmds", except a single script fragment to be evaled but
+# not shown.
+finish_eval=$lt_finish_eval
+
+# Whether we should hardcode library paths into libraries.
+hardcode_into_libs=$hardcode_into_libs
+
+# Compile-time system search path for libraries.
+sys_lib_search_path_spec=$lt_sys_lib_search_path_spec
+
+# Run-time system search path for libraries.
+sys_lib_dlsearch_path_spec=$lt_sys_lib_dlsearch_path_spec
+
+# Whether dlopen is supported.
+dlopen_support=$enable_dlopen
+
+# Whether dlopen of programs is supported.
+dlopen_self=$enable_dlopen_self
+
+# Whether dlopen of statically linked programs is supported.
+dlopen_self_static=$enable_dlopen_self_static
+
+# Commands to strip libraries.
+old_striplib=$lt_old_striplib
+striplib=$lt_striplib
+
+
+# The linker used to build libraries.
+LD=$lt_LD
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds
+
+# A language specific compiler.
+CC=$lt_compiler
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds
+archive_expsym_cmds=$lt_archive_expsym_cmds
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds
+module_expsym_cmds=$lt_module_expsym_cmds
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking.  This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects
+postdep_objects=$lt_postdep_objects
+predeps=$lt_predeps
+postdeps=$lt_postdeps
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path
+
+# ### END LIBTOOL CONFIG
+
+_LT_EOF
+
+  case $host_os in
+  aix3*)
+    cat <<\_LT_EOF >> "$cfgfile"
+# AIX sometimes has problems with the GCC collect2 program.  For some
+# reason, if we set the COLLECT_NAMES environment variable, the problems
+# vanish in a puff of smoke.
+if test "X${COLLECT_NAMES+set}" != Xset; then
+  COLLECT_NAMES=
+  export COLLECT_NAMES
+fi
+_LT_EOF
+    ;;
+  esac
+
+
+ltmain="$ac_aux_dir/ltmain.sh"
+
+
+  # We use sed instead of cat because bash on DJGPP gets confused if
+  # if finds mixed CR/LF and LF-only lines.  Since sed operates in
+  # text mode, it properly converts lines to CR/LF.  This bash problem
+  # is reportedly fixed, but why not run on old versions too?
+  sed '/^# Generated shell functions inserted here/q' "$ltmain" >> "$cfgfile" \
+    || (rm -f "$cfgfile"; exit 1)
+
+  case $xsi_shell in
+  yes)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+  case ${1} in
+    */*) func_dirname_result="${1%/*}${2}" ;;
+    *  ) func_dirname_result="${3}" ;;
+  esac
+}
+
+# func_basename file
+func_basename ()
+{
+  func_basename_result="${1##*/}"
+}
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+  case ${1} in
+    */*) func_dirname_result="${1%/*}${2}" ;;
+    *  ) func_dirname_result="${3}" ;;
+  esac
+  func_basename_result="${1##*/}"
+}
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+func_stripname ()
+{
+  # pdksh 5.2.14 does not do ${X%$Y} correctly if both X and Y are
+  # positional parameters, so assign one to ordinary parameter first.
+  func_stripname_result=${3}
+  func_stripname_result=${func_stripname_result#"${1}"}
+  func_stripname_result=${func_stripname_result%"${2}"}
+}
+
+# func_opt_split
+func_opt_split ()
+{
+  func_opt_split_opt=${1%%=*}
+  func_opt_split_arg=${1#*=}
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+  case ${1} in
+    *.lo) func_lo2o_result=${1%.lo}.${objext} ;;
+    *)    func_lo2o_result=${1} ;;
+  esac
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+  func_xform_result=${1%.*}.lo
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+  func_arith_result=$(( $* ))
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+  func_len_result=${#1}
+}
+
+_LT_EOF
+    ;;
+  *) # Bourne compatible functions.
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_dirname file append nondir_replacement
+# Compute the dirname of FILE.  If nonempty, add APPEND to the result,
+# otherwise set result to NONDIR_REPLACEMENT.
+func_dirname ()
+{
+  # Extract subdirectory from the argument.
+  func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+  if test "X$func_dirname_result" = "X${1}"; then
+    func_dirname_result="${3}"
+  else
+    func_dirname_result="$func_dirname_result${2}"
+  fi
+}
+
+# func_basename file
+func_basename ()
+{
+  func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+
+# func_stripname prefix suffix name
+# strip PREFIX and SUFFIX off of NAME.
+# PREFIX and SUFFIX must not contain globbing or regex special
+# characters, hashes, percent signs, but SUFFIX may contain a leading
+# dot (in which case that matches only a dot).
+# func_strip_suffix prefix name
+func_stripname ()
+{
+  case ${2} in
+    .*) func_stripname_result=`$ECHO "X${3}" \
+           | $Xsed -e "s%^${1}%%" -e "s%\\\\${2}\$%%"`;;
+    *)  func_stripname_result=`$ECHO "X${3}" \
+           | $Xsed -e "s%^${1}%%" -e "s%${2}\$%%"`;;
+  esac
+}
+
+# sed scripts:
+my_sed_long_opt='1s/^\(-[^=]*\)=.*/\1/;q'
+my_sed_long_arg='1s/^-[^=]*=//'
+
+# func_opt_split
+func_opt_split ()
+{
+  func_opt_split_opt=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_opt"`
+  func_opt_split_arg=`$ECHO "X${1}" | $Xsed -e "$my_sed_long_arg"`
+}
+
+# func_lo2o object
+func_lo2o ()
+{
+  func_lo2o_result=`$ECHO "X${1}" | $Xsed -e "$lo2o"`
+}
+
+# func_xform libobj-or-source
+func_xform ()
+{
+  func_xform_result=`$ECHO "X${1}" | $Xsed -e 's/\.[^.]*$/.lo/'`
+}
+
+# func_arith arithmetic-term...
+func_arith ()
+{
+  func_arith_result=`expr "$@"`
+}
+
+# func_len string
+# STRING may not start with a hyphen.
+func_len ()
+{
+  func_len_result=`expr "$1" : ".*" 2>/dev/null || echo $max_cmd_len`
+}
+
+_LT_EOF
+esac
+
+case $lt_shell_append in
+  yes)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+  eval "$1+=\$2"
+}
+_LT_EOF
+    ;;
+  *)
+    cat << \_LT_EOF >> "$cfgfile"
+
+# func_append var value
+# Append VALUE to the end of shell variable VAR.
+func_append ()
+{
+  eval "$1=\$$1\$2"
+}
+
+_LT_EOF
+    ;;
+  esac
+
+
+  sed -n '/^# Generated shell functions inserted here/,$p' "$ltmain" >> "$cfgfile" \
+    || (rm -f "$cfgfile"; exit 1)
+
+  mv -f "$cfgfile" "$ofile" ||
+    (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile")
+  chmod +x "$ofile"
+
+
+    cat <<_LT_EOF >> "$ofile"
+
+# ### BEGIN LIBTOOL TAG CONFIG: CXX
+
+# The linker used to build libraries.
+LD=$lt_LD_CXX
+
+# Commands used to build an old-style archive.
+old_archive_cmds=$lt_old_archive_cmds_CXX
+
+# A language specific compiler.
+CC=$lt_compiler_CXX
+
+# Is the compiler the GNU compiler?
+with_gcc=$GCC_CXX
+
+# Compiler flag to turn off builtin functions.
+no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX
+
+# How to pass a linker flag through the compiler.
+wl=$lt_lt_prog_compiler_wl_CXX
+
+# Additional compiler flags for building library objects.
+pic_flag=$lt_lt_prog_compiler_pic_CXX
+
+# Compiler flag to prevent dynamic linking.
+link_static_flag=$lt_lt_prog_compiler_static_CXX
+
+# Does compiler simultaneously support -c and -o options?
+compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX
+
+# Whether or not to add -lc for building shared libraries.
+build_libtool_need_lc=$archive_cmds_need_lc_CXX
+
+# Whether or not to disallow shared libs when runtime libs are static.
+allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX
+
+# Compiler flag to allow reflexive dlopens.
+export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX
+
+# Compiler flag to generate shared objects directly from archives.
+whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX
+
+# Whether the compiler copes with passing no objects directly.
+compiler_needs_object=$lt_compiler_needs_object_CXX
+
+# Create an old-style archive from a shared archive.
+old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX
+
+# Create a temporary old-style archive to link instead of a shared archive.
+old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX
+
+# Commands used to build a shared archive.
+archive_cmds=$lt_archive_cmds_CXX
+archive_expsym_cmds=$lt_archive_expsym_cmds_CXX
+
+# Commands used to build a loadable module if different from building
+# a shared archive.
+module_cmds=$lt_module_cmds_CXX
+module_expsym_cmds=$lt_module_expsym_cmds_CXX
+
+# Whether we are building with GNU ld or not.
+with_gnu_ld=$lt_with_gnu_ld_CXX
+
+# Flag that allows shared libraries with undefined symbols to be built.
+allow_undefined_flag=$lt_allow_undefined_flag_CXX
+
+# Flag that enforces no undefined symbols.
+no_undefined_flag=$lt_no_undefined_flag_CXX
+
+# Flag to hardcode \$libdir into a binary during linking.
+# This must work even if \$libdir does not exist
+hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX
+
+# If ld is used when linking, flag to hardcode \$libdir into a binary
+# during linking.  This must work even if \$libdir does not exist.
+hardcode_libdir_flag_spec_ld=$lt_hardcode_libdir_flag_spec_ld_CXX
+
+# Whether we need a single "-rpath" flag with a separated argument.
+hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary.
+hardcode_direct=$hardcode_direct_CXX
+
+# Set to "yes" if using DIR/libNAME\${shared_ext} during linking hardcodes
+# DIR into the resulting binary and the resulting library dependency is
+# "absolute",i.e impossible to change by setting \${shlibpath_var} if the
+# library is relocated.
+hardcode_direct_absolute=$hardcode_direct_absolute_CXX
+
+# Set to "yes" if using the -LDIR flag during linking hardcodes DIR
+# into the resulting binary.
+hardcode_minus_L=$hardcode_minus_L_CXX
+
+# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR
+# into the resulting binary.
+hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX
+
+# Set to "yes" if building a shared library automatically hardcodes DIR
+# into the library and all subsequent libraries and executables linked
+# against it.
+hardcode_automatic=$hardcode_automatic_CXX
+
+# Set to yes if linker adds runtime paths of dependent libraries
+# to runtime path list.
+inherit_rpath=$inherit_rpath_CXX
+
+# Whether libtool must link a program against all its dependency libraries.
+link_all_deplibs=$link_all_deplibs_CXX
+
+# Fix the shell variable \$srcfile for the compiler.
+fix_srcfile_path=$lt_fix_srcfile_path_CXX
+
+# Set to "yes" if exported symbols are required.
+always_export_symbols=$always_export_symbols_CXX
+
+# The commands to list exported symbols.
+export_symbols_cmds=$lt_export_symbols_cmds_CXX
+
+# Symbols that should not be listed in the preloaded symbols.
+exclude_expsyms=$lt_exclude_expsyms_CXX
+
+# Symbols that must always be exported.
+include_expsyms=$lt_include_expsyms_CXX
+
+# Commands necessary for linking programs (against libraries) with templates.
+prelink_cmds=$lt_prelink_cmds_CXX
+
+# Specify filename containing input files.
+file_list_spec=$lt_file_list_spec_CXX
+
+# How to hardcode a shared library path into an executable.
+hardcode_action=$hardcode_action_CXX
+
+# The directories searched by this compiler when creating a shared library.
+compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX
+
+# Dependencies to place before and after the objects being linked to
+# create a shared library.
+predep_objects=$lt_predep_objects_CXX
+postdep_objects=$lt_postdep_objects_CXX
+predeps=$lt_predeps_CXX
+postdeps=$lt_postdeps_CXX
+
+# The library search path used internally by the compiler when linking
+# a shared library.
+compiler_lib_search_path=$lt_compiler_lib_search_path_CXX
+
+# ### END LIBTOOL TAG CONFIG: CXX
+_LT_EOF
+
+ ;;
+
+  esac
+done # for ac_tag
+
+
+as_fn_exit 0
+_ACEOF
+ac_clean_files=$ac_clean_files_save
+
+test $ac_write_fail = 0 ||
+  as_fn_error "write failure creating $CONFIG_STATUS" "$LINENO" 5
+
+
+# configure is writing to config.log, and then calls config.status.
+# config.status does its own redirection, appending to config.log.
+# Unfortunately, on DOS this fails, as config.log is still kept open
+# by configure, so config.status won't be able to write to it; its
+# output is simply discarded.  So we exec the FD to /dev/null,
+# effectively closing config.log, so it can be properly (re)opened and
+# appended to by config.status.  When coming back to configure, we
+# need to make the FD available again.
+if test "$no_create" != yes; then
+  ac_cs_success=:
+  ac_config_status_args=
+  test "$silent" = yes &&
+    ac_config_status_args="$ac_config_status_args --quiet"
+  exec 5>/dev/null
+  $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false
+  exec 5>>config.log
+  # Use ||, not &&, to avoid exiting from the if with $? = 1, which
+  # would make configure fail if this is the last instruction.
+  $ac_cs_success || as_fn_exit $?
+fi
+if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then
+  { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5
+$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;}
+fi
+
diff --git a/pki/base/tps/configure.ac b/pki/base/tps/configure.ac
new file mode 100644
index 000000000..ce639b813
--- /dev/null
+++ b/pki/base/tps/configure.ac
@@ -0,0 +1,367 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+#                                               -*- Autoconf -*-
+# Process this file with autoconf to produce a configure script.
+AC_PREREQ(2.59)
+AC_INIT([pki-tps], [8.0.0], [http://bugzilla.redhat.com/])
+# AC_CONFIG_HEADER must be called right after AC_INIT.
+AC_CONFIG_HEADERS([config.h])
+AM_INIT_AUTOMAKE([1.9 foreign subdir-objects])
+AM_MAINTAINER_MODE
+AC_CANONICAL_HOST
+
+# Library versioning.
+GENERIC_MAJOR_VERSION=1
+GENERIC_MINOR_VERSION=0
+GENERIC_MICRO_VERSION=0
+GENERIC_LIBRARY_VERSION=0:0:0
+AC_SUBST(GENERIC_LIBRARY_VERSION)
+GENERIC_VERSION=$GENERIC_MAJOR_VERSION.$GENERIC_MINOR_VERSION.$GENERIC_MICRO_VERSION
+GENERIC_RELEASE=$GENERIC_MAJOR_VERSION.$GENERIC_MINOR_VERSION
+AC_SUBST(GENERIC_RELEASE)
+AC_SUBST(GENERIC_VERSION)
+VERSION=$GENERIC_VERSION
+
+# Checks for programs.
+AC_PROG_CXX
+AC_PROG_CC
+AM_PROG_CC_C_O
+# disable static libs by default - we only use a couple
+AC_DISABLE_STATIC
+AC_PROG_LIBTOOL
+
+# Checks for header files.
+AC_HEADER_DIRENT
+AC_HEADER_STDC
+AC_HEADER_SYS_WAIT
+AC_CHECK_HEADERS([arpa/inet.h fcntl.h malloc.h netdb.h netinet/in.h stdlib.h string.h strings.h sys/file.h sys/socket.h sys/time.h unistd.h])
+
+# Checks for typedefs, structures, and compiler characteristics.
+AC_HEADER_STAT
+AC_C_CONST
+AC_HEADER_STDBOOL
+AC_TYPE_UID_T
+AC_TYPE_PID_T
+AC_TYPE_SIZE_T
+AC_HEADER_TIME
+AC_STRUCT_TM
+
+# Checks for library functions.
+AC_FUNC_CHOWN
+AC_FUNC_CLOSEDIR_VOID
+AC_FUNC_ERROR_AT_LINE
+AC_FUNC_FORK
+AC_FUNC_LSTAT
+AC_FUNC_LSTAT_FOLLOWS_SLASHED_SYMLINK
+AC_FUNC_MALLOC
+AC_FUNC_MEMCMP
+AC_FUNC_MMAP
+AC_TYPE_SIGNAL
+AC_FUNC_STAT
+AC_FUNC_STRERROR_R
+AC_FUNC_STRFTIME
+AC_FUNC_VPRINTF
+AC_CHECK_FUNCS([setrlimit endpwent ftruncate getcwd gethostbyname inet_ntoa localtime_r memmove memset mkdir munmap putenv rmdir socket strcasecmp strchr strcspn strdup strerror strncasecmp strpbrk strrchr strstr strtol tzset])
+
+# Establish an optional "--enable-64bit" flag
+AC_MSG_CHECKING(for --enable-64bit)
+AC_ARG_ENABLE(64bit, [  --enable-64bit         Enable 64-bit features],
+[
+  AC_MSG_RESULT(yes)
+  USE_64=1
+],
+[
+  AC_MSG_RESULT(no)
+  USE_64=
+])
+
+# For historical reasons, establish various "--enable-debug" flags
+# for both DeBuG (yes) and OPTimized (no) builds
+AC_MSG_CHECKING(for --enable-debug)
+AC_ARG_ENABLE(debug, [  --enable-debug         Enable debug features],
+[
+  AC_MSG_RESULT(yes)
+  debug_defs="-DDEBUG -UNDEBUG -DTRACING"
+],
+[
+  AC_MSG_RESULT(no)
+  debug_defs="-UDEBUG -DNDEBUG -DTRIMMED"
+])
+AC_SUBST([debug_defs])
+
+AC_PREFIX_DEFAULT([/opt])
+
+# installation paths - by default, configure will just
+# use /usr as the prefix for everything, which means
+# /usr/etc, /usr/opt, and /usr/var.  FHS sez to use
+# /etc, /opt, and /var.
+ac_default_prefix=/opt
+prefix=$ac_default_prefix
+exec_prefix=$prefix
+dnl as opposed to the default $prefix/etc
+#sysconfdir='/etc'
+dnl as opposed to the default $prefix/var
+#localstatedir='/var'
+
+# relative to prefix
+aliasdir=/alias
+apache_modulesdir=/apache/modules
+appletsdir=/applets
+cgibin_demodir=/cgi-bin/demo
+cgibin_homedir=/cgi-bin/home
+cgibin_sodir=/cgi-bin/so
+cgibin_sowdir=/cgi-bin/sow
+confdir=/conf
+docrootdir=/docroot
+docroot_demodir=/docroot/demo
+docroot_homedir=/docroot/home
+docroot_sodir=/docroot/so
+docroot_sowdir=/docroot/sow
+docroot_sow_cssdir=/docroot/sow/css
+docroot_sow_imagesdir=/docroot/sow/images
+docroot_sow_jsdir=/docroot/sow/js
+docroot_tokendbdir=/docroot/tokendb
+docroot_tps_configdir=/docroot/tps/admin/console/config
+docroot_tps_cssdir=/docroot/tps/admin/console/css
+docroot_tps_imgdir=/docroot/tps/admin/console/img
+docroot_tps_jsdir=/docroot/tps/admin/console/js
+# relative to prefix
+licensedir=/doc
+logsdir=/logs/signedAudit
+perl_basedir=/perl/base
+perl_modulesdir=/perl/modules
+perl_servicedir=/perl/service
+perl_templatesdir=/perl/templates
+samplesdir=/samples
+scriptsdir=/scripts
+setupdir=/setup
+templatesdir=/templates
+AC_SUBST(aliasdir)
+AC_SUBST(apache_modulesdir)
+AC_SUBST(appletsdir)
+AC_SUBST(cgibin_demodir)
+AC_SUBST(cgibin_homedir)
+AC_SUBST(cgibin_sodir)
+AC_SUBST(cgibin_sowdir)
+AC_SUBST(confdir)
+AC_SUBST(docrootdir)
+AC_SUBST(docroot_demodir)
+AC_SUBST(docroot_homedir)
+AC_SUBST(docroot_sodir)
+AC_SUBST(docroot_sowdir)
+AC_SUBST(docroot_sow_cssdir)
+AC_SUBST(docroot_sow_imagesdir)
+AC_SUBST(docroot_sow_jsdir)
+AC_SUBST(docroot_tokendbdir)
+AC_SUBST(docroot_tps_configdir)
+AC_SUBST(docroot_tps_cssdir)
+AC_SUBST(docroot_tps_imgdir)
+AC_SUBST(docroot_tps_jsdir)
+AC_SUBST(licensedir)
+AC_SUBST(logsdir)
+AC_SUBST(perl_basedir)
+AC_SUBST(perl_modulesdir)
+AC_SUBST(perl_servicedir)
+AC_SUBST(perl_templatesdir)
+AC_SUBST(samplesdir)
+AC_SUBST(scriptsdir)
+AC_SUBST(setupdir)
+AC_SUBST(templatesdir)
+
+# WINNT should be true if building on Windows system not using
+# cygnus, mingw, or the like and using cmd.exe as the shell
+AM_CONDITIONAL([WINNT], false)
+
+# Deal with platform dependent defines
+case $host in
+  *-*-linux*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([linux], [1], [linux])
+    AC_DEFINE([Linux], [], [Linux])
+    AC_DEFINE([LINUX], [], [Linux])
+    AC_DEFINE([LINUX2_0], [], [Linux 2.6])
+    AC_DEFINE([LINUX2_2], [], [Linux 2.6])
+    AC_DEFINE([LINUX2_4], [], [Linux 2.6])
+    AC_DEFINE([LINUX2_6], [], [Linux 2.6])
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+    AC_DEFINE([_BSD_SOURCE], [1], [_BSD_SOURCE])
+    AC_DEFINE([_POSIX_SOURCE], [1], [_POSIX_SOURCE])
+    AC_DEFINE([_POSIX_C_SOURCE], [199506L], [_POSIX_C_SOURCE])
+    AC_DEFINE([_PR_NEED_FAKE_POLL], [], [_PR_NEED_FAKE_POLL])
+    AC_DEFINE([_REENTRANT], [], [_REENTRANT])
+    AC_DEFINE([_SVID_SOURCE], [1], [_SVID_SOURCE])
+    AC_DEFINE([HAVE_SIGNED_CHAR], [], [HAVE_SIGNED_CHAR])
+    AC_DEFINE([HAVE_SYS_BITYPES_H], [], [HAVE_SYS_BITYPES_H])
+    AC_DEFINE([NEED_ENDIAN_H], [], [NEED_ENDIAN_H])
+    AC_DEFINE([NEED_GETOPT_H], [], [NEED_GETOPT_H])
+    AC_DEFINE([NEED_IOCTL_H], [], [NEED_IOCTL_H])
+    AC_DEFINE([NEED_SYS_TIME_H], [], [NEED_SYS_TIME_H])
+    AC_DEFINE([NEED_UINT_T], [], [NEED_UINT_T])
+    AC_DEFINE([NET_SSL], [], [NET_SSL])
+    AC_DEFINE([NO_INT64_T], [], [NO_INT64_T])
+    AC_DEFINE([SW_THREADS], [], [SW_THREADS])
+    AC_DEFINE([USE_NODL_TABS], [], [USE_NODL_TABS])
+    platform="linux"
+    # relative to sysconfdir
+    initddir=/rc.d/init.d
+    AC_SUBST(initddir)
+    ;;
+  ia64-hp-hpux*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([hpux], [1], [HP-UX])
+    AC_DEFINE([HPUX], [], [HP-UX])
+    AC_DEFINE([HPUX11], [1], [HP-UX 11])
+    AC_DEFINE([HPUX11_23], [1], [HP-UX 11.23])
+    AC_DEFINE([CPU_ia64], [], [cpu type ia64])
+    AC_DEFINE([OS_hpux], [1], [OS HP-UX])
+    AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision])
+    AC_DEFINE([_HPUX_SOURCE], [], [_HPUX_SOURCE])
+    platform="hpux"
+    # relative to sysconfdir
+    initddir=/init.d
+    AC_SUBST(initddir)
+    ;;
+  hppa*-hp-hpux*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([hpux], [1], [HP-UX])
+    AC_DEFINE([HPUX], [], [HP-UX])
+    AC_DEFINE([HPUX11], [1], [HP-UX 11])
+    AC_DEFINE([HPUX11_11], [1], [HP-UX 11.11])
+    AC_DEFINE([hppa], [], [HP-UX pa-risc])
+    AC_DEFINE([CPU_hppa], [], [cpu type pa-risc])
+    AC_DEFINE([OS_hpux], [1], [OS HP-UX])
+    AC_DEFINE([_POSIX_C_SOURCE], [199506L], [POSIX revision])
+    AC_DEFINE([_HPUX_SOURCE], [], [_HPUX_SOURCE])
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+    AC_DEFINE([HPUX_SOURCE], [], [HPUX_SOURCE])
+    AC_DEFINE([HAVE_STRERROR], [], [HAVE_STRERROR])
+    AC_DEFINE([NET_SSL], [], [NET_SSL])
+    AC_DEFINE([SW_THREADS], [], [SW_THREADS])
+    platform="hpux"
+    # relative to sysconfdir
+    initddir=/init.d
+    AC_SUBST(initddir)
+    ;;
+  sparc-sun-solaris*)
+    AC_DEFINE([XP_UNIX], [], [UNIX])
+    AC_DEFINE([SVR4], [], [SVR4])
+    AC_DEFINE([__svr4], [], [SVR4])
+    AC_DEFINE([__svr4__], [], [SVR4])
+    AC_DEFINE([_SVID_GETTOD], [], [SVID_GETTOD])
+    AC_DEFINE([SOLARIS], [], [SOLARIS])
+    AC_DEFINE([CPU_sparc], [], [cpu type sparc])
+    AC_DEFINE([OS_solaris], [1], [OS SOLARIS])
+    AC_DEFINE([sunos5], [1], [SunOS5])
+    AC_DEFINE([OSVERSION], [509], [OS version])
+    AC_DEFINE([_REENTRANT], [], [_REENTRANT])
+dnl socket nsl and dl are required to link several programs
+    LIBSOCKET=-lsocket
+    AC_SUBST([LIBSOCKET], [$LIBSOCKET])
+    LIBNSL=-lnsl
+    AC_SUBST([LIBNSL], [$LIBNSL])
+    LIBDL=-ldl
+    AC_SUBST([LIBDL], [$LIBDL])
+dnl Cstd and Crun are required to link any C++ related code
+    LIBCSTD=-lCstd
+    AC_SUBST([LIBCSTD], [$LIBCSTD])
+    LIBCRUN=-lCrun
+    AC_SUBST([LIBCRUN], [$LIBCRUN])
+    # For historical reasons, establish various "DEFINES" for TPS . . .
+    AC_DEFINE([_PR_NTHREAD], [], [_PR_NTHREAD])
+    AC_DEFINE([HAVE_WEAK_IO_SYMBOLS], [], [HAVE_WEAK_IO_SYMBOLS])
+    AC_DEFINE([NET_SSL], [], [NET_SSL])
+    AC_DEFINE([NS_USE_NATIVE], [], [NS_USE_NATIVE])
+    AC_DEFINE([NSPR], [], [NSPR])
+    AC_DEFINE([NSPR20], [], [NSPR20])
+    AC_DEFINE([SOLARIS_55_OR_GREATER], [], [SOLARIS_55_OR_GREATER])
+    AC_DEFINE([SYSV], [], [SYSV])
+    platform="solaris"
+    # relative to sysconfdir
+    initddir=/init.d
+    AC_SUBST(initddir)
+    ;;
+  *)
+    platform=""
+    # relative to sysconfdir
+    initddir=/init.d
+    AC_SUBST(initddir)
+    ;;
+esac
+
+AM_CONDITIONAL(LINUX,test "$platform" = "linux")
+AM_CONDITIONAL(HPUX,test "$platform" = "hpux")
+AM_CONDITIONAL(SOLARIS,test "$platform" = "solaris")
+
+# Check for library dependencies
+m4_include(m4/nspr.m4)
+m4_include(m4/nss.m4)
+m4_include(m4/openldap.m4)
+m4_include(m4/sasl.m4)
+m4_include(m4/svrcore.m4)
+m4_include(m4/apr.m4)
+
+# write out paths for binary components
+AC_SUBST(nspr_inc)
+AC_SUBST(nspr_lib)
+AC_SUBST(nspr_libdir)
+AC_SUBST(nss_inc)
+AC_SUBST(nss_lib)
+AC_SUBST(nss_libdir)
+AC_SUBST(ldapsdk_inc)
+AC_SUBST(ldapsdk_lib)
+AC_SUBST(ldapsdk_libdir)
+AC_SUBST(ldapsdk_bindir)
+AC_SUBST(sasl_inc)
+AC_SUBST(sasl_lib)
+AC_SUBST(sasl_libdir)
+AC_SUBST(svrcore_inc)
+AC_SUBST(svrcore_lib)
+AC_SUBST(APRDIR)
+AC_SUBST(apr_inc)
+AC_SUBST(apr_lib)
+AC_SUBST(apr_lib_version)
+AC_SUBST(apr_libdir)
+AC_SUBST(apr_bindir)
+
+# libtool on fedora/rhel contains some gcc-isms which cause problems
+# if not using gcc (e.g. Forte on Solaris, aCC on HP-UX)
+# we remove them here
+if test "$GCC" != yes ; then
+   AC_MSG_NOTICE([Not using gcc - fixing libtool to remove gcc-isms . . .])
+   cp -p libtool libtool.orig
+   cp -p libtool libtool.tmp
+   # dnl note the special chars @<:@ and @:>@ - since m4 treats [ and ] specially,
+   # we have to use the quadrigraph @<:@ for [ and @:>@ for ] - and you thought
+   # perl produced write-only code . . .
+   sed -e '/^gcc_dir/ d' \
+       -e '/^gcc_ver/ d' \
+       -e 's/^predep_objects=.*echo \("@<:@^"@:>@*"\).*$/predep_objects=\1/' \
+       -e 's/^postdep_objects=.*echo \("@<:@^"@:>@*"\).*$/postdep_objects=\1/' \
+       -e 's/^compiler_lib_search_path=.*echo \("@<:@^"@:>@*"\).*$/compiler_lib_search_path=\1/' \
+       -e 's/^sys_lib_search_path_spec=.*echo \("@<:@^"@:>@*"\).*$/sys_lib_search_path_spec=\1/' \
+       libtool > libtool.tmp
+   cp -p libtool.tmp libtool
+   rm -f libtool.tmp
+fi
+
+AC_CONFIG_FILES([Makefile])
+
+AC_OUTPUT
diff --git a/pki/base/tps/depcomp b/pki/base/tps/depcomp
new file mode 100755
index 000000000..df8eea7e4
--- /dev/null
+++ b/pki/base/tps/depcomp
@@ -0,0 +1,630 @@
+#! /bin/sh
+# depcomp - compile a program generating dependencies as side-effects
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1999, 2000, 2003, 2004, 2005, 2006, 2007, 2009 Free
+# Software Foundation, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+# Originally written by Alexandre Oliva <oliva@dcc.unicamp.br>.
+
+case $1 in
+  '')
+     echo "$0: No command.  Try \`$0 --help' for more information." 1>&2
+     exit 1;
+     ;;
+  -h | --h*)
+    cat <<\EOF
+Usage: depcomp [--help] [--version] PROGRAM [ARGS]
+
+Run PROGRAMS ARGS to compile a file, generating dependencies
+as side-effects.
+
+Environment variables:
+  depmode     Dependency tracking mode.
+  source      Source file read by `PROGRAMS ARGS'.
+  object      Object file output by `PROGRAMS ARGS'.
+  DEPDIR      directory where to store dependencies.
+  depfile     Dependency file to output.
+  tmpdepfile  Temporary file to use when outputing dependencies.
+  libtool     Whether libtool is used (yes/no).
+
+Report bugs to <bug-automake@gnu.org>.
+EOF
+    exit $?
+    ;;
+  -v | --v*)
+    echo "depcomp $scriptversion"
+    exit $?
+    ;;
+esac
+
+if test -z "$depmode" || test -z "$source" || test -z "$object"; then
+  echo "depcomp: Variables source, object and depmode must be set" 1>&2
+  exit 1
+fi
+
+# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po.
+depfile=${depfile-`echo "$object" |
+  sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`}
+tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`}
+
+rm -f "$tmpdepfile"
+
+# Some modes work just like other modes, but use different flags.  We
+# parameterize here, but still list the modes in the big case below,
+# to make depend.m4 easier to write.  Note that we *cannot* use a case
+# here, because this file can only contain one case statement.
+if test "$depmode" = hp; then
+  # HP compiler uses -M and no extra arg.
+  gccflag=-M
+  depmode=gcc
+fi
+
+if test "$depmode" = dashXmstdout; then
+   # This is just like dashmstdout with a different argument.
+   dashmflag=-xM
+   depmode=dashmstdout
+fi
+
+cygpath_u="cygpath -u -f -"
+if test "$depmode" = msvcmsys; then
+   # This is just like msvisualcpp but w/o cygpath translation.
+   # Just convert the backslash-escaped backslashes to single forward
+   # slashes to satisfy depend.m4
+   cygpath_u="sed s,\\\\\\\\,/,g"
+   depmode=msvisualcpp
+fi
+
+case "$depmode" in
+gcc3)
+## gcc 3 implements dependency tracking that does exactly what
+## we want.  Yay!  Note: for some reason libtool 1.4 doesn't like
+## it if -MD -MP comes after the -MF stuff.  Hmm.
+## Unfortunately, FreeBSD c89 acceptance of flags depends upon
+## the command line argument order; so add the flags where they
+## appear in depend2.am.  Note that the slowdown incurred here
+## affects only configure: in makefiles, %FASTDEP% shortcuts this.
+  for arg
+  do
+    case $arg in
+    -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;;
+    *)  set fnord "$@" "$arg" ;;
+    esac
+    shift # fnord
+    shift # $arg
+  done
+  "$@"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  mv "$tmpdepfile" "$depfile"
+  ;;
+
+gcc)
+## There are various ways to get dependency output from gcc.  Here's
+## why we pick this rather obscure method:
+## - Don't want to use -MD because we'd like the dependencies to end
+##   up in a subdir.  Having to rename by hand is ugly.
+##   (We might end up doing this anyway to support other compilers.)
+## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like
+##   -MM, not -M (despite what the docs say).
+## - Using -M directly means running the compiler twice (even worse
+##   than renaming).
+  if test -z "$gccflag"; then
+    gccflag=-MD,
+  fi
+  "$@" -Wp,"$gccflag$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  alpha=ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz
+## The second -e expression handles DOS-style file names with drive letters.
+  sed -e 's/^[^:]*: / /' \
+      -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile"
+## This next piece of magic avoids the `deleted header file' problem.
+## The problem is that when a header file which appears in a .P file
+## is deleted, the dependency causes make to die (because there is
+## typically no way to rebuild the header).  We avoid this by adding
+## dummy dependencies for each header file.  Too bad gcc doesn't do
+## this for us directly.
+  tr ' ' '
+' < "$tmpdepfile" |
+## Some versions of gcc put a space before the `:'.  On the theory
+## that the space means something, we add a space to the output as
+## well.
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+sgi)
+  if test "$libtool" = yes; then
+    "$@" "-Wp,-MDupdate,$tmpdepfile"
+  else
+    "$@" -MDupdate "$tmpdepfile"
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+
+  if test -f "$tmpdepfile"; then  # yes, the sourcefile depend on other files
+    echo "$object : \\" > "$depfile"
+
+    # Clip off the initial element (the dependent).  Don't try to be
+    # clever and replace this with sed code, as IRIX sed won't handle
+    # lines with more than a fixed number of characters (4096 in
+    # IRIX 6.2 sed, 8192 in IRIX 6.5).  We also remove comment lines;
+    # the IRIX cc adds comments like `#:fec' to the end of the
+    # dependency line.
+    tr ' ' '
+' < "$tmpdepfile" \
+    | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' | \
+    tr '
+' ' ' >> "$depfile"
+    echo >> "$depfile"
+
+    # The second pass generates a dummy entry for each header file.
+    tr ' ' '
+' < "$tmpdepfile" \
+   | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \
+   >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+aix)
+  # The C for AIX Compiler uses -M and outputs the dependencies
+  # in a .u file.  In older versions, this file always lives in the
+  # current directory.  Also, the AIX compiler puts `$object:' at the
+  # start of each line; $object doesn't have directory information.
+  # Version 6 uses the directory in both cases.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$base.u
+    tmpdepfile3=$dir.libs/$base.u
+    "$@" -Wc,-M
+  else
+    tmpdepfile1=$dir$base.u
+    tmpdepfile2=$dir$base.u
+    tmpdepfile3=$dir$base.u
+    "$@" -M
+  fi
+  stat=$?
+
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+    exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    # Each line is of the form `foo.o: dependent.h'.
+    # Do two passes, one to just change these to
+    # `$object: dependent.h' and one to simply `dependent.h:'.
+    sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+    # That's a tab and a space in the [].
+    sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+  else
+    # The sourcefile does not contain any dependencies, so just
+    # store a dummy comment line, to avoid errors with the Makefile
+    # "include basename.Plo" scheme.
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile"
+  ;;
+
+icc)
+  # Intel's C compiler understands `-MD -MF file'.  However on
+  #    icc -MD -MF foo.d -c -o sub/foo.o sub/foo.c
+  # ICC 7.0 will fill foo.d with something like
+  #    foo.o: sub/foo.c
+  #    foo.o: sub/foo.h
+  # which is wrong.  We want:
+  #    sub/foo.o: sub/foo.c
+  #    sub/foo.o: sub/foo.h
+  #    sub/foo.c:
+  #    sub/foo.h:
+  # ICC 7.1 will output
+  #    foo.o: sub/foo.c sub/foo.h
+  # and will wrap long lines using \ :
+  #    foo.o: sub/foo.c ... \
+  #     sub/foo.h ... \
+  #     ...
+
+  "$@" -MD -MF "$tmpdepfile"
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+    rm -f "$tmpdepfile"
+    exit $stat
+  fi
+  rm -f "$depfile"
+  # Each line is of the form `foo.o: dependent.h',
+  # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'.
+  # Do two passes, one to just change these to
+  # `$object: dependent.h' and one to simply `dependent.h:'.
+  sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile"
+  # Some versions of the HPUX 10.20 sed can't process this invocation
+  # correctly.  Breaking it into two sed invocations is a workaround.
+  sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" |
+    sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+hp2)
+  # The "hp" stanza above does not work with aCC (C++) and HP's ia64
+  # compilers, which have integrated preprocessors.  The correct option
+  # to use with these is +Maked; it writes dependencies to a file named
+  # 'foo.d', which lands next to the object file, wherever that
+  # happens to be.
+  # Much of this is similar to the tru64 case; see comments there.
+  dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+  test "x$dir" = "x$object" && dir=
+  base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+  if test "$libtool" = yes; then
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir.libs/$base.d
+    "$@" -Wc,+Maked
+  else
+    tmpdepfile1=$dir$base.d
+    tmpdepfile2=$dir$base.d
+    "$@" +Maked
+  fi
+  stat=$?
+  if test $stat -eq 0; then :
+  else
+     rm -f "$tmpdepfile1" "$tmpdepfile2"
+     exit $stat
+  fi
+
+  for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2"
+  do
+    test -f "$tmpdepfile" && break
+  done
+  if test -f "$tmpdepfile"; then
+    sed -e "s,^.*\.[a-z]*:,$object:," "$tmpdepfile" > "$depfile"
+    # Add `dependent.h:' lines.
+    sed -ne '2,${
+	       s/^ *//
+	       s/ \\*$//
+	       s/$/:/
+	       p
+	     }' "$tmpdepfile" >> "$depfile"
+  else
+    echo "#dummy" > "$depfile"
+  fi
+  rm -f "$tmpdepfile" "$tmpdepfile2"
+  ;;
+
+tru64)
+   # The Tru64 compiler uses -MD to generate dependencies as a side
+   # effect.  `cc -MD -o foo.o ...' puts the dependencies into `foo.o.d'.
+   # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put
+   # dependencies in `foo.d' instead, so we check for that too.
+   # Subdirectories are respected.
+   dir=`echo "$object" | sed -e 's|/[^/]*$|/|'`
+   test "x$dir" = "x$object" && dir=
+   base=`echo "$object" | sed -e 's|^.*/||' -e 's/\.o$//' -e 's/\.lo$//'`
+
+   if test "$libtool" = yes; then
+      # With Tru64 cc, shared objects can also be used to make a
+      # static library.  This mechanism is used in libtool 1.4 series to
+      # handle both shared and static libraries in a single compilation.
+      # With libtool 1.4, dependencies were output in $dir.libs/$base.lo.d.
+      #
+      # With libtool 1.5 this exception was removed, and libtool now
+      # generates 2 separate objects for the 2 libraries.  These two
+      # compilations output dependencies in $dir.libs/$base.o.d and
+      # in $dir$base.o.d.  We have to check for both files, because
+      # one of the two compilations can be disabled.  We should prefer
+      # $dir$base.o.d over $dir.libs/$base.o.d because the latter is
+      # automatically cleaned when .libs/ is deleted, while ignoring
+      # the former would cause a distcleancheck panic.
+      tmpdepfile1=$dir.libs/$base.lo.d   # libtool 1.4
+      tmpdepfile2=$dir$base.o.d          # libtool 1.5
+      tmpdepfile3=$dir.libs/$base.o.d    # libtool 1.5
+      tmpdepfile4=$dir.libs/$base.d      # Compaq CCC V6.2-504
+      "$@" -Wc,-MD
+   else
+      tmpdepfile1=$dir$base.o.d
+      tmpdepfile2=$dir$base.d
+      tmpdepfile3=$dir$base.d
+      tmpdepfile4=$dir$base.d
+      "$@" -MD
+   fi
+
+   stat=$?
+   if test $stat -eq 0; then :
+   else
+      rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+      exit $stat
+   fi
+
+   for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" "$tmpdepfile4"
+   do
+     test -f "$tmpdepfile" && break
+   done
+   if test -f "$tmpdepfile"; then
+      sed -e "s,^.*\.[a-z]*:,$object:," < "$tmpdepfile" > "$depfile"
+      # That's a tab and a space in the [].
+      sed -e 's,^.*\.[a-z]*:[	 ]*,,' -e 's,$,:,' < "$tmpdepfile" >> "$depfile"
+   else
+      echo "#dummy" > "$depfile"
+   fi
+   rm -f "$tmpdepfile"
+   ;;
+
+#nosideeffect)
+  # This comment above is used by automake to tell side-effect
+  # dependency tracking mechanisms from slower ones.
+
+dashmstdout)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout, regardless of -o.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  test -z "$dashmflag" && dashmflag=-M
+  # Require at least two characters before searching for `:'
+  # in the target name.  This is to cope with DOS-style filenames:
+  # a dependency such as `c:/foo/bar' could be seen as target `c' otherwise.
+  "$@" $dashmflag |
+    sed 's:^[  ]*[^: ][^:][^:]*\:[    ]*:'"$object"'\: :' > "$tmpdepfile"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  tr ' ' '
+' < "$tmpdepfile" | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+dashXmstdout)
+  # This case only exists to satisfy depend.m4.  It is never actually
+  # run, as this mode is specially recognized in the preamble.
+  exit 1
+  ;;
+
+makedepend)
+  "$@" || exit $?
+  # Remove any Libtool call
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+  # X makedepend
+  shift
+  cleared=no eat=no
+  for arg
+  do
+    case $cleared in
+    no)
+      set ""; shift
+      cleared=yes ;;
+    esac
+    if test $eat = yes; then
+      eat=no
+      continue
+    fi
+    case "$arg" in
+    -D*|-I*)
+      set fnord "$@" "$arg"; shift ;;
+    # Strip any option that makedepend may not understand.  Remove
+    # the object too, otherwise makedepend will parse it as a source file.
+    -arch)
+      eat=yes ;;
+    -*|$object)
+      ;;
+    *)
+      set fnord "$@" "$arg"; shift ;;
+    esac
+  done
+  obj_suffix=`echo "$object" | sed 's/^.*\././'`
+  touch "$tmpdepfile"
+  ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@"
+  rm -f "$depfile"
+  cat < "$tmpdepfile" > "$depfile"
+  sed '1,2d' "$tmpdepfile" | tr ' ' '
+' | \
+## Some versions of the HPUX 10.20 sed can't process this invocation
+## correctly.  Breaking it into two sed invocations is a workaround.
+    sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' | sed -e 's/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile" "$tmpdepfile".bak
+  ;;
+
+cpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  # Remove `-o $object'.
+  IFS=" "
+  for arg
+  do
+    case $arg in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    *)
+      set fnord "$@" "$arg"
+      shift # fnord
+      shift # $arg
+      ;;
+    esac
+  done
+
+  "$@" -E |
+    sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \
+       -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' |
+    sed '$ s: \\$::' > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  cat < "$tmpdepfile" >> "$depfile"
+  sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvisualcpp)
+  # Important note: in order to support this mode, a compiler *must*
+  # always write the preprocessed file to stdout.
+  "$@" || exit $?
+
+  # Remove the call to Libtool.
+  if test "$libtool" = yes; then
+    while test "X$1" != 'X--mode=compile'; do
+      shift
+    done
+    shift
+  fi
+
+  IFS=" "
+  for arg
+  do
+    case "$arg" in
+    -o)
+      shift
+      ;;
+    $object)
+      shift
+      ;;
+    "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI")
+	set fnord "$@"
+	shift
+	shift
+	;;
+    *)
+	set fnord "$@" "$arg"
+	shift
+	shift
+	;;
+    esac
+  done
+  "$@" -E 2>/dev/null |
+  sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile"
+  rm -f "$depfile"
+  echo "$object : \\" > "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::	\1 \\:p' >> "$depfile"
+  echo "	" >> "$depfile"
+  sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile"
+  rm -f "$tmpdepfile"
+  ;;
+
+msvcmsys)
+  # This case exists only to let depend.m4 do its work.  It works by
+  # looking at the text of this script.  This case will never be run,
+  # since it is checked for above.
+  exit 1
+  ;;
+
+none)
+  exec "$@"
+  ;;
+
+*)
+  echo "Unknown depmode $depmode" 1>&2
+  exit 1
+  ;;
+esac
+
+exit 0
+
+# Local Variables:
+# mode: shell-script
+# sh-indentation: 2
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/pki/base/tps/doc/CMakeLists.txt b/pki/base/tps/doc/CMakeLists.txt
new file mode 100644
index 000000000..4cebbe1c9
--- /dev/null
+++ b/pki/base/tps/doc/CMakeLists.txt
@@ -0,0 +1,10 @@
+set(VERSION ${APPLICATION_VERSION})
+
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY)
+
+install(
+    FILES
+        ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf
+)
diff --git a/pki/base/tps/doc/CS.cfg.in b/pki/base/tps/doc/CS.cfg.in
new file mode 100644
index 000000000..2bbf81077
--- /dev/null
+++ b/pki/base/tps/doc/CS.cfg.in
@@ -0,0 +1,1580 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT]
+pkicreate.pki_instance_name=[PKI_INSTANCE_ID]
+pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE]
+pkicreate.secure_port=[SECURE_PORT]
+pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT]
+pkicreate.unsecure_port=[PORT]
+pkicreate.user=[PKI_USER]
+pkicreate.group=[PKI_GROUP]
+pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
+cs.type=TPS
+selftests._000=##
+selftests._001=## Self Tests
+selftests._002=##
+selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the
+selftests._004=## following parameters (where certusage is optional):
+selftests._005=## tps.cert.list = <list of cert tag names deliminated by ",">
+selftests._006=## tps.cert.<cert tag name>.nickname
+selftests._007=## tps.cert.<cert tag name>.certusage
+selftests._008=##
+selftests.container.logger.enable=true
+selftests.container.logger.expirationTime=0
+selftests.container.logger.file.type=RollingLogFile
+selftests.container.logger.fileName=[SERVER_ROOT]/logs/selftests.log
+selftests.container.logger.level=10
+selftests.container.logger.maxFileSize=2000
+selftests.container.logger.rolloverInterval=2592000
+selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical
+selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical
+selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME]
+selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME]
+service.machineName=[SERVER_NAME]
+service.instanceDir=[SERVER_ROOT]
+service.securePort=[SECURE_PORT]
+service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT]
+service.unsecurePort=[PORT]
+service.instanceID=[PKI_INSTANCE_ID]
+logging._000=#########################################
+logging._001=# RA configuration File
+logging._002=#
+logging._003=# All <...> must be replaced with
+logging._004=# appropriate values.
+logging._005=#########################################
+logging._006=########################################
+logging._007=# logging
+logging._008=#
+logging._009=# logging.debug.enable:
+logging._010=# logging.audit.enable:
+logging._011=# logging.error.enable:
+logging._012=#   - enable or disable the corresponding logging
+logging._013=# logging.debug.filename:
+logging._014=# logging.audit.filename:
+logging._015=# logging.error.filename:
+logging._016=#   - name of the log file
+logging._017=# logging.debug.level:
+logging._018=# logging.audit.level:
+logging._019=# logging.error.level:
+logging._020=#   - level of logging. (0-10)
+logging._021=#      0 - no logging,
+logging._022=#      4 - LL_PER_SERVER       these messages will occur only once
+logging._023=#                              during the entire invocation of the
+logging._024=#                              server, e. g. at startup or shutdown
+logging._025=#                              time., reading the conf parameters.
+logging._026=#                              Perhaps other infrequent events
+logging._027=#                              relating to failing over of CA, TKS,
+logging._028=#                              too
+logging._029=#      6 - LL_PER_CONNECTION   these messages happen once per
+logging._030=#                              connection - most of the log events
+logging._031=#                              will be at this level
+logging._032=#      8 - LL_PER_PDU          these messages relate to PDU
+logging._033=#                              processing. If you have something that
+logging._034=#                              is done for every PDU, such as
+logging._035=#                              applying the MAC, it should be logged
+logging._036=#                              at this level
+logging._037=#      9 - LL_ALL_DATA_IN_PDU  dump all the data in the PDU - a more
+logging._038=#                              chatty version of the above
+logging._039=#     10 - all logging
+logging._040=# logging.audit.buffer.size: # in bytes
+logging._041=# logging.audit.flush.interval: # in seconds, 0 disables flush thread
+logging._042=# logging.*.file.type:
+logging._043=#    - file type: RollingLogFile or LogFile
+logging._044=# logging.*.rolloverInterval:
+logging._045=#    - interval to roll over logs (seconds), 0 to disable rollover
+logging._046=# logging.*.maxFileSize:
+logging._047=#    - size at which file rollover occurs, in kB
+logging._048=# logging.*.expirationTime:
+logging._049=#    - maximum age of log, older unmodified logs are deleted( in seconds, 0 to disable)
+logging._050=#########################################
+logging.debug.enable=true
+logging.debug.filename=[SERVER_ROOT]/logs/tps-debug.log
+logging.debug.level=10
+logging.debug.file.type=RollingLogFile
+logging.debug.maxFileSize=2000
+logging.debug.rolloverInterval=2592000
+logging.debug.expirationTime=0
+logging.audit.enable=true
+logging.audit.filename=[SERVER_ROOT]/logs/tps-audit.log
+logging.audit.signedAuditFilename=[SERVER_ROOT]/logs/signedAudit/tps_audit
+logging.audit.level=10
+logging.audit.logSigning=false
+logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_ID]
+logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
+logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION
+logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING
+logging.audit.buffer.size=512
+logging.audit.flush.interval=5
+logging.audit.file.type=RollingLogFile
+logging.audit.maxFileSize=2000
+logging.audit.rolloverInterval=2592000
+logging.audit.expirationTime=0
+logging.error.enable=true
+logging.error.filename=[SERVER_ROOT]/logs/tps-error.log
+logging.error.level=10
+logging.error.file.type=RollingLogFile
+logging.error.maxFileSize=2000
+logging.error.rolloverInterval=2592000
+logging.error.expirationTime=0
+conn.ca1._000=#########################################
+conn.ca1._001=# CA connection
+conn.ca1._002=#
+conn.ca1._003=# conn.ca<n>.hostport:
+conn.ca1._004=#   - host name and port number of your CA, format is host:port
+conn.ca1._005=# conn.ca<n>.clientNickname:
+conn.ca1._006=#   - nickname of the client certificate for
+conn.ca1._007=#     authentication
+conn.ca1._008=# conn.ca<n>.servlet.enrollment:
+conn.ca1._009=#   - servlet to contact in CA
+conn.ca1._010=#   - must be '/ca/profileSubmitSSLClient'
+conn.ca1._011=# conn.ca<n>.retryConnect:
+conn.ca1._012=#   - number of reconnection attempts on failure
+conn.ca1._013=# conn.ca<n>.timeout:
+conn.ca1._014=#   - connection timeout
+conn.ca1._015=# conn.ca<n>.SSLOn:
+conn.ca1._016=#   - enable SSL or not
+conn.ca1._017=# conn.ca<n>.keepAlive:
+conn.ca1._018=#   - enable keep alive or not
+conn.ca1._019=#
+conn.ca1._020=# where
+conn.ca1._021=#  <n>  - CA connection ID
+conn.ca1._022=#########################################
+failover.pod.enable=false
+conn.ca1.hostport=[CA_HOST]:[CA_PORT]
+conn.ca1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient
+conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient
+conn.ca1.servlet.revoke=/ca/ee/subsystem/ca/doRevoke
+conn.ca1.servlet.unrevoke=/ca/ee/subsystem/ca/doUnrevoke
+conn.ca1.retryConnect=3
+conn.ca1.timeout=100
+conn.ca1.SSLOn=true
+conn.ca1.keepAlive=true
+conn.tks1._000=#########################################
+conn.tks1._001=# TKS connection
+conn.tks1._002=#
+conn.tks1._003=# conn.tks<n>.hostport:
+conn.tks1._004=#   - host name and port number of your TKS, the format is host:port
+conn.tks1._005=# conn.tks<n>.clientNickname:
+conn.tks1._006=#   - nickname of the client certificate for
+conn.tks1._007=#     authentication
+conn.tks1._008=# conn.tks<n>.servlet.computeSessionKey:
+conn.tks1._009=#   - servlet to compute session key
+conn.tks1._010=#   - must be '/tks/computeSessionKey'
+conn.tks1._011=# conn.tks<n>.servlet.encryptData:
+conn.tks1._012=#   - servlet to encrypt data
+conn.tks1._013=#   - must be '/tks/encryptData'
+conn.tks1._014=# conn.tks<n>.servlet.createKeySetData:
+conn.tks1._015=#   - servlet to create key set data
+conn.tks1._016=#   - must be '/tks/createKeySetData'
+conn.tks1._017=# conn.tks<n>.retryConnect:
+conn.tks1._018=#   - number of reconnection attempts on failure
+conn.tks1._019=# conn.tks<n>.SSLOn
+conn.tks1._020=#   - enable SSL or not
+conn.tks1._021=# conn.tks<n>.keepAlive:
+conn.tks1._022=#   - enable keep alive or not
+conn.tks1._023=#
+conn.tks1._024=# where
+conn.tks1._025=#  <n>  - TKS connection ID
+conn.tks1._026=#########################################
+conn.tks1.hostport=[TKS_HOST]:[TKS_PORT]
+conn.tks1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey
+conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData
+conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData
+conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData
+conn.tks1.retryConnect=3
+conn.tks1.timeout=100
+conn.tks1.generateHostChallenge=true
+conn.tks1.SSLOn=true
+conn.tks1.keepAlive=false
+conn.tks1.keySet=defKeySet
+conn.tks1.serverKeygen=[SERVER_KEYGEN]
+conn.drm1._000=#########################################
+conn.drm1._001=# DRM connection
+conn.drm1._002=#
+conn.drm1._003=#conn.drm.totalConns
+conn.drm1._004=#   - # of DRM connections
+conn.drm1._005=#conn.drm<n>.hostport
+conn.drm1._006=#   - host name and port number of your DRM, the format is host:port
+conn.drm1._007=#conn.drm<n>.clientNickname
+conn.drm1._008=#   - nickname of the client certificate for
+conn.drm1._009=#     authentication
+conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair
+conn.drm1._011=#   - servlet to generate key pairs and archive keys on DRM
+conn.drm1._012=#   - must be '/kra/GenerateKeyPair'
+conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery
+conn.drm1._014=#   - servlet to handle key recovery
+conn.drm1._015=#   - must be '/kra/TokenKeyRecovery'
+conn.drm1._016=#conn.drm<n>.retryConnect=3
+conn.drm1._017=#   - number of reconnection attempts on failure
+conn.drm1._018=#conn.drm<n>.SSLOn=true
+conn.drm1._019=#   - enable SSL or not
+conn.drm1._020=#conn.drm<n>.keepAlive=false
+conn.drm1._021=#   - enable keep alive or not
+conn.drm1._022=#
+conn.drm1._023=# where
+conn.drm1._024=#  <n>  - DRM connection ID
+conn.drm1._025=#########################################
+conn.drm.totalConns=1
+conn.drm1.hostport=[DRM_HOST]:[DRM_PORT]
+conn.drm1.clientNickname=[HSM_LABEL][NICKNAME]
+conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair
+conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery
+conn.drm1.retryConnect=3
+conn.drm1.timeout=100
+conn.drm1.SSLOn=true
+conn.drm1.keepAlive=false
+auth.instance._000=########################################
+auth.instance._001=# publishing
+auth.instance._002=#
+auth.instance._003=# publisher.instance.<n>.libraryName:
+auth.instance._004=#   - name of the library specified with a fully qualified path name
+auth.instance._005=# publisher.instance.<n>.libraryFactory:
+auth.instance._006=#   - the name of the function which instantiates the publisher
+auth.instance._007=# publisher.instance.<n>.publisherId:
+auth.instance._008=#   - the publisher ID
+auth.instance._009=#
+auth.instance._010=# where
+auth.instance._011=#  <n>  - publisher connection ID
+auth.instance._012=########################################
+auth.instance._013=#########################################
+auth.instance._014=# authentication
+auth.instance._015=#
+auth.instance._016=# auth.instance.<n>.libraryName:
+auth.instance._017=#   - name of the library specified with a fully qualified path name
+auth.instance._018=# auth.instance.<n>.libraryFactory:
+auth.instance._019=#   - the name of the function which instantiates the authentication
+auth.instance._020=# auth.instance.<n>.authId
+auth.instance._021=#   - the authentication ID
+auth.instance._022=# auth.instance.<n>.hostport
+auth.instance._023=#   - parameter specific to the given authentication,
+auth.instance._024=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._025=#   - host name and port number, host:port
+auth.instance._026=#   - for failover, provide multiple host:port designations
+auth.instance._027=#     separated by " "
+auth.instance._028=# auth.instance.<n>.SSLOn:
+auth.instance._029=#   - parameter specific to the given authentication,
+auth.instance._030=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._031=#   - use SSL or not for LDAP service
+auth.instance._032=# auth.instance.<n>.retries:
+auth.instance._033=#   - parameter specific to the given authentication,
+auth.instance._034=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._035=#   - number of authentication re-attempts when authentication failed
+auth.instance._036=# auth.instance.<n>.retryConnect:
+auth.instance._037=#   - parameter specific to the given authentication,
+auth.instance._038=#     i. e., LDAPAuthentication (id=ldap1)
+auth.instance._039=#   - number of connection re-attempts when connection failed
+auth.instance._040=#
+auth.instance._041=# where
+auth.instance._042=#  <n>  - authentication connection ID
+auth.instance._043=#########################################
+auth.instance.0.type=LDAP_Authentication
+auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT]
+auth.instance.0.libraryFactory=GetAuthentication
+auth.instance.0.authId=ldap1
+auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT]
+auth.instance.0.SSLOn=false
+auth.instance.0.retries=1
+auth.instance.0.retryConnect=3
+auth.instance.0.baseDN=[LDAP_ROOT]
+auth.instance.0.ssl=false
+auth.instance.0.attributes._001=##############################################
+auth.instance.0.attributes._002=# attributes will be available
+auth.instance.0.attributes._003=# as $auth.<attribute>$
+auth.instance.0.attributes._004=##############################################
+auth.instance.0.attributes=mail,cn,uid
+auth.instance.0.ui.title.en=LDAP Authentication
+auth.instance.0.ui.description.en=This authenticates user against the LDAP directory.
+auth.instance.0.ui.id.UID.name.en=LDAP User ID
+auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password
+auth.instance.0.ui.id.UID.description.en=LDAP User ID
+auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password
+auth.instance.1.type=LDAP_Authentication
+auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT]
+auth.instance.1.libraryFactory=GetAuthentication
+auth.instance.1.authId=ldap2
+auth.instance.1.bindDN=cn=Directory Manager
+auth.instance.1.bindPWD=[SERVER_ROOT]/conf/password.conf
+auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
+auth.instance.1.SSLOn=false
+auth.instance.1.retries=1
+auth.instance.1.retryConnect=3
+auth.instance.1.baseDN=[TOKENDB_ROOT]
+auth.instance.1.ssl=false
+auth.instance.1.attributes._001=##############################################
+auth.instance.1.attributes._002=# attributes will be available
+auth.instance.1.attributes._003=# as $auth.<attribute>$
+auth.instance.1.attributes._004=##############################################
+auth.instance.1.attributes=mail,cn,uid
+auth.instance.1.ui.title.en=LDAP Authentication
+auth.instance.1.ui.description.en=This authenticates user against the LDAP directory.
+auth.instance.1.ui.id.UID.name.en=LDAP User ID
+auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password
+auth.instance.1.ui.id.UID.description.en=LDAP User ID
+auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password
+applet._000=#########################################
+applet._001=# applet information
+applet._002=# SAF Key:
+applet._003=# applet.aid.cardmgr_instance=A0000001510000
+applet._004=#########################################
+applet.aid.cardmgr_instance=A0000000030000
+applet.aid.netkey_instance=627601FF000000
+applet.aid.netkey_file=627601FF0000
+applet.aid.netkey_old_instance=A00000000101
+applet.aid.netkey_old_file=A000000001
+applet.so_pin=000000000000
+applet.delete_old=true
+general.verifyProof=1
+general.applet_ext=ijc
+general.search.sizelimit.max=2000
+general.search.sizelimit.default=100
+general.search.timelimit.max=10
+general.search.timelimit.default=10
+general.pwlength.min=16
+channel._000=#########################################
+channel._001=# channel.encryption:
+channel._002=#
+channel._003=#   - enable encryption for all operation commands to token
+channel._004=#   - default is true
+channel._005=#  channel.blocksize=242
+channel._006=#  channel.defKeyVersion=0
+channel._007=#  channel.defKeyIndex=0
+channel._008=#########################################
+channel.encryption=true
+channel.blocksize=248
+channel.defKeyVersion=0
+channel.defKeyIndex=0
+#Config the size of memory managed memory in the applet
+#Default is 5000, try not go get close to the instanceSize
+#Which defaults to 18000
+#channel.instanceSize=18000
+#channel.appletMemorySize=5000
+preop.pin=[PKI_RANDOM_NUMBER]
+preop.product.version=@VERSION@
+preop.cert._000=#########################################
+preop.cert._001=# Installation configuration "preop" certs parameters
+preop.cert._002=#########################################
+preop.cert.list=sslserver,subsystem,audit_signing
+tps.cert.audit_signing.certusage=ObjectSigner
+tps.cert.sslserver.certusage=SSLServer
+tps.cert.subsystem.certusage=SSLClient
+preop.cert.sslserver.enable=true
+preop.cert.subsystem.enable=true
+preop.cert.audit_signing.enable=false
+preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.sslserver.dn=CN=[SERVER_NAME], OU=[PKI_INSTANCE_ID]
+preop.cert.sslserver.keysize.customsize=2048
+preop.cert.sslserver.keysize.size=2048
+preop.cert.sslserver.keysize.select=custom
+preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_ID]
+preop.cert.sslserver.profile=caInternalAuthServerCert
+preop.cert.sslserver.subsystem=tps
+preop.cert._003=#preop.cert.sslserver.type=local
+preop.cert.sslserver.userfriendlyname=SSL Server Certificate
+preop.cert._004=#preop.cert.sslserver.cncomponent.override=false
+preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_ID]
+preop.cert.subsystem.keysize.customsize=2048
+preop.cert.subsystem.keysize.size=2048
+preop.cert.subsystem.keysize.select=custom
+preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_ID]
+preop.cert.subsystem.profile=caInternalAuthSubsystemCert
+preop.cert.subsystem.subsystem=tps
+preop.cert._005=#preop.cert.subsystem.type=local
+preop.cert.subsystem.userfriendlyname=Subsystem Certificate
+preop.cert._006=#preop.cert.subsystem.cncomponent.override=true
+preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA
+preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_ID]
+preop.cert.audit_signing.keysize.customsize=2048
+preop.cert.audit_signing.keysize.size=2048
+preop.cert.audit_signing.keysize.select=custom
+preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_ID]
+preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert
+preop.cert.audit_signing.subsystem=tps
+preop.cert._005=#preop.cert.audit_signing.type=local
+preop.cert.audit_signing.userfriendlyname=Audit Log Signing Certificate
+preop.cert._006=#preop.cert.audit_signing.cncomponent.override=true
+preop.configModules._000=#########################################
+preop.configModules._001=# Installation configuration "preop" module parameters
+preop.configModules._002=#########################################
+preop.configModules.count=3
+preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+preop.configModules.module0.imagePath=../img/clearpixel.gif
+preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+preop.configModules.module1.commonName=nfast
+preop.configModules.module1.imagePath=../img/clearpixel.gif
+preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+preop.configModules.module2.commonName=lunasa
+preop.configModules.module2.imagePath=../img/clearpixel.gif
+preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+preop.module.token=NSS Certificate DB
+preop.keysize._000=#########################################
+preop.keysize._001=# Installation configuration "preop" keysize parameters
+preop.keysize._002=#########################################
+preop.keysize.customsize=2048
+preop.keysize.select=default
+preop.keysize.size=2048
+preop.keysize.ecc.size=256
+preop.adminauth.done=false
+preop.adminpanel.done=false
+preop.agentauth.done=false
+preop.authdb.done=false
+preop.cainfo.done=false
+preop.certprettyprint.done=false
+preop.certrequest.done=false
+preop.confighsmlogin.done=false
+preop.confighsm.done=false
+preop.database.done=false
+preop.displaycertchain2.done=false
+preop.displaycertchain.done=false
+preop.donepanel.done=false
+preop.drminfo.done=false
+preop.importadmincert.done=false
+preop.loginpanel.done=false
+preop.ModulePanel.done=false
+preop.namepanel.done=false
+preop.securitydomain.done=false
+preop.SizePanel.done=false
+preop.subsystemtype.done=false
+preop.tksinfo.done=false
+preop.welcome.done=false
+op.enroll._000=#########################################
+op.enroll._001=# Default Operations
+op.enroll._002=#
+op.enroll._003=# op.<op>.mapping.order=<n>,<n>,<n>
+op.enroll._004=#    - contains at least one value or a series
+op.enroll._005=#      of comma-separated mapping values which
+op.enroll._006=#      are checked in sequential order
+op.enroll._007=# op.<op>.mapping.<n>.filter.tokenType=userKey
+op.enroll._008=#    - can be either empty or token type
+op.enroll._009=#      specified by the client
+op.enroll._010=# op.<op>.mapping.<n>.filter.tokenATR=
+op.enroll._011=#    - can be either empty or token ATR
+op.enroll._012=#      specified by the client
+op.enroll._013=# op.<op>.mapping.<n>.filter.appletMajorVersion=1
+op.enroll._014=#    - can be either empty or applet major version
+op.enroll._015=#      specified by the client
+op.enroll._016=# op.<op>.mapping.<n>.filter.appletMinorVersion=
+op.enroll._017=#    - can be either empty or applet minor version
+op.enroll._018=#      specified by the client
+op.enroll._019=#    - if major and minor versions are both zero, this
+op.enroll._020=#      indicate there is no applet on the token.
+op.enroll._021=# op.<op>.mapping.<n>.target.tokenType=userKey
+op.enroll._022=#    - if tokenType, tokenATR, appletMajorVersion,
+op.enroll._023=#      and appletMinorVersion are matched, value in
+op.enroll._024=#      targetTokenType will be used to locate
+op.enroll._025=#      the corresponding token profile to
+op.enroll._026=#      process the request.
+op.enroll._027=#
+op.enroll._028=# where
+op.enroll._029=#  <op> - operation; enroll,pinReset,format
+op.enroll._030=#  <n>  - mapping ID; order is specifiable
+op.enroll._031=#
+op.enroll._032=# Token ATR:
+op.enroll._033=#   Web Store  - 3B759400006202020201
+op.enroll._034=#########################################
+op.enroll.mapping.order=0,1,2
+op.enroll.mapping.0.filter.tokenType=userKey
+op.enroll.mapping.0.filter.tokenATR=
+op.enroll.mapping.0.filter.tokenCUID.start=
+op.enroll.mapping.0.filter.tokenCUID.end=
+op.enroll.mapping.0.filter.appletMajorVersion=1
+op.enroll.mapping.0.filter.appletMinorVersion=
+op.enroll.mapping.0.target.tokenType=userKey
+op.enroll.mapping.1.filter.tokenType=soKey
+op.enroll.mapping.1.filter.tokenATR=
+op.enroll.mapping.1.filter.tokenCUID.start=
+op.enroll.mapping.1.filter.tokenCUID.end=
+op.enroll.mapping.1.filter.appletMajorVersion=
+op.enroll.mapping.1.filter.appletMinorVersion=
+op.enroll.mapping.1.target.tokenType=soKey
+op.enroll.mapping.2.filter.tokenType=
+op.enroll.mapping.2.filter.tokenATR=
+op.enroll.mapping.2.filter.tokenCUID.start=
+op.enroll.mapping.2.filter.tokenCUID.end=
+op.enroll.mapping.2.filter.appletMajorVersion=
+op.enroll.mapping.2.filter.appletMinorVersion=
+op.enroll.mapping.2.target.tokenType=userKey
+op.pinReset.mapping.order=0
+op.pinReset.mapping.0.filter.tokenType=
+op.pinReset.mapping.0.filter.tokenATR=
+op.pinReset.mapping.0.filter.tokenCUID.start=
+op.pinReset.mapping.0.filter.tokenCUID.end=
+op.pinReset.mapping.0.filter.appletMajorVersion=
+op.pinReset.mapping.0.filter.appletMinorVersion=
+op.pinReset.mapping.0.target.tokenType=userKey
+op.format.mapping.order=0,1,2,3,4,5,6
+op.format.mapping.0.filter.tokenType=soCleanUserToken
+op.format.mapping.0.filter.tokenATR=
+op.format.mapping.0.filter.tokenCUID.start=
+op.format.mapping.0.filter.tokenCUID.end=
+op.format.mapping.0.filter.appletMajorVersion=
+op.format.mapping.0.filter.appletMinorVersion=
+op.format.mapping.0.target.tokenType=soCleanUserToken
+op.format.mapping.1.filter.tokenType=soUserKey
+op.format.mapping.1.filter.tokenATR=
+op.format.mapping.1.filter.tokenCUID.start=
+op.format.mapping.1.filter.tokenCUID.end=
+op.format.mapping.1.filter.appletMajorVersion=
+op.format.mapping.1.filter.appletMinorVersion=
+op.format.mapping.1.target.tokenType=soUserKey
+op.format.mapping.2.filter.tokenType=soKey
+op.format.mapping.2.filter.tokenATR=
+op.format.mapping.2.filter.tokenCUID.start=
+op.format.mapping.2.filter.tokenCUID.end=
+op.format.mapping.2.filter.appletMajorVersion=
+op.format.mapping.2.filter.appletMinorVersion=
+op.format.mapping.2.target.tokenType=soKey
+op.format.mapping.3.filter.tokenType=userKey
+op.format.mapping.3.filter.tokenATR=
+op.format.mapping.3.filter.tokenCUID.start=
+op.format.mapping.3.filter.tokenCUID.end=
+op.format.mapping.3.filter.appletMajorVersion=
+op.format.mapping.3.filter.appletMinorVersion=
+op.format.mapping.3.target.tokenType=userKey
+op.format.mapping.4.filter.tokenType=soCleanSOToken
+op.format.mapping.4.filter.tokenATR=
+op.format.mapping.4.filter.tokenCUID.start=
+op.format.mapping.4.filter.tokenCUID.end=
+op.format.mapping.4.filter.appletMajorVersion=
+op.format.mapping.4.filter.appletMinorVersion=
+op.format.mapping.5.filter.tokenType=cleanToken
+op.format.mapping.5.filter.tokenATR=
+op.format.mapping.5.filter.tokenCUID.start=
+op.format.mapping.5.filter.tokenCUID.end=
+op.format.mapping.5.filter.appletMajorVersion=
+op.format.mapping.5.filter.appletMinorVersion=
+op.format.mapping.5.target.tokenType=cleanToken
+op.format.mapping.4.target.tokenType=soCleanSOToken
+op.format.mapping.6.filter.tokenATR=
+op.format.mapping.6.filter.tokenCUID.start=
+op.format.mapping.6.filter.tokenCUID.end=
+op.format.mapping.6.filter.appletMajorVersion=
+op.format.mapping.6.filter.appletMinorVersion=
+op.format.mapping.6.target.tokenType=tokenKey
+op.enroll.userKey._000=#########################################
+op.enroll.userKey._001=# Enrollment Operation For CoolKey
+op.enroll.userKey._002=#
+op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024
+op.enroll.userKey._004=#  - size of the key the token should generate
+op.enroll.userKey._005=#  - max value: 1024
+op.enroll.userKey._006=#
+op.enroll.userKey._007=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.encrypt=false
+op.enroll.userKey._008=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sign=true
+op.enroll.userKey._009=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.signRecover=true
+op.enroll.userKey._010=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.decrypt=false
+op.enroll.userKey._011=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.derive=false
+op.enroll.userKey._012=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.unwrap=false
+op.enroll.userKey._013=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.wrap=false
+op.enroll.userKey._014=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verifyRecover=true
+op.enroll.userKey._015=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verify=true
+op.enroll.userKey._016=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sensitive=true
+op.enroll.userKey._017=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.private=true
+op.enroll.userKey._018=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.token=true
+op.enroll.userKey._019=#  - specify the PKCS11 attributes to set on the token
+op.enroll.userKey._020=#
+op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label
+op.enroll.userKey._022=#  - specify the CUID shown in the certificate
+op.enroll.userKey._023=#
+op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label
+op.enroll.userKey._025=#  - specify the token name. all resulting labels for co-existing keys
+op.enroll.userKey._026=#    on the same token must be unique
+op.enroll.userKey._027=#  - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C)
+op.enroll.userKey._028=#  - $cuid$ - CUID (i.e. 40900062FF0200000B9C)
+op.enroll.userKey._029=#  - $msn$ - MSN
+op.enroll.userKey._030=#  - $userid$ - User ID
+op.enroll.userKey._031=#  - $profileId$ - Profile ID
+op.enroll.userKey._032=#
+op.enroll.userKey._033=# op.enroll.<tokenType>.keyGen.<keyType>.overwrite=true|false
+op.enroll.userKey._034=#  - if key and certificate exist, should RA overwrite them
+op.enroll.userKey._035=#
+op.enroll.userKey._036=# op.enroll.<tokenType>.keyGen.<keyType>.certId=C1
+op.enroll.userKey._037=# op.enroll.<tokenType>.keyGen.<keyType>.certAttrId=c1
+op.enroll.userKey._038=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyAttrId=k2
+op.enroll.userKey._039=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyAttrId=k3
+op.enroll.userKey._040=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyNumber=2
+op.enroll.userKey._041=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyNumber=3
+op.enroll.userKey._042=#  - specify name PKCS11 object IDs
+op.enroll.userKey._043=#  - Lower case letters signify objects containing PKCS11 object attributes,
+op.enroll.userKey._044=#    in the format described below.
+op.enroll.userKey._045=#    'c' An object containing PKCS11 attributes for a certificate.
+op.enroll.userKey._046=#    'k' An object containing PKCS11 attributes for a public or private key
+op.enroll.userKey._047=#    'r' An object containing PKCS11 attributes for an "reader".
+op.enroll.userKey._048=#  - Upper case letters signify objects containing raw data corresponding to
+op.enroll.userKey._049=#    the lower case letters described above.  For example, object "C0"
+op.enroll.userKey._050=#    contains raw data corresponding to object "c0".
+op.enroll.userKey._051=#   'C' This object contains an entire DER cert, and nothing else.
+op.enroll.userKey._052=#   'K' This object contains a MUSCLE "key blob".  TPS does not use this.
+op.enroll.userKey._053=#
+op.enroll.userKey._054=# op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0
+op.enroll.userKey._055=# op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0
+op.enroll.userKey._056=#  - user specifies which PIN user should be granted
+op.enroll.userKey._057=#    use privilege of the generated private key, or
+op.enroll.userKey._058=#    15 if all users have use privilege for the private key
+op.enroll.userKey._059=#  - Valid uage: (only specifies the usage for the private key)
+op.enroll.userKey._060=#    0 - default usage (Signing only for this APDU)
+op.enroll.userKey._061=#    1 - signing only
+op.enroll.userKey._062=#    2 - decryption only
+op.enroll.userKey._063=#    3 - signing and decryption
+op.enroll.userKey._064=#
+op.enroll.userKey._065=# op.enroll.<tokenType>.pkcs11obj.enable=true|false
+op.enroll.userKey._066=#  - enable writing of PKCS11 cache object to the token
+op.enroll.userKey._067=#
+op.enroll.userKey._068=# op.enroll.<tokenType>.pkcs11obj.compress.enable=true|false
+op.enroll.userKey._069=#  - enable compression for writing of PKCS11 cache object to the token
+op.enroll.userKey._070=#
+op.enroll.userKey._071=# op.enroll.<tokenType>.pinReset.pin.maxRetries=127
+op.enroll.userKey._072=#  - max number of retries before blocking the token
+op.enroll.userKey._073=#  - max value: 127
+op.enroll.userKey._074=#
+op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary.
+op.enroll.userKey._076=# Make sure the profile specified by the profileId to have
+op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate.
+op.enroll.userKey._078=#########################################
+op.enroll.allowUnknownToken=true
+#The three recovery schemes supported are:
+# GenerateNewKey - Generate a new cert for the encryption cert.
+# RecoverLast - Recover the most recent cert for the encryption cert.
+# GenerateNewKeyandRecoverLast - Generate new cert AND recover last for encryption cert.
+op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary
+op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2
+op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing
+op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2
+op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
+op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2
+op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
+op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.userKey.keyGen.tokenName=$auth.cn$
+op.enroll.userKey.keyGen.keyType.num=2
+op.enroll.userKey.keyGen.keyType.value.0=signing
+op.enroll.userKey.keyGen.keyType.value.1=encryption
+op.enroll.userKey.keyGen.signing.keySize=1024
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.userKey.keyGen.signing.label=signing key for $userid$
+op.enroll.userKey.keyGen.signing.cuid_label=$cuid$
+op.enroll.userKey.keyGen.signing.overwrite=true
+op.enroll.userKey.keyGen.signing.certId=C1
+op.enroll.userKey.keyGen.signing.certAttrId=c1
+op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2
+op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3
+op.enroll.userKey.keyGen.signing.keyUsage=0
+op.enroll.userKey.keyGen.signing.keyUser=0
+op.enroll.userKey.keyGen.signing.privateKeyNumber=2
+op.enroll.userKey.keyGen.signing.publicKeyNumber=3
+op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
+op.enroll.userKey.keyGen.signing.ca.conn=ca1
+op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.userKey.keyGen.encryption.keySize=1024
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$
+op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$
+op.enroll.userKey.keyGen.encryption.overwrite=true
+op.enroll.userKey.keyGen.encryption.certId=C2
+op.enroll.userKey.keyGen.encryption.certAttrId=c2
+op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.userKey.keyGen.encryption.keyUsage=0
+op.enroll.userKey.keyGen.encryption.keyUser=0
+op.enroll.userKey.keyGen.encryption.privateKeyNumber=4
+op.enroll.userKey.keyGen.encryption.publicKeyNumber=5
+op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
+op.enroll.userKey.keyGen.encryption.ca.conn=ca1
+op.enroll.userKey.pkcs11obj.enable=true
+op.enroll.userKey.pkcs11obj.compress.enable=true
+op.enroll.userKey.update.applet.emptyToken.enable=true
+op.enroll.userKey.update.applet.enable=true
+op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets
+op.enroll.userKey.update.applet.encryption=true
+op.enroll.userKey.update.symmetricKeys.enable=false
+op.enroll.userKey.update.symmetricKeys.requiredVersion=1
+op.enroll.userKey.loginRequest.enable=true
+op.enroll.userKey.pinReset.enable=true
+op.enroll.userKey.pinReset.pin.maxRetries=127
+op.enroll.userKey.pinReset.pin.minLen=4
+op.enroll.userKey.pinReset.pin.maxLen=10
+op.enroll.userKey.cardmgr_instance=A0000000030000
+op.enroll.userKey.tks.conn=tks1
+op.enroll.userKey.auth.id=ldap1
+op.enroll.userKey.auth.enable=true
+op.enroll.userKey.issuerinfo.enable=true
+op.enroll.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
+op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
+op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true
+op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
+op.enroll.userKeyTemporary.keyGen.keyType.num=3
+op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth
+op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing
+op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption
+op.enroll.userKeyTemporary.keyGen.auth.keySize=1024
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
+op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.auth.overwrite=false
+op.enroll.userKeyTemporary.keyGen.auth.certId=C0
+op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0
+op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0
+op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1
+op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.auth.keyUser=15
+op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0
+op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1
+op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1
+op.enroll.userKeyTemporary.keyGen.signing.keySize=1024
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$
+op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.signing.overwrite=true
+op.enroll.userKeyTemporary.keyGen.signing.certId=C1
+op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1
+op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2
+op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3
+op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.signing.keyUser=0
+op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2
+op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3
+op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1
+op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$
+op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$
+op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true
+op.enroll.userKeyTemporary.keyGen.encryption.certId=C2
+op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2
+op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0
+op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0
+op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4
+op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5
+op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
+op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1
+op.enroll.userKeyTemporary.pkcs11obj.enable=true
+op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true
+op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true
+op.enroll.userKeyTemporary.update.applet.enable=true
+op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets
+op.enroll.userKeyTemporary.update.applet.encryption=true
+op.enroll.userKeyTemporary.update.symmetricKeys.enable=false
+op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1
+op.enroll.userKeyTemporary.loginRequest.enable=true
+op.enroll.userKeyTemporary.pinReset.enable=true
+op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127
+op.enroll.userKeyTemporary.pinReset.pin.minLen=4
+op.enroll.userKeyTemporary.pinReset.pin.maxLen=10
+op.enroll.userKeyTemporary.tks.conn=tks1
+op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000
+op.enroll.userKeyTemporary.auth.id=ldap1
+op.enroll.userKeyTemporary.auth.enable=true
+# Token Renewal.
+# For each token in TPS UI set the following:
+#     RENEW=YES
+# To trigger renewal operations.
+op.enroll.userKey.renewal.keyType.num=2
+op.enroll.userKey.renewal.keyType.value.0=signing
+op.enroll.userKey.renewal.keyType.value.1=encryption
+op.enroll.userKey.renewal.signing.enable=true
+#optional grace period enforcement
+#must coincide exactly with what the CA enforces
+op.enroll.userKey.renewal.signing.gracePeriod.enable=false
+op.enroll.userKey.renewal.signing.gracePeriod.before=30
+op.enroll.userKey.renewal.signing.gracePeriod.after=30
+op.enroll.userKey.renewal.signing.certId=C1
+#in case of renewal, encryption certId values for completeness only
+#server code calculates actual values used.
+op.enroll.userKey.renewal.encryption.certId=C2
+op.enroll.userKey.renewal.signing.certAttrId=c1
+op.enroll.userKey.renewal.encryption.certAttrId=c2
+op.enroll.userKey.renewal.encryption.enable=true
+#optional grace period enforcement
+#must coincide exactly with what the CA enforces
+op.enroll.userKey.renewal.encryption.gracePeriod.enable=false
+op.enroll.userKey.renewal.encryption.gracePeriod.before=30
+op.enroll.userKey.renewal.encryption.gracePeriod.after=30
+op.enroll.userKey.renewal.signing.ca.conn=ca1
+op.enroll.userKey.renewal.encryption.ca.conn=ca1
+op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal
+op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal
+op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false
+op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1
+op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2
+op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6
+op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6
+op.enroll.soKey.keyGen.tokenName=$auth.cn$
+op.enroll.soKey.keyGen.keyType.num=2
+op.enroll.soKey.keyGen.keyType.value.0=signing
+op.enroll.soKey.keyGen.keyType.value.1=encryption
+op.enroll.soKey.keyGen.signing.keySize=1024
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.soKey.keyGen.signing.label=signing key for $userid$
+op.enroll.soKey.keyGen.signing.cuid_label=$cuid$
+op.enroll.soKey.keyGen.signing.overwrite=true
+op.enroll.soKey.keyGen.signing.certId=C1
+op.enroll.soKey.keyGen.signing.certAttrId=c1
+op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2
+op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3
+op.enroll.soKey.keyGen.signing.keyUsage=0
+op.enroll.soKey.keyGen.signing.keyUser=0
+op.enroll.soKey.keyGen.signing.privateKeyNumber=2
+op.enroll.soKey.keyGen.signing.publicKeyNumber=3
+op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment
+op.enroll.soKey.keyGen.signing.ca.conn=ca1
+op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher
+op.enroll.soKey.keyGen.encryption.keySize=1024
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$
+op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$
+op.enroll.soKey.keyGen.encryption.overwrite=true
+op.enroll.soKey.keyGen.encryption.certId=C2
+op.enroll.soKey.keyGen.encryption.certAttrId=c2
+op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.soKey.keyGen.encryption.keyUsage=0
+op.enroll.soKey.keyGen.encryption.keyUser=0
+op.enroll.soKey.keyGen.encryption.privateKeyNumber=4
+op.enroll.soKey.keyGen.encryption.publicKeyNumber=5
+op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment
+op.enroll.soKey.keyGen.encryption.ca.conn=ca1
+op.enroll.soKey.pkcs11obj.enable=true
+op.enroll.soKey.pkcs11obj.compress.enable=true
+op.enroll.soKey.update.applet.emptyToken.enable=true
+op.enroll.soKey.update.applet.enable=true
+op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets
+op.enroll.soKey.update.applet.encryption=true
+op.enroll.soKey.update.symmetricKeys.enable=false
+op.enroll.soKey.update.symmetricKeys.requiredVersion=1
+op.enroll.soKey.loginRequest.enable=true
+op.enroll.soKey.pinReset.enable=true
+op.enroll.soKey.pinReset.pin.maxRetries=127
+op.enroll.soKey.pinReset.pin.minLen=4
+op.enroll.soKey.pinReset.pin.maxLen=10
+op.enroll.soKey.cardmgr_instance=A0000000030000
+op.enroll.soKey.tks.conn=tks1
+op.enroll.soKey.auth.id=ldap2
+op.enroll.soKey.auth.enable=true
+op.enroll.soKey.issuerinfo.enable=true
+op.enroll.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing
+op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true
+op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0
+op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN]
+op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1
+op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true
+op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary)
+op.enroll.soKeyTemporary.keyGen.keyType.num=3
+op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth
+op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing
+op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption
+op.enroll.soKeyTemporary.keyGen.auth.keySize=1024
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$
+op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.auth.overwrite=false
+op.enroll.soKeyTemporary.keyGen.auth.certId=C0
+op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0
+op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0
+op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1
+op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.auth.keyUser=15
+op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0
+op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1
+op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.signing.keySize=1024
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true
+op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$
+op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.signing.overwrite=true
+op.enroll.soKeyTemporary.keyGen.signing.certId=C1
+op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1
+op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2
+op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3
+op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.signing.keyUser=0
+op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2
+op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3
+op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1
+op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false
+op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true
+op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true
+op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$
+op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$
+op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true
+op.enroll.soKeyTemporary.keyGen.encryption.certId=C2
+op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2
+op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4
+op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5
+op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0
+op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0
+op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4
+op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5
+op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment
+op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1
+op.enroll.soKeyTemporary.pkcs11obj.enable=true
+op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true
+op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true
+op.enroll.soKeyTemporary.update.applet.enable=true
+op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449
+op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets
+op.enroll.soKeyTemporary.update.applet.encryption=true
+op.enroll.soKeyTemporary.update.symmetricKeys.enable=false
+op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1
+op.enroll.soKeyTemporary.loginRequest.enable=true
+op.enroll.soKeyTemporary.pinReset.enable=true
+op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127
+op.enroll.soKeyTemporary.pinReset.pin.minLen=4
+op.enroll.soKeyTemporary.pinReset.pin.maxLen=10
+op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000
+op.enroll.soKeyTemporary.tks.conn=tks1
+op.enroll.soKeyTemporary.tks.keySet=defKeyset
+op.enroll.soKeyTemporary.auth.id=ldap2
+op.enroll.soKeyTemporary.auth.enable=true
+op.pinReset._000=#########################################
+op.pinReset._001=# Certificate Chain Imports
+op.pinReset._002=#
+op.pinReset._003=# op.enroll.certificates.num=1
+op.pinReset._004=# op.enroll.certificates.value.0=caCert
+op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 pki-tps
+op.pinReset._006=# op.enroll.certificates.caCert.certId=C5
+op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5
+op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label
+op.pinReset._009=#########################################
+op.pinReset._010=#########################################
+op.pinReset._011=# Pin Reset Operation For CoolKey
+op.pinReset._012=#
+op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false
+op.pinReset._014=#  - update applet or not if token is empty
+op.pinReset._015=#
+op.pinReset._016=# - N/A for HouseKey
+op.pinReset._017=# - N/A for HouseKey with Legacy Applet
+op.pinReset._018=#########################################
+op.pinReset.userKey.update.applet.emptyToken.enable=true
+op.pinReset.userKey.update.applet.enable=false
+op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets
+op.pinReset.userKey.update.applet.encryption=true
+op.pinReset.userKey.update.symmetricKeys.enable=false
+op.pinReset.userKey.update.symmetricKeys.requiredVersion=1
+op.pinReset.userKey.loginRequest.enable=true
+op.pinReset.userKey.pinReset.pin.minLen=4
+op.pinReset.userKey.pinReset.pin.maxLen=10
+op.pinReset.userKey.tks.conn=tks1
+op.pinReset.userKey.cardmgr_instance=A0000000030000
+op.pinReset.userKey.auth.id=ldap1
+op.pinReset.userKey.auth.enable=true
+op.format._000=#########################################
+op.format._001=# Format Operation For tokenKey
+op.format._002=#
+op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false
+op.format._004=#  - update applet or not if token is empty
+op.format._005=#
+op.format._006=# - applicable to CoolKey
+op.format._007=# - applicable to HouseKey
+op.format._008=# - applicable to HouseKey with Legacy Applet
+op.format._009=#########################################
+op.format.allowUnknownToken=true
+op.format.soCleanUserToken.update.applet.emptyToken.enable=true
+op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets
+op.format.soCleanUserToken.update.applet.encryption=true
+op.format.soCleanUserToken.update.symmetricKeys.enable=false
+op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1
+op.format.soCleanUserToken.revokeCert=true
+op.format.soCleanUserToken.ca.conn=ca1
+op.format.soCleanUserToken.loginRequest.enable=false
+op.format.soCleanUserToken.cardmgr_instance=A0000000030000
+op.format.soCleanUserToken.tks.conn=tks1
+op.format.soCleanUserToken.auth.id=ldap1
+op.format.soCleanUserToken.auth.enable=false
+op.format.soCleanUserToken.issuerinfo.enable=true
+op.format.soCleanUserToken.issuerinfo.value=
+op.format.soCleanSOToken.update.applet.emptyToken.enable=true
+op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets
+op.format.soCleanSOToken.update.applet.encryption=true
+op.format.soCleanSOToken.update.symmetricKeys.enable=false
+op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1
+op.format.soCleanSOToken.revokeCert=true
+op.format.soCleanSOToken.ca.conn=ca1
+op.format.soCleanSOToken.loginRequest.enable=false
+op.format.soCleanSOToken.cardmgr_instance=A0000000030000
+op.format.soCleanSOToken.tks.conn=tks1
+op.format.soCleanSOToken.auth.id=ldap1
+op.format.soCleanSOToken.auth.enable=false
+op.format.soCleanSOToken.issuerinfo.enable=true
+op.format.soCleanSOToken.issuerinfo.value=
+op.format.cleanToken.update.applet.emptyToken.enable=true
+op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449
+op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets
+op.format.cleanToken.update.applet.encryption=true
+op.format.cleanToken.update.symmetricKeys.enable=false
+op.format.cleanToken.update.symmetricKeys.requiredVersion=1
+op.format.cleanToken.revokeCert=true
+op.format.cleanToken.ca.conn=ca1
+op.format.cleanToken.loginRequest.enable=true
+op.format.cleanToken.cardmgr_instance=A0000000030000
+op.format.cleanToken.tks.conn=tks1
+op.format.cleanToken.auth.id=ldap1
+op.format.cleanToken.auth.enable=false
+op.format.cleanToken.issuerinfo.enable=true
+op.format.cleanToken.issuerinfo.value=
+op.format.soUserKey.update.applet.emptyToken.enable=true
+op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets
+op.format.soUserKey.update.applet.encryption=true
+op.format.soUserKey.update.symmetricKeys.enable=false
+op.format.soUserKey.update.symmetricKeys.requiredVersion=1
+op.format.soUserKey.revokeCert=true
+op.format.soUserKey.ca.conn=ca1
+op.format.soUserKey.loginRequest.enable=false
+op.format.soUserKey.cardmgr_instance=A0000000030000
+op.format.soUserKey.tks.conn=tks1
+op.format.soUserKey.auth.id=ldap1
+op.format.soUserKey.auth.enable=false
+op.format.soUserKey.issuerinfo.enable=true
+op.format.soUserKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+op.format.soKey.update.applet.emptyToken.enable=true
+op.format.soKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.soKey.update.applet.directory=[TPS_DIR]/applets
+op.format.soKey.update.applet.encryption=true
+op.format.soKey.update.symmetricKeys.enable=false
+op.format.soKey.update.symmetricKeys.requiredVersion=1
+op.format.soKey.revokeCert=true
+op.format.soKey.ca.conn=ca1
+op.format.soKey.loginRequest.enable=true
+op.format.soKey.cardmgr_instance=A0000000030000
+op.format.soKey.tks.conn=tks1
+op.format.soKey.auth.id=ldap2
+op.format.soKey.auth.enable=true
+op.format.soKey.issuerinfo.enable=true
+op.format.soKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/so/index.cgi
+op.format.userKey.update.applet.emptyToken.enable=true
+op.format.userKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.userKey.update.applet.directory=[TPS_DIR]/applets
+op.format.userKey.update.applet.encryption=true
+op.format.userKey.update.symmetricKeys.enable=false
+op.format.userKey.update.symmetricKeys.requiredVersion=1
+op.format.userKey.revokeCert=true
+op.format.userKey.ca.conn=ca1
+op.format.userKey.loginRequest.enable=true
+op.format.userKey.cardmgr_instance=A0000000030000
+op.format.userKey.tks.conn=tks1
+op.format.userKey.auth.id=ldap1
+op.format.userKey.auth.enable=true
+op.format.userKey.issuerinfo.enable=true
+op.format.userKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+op.format.tokenKey.update.applet.emptyToken.enable=true
+op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449
+op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets
+op.format.tokenKey.update.applet.encryption=true
+op.format.tokenKey.update.symmetricKeys.enable=false
+op.format.tokenKey.update.symmetricKeys.requiredVersion=1
+op.format.tokenKey.revokeCert=true
+op.format.tokenKey.ca.conn=ca1
+op.format.tokenKey.loginRequest.enable=true
+op.format.tokenKey.cardmgr_instance=A0000000030000
+op.format.tokenKey.tks.conn=tks1
+op.format.tokenKey.auth.id=ldap1
+op.format.tokenKey.auth.enable=true
+op.format.tokenKey.issuerinfo.enable=true
+op.format.tokenKey.issuerinfo.value=http://[SERVER_NAME]:[PORT]/cgi-bin/home/index.cgi
+tokendb._000=#########################################
+tokendb._001=# tokendb.auditLog:
+tokendb._002=#   - audit log path
+tokendb._003=# tokendb.host:
+tokendb._004=#   - tokendb host name
+tokendb._005=# tokendb.port:
+tokendb._006=#   - tokendb port number
+tokendb._007=# tokendb.bindDN:
+tokendb._008=#   - tokendb administration DN (i.e. cn=Directory Manager)
+tokendb._009=# tokendb.bindPassPath:
+tokendb._010=#   - tokendb administration password file path
+tokendb._011=# tokendb.templateDir
+tokendb._012=#   - directory where all the tokendb templates are located
+tokendb._013=# tokendb.userBaseDN:
+tokendb._014=#   - directory base DN for users and groups
+tokendb._015=# tokendb.baseDN:
+tokendb._016=#   - directory base DN for tokens
+tokendb._017=# tokendb.activityBaseDN:
+tokendb._018=#   - directory base DN for activities
+tokendb._019=# tokendb.indexTemplate=index.template
+tokendb._020=#   - index template
+tokendb._021=# tokendb.newTemplate=new.template
+tokendb._022=#   - add template
+tokendb._023=# tokendb.showTemplate=show.template
+tokendb._024=#   - show template
+tokendb._025=# tokendb.errorTemplate=error.template
+tokendb._026=#   - error template
+tokendb._027=# tokendb.searchTemplate=search.template
+tokendb._028=#   - search template
+tokendb._029=# tokendb.searchResultTemplate=searchResults.template
+tokendb._030=#   - search result template
+tokendb._031=# tokendb.editTemplate=edit.template
+tokendb._032=#   - edit template
+tokendb._033=# tokendb.editResultTemplate=editResults.template
+tokendb._034=#   - edit result template
+tokendb._035=# tokendb.addResultTemplate=addResults.template
+tokendb._036=#   - add result template
+tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template
+tokendb._038=#   - delete result template
+tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template
+tokendb._040=#   - search activity template
+tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template
+tokendb._042=#   - search activity result template
+tokendb._043=# tokendb.showAdminTemplate=showAdmin.template
+tokendb._044=#   - show admin template
+tokendb._045=# tokendb.editAdminTemplate=editAdmin.template
+tokendb._046=#   - edit admin template
+tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template
+tokendb._048=#   - edit admin result template
+tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template
+tokendb._050=#   - search admin template
+tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template
+tokendb._052=#   - search admin result template
+tokendb._053=# tokendb.defaultPolicy:
+tokendb._054=# Supported Policy (Separated by ; [Semicolon]):
+tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO
+tokendb._056=#   PIN_RESET=YES|NO
+tokendb._057=#   - If not present, pin reset by user is allowed.
+tokendb._058=#   - If present and agent change PIN_RESET from NO
+tokendb._059=#     to YES, user is allowed to do pin reset. This
+tokendb._060=#     policy will be changed back to NO after pin reset.
+tokendb._061=#   RE_ENROLL=YES|NO
+tokendb._062=#   - If not present, re-enrollment is allowed.
+tokendb._063=#   - If present, re-enrollment is allowed when RE_ENROLL
+tokendb._064=#     is set to YES. Otherwise, re-enrollment is not
+tokendb._065=#     allowed.
+tokendb._066=# tokendb.allowedTransitions:
+tokendb._067=#   - has transitions between the following states
+tokendb._068=#     TOKEN_UNINITIALIZED = 0,
+tokendb._069=#     TOKEN_DAMAGED =1,
+tokendb._070=#     TOKEN_PERM_LOST=2,
+tokendb._071=#     TOKEN_TEMP_LOST=3,
+tokendb._072=#     TOKEN_FOUND =4,
+tokendb._073=#     TOKEN_TEMP_LOST_PERM_LOST =5,
+tokendb._074=#     TOKEN_TERMINATED = 6
+tokendb._075=#########################################
+tokendb.auditLog=[SERVER_ROOT]/logs/tokendb-audit.log
+tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT]
+tokendb.ssl=false
+tokendb.bindDN=cn=Directory Manager
+tokendb.bindPassPath=[SERVER_ROOT]/conf/password.conf
+tokendb.templateDir=[SERVER_ROOT]/docroot/tus
+tokendb.userBaseDN=[TOKENDB_ROOT]
+tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT]
+tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT]
+tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT]
+tokendb.indexTemplate=index.template
+tokendb.indexAdminTemplate=indexAdmin.template
+tokendb.newTemplate=new.template
+tokendb.showTemplate=show.template
+tokendb.showCertTemplate=showCert.template
+tokendb.errorTemplate=error.template
+tokendb.searchTemplate=search.template
+tokendb.searchResultTemplate=searchResults.template
+tokendb.searchCertificateResultTemplate=searchCertificateResults.template
+tokendb.editTemplate=edit.template
+tokendb.editResultTemplate=editResults.template
+tokendb.addResultTemplate=addResults.template
+tokendb.deleteTemplate=delete.template
+tokendb.deleteResultTemplate=deleteResults.template
+tokendb.searchActivityTemplate=searchActivity.template
+tokendb.searchCertificateTemplate=searchCertificate.template
+tokendb.searchActivityResultTemplate=searchActivityResults.template
+tokendb.searchActivityAdminTemplate=searchActivityAdmin.template
+tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template
+tokendb.showAdminTemplate=showAdmin.template
+tokendb.doTokenTemplate=doToken.template
+tokendb.doTokenConfirmTemplate=doTokenConfirm.template
+tokendb.revokeTemplate=revoke.template
+tokendb.searchAdminTemplate=searchAdmin.template
+tokendb.searchAdminResultTemplate=searchAdminResults.template
+tokendb.defaultPolicy=RE_ENROLL=YES
+tokendb.newUserTemplate=newUser.template
+tokendb.userDeleteTemplate=userDelete.template
+tokendb.searchUserResultTemplate=searchUserResults.template
+tokendb.searchUserTemplate=searchUser.template
+tokendb.editUserTemplate=editUser.template
+tokendb.indexOperatorTemplate=indexOperator.template
+tokendb.selfTestTemplate=selfTest.template
+tokendb.selfTestResultsTemplate=selfTestResults.template
+tokendb.auditAdminTemplate=auditAdmin.template
+tokendb.selectConfigTemplate=selectConfig.template
+tokendb.agentSelectConfigTemplate=agentSelectConfig.template
+tokendb.editConfigTemplate=editConfig.template
+tokendb.agentViewConfigTemplate=agentViewConfig.template
+tokendb.addConfigTemplate=addConfig.template
+tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template
+tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template
+log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
+log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL
+log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST
+tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6
+target._000=#########################################
+target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs
+target._002=#
+target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin.
+target._004=#    Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab.
+target._005=#
+target._006=# target.agent_approve.list = comma separated subset of above list.  Parameter sets in this list
+target._007=#    will show up in the agent tab (under advanced configuration) and will require agent involvement
+target._008=#   (enable/ disable) to be edited.
+target._009=#
+target._010=# For the wording to display correctly, the values in the above list should be plurals.
+target._011=#
+target._012=# Each parameter set in the lists above requires three parameters:
+target._013=#    target.<type name>.list : list of choices of this parameter set type (will display in the drop down box)
+target._014=#    target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set.
+target._015=#    target.<type_name>.displayname: used in the UI display text.  This should be the singular form of <type_name>.
+target._016=#
+target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined.
+target._018=#
+target._019=########################################
+target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources
+target.agent_approve.list=Profiles
+target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey
+target.Profiles.pattern=op\..*\.$name\..*
+target.Profiles.displayname=Profile
+target.Subsystem_Connections.list=ca1,drm1,tks1
+target.Subsystem_Connections.pattern=conn\.$name\..*
+target.Subsystem_Connections.displayname=Subsystem Connection
+target.Profile_Mappings.list=enroll,format,pinReset
+target.Profile_Mappings.pattern=op\.$name\.mapping\..*
+target.Profile_Mappings.displayname=Profile Mapping
+target.Authentication_Sources.list=0,1
+target.Authentication_Sources.pattern=auth\.instance\.$name\..*
+target.Authentication_Sources.displayname=Authentication Source
+target.Generals.displayname=General
+target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..*
+config.Generals.General.state=Enabled
+config.Generals.General.timestamp=1280283607424406
+tps._000=########################################
+tps._001=# For verifying system certificates
+tps._002=# tps.cert.list=sslserver,subsystem,audit_signing
+tps._003=# tps.cert.sslserver.nickname=xxx
+tps._005=# tps.cert.subsystem.nickname=xxx
+tps._007=# tps.cert.audit_signing.nickname=xxx
+tps._009=########################################
+tps.cert.list=sslserver,subsystem,audit_signing
+tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME]
+tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME]
+tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME]
diff --git a/pki/base/tps/etc/init.d/pki-tpsd b/pki/base/tps/etc/init.d/pki-tpsd
new file mode 100755
index 000000000..0631954c2
--- /dev/null
+++ b/pki/base/tps/etc/init.d/pki-tpsd
@@ -0,0 +1,83 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007-2010 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+# pki-tpsd         Startup script for the Apache HTTP pki-tps Server
+#
+# chkconfig:    - 87 13
+# description:  Token Processing System (Apache)
+# processname:  pki-tpsd
+# piddir:       /var/run/pki/tps
+# config:       ${PKI_SERVER_ROOT}/conf/httpd.conf
+
+PROG_NAME=`basename $0`
+SERVICE_NAME="pki-tpsd"
+SERVICE_PROG="/sbin/service"
+PKI_PATH="/usr/share/pki/tps"
+PKI_REGISTRY="/etc/sysconfig/pki/tps"
+PKI_TYPE="pki-tps"
+PKI_TOTAL_PORTS=3
+
+# Disallow 'others' the ability to 'write' to new files
+umask 00002
+
+command="$1"
+pki_instance="$2"
+
+# Source function library.
+. /etc/init.d/functions
+
+# Source the PKI function library
+. /usr/share/pki/scripts/functions
+
+# See how we were called.
+case $command in
+    status)
+	registry_status
+	exit $?
+	;;
+    start)
+	start
+	exit $?
+	;;
+    restart)
+	restart
+	exit $?
+	;;
+    stop)
+	stop
+	exit $?
+	;;
+    condrestart|force-restart|try-restart)
+        [ ! -f ${lockfile} ] || restart
+        exit $?
+        ;;
+    reload)
+        echo "The 'reload' action is an unimplemented feature."
+        exit ${default_error}
+        ;;
+    *)
+	echo "unknown action ($command)"
+        usage
+        echo "where valid instance names include:"
+        list_instances
+        exit ${default_error}
+        ;;
+esac
+
diff --git a/pki/base/tps/forms/esc/cgi-bin/demo/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/demo/enroll.cgi
new file mode 100755
index 000000000..c0f4bcabf
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/demo/enroll.cgi
@@ -0,0 +1,183 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/demo/index.cgi b/pki/base/tps/forms/esc/cgi-bin/demo/index.cgi
new file mode 100755
index 000000000..c9a1d21dd
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/demo/index.cgi
@@ -0,0 +1,47 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[SERVER_NAME]:[PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/demo/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "userKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/home/cachain.cgi b/pki/base/tps/forms/esc/cgi-bin/home/cachain.cgi
new file mode 100755
index 000000000..ddbf5e6ae
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/home/cachain.cgi
@@ -0,0 +1,52 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+
+use LWP::UserAgent;
+
+my $cfg = "../../conf/CS.cfg";
+my $cahostport = `grep conn.ca1.hostport $cfg | cut -c19-`;
+
+chomp($cahostport);
+
+my $url = "https://$cahostport/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert";
+
+my $agent = LWP::UserAgent->new;
+$agent->timeout(30);
+
+my $request = HTTP::Request->new('GET', $url);
+my $response = $agent->request($request);
+
+if ($response->is_success) {
+    print "Content-type: application/x-x509-ca-cert\n\n";
+    print $response->content;
+
+} else {
+   print "Content-type: text/html\n\n";
+   print "<html>";
+   print "<link rel=stylesheet href='/esc/home/style.css' type='text/css'>";
+   print "<center><h2>Error Importing CA Chain Information!</h2></center>";
+   print "<center><h2>Please try again later.</h2></center>";
+   print "</html>"
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/home/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/home/enroll.cgi
new file mode 100755
index 000000000..c0f4bcabf
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/home/enroll.cgi
@@ -0,0 +1,183 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/home/index.cgi b/pki/base/tps/forms/esc/cgi-bin/home/index.cgi
new file mode 100755
index 000000000..1e54a8354
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/home/index.cgi
@@ -0,0 +1,51 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[SERVER_NAME]:[PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "http://www.fedora.redhat.com";   # Company URL
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "userKey";
+print "</TokenType>";
+#print "<CAChainUI>";
+#print "http://[SERVER_NAME]:[PORT]/cgi-bin/home/cachain.cgi";
+#print "</CAChainUI>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/so/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/so/enroll.cgi
new file mode 100755
index 000000000..148cd78c0
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/so/enroll.cgi
@@ -0,0 +1,193 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< Enroll.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$port/$port/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
diff --git a/pki/base/tps/forms/esc/cgi-bin/so/index.cgi b/pki/base/tps/forms/esc/cgi-bin/so/index.cgi
new file mode 100755
index 000000000..7b3f2c68d
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/so/index.cgi
@@ -0,0 +1,48 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://[SERVER_NAME]:[PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/so/enroll.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "<EnrolledTokenURL>";
+print "http://[SERVER_NAME]:[PORT]/cgi-bin/sow/welcome.cgi";
+print "</EnrolledTokenURL>";
+print "<TokenType>";
+print "soKey";
+print "</TokenType>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/ajax-list.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/ajax-list.cgi
new file mode 100755
index 000000000..8db2d3e48
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/ajax-list.cgi
@@ -0,0 +1,78 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $ldapsearch = get_ldapsearch();
+
+sub main()
+{
+
+  my $q = new CGI;
+
+  my $letters = $q->param('letters');
+  if ($letters eq "") {
+    # HACK: ajax.js posts parameters into POST URL
+    $letters = $ENV{'QUERY_STRING'};
+    $letters =~ s/.*letters=//g;
+    $letters =~ s/\+/ /g;
+  }
+
+  my $tmpfile = "/tmp/ajax-list-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-x " .
+            "-b \"" .  $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "-S \"cn\" " .
+            "-s sub \"(cn=" . $letters . "*)\" cn uid > " . $tmpfile;
+  system($cmd);
+
+  my $result = "";
+  open(F, "<$tmpfile");
+  my $cn;
+  my $uid;
+  while (<F>) {
+    if (/cn/) {
+      $cn = $_;
+      chomp($cn);
+      $cn =~ s/cn: //g;
+      $uid = <F>;
+      chomp($uid);
+      $uid =~ s/uid: //g;
+      $result .= $uid . "###" . $cn . "|";
+    }
+  }
+  close(F);
+  system("rm $tmpfile");
+
+  print "Content-Type: text/html\n\n";
+  print $result;
+}
+
+&main();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl
new file mode 100755
index 000000000..6bced3836
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/cfg.pl
@@ -0,0 +1,170 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+#
+# Establish platform-dependent variables:
+#
+
+my $ldapsearch = "/usr/bin/ldapsearch";
+
+#
+# Feel free to modify the following parameters:
+#
+my $ldapHost = "localhost";
+my $ldapPort = "389";
+my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com";
+my $port = "7888";
+my $secure_port = "7889";
+my $host = "localhost";
+
+my $cfg = "/var/lib/pki-tps/conf/CS.cfg";
+
+sub get_ldapsearch()
+{
+  return $ldapsearch;
+}
+
+sub get_ldap_host()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($ldapHost, $p) = split(/:/, $ldapport);
+  return $ldapHost;
+}
+
+sub get_ldap_port()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($p, $ldapPort) = split(/:/, $ldapport);
+  return $ldapPort;
+}
+
+sub get_base_dn()
+{
+  my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`;
+  chomp($basedn);
+  return $basedn;
+}
+
+sub get_port()
+{
+  my $port = `grep service.unsecurePort $cfg | cut -c22-`;
+  chomp($port);
+  return $port;
+}
+
+sub get_secure_port()
+{
+  my $secure_port = `grep service.securePort $cfg | cut -c20-`;
+  chomp($secure_port);
+  return $secure_port;
+}
+
+sub get_host()
+{
+  my $host = `grep service.machineName $cfg | cut -c21-`;
+  chomp($host);
+  return $host;
+}
+
+sub is_agent()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`;
+  chomp($x_hostport);
+  my ($x_host, $x_port) = split(/:/, $x_hostport);
+  my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`;
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x " .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "member | grep \"uid=" . $uid . ",\" | wc -l";
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
+
+sub is_user()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_host = get_ldap_host();
+  $x_port = get_ldap_port();
+  my $x_basedn = get_base_dn();
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x " .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "ou=people,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "\"(uid=" . $uid . ")\" uid | grep \"uid:\" | wc -l";
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
+
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/enroll.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/enroll.cgi
new file mode 100755
index 000000000..e7e552d94
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/enroll.cgi
@@ -0,0 +1,270 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $ldapsearch = get_ldapsearch();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-x " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "\"(uid=" . $uid . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $departmentNumber = ""; # photo (full size)
+  my $employeeNumber = ""; # photo (thumb)
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    }
+    if (/uid: (.*)/) {
+      $uid = $1;
+    }
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    }
+    if (/sn: (.*)/) {
+      $sn = $1;
+    }
+    if (/cn: (.*)/) {
+      $cn = $1;
+    }
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    }
+    if (/departmentNumber: (.*)/) {
+      $departmentNumber = $1;
+    }
+    if (/employeeNumber: (.*)/) {
+      $employeeNumber = $1;
+    }
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/enroll_temp.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/enroll_temp.cgi
new file mode 100755
index 000000000..d11f20ff7
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/enroll_temp.cgi
@@ -0,0 +1,269 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $port = get_port();
+my $host = get_host();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GenerateEnrollmentPage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< enroll_temp.html"));
+
+  print $gQuery->header();
+
+  my $uid = $gQuery->param("uid");
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . "\" " .
+            "-x " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "\"(uid=" . $uid . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $departmentNumber = ""; # photo (full size)
+  my $employeeNumber = ""; # photo (thumb)
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    }
+    if (/uid: (.*)/) {
+      $uid = $1;
+    }
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    }
+    if (/sn: (.*)/) {
+      $sn = $1;
+    }
+    if (/cn: (.*)/) {
+      $cn = $1;
+    }
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    }
+    if (/departmentNumber: (.*)/) {
+      $departmentNumber = $1;
+    }
+    if (/employeeNumber: (.*)/) {
+      $employeeNumber = $1;
+    }
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$mail/$mail/g;
+    $l =~ s/\$uid/$uid/g;
+    $l =~ s/\$givenName/$givenName/g;
+    $l =~ s/\$sn/$sn/g;
+    $l =~ s/\$cn/$cn/g;
+    $l =~ s/\$phone/$phone/g;
+    $l =~ s/\$departmentNumber/$departmentNumber/g;
+    $l =~ s/\$employeeNumber/$employeeNumber/g;
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/format.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/format.cgi
new file mode 100755
index 000000000..9b310991d
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/format.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< format.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/formatso.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/formatso.cgi
new file mode 100755
index 000000000..d53129139
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/formatso.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< formatso.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/index.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/index.cgi
new file mode 100755
index 000000000..7f7a98869
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/index.cgi
@@ -0,0 +1,42 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "https://[SERVER_NAME]:[SECURE_PORT]/nk_service";
+print "</Operation>";
+print "<UI>";
+print "https://[SERVER_NAME]:[SECURE_PORT]/cgi-bin/sow/search.cgi";
+print "</UI>";
+print "<EnrolledTokenBrowserURL>";
+print "</EnrolledTokenBrowserURL>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/is_agent.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/is_agent.cgi
new file mode 100755
index 000000000..c6b6a87f7
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/is_agent.cgi
@@ -0,0 +1,69 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoIsAgent
+{
+
+  print "Content-type: text/xml\n\n";
+  
+  if (!&authorize()) {
+    return;
+  }
+
+  my $uid = $q->param('uid');
+
+  if(&is_agent("uid=$uid"))
+  {
+      print "<response>yes</response>\n";
+  }
+  else
+  {
+      print "<response>no</response>\n";
+  }
+
+}
+
+&DoIsAgent(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/is_user.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/is_user.cgi
new file mode 100755
index 000000000..d7a551421
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/is_user.cgi
@@ -0,0 +1,71 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+use CGI::Carp qw(fatalsToBrowser);
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoIsUser
+{
+
+  print "Content-type: text/xml\n\n";
+  
+  if (!&authorize()) {
+    return;
+  }
+
+  my $uid = $q->param('uid');
+
+  if(&is_user("uid=$uid"))
+  {
+      print "<response>yes</response>\n";
+  }
+  else
+  {
+      print "<response>no</response>\n";
+  }
+
+}
+
+&DoIsUser(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/main.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/main.cgi
new file mode 100755
index 000000000..c6f65e42e
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/main.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< main.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/noaccess.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/noaccess.cgi
new file mode 100755
index 000000000..17166bcb6
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/noaccess.cgi
@@ -0,0 +1,56 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+
+  open(FILE, "< noaccess.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/read.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/read.cgi
new file mode 100755
index 000000000..f95b7c914
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/read.cgi
@@ -0,0 +1,155 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $ldapsearch = get_ldapsearch();
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+  $name = "" if !defined $name;
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-x " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "\"(cn=" . $name . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $photoLarge = ""; # photo (full size)
+  my $photoSmall = ""; # photo (thumb)
+  my $height = "";
+  my $weight = "";
+  my $eyecolor = "";
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    } 
+    if (/uid: (.*)/) {
+      $uid = $1;
+    } 
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    } 
+    if (/sn: (.*)/) {
+      $sn = $1;
+    } 
+    if (/cn: (.*)/) {
+      $cn = $1;
+    } 
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    } 
+    if (/photoLarge: (.*)/) {
+      $photoLarge = $1;
+    } 
+    if (/photoSmall: (.*)/) {
+      $photoSmall = $1;
+    } 
+    if (/height: (.*)/) {
+      $height = $1;
+    } 
+    if (/weight: (.*)/) {
+      $weight = $1;
+    } 
+    if (/eyeColor: (.*)/) {
+      $eyecolor = $1;
+    } 
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/read_temp.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/read_temp.cgi
new file mode 100755
index 000000000..3741d6d1e
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/read_temp.cgi
@@ -0,0 +1,155 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $ldapsearch = get_ldapsearch();
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  my $q = new CGI;
+
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $name = $q->param('name');
+  my $uid = $q->param('name_ID');
+  $name = "" if !defined $name;
+
+  if ($name eq "") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=Name cannot be empty");
+    return;
+  }
+
+  my $tmpfile = "/tmp/read-$$.txt";
+  my $cmd = $ldapsearch . " " .
+            "-x " .
+            "-b \"" . $basedn . "\" " .
+            "-h \"" . $ldapHost . "\" " .
+            "-p \"" . $ldapPort ."\" " .
+            "\"(cn=" . $name . ")\" > " . $tmpfile;
+  system($cmd);
+
+  open(F, "<$tmpfile");
+
+  my $givenName = "-";
+  my $cn = "-";
+  my $sn = "-";
+  $uid = "-";
+  my $mail = "-";
+  my $phone = "-";
+  my $photoLarge = ""; # photo (full size)
+  my $photoSmall = ""; # photo (thumb)
+  my $height = "";
+  my $weight = "";
+  my $eyecolor = "";
+
+  # get ldap values into internal varibles
+  while (<F>) {
+    if (/mail: (.*)/) {
+      $mail = $1;
+    } 
+    if (/uid: (.*)/) {
+      $uid = $1;
+    } 
+    if (/givenName: (.*)/) {
+      $givenName = $1;
+    } 
+    if (/sn: (.*)/) {
+      $sn = $1;
+    } 
+    if (/cn: (.*)/) {
+      $cn = $1;
+    } 
+    if (/telephoneNumber: (.*)/) {
+      $phone = $1;
+    } 
+    if (/photoLarge: (.*)/) {
+      $photoLarge = $1;
+    } 
+    if (/photoSmall: (.*)/) {
+      $photoSmall = $1;
+    } 
+    if (/height: (.*)/) {
+      $height = $1;
+    } 
+    if (/weight: (.*)/) {
+      $weight = $1;
+    } 
+    if (/eyeColor: (.*)/) {
+      $eyecolor = $1;
+    } 
+  }
+  close(F);
+
+  system("rm $tmpfile");
+
+  if ($uid eq "-") {
+    print $q->redirect("/cgi-bin/sow/search.cgi?error=User $name not found");
+    return;
+  }
+
+  open(FILE, "< read_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$mail/$mail/g;
+      $l =~ s/\$uid/$uid/g;
+      $l =~ s/\$givenName/$givenName/g;
+      $l =~ s/\$sn/$sn/g;
+      $l =~ s/\$cn/$cn/g;
+      $l =~ s/\$phone/$phone/g;
+      $l =~ s/\$photoLarge/$photoLarge/g;
+      $l =~ s/\$photoSmall/$photoSmall/g;
+      $l =~ s/\$height/$height/g;
+      $l =~ s/\$weight/$weight/g;
+      $l =~ s/\$eyecolor/$eyecolor/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/search.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/search.cgi
new file mode 100755
index 000000000..e681ed100
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/search.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< search.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/search_temp.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/search_temp.cgi
new file mode 100755
index 000000000..5d752a49d
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/search_temp.cgi
@@ -0,0 +1,70 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+
+my $q = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $q->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< search_temp.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/seturl.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/seturl.cgi
new file mode 100755
index 000000000..dfac46d8f
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/seturl.cgi
@@ -0,0 +1,207 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+[REQUIRE_CFG_PL]
+
+use CGI;
+
+my $ldapHost = get_ldap_host();
+my $ldapPort = get_ldap_port();
+my $basedn = get_base_dn();
+my $host = get_host();
+my $port = get_port();
+my $secure_port = get_secure_port();
+
+$gQuery = new CGI;
+
+sub authorize
+{
+  my $client_dn = $ENV{'SSL_CLIENT_S_DN'};
+  $client_dn =~ tr/A-Z/a-z/; # all lower cases
+  $client_dn =~ s/\s+//g;    # remove all spacing
+
+  if (&is_agent($client_dn)) {
+    return 1;
+  }
+  return 0;
+}
+
+sub DoPage
+{
+  if (!&authorize()) {
+    print $gQuery->redirect("/cgi-bin/sow/noaccess.cgi");
+    return;
+  }
+
+  $gQueryAction = "default";
+  $gQueryOverrideAction = "default";
+
+  @gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+  $gQueryAction = $gQuery->param("action") if 
+            (defined $gQuery->param("action"));
+
+  $gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+  if ($gQueryOverrideAction ne "default") 
+  {
+    $gQueryAction = $gQueryOverrideAction;
+  }
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+  if ($gQueryAction eq "default")
+  {
+    GeneratePage(); 
+    exit 0;
+  }
+}
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GeneratePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< seturl.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    $l =~ s/\$host/$host/g;
+    $l =~ s/\$port/$port/g;
+    $l =~ s/\$secure_port/$secure_port/g;
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+
+&DoPage();
diff --git a/pki/base/tps/forms/esc/cgi-bin/sow/welcome.cgi b/pki/base/tps/forms/esc/cgi-bin/sow/welcome.cgi
new file mode 100755
index 000000000..bc76dd3fa
--- /dev/null
+++ b/pki/base/tps/forms/esc/cgi-bin/sow/welcome.cgi
@@ -0,0 +1,57 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use CGI;
+
+[REQUIRE_CFG_PL]
+
+
+my $host = get_host();
+my $secure_port = get_secure_port();
+my $port = get_port();
+
+my $q = new CGI;
+
+sub DoPage
+{
+
+  my $error = $q->param('error');
+  $error = "" if !defined $error;
+
+  open(FILE, "< welcome.html");
+
+  print $q->header();
+
+  while ($l = <FILE>)
+  {
+      $l =~ s/\$error/$error/g;
+      $l =~ s/\$host/$host/g;
+      $l =~ s/\$secure_port/$secure_port/g;
+      $l =~ s/\$port/$port/g;
+      print $l;
+  }
+
+  close(FILE);
+}
+
+&DoPage(); 
diff --git a/pki/base/tps/forms/esc/esc.cgi b/pki/base/tps/forms/esc/esc.cgi
new file mode 100755
index 000000000..70a93c0a0
--- /dev/null
+++ b/pki/base/tps/forms/esc/esc.cgi
@@ -0,0 +1,1239 @@
+#! /usr/bin/perl -w
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################################
+#    
+# Script: esc.cgi  
+# Author: Kin Blas ()
+# Date:   12/19/2003
+#
+# CGI.pm Docs:
+#    
+#    http://stein.cshl.org/WWW/software/CGI/
+#    
+########################################################################
+
+use CGI;
+
+$gQuery = new CGI;
+
+$gQueryAction = "default";
+$gQueryOverrideAction = "default";
+
+@gCookieNames = ("ascScreenName",
+                 "ascSubscriptionType",
+                 "ascBindings");
+
+$gQueryAction = $gQuery->param("action") if (defined $gQuery->param("action"));
+
+$gQueryOverrideAction = $gQuery->param("override_action") 
+				if (defined $gQuery->param("override_action"));
+
+if ($gQueryOverrideAction ne "default") 
+{
+  $gQueryAction = $gQueryOverrideAction;
+}
+
+########################################################################
+#
+# If no action was provided, we default to showing our
+# admin page!
+#
+#   http://www.foo.com/esc.cgi
+#
+########################################################################
+
+if ($gQueryAction eq "default")
+{
+  GenerateAdminPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# We aren't doing any admin functions, before proceeding
+# on to user specific functions, make sure we have a screen name
+# and that they are subscribed to a service.
+#
+########################################################################
+
+#if (!HaveScreenName() || $gQueryAction eq "screennamepage")
+#{
+#  GenerateScreenNamePage($gQueryAction);
+#  exit 0;
+#}
+
+LoadUserDatabase("default");
+
+########################################################################
+#
+# Subscribe?
+#
+#   http://www.foo.com/esc.cgi?action=subscribe
+#
+########################################################################
+
+#if ($gQueryAction eq "subscribe")
+#{
+#  SaveSubscription();
+#  $nextAction = GetNextAction();
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation);
+#  exit 0;
+#}
+
+#if (!IsSubscriber() || $gQueryAction eq "subscriptionpage")
+#{
+#  GenerateTOSPage($gQueryAction);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Show our cookie management page?
+#
+#   http://www.foo.com/esc.cgi?action=cookiepage
+#
+########################################################################
+
+#if ($gQueryAction eq "cookiepage")
+#{
+#  GenerateCookiesPage(); 
+#  exit 0;
+#}
+
+########################################################################
+#
+# Clear cookies?
+#
+#   http://www.foo.com/esc.cgi?action=clearAllCookies
+#
+########################################################################
+
+#if ($gQueryAction eq "removeCookies")
+#{
+#  @expCookies = ();
+#  foreach $cookie (@gCookieNames)
+#  {
+#    if (defined $gQuery->param($cookie))
+#    {
+#      $expCookies[$cookieCnt++] = CreateExpiredCookie($cookie);
+#    }
+#  }
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=cookiepage&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation,
+#                          -cookie=>\@expCookies);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Bind?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bind")
+{
+  UpdateBindingsForBind();
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=bind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# Unbind?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "unbind")
+{
+  UpdateBindingsForUnbind();
+
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&prevaction=unbind&screenname=".GetScreenName()."&keytype=".GetKeyType()."&keyid=".GetKeyID()."&keylabel=".GetKeyLabelArg();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# Label?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "label")
+{
+  UpdateBindingsForLabel();
+
+  $nextAction = GetNextAction();
+
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+########################################################################
+#
+# ScreenName?
+#
+#
+########################################################################
+
+#if ($gQueryAction eq "screenname")
+#{
+#  $nextAction = GetNextAction();
+#  $redirectLocation = $gQuery->url(-path_info=>1)."?action=$nextAction&screenname=".GetScreenName();
+#  print $gQuery->redirect(-uri=>$redirectLocation);
+#  exit 0;
+#}
+
+########################################################################
+#
+# Check if we are displaying the label page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "labelpage")
+{
+  my $nextAction = GetNextAction();
+  $nextAction = "bindpage" if ($nextAction eq $gQueryAction);
+
+  my $keyType = GetKeyType();
+  my $keyId = GetKeyID();
+
+  GenerateLabelPage($keyType, $keyId, $nextAction);
+  exit 0;
+}
+
+########################################################################
+#
+# Show our enrollment page?
+#
+#   http://www.foo.com/esc.cgi?action=enrollmentpage
+#
+########################################################################
+
+if ($gQueryAction eq "enrollmentpage")
+{
+  GenerateEnrollmentPage(); 
+  exit 0;
+}
+
+if ($gQueryAction eq "advancepage")
+{
+  GenerateAdvancePage(); 
+  exit 0;
+}
+
+if ($gQueryAction eq "tokenmanagerpage")
+{
+  GenerateTokenManagerPage(); 
+  exit 0;
+}
+
+if($gQueryAction eq "authenticate")
+{
+
+   GenerateAuthenticationPage();
+   exit 0;
+}
+ 
+if ($gQueryAction eq "autoenroll")
+{
+  GenerateAutoEnrollmentPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# Show our ticket request page?
+#
+#
+########################################################################
+
+if ($gQueryAction eq "ticketreqpage")
+{
+  GenerateTicketRequestPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# Show our load external url page?
+#
+#   http://www.foo.com/esc.cgi?action=loadurlpage
+#
+########################################################################
+
+
+if ($gQueryAction eq "loadurl")
+{
+  $nextAction = GetNextAction();
+  $redirectLocation = $gQuery->param('url');
+  print $gQuery->redirect(-uri=>$redirectLocation);
+  exit 0;
+}
+
+if ($gQueryAction eq "loadurlpage")
+{
+  GenerateLoadURLPage(); 
+  exit 0;
+}
+
+########################################################################
+#
+# User is subscribed, check if we are displaying the
+# settings page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "settingspage")
+{
+  GenerateSettingsPage();
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the set label page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "setlabelpage")
+{
+  GenerateSetLabelPage();
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the bind/unbind progress page!
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindprogresspage")
+{
+  GenerateBindProgressPage("bind");
+  exit 0;
+}
+
+if ($gQueryAction eq "unbindprogresspage")
+{
+  GenerateBindProgressPage("unbind");
+  exit 0;
+}
+
+########################################################################
+#
+# Check if we are displaying the bind/unbind success page!
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindsuccesspage")
+{
+  GenerateBindSuccessPage("bind");
+  exit 0;
+}
+
+if ($gQueryAction eq "unbindsuccesspage")
+{
+  GenerateBindSuccessPage("unbind");
+  exit 0;
+}
+
+########################################################################
+#
+# XXX: Lose this code!
+# User is subscribed, check if we are displaying the
+# binding page.
+#
+#
+########################################################################
+
+if ($gQueryAction eq "bindpage")
+{
+  GenerateBindingConfigPage();
+  exit 0;
+}
+
+print "<html><body><H1> Unknown Query Action ";
+print $qQueryAction;
+print "</H1></body></html>";
+exit 0;
+
+########################################################################
+#
+#
+########################################################################
+
+
+sub ExitError
+{
+  my($str) = @_;
+  print $gQuery->header(), $gQuery->start_html(), $str, $gQuery->end_html();
+  exit 0;
+}
+
+sub GetScreenName
+{
+  my $sn = "";
+
+  if (defined $gQuery->param("screenname"))
+  {
+    $sn = $gQuery->param("screenname");
+  } else {
+    $sn = "default";
+  }
+
+  return $sn;
+}
+
+sub GetKeyType
+{
+  my $keyType = 0;
+
+  if (defined $gQuery->param("keytype"))
+  {
+    $keyType = $gQuery->param("keytype");
+  }
+
+  return $keyType;
+}
+
+sub GetKeyID
+{
+  my $keyID = "";
+
+  if (defined $gQuery->param("keyid"))
+  {
+    $keyID = $gQuery->param("keyid");
+  }
+
+  return $keyID;
+}
+
+sub GetKeyLabelArg
+{
+  my $keyLabel = "";
+
+  if (defined $gQuery->param("keylabel"))
+  {
+    $keyLabel = $gQuery->param("keylabel");
+  }
+
+  return $keyLabel;
+}
+
+sub HaveScreenName
+{
+  return 1 if (GetScreenName() ne "");
+  return 0;
+}
+
+sub IsSubscriber
+{
+  my $subType = $gUserObj{'SUBSCRIPTION'};
+  return 1 if ($subType eq "HouseKey" || $subType eq "NetKey");
+
+  return 0;
+}
+
+sub GetNextAction
+{
+  my($nextActn) = "default";
+
+  if (defined $gQuery->param('nextaction'))
+  {
+    $nextActn = $gQuery->param('nextaction');
+  }
+  elsif (defined $gQuery->param('action'))
+  {
+    $nextActn = $gQuery->param('action');
+  }
+
+  return $nextActn;
+}
+
+sub GenerateAdminPage()
+{
+  my ($l);
+
+  ExitError("Failed to load Admin Page") if (!open(ADMIN_FILE, "< ./AdminEsc.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ADMIN_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    print $l;
+  }
+  close(ADMIN_FILE);
+}
+
+sub GenerateCookiesPage()
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load TOS Page") if (!open(COOKIE_FILE, "< Cookies.html"));
+
+  print $gQuery->header();
+
+  while ($l = <COOKIE_FILE>)
+  {
+    if ($l =~ /SECURECOOL_COOKIE_LIST/)
+    {
+      my @cookies = $gQuery->cookie();
+      if (@cookies < 1)
+      {
+        print "No ASC Cookies currently defined!<br>\n";
+      }
+      else
+      {
+        my $cookieName;
+        foreach $cookieName (@cookies)
+        {
+          #
+          # Display only ASC related cookies!
+          #
+
+          if ($cookieName =~ /^asc/)
+          {
+            print "<tr><td valign=\"center\" align=\"center\"><input type=\"checkbox\" name=\"$cookieName\"></td><td>$cookieName</td><td>", $gQuery->cookie($cookieName), "</td></tr>\n";
+          }
+        }
+        print "<br>\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(COOKIE_FILE);
+}
+
+sub GenerateScreenNamePage
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load ScreenName Page") if (!open(SN_FILE, "< ScreenName.html"));
+
+  print $gQuery->header();
+
+  my $sn = GetScreenName();
+
+  while ($l = <SN_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      if ($nextPage)
+      {
+        print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n";
+        print "<input type=\"hidden\" name=\"screenname\" value=\"$sn\">\n";
+      }
+
+      if ($sn)
+      {
+        print "<script>document.getElementById('screenname').value = \"$sn\"</script>\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(SN_FILE);
+}
+
+sub GenerateTOSPage
+{
+  my ($nextPage) = @_;
+
+  my ($l);
+
+  ExitError("Failed to load TOS Page") if (!open(TOS_FILE, "< Subscribe.html"));
+
+  print $gQuery->header();
+
+  while ($l = <TOS_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      if ($nextPage)
+      {
+        print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextPage\">\n";
+        print "<input type=\"hidden\" name=\"screenname\" value=\"". GetScreenName() ."\">\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(TOS_FILE);
+}
+
+sub GenerateSettingsPage
+{
+  my ($l);
+
+  ExitError("Failed to load settings page!") if (!open(SETTINGS_FILE, "< SettingsEsc.html"));
+
+  print $gQuery->header();
+
+  while ($l = <SETTINGS_FILE>)
+  {
+    if ($l =~ /SECURECOOL_BINDINGS_ARRAY/)
+    {
+      my(@curBindings) = GetBindings();
+      my $arrSize = scalar(@curBindings);
+      my($i);
+
+      for ($i = 0; $i < $arrSize; $i++)
+      {
+        my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]);
+        print "  [ $keyType, \"$keyId\", \"$keyLabel\" ]";
+        print "," if ($arrSize > 1 && $i != $arrSize - 1);
+        print "\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(SETTINGS_FILE);
+}
+
+sub GenerateSetLabelPage
+{
+  my ($l);
+
+  ExitError("Failed to open label page!") if (!open(LABEL_PAGE, "< Label.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  $defLabel = $keyID;
+  $defLabel =~ s/^[0-9a-fA-F]{12}//;
+  $defLabel = "$sn-$defLabel";
+
+  print $gQuery->header();
+
+  while ($l = <LABEL_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$defLabel/g;
+    }
+    print $l;
+  }
+  close(LABEL_FILE);
+}
+
+sub GenerateBindProgressPage
+{
+  my ($action) = @_;
+  my ($l);
+
+  ExitError("Failed to open progress page!") if (!open(PROG_PAGE, "< Progress.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  my $keyLabel = "";
+
+  if ($action eq "bind")
+  {
+    $keyLabel = GetKeyLabelArg();
+    ExitError("Failed to get a valid keyLabel!") if (! $keyLabel);
+  }
+
+  print $gQuery->header();
+
+  while ($l = <PROG_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_ACTION *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_CHALLENGEDATA *-->/)
+    {
+      $challengeData = "";
+      $challengeData = "QVNDIHJvY2tzIHRoZSBwYXJ0eSE=" if ($action eq "bind");
+
+      $l =~ s/<!-- *SECURECOOL_CHALLENGEDATA *-->/$challengeData/g;
+    }
+    print $l;
+  }
+  close(PROG_PAGE);
+}
+
+sub GenerateBindSuccessPage
+{
+  my ($action) = @_;
+  my ($l);
+
+  ExitError("Failed to open progress page!") if (!open(SUCCESS_PAGE, "< BindSuccess.html"));
+
+  my $sn = GetScreenName();
+  ExitError("Failed to get a valid screen name!") if (! $sn);
+
+  my $keyType = GetKeyType();
+  my $keyID = GetKeyID();
+  ExitError("Failed to get a valid keyID!") if (! $keyID);
+
+  my $keyLabel = "";
+  
+  if ($action eq "bind")
+  {
+    $keyLabel = GetKeyLabelArg();
+    ExitError("Failed to get a valid keyLabel!") if (! $keyLabel);
+  }
+
+  print $gQuery->header();
+
+  while ($l = <SUCCESS_PAGE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYTYPE *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYTYPE *-->/$keyType/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYID *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYID *-->/$keyID/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_KEYLABEL *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_KEYLABEL *-->/$keyLabel/g;
+    }
+    if ($l =~ /<!-- *SECURECOOL_ACTION *-->/)
+    {
+      $l =~ s/<!-- *SECURECOOL_ACTION *-->/$action/g;
+    }
+    print $l;
+  }
+  close(SUCCESS_PAGE);
+}
+
+sub GenerateBindingConfigPage
+{
+  my ($l);
+
+  ExitError("Failed to load binding page!") if (!open(BINDING_FILE, "< Bindings.html"));
+
+  print $gQuery->header();
+
+  while ($l = <BINDING_FILE>)
+  {
+    if ($l =~ /SECURECOOL_BINDINGS_ARRAY/)
+    {
+      my(@curBindings) = GetBindings();
+      my $arrSize = scalar(@curBindings);
+      my($i);
+
+      for ($i = 0; $i < $arrSize; $i++)
+      {
+        my($keyType, $keyId, $keyLabel) = split(/&/, $curBindings[$i]);
+        print "  [ $keyType, \"$keyId\", \"$keyLabel\" ]";
+        print "," if ($arrSize > 1 && $i != $arrSize - 1);
+        print "\n";
+      }
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(BINDING_FILE);
+}
+
+sub GetKeyLabel
+{
+  my($keyType, $keyId) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($numBindings) = scalar(@curBindings);
+
+  while($numBindings > 0)
+  {
+    --$numBindings;
+    if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/)
+    {
+      my($ktype, $id, $lbl) = split(/&/, $curBindings[$numBindings]);
+      return $lbl;
+    }
+  }
+
+  return "";
+}
+
+sub GenerateLabelPage
+{
+  my($keyType, $keyId, $nextAction) = @_;
+  my($keyLabel) = GetKeyLabel($keyType, $keyId);
+
+  return if ($keyLabel eq "");
+
+  my ($l);
+
+  ExitError("Failed to load label page!") if (!open(EDIT_LABEL_FILE, "< EditLabel.html"));
+
+  print $gQuery->header();
+
+  while ($l = <EDIT_LABEL_FILE>)
+  {
+    if ($l =~ /SECURECOOL_NEXTACTION_INPUT_TAG/)
+    {
+      print "<input type=\"hidden\" name=\"nextaction\" value=\"$nextAction\">\n";
+      print "<input type=\"hidden\" name=\"keytype\" value=\"$keyType\">\n";
+      print "<input type=\"hidden\" name=\"keyid\" value=\"$keyId\">\n";
+      print "<input type=\"hidden\" name=\"keylabel\" value=\"$keyLabel\">\n";
+      print "<input type=\"hidden\" name=\"screenname\" value=\"".GetScreenName()."\">\n";
+    }
+    elsif ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+  close(EDIT_LABEL_FILE);
+}
+
+sub GenerateAutoEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    print $l;
+  }
+
+  close(ENROLL_FILE);
+}
+sub GenerateAuthenticationPage
+{
+  my ($l); 
+  ExitError("Failed to load enrollment page!") if (!open(AUTH_FILE, "< GenericAuth.html"));
+
+  print $gQuery->header();
+
+  while ($l = <AUTH_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(AUTH_FILE);
+}
+
+sub GenerateEnrollmentPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< EnrollPopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateAdvancePage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< AdvancePopup.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateTokenManagerPage
+{
+  my ($l);
+
+  ExitError("Failed to load enrollment page!") if (!open(ENROLL_FILE, "< TokenManager.html"));
+
+  print $gQuery->header();
+
+  while ($l = <ENROLL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(ENROLL_FILE);
+}
+
+sub GenerateTicketRequestPage
+{
+  my ($l);
+
+  ExitError("Failed to load ticket request page!") if (!open(TICKETREQ_FILE, "< Ticket.html"));
+
+  print $gQuery->header();
+
+  while ($l = <TICKETREQ_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(TICKETREQ_FILE);
+}
+
+sub GenerateLoadURLPage
+{
+  my ($l);
+
+  ExitError("Failed to load url request page!") if (!open(LOADURL_FILE, "< LoadURL.html"));
+
+  print $gQuery->header();
+
+  while ($l = <LOADURL_FILE>)
+  {
+    if ($l =~ /<!-- *SECURECOOL_SCREENNAME *-->/)
+    {
+      my $sn = GetScreenName();
+      $l =~ s/<!-- *SECURECOOL_SCREENNAME *-->/$sn/g;
+      print $l;
+    }
+    else
+    {
+      print $l;
+    }
+  }
+
+  close(LOADURL_FILE);
+}
+
+sub CreateExpiredCookie
+{
+  my($cookieName) = @_;
+  my $cookie = $gQuery->cookie(-name=>$cookieName,
+                               -value=>'',
+                               -expires=>'-2d',
+                               -path=>$gQuery->url(-absolute=>1),
+                               -domain=>$gQuery->server_name());
+  return $cookie;
+
+}
+
+sub SaveSubscription
+{
+  
+  $gUserObj{'SUBSCRIPTION'} = $gQuery->param("subscriptiontype");
+  SaveUserDatabase(GetScreenName());
+}
+
+sub GetBindings
+{
+  my $bindings = $gUserObj{'BINDINGS'};
+  return @$bindings;
+}
+
+sub BindingsArrayToString
+{
+  my(@bindings) = @_;
+  my $i;
+  my $str = "";
+
+  for ($i = 0; $i < @bindings; $i++)
+  {
+    if ($bindings[$i] ne "")
+    {
+      $str .= "&" if ($str ne "");
+      $str .= ASCUrlEncode($bindings[$i]);
+    }
+  }
+
+  return $str;
+}
+
+sub AddItemToBindings
+{
+  my($keyType, $keyId, $keyLabel) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($pos) = scalar(@curBindings);
+
+  # First check to see if the key already  exists in
+  # the  cookie! If it does, we'll just overwrite it.
+
+  my($i) = $pos;
+  while($i > 0)
+  {
+    --$i;
+    if ($curBindings[$i] =~ /^$keyType&$keyId&/)
+    {
+      $pos = $i;
+      last;
+    }
+  }
+
+  $curBindings[$pos] = "$keyType&$keyId&$keyLabel";
+
+  $gUserObj{'BINDINGS'} = \@curBindings;
+  #SaveUserDatabase(GetScreenName());
+}
+
+sub RemoveItemFromBindings
+{
+  my($keyType, $keyId) = @_;
+
+  my(@curBindings) = GetBindings();
+  my($numBindings) = scalar(@curBindings);
+  my @newBindings;
+
+  while($numBindings > 0)
+  {
+    --$numBindings;
+    next if ($curBindings[$numBindings] =~ /^$keyType&$keyId&/);
+    push @newBindings, $curBindings[$numBindings];
+  }
+
+  $gUserObj{'BINDINGS'} = \@newBindings;
+  #SaveUserDatabase(GetScreenName());
+}
+
+sub UpdateBindingsForBind
+{
+  return if (! defined $gQuery->param("keytype"));
+  my($keyType) = $gQuery->param("keytype");
+
+  return if (! defined $gQuery->param("keyid"));
+  my($keyId) = $gQuery->param("keyid");
+
+  return if (! defined $gQuery->param("keylabel"));
+  my($keyLabel) = $gQuery->param("keylabel");
+
+  return AddItemToBindings($keyType, $keyId, $keyLabel);
+}
+
+sub UpdateBindingsForUnbind
+{
+  return if (! defined $gQuery->param("keytype"));
+  my($keyType) = $gQuery->param("keytype");
+
+  return if (! defined $gQuery->param("keyid"));
+  my($keyId) = $gQuery->param("keyid");
+
+  return RemoveItemFromBindings($keyType, $keyId,);
+}
+
+sub UpdateBindingsForLabel
+{
+  return UpdateBindingsForBind();
+}
+
+sub ASCUrlDecode
+{
+  my($qstr) = @_;
+  $qstr =~ s/\+/ /g;
+  $qstr =~ s/%([0-9A-F]{2})/pack("C", hex($1))/eig;
+  return $qstr;
+}
+
+sub ASCUrlEncode
+{
+  my($qstr) = @_;
+  $qstr =~ s/([^a-zA-Z0-9_ ])/sprintf("%%%.2X", unpack("C", $1))/eig;
+  $qstr =~ s/ /+/g;
+  return $qstr;
+}
+
+sub LoadUserDatabase
+{
+  my($sn) = @_; 
+
+  $gUserObj{'SUBSCRIPTION'}  = "";
+
+  $gUserObj{'BINDINGS'} = "";
+  return;
+
+}
+
+sub SaveUserDatabase
+{
+  my($sn) = @_;
+  my($snfile) = "UserDatabase/$sn";
+
+  return;
+
+}
diff --git a/pki/base/tps/forms/esc/home.cgi b/pki/base/tps/forms/esc/home.cgi
new file mode 100755
index 000000000..5fdf5ecf8
--- /dev/null
+++ b/pki/base/tps/forms/esc/home.cgi
@@ -0,0 +1,40 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+print "Content-type: text/xml\n\n";
+print "<\?xml version=\"1.0\" encoding=\"UTF-8\"\?>";
+print "<ServiceInfo>";
+print "<IssuerName>";
+print "Fedora Project";   # Vendor
+print "</IssuerName>\n";
+print "<Services>";
+print "<Operation>";
+print "http://machine.fedora.redhat.com:7888/nk_service";
+print "</Operation>";
+print "<UI>";
+print "http://machine.fedora.redhat.com:7888/cgi-bin/esc.cgi";
+print "</UI>";
+print "</Services>";
+print "</ServiceInfo>";
diff --git a/pki/base/tps/forms/index.cgi b/pki/base/tps/forms/index.cgi
new file mode 100755
index 000000000..0e643166b
--- /dev/null
+++ b/pki/base/tps/forms/index.cgi
@@ -0,0 +1,76 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package op;
+
+use lib $ENV{DOCUMENT_ROOT} . "/../lib/perl";
+
+use CGI;
+use PKI::Service::Op;
+use Template::Velocity;
+use PKI::Base::Conf;
+use PKI::Base::Registry;
+
+use vars qw (@ISA);
+use PKI::Service::Op;
+@ISA = qw(PKI::Service::Op);
+
+sub new {
+  my $self = {};
+  bless ($self);
+  return $self;
+}
+
+sub process()
+{
+  my $self = shift;
+
+  my $q = CGI->new();
+
+  my $docroot = PKI::Base::Registry->get_docroot();
+  my $parser = PKI::Base::Registry->get_parser();
+  my $cfg = PKI::Base::Registry->get_config();
+
+  $self->debug_params($cfg, $q);
+
+  $::symbol{machineName} = $cfg->get("service.machineName");
+  $::symbol{non_clientauth_securePort} = $cfg->get("service.non_clientauth_securePort");
+  $::symbol{securePort} = $cfg->get("service.securePort");
+  $::symbol{unsecurePort} = $cfg->get("service.unsecurePort");
+
+  my $result = $parser->execute_file("index.vm");
+
+  my $xml = $q->param('xml');
+  if ($xml eq "true") {
+    print "Content-Type: text/xml\n\n";
+    print $self->xml_output(\%::symbol);
+  } else {
+    print "Content-Type: text/html\n\n";
+    print "$result";
+  }
+}
+
+
+my $op = op->new();
+$op->execute();
diff --git a/pki/base/tps/forms/index.html b/pki/base/tps/forms/index.html
new file mode 100644
index 000000000..b225251a1
--- /dev/null
+++ b/pki/base/tps/forms/index.html
@@ -0,0 +1,22 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation;
+     version 2.1 of the License.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<META HTTP-EQUIV="Refresh" CONTENT="0; URL=/index.cgi">
+</html>
diff --git a/pki/base/tps/install-sh b/pki/base/tps/install-sh
new file mode 100755
index 000000000..6781b987b
--- /dev/null
+++ b/pki/base/tps/install-sh
@@ -0,0 +1,520 @@
+#!/bin/sh
+# install - install a program, script, or datafile
+
+scriptversion=2009-04-28.21; # UTC
+
+# This originates from X11R5 (mit/util/scripts/install.sh), which was
+# later released in X11R6 (xc/config/util/install.sh) with the
+# following copyright and license.
+#
+# Copyright (C) 1994 X Consortium
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.  IN NO EVENT SHALL THE
+# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN
+# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC-
+# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+# Except as contained in this notice, the name of the X Consortium shall not
+# be used in advertising or otherwise to promote the sale, use or other deal-
+# ings in this Software without prior written authorization from the X Consor-
+# tium.
+#
+#
+# FSF changes to this file are in the public domain.
+#
+# Calling this script install-sh is preferred over install.sh, to prevent
+# `make' implicit rules from creating a file called install from it
+# when there is no Makefile.
+#
+# This script is compatible with the BSD install script, but was written
+# from scratch.
+
+nl='
+'
+IFS=" ""	$nl"
+
+# set DOITPROG to echo to test this script
+
+# Don't use :- since 4.3BSD and earlier shells don't like it.
+doit=${DOITPROG-}
+if test -z "$doit"; then
+  doit_exec=exec
+else
+  doit_exec=$doit
+fi
+
+# Put in absolute file names if you don't have them in your path;
+# or use environment vars.
+
+chgrpprog=${CHGRPPROG-chgrp}
+chmodprog=${CHMODPROG-chmod}
+chownprog=${CHOWNPROG-chown}
+cmpprog=${CMPPROG-cmp}
+cpprog=${CPPROG-cp}
+mkdirprog=${MKDIRPROG-mkdir}
+mvprog=${MVPROG-mv}
+rmprog=${RMPROG-rm}
+stripprog=${STRIPPROG-strip}
+
+posix_glob='?'
+initialize_posix_glob='
+  test "$posix_glob" != "?" || {
+    if (set -f) 2>/dev/null; then
+      posix_glob=
+    else
+      posix_glob=:
+    fi
+  }
+'
+
+posix_mkdir=
+
+# Desired mode of installed file.
+mode=0755
+
+chgrpcmd=
+chmodcmd=$chmodprog
+chowncmd=
+mvcmd=$mvprog
+rmcmd="$rmprog -f"
+stripcmd=
+
+src=
+dst=
+dir_arg=
+dst_arg=
+
+copy_on_change=false
+no_target_directory=
+
+usage="\
+Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE
+   or: $0 [OPTION]... SRCFILES... DIRECTORY
+   or: $0 [OPTION]... -t DIRECTORY SRCFILES...
+   or: $0 [OPTION]... -d DIRECTORIES...
+
+In the 1st form, copy SRCFILE to DSTFILE.
+In the 2nd and 3rd, copy all SRCFILES to DIRECTORY.
+In the 4th, create DIRECTORIES.
+
+Options:
+     --help     display this help and exit.
+     --version  display version info and exit.
+
+  -c            (ignored)
+  -C            install only if different (preserve the last data modification time)
+  -d            create directories instead of installing files.
+  -g GROUP      $chgrpprog installed files to GROUP.
+  -m MODE       $chmodprog installed files to MODE.
+  -o USER       $chownprog installed files to USER.
+  -s            $stripprog installed files.
+  -t DIRECTORY  install into DIRECTORY.
+  -T            report an error if DSTFILE is a directory.
+
+Environment variables override the default commands:
+  CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG
+  RMPROG STRIPPROG
+"
+
+while test $# -ne 0; do
+  case $1 in
+    -c) ;;
+
+    -C) copy_on_change=true;;
+
+    -d) dir_arg=true;;
+
+    -g) chgrpcmd="$chgrpprog $2"
+	shift;;
+
+    --help) echo "$usage"; exit $?;;
+
+    -m) mode=$2
+	case $mode in
+	  *' '* | *'	'* | *'
+'*	  | *'*'* | *'?'* | *'['*)
+	    echo "$0: invalid mode: $mode" >&2
+	    exit 1;;
+	esac
+	shift;;
+
+    -o) chowncmd="$chownprog $2"
+	shift;;
+
+    -s) stripcmd=$stripprog;;
+
+    -t) dst_arg=$2
+	shift;;
+
+    -T) no_target_directory=true;;
+
+    --version) echo "$0 $scriptversion"; exit $?;;
+
+    --)	shift
+	break;;
+
+    -*)	echo "$0: invalid option: $1" >&2
+	exit 1;;
+
+    *)  break;;
+  esac
+  shift
+done
+
+if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then
+  # When -d is used, all remaining arguments are directories to create.
+  # When -t is used, the destination is already specified.
+  # Otherwise, the last argument is the destination.  Remove it from $@.
+  for arg
+  do
+    if test -n "$dst_arg"; then
+      # $@ is not empty: it contains at least $arg.
+      set fnord "$@" "$dst_arg"
+      shift # fnord
+    fi
+    shift # arg
+    dst_arg=$arg
+  done
+fi
+
+if test $# -eq 0; then
+  if test -z "$dir_arg"; then
+    echo "$0: no input file specified." >&2
+    exit 1
+  fi
+  # It's OK to call `install-sh -d' without argument.
+  # This can happen when creating conditional directories.
+  exit 0
+fi
+
+if test -z "$dir_arg"; then
+  trap '(exit $?); exit' 1 2 13 15
+
+  # Set umask so as not to create temps with too-generous modes.
+  # However, 'strip' requires both read and write access to temps.
+  case $mode in
+    # Optimize common cases.
+    *644) cp_umask=133;;
+    *755) cp_umask=22;;
+
+    *[0-7])
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw='% 200'
+      fi
+      cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;;
+    *)
+      if test -z "$stripcmd"; then
+	u_plus_rw=
+      else
+	u_plus_rw=,u+rw
+      fi
+      cp_umask=$mode$u_plus_rw;;
+  esac
+fi
+
+for src
+do
+  # Protect names starting with `-'.
+  case $src in
+    -*) src=./$src;;
+  esac
+
+  if test -n "$dir_arg"; then
+    dst=$src
+    dstdir=$dst
+    test -d "$dstdir"
+    dstdir_status=$?
+  else
+
+    # Waiting for this to be detected by the "$cpprog $src $dsttmp" command
+    # might cause directories to be created, which would be especially bad
+    # if $src (and thus $dsttmp) contains '*'.
+    if test ! -f "$src" && test ! -d "$src"; then
+      echo "$0: $src does not exist." >&2
+      exit 1
+    fi
+
+    if test -z "$dst_arg"; then
+      echo "$0: no destination specified." >&2
+      exit 1
+    fi
+
+    dst=$dst_arg
+    # Protect names starting with `-'.
+    case $dst in
+      -*) dst=./$dst;;
+    esac
+
+    # If destination is a directory, append the input filename; won't work
+    # if double slashes aren't ignored.
+    if test -d "$dst"; then
+      if test -n "$no_target_directory"; then
+	echo "$0: $dst_arg: Is a directory" >&2
+	exit 1
+      fi
+      dstdir=$dst
+      dst=$dstdir/`basename "$src"`
+      dstdir_status=0
+    else
+      # Prefer dirname, but fall back on a substitute if dirname fails.
+      dstdir=`
+	(dirname "$dst") 2>/dev/null ||
+	expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \
+	     X"$dst" : 'X\(//\)[^/]' \| \
+	     X"$dst" : 'X\(//\)$' \| \
+	     X"$dst" : 'X\(/\)' \| . 2>/dev/null ||
+	echo X"$dst" |
+	    sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)[^/].*/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\/\)$/{
+		   s//\1/
+		   q
+		 }
+		 /^X\(\/\).*/{
+		   s//\1/
+		   q
+		 }
+		 s/.*/./; q'
+      `
+
+      test -d "$dstdir"
+      dstdir_status=$?
+    fi
+  fi
+
+  obsolete_mkdir_used=false
+
+  if test $dstdir_status != 0; then
+    case $posix_mkdir in
+      '')
+	# Create intermediate dirs using mode 755 as modified by the umask.
+	# This is like FreeBSD 'install' as of 1997-10-28.
+	umask=`umask`
+	case $stripcmd.$umask in
+	  # Optimize common cases.
+	  *[2367][2367]) mkdir_umask=$umask;;
+	  .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;;
+
+	  *[0-7])
+	    mkdir_umask=`expr $umask + 22 \
+	      - $umask % 100 % 40 + $umask % 20 \
+	      - $umask % 10 % 4 + $umask % 2
+	    `;;
+	  *) mkdir_umask=$umask,go-w;;
+	esac
+
+	# With -d, create the new directory with the user-specified mode.
+	# Otherwise, rely on $mkdir_umask.
+	if test -n "$dir_arg"; then
+	  mkdir_mode=-m$mode
+	else
+	  mkdir_mode=
+	fi
+
+	posix_mkdir=false
+	case $umask in
+	  *[123567][0-7][0-7])
+	    # POSIX mkdir -p sets u+wx bits regardless of umask, which
+	    # is incompatible with FreeBSD 'install' when (umask & 300) != 0.
+	    ;;
+	  *)
+	    tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$
+	    trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0
+
+	    if (umask $mkdir_umask &&
+		exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1
+	    then
+	      if test -z "$dir_arg" || {
+		   # Check for POSIX incompatibilities with -m.
+		   # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or
+		   # other-writeable bit of parent directory when it shouldn't.
+		   # FreeBSD 6.1 mkdir -m -p sets mode of existing directory.
+		   ls_ld_tmpdir=`ls -ld "$tmpdir"`
+		   case $ls_ld_tmpdir in
+		     d????-?r-*) different_mode=700;;
+		     d????-?--*) different_mode=755;;
+		     *) false;;
+		   esac &&
+		   $mkdirprog -m$different_mode -p -- "$tmpdir" && {
+		     ls_ld_tmpdir_1=`ls -ld "$tmpdir"`
+		     test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1"
+		   }
+		 }
+	      then posix_mkdir=:
+	      fi
+	      rmdir "$tmpdir/d" "$tmpdir"
+	    else
+	      # Remove any dirs left behind by ancient mkdir implementations.
+	      rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null
+	    fi
+	    trap '' 0;;
+	esac;;
+    esac
+
+    if
+      $posix_mkdir && (
+	umask $mkdir_umask &&
+	$doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir"
+      )
+    then :
+    else
+
+      # The umask is ridiculous, or mkdir does not conform to POSIX,
+      # or it failed possibly due to a race condition.  Create the
+      # directory the slow way, step by step, checking for races as we go.
+
+      case $dstdir in
+	/*) prefix='/';;
+	-*) prefix='./';;
+	*)  prefix='';;
+      esac
+
+      eval "$initialize_posix_glob"
+
+      oIFS=$IFS
+      IFS=/
+      $posix_glob set -f
+      set fnord $dstdir
+      shift
+      $posix_glob set +f
+      IFS=$oIFS
+
+      prefixes=
+
+      for d
+      do
+	test -z "$d" && continue
+
+	prefix=$prefix$d
+	if test -d "$prefix"; then
+	  prefixes=
+	else
+	  if $posix_mkdir; then
+	    (umask=$mkdir_umask &&
+	     $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break
+	    # Don't fail if two instances are running concurrently.
+	    test -d "$prefix" || exit 1
+	  else
+	    case $prefix in
+	      *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;;
+	      *) qprefix=$prefix;;
+	    esac
+	    prefixes="$prefixes '$qprefix'"
+	  fi
+	fi
+	prefix=$prefix/
+      done
+
+      if test -n "$prefixes"; then
+	# Don't fail if two instances are running concurrently.
+	(umask $mkdir_umask &&
+	 eval "\$doit_exec \$mkdirprog $prefixes") ||
+	  test -d "$dstdir" || exit 1
+	obsolete_mkdir_used=true
+      fi
+    fi
+  fi
+
+  if test -n "$dir_arg"; then
+    { test -z "$chowncmd" || $doit $chowncmd "$dst"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } &&
+    { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false ||
+      test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1
+  else
+
+    # Make a couple of temp file names in the proper directory.
+    dsttmp=$dstdir/_inst.$$_
+    rmtmp=$dstdir/_rm.$$_
+
+    # Trap to clean up those temp files at exit.
+    trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0
+
+    # Copy the file name to the temp name.
+    (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") &&
+
+    # and set any options; do chmod last to preserve setuid bits.
+    #
+    # If any of these fail, we abort the whole thing.  If we want to
+    # ignore errors from any of these, just make sure not to ignore
+    # errors from the above "$doit $cpprog $src $dsttmp" command.
+    #
+    { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } &&
+    { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } &&
+    { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } &&
+    { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } &&
+
+    # If -C, don't bother to copy if it wouldn't change the file.
+    if $copy_on_change &&
+       old=`LC_ALL=C ls -dlL "$dst"	2>/dev/null` &&
+       new=`LC_ALL=C ls -dlL "$dsttmp"	2>/dev/null` &&
+
+       eval "$initialize_posix_glob" &&
+       $posix_glob set -f &&
+       set X $old && old=:$2:$4:$5:$6 &&
+       set X $new && new=:$2:$4:$5:$6 &&
+       $posix_glob set +f &&
+
+       test "$old" = "$new" &&
+       $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1
+    then
+      rm -f "$dsttmp"
+    else
+      # Rename the file to the real destination.
+      $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null ||
+
+      # The rename failed, perhaps because mv can't rename something else
+      # to itself, or perhaps because mv is so ancient that it does not
+      # support -f.
+      {
+	# Now remove or move aside any old file at destination location.
+	# We try this two ways since rm can't unlink itself on some
+	# systems and the destination file might be busy for other
+	# reasons.  In this case, the final cleanup might fail but the new
+	# file should still install successfully.
+	{
+	  test ! -f "$dst" ||
+	  $doit $rmcmd -f "$dst" 2>/dev/null ||
+	  { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null &&
+	    { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; }
+	  } ||
+	  { echo "$0: cannot unlink or rename $dst" >&2
+	    (exit 1); exit 1
+	  }
+	} &&
+
+	# Now rename the file to the real destination.
+	$doit $mvcmd "$dsttmp" "$dst"
+      }
+    fi || exit 1
+
+    trap '' 0
+  fi
+done
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/pki/base/tps/lib/perl/PKI/Base/Conf.pm b/pki/base/tps/lib/perl/PKI/Base/Conf.pm
new file mode 100755
index 000000000..895ab28a3
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/Base/Conf.pm
@@ -0,0 +1,130 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package PKI::Base::Conf;
+
+use strict;
+use warnings;
+use Exporter;
+
+$PKI::Base::Conf::VERSION = '1.00';
+
+#######################################################
+# Configuration Store
+#######################################################
+sub new {
+    my $class = shift;
+    my $self = {};
+    my %hash = ();
+    $self->{filename} = "";
+    $self->{hash} = \%hash;
+    bless $self,$class;
+    return $self;
+}
+
+sub load_file
+{
+    my ($self, $filename) = @_;
+
+    $self->{filename} = $filename;
+    if (-e $filename) {
+      open(CF, "<$filename");
+      if (defined fileno CF) {
+        while (<CF>) {
+          if (/^#/) {
+            # comments
+          } elsif (/([^=]+)=(.*)$/) {
+            # print "$1 = $2\n";
+            $self->{hash}{$1} = $2;
+          } else {
+            # preserve comments
+          }  
+        }
+      }
+      close(CF);
+    }
+}
+
+sub get_filename
+{
+    my ($self) = @_;
+    return $self->{filename};
+}
+
+sub get
+{
+    my ($self, $n) = @_;
+    return $self->{hash}{$n};
+}
+
+sub put
+{
+    my ($self, $n, $v) = @_;
+    $self->{hash}{$n} = $v;
+}
+
+sub commit
+{
+    my ($self) = @_;
+
+    # write stuff back to the file
+#    print $self->{filename} . "\n";
+    my $hash = $self->{hash};
+    my $suffix = time();
+
+    if (-e $self->{filename}) {
+      system("mv \"" . $self->{filename} . "\" \"" . 
+          $self->{filename} . "." . $suffix . "\"");
+    }
+
+    open(F, ">" . $self->{filename});
+    foreach my $k (sort keys %{$hash}) {
+         print F "$k=$self->{hash}{$k}\n";
+    }
+    close(F);
+
+    if (-e $self->{filename} . "." . $suffix) {
+      system("rm \"" . $self->{filename} . "." . $suffix . "\"");
+    }
+}
+
+sub commit_with_backup
+{
+    my ($self) = @_;
+
+    # write stuff back to the file
+#    print $self->{filename} . "\n";
+    my $hash = $self->{hash};
+    my $suffix = time();
+    system("mv \"" . $self->{filename} . "\" \"" . 
+          $self->{filename} . "." . $suffix . "\"");
+
+    open(F, ">" . $self->{filename});
+    foreach my $k (sort keys %{$hash}) {
+         print F "$k=$self->{hash}{$k}\n";
+    }
+    close(F);
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/Base/Registry.pm b/pki/base/tps/lib/perl/PKI/Base/Registry.pm
new file mode 100755
index 000000000..a4fb83f28
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/Base/Registry.pm
@@ -0,0 +1,55 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+package PKI::Base::Registry;
+
+use PKI::Base::Conf;
+
+my $docroot;
+my $cfg;
+my $parser;
+
+BEGIN {
+  $docroot = $ENV{DOCUMENT_ROOT};
+  $cfg = PKI::Base::Conf->new();
+  $cfg->load_file("$docroot/../conf/CS.cfg");
+  $parser = new Template::Velocity($docroot);
+
+}
+
+sub get_docroot {
+  my ($self) = @_;
+  return $docroot;
+}
+
+sub get_parser {
+  my ($self) = @_;
+  return $parser;
+}
+
+sub get_config {
+  my ($self) = @_;
+  return $cfg;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/Service/Op.pm b/pki/base/tps/lib/perl/PKI/Service/Op.pm
new file mode 100755
index 000000000..9e2a63d4f
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/Service/Op.pm
@@ -0,0 +1,127 @@
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+#
+#
+#
+
+package PKI::Service::Op;
+
+sub new {
+  my $self = {};
+  bless ($self);
+  return $self;
+}
+
+sub debug_log()
+{
+  my ($self, $cfg, $msg) = @_;
+
+  my $date = `date`;
+  chomp($date);
+  open(DEBUG, ">>" . $cfg->get("logging.debug.filename"));
+  print DEBUG "$date - $msg\n";
+  close(DEBUG);
+}
+
+sub debug_params()
+{
+  my ($self, $cfg, $q) = @_;
+
+  my $date = `date`;
+  chomp($date);
+  $self->debug_log($cfg, "$date - URL '" . $ENV{REQUEST_URI} . "'");
+  my @names = $q->param();
+  foreach my $k (@names) {
+    $self->debug_log($cfg, "$date - Param $k='" . $q->param($k) . "'");
+  }
+}
+
+sub process {
+  my ($self) = @_;
+}
+
+sub escape_xml
+{
+  my ($v) = @_;
+  $v =~ s/\"/&quot;/g;
+  $v =~ s/\'/&apos;/g;
+  $v =~ s/\&/&amp;/g;
+  $v =~ s/</&lt;/g;
+  $v =~ s/>/&gt;/g;
+  return $v;
+}
+
+sub get_xml
+{
+    my ($s, $v) = @_;
+
+    my $result;
+    if (ref($v) eq "HASH") {
+      foreach my $xkey (keys %$v) {
+              $result .= "<" . $xkey . ">";
+              $result .= &get_xml($xkey, $v{$xkey});
+          #    $result .= "-" . ref($xkey);
+              $result .= "</" . $xkey . ">";
+            }
+    } elsif (ref($v) eq "PKI::RA::GlobalVar") {
+      foreach my $xkey (keys %$v) {
+              $result .= "<" . $xkey . ">";
+              $result .= &get_xml($xkey, $$v{$xkey}->());
+          #    $result .= "-" . ref($xkey);
+              $result .= "</" . $xkey . ">";
+            }
+    } elsif (ref($v) eq "ARRAY") {
+            my $pos = 0;
+            foreach my $item (@$v) {
+              $result .= "<element>";
+              $result .= &get_xml("p" . $pos, $item);
+          #    $result .= "-" . ref($item);
+              $result .= "</element>";
+              $pos++;
+            }
+    } else {
+            $result .= &escape_xml($v);
+    }
+  return $result;
+}
+
+sub xml_output {
+  my ($self, $c) = @_;
+
+  my $result = "<xml>";
+  foreach $s (sort keys %$c) {
+    if ($s =~ /^__/) {
+      next;
+    }
+    $result .= "<" . $s . ">";
+    my $v = $$c{$s};
+    $result .= &get_xml($s, $v);
+    $result .= "</" . $s . ">";
+  }
+  $result .= "</xml>";
+  return "$result\n";
+}
+
+sub execute {
+  my ($self) = @_;
+  $self->process();
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm
new file mode 100755
index 000000000..caaf6c65f
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AdminAuthPanel.pm
@@ -0,0 +1,93 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::AdminAuthPanel;
+$PKI::TPS::AdminAuthPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(8);
+    $self->{"getName"} = &PKI::TPS::Common::r("Admin Authentication");
+    $self->{"vmfile"} = "adminauthenticatepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminAuthPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminAuthPanel: update");
+    $::config->put("preop.adminauth.done", "true");
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminAuthPanel: display");
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.adminauth.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AdminPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AdminPanel.pm
new file mode 100755
index 000000000..6d1707483
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AdminPanel.pm
@@ -0,0 +1,215 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use URI::Escape;
+
+package PKI::TPS::AdminPanel;
+$PKI::TPS::AdminPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(14);
+    $self->{"getName"} = &PKI::TPS::Common::r("Administrator");
+    $self->{"vmfile"} = "adminpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminPanel: validate");
+    return 1;
+}
+
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminPanel: update");
+
+    my $uid = $q->param("uid");
+    my $name = $q->param("name");
+    my $email = $q->param("email");
+    my $password = $q->param("__pwd");
+    my $password_again = $q->param("__admin_password_again");
+
+    my $cert_request = $q->param("cert_request");
+    my $subject = $q->param("subject");
+    my $profile_id = $q->param("profileId");
+    my $cert_request_type = $q->param("cert_request_type");
+
+    $cert_request =~ s/%0D%0A//g; # remove carraige return
+
+    # submit request to CA
+
+    # Admin Certificate should be obtained from the ca selected in the 
+    # name panel. If name panel use External CA, the admin certificate
+    # will be issued by the security domain CA.
+    my $cainfo = $::config->get("preop.ca.url");
+    &PKI::TPS::Wizard::debug_log("AdminPanel: preop.ca.url=$cainfo");
+    if ($cainfo eq "" || $cainfo =~ /:$/) {
+      $cainfo = $::config->get("config.sdomainEEURL");
+      &PKI::TPS::Wizard::debug_log("AdminPanel: config.sdomainEEURL=$cainfo");
+    }
+    &PKI::TPS::Wizard::debug_log("AdminPanel: Connecting to CA: $cainfo");
+    my $cainfo_url = new URI::URL($cainfo);
+    my $sdom = $::config->get("config.sdomainEEURL");
+    my $sdom_url = new URI::URL($sdom);
+
+    my $machineName = $::config->get("service.machineName");
+    my $securePort = $::config->get("service.securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $requestor_name = "TPS-" . $machineName . "-" . $securePort;
+
+    my $params = "profileId=" . $profile_id . "&" .
+                  "requestor_name=" . $requestor_name . "&" .
+                  "cert_request_type=" . $cert_request_type . "&" .
+                  "subject=" . $subject . "&" .
+                  "cert_request=" . 
+                      URI::Escape::uri_escape("$cert_request") . "&" .
+                  "xmlOutput=true" . "&" .
+                  "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_url->host . "&" .
+                  "auth_port=" . $sdom_url->port;
+
+    my $ca_host = $cainfo_url->host;
+    my $https_ee_port = $cainfo_url->port;
+    my $content = "";
+    my $tmpfile = "/tmp/admin-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile");
+        $content = `cat $tmpfile`;
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/ca/ee/ca/profileSubmit\" $ca_host:$https_ee_port > $tmpfile");
+        $content = `cat $tmpfile`;
+    }
+    system("rm $tmpfile");
+    &PKI::TPS::Wizard::debug_log("req = " . $content);
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    # create user in internal database
+    &PKI::TPS::Wizard::debug_log("AdminPanel: Creating user in internal database");
+    # use scripts/addAgents.ldif
+
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $admincert = $response->{Requests}->{Request}->{b64};
+    &PKI::TPS::Wizard::debug_log("AdminPanel: admincert " . $admincert);
+
+    my $ldap_host = $::config->get("preop.database.host");
+    my $ldap_port = $::config->get("preop.database.port");
+    my $basedn = $::config->get("preop.database.basedn");
+    my $binddn = $::config->get("preop.database.binddn");
+#    my $bindpwd = $::config->get("tokendb.bindPass");
+    my $bindpwd = `grep \"tokendbBindPass:\" \"$instanceDir/conf/password.conf\" | cut -c17-`;
+    $bindpwd =~ s/\n$//g;
+
+    my $tmp = "/tmp/addAgents-$$.ldif";
+
+    my $flavor = "pki";
+    $flavor =~ s/\n//g;
+
+    my $ldapmodify_path = "/usr/bin/ldapmodify";
+
+    $admincert =~ s/\//\\\//g;
+    system("sed -e 's/\$TOKENDB_ROOT/$basedn/' " .
+              "-e 's/\$TOKENDB_AGENT_PWD/$password/' " .
+              "-e 's/\$TOKENDB_AGENT_CERT/$admincert/' " .
+              "/usr/share/$flavor/tps/scripts/addAgents.ldif > $tmp");
+    system("$ldapmodify_path -x -h '$ldap_host' -p '$ldap_port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    my $reqid = $response->{Requests}->{Request}->{Id};
+    $::config->put("preop.admincert.requestId.0", $reqid);
+    my $sn = $response->{Requests}->{Request}->{serialno};
+    $::config->put("preop.admincert.serialno.0", $sn);
+    $::config->put("preop.adminpanel.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AdminPanel: display");
+    $::symbol{admin_uid} = "admin";
+    $::symbol{admin_name} = "TPS Administrator";
+    $::symbol{admin_email} = "";
+    $::symbol{admin_pwd} = "";
+    $::symbol{admin_pwd_again} = "";
+    $::symbol{import} = "true";
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    $::symbol{securityDomain} = $domain_name;
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.adminpanel.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm
new file mode 100755
index 000000000..a5130caa1
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AgentAuthPanel.pm
@@ -0,0 +1,91 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::AgentAuthPanel;
+$PKI::TPS::AgentAuthPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(7);
+    $self->{"getName"} = &PKI::TPS::Common::r("Agent Authentication");
+    $self->{"vmfile"} = "agentauthenticatepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AgentAuthPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AgentAuthPanel: update");
+    $::config->put("preop.agentauth.done", "true");
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AgentAuthPanel: display");
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.agentauth.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm
new file mode 100755
index 000000000..be24f665a
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/AuthDBPanel.pm
@@ -0,0 +1,158 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::AuthDBPanel;
+$PKI::TPS::AuthDBPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(7);
+    $self->{"getName"} = &PKI::TPS::Common::r("Authentication Directory");
+    $self->{"vmfile"} = "authdbpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: update");
+
+    my $host = $q->param('host');
+    my $port = $q->param('port');
+    my $basedn = $q->param('basedn');
+
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: host=" . $host);
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: port=" . $port);
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: basedn=" . $basedn);
+
+    if (!($port =~ /^[0-9]+$/)) {
+      &PKI::TPS::Wizard::debug_log("AuthDBPanel: bad port " . $port);
+      $::symbol{errorString} = "Bad Port";
+      return 0;
+    }
+
+    # try to do a ldapsearch
+    my $tmp = "/tmp/file$$";
+    my $ldapsearch_path = "/usr/bin/ldapsearch";
+
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: invoking $ldapsearch_path");
+    my $status = system("$ldapsearch_path -x -h '$host' " .
+                     "-p '$port' -b '$basedn' -s base 'objectclass=*' > $tmp 2>&1");
+    if ($status eq "0") {
+     &PKI::TPS::Wizard::debug_log("AuthDBPanel: auth database looks ok");
+    } else {
+      my $reason = `cat $tmp`;
+      &PKI::TPS::Wizard::debug_log("AuthDBPanel: failed to connect " . $reason);
+      $::symbol{errorString} = "Failed to Connect";
+      return 0;
+    }
+    system("rm $tmp");
+
+    # save values to CS.cfg
+    $::config->put("auth.instance.0.baseDN", $basedn);
+    $::config->put("auth.instance.0.hostport", $host . ":" . $port);
+    $::config->put("preop.authdb.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("AuthDBPanel: display");
+
+    my $machineName = $::config->get("service.machineName");
+    my $instanceId = $::config->get("service.instanceID");
+
+    my $basedn = $::config->get("auth.instance.0.baseDN");
+    if ($basedn =~ /\[/) {
+      $basedn = $machineName;    
+      $basedn =~ s/^[^.]+\.//;
+      if ($basedn eq "") {
+        $basedn = "dc=" . $machineName;    
+      } else {
+        $basedn =~ s/\./,dc=/g;
+        $basedn = "dc=" . $basedn;
+      }
+    }
+    my $host = "";
+    my $port = "";
+    my $hostport = $::config->get("auth.instance.0.hostport");
+    if ($hostport =~ /\[/) {
+      $host = "localhost";
+      $port = "389";
+    } else {
+      my ($hostx, $portx) = split(/:/, $hostport);
+      $host = $hostx;
+      $port = $portx;
+    }
+
+    $::symbol{hostname} = $host;
+    $::symbol{portStr} = $port;
+    $::symbol{basedn} = $basedn;
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.authdb.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/BasePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/BasePanel.pm
new file mode 100755
index 000000000..eecf99ff5
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/BasePanel.pm
@@ -0,0 +1,39 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::BasePanel;
+$PKI::TPS::BasePanel::VERSION = '1.00';
+
+sub new {
+    my ($class) = @_;
+    my $self = {};
+    bless $self, $class;
+    return $self;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
new file mode 100755
index 000000000..2b9fc1861
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
@@ -0,0 +1,315 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::CAInfoPanel;
+$PKI::TPS::CAInfoPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(4);
+    $self->{"getName"} = &PKI::TPS::Common::r("CA Information");
+    $self->{"vmfile"} = "cainfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update");
+
+    my $count = defined($q->param('urls')) ? $q->param('urls') : "";
+    if ($count eq "") {
+      $::symbol{errorString} = "No CA information provided.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update - got urls = $count");
+
+    my $instanceID = $::config->get("service.instanceID");
+    my $host = "";
+    my $https_ee_port = "";
+    my $https_agent_port = "";
+    my $https_admin_port = "";
+    my $domain_xml = "";
+
+    if ($count =~ /http/) {
+      # this is for pkisilent
+      my $info = new URI::URL($count);
+      $host = defined($info->host) ? $info->host : "";
+      if ($host eq "") {
+        $::symbol{errorString} = "No CA host provided.";
+        return 0;
+      }
+
+      $https_ee_port = defined($info->port) ? $info->port : "";
+      if ($https_ee_port eq "") {
+        $::symbol{errorString} = "No CA EE port provided.";
+        return 0;
+      }
+
+      $domain_xml = get_domain_xml($host, $https_ee_port);
+      if ($domain_xml eq "") {
+          $::symbol{errorString} = "missing security domain.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+          return 0;
+      }
+
+      $https_agent_port = get_secure_agent_port_from_domain_xml($domain_xml, $host, $https_ee_port);
+      $https_admin_port = get_secure_admin_port_from_domain_xml($domain_xml, $host, $https_ee_port);
+
+      if(($https_admin_port eq "") || ($https_agent_port eq "")) {
+          $::symbol{errorString} = "secure CA admin or agent port information not provided by security domain.";
+          return 0;
+      }
+    } else {
+      $host = defined($::config->get("preop.securitydomain.ca$count.host")) ?
+          $::config->get("preop.securitydomain.ca$count.host") : "";
+      $https_ee_port = defined($::config->get("preop.securitydomain.ca$count.secureport")) ?
+          $::config->get("preop.securitydomain.ca$count.secureport") : "";
+      $https_agent_port = defined($::config->get("preop.securitydomain.ca$count.secureagentport")) ?
+          $::config->get("preop.securitydomain.ca$count.secureagentport") : "";
+      $https_admin_port = defined($::config->get("preop.securitydomain.ca$count.secureadminport")) ?
+          $::config->get("preop.securitydomain.ca$count.secureadminport") : "";
+    }
+
+    if (($host eq "") || ($https_ee_port eq "") || ($https_admin_port eq "") || ($https_agent_port eq "")) {
+      $::symbol{errorString} = "no CA found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update - host= $host, https_ee_port= $https_ee_port");
+
+    $::config->put("preop.cainfo.select", "https://$host:$https_admin_port");
+    my $serverCertNickName = $::config->get("preop.cert.sslserver.nickname");
+
+    my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+    $::config->put("conn.ca1.clientNickname", $subsystemCertNickName);
+    $::config->put("conn.ca1.hostport", $host . ":" . $https_ee_port);
+    $::config->put("conn.ca1.hostagentport", $host . ":" . $https_agent_port);
+    $::config->put("conn.ca1.hostadminport", $host . ":" . $https_admin_port);
+
+    $::config->commit();
+
+    # connect to the CA, and retrieve the CA certificate
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update connecting to CA and retrieve cert chain");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $tmpfile = "/tmp/ca-$$";
+    system("/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$serverCertNickName\" -r \"/ca/ee/ca/getCertChain\" $host:$https_ee_port > $tmpfile");
+    my $cmd = `cat $tmpfile`;
+    system("rm $tmpfile");
+    my $caCert;
+    if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
+        $caCert =  $1;
+        &PKI::TPS::Wizard::debug_log("CAInfoPanel: ca= $caCert");
+    }
+    if ($caCert eq "") {
+        &PKI::TPS::Wizard::debug_log("CAInfoPanel: update no cert chain found");
+        return 0;
+    }
+    open(F, ">$instanceDir/conf/caCertChain2.txt");
+    print F $cert_header."\n".$caCert."\n".$cert_footer;
+    close(F);
+
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: update retrieve cert chain done");
+
+    #import cert chain
+    system("p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt");
+        my $r =  $? >> 8;
+    my $failed = $? & 127;
+    if (($r > 0) && ($r < 10) && !$failed)  {
+        my $i = 0;
+        while ($i ne $r) {
+          my $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`;
+          $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`;
+          $i++;
+        }
+    }
+
+    $::config->put("preop.cainfo.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CAInfoPanel: display");
+
+    $::symbol{urls}        = [];
+#    unshift(@{$::symbol{urls}}, "External CA");
+    my $count = 0;
+    my $first = 1;
+    my $list = "";
+    while (1) {
+      my $host = "";
+      $host = $::config->get("preop.securitydomain.ca$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+      my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
+      my $item = $name . " - https://" . $host . ":" . $https_ee_port;
+#      my $item = "https://" . $host . ":" . $https_ee_port;
+#      unshift(@{$::symbol{urls}}, $item);
+      $::symbol{urls}[$count++] = $item;
+      if ($first eq 1) {
+          $list = $item;
+          $first = 0;
+      } else {
+          $list = $list.",".$item;
+      }
+    }
+DONE:
+#    $list = $list.",External CA";
+    $::config->put("preop.ca.list", $list);
+    
+    $::symbol{urls_size}   = $count;
+    if ($count eq 0) {
+      $::symbol{errorString} = "no CA found. CA, TKS, and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+    return 1;
+}
+
+sub get_domain_xml
+{
+    my $host = $1;
+    my $https_ee_port = $2;
+
+    # get the domain xml
+    # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $sd_host = $::config->get("securitydomain.host");
+    my $sd_admin_port = $::config->get("securitydomain.httpsadminport");
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+    return $content;
+}
+
+sub get_secure_admin_port_from_domain_xml
+{
+    my $content = $1;
+    my $host = $2;
+    my $https_ee_port = $3;
+
+    # Retrieve the secure admin port corresponding
+    # to the selected host and secure ee port.
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin( $response->{'DomainInfo'},
+                              ForceArray => 1 );
+    my $https_admin_port = "";
+    my $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+      if( ( $host eq $c->{'Host'}[0] ) &&
+          ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) {
+          $https_admin_port = https_$c->{'SecureAdminPort'}[0];
+      }
+
+      $count++;
+    }
+
+    return $https_admin_port;
+}
+
+sub get_secure_agent_port_from_domain_xml
+{
+    my $content = $1;
+    my $host = $2;
+    my $https_ee_port = $3;
+
+    # Retrieve the secure agent port corresponding
+    # to the selected host and secure ee port.
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin( $response->{'DomainInfo'},
+                              ForceArray => 1 );
+    my $https_agent_port = "";
+    my $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+      if( ( $host eq $c->{'Host'}[0] ) &&
+          ( $https_ee_port eq $c->{'SecurePort'}[0] ) ) {
+          $https_agent_port = https_$c->{'SecureAgentPort'}[0];
+      }
+
+      $count++;
+    }
+
+    return $https_agent_port;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.cainfo.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertInfo.pm b/pki/base/tps/lib/perl/PKI/TPS/CertInfo.pm
new file mode 100755
index 000000000..da5377d4f
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CertInfo.pm
@@ -0,0 +1,132 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::CertInfo;
+$PKI::TPS::CertInfo::VERSION = '1.00';
+
+sub new {
+    my ($class, $name, $dn, $tag) = @_;
+    my $self = {};
+
+    &PKI::TPS::Wizard::debug_log("CertInfo: start new");
+    $self->{"getUserFriendlyName"} = \&get_user_friendly_name;
+    $self->{"getCertTag"} = \&get_cert_tag;
+    $self->{"getDN"} = \&get_dn;
+    $self->{"getNickname"} = \&get_nickname;
+    $self->{"useDefaultKey"} = \&use_default_key;
+    $self->{"getCustomKeysize"} = \&get_custom_keysize;
+    $self->{"keyOption"} = \&get_key_option;
+    &PKI::TPS::Wizard::debug_log("CertInfo: end new");
+
+    $self->{name} = $name;
+    $self->{dn} = $dn;
+    $self->{tag} = $tag;
+
+    bless $self, $class;
+    return $self;
+}
+
+sub get_user_friendly_name
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_user_friendly_name");
+    return $self->{name};
+}
+
+sub get_cert_tag
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_cert_tag");
+    return $self->{tag};
+}
+
+sub get_dn
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_cert_dn");
+    return $self->{dn};
+}
+
+sub use_default_key
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: use_default_key");
+    my $option = $::config->get("preop.cert.$self->{tag}.keysize.select");
+    if (($option ne "") && ($option ne "default")) {
+        return 0;
+    }
+    return 1;
+}
+
+sub get_nickname
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_nickname");
+    my $nickname = $::config->get("preop.cert.$self->{tag}.nickname");
+
+    my $flavor = "pki";
+    $flavor =~ s/\n//g;
+
+    if ($nickname ne "") {
+        return $nickname;
+    } else {
+        return  $self->{tag}."cert cert-$flavor-tps";
+    }
+}
+
+sub get_key_option
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_key_option");
+    my $option = $::config->get("preop.cert.$self->{tag}.keysize.select");
+
+    if ($option ne "") {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_key_option from config = $option");
+        return $option;
+    } else {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_key_option not from config");
+        return "default";
+    }
+}
+
+sub get_custom_keysize
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize");
+    my $size = $::config->get("preop.cert.$self->{tag}.keysize.customsize");
+    &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize for preop.cert.$self->{tag}.keysize.customsize is $size");
+    if ($size ne "") {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize from config is $size");
+        return $size;
+    } else {
+        &PKI::TPS::Wizard::debug_log("CertInfo: get_custom_keysize not from config");
+        return 2048;
+    }
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm
new file mode 100755
index 000000000..200ef8d74
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CertPrettyPrintPanel.pm
@@ -0,0 +1,91 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::CertPrettyPrintPanel;
+$PKI::TPS::CertPrettyPrintPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(13);
+    $self->{"getName"} = &PKI::TPS::Common::r("Certificates");
+    $self->{"vmfile"} = "certprettyprintpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertPrettyPrintPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertPrettyPrintPanel: update");
+    $::config->put("preop.certprettyprint.done", "true");
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertPrettyPrintPanel: display");
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.certprettyprint.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm
new file mode 100755
index 000000000..fb5d9ccda
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/CertRequestPanel.pm
@@ -0,0 +1,306 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::ReqCertInfo;
+use FileHandle;
+
+package PKI::TPS::CertRequestPanel;
+$PKI::TPS::CertRequestPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----";
+our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----";
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done; 
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(13);
+    $self->{"getName"} = &PKI::TPS::Common::r("Certificate Requests");
+    $self->{"vmfile"} = "certrequestpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: update");
+
+    my $i = 0;
+
+    my $instanceDir = $::config->get("service.instanceDir");
+
+    my $useExternalCA = $::config->get("preop.certenroll.useExternalCA");
+    if ($useExternalCA eq "on") {
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: useExternalCA is on");
+    } else {
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: useExternalCA is off");
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update auto enrollment should have been done, no more action needed");
+        return 1;
+    }
+
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: update External CA selected, retrieve/process user input");
+
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: update got token name = $tokenname");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    $token_pwd  =~ s/\n//g;
+    open FILE, ">$instanceDir/conf/.pwfile";
+    system( "chmod 00660 $instanceDir/conf/.pwfile" );
+    print FILE $token_pwd;
+    close FILE;
+
+    my $hw;
+    my $tk;
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+        $tk = "";
+    } else {
+        $hw = "-h $tokenname";
+        $tk = $tokenname.":";
+    }
+
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        if ($certtag eq "subsystem") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: subsystem cert is pre-generated by the security domain");
+            return 1;
+        }
+        &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: for certag= $certtag");
+        my $ccert = $::config->get("preop.cert.$certtag.cert");
+        if ($ccert ne "") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: cert already exists in CS.cfg, go to next");
+            next;
+        }
+        my $certchain = $q->param($certtag.'_cc');
+        if ($certchain ne "") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: $certtag certchain is $certchain");
+            my $cc_fn = "$instanceDir/conf/caCertChain.txt";
+            my $tmp = `echo "$certchain" > $cc_fn`;
+            # remove existing one
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: try to delete existing certchain, if any....ok if it fails");
+# XXX remove should not be done lightly...
+            $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain1cert -a -i $cc_fn -o $instanceDir/conf/CAchain_pp.txt`;
+            my $r =  $? >> 8;
+            my $failed = $? & 127;
+            if (($r > 0) && ($r < 10) && !$failed)  {
+                my $i = 0;
+                while ($i ne $r) {
+                    $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA $certtag cert$i"`;
+                    $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA $certtag cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain1cert$i.der`;
+#            $tmp = `rm $cc_fn`;
+                  $i++
+                }
+            }
+        } else {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: no certchain included for certtag $certtag");
+        }
+
+        my $cert = $q->param($certtag);
+        if ($cert ne "") {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: $certtag cert is $cert");
+            my $nickname = $::config->get("preop.cert.$certtag.nickname");
+            if ($nickname eq "") {
+                $nickname = "TPS ".$certtag." cert";
+                $::config->put("preop.cert.$certtag.nickname", $nickname);
+                &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: $certtag cert nickname not found in CS.cfg, generating one= $nickname");
+            }
+            #remove existing one
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: try to delete existing cert $nickname, if any....ok if it fails");
+#XXX remove should not be done lightly...
+            my $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`;
+            $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`;
+            #now import the cert
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: try to import cert");
+            my $cert_fn = "$instanceDir/conf/$certtag"."_cert.txt";
+            $tmp = `echo "$cert" > $cert_fn`;
+
+#            $cert = extract_cert_from_file_sans_header_and_footer($cert_fn); 
+            my $certa ="";
+            my $save_line = 0;
+            my @cert_a = split "\n", $cert;
+            foreach my $line (@cert_a) {
+                chomp( $line );
+                $line =~ s/\r//g;
+                if ($line eq $cert_header) {
+                    $save_line = 1;
+                } elsif( $line eq $cert_footer ) {
+                    $save_line = 0;
+                    last;
+                } elsif( $save_line == 1 ) {
+                    $certa .= "$line";
+                }
+            }
+
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update putting cert in CS.cfg: $certa");
+
+            $::config->put("preop.cert.$certtag.cert", $certa);
+
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: about to certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n $nickname -t u,u,u -a -i $cert_fn");
+            $tmp = `certutil -d $instanceDir/alias $hw -A -f $instanceDir/conf/.pwfile -n "$nickname" -t "u,u,u" -a -i $cert_fn`;
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: done certutil: $tmp");
+            $tmp = `rm $cert_fn`;
+
+            # changed the cert, need to change nickname too, if necessary
+            if ($hw ne "") {
+                $::config->put("preop.cert.$certtag.nickname", "$tk$nickname");
+                if ($certtag eq "subsystem") {
+                    $::config->put("conn.ca1.clientNickname","$tk$nickname");
+                    $::config->put("conn.drm1.clientNickname","$tk$nickname");
+                    $::config->put("conn.tks1.clientNickname","$tk$nickname");
+                }
+            }
+
+        } else {
+            &PKI::TPS::Wizard::debug_log("CertRequestPanel: update: no cert");
+        }
+    }
+
+DONE:
+    $::config->put("preop.certrequest.done", "true");
+    $::config->commit();
+    my $tmp = `rm $instanceDir/conf/.pwfile`;
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("CertRequestPanel: display");
+
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    if ($domain_name eq "") {
+        $domain_name = "TPS Domain";
+    }
+    my $machine_name = $::config->get("service.machineName");
+    my $instance_id = $::config->get("service.instanceID");
+
+    my $i = 0;
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        my $cert_dn = $::config->get("preop.cert.".$certtag.".dn");
+        if ($cert_dn eq "") {
+            if ($certtag eq "subsystem") {
+                $cert_dn = "CN=TPS Subsystem, " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } elsif ($certtag eq "sslserver") {
+                $cert_dn ="CN=" . $machine_name . ", " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } else {
+                $cert_dn = $certtag;
+            }
+        }
+
+        my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname");
+        if ($name eq "") {
+            $name = $certtag."Cert ".$instance_id;
+        }
+
+        my $reqcert = new PKI::TPS::ReqCertInfo($name,
+                  $cert_dn, $certtag);
+        $::symbol{reqscerts}[$i++] = $reqcert;
+    }
+
+    $::symbol{errorString} = "";
+    $::symbol{showApplyButton} = "true";
+
+    return 1;
+}
+
+# arg0 message containing certificate
+# return certificate sans header and footer
+# -- all in a one-liner
+sub extract_cert_from_file_sans_header_and_footer
+{
+    my $filename = $_[0];
+    my $save_line = 0;
+
+    my $fd = new FileHandle;
+
+    my $cert = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+        $line =~ s/^M//g;
+
+        if( $line eq $cert_header ) {
+            $save_line = 1;
+        } elsif( $line eq $cert_footer ) {
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert .= "$line";
+        }
+    }
+
+    $fd->close();
+
+    return $cert;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.certrequest.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Common.pm b/pki/base/tps/lib/perl/PKI/TPS/Common.pm
new file mode 100755
index 000000000..d8686b6f1
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Common.pm
@@ -0,0 +1,49 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+package PKI::TPS::Common;
+
+use strict;
+use warnings;
+use Exporter;
+
+use vars qw(@ISA @EXPORT @EXPORT_OK);
+@ISA = qw(Exporter Autoloader);
+@EXPORT = qw(r yes no);
+
+$PKI::TPS::Common::VERSION = '1.00';
+
+sub yes { 
+  return sub {1}; 
+}
+
+sub no { 
+  return sub {0}; 
+}
+
+sub r { 
+  my $a = shift; 
+  return sub { $a; } 
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Config.pm b/pki/base/tps/lib/perl/PKI/TPS/Config.pm
new file mode 100755
index 000000000..7195dccd9
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Config.pm
@@ -0,0 +1,169 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+package PKI::TPS::Config;
+
+use strict;
+use warnings;
+use Exporter;
+
+$PKI::TPS::Config::VERSION = '1.00';
+
+#######################################################
+# Configuration Store
+#######################################################
+sub new {
+    my $class = shift;
+    my $self = {};
+    my %hash = ();
+    $self->{filename} = "";
+    $self->{hash} = \%hash;
+    bless $self,$class;
+    return $self;
+}
+
+sub load_file
+{
+    my ($self, $filename) = @_;
+
+    $self->{filename} = $filename;
+    if (-e $filename) {
+      open(CF, "<$filename");
+      if (defined fileno CF) {
+        while (<CF>) {
+          if (/^#/) {
+            # comments
+          } elsif (/([^=]+)=(.*)$/) {
+            # print "$1 = $2\n";
+            $self->{hash}{$1} = $2;
+          } else {
+            # preserve comments
+          }  
+        }
+      }
+      close(CF);
+    }
+}
+
+sub get_filename
+{
+    my ($self) = @_;
+    return $self->{filename};
+}
+
+sub get
+{
+    my ($self, $n) = @_;
+    return $self->{hash}{$n};
+}
+
+sub put
+{
+    my ($self, $n, $v) = @_;
+    $self->{hash}{$n} = $v;
+}
+
+sub deleteSubstore
+{
+    my ($self, $n) = @_;
+    foreach my $xkey (keys %{$self->{hash}}) {
+        if ($xkey =~ /^\Q$n\E/) {
+            delete $self->{hash}{$xkey};
+        }
+    } 
+}
+
+sub commit
+{
+    my ($self) = @_;
+
+    # write stuff back to the file
+#    print $self->{filename} . "\n";
+    my $hash = $self->{hash};
+    my $suffix = time();
+
+    if (-e $self->{filename}) {
+      # Create a copy of the original file which
+      # preserves the original file permissions
+      system("cp -p \"" . $self->{filename} . "\" \"" .
+          $self->{filename} . "." . $suffix . "\"");
+    }
+
+    # Overwrite the contents of the original file
+    # to preserve the original file permissions
+    open(F, ">" . $self->{filename});
+    foreach my $k (sort keys %{$hash}) {
+         print F "$k=$self->{hash}{$k}\n";
+    }
+    close(F);
+
+    if (-e $self->{filename} . "." . $suffix) {
+      system("rm \"" . $self->{filename} . "." . $suffix . "\"");
+    }
+}
+
+sub commit_with_backup
+{
+    my ($self) = @_;
+
+    # write stuff back to the file
+#    print $self->{filename} . "\n";
+    my $hash = $self->{hash};
+    my $suffix = time();
+    # Create a copy of the original file which
+    # preserves the original file permissions
+    system("cp -p \"" . $self->{filename} . "\" \"" . 
+          $self->{filename} . "." . $suffix . "\"");
+
+    # Overwrite the contents of the original file
+    # to preserve the original file permissions
+    open(F, ">" . $self->{filename});
+    foreach my $k (sort keys %{$hash}) {
+         print F "$k=$self->{hash}{$k}\n";
+    }
+    close(F);
+}
+
+1;
+
+#######################################################
+# Test Program
+#######################################################
+#my $config = PKI::TPS::Config->new();
+#$config->load_file("/tmp/CS.cfg");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->put("tokendb.indexAdminTemplate", "Testing");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->commit();
+
+1;
+
+#######################################################
+# Test Program
+#######################################################
+#my $config = PKI::TPS::Config->new();
+#$config->load_file("/tmp/CS.cfg");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->put("tokendb.indexAdminTemplate", "Testing");
+#print $config->get("tokendb.indexAdminTemplate") . "\n";
+#$config->commit();
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm
new file mode 100755
index 000000000..5d36d3da3
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMLoginPanel.pm
@@ -0,0 +1,112 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::ConfigHSMLoginPanel;
+$PKI::TPS::ConfigHSMLoginPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(9);
+    $self->{"getName"} = &PKI::TPS::Common::r("Security Modules Login");
+    $self->{"vmfile"} = "config_hsmloginpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel: update");
+    my $uTokName = $q->param('uTokName');
+    my $uPasswd = $q->param('__uPasswd');
+
+#    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel: update tokname= $uTokName pwd =$uPasswd");
+
+    $::pwdconf->put($uTokName, $uPasswd);
+    $::pwdconf->commit();
+
+    $::config->put("preop.confighsmlogin.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    use Data::Dumper;
+    $Data::Dumper::Indent = 1;
+#    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> dump of q=  ". Dumper($q));
+    $::symbol{SecToken} = $q->param('SecToken');
+#   &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> display has ".$q->param('SecToken'));
+
+    &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieving $q->param('SecToken') ");
+    my $pwd = $::pwdconf->get( $q->param('SecToken'));
+    if ($pwd ne "") {
+        &PKI::TPS::Wizard::debug_log("ConfigHSMLoginPanel -> display retrieved pwd from pwdconf");
+    }
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.confighsmlogin.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm
new file mode 100755
index 000000000..06697a8c7
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ConfigHSMPanel.pm
@@ -0,0 +1,78 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::ConfigHSMPanel;
+$PKI::TPS::ConfigHSMPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&PKI::TPS::Common::no;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(12);
+    $self->{"getName"} = &PKI::TPS::Common::r("ConfigHSMLogin");
+    $self->{"vmfile"} = "config_hsm.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMPanel: update");
+    $::config->put("preop.confighsm.done", "true");
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ConfigHSMPanel: display");
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.confighsm.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
new file mode 100755
index 000000000..1ccef670d
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DRMInfoPanel.pm
@@ -0,0 +1,180 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::DRMInfoPanel;
+$PKI::TPS::DRMInfoPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(6);
+    $self->{"getName"} = &PKI::TPS::Common::r("DRM Information");
+    $self->{"vmfile"} = "drminfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DRMInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DRMInfoPanel: update");
+
+    my $choice = $q->param('choice');
+    $::config->put("preop.krainfo.keygen", $choice);
+
+    if ($choice eq "keygen") {
+      my $count = defined($q->param('urls')) ? $q->param('urls') : "";
+      if ($count eq "") {
+        $::symbol{errorString} = "no DRM information provided.  CA, TKS and DRM must be installed prior to TPS installation";
+        return 0;
+      }
+      &PKI::TPS::Wizard::debug_log("DRMInfoPanel: update - got urls = $count");
+
+      my $instanceID = $::config->get("service.instanceID");
+      my $host = "";
+      my $https_agent_port = "";
+      my $https_admin_port = "";
+
+      if ($count =~ /http/) {
+        # this is for pkisilent
+        my $info = new URI::URL($count);
+        $host = defined($info->host) ? $info->host : "";
+        $https_agent_port = defined($info->port) ? $info->port : "";
+        $https_admin_port = defined($q->param('adminport'))? $q->param('adminport') : "";
+      } else {
+        $host = defined($::config->get("preop.securitydomain.kra$count.host")) ? 
+            $::config->get("preop.securitydomain.kra$count.host") : "";
+        $https_agent_port = defined($::config->get("preop.securitydomain.kra$count.secureagentport")) ? 
+            $::config->get("preop.securitydomain.kra$count.secureagentport") : "";
+        $https_admin_port = defined($::config->get("preop.securitydomain.kra$count.secureadminport")) ? 
+            $::config->get("preop.securitydomain.kra$count.secureadminport") : "";
+      }
+
+
+      if (($host eq "") || ($https_agent_port eq "")) {
+        $::symbol{errorString} = "no DRM found.  CA, TKS and DRM must be installed prior to TPS installation";
+        return 0;
+      }
+ 
+      if ($https_admin_port eq "") {
+        if ($count =~ /http/) {
+          $::symbol{errorString} = "DRM admin port not provided by the security domain.";
+        } else {
+          $::symbol{errorString} = "DRM admin port not provided.";
+        }
+        return 0;
+      }
+
+      my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+      $::config->put("preop.krainfo.select", "https://$host:$https_admin_port");
+      $::config->put("conn.drm1.clientNickname", $subsystemCertNickName);
+      $::config->put("conn.drm1.hostport", $host . ":" . $https_agent_port); 
+      $::config->put("conn.tks1.serverKeygen", "true");
+      $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "true");
+      $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "true");
+      $::config->put("op.enroll.soKey.keyGen.encryption.serverKeygen.enable", "true");
+      $::config->put("op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable", "true");
+    } else { 
+      # no keygen
+      $::config->put("conn.tks1.serverKeygen", "false");
+      $::config->put("op.enroll.userKey.keyGen.encryption.serverKeygen.enable", "false");
+      $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable", "false");
+      $::config->put("op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme", "GenerateNewKey");
+      $::config->put("op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey");
+      $::config->put("conn.drm1.clientNickname", "");
+      $::config->put("conn.drm1.hostport", "");
+      $::config->put("op.enroll.soKey.keyGen.encryption.serverKeygen.enable", "false");
+      $::config->put("op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable", "false");
+      $::config->put("op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme", "GenerateNewKey");
+      $::config->put("op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme", "GenerateNewKey");
+    }
+    $::config->put("preop.drminfo.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DRMInfoPanel: display");
+
+    $::symbol{urls}        = [];
+    my $count = 0;
+    while (1) {
+      my $host = ""; 
+      $host = $::config->get("preop.securitydomain.kra$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $https_agent_port = $::config->get("preop.securitydomain.kra$count.secureagentport");
+      my $name = $::config->get("preop.securitydomain.kra$count.subsystemname");
+      $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port;
+    }
+DONE:
+    $::symbol{urls_size}   = $count;
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.drminfo.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DatabasePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DatabasePanel.pm
new file mode 100755
index 000000000..a95b79589
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DatabasePanel.pm
@@ -0,0 +1,220 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::DatabasePanel;
+$PKI::TPS::DatabasePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(8);
+    $self->{"getName"} = &PKI::TPS::Common::r("Internal Database");
+    $self->{"vmfile"} = "databasepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: update");
+    my $instDir =  $::config->get("service.instanceDir");
+
+    my $host = $q->param('host');
+    my $port = $q->param('port');
+    my $basedn = $q->param('basedn');
+    my $database = $q->param('database');
+    my $binddn = $q->param('binddn');
+    my $bindpwd = $q->param('__bindpwd');
+
+    # save values to CS.cfg
+    $::config->put("preop.database.host", $host);
+    $::config->put("preop.database.port", $port);
+    $::config->put("preop.database.basedn", $basedn);
+    $::config->put("preop.database.database", $database);
+    $::config->put("preop.database.binddn", $binddn);
+    $::config->put("tokendb.activityBaseDN", "ou=Activities," . $basedn);
+    $::config->put("tokendb.baseDN", "ou=Tokens," . $basedn);
+    $::config->put("tokendb.certBaseDN", "ou=Certificates," . $basedn);
+    $::config->put("tokendb.hostport", $host . ":" . $port);
+    $::config->put("tokendb.userBaseDN", $basedn);
+
+    $::config->put("auth.instance.1.hostport", $host . ":" . $port);
+    $::config->put("auth.instance.1.baseDN", $basedn);
+    $::config->commit();
+
+#    $::config->put("tokendb.bindPass", $bindpwd);
+    if ($bindpwd ne "") {
+      open(PWD_CONF, ">>$instDir/conf/password.conf");
+      print PWD_CONF "tokendbBindPass:$bindpwd\n";
+      close (PWD_CONF);
+    }
+
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: host=$host port=$port basedn=$basedn");
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: database=$database binddn=$binddn");
+
+    my $rdn = $basedn;
+    $rdn =~ s/,.*//g;
+    my ($type, $value) = split(/=/, $rdn);
+    my $objectclass = "domain";
+    if ($type eq "O" || $type eq "o") {
+      $objectclass = "organization";
+    } elsif ($type eq "OU" || $type eq "ou") {
+      $objectclass = "organizationalUnit";
+    }
+
+    my $flavor = "pki";
+    $flavor =~ s/\n//g;
+
+    my $ldapmodify_path = "/usr/bin/ldapmodify";
+
+    # creating database
+    my $tmp = "/tmp/database-$$.ldif";
+    system("sed -e 's/\$DATABASE/$database/' " .
+              "-e 's/\$BASEDN/$basedn/' " .
+              "-e 's/\$OBJECTCLASS/$objectclass/' " .
+              "-e 's/\$TYPE/$type/' " .
+              "-e 's/\$VALUE/$value/' " .
+              "/usr/share/$flavor/tps/scripts/database.ldif > $tmp");
+    system("$ldapmodify_path -x -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    # add schema
+    system("$ldapmodify_path -x -h '$host' -p '$port' " .
+              "-D '$binddn' -w '$bindpwd' -a " .
+              "-f '/usr/share/$flavor/tps/scripts/schemaMods.ldif'");
+
+    # populdate database
+    $tmp = "/tmp/addTokens-$$.ldif";
+    system("sed -e 's/\$TOKENDB_ROOT/$basedn/g' " .
+              "/usr/share/$flavor/tps/scripts/addTokens.ldif > $tmp");
+    system("$ldapmodify_path -x -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    # add regular indexes
+    $tmp = "/tmp/addIndexes-$$.ldif";
+    system("sed -e 's/userRoot/$database/g' " .
+              "/usr/share/$flavor/tps/scripts/addIndexes.ldif > $tmp");
+    system("$ldapmodify_path -x -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    # add VLV indexes
+    $tmp = "/tmp/addVLVIndexes-$$.ldif";
+    system("sed -e 's/userRoot/$database/g;s/\$TOKENDB_ROOT/$basedn/g' " .
+              "/usr/share/$flavor/tps/scripts/addVLVIndexes.ldif > $tmp");
+    system("$ldapmodify_path -x -h '$host' -p '$port' -D '$binddn' " .
+              "-w '$bindpwd' -a " .
+              "-f '$tmp'");
+    system("rm $tmp");
+
+    $::config->put("preop.database.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DatabasePanel: display");
+
+    my $machineName = $::config->get("service.machineName");
+    my $instanceId =  $::config->get("service.instanceID");
+
+    my $host = $::config->get("preop.database.host") || "";
+    $::symbol{hostname} = "localhost"; # default
+    if ($host ne "") {
+      $::symbol{hostname} = $host;
+    }
+    my $port = $::config->get("preop.database.port") || "";
+    $::symbol{portStr} = "389";
+    if ($port ne "") {
+      $::symbol{portStr} = $port;
+    }
+    my $basedn = $::config->get("preop.database.basedn") || "";
+    $::symbol{basedn} = "dc=" . $machineName . "-" . $instanceId;
+    if ($basedn ne "") {
+      $::symbol{basedn} = $basedn;
+    }
+    my $database = $::config->get("preop.database.database") || "";
+    $::symbol{database} = $machineName . "-" . $instanceId;
+    if ($database ne "") {
+      $::symbol{database} = $database;
+    }
+    my $binddn = $::config->get("preop.database.binddn") || "";
+    $::symbol{binddn} = "cn=directory manager";
+    if ($binddn ne "") {
+      $::symbol{binddn} = $binddn;
+    }
+
+    $::symbol{bindpwd} = "";
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.database.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm
new file mode 100755
index 000000000..3a86ab0bd
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChain2Panel.pm
@@ -0,0 +1,186 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use FileHandle;
+
+package PKI::TPS::DisplayCertChain2Panel;
+$PKI::TPS::DisplayCertChain2Panel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(7);
+    $self->{"getName"} = &PKI::TPS::Common::r("Display Certificate Chain");
+    $self->{"vmfile"} = "displaycertchain2panel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: update");
+
+    my $instanceDir = $::config->get("service.instanceDir");
+
+#    my $caCert = readFile("$instanceDir/conf/caCertChain2.txt");
+    my $caCert = extract_cert_from_file_sans_header_and_footer("$instanceDir/conf/caCertChain2.txt");
+
+    #store in config
+    $::config->put("preop.ca.certchain", $caCert);
+    $::config->commit();
+    # import it into the security database
+    my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`;
+    my $r =  $? >> 8;
+    my $failed = $? & 127;
+    if (($r > 0) && ($r < 10) && !$failed)  {
+        my $i = 0;
+        while ($i ne $r) {
+            $tmp = `certutil -d $instanceDir/alias -D -n "Trusted CA c2cert$i"`;
+            $tmp = `certutil -d $instanceDir/alias -A -f $instanceDir/conf/.pwfile -n "Trusted CA c2cert$i"  -t "CT,C,C" -i $instanceDir/conf/chain2cert$i.der`;
+            $i++
+        }
+    }
+
+    # clean up
+#    my $tmp = `rm $instanceDir/conf/caCertChain2.txt`;
+#    $tmp = `rm $instanceDir/conf/CAchain2_pp.txt`;
+
+    $::config->put("preop.displaycertchain2.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display");
+    my $instanceDir = $::config->get("service.instanceDir");
+
+    my $found = -e "$instanceDir/conf/caCertChain2.txt";
+    my $certpp = "";
+    if ($found) {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display found caCertChain2.txt");
+        my $tmp = `p7tool -d $instanceDir/alias -p $instanceDir/conf/chain2cert -a -i $instanceDir/conf/caCertChain2.txt -o $instanceDir/conf/CAchain2_pp.txt`;
+
+        $certpp = readFile("$instanceDir/conf/CAchain2_pp.txt");
+        &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display read CAchain2_pp.txt");
+        $certpp =~ s/"//g;
+        &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: certpp2= $certpp");
+    }
+
+#      $symbol{certchain}        = [ "cert1", "cert2" ];
+#      $symbol{certchain_size}   = 2;
+    $::symbol{certchain}        = "$certpp";
+    $::symbol{certchain_size}   = 1;
+
+    &PKI::TPS::Wizard::debug_log("DisplayCertChain2Panel: display done");
+    return 1;
+}
+
+# return certificate sans header and footer
+# -- all in a one-liner
+sub extract_cert_from_file_sans_header_and_footer
+{
+    my $filename = $_[0];
+    my $save_line = 0;
+
+    my $fd = new FileHandle;
+
+    my $cert = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+        $line =~ s/^M//g;
+
+        if( $line eq $cert_header ) {
+            $save_line = 1;
+        } elsif( $line eq $cert_footer ) {
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert .= "$line";
+        }
+    }
+
+    $fd->close();
+
+    return $cert;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.displaycertchain2.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
new file mode 100755
index 000000000..91e07ed2b
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DisplayCertChainPanel.pm
@@ -0,0 +1,355 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use MIME::Base64;
+
+package PKI::TPS::DisplayCertChainPanel;
+$PKI::TPS::DisplayCertChainPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(2);
+    $self->{"getName"} = &PKI::TPS::Common::r("Display Certificate Chain");
+    $self->{"vmfile"} = "displaycertchainpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: validate");
+    return 1;
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: update");
+
+    my $instanceDir = $::config->get("service.instanceDir");
+
+    my $caCert = readFile("$instanceDir/conf/caCert.txt");
+
+    #store in config
+    $::config->put("preop.ca.certchain", $caCert);
+    $::config->commit();
+
+    # import it into the security database
+#    my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`;
+    my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/alias\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`;
+
+    # clean up
+    my $tmp = `rm $instanceDir/conf/caCert.txt`;
+    $tmp = `rm $instanceDir/conf/caCert.der`;
+    $tmp = `rm $instanceDir/conf/caCert_pp.txt`;
+
+    # complete the SecurityDomain task
+    my $sdomainAdminURL =  $::config->get("config.sdomainAdminURL");
+    if ($sdomainAdminURL eq "") {
+        return 2;
+      }
+
+    my $machineName = $::config->get("service.machineName");
+    my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+
+    # check if url is accessible
+    # redirect to the security domain authentication
+    if ($ENV{'SERVER_PORT'} eq $unsecurePort) {
+       $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=http%3A%2F%2F" . $machineName . "%3A" . $unsecurePort . "%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS";
+    } else {
+       $::symbol{redirect} = $sdomainAdminURL . "/ca/admin/ca/securityDomainLogin?url=https%3A%2F%2F" . $machineName . "%3A" . $non_clientauth_securePort . "%2Ftps%2Fadmin%2Fconsole%2Fconfig%2Fwizard%3Fp%3D5%26subsystem%3DTPS";
+    }
+
+    get_domain_xml($sdomainAdminURL);
+
+    $::config->put("preop.displaycertchain.done", "true");
+    $::config->commit();
+
+    return 3;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: display");
+
+    # connect to the CA, and retrieve the CA certificate
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: update connecting to CA and retrieve cert chain");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $sdomainAdminURL =  $::config->get("config.sdomainAdminURL");
+    if ($sdomainAdminURL eq "") {
+        return 2;
+      }
+
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $url_info = new URI::URL($sdomainAdminURL);
+    my $sd_host = $url_info->host;
+    my $sd_admin_port = $url_info->port;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getCertChain\" $sd_host:$sd_admin_port`;
+
+    my $caCert = "";
+    if ($cmd =~ /\<ChainBase64\>(.*)\<\/ChainBase64\>/) {
+        $caCert =  $1;
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: ca= $caCert");
+    }
+
+    my $certpp = "";
+    if ($caCert ne "") {
+        open(F, ">$instanceDir/conf/caCert.txt");
+        print F $caCert;
+        close(F);
+
+        # test to see if tmp directory exists, if not, create
+        my $found =  -e "$instanceDir/conf/tmp";
+        if (! $found) {
+            my $tmp = `mkdir $instanceDir/conf/tmp`;
+        }
+
+        # import it into a temporary security database
+#        my $cmd1 = `/usr/bin/AtoB $instanceDir/conf/caCert.txt $instanceDir/conf/caCert.der`;
+        # my $cmd1 = `/usr/bin/openssl base64 -d -A -in $instanceDir/conf/caCert.txt -out $instanceDir/conf/caCert.der`;
+
+        my $txt = `cat $instanceDir/conf/caCert.txt`;
+        open(OUT, ">$instanceDir/conf/caCert.der");
+        print OUT MIME::Base64::decode($txt);
+        close(OUT);
+
+        my $cmd2 = `/usr/bin/certutil -A -d \"$instanceDir/conf/tmp\" -t \"CT,CT,CT\" -n \"caCert\" -i $instanceDir/conf/caCert.der`;
+
+        # get pretty print from temp db
+        my $tmp = `certutil -d $instanceDir/conf/tmp -n "caCert" -L > $instanceDir/conf/caCert_pp.txt`;
+        $certpp = readFile("$instanceDir/conf/caCert_pp.txt");
+        $certpp =~ s/"//g;
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: certpp= $certpp");
+        # clean up temp db
+        $tmp = `certutil -d $instanceDir/alias/tmp -D -n "caCert"`;
+    } else {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: update no certchain found");
+    }
+
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: display certchain=$caCert");
+
+#               $symbol{certchain}        = [ "cert1", "cert2" ];
+#               $symbol{certchain_size}   = 2;
+    $::symbol{certchain}        = "$certpp";
+# This certchain_size does not matter
+    $::symbol{certchain_size}   = 1;
+
+    return 1;
+}
+
+sub get_domain_xml
+{
+    my ($sdomainAdminURL) = @_;
+
+    my $sdom_info = new URI::URL($sdomainAdminURL);
+    # get the domain xml
+    # e. g. - https://water.sfbay.redhat.com:9445/ca/admin/ca/getDomainXML
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $sd_host = $sdom_info->host;
+    my $sd_admin_port = $sdom_info->port;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    &PKI::TPS::Wizard::debug_log("content = " . $content);
+
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $xml = $parser->XMLin($response->{'DomainInfo'},
+                       ForceArray => 1);
+   
+    &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: security domain '" . 
+                $xml->{'Name'}[0] . "'");
+    $::config->put("preop.securitydomain.name", $xml->{'Name'}[0]);
+    $::config->put("securitydomain.name", $xml->{'Name'}[0]);
+
+    # parse xml and store information in CS.cfg
+    my $count = 0;
+    $count = 0;
+    foreach my $c (@{$xml->{'CAList'}[0]->{'CA'}}) {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found CA '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.ca" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".secureagentport", 
+                        $c->{'SecureAgentPort'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".secureadminport", 
+                        $c->{'SecureAdminPort'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".unsecureport", 
+                        $c->{'UnSecurePort'}[0]);
+        $::config->put("preop.securitydomain.ca" . $count . ".host", 
+                        $c->{'Host'}[0]);
+
+        # The user previously specified the CA Security Domain's
+        # SSL Admin URL in the "Security Domain Panel";
+        # now retrieve this specified CA Security Domain's
+        # non-SSL EE, SSL Agent, and SSL EE URLs:
+        if( $sd_admin_port eq $c->{'SecureAdminPort'}[0] ) {
+            # Build the URLs
+            my $http_ee_port = "https://"
+                             . $c->{'Host'}[0]
+                             . ":"
+                             . $c->{'UnSecurePort'}[0];
+            my $https_agent_port = "https://"
+                                 . $c->{'Host'}[0]
+                                 . ":"
+                                 . $c->{'SecureAgentPort'}[0];
+            my $https_ee_port = "https://"
+                              . $c->{'Host'}[0]
+                              . ":"
+                              . $c->{'SecurePort'}[0];
+
+            # Store the URLs
+            $::config->put( "config.sdomainHttpURL", $http_ee_port );
+            $::config->put( "config.sdomainAgentURL", $https_agent_port );
+            $::config->put( "config.sdomainEEURL", $https_ee_port );
+
+            # Store additional values necessary for 'pkiremove' . . .
+            $::config->put( "securitydomain.httpport",
+                            $c->{'UnSecurePort'}[0] );
+            $::config->put( "securitydomain.httpsagentport",
+                            $c->{'SecureAgentPort'}[0] );
+            $::config->put( "securitydomain.httpseeport",
+                            $c->{'SecurePort'}[0] );
+        }
+
+        $count++;
+    }
+
+    $count = 0;
+    foreach my $c (@{$xml->{'TKSList'}[0]->{'TKS'}}) {
+        &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found TKS '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.tks" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".secureagentport", 
+                        $c->{'SecureAgentPort'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".secureadminport", 
+                        $c->{'SecureAdminPort'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".unsecureport", 
+                        $c->{'UnSecurePort'}[0]);
+        $::config->put("preop.securitydomain.tks" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+
+    $count = 0;
+    foreach my $c (@{$xml->{'KRAList'}[0]->{'KRA'}}) {
+       &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found KRA '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.kra" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".secureport", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".secureagentport", 
+                        $c->{'SecureAgentPort'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".secureadminport", 
+                        $c->{'SecureAdminPort'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".unsecureport", 
+                        $c->{'UnSecurePort'}[0]);
+        $::config->put("preop.securitydomain.kra" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+
+    $count = 0;
+    foreach my $c (@{$xml->{'TPSList'}[0]->{'TPS'}}) {
+       &PKI::TPS::Wizard::debug_log("DisplayCertChainPanel: Found TPS '" . 
+              $c->{'SubsystemName'}[0] . "'");
+        $::config->put("preop.securitydomain.tps" . $count . ".subsystemname", 
+                        $c->{'SubsystemName'}[0]);
+        $::config->put("preop.securitydomain.tps" . $count . ".secureport", 
+                        $c->{'SecureAgentPort'}[0]);
+        $::config->put("preop.securitydomain.tps" . $count . ".non_clientauth_secure_port", 
+                        $c->{'SecurePort'}[0]);
+        $::config->put("preop.securitydomain.tps" . $count . ".unsecureport", 
+                        $c->{'UnSecurePort'}[0]);
+        $::config->put("preop.securitydomain.tps" . $count . ".host", 
+                        $c->{'Host'}[0]);
+        $count++;
+    }
+    $::config->commit();
+}
+
+sub is_panel_done
+{
+    return $::config->get("preop.displaycertchain.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
new file mode 100755
index 000000000..6166b54cc
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/DonePanel.pm
@@ -0,0 +1,437 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use XML::Simple;
+
+package PKI::TPS::DonePanel;
+$PKI::TPS::DonePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(16);
+    $self->{"getName"} = &PKI::TPS::Common::r("Done");
+    $self->{"vmfile"} = "donepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DonePanel: validate");
+    return 1;
+}
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("DonePanel: update");
+    return 1;
+}
+
+sub register_tps
+{
+    my ($sdom, $url, $uri, $xname) = @_;
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: register_tps at $url");
+    &PKI::TPS::Wizard::debug_log("DonePanel: subsystem $xname uri=$uri");
+
+    my $url_info = new URI::URL($url);
+    my $sdom_info = new URI::URL($sdom);
+
+    # register TPS to Security Domain
+    # submit request to CA
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain");
+
+    my $machineName = $::config->get("service.machineName");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+    my $securePort = $::config->get("service.securePort");
+    my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Security Domain Info " . $url);
+
+    # add service.securityDomainPort to the config file in case pkiremove
+    # needs to remove system reference from the security domain
+    $::config->put("service.securityDomainPort", $securePort);
+    $::config->commit();
+
+    my $uid = "TPS-" . $machineName . "-" . $securePort;
+    my $name = "Token Processing Subsystem";
+
+    my $instDir = $::config->get("service.instanceDir");
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+
+    my $hw;
+    my $tk;
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname");
+
+    my $token_pwd = $::pwdconf->get($tokenname);
+    open FILE, ">$instDir/conf/.pwfile";
+    system( "chmod 00660 $instDir/conf/.pwfile" );
+    $token_pwd  =~ s/\n//g;
+    print FILE $token_pwd;
+    close FILE;
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+        $tk = "";
+    } else {
+        $hw = "-h $tokenname";
+        $tk = $tokenname.":";
+    }
+
+    my $subsystemNickname = $::config->get("preop.cert.subsystem.nickname");
+
+    my $certificate = `/usr/bin/certutil -d "$instDir/alias" -L $hw -f "$instDir/conf/.pwfile" -n "$subsystemNickname" -a`;
+    my $tmp = `rm $instDir/conf/.pwfile`;
+    $certificate =~ s/-----BEGIN CERTIFICATE-----//g;
+    $certificate =~ s/-----END CERTIFICATE-----//g;
+    $certificate =~ s/\n$//g;
+
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting");
+
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $params = "uid=" . $uid . "&" .
+                  "name=" . $name . "&" .
+                  "certificate=" .
+                      URI::Escape::uri_escape("$certificate") . "&" .
+                  "xmlOutput=true" . "&" .
+                  "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_info->host . "&" .
+                  "auth_port=" . $sdom_info->port;
+
+    my $host = $url_info->host;
+    my $port = $url_info->port;
+    my $tmpfile = "/tmp/donepanel-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile");
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"$uri\" $host:$port > $tmpfile");
+    }
+    my $content = `cat $tmpfile`;
+    system("rm $tmpfile");
+
+    &PKI::TPS::Wizard::debug_log("req = " . $content);
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    if (defined $content) {
+        &PKI::TPS::Wizard::debug_log("DonePanel: result " . $content);
+    } else {
+       &PKI::TPS::Wizard::debug_log("DonePanel: result undefined");
+    }
+}
+
+sub get_kra_transport_cert
+{
+    my ($sdom) = @_;
+
+    my $sdom_info = new URI::URL($sdom);
+
+    # register TPS to Security Domain
+    # submit request to CA
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to KRA");
+
+    my $krainfo = $::config->get("preop.krainfo.select");
+    my $krainfo_url = new URI::URL($krainfo);
+
+    my $machineName = $::config->get("service.machineName");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+    my $securePort = $::config->get("service.securePort");
+    my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $params = "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_info->host . "&" .
+                  "auth_port=" . $sdom_info->port;
+
+    my $host = $krainfo_url->host;
+    my $port = $krainfo_url->port;
+    my $tmpfile = "/tmp/donepanel-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/kra/admin/kra/getTransportCert\" $host:$port > $tmpfile");
+    }
+    my $content = `cat $tmpfile`;
+    system("rm $tmpfile");
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    my $parser = XML::Simple->new();
+    my $response = $parser->XMLin($content);
+    my $transportCert = $response->{TransportCert};
+    
+    &PKI::TPS::Wizard::debug_log("DonePanel: TransportCert " . $transportCert);
+
+    return $transportCert;
+}
+
+sub send_kra_transport_cert
+{
+    my ($sdom, $certificate) = @_;
+
+    my $sdom_info = new URI::URL($sdom);
+
+    # register TPS to Security Domain
+    # submit request to CA
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to TKS");
+    my $tksinfo = $::config->get("preop.tksinfo.select");
+    my $tksinfo_url = new URI::URL($tksinfo);
+
+    my $machineName = $::config->get("service.machineName");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+    my $securePort = $::config->get("service.securePort");
+    my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
+    my $session_id = $::config->get("preop.sessionID");
+
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+
+    my $name = "transportCert-" . $machineName . "-" . $securePort;
+    my $params = "name=" . $name . "&" .
+                  "certificate=" .
+                      URI::Escape::uri_escape("$certificate") . "&" .
+                  "xmlOutput=true" . "&" .
+                  "sessionID=" . $session_id .  "&" .
+                  "auth_hostname=" . $sdom_info->host . "&" .
+                  "auth_port=" . $sdom_info->port;
+
+    my $host = $tksinfo_url->host;
+    my $port = $tksinfo_url->port;
+    my $tmpfile = "/tmp/donepanel-$$";
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+    } else {
+        system("/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$nickname\" -r \"/tks/admin/tks/importTransportCert\" $host:$port > $tmpfile");
+    }
+
+    my $content = `cat $tmpfile`;
+    system("rm $tmpfile");
+
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Response from TKS " . $content);
+}
+
+sub display
+{
+    my ($q) = @_;
+        #         $symbol{systemType}  = "tps";
+        #         $symbol{host}  = "chico";
+        #         $symbol{port}  = "443";
+    &PKI::TPS::Wizard::debug_log("DonePanel: display");
+
+    my $status = defined($::config->get("preop.done.status"))? $::config->get("preop.done.status") : "";
+    if ($status eq "done") {
+      return 1;
+    }
+
+    my $instDir = $::config->get("service.instanceDir");
+    my $tokenname = $::config->get("preop.module.token");
+    my $token_pwd = $::pwdconf->get($tokenname);
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    if (($tokenname ne "") && ($tokenname ne "NSS Certificate DB")) {
+      open(PWD_CONF, ">>$instDir/conf/password.conf");
+      print PWD_CONF "$tokenname:$token_pwd\n";
+      close (PWD_CONF);
+    }
+
+    # Add this TPS's server certificate to the subsystems
+    my $sdom = $::config->get("config.sdomainEEURL");
+    my $cainfo = $::config->get("preop.cainfo.select");
+    $cainfo =~ s/.* - //g;
+    &register_tps($sdom, $cainfo, "/ca/admin/ca/registerUser", "CA");
+    my $tksinfo = $::config->get("preop.tksinfo.select");
+    &register_tps($sdom, $tksinfo, "/tks/admin/tks/registerUser", "TKS");
+
+    my $keygen = $::config->get("conn.tks1.serverKeygen");
+    if ($keygen ne "false") {
+      &PKI::TPS::Wizard::debug_log("DonePanel: KRA available");
+      my $krainfo = $::config->get("preop.krainfo.select");
+      &register_tps($sdom, $krainfo, "/kra/admin/kra/registerUser", "KRA");
+      my $transportCert = &get_kra_transport_cert($sdom);
+      &send_kra_transport_cert($sdom, $transportCert);
+    } else {
+      &PKI::TPS::Wizard::debug_log("DonePanel: No KRA setup");
+    }
+
+    # Give Object Signing capability to audit_signing cert
+    open FILE, ">$instDir/conf/.pwfile";
+    system( "chmod 00660 $instDir/conf/.pwfile" );
+    $token_pwd  =~ s/\n//g;
+    print FILE $token_pwd;
+    close FILE;
+    my $hw;
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+    } else {
+        $hw = "-h $tokenname";
+    }
+    my $auditSigningNickname = $::config->get("preop.cert.audit_signing.nickname");
+    my $tmp = `/usr/bin/certutil -d "$instDir/alias" -M $hw -f "$instDir/conf/.pwfile" -n "$auditSigningNickname" -t "u,u,Pu"`;
+    $tmp = `rm $instDir/conf/.pwfile`;
+
+    $::config->put("preop.done.status", "done");
+    $::config->put("tps.configured", "true");
+    $::config->commit();
+
+    # update httpd.conf
+    open(TMP_HTTPD_CONF, ">$instDir/conf/httpd.conf.tmp");
+    system( "chmod 00660 $instDir/conf/httpd.conf.tmp" );
+    open(HTTPD_CONF, "<$instDir/conf/httpd.conf");
+    while (<HTTPD_CONF>) {
+        if (/^#\[ErrorDocument_404\]/) {
+            print TMP_HTTPD_CONF "ErrorDocument 404 /404.html\n";
+        } elsif (/^#\[ErrorDocument_500\]/) {
+            print TMP_HTTPD_CONF "ErrorDocument 500 /500.html\n";
+        } else {
+          print TMP_HTTPD_CONF $_;
+        }
+    }
+    close(HTTPD_CONF);
+    close(TMP_HTTPD_CONF);
+
+    # Create a copy of the original file which
+    # preserves the original file permissions
+    system( "cp -p $instDir/conf/httpd.conf.tmp $instDir/conf/httpd.conf" );
+
+    # Remove the original file only if the backup copy was successful
+    if( -e "$instDir/conf/httpd.conf" ) {
+      system( "rm $instDir/conf/httpd.conf.tmp" );
+    }
+
+    # update nss.conf
+    open(TMP_NSS_CONF, ">$instDir/conf/nss.conf.tmp");
+    system( "chmod 00660 $instDir/conf/nss.conf.tmp" );
+    open(NSS_CONF, "<$instDir/conf/nss.conf");
+    while (<NSS_CONF>) {
+        if (/^NSSNickname/) {
+            print TMP_NSS_CONF "NSSNickname \"$nickname\"\n";
+        } else {
+          print TMP_NSS_CONF $_;
+        }
+    }
+    close(NSS_CONF);
+    close(TMP_NSS_CONF);
+
+    # Create a copy of the original file which
+    # preserves the original file permissions
+    system( "cp -p $instDir/conf/nss.conf.tmp $instDir/conf/nss.conf" );
+
+    # Remove the original file only if the backup copy was successful
+    if( -e "$instDir/conf/nss.conf" ) {
+      system( "rm $instDir/conf/nss.conf.tmp" );
+    }
+
+    &PKI::TPS::Wizard::debug_log("DonePanel: Connecting to Security Domain");
+
+    my $machineName = $::config->get("service.machineName");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+    my $securePort = $::config->get("service.securePort");
+    my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
+    my $instanceID = $::config->get("service.instanceID");
+
+    my $initDaemon = "pki-tpsd";
+    my $initCommand = "";
+    if( $^O eq "linux" ) {
+        $initCommand = "/sbin/service $initDaemon";
+    } else {
+        ## default case:  e. g. - ( $^O eq "solaris" )
+        $initCommand  = "/etc/init.d/$initDaemon";
+    }
+
+    $::symbol{host}  = $machineName;
+    $::symbol{unsecurePort}  = $unsecurePort;
+    $::symbol{port}  = $securePort;
+    $::symbol{non_clientauth_port}  = $non_clientauth_securePort;
+    $::symbol{initCommand}  = $initCommand;
+    $::symbol{instanceID}  = $instanceID;
+
+    $::config->deleteSubstore("preop.");
+    $::config->commit();
+
+    ## Create an empty file that designates the fact that although
+    ## this server instance has been configured, it has NOT yet
+    ## been restarted!
+    my $restart_server = "$instDir/conf/restart_server_after_configuration";
+    system( "touch $restart_server" );
+    system( "chmod 00660 $restart_server" );
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.donepanel.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/GlobalVar.pm b/pki/base/tps/lib/perl/PKI/TPS/GlobalVar.pm
new file mode 100755
index 000000000..73e7b831a
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/GlobalVar.pm
@@ -0,0 +1,41 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+
+package PKI::TPS::GlobalVar;
+$PKI::TPS::GlobalVar::VERSION = '1.00';
+
+sub new { 
+	my $class = shift;
+	my $self = {}; 
+	my %args = (@_);
+	foreach my $q (keys %args) {
+		$self->{$q} = $args{$q};
+	}
+	bless $self,$class; 
+	return $self; 
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
new file mode 100755
index 000000000..468fbab2c
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ImportAdminCertPanel.pm
@@ -0,0 +1,151 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::ImportAdminCertPanel;
+$PKI::TPS::ImportAdminCertPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(15);
+    $self->{"getName"} = &PKI::TPS::Common::r("Import Administrator Certificate");
+    $self->{"vmfile"} = "importadmincertpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: update");
+
+    # register to Security Domain
+    my $sdom = $::config->get("config.sdomainAgentURL");
+    my $sdom_url = new URI::URL($sdom);
+
+    #
+    # we need to authenticate to the security domain with the subsystem
+    # certificate
+    #
+    my $machineName = $::config->get("service.machineName");
+    my $instanceID = $::config->get("service.instanceID");
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $securePort = $::config->get("service.securePort");
+    my $subsystemName = $::config->get("preop.subsystem.name");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    my $name = $subsystemName;
+    my $subCertNickName = $::config->get("preop.cert.subsystem.nickname");
+
+    $db_password =~ s/\n$//g;
+
+    my $params = "list=" . "TPSList" . "&" .
+                 "type=" . "TPS" . "&" .
+                 "host=" . $machineName . "&" .
+                 "name=" . $name . "&" .
+                 "sport=" . $securePort . "&" .
+                 "dm=false"; # domain manager or not
+
+    my $sd_host =  $sdom_url->host;
+    my $sd_agent_port = $sdom_url->port;
+    my $cmd = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$subCertNickName\" -r \"/ca/agent/ca/updateDomainXML\" -e \"$params\" $sd_host:$sd_agent_port`;
+
+    # Fetch the "updated" security domain and display it 
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel:  Dump contents of updated Security Domain . . .");
+    my $sdomainAdminURL = $::config->get("config.sdomainAdminURL");
+    my $sdom_info = new URI::URL($sdomainAdminURL);
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    $sd_host = $sdom_info->host;
+    my $sd_admin_port = $sdom_info->port;
+    my $content = `/usr/bin/sslget -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$nickname\" -r \"/ca/admin/ca/getDomainXML\" $sd_host:$sd_admin_port`;
+    $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+    $content = $1;
+    &PKI::TPS::Wizard::debug_log($content);
+
+    $::config->put("preop.importadmincert.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ImportAdminCertPanel: display");
+
+    my $cainfo = $::config->get("preop.cainfo.select");
+
+    my $cainfo_url = new URI::URL($cainfo);
+    my $serialNumber = $::config->get("preop.admincert.serialno.0");
+
+    $::symbol{info} = "";
+    $::symbol{errorString} = "";
+    $::symbol{import} = "true";
+    $::symbol{ca} = "false";
+    $::symbol{caType} = "ca";
+    $::symbol{caHost} = $cainfo_url->host;
+    $::symbol{caPort} = $cainfo_url->port;
+    $::symbol{serialNumber} = $serialNumber;
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.importadmincert.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Login.pm b/pki/base/tps/lib/perl/PKI/TPS/Login.pm
new file mode 100755
index 000000000..01aa01f42
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Login.pm
@@ -0,0 +1,466 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+# wizard - 
+#  Fedora Certificate System - Token Processing System configuration wizard
+
+
+# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding
+# the following to /etc/httpd/conf.d/perl.conf
+#
+# PerlModule ModPerl::Registry
+# PerlModule Apache::compat
+# PerlModule RHCS::TPS::Wizard
+# PerlSetEnv RHCS_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui
+# <Location /wizard>
+#    SetHandler perl-script
+#    PerlHandler RHCS::TPS::Wizard
+#    Order deny,allow
+#    Allow from all
+# </Location>
+
+
+# Note: The Velocity parser is not very helpful when it comes to
+# errors right now. Here are some common errors, and what they mean:
+#
+# ERROR:
+#    [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] 
+#    Can't use string ("0") as an ARRAY ref while "strict refs" 
+#    in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm
+#    line 423.\n, referer: http://chico/wizard?p=2
+# MEANING
+#    This probably means that your *.vm file refers to an array
+#    variable in a foreach statement that is not defined
+#    Check your foreach array variables.
+
+use warnings;
+use ModPerl::Registry;
+use Template::Velocity;
+use Getopt::Std;
+use Data::Dumper;
+use CGI::Carp qw(fatalsToBrowser);
+use CGI;
+use APR::Const    -compile => qw(:error SUCCESS);
+use PKI::TPS::GlobalVar;
+use PKI::TPS::WelcomePanel;
+use PKI::TPS::SecurityDomainPanel;
+use PKI::TPS::DisplayCertChainPanel;
+use PKI::TPS::SubsystemTypePanel;
+use PKI::TPS::CAInfoPanel;
+use PKI::TPS::TKSInfoPanel;
+use PKI::TPS::DRMInfoPanel;
+use PKI::TPS::DisplayCertChain2Panel;
+use PKI::TPS::AdminAuthPanel;
+use PKI::TPS::AgentAuthPanel;
+use PKI::TPS::AuthDBPanel;
+use PKI::TPS::DatabasePanel;
+use PKI::TPS::ModulePanel;
+use PKI::TPS::SizePanel;
+use PKI::TPS::NamePanel;
+use PKI::TPS::ConfigHSMLoginPanel;
+use PKI::TPS::CertRequestPanel;
+use PKI::TPS::AdminPanel;
+use PKI::TPS::ImportAdminCertPanel;
+use PKI::TPS::LoginPanel;
+use PKI::TPS::DonePanel;
+use PKI::TPS::Config;
+
+use PKI::TPS::Common qw(yes no r);
+
+package PKI::TPS::Login;
+$PKI::TPS::Login::VERSION = '1.00';
+
+# read configuration file
+my $flavor = "pki";
+$flavor =~ s/\n//g;
+
+my $pkiroot = $ENV{PKI_ROOT};
+
+my $config = PKI::TPS::Config->new();
+$config->load_file("$pkiroot/conf/CS.cfg");
+# read password cache file
+my $pwdconf = PKI::TPS::Config->new();
+$pwdconf->load_file("$pkiroot/conf/pwcache.conf");
+# SELinux disallows performing a "chmod" on this file
+if( $^O ne "linux" ) {
+    system( "chmod 00660 $pkiroot/conf/pwcache.conf" );
+}
+
+# create cfg debug log
+my $logfile = $config->get("service.instanceDir") . "/logs/debug";
+open( DEBUG, ">>" . $logfile ) ||
+warn( "Could not open '" . $logfile . "':  $!" );
+
+# apache server
+
+our $debug;
+
+my $STATUS_OK = 1;
+my $STATUS_ERROR = 2;
+my $STATUS_REDIRECT = 3;
+
+&debug_log("TPS wizard: starting up");
+  
+my $docroot = $ENV{PKI_DOCROOT};
+
+if (! $docroot) {
+    &debug_log("TPS wizard: ERROR: PKI_DOCROOT is null");
+    return 0;
+}
+
+our $parser = new Template::Velocity($docroot);
+our $symbol;
+our @certtags;
+
+makepanels();
+
+&debug_log("TPS wizard: start up complete");
+
+1;
+
+sub debug_log
+{
+  my ($msg) = @_;
+  my $date = `date`;
+  chomp($date);
+  if( -w $logfile ) {
+      print DEBUG "$date - $msg\n";
+  }
+}
+
+  # initializes entries in parser's global symbol table for panels
+sub makepanels
+{
+    #REAL PANELS BELOW
+    my $login = new  PKI::TPS::LoginPanel();
+
+    $symbol{panels}  = [ 
+        $login,           # com.netscape.cms.servlet.csadmin.WelcomePanel
+    ];
+};
+
+sub render_panel
+{
+    my ($panelnum, $q) = @_;
+
+    $symbol{errorString} = "";
+
+    my $currentpanel;
+
+    if ($q->param('op') && $q->param('op') eq "next") {
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        my $status = "0";
+
+        if ($currentpanel->{update}) {
+            $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+
+        &debug_log("TPS wizard: about to find out about sub panel");
+        if ($status eq "1") {
+          if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) {
+              &debug_log("TPS wizard: has sub panel");
+              $panelnum = $panelnum + 2;
+	  } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) {
+              &debug_log("TPS wizard: is sub panel");
+              $panelnum = $panelnum - 1;
+          } else {
+              &debug_log("TPS wizard: no sub panel and is not subpanel");
+              $panelnum = $panelnum + 1;
+          }
+        }
+    } elsif ($q->param('op') && $q->param('op') eq "back") {
+            $panelnum = $panelnum - 1;
+            #check if this a subpanel, if so, go back to it's parent.
+            #only handles one-deep at this point
+            my $panel = $symbol{panels}[$panelnum];
+            if (&{$panel->{isSubPanel}}($q)) {
+                $panelnum = $panelnum - 1;
+	    }
+    } elsif ($q->param('op') && $q->param('op') eq "apply") {
+        &debug_log("TPS wizard: update : apply button pressed");
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        if ($currentpanel->{update}) {
+            my $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+    }
+
+    &debug_log("TPS wizard: after looking into about sub panel");
+
+    # advance to next panel
+    $currentpanel = $symbol{panels}[$panelnum];
+
+    # initialize symbol table values
+    $symbol{showApplyButton} = "false";
+
+    # fill in variables for new panel
+    if ($currentpanel->{panelvars}) {
+        $Data::Dumper::Indent = 1;
+        # The '&debug_log("q=".Dumper($q));' call must be commented out to fix
+        # Bugzilla Bug #249923:  Incorrect file permissions on
+        #                        various files and/or directories 
+        # &debug_log("q=".Dumper($q));
+        $currentpanel->{panelvars}($q);
+    }
+
+    $symbol{panel} = "tps/admin/console/config/".$currentpanel->{vmfile};
+
+    #wizard.vm:
+    $symbol{name}    = "Token Processing System";
+    $symbol{title}   = $currentpanel->{getName}();
+    if ($panelnum == 0) {
+      $symbol{firstpanel} = "1";
+    } else {
+      $symbol{firstpanel} = "0";
+    }
+    if ($panelnum == 17) {
+      $symbol{lastpanel}  = "1";
+    } else {
+      $symbol{lastpanel}  = "0";
+    }
+    $symbol{p}        = $panelnum;
+    $symbol{subpanelno}        = $panelnum+1;
+    $symbol{csstate}        = "1";
+
+#    $symbol{urls}        = [ "cert1", "cert2" ];  #createsubsystem
+#    $symbol{urls_size}   = 2;
+#    $symbol{instanceId}  = "tps";
+#    $symbol{errorString}  = "";
+
+    #modulepanel
+#    $symbol{certs}   = [ ];
+#    $symbol{reqscerts}   = [ ];
+    $symbol{ppcerts}   = [ ];
+
+    return $STATUS_OK;
+}
+
+
+
+sub dbg {
+    my $msg = shift;
+    $::symbol{dbg} .= "$msg\n";
+}
+
+sub handler {
+    my $r = shift;
+
+    *::symbol = \%symbol;
+    *::s = \$s;
+    *::config = \$config;
+    *::pwdconf = \$pwdconf;
+
+    &debug_log("TPS wizard: in handler");
+    if ($#ARGV == -1) {
+        $r->send_http_header('text/html');
+    }
+
+    my $q = new CGI;
+
+    # check cookie
+    my $pin = $q->param('pin');
+    if (defined($pin)) {
+         my $cookie = $q->cookie(
+                -name=>'pin',
+                -value=> $pin,
+                -expires=>'+1y',
+                -path=>'/');
+         print $q->redirect(-location => "wizard", -cookie => $cookie);
+         return;
+    }
+
+    # output http parameters
+    &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'");
+    my @pnames = $q->param();
+    foreach $pn (@pnames) {
+      # added this facility so that password can be hidden,
+      # all sensitive parameters should be prefixed with 
+      # __ (double underscores); however, in the event that
+      # a security parameter slips through, we perform multiple
+      # additional checks to insure that it is NOT displayed
+      if( $pn =~ /^__/                   ||
+          $pn =~ /password$/             ||
+          $pn =~ /passwd$/               ||
+          $pn =~ /pwd$/                  ||
+          $pn =~ /admin_password_again/i ||
+          $pn =~ /directoryManagerPwd/i  ||
+          $pn =~ /bindpassword/i         ||
+          $pn =~ /bindpwd/i              ||
+          $pn =~ /passwd/i               ||
+          $pn =~ /password/i             ||
+          $pn =~ /pin/i                  ||
+          $pn =~ /pwd/i                  ||
+          $pn =~ /pwdagain/i             ||
+          $pn =~ /uPasswd/i ) {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'");
+      } else {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'");
+      }
+    }
+
+    my $panelnum = $q->param('p');
+    if (!defined($panelnum) || $panelnum eq "") {
+      # Apache fails to pick up the p parameter after 
+      # redirecting from the security domain. This is 
+      # a quick hack to solve the issue.
+      if ($ENV{'QUERY_STRING'} ne "") {
+        $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/;
+        $panelnum = $1;
+      }
+    }
+
+    use subs qw(debug);
+    *debug = \&Template::Velocity::Executor::debug;
+
+    $::symbol{dbg} = "";
+
+    &debug_log("TPS wizard: before argparsing");
+    if ($#ARGV == -1) {
+     $Data::Dumper::Maxdepth = 7;
+        $startfile = "tps/admin/console/config/login.vm";
+    }
+
+    &debug_log("TPS wizard: setting up test objects");
+
+    #initialize from config file
+    my $certlist = $::config->get("preop.cert.list");
+    if ($certlist eq "") {
+       $certlist = "sslserver,subsystem"; 
+    }
+    @certtags = split(/,/, $certlist);
+    $numtags =  @certtags;
+    if ($numtags eq 0) {
+         @certtags = ("sslserver", "subsystem");
+    }
+    &debug_log("TPS wizard: found $numtags certtags");
+
+    if (! $panelnum) {
+        $panelnum = 0;
+    }
+
+    my $status = render_panel($panelnum, $q);
+    if ($status == 3) {
+        $r->header_out(Location => $symbol{redirect});
+        $r->status(301);
+        $r->send_http_header();
+        return;
+    }
+
+    use Data::Dumper;
+    &debug_log("TPS wizard: executing file $startfile");
+    foreach $q (sort keys %symbol) {
+        &debug_log("TPS wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q});
+    }
+
+    my $result;
+    if ($q->param("xml") eq "true") {
+        $r->send_http_header('text/xml');
+        $result = "<xml>";
+        foreach $s (sort keys %symbol) {
+          if ($s =~ /^__/) {
+              next;
+          }
+          $result .= "<" . $s . ">"; 
+          my $v = $symbol{$s};
+          $result .= &get_xml($s, $v);
+          $result .= "</" . $s . ">"; 
+        }
+        $result .= "</xml>";
+    } else {
+      $result = $parser->execute_file($startfile);
+      if (!defined $result) {
+          die("Couldn't execute template file: $docroot/$startfile");
+      }
+    }
+
+    print "$result\n";
+    return $STATUS_OK;
+}
+
+sub get_xml 
+{
+    my ($s, $v) = @_;
+
+    my $result;
+    if (ref($v) eq "HASH") {
+      foreach my $xkey (keys %$v) {
+              $result .= "<" . $xkey . ">";
+              $result .= &get_xml($xkey, $v{$xkey});
+          #    $result .= "-" . ref($xkey);
+              $result .= "</" . $xkey . ">";
+            }
+    } elsif (ref($v) eq "PKI::TPS::CertInfo") {
+              my $certinfo = $v;
+              $result .= "<certinfo>";
+              $result .= "<dn>" . $certinfo->get_dn() ."</dn>";
+              $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>";
+              $result .= "<friendly>" . $certinfo->get_user_friendly_name() .
+                             "</friendly>";
+              $result .= "</certinfo>";
+    } elsif (ref($v) eq "PKI::TPS::ReqCertInfo") {
+              my $reqcertinfo = $v;
+              $result .= "<reqcertinfo>";
+              $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>";
+              $result .= "<req>" . $reqcertinfo->get_request() ."</req>";
+              $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>";
+              $result .= "<certpp>" . $reqcertinfo->get_cert_pp() ."</certpp>";
+              $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>";
+              $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>";
+              $result .= "</reqcertinfo>";
+    } elsif (ref($v) eq "ARRAY") {
+            my $pos = 0;
+            foreach my $item (@$v) {
+              $result .= "<element>";
+              $result .= &get_xml("p" . $pos, $item);
+          #    $result .= "-" . ref($item);
+              $result .= "</element>";
+              $pos++;
+            }
+    } else {
+            $result .= $v;
+    }
+  return $result;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/LoginPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/LoginPanel.pm
new file mode 100755
index 000000000..d6592d46e
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/LoginPanel.pm
@@ -0,0 +1,98 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::LoginPanel;
+$PKI::TPS::LoginPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(0);
+    $self->{"getName"} = &PKI::TPS::Common::r("Welcome");
+    $self->{"vmfile"} = "login.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: update");
+    $::config->put("preop.loginpanel.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log($ENV{'SERVER_PORT'});
+    &PKI::TPS::Wizard::debug_log("Debug=" . $::config->get("logging.debug.enable"));
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: display");
+    $::symbol{wizardname}  = "TPS Configuration Wizard";
+    $::symbol{systemname}  = "TPS";
+    $::symbol{fullsystemname}  = "Token Processing System";
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.loginpanel.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ModulePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/ModulePanel.pm
new file mode 100755
index 000000000..5e7089812
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ModulePanel.pm
@@ -0,0 +1,278 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::Modutil;
+
+package PKI::TPS::ModulePanel;
+$PKI::TPS::ModulePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+our $modutil;
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(9);
+    $self->{"getName"} = &PKI::TPS::Common::r("Security Modules");
+    $self->{"vmfile"} = "modulepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+
+    my $flavor = "pki";
+    $flavor =~ s/\n//g;
+
+    my $pkiroot = $ENV{PKI_ROOT};
+	$modutil = new PKI::TPS::Modutil("$pkiroot/alias");
+
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    my $defTok = $::config->get("preop.module.token");
+    my $select = $q->param('choice');
+    if ($select eq "") {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> update no selection found");
+        $::symbol{errorString} = "No selection found";
+        return 0;
+    } elsif ($defTok ne $select) {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> update changing defTok to $select");
+        $::config->put("preop.module.token", $select);
+    } else {
+        # this is not an error...just information
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> update  defTok not changed");
+    }
+
+    $::config->put("preop.ModulePanel.done", "true");
+
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> display");
+    getModules();
+    my $defTok = $::config->get("preop.module.token");
+
+    $::symbol{defTok}   = $defTok;
+
+     return 1;
+}
+
+use Data::Dumper;
+sub getTokens {
+ my $modulename = shift;
+ 
+ &PKI::TPS::Wizard::debug_log("ModulePanel -> getTokens");
+
+#$Data::Dumper::Indent = 0;
+#PKI::TPS::Wizard::dbg("in gettokens. modutil = ".Dumper($modutil));
+ my @tokens;
+ my $mod = $modutil->getmodule($modulename);
+ foreach my $tokenname (keys %{$mod->{tokens}}) {
+    #PKI::TPS::Wizard::dbg("found token $tokenname");
+    if ($tokenname ne "NSS Generic Crypto Services") {
+        my $token = $modutil->gettoken($tokenname);
+        my $t = new PKI::TPS::GlobalVar(
+                        getNickName        => sub { return $tokenname; },
+                        isLoggedIn         => sub { return isLoggedIn($tokenname); },
+                        isPresent          => sub { return 1; },
+                        );
+        push @tokens, $t;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> getTokens token NSS Generic Crypto Services not available for key generation");
+
+    }
+ }
+
+ return \@tokens;
+}
+
+# if password is found, then it's considered "logged in"
+# otherwise it is "not logged in"
+sub Login {
+    my $tokenname = $_[0];
+    my $pwd = defined($::pwdconf->get($tokenname)) ? $::pwdconf->get($tokenname) : "";
+    if ($pwd ne "") {
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> isLoggedIn retrieved pwd from pwdconf");
+        return 1;
+    }
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> isLoggedIn pwd not found from pwdconf for token: $tokenname");
+
+    if ($tokenname eq "NSS Certificate DB") {
+        my $instanceDir = $::config->get("service.instanceDir");
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> isLoggedIn get internal password for $tokenname");
+        # these are referred as "internal" in password.conf
+        $pwd = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+        $pwd =~ s/\n//g;
+        $::pwdconf->put($tokenname, $pwd);
+        $::pwdconf->commit();
+
+        return 1;
+    }
+    return 0;
+}
+
+sub isLoggedIn {
+    my $tokenname = $_[0];
+    return &Login($tokenname);
+}
+
+sub getModules {
+    my $count;
+    my $i;
+    my @supportedModules;
+ 
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules");
+    $count = $::config->get("preop.configModules.count");
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules count =$count");
+
+    my @modules = $modutil->getmodules();
+  #  $::symbol{steve} = join ",Module:", @modules;
+  #  $::symbol{steve}.= "\n";
+
+    my $x = "
+        preop.configModules.count=3
+        preop.configModules.module0.commonName=NSS Internal PKCS #11 Module
+        preop.configModules.module0.imagePath=../img/mozilla.png
+        preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module
+        preop.configModules.module1.commonName=nfast
+        preop.configModules.module1.imagePath=../img/ncipher.png
+        preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module
+        preop.configModules.module2.commonName=lunasa
+        preop.configModules.module2.imagePath=../img/safenet.png
+        preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module
+        ";
+
+    my %supmodules;
+    for ($i=0; $i <$count; $i++) {
+        my $cn;
+        my $pn;
+        my $img;
+#   &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules look for cn=","preop.configModules.module" , $i , ".commonName");
+        $cn = $::config->get("preop.configModules.module$i.commonName");
+        $supmodules{$cn} = 1;
+
+        $pn = $::config->get("preop.configModules.module$i.userFriendlyName");
+        $img = $::config->get("preop.configModules.module$i.imagePath");
+        &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: got module $cn from config");
+
+        my $module = $modutil->getmodule($cn);
+        my $file   = $module->{detail}->{"Library file"};
+         &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules Library file = $file");
+        my $found = 0;
+        if (defined $file) {
+            $found  =  ($file =~ /Internal ONLY module/)  || -e $file;
+        }
+
+        my $name = $module->{detail}->{Name};
+#   PKI::TPS::Wizard::dbg("name: $name");
+
+        $supportedModules[$i] = new  PKI::TPS::GlobalVar(
+                        getImagePath        => sub { return $img; },
+                        getUserFriendlyName => sub { return $pn; },
+                        isFound             => sub { return $found; },
+                        getTokens           => sub { return getTokens($name); },
+                        );
+
+        # login to tokens
+        &PKI::TPS::Wizard::debug_log("Ready to login to tokens for $name");
+        my $mod = $modutil->getmodule($name);
+        foreach my $tokenname (keys %{$mod->{tokens}}) {
+          &PKI::TPS::Wizard::debug_log("Logging in Module $name Token " . $tokenname);
+          &Login($tokenname);
+        }
+
+    }
+
+    my @otherModules;
+    #compile the "others" modules
+
+    foreach my $modname (@modules) {
+    #is this modname in the supported modules list?
+        if ($supmodules{$modname}) {
+            &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: found module $modname supported");
+	    # does not belong to "others"
+        } else {
+            &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: found module $modname unsupported");
+            #add the module to "others" list
+	    my $m = $modutil->getmodule($modname);
+            my $mod = new  PKI::TPS::GlobalVar(
+                        getImagePath        => sub { return ""; },
+                        getUserFriendlyName => sub { return $m->{modulename}; },
+                        isFound             => sub { return 1; },
+                        getTokens           => sub { return getTokens($m->{detail}->{Name});}
+            );
+
+            push @otherModules, $mod;
+
+            &PKI::TPS::Wizard::debug_log("ModulePanel -> getModules: module $modname added to otherModules list");
+        }
+    }
+
+    $::symbol{sms}   = \@supportedModules;
+    $::symbol{oms}   = \@otherModules;
+#  PKI::TPS::Wizard::dbg("oms: ". Dumper([@otherModules]));
+#  PKI::TPS::Wizard::dbg("sms: ". Dumper([@supportedModules]));
+
+    &PKI::TPS::Wizard::debug_log("ModulePanel -> set sms, oms");
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.ModulePanel.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/Modutil.pm b/pki/base/tps/lib/perl/PKI/TPS/Modutil.pm
new file mode 100755
index 000000000..49c248c2e
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/Modutil.pm
@@ -0,0 +1,263 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+package PKI::TPS::Modutil;
+
+
+sub new {
+	my $class = shift;
+	my ($dir) = @_;
+
+	if (! $dir) { die "no module directory provided\n"; }
+
+	my $self = {};
+
+	$self->{dir} = $dir;
+	$self->{modules} = makemodules($self);
+
+	bless $self, $class;
+	return $self;
+}
+
+sub exists {
+	my $self = shift;
+	
+	return -e "$self->{dir}/secmod.db";
+}
+
+sub create {
+	my $self = shift;
+	
+	my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -create`;
+	return $mods;
+}
+
+use Data::Dumper;
+
+sub makemodules {
+	my $self = shift;
+	my $modules = {};
+
+	my $mods = `modutil -force -dbdir '$self->{dir}' -nocertdb -list`;
+ 	#my $mods = join "",<::DATA>;
+
+	#print "raw mods = $mods";
+
+	my (@modules) = (
+			$mods =~ /
+				^       #beginning of a line
+				\s+     #some spaces
+				\d+\.\s*   #some digits
+				(.*?)   #lots of text
+				((?=^\s*\d+)|(?=------)) #if we would next match some spaces and digits
+					/msxg );
+
+	@modules = grep /.+/ms, @modules;
+	
+	foreach $module (@modules) {
+		#print "Module #$i:$module --\n";
+ 		$module = "modulename:$module";
+		my ($moduleheader, $rest) = (
+			$module =~ /
+				(.*status: .*?\n)    # moduleheader
+				(\s*slot:.*)		 # slot
+				(?=\n(\n|$))              #empty line
+			  /msxg );
+		#print "moduleheader: $moduleheader\n";
+		my $m = makehash($moduleheader);
+		$modules->{$m->{modulename}} = $m;
+		$m->{tokens} = {};
+
+		my @tokens = split "\n\n", $rest;
+
+
+
+# get summary slot info with:  -list
+		foreach my $token (@tokens) {
+			#print "slottext:       $slot\n";
+			my $slh = makehash($token);
+			$m->{tokens}->{$slh->{token}} = $slh;
+		}
+
+# get detailed slot info with:  -list "modulename"
+
+		my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list "$m->{modulename}" 2> /dev/null`;
+		my @details= split "\n\n", $moduledetail;
+		while ($details[0] !~ /.*Name:.*/)  {
+			shift @details;
+		};
+
+		$m->{detail} = makehash(shift @details);
+		foreach $d (@details) {
+			my $sdh = makehash($d);
+			my $tokenname = $sdh->{"Token Name"};
+			$tokenname =~ s/\s+$//;  # remove trailing spaces
+			if ($tokenname) {
+				$m->{tokens}->{$tokenname}->{detail} = $sdh;
+			}
+		}
+		$i++;
+			
+	}
+	return $modules;
+}
+
+# input: a multi-list string with nv/pairs
+# return a hashtable reference 
+sub makehash {
+	my $str = shift;
+	my $ht = { };
+	my @lines  = split "\n", $str;
+	my $line;
+LINE:
+	foreach $line (@lines) {
+		if ($line =~ /Using database directory/) { next LINE; }
+		if ($line =~ /--------------/) { next LINE; }
+		my ($name, $value) = ($line =~ /^\s*(.*?):\s*(.*?)\s*$/);
+		if ($name) {
+			#print "name:$name\n";
+			#print "value:$value\n";
+			$ht->{$name} = $value;
+		}
+	}
+	return $ht;
+}
+
+sub getmodules {
+	my $self = shift;
+	#print "modules: ".$self->{modules}. "\n";
+	#print "keys: ".(join ",",keys %{$self->{modules}})."\n";
+	return keys %{$self->{modules}};
+}
+
+sub getmodule {
+	my $self = shift;
+	my $modulename = shift;
+
+	#print Dumper($self->{modules});
+	return $self->{modules}->{$modulename};
+}
+
+
+sub gettokens {
+	my $self = shift;
+	my $module = shift;
+
+	return keys %{$module->{tokens}};
+}
+
+sub gettoken {
+	my $self = shift;
+	my $token= shift;
+	foreach my $m (values %{$self->{modules}}) {
+		foreach $t (values %{$m->{tokens}}) {
+			#print join ",", keys %{$t};
+			#print Dumper($t->{detail});
+			if ($t->{detail}->{"Token Name"} eq $token) { 
+				return $t; 
+			}
+		}
+	}
+}
+
+
+
+package main;
+
+sub ::test {
+
+# initialize
+	my $modutil = new PKI::TPS::Modutil(".");
+
+#make database if it doesn't exist
+	if (! $modutil->exists()) {
+		$modutil->create();
+	}
+
+#get an array of module names
+	my @mods   = $modutil->getmodules();
+
+	print "Found ".@mods." pkcs#11 modules\n";
+
+#for each module...
+	foreach my $modname (@mods) {
+		my $module = $modutil->getmodule($modname);
+
+		print "Module: $modname\n";
+		print "Library: ".$module->{detail}->{"Library file"}."\n";
+		print "Other keys: ".(join ",", keys %{$module->{detail}})."\n";
+
+#find all the tokens in a module, e.g. each partition for a lunasa
+		foreach my $tokenname ($modutil->gettokens($module)) {
+			print "  token: $tokenname\n";
+			my $token = $modutil->gettoken($tokenname);
+			
+#dump out the information we have on the token
+			foreach my $key (keys %{$token}) {
+				print "  token keys/values: $key: ".$token->{$key}."\n";
+			}
+			my @detailkeys = (keys %{$token->{detail}}) ;
+			print "  token detail keys:". (join ",", @detailkeys)."\n";
+			print "  token detail Manufacturer:". $token->{detail}->{Manufacturer}."\n";
+			print "\n";
+		}
+		print "\n";
+	}
+
+}
+
+# this is where 'main' starts
+
+if ($ARGV[0] eq "--test") {
+        ::test();
+}
+
+1;
+
+__DATA__
+Listing of PKCS #11 Modules
+-----------------------------------------------------------
+  1. NSS Internal PKCS #11 Module
+         slots: 2 slots attached
+        status: loaded
+
+         slot: NSS Internal Cryptographic Services
+        token: NSS Generic Crypto Services
+
+         slot: NSS User Private Key and Certificate Services
+        token: NSS Certificate DB
+
+  2. lunasa
+        library name: /usr/lunasa/lib/libCryptoki2.so
+         slots: 2 slots attached
+        status: loaded
+
+         slot: LunaNet Slot
+        token: lunasa1-ca
+
+         slot: LunaNet Slot
+        token: lunasa2-ca
+-----------------------------------------------------------
+
+
diff --git a/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
new file mode 100755
index 000000000..3513327a7
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/NamePanel.pm
@@ -0,0 +1,605 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use FileHandle;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::CertInfo;
+use URI::URL;
+use URI::Escape;
+
+package PKI::TPS::NamePanel;
+$PKI::TPS::NamePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----";
+our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----";
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(12);
+    $self->{"getName"} = &PKI::TPS::Common::r("Subject Names");
+    $self->{"vmfile"} = "namepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("NamePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("NamePanel: update");
+    my $instanceDir =  $::config->get("service.instanceDir");
+
+    my $count = $q->param('urls');
+
+    &PKI::TPS::Wizard::debug_log("NamePanel: update - selected ca= $count");
+
+    my $host = "";
+    my $https_ee_port = "";
+
+    my $useExternalCA = "off";
+    if ($count =~ /http/) {
+      my $info = new URI::URL($count);
+      $host = $info->host;
+      $https_ee_port = $info->port;
+    } else {
+      $host = $::config->get("preop.securitydomain.ca$count.host");
+      if ($host eq "") {
+          $useExternalCA = "on";
+      } else {
+          $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+          &PKI::TPS::Wizard::debug_log("NamePanel: update - host= $host, https_ee_port= $https_ee_port");
+      }
+    }
+    $::config->put("preop.certenroll.useExternalCA", $useExternalCA);
+
+    $::config->put("preop.ca.url", "https://" . $host . ":" . $https_ee_port);
+
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("NamePanel: update got token name = $tokenname");
+    my $hw;
+    my $tk;
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+        $tk = "";
+    } else {
+        $hw = "-h $tokenname";
+        $tk = $tokenname.":";
+    }
+
+    # is nickname changed because of token (hardware) selection?
+    my $changed = "false";
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        &PKI::TPS::Wizard::debug_log("NamePanel: update begins for certag= $certtag");
+        my $cert_dn = $q->param($certtag);
+        $::config->put("preop.cert.".$certtag.".dn", $cert_dn);
+        $::config->commit();
+
+        my $sslnickname = $::config->get("preop.cert.sslserver.nickname");
+        my $nickname = $q->param($certtag . "_nick");
+        if ($nickname ne "") {
+            &PKI::TPS::Wizard::debug_log("NamePanel: update nickname for $certtag set to $nickname");
+                &PKI::TPS::Wizard::debug_log("NamePanel: update nickname for $certtag being updated in config file");
+                $::config->put("preop.cert.".$certtag.".nickname", $nickname);
+                $::config->commit();
+        } else {
+            $nickname = $::config->get("preop.cert.$certtag.nickname");
+            if ($nickname eq "") {
+                $nickname = "TPS ".$certtag." cert";
+                &PKI::TPS::Wizard::debug_log("NamePanel: update nickname not found for $certtag  -- try $nickname");
+            }
+        }
+
+        my $cert_request = $::config->get("preop.cert.$certtag.certreq");
+        if ($cert_request ne "") {
+            &PKI::TPS::Wizard::debug_log("NamePanel: update do not generate new keys");
+            goto GEN_CERT;
+        }
+        &PKI::TPS::Wizard::debug_log("NamePanel: update generate new keys");
+
+        # =====generate requests========
+        #   getting new request should void old cert
+        my $file= "$instanceDir/conf/".$certtag."_cert.txt";
+        my $tmp = `rm $file`;
+
+        &PKI::TPS::Wizard::debug_log("NamePanel: retrieving $tokenname from pwdconf");
+        my $token_pwd = $::pwdconf->get($tokenname);
+        &PKI::TPS::Wizard::debug_log("NamePanel: creating pwfile");
+        open FILE, ">$instanceDir/conf/.pwfile";
+        system( "chmod 00660 $instanceDir/conf/.pwfile" );
+        $token_pwd  =~ s/\n//g;
+        print FILE $token_pwd;
+        close FILE;
+
+        my $keytype = $::config->get("preop.cert.$certtag.keytype");
+        if ($keytype eq "") {
+            $keytype = "rsa";
+        }
+
+        my $select = $::config->get("preop.cert.$certtag.keysize.select");
+
+        my $keysize;
+
+        if ($keytype eq "rsa") {
+            $keysize = 2048;
+        } elsif ($keytype eq "ecc") {
+            $keysize = 256;
+        }
+
+        if (($select eq "") || ($select eq "default")) {
+            my $size = $::config->get("preop.cert.$certtag.keysize.size");
+            if ($size ne "") {
+                $keysize = $size;
+            }
+        } else {
+            my $size = $::config->get("preop.cert.$certtag.keysize.customsize");
+            if ($size ne "") {
+                $keysize = $size;
+            }
+            if (($keytype eq "ecc") && ($keysize ne 256)) {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update got keysize from config= $keysize changing to 256, the only supported ECC strength");
+                $keysize = 256;
+            }
+        }
+
+        &PKI::TPS::Wizard::debug_log("NamePanel: update got key type $keytype");
+        my $req;
+        my $debug_req;
+        my $filename = "/tmp/random.$$";
+        `dd if\=/dev/urandom of\=\"$filename\" count\=256 bs\=1`;
+        if ($keytype eq "rsa") {
+            #XXX temporary
+            &PKI::TPS::Wizard::debug_log("NamePanel: update "."certutil -R -s $cert_dn -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename");
+            my $tmpfile = "/tmp/req$$";
+            system("certutil -R -s \"$cert_dn\" -k $keytype -g $keysize -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -a -z $filename > $tmpfile");
+            $req = `cat $tmpfile`;
+            system("rm $tmpfile");
+        } elsif ($keytype eq "ecc") {
+            #only support curve nistp256 for now
+            my $tmpfile = "/tmp/req$$";
+            system("certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -R -s \"$cert_dn\" -k ec -q nistp256 -a -z $filename> $tmpfile");
+            $req = `cat $tmpfile`;
+            system("rm $tmpfile");
+        } else {
+            &PKI::TPS::Wizard::debug_log("NamePanel: update unsupported keytype $keytype");
+        }
+        system("rm $filename");
+
+        my $save_line = 0;
+        my @req_a = split "\n", $req;
+        foreach my $line (@req_a) {
+            chomp( $line );
+            $line =~ s/
+//g;
+            if ($line eq $cert_req_header) {
+                $save_line = 1;
+            } elsif( $line eq $cert_req_footer ) {
+                $save_line = 0;
+                last;
+            } elsif( $save_line == 1 ) {
+                $cert_request .= "$line";
+            }
+        }
+        &PKI::TPS::Wizard::debug_log("NamePanel: update putting cert_request in CS.cfg: $cert_request");
+        $::config->put("preop.cert.$certtag.certreq", $cert_request);
+        $::config->commit();
+
+GEN_CERT:
+# =====request for certs========
+#   see if there is an existing cert
+
+        my $cert = $::config->get("preop.cert.$certtag.cert");
+        my $sdom = $::config->get("config.sdomainEEURL");
+        my $sdom_url = new URI::URL($sdom);
+
+        if (($useExternalCA eq "on") && ($certtag ne "subsystem")) {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update External CA selected");
+            if ($cert eq "") {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update no cert found...need manual enrollment");
+            }
+        } else {
+            if ($cert eq "") {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update External CA not selected...need automatic enrollment");
+
+                my $machineName = $::config->get("service.machineName");
+                my $securePort = $::config->get("service.securePort");
+                my $session_id = $::config->get("preop.sessionID");
+
+                if ($cert_request ne "") {
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update found existing request: $cert_request");
+                } else {
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update existing request not found");
+                    #something is wrong...no request, no cert
+                    goto DONE;
+                    return  $cert;
+                }
+
+                my $instanceID = $::config->get("service.instanceID");
+                my $instanceDir = $::config->get("service.instanceDir");
+                my $db_password = "";
+                &PKI::TPS::Wizard::debug_log("NamePanel: greping password");
+                 
+                my $tmpfile = "/tmp/grep$$"; 
+                system ("grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10- > $tmpfile");
+                $db_password = `cat $tmpfile`;
+                $db_password =~ s/\n$//g;
+                system("rm $tmpfile");
+
+                my $profile_id = $::config->get("preop.cert.$certtag.profile");
+                &PKI::TPS::Wizard::debug_log("NamePanel: profileId=" . $profile_id);
+                my $requestor_name = "TPS-" . $machineName . "-" . $securePort;
+                my $params = "profileId=" . $profile_id . "&" .
+                      "cert_request_type=" . "pkcs10" . "&" .
+                      "requestor_name=" . $requestor_name . "&" .
+                      "cert_request=" .
+                          URI::Escape::uri_escape("$cert_request") . "&" .
+                      "xmlOutput=true" . "&" .
+                      "sessionID=" . $session_id .  "&" .
+                      "auth_hostname=" . $sdom_url->host . "&" .
+                      "auth_port=" . $sdom_url->port;
+
+                if ($certtag eq "subsystem") {
+                    $host = $sdom_url->host;
+                    $https_ee_port = $sdom_url->port;
+                }
+                if ($changed eq "true") {
+$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$token_pwd\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
+$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
+                } else {
+$req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"$db_password\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
+$debug_req = "/usr/bin/sslget -e \"$params\" -d \"$instanceDir/alias\" -p \"(sensitive)\" -v -n \"$sslnickname\" -r \"/ca/ee/ca/profileSubmit\" $host:$https_ee_port";
+                }
+
+                &PKI::TPS::Wizard::debug_log("debug_req = " . $debug_req);
+                my $content = `$req`;
+                &PKI::TPS::Wizard::debug_log("content = " . $content);
+
+                $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+                $content = $1;
+
+                if ($content eq "") {
+                   $::symbol{errorString} = "CA returned no response. Please check that the CA is available and also check the host's firewall settings.";
+                   return 0;
+                }
+
+                my $parser = XML::Simple->new();
+                &PKI::TPS::Wizard::debug_log("NamePanel: response content= " . $content);
+                my $response = $parser->XMLin($content);
+                my $status = $response->{Status};
+                if ($status ne "0") {
+                    my $error = $response->{Error};
+                    &PKI::TPS::Wizard::debug_log("NamePanel: Error = $error");
+                    $::symbol{errorString} = "CA response: $error.  Please check previous related panels." . " Please check that the CA is available and also check the host's firewall settings.";
+                    return 0;
+                }
+
+                $cert = $response->{Requests}->{Request}->{b64};
+                &PKI::TPS::Wizard::debug_log("NamePanel: new cert generated= " . $cert);
+
+#            my $reqid = $response->{Requests}->{Request}->{Id};
+#            $::config->put("preop.admincert.requestId.0", $reqid);
+#            my $sn = $response->{Requests}->{Request}->{serialno};
+#            $::config->put("preop.admincert.serialno.0", $sn);
+#            $::config->commit();
+
+                &PKI::TPS::Wizard::debug_log("NamePanel: update putting cert in CS.cfg: $cert");
+                $::config->put("preop.cert.$certtag.cert", $cert);
+                $::config->commit();
+
+            } else {
+                # cert is not null
+                &PKI::TPS::Wizard::debug_log("NamePanel: update External CA not selected. Cert found...no need for enrollment");
+            }
+
+#               write cert to file so certutil can import
+            my $cert_fn = "$instanceDir/conf/".$certtag."_cert.txt";
+            open FILE, "> $cert_fn";
+            print FILE $cert_header."\n".$cert."\n".$cert_footer;
+            close FILE;
+
+            # import cert, whether it was imported before or not
+            my $nickname = $::config->get("preop.cert.$certtag.nickname");
+            if ($nickname eq "") {
+        #XXX
+                $nickname = "TPS ".$certtag." cert";
+                &PKI::TPS::Wizard::debug_log("NamePanel: update nickname not found for $certtag  -- try $nickname");
+            }
+
+            if ($certtag ne "sslserver") {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update: try to delete existing cert $nickname, if any....ok if it fails");
+                $tmp = `certutil -d $instanceDir/alias -D -n "$nickname"`;
+                $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$nickname"`;
+            } else {
+                &PKI::TPS::Wizard::debug_log("NamePanel: update: try to delete existing cert $sslnickname, if any....ok if it fails");
+                $tmp = `certutil -d $instanceDir/alias -D -n "$sslnickname"`;
+                $tmp = `certutil -d $instanceDir/alias -D $hw -f $instanceDir/conf/.pwfile -n "$tk$sslnickname"`;
+            }
+
+            &PKI::TPS::Wizard::debug_log("NamePanel: update: try to import cert from $cert_fn");
+            $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -A -n "$nickname" -t "u,u,u" -a -i $cert_fn`;
+            # changed the cert, need to change nickname too, if necessary
+            if ($hw ne "") {
+                if ($certtag eq "sslserver") {
+                    if ($changed eq "false") {
+                        $::config->put("preop.cert.$certtag.nickname", "$tk$nickname");
+                    }
+                    $changed = "true";
+                }
+                if ($certtag eq "subsystem") {
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update: sslnickname changed");
+                    $::config->put("preop.cert.$certtag.nickname", "$tk$nickname");
+                    $::config->put("conn.ca1.clientNickname", "$tk$nickname");
+                    $::config->put("conn.drm1.clientNickname", "$tk$nickname");
+                    $::config->put("conn.tks1.clientNickname", "$tk$nickname");
+                }
+                $::config->commit();
+             } else {
+                if ($certtag eq "subsystem") {
+                    # setting these just in case the subsystem nickname changed.
+                    &PKI::TPS::Wizard::debug_log("NamePanel: update: setting in case the subsystem nickname changed");
+                    $::config->put("conn.ca1.clientNickname", "$nickname");
+                    $::config->put("conn.drm1.clientNickname", "$nickname");
+                    $::config->put("conn.tks1.clientNickname", "$nickname");
+                }
+                $::config->commit();
+             }
+      
+
+            &PKI::TPS::Wizard::debug_log("NamePanel: update: done importing cert: $tk$nickname");
+            $tmp = `rm $cert_fn`;
+        }
+    }
+
+    # set selftest variables (always use the "latest" subsystem nickname)
+    my $selftestNickname = $::config->get( "preop.cert.subsystem.nickname" );
+    my $selftestNickname_sslserver = $::config->get( "preop.cert.sslserver.nickname" );
+    my $selftestNickname_audit_signing = $::config->get( "preop.cert.audit_signing.nickname" );
+    if ($hw ne "") {
+        $::config->put( "selftests.plugin.TPSPresence.nickname",
+                        "$tk$selftestNickname" );
+        $::config->put( "selftests.plugin.TPSValidity.nickname", 
+                        "$tk$selftestNickname" );
+
+        $::config->put( "tps.cert.sslserver.nickname",
+                        "$tk$selftestNickname_sslserver" );
+        $::config->put( "tps.cert.subsystem.nickname",
+                        "$tk$selftestNickname" );
+        $::config->put( "tps.cert.audit_signing.nickname",
+                        "$tk$selftestNickname_audit_signing" );
+    } else {
+        $::config->put( "selftests.plugin.TPSPresence.nickname",
+                        "$selftestNickname" );
+        $::config->put( "selftests.plugin.TPSValidity.nickname", 
+                        "$selftestNickname" );
+
+        $::config->put( "tps.cert.sslserver.nickname",
+                        "$selftestNickname_sslserver" );
+        $::config->put( "tps.cert.subsystem.nickname",
+                        "$selftestNickname" );
+        $::config->put( "tps.cert.audit_signing.nickname",
+                        "$selftestNickname_audit_signing" );
+    }
+    $::config->commit();
+
+DONE:
+    $::config->put("preop.namepanel.done", "true");
+    $::config->commit();
+
+    &PKI::TPS::Wizard::debug_log("NamePanel: removing pwfile");
+    my $tmp = `rm $instanceDir/conf/.pwfile`;
+    return 1;
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+use Data::Dumper;
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("NamePanel: display");
+
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    if ($domain_name eq "") {
+        $domain_name = "TPS Domain";
+    }
+    my $machine_name =  $::config->get("service.machineName");
+    my $instance_id =  $::config->get("service.instanceID");
+
+    my $i = 0;
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) {
+        &PKI::TPS::Wizard::debug_log("NamePanel: display certtag=$certtag");
+        my $cert_dn = $::config->get("preop.cert.".$certtag.".dn");
+        if ($cert_dn eq "") {
+            if ($certtag eq "subsystem") {
+                $cert_dn = "CN=TPS Subsystem, " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } elsif ($certtag eq "sslserver") {
+                $cert_dn ="CN=" . $machine_name . ", " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } else {
+                &PKI::TPS::Wizard::debug_log("NamePanel: display other certtag=$certtag");
+                $cert_dn = $certtag;
+            }
+            $::config->put("preop.cert.".$certtag.".dn", $cert_dn);
+            $::config->commit();
+        } else {
+          if (!($cert_dn =~ /O=/)) {
+            $cert_dn .= ", O=" . $domain_name;
+            $::config->put("preop.cert.".$certtag.".dn", $cert_dn);
+            $::config->commit();
+          }
+        }
+
+        my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname");
+        if ($name eq "") {
+            $name = $certtag."Cert ".$instance_id;
+            $::config->put("preop.cert.".$certtag.".userfriendlyname", $name);
+            $::config->commit();
+        }
+
+        my $cert = new PKI::TPS::CertInfo($name,
+                  $cert_dn, $certtag);
+        $::symbol{certs}[$i++] = $cert;
+    }
+
+    &PKI::TPS::Wizard::debug_log("NamePanel: getting CA info");
+    $::symbol{urls}        = [];
+    my $count = 0;
+
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.ca$count.host") || "";
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $https_ee_port = $::config->get("preop.securitydomain.ca$count.secureport");
+      my $name = $::config->get("preop.securitydomain.ca$count.subsystemname");
+      my $item = $name . " - https://" . $host . ":" . $https_ee_port;
+      $::symbol{urls}[$count++] = $item;
+
+    }
+DONE:
+
+    $::symbol{urls}[$count++] = "External CA";
+    $::symbol{urls_size}   = $count+1;
+
+    return 1;
+}
+
+
+# arg0 filename containing certificate request
+# return certificate request plus header and footer
+sub extract_cert_req_from_file
+{
+    my $save_line = 0;
+
+    my $filename = $_[0];
+
+    my $fd = new FileHandle;
+
+    my $cert_request = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+
+        if( $line eq $cert_req_header ) {
+            $save_line = 1;
+            $cert_request .= "$line\n";
+        } elsif( $line eq $cert_req_footer ) {
+            $cert_request .= "$line\n";
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert_request .= "$line\n";
+        }
+    }
+
+    $fd->close();
+
+    return $cert_request;
+}
+
+# arg0 message containing certificate request
+# return certificate request sans header and footer
+sub extract_cert_req_from_file_sans_header_and_footer
+{
+    my $filename = $_[0];
+    my $save_line = 0;
+
+    my $fd = new FileHandle;
+
+    my $cert_request = "";
+
+    $fd->open( "<$filename" ) or die "Could not open '$filename'!\n";
+
+    while( <$fd> )
+    {
+        my $line = $_;
+        chomp( $line );
+
+        if( $line eq $cert_req_header ) {
+            $save_line = 1;
+        } elsif( $line eq $cert_req_footer ) {
+            $save_line = 0;
+            last;
+        } elsif( $save_line == 1 ) {
+            $cert_request .= "$line\n";
+        }
+    }
+
+    $fd->close();
+
+    return $cert_request;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.namepanel.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm b/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm
new file mode 100755
index 000000000..f2faee2c7
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/ReqCertInfo.pm
@@ -0,0 +1,234 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::ReqCertInfo;
+$PKI::TPS::ReqCertInfo::VERSION = '1.00';
+
+our $cert_req_header="-----BEGIN NEW CERTIFICATE REQUEST-----";
+our $cert_req_footer="-----END NEW CERTIFICATE REQUEST-----";
+our $cert_header="-----BEGIN CERTIFICATE-----";
+our $cert_footer="-----END CERTIFICATE-----";
+
+sub new {
+    my ($class, $name, $dn, $tag) = @_;
+    my $self = {};
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: start new");
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: creating name: $name, dn: $dn, tag: $tag");
+
+    $self->{"getUserFriendlyName"} = \&get_user_friendly_name;
+    $self->{"getCertTag"} = \&get_cert_tag;
+    $self->{"getCert"} = \&get_cert;
+    $self->{"getCertpp"} = \&get_cert_pp;
+    $self->{"getRequest"} = \&get_request;
+    $self->{"getDN"} = \&get_dn;
+    $self->{"useDefaultKey"} = \&use_default_key;
+    $self->{"getCustomKeysize"} = \&get_custom_keysize;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: end new");
+
+    $self->{name} = $name;
+    $self->{dn} = $dn;
+    $self->{tag} = $tag;
+
+    bless $self, $class;
+    return $self;
+}
+
+sub get_user_friendly_name
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_user_friendly_name");
+    return $self->{name};
+}
+
+sub readFile
+{
+    my $fn = $_[0];
+    open FILE, "< $fn" or return "";
+    my $content =  join "",<FILE>;
+    close FILE;
+
+    return $content;
+}
+
+sub wrap_lines
+{
+   my $lines = shift;
+    my $temp ;
+    foreach my $line (split "\n", $lines) {
+	if (length $line > 59) {
+    		$line =~ s/(.{0,60})/$1\n/g;
+	}
+	# get rid of a line that is just an empty newline
+	$line =~ s/^\n$//gms;
+	$temp .= $line;
+    }
+    # collapse multiple newlines into one
+    $temp =~ s/\n+/\n/gms;
+    $temp =~ s/\n$//gms;
+    $temp;
+
+}
+
+sub get_request
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_request");
+    # first, try to see if request has been made before
+#    my $req = readFile( "/var/lib/pki-tps/conf/$self->{tag}_cert_request.txt");
+
+    my $req = $::config->get("preop.cert.$self->{tag}.certreq");
+    
+    $req = wrap_lines($req);
+    
+    if ($req ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_request found existing request");
+        return $cert_req_header."\n".$req."\n".$cert_req_footer;;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_request existing request not found");
+    }
+
+    return $req;
+}
+
+sub get_cert
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert");
+#   see if there is an existing cert
+#    my $cert =  readFile("/var/lib/pki-tps/conf/".$self->{tag}."_cert.txt");
+    my $cert = $::config->get("preop.cert.$self->{tag}.cert");
+
+    $cert = wrap_lines($cert);
+    if ($cert ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert found existing cert");
+        return $cert_header."\n".$cert."\n".$cert_footer;;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert existing cert not found");
+    }
+    if ($cert eq "") {
+        $cert = "...paste certificate here...";
+    }
+
+
+    return $cert;
+}
+
+sub get_cert_pp
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp");
+    my $instanceDir =  $::config->get("service.instanceDir");
+
+    my $hw;
+    my $tokenname = $::config->get("preop.module.token");
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: update got token name = $tokenname");
+
+    if (($tokenname eq "") || ($tokenname eq "NSS Certificate DB")) {
+        $hw = "";
+    } else {
+        $hw = "-h $tokenname";
+    }
+
+    my $token_pwd = $::pwdconf->get($tokenname);
+    open FILE, ">$instanceDir/conf/.pwfile";
+    system( "chmod 00660 $instanceDir/conf/.pwfile" );
+    $token_pwd  =~ s/\n//g;
+    print FILE $token_pwd;
+    close FILE;
+
+    my $nickname = $::config->get("preop.cert.$self->{tag}.nickname");
+    if ($nickname eq "") {
+#XXX
+        $nickname = "TPS ".$self->{tag}." cert";
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp nickname not found for $self->{tag}  -- try $nickname");
+    }
+    my $certpp="";
+#    my $found = -e "/var/lib/pki-tps/conf/$self->{tag}_cert.txt";
+    my $cert = $::config->get("preop.cert.$self->{tag}.cert");
+
+    if ($cert ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp found request, ready to get prettyprint");
+        my $tmp = `certutil -d $instanceDir/alias $hw -f $instanceDir/conf/.pwfile -n "$nickname" -L > $instanceDir/conf/$self->{tag}_cert_pp.txt`;
+        $certpp = readFile("$instanceDir/conf/$self->{tag}_cert_pp.txt");
+        $certpp =~ s/"//g;
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp pp=$certpp");
+        $tmp =`rm $instanceDir/conf/$self->{tag}_cert_pp.txt`;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_pp cert not found, will not get prettyprint");
+    }
+    my $tmp = `rm $instanceDir/conf/.pwfile`;
+
+    return $certpp;
+}
+
+sub get_cert_tag
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_tag");
+    return $self->{tag};
+}
+
+sub get_dn
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_cert_dn");
+    return $self->{dn};
+}
+
+sub use_default_key
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: use_default_key");
+    my $select = $::config->get("preop.cert.$self->{tag}.keysize.select");
+    if ($select ne "") {
+        if ($select eq "custom") {
+            &PKI::TPS::Wizard::debug_log("ReqCertInfo: use_default_key from config = $select returning 0");
+            return 0;
+        }
+    }
+
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: use_default_key returning 1");
+    return 1;
+}
+
+sub get_custom_keysize
+{
+    my ($self) = @_;
+    &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_custom_keysize");
+    my $keysize = $::config->get("preop.cert.$self->{tag}.keysize.customsize");
+    if ($keysize ne "") {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_custom_keysize from config = $keysize");
+        return $keysize;
+    } else {
+        &PKI::TPS::Wizard::debug_log("ReqCertInfo: get_custom_keysize not from config");
+    }
+    return 2048;
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
new file mode 100755
index 000000000..123e95b41
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/SecurityDomainPanel.pm
@@ -0,0 +1,204 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+use XML::Simple;
+use Data::Dumper;
+
+package PKI::TPS::SecurityDomainPanel;
+$PKI::TPS::SecurityDomainPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(1);
+    $self->{"getName"} = &PKI::TPS::Common::r("Security Domain");
+    $self->{"vmfile"} = "securitydomainpanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: validate");
+
+    return 1;
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub pingCS
+{
+    my( $instanceDir ) = $_[0];
+    my( $db_password ) = $_[1];
+    my( $nickname ) = $_[2];
+    my( $hostname ) = $_[3];
+    my( $port ) = $_[4];
+
+    my $content = `/usr/bin/sslget -d $instanceDir/alias -p $db_password -v -n \"$nickname\" -r "/ca/admin/ca/getStatus" $hostname:$port`;
+    if( "$content" eq "" ) {
+        return 0;
+    } else {
+        $content =~ /(\<XMLResponse\>.*\<\/XMLResponse\>)/;
+        $content = $1;
+
+        my $parser = XML::Simple->new();
+        my $response = $parser->XMLin($content);
+        my $state = $response->{State};
+
+        if( "$state" eq "1" ) {
+            return 1;
+        } else {
+            return 0;
+        }
+    }
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: display");
+    $::symbol{panelname} = "Security Domain";
+    $::symbol{sdomainName} = "Security Domain";
+
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $hostname = $::config->get("service.machineName");
+    my $default_https_admin_port = 9445;
+
+    # check to see if "default" security domain exists on local machine
+    my $status = pingCS( $instanceDir,
+                         $db_password,
+                         $nickname,
+                         $hostname,
+                         $default_https_admin_port );
+    if( "$status" eq "1" ) {
+        # "default" security domain exists on local machine;
+        # fill "sdomainURL" in with "default" security domain
+        # as an initial "guess"
+        $::symbol{sdomainURL} = "https://" . $hostname . ":"
+                              . $default_https_admin_port;
+    } else {
+        # "default" security domain does NOT exist on local machine;
+        # leave "sdomainURL" blank
+        $::symbol{sdomainURL} = "";
+    }
+
+    $::symbol{sdomainAdminURL} = "https://" . $hostname . ":"
+                               . $default_https_admin_port;
+
+    my $initDaemon = "pki-cad";
+    my $initCommand = "";
+    my $instanceID = "&lt;security_domain_instance_name&gt; ";
+    if( $^O eq "linux" ) {
+        $initCommand = "/sbin/service $initDaemon";
+    } else {
+        ## default case:  e. g. - ( $^O eq "solaris" )
+        $initCommand  = "/etc/init.d/$initDaemon";
+    }
+    $::symbol{initCommand} = $initCommand;
+    $::symbol{instanceID}  = $instanceID;
+    return 1;
+}
+
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: update");
+    my $sdomainURL = $q->param("sdomainURL");
+
+    if ($sdomainURL eq "") {
+        &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL has not been specified!");
+        $::symbol{errorString} = "Security Domain HTTPS has not been specified!";
+        return 0;
+    }
+
+    my $sdomainURL_info = new URI::URL($sdomainURL);
+
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $db_password = `grep \"internal:\" \"$instanceDir/conf/password.conf\" | cut -c10-`;
+    $db_password =~ s/\n$//g;
+    my $nickname = $::config->get("preop.cert.sslserver.nickname");
+    my $hostname = $sdomainURL_info->host;
+    my $https_admin_port = $sdomainURL_info->port;
+
+    # check to see if "default" security domain exists on local machine
+    my $status = pingCS( $instanceDir,
+                         $db_password,
+                         $nickname,
+                         $hostname,
+                         $https_admin_port );
+    if( "$status" ne "1" ) {
+        # invalid security domain specified
+        &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL not found");
+        $::symbol{errorString} = "Security Domain HTTPS Admin URL not found";
+        return 0;
+    }
+
+    # save urls in CS.cfg
+    &PKI::TPS::Wizard::debug_log("SecurityPanel: sdomainURL=" . $sdomainURL);
+    $::config->put("config.sdomainAdminURL", $sdomainURL);
+
+    # Add values necessary for 'pkiremove' . . .
+    $::config->put("securitydomain.select", "existing");
+    $::config->put("securitydomain.host", $sdomainURL_info->host);
+    $::config->put("securitydomain.httpsadminport", $sdomainURL_info->port);
+    $::config->put("preop.securitydomain.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.securitydomain.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SizePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SizePanel.pm
new file mode 100755
index 000000000..8ac49b68d
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/SizePanel.pm
@@ -0,0 +1,249 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use PKI::TPS::CertInfo;
+
+package PKI::TPS::SizePanel;
+$PKI::TPS::SizePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(11);
+    $self->{"getName"} = &PKI::TPS::Common::r("Key Pairs");
+    $self->{"vmfile"} = "sizepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SizePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SizePanel: update");
+
+    my $instanceDir = $::config->get("service.instanceDir");
+    my $done = $::config->get("preop.SizePanel.done");
+    my $genKeyPair = $q->param('generateKeyPair') || "";
+    &PKI::TPS::Wizard::debug_log("SizePanel: update generateKeyPair value=$genKeyPair");
+    if ($done eq "true") {
+        if ($genKeyPair eq "") {
+            &PKI::TPS::Wizard::debug_log("SizePanel: update generateKeyPair value not found, turn to off");
+            $genKeyPair = "off";
+        }
+    } else {
+        # firstime should always generate keys
+        $genKeyPair = "on";
+    }
+
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) { 
+        my $select = $q->param($certtag.'_choice');
+        my $keytype = $q->param($certtag.'_keytype');
+        my $size = $q->param($certtag.'_custom_size');
+
+        &PKI::TPS::Wizard::debug_log("SizePanel: update $certtag _choice=$select $certtag _keytype=$keytype customsize= $size");
+
+        $::config->put("preop.keysize.select", $select);
+        $::config->put("preop.cert.".$certtag.".keysize.select", $select);
+
+        if (! isSupportedSize($keytype, $size)) {
+            &PKI::TPS::Wizard::debug_log("SizePanel: update size $size not supported");
+            return 0;
+        }
+        $::config->put("preop.cert.".$certtag.".keysize.customsize", $size);
+            $::config->put("preop.cert.".$certtag.".keytype", $keytype);
+
+        if ($select eq "default") {
+            my $defaultSize = getDefaultSize($keytype);
+            &PKI::TPS::Wizard::debug_log("SizePanel: update in default, defaultsize = $defaultSize");
+            $::config->put("preop.keysize.customsize", $defaultSize);
+            $::config->put("preop.keysize.size", $defaultSize);
+            $::config->put("preop.cert.".$certtag.".keysize.size", $defaultSize);
+
+        } elsif ($select eq "custom") {
+            &PKI::TPS::Wizard::debug_log("SizePanel: update in custom, customsize = $size");
+            $::config->put("preop.keysize.size", $size);
+            $::config->put("preop.cert.".$certtag.".keysize.size", $size);
+        }
+
+        if ($genKeyPair eq "on") {
+            $::config->put("preop.cert.".$certtag.".certreq", "");
+            $::config->put("preop.cert.".$certtag.".cert", "");
+        }
+    }
+#XXX should have better error checking to work better
+    $done = $::config->put("preop.SizePanel.done", "true");
+
+    $::config->commit();
+
+    return 1;
+}
+
+sub getDefaultSize {
+    my $keytype = $_[0];
+
+    if ($keytype eq "ecc") {
+        return 256;
+    } elsif ($keytype eq "rsa") {
+        return 2048;
+    }
+
+    $::symbol{errorString} = "Unsupported keytype $keytype";
+    return 0;
+}
+
+sub isSupportedSize {
+    my $keytype = $_[0];
+    my $size = $_[1];
+
+    if (($keytype eq "ecc") && ($size ne "256")) {
+        &PKI::TPS::Wizard::debug_log("SizePanel: isSupportedSize ECC only supports size 256");
+        $::symbol{errorString} = "Unsupported Size $size. ECC only supports size 256";
+        return 0;
+    }
+
+    if (($size eq "256") || ($size eq "512") || ($size eq "1024") ||
+        ($size eq "2048") || ($size eq "4096")) {
+        return 1;
+    }
+    # wrong size
+    $::symbol{errorString} = "Unsupported Size $size. RSA only supports sizes 256, 512, 1024, 2048, and 4096";
+    return 0;
+}
+
+sub display
+{
+    my ($q) = @_;
+
+    &PKI::TPS::Wizard::debug_log("SizePanel: display");
+
+    my $done = $::config->get("preop.SizePanel.done");
+    &PKI::TPS::Wizard::debug_log("SizePanel: display is panel done? $done");
+    if ($done eq "true") {
+        $::symbol{firsttime} = "false";
+    } else {
+        $::symbol{firsttime} = "true";
+    } 
+
+    my $domain_name = $::config->get("preop.securitydomain.name");
+    if ($domain_name eq "") {
+        $domain_name = "TPS Domain";
+    }
+
+    my $machine_name =  $::config->get("service.machineName");
+    my $instance_id = $::config->get("service.instanceID");
+
+    my $i = 0;
+    foreach my $certtag (@PKI::TPS::Wizard::certtags) { 
+        my $cert_dn = $::config->get("preop.cert.".$certtag.".dn");
+        if ($cert_dn eq "") {
+            if ($certtag eq "subsystem") {
+                $cert_dn = "CN=TPS Subsystem, " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } elsif ($certtag eq "sslserver") {
+                $cert_dn ="CN=" . $machine_name . ", " .
+                  "OU=" . $instance_id . ", " .
+                  "O=" . $domain_name;
+            } else {
+                $cert_dn = $certtag;
+            }
+        }
+        my $name = $::config->get("preop.cert.".$certtag.".userfriendlyname");
+        if ($name eq "") {
+            $name = $certtag."Cert ".$instance_id;
+        }
+        my $cert = new PKI::TPS::CertInfo($name,
+                  $cert_dn, $certtag);
+        $::symbol{certs}[$i++] = $cert;
+    }
+
+    #for "common key settings"
+    my $select = $::config->get("preop.keysize.select");
+    if (($select eq "") || ($select eq "default")) {
+        $::symbol{select} = "default";
+    } else {
+        &PKI::TPS::Wizard::debug_log("SizePanel: display keysize select= $select");
+        $::symbol{select} = $select;
+    }
+    my $default_size = $::config->get("preop.keysize.size");
+    if ($default_size eq "") {
+        $::symbol{default_keysize} = 2048;
+    } else {
+        $::symbol{default_keysize} = $default_size;
+    }
+    my $default_ecc_size =  $::config->get("preop.keysize.ecc.size");
+    if ($default_ecc_size eq "") {
+        $::symbol{default_ecc_keysize} = 256;
+    } else {
+        $::symbol{default_ecc_keysize} = $default_ecc_size;
+    }
+
+    my $custom_size = $::config->get("preop.keysize.customsize");
+    if ($custom_size eq "") {
+        $::symbol{custom_size} = 2048;
+    } else {
+        $::symbol{custom_size} = $default_size;
+    }
+
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.SizePanel.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
new file mode 100755
index 000000000..793849332
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/SubsystemTypePanel.pm
@@ -0,0 +1,147 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::SubsystemTypePanel;
+$PKI::TPS::SubsystemTypePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(3);
+    $self->{"getName"} = &PKI::TPS::Common::r("Subsystem Type");
+    $self->{"vmfile"} = "createsubsystempanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SubsystemTypePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SubsystemTypePanel: update");
+    $::symbol{systemname} = "Token Processing ";
+    $::symbol{subsystemName} = "Token Processing System";
+    $::symbol{fullsystemname} = "Token Processing System ";
+    $::symbol{machineName} = "localhost";
+    $::symbol{http_port} = "7888";
+    $::symbol{https_port} = "7889";
+    $::symbol{non_clientauth_https_port} = "7890";
+    $::symbol{check_clonesubsystem} = " ";
+    $::symbol{check_newsubsystem} = " ";
+    $::symbol{disableClone} = 1;
+
+    my $subsystemName = $q->param('subsystemName');
+    $::config->put("preop.subsystem.name", $subsystemName);
+    $::config->put("preop.subsystemtype.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("SubsystemTypePanel: display");
+    $::symbol{systemname} = "Token Processing ";
+    $::symbol{subsystemName} = "Token Processing System";
+    $::symbol{fullsystemname} = "Token Processing System ";
+
+    my $machineName = $::config->get("service.machineName");
+    my $unsecurePort = $::config->get("service.unsecurePort");
+    my $securePort = $::config->get("service.securePort");
+    my $non_clientauth_securePort = $::config->get("service.non_clientauth_securePort");
+
+
+    $::symbol{machineName} = $machineName;
+    $::symbol{http_port} = $unsecurePort;
+    $::symbol{https_port} = $securePort;
+    $::symbol{non_clientauth_https_port} = $non_clientauth_securePort;
+    $::symbol{check_clonesubsystem} = "";
+    $::symbol{check_newsubsystem} = "checked ";
+
+    my $session_id = $q->param("session_id");
+    $::config->put("preop.sessionID", $session_id);
+    $::config->commit();
+
+    $::symbol{urls}        = [];
+    my $count = 0;
+    while (1) {
+      my $host = $::config->get("preop.securitydomain.tps$count.host") || "";
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $port = $::config->get("preop.securitydomain.tps$count.non_clientauth_secure_port");
+      my $name = $::config->get("preop.securitydomain.tps$count.subsystemname");
+      unshift(@{$::symbol{urls}}, "https://" . $host . ":" . $port);
+      $count++;
+    }
+DONE:
+    $::symbol{urls_size}   = $count;
+
+#    if ($count == 0) {
+      $::symbol{disableClone} = 1;
+#    }
+
+    # XXX - how to deal with urls
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.subsystemtype.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm b/pki/base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
new file mode 100755
index 000000000..720093ac5
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/TKSInfoPanel.pm
@@ -0,0 +1,159 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+use URI::URL;
+
+package PKI::TPS::TKSInfoPanel;
+$PKI::TPS::TKSInfoPanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(5);
+    $self->{"getName"} = &PKI::TPS::Common::r("TKS Information");
+    $self->{"vmfile"} = "tksinfopanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: update");
+
+    my $count = defined($q->param('urls')) ? $q->param('urls') : "";
+    if ($count eq "") {
+        $::symbol{errorString} = "no TKS info provided.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+        return 0;
+    }
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: update - got urls = $count");
+
+    my $instanceID = $::config->get("service.instanceID");
+    my $host = "";
+    my $https_agent_port = "";
+    my $https_admin_port = "";
+
+    if ($count =~ /http/) {
+      # this is for pkisilent
+      my $info = new URI::URL($count);
+      $host = defined($info->host) ? $info->host : "";
+      $https_agent_port = defined($info->port) ? $info->port : "";
+      $https_admin_port = defined($q->param('adminport')) ? $q->param('adminport') : "";
+    } else {
+      $host = defined($::config->get("preop.securitydomain.tks$count.host")) ?
+          $::config->get("preop.securitydomain.tks$count.host") : "";
+      $https_admin_port = defined($::config->get("preop.securitydomain.tks$count.secureadminport")) ?
+          $::config->get("preop.securitydomain.tks$count.secureadminport") : "";
+      $https_agent_port = defined($::config->get("preop.securitydomain.tks$count.secureagentport")) ? 
+          $::config->get("preop.securitydomain.tks$count.secureagentport") : "";
+    }
+
+    if (($host eq "") || ($https_agent_port eq "")) {
+      $::symbol{errorString} = "no TKS found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+
+    if ($https_admin_port eq "") {
+      if ($count =~ /http/) {
+        $::symbol{errorString} = "TKS admin port must be provided";
+      } else {
+        $::symbol{errorString} = "TKS admin port not provided by security domain.";
+      } 
+      return 0;
+    }
+
+    my $subsystemCertNickName = $::config->get("preop.cert.subsystem.nickname");
+    $::config->put("preop.tksinfo.select", "https://$host:$https_admin_port");
+    $::config->put("conn.tks1.clientNickname", $subsystemCertNickName);
+    $::config->put("conn.tks1.hostport", $host . ":" . $https_agent_port); 
+    $::config->put("preop.tksinfo.done", "true");
+    $::config->commit();
+
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("TKSInfoPanel: display");
+    $::symbol{urls}        = [];
+    my $count = 0;
+    while (1) {
+      my $host = "";
+      $host = $::config->get("preop.securitydomain.tks$count.host");
+      if ($host eq "") {
+        goto DONE;
+      }
+      my $https_agent_port = $::config->get("preop.securitydomain.tks$count.secureagentport");
+      my $name = $::config->get("preop.securitydomain.tks$count.subsystemname");
+      $::symbol{urls}[$count++] = $name . " - https://" . $host . ":" . $https_agent_port;
+    }
+DONE:
+    $::symbol{urls_size}   = $count;
+    if ($count eq 0) {
+      $::symbol{errorString} = "no TKS found.  CA, TKS and optionally DRM must be installed prior to TPS installation";
+      return 0;
+    }
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.tksinfo.done");
+}
+
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/WelcomePanel.pm b/pki/base/tps/lib/perl/PKI/TPS/WelcomePanel.pm
new file mode 100755
index 000000000..a1c77e7cd
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/WelcomePanel.pm
@@ -0,0 +1,96 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+use strict;
+use warnings;
+use PKI::TPS::GlobalVar;
+use PKI::TPS::Common;
+
+package PKI::TPS::WelcomePanel;
+$PKI::TPS::WelcomePanel::VERSION = '1.00';
+
+use PKI::TPS::BasePanel;
+our @ISA = qw(PKI::TPS::BasePanel);
+
+sub new { 
+    my $class = shift;
+    my $self = {}; 
+
+    $self->{"isSubPanel"} = \&is_sub_panel;
+    $self->{"hasSubPanel"} = \&has_sub_panel;
+    $self->{"isPanelDone"} = \&is_panel_done;
+    $self->{"getPanelNo"} = &PKI::TPS::Common::r(0);
+    $self->{"getName"} = &PKI::TPS::Common::r("Welcome");
+    $self->{"vmfile"} = "welcomepanel.vm";
+    $self->{"update"} = \&update;
+    $self->{"panelvars"} = \&display;
+    bless $self,$class; 
+    return $self; 
+}
+
+sub is_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub has_sub_panel
+{
+    my ($q) = @_;
+    return 0;
+}
+
+sub validate
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: validate");
+    return 1;
+}
+
+sub update
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: update");
+    $::config->put("preop.welcome.done", "true");
+    $::config->commit();
+    return 1;
+}
+
+sub display
+{
+    my ($q) = @_;
+    &PKI::TPS::Wizard::debug_log("XXX " . $::config->get("logging.debug.enable"));
+    &PKI::TPS::Wizard::debug_log("WelcomePanel: display");
+    $::symbol{wizardname}  = "TPS Configuration Wizard";
+    $::symbol{systemname}  = "TPS";
+    $::symbol{fullsystemname}  = "Token Processing System";
+
+    return 1;
+}
+
+sub is_panel_done
+{
+   return $::config->get("preop.welcome.done");
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
new file mode 100755
index 000000000..db8b26526
--- /dev/null
+++ b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
@@ -0,0 +1,509 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+# wizard - 
+#  Fedora Certificate System - Token Processing System configuration wizard
+
+
+# This script is run as a 'mod_perl' CGI. Configure mod_perl by adding
+# the following to /etc/httpd/conf.d/perl.conf
+#
+# PerlModule ModPerl::Registry
+# PerlModule Apache::compat
+# PerlModule RHCS::TPS::Wizard
+# PerlSetEnv RHCS_DOCROOT /u/sparkins/t/cs_tip/certsystem/prj/common/ui
+# <Location /wizard>
+#    SetHandler perl-script
+#    PerlHandler RHCS::TPS::Wizard
+#    Order deny,allow
+#    Allow from all
+# </Location>
+
+
+# Note: The Velocity parser is not very helpful when it comes to
+# errors right now. Here are some common errors, and what they mean:
+#
+# ERROR:
+#    [Mon Apr 03 13:57:33 2006] [error] [client 172.16.24.26] 
+#    Can't use string ("0") as an ARRAY ref while "strict refs" 
+#    in use at /usr/lib/perl5/site_perl/5.8.5/Template/Velocity.pm
+#    line 423.\n, referer: http://chico/wizard?p=2
+# MEANING
+#    This probably means that your *.vm file refers to an array
+#    variable in a foreach statement that is not defined
+#    Check your foreach array variables.
+
+use warnings;
+use ModPerl::Registry;
+use Template::Velocity;
+use Getopt::Std;
+use Data::Dumper;
+use CGI::Carp qw(fatalsToBrowser);
+use CGI;
+use APR::Const    -compile => qw(:error SUCCESS);
+use PKI::TPS::GlobalVar;
+use PKI::TPS::WelcomePanel;
+use PKI::TPS::SecurityDomainPanel;
+use PKI::TPS::DisplayCertChainPanel;
+use PKI::TPS::SubsystemTypePanel;
+use PKI::TPS::CAInfoPanel;
+use PKI::TPS::TKSInfoPanel;
+use PKI::TPS::DRMInfoPanel;
+use PKI::TPS::DisplayCertChain2Panel;
+use PKI::TPS::AdminAuthPanel;
+use PKI::TPS::AgentAuthPanel;
+use PKI::TPS::AuthDBPanel;
+use PKI::TPS::DatabasePanel;
+use PKI::TPS::ModulePanel;
+use PKI::TPS::SizePanel;
+use PKI::TPS::NamePanel;
+use PKI::TPS::ConfigHSMLoginPanel;
+use PKI::TPS::CertRequestPanel;
+use PKI::TPS::AdminPanel;
+use PKI::TPS::ImportAdminCertPanel;
+use PKI::TPS::DonePanel;
+use PKI::TPS::Config;
+
+use PKI::TPS::Common qw(yes no r);
+
+package PKI::TPS::Wizard;
+$PKI::TPS::Wizard::VERSION = '1.00';
+
+# read configuration file
+my $flavor = "pki";
+$flavor =~ s/\n//g;
+
+my $pkiroot = $ENV{PKI_ROOT};
+
+my $config = PKI::TPS::Config->new();
+$config->load_file("$pkiroot/conf/CS.cfg");
+# read password cache file
+my $pwdconf = PKI::TPS::Config->new();
+$pwdconf->load_file("$pkiroot/conf/pwcache.conf");
+# SELinux disallows performing a "chmod" on this file
+if( $^O ne "linux" ) {
+    system( "chmod 00660 $pkiroot/conf/pwcache.conf" );
+}
+
+# create cfg debug log
+my $logfile = $config->get("service.instanceDir") .  "/logs/debug";
+system( "touch $logfile" );
+system( "chmod 00640 $logfile" );
+open( DEBUG, ">>" . $logfile ) ||
+warn( "Could not open '" . $logfile . "':  $!" );
+
+# apache server
+
+our $debug;
+
+my $STATUS_OK = 0; # Apache 2 needs this to be zero
+my $STATUS_ERROR = 2;
+my $STATUS_REDIRECT = 3;
+
+&debug_log("TPS wizard: starting up");
+  
+my $docroot = $ENV{PKI_DOCROOT};
+
+if (! $docroot) {
+    &debug_log("TPS wizard: ERROR: PKI_DOCROOT is null");
+    return 0;
+}
+
+our $parser = new Template::Velocity($docroot);
+our $symbol;
+our @certtags;
+
+makepanels();
+
+&debug_log("TPS wizard: start up complete");
+
+1;
+
+sub debug_log
+{
+  my ($msg) = @_;
+  my $date = `date`;
+  chomp($date);
+  if( -w $logfile ) {
+      print DEBUG "$date - $msg\n";
+  }
+}
+
+  # initializes entries in parser's global symbol table for panels
+sub makepanels
+{
+    #REAL PANELS BELOW
+    my $welcome = new  PKI::TPS::WelcomePanel();
+    my $securitydomain = new PKI::TPS::SecurityDomainPanel();
+    my $displaycertchain = new PKI::TPS::DisplayCertChainPanel();
+    my $subsystem = new PKI::TPS::SubsystemTypePanel();
+    my $cainfopanel = new PKI::TPS::CAInfoPanel();
+#    my $displaycertchain2 = new PKI::TPS::DisplayCertChain2Panel();
+    my $tksinfopanel = new PKI::TPS::TKSInfoPanel();
+    my $drminfopanel = new PKI::TPS::DRMInfoPanel();
+    my $authdbpanel = new  PKI::TPS::AuthDBPanel();
+    my $databasepanel = new  PKI::TPS::DatabasePanel();
+    my $modulepanel = new PKI::TPS::ModulePanel();
+    my $confighsmloginpanel = new PKI::TPS::ConfigHSMLoginPanel();
+    my $sizepanel   = new PKI::TPS::SizePanel();
+    my $namepanel   = new  PKI::TPS::NamePanel();
+    my $certrequestpanel = new  PKI::TPS::CertRequestPanel();
+    my $adminpanel = new PKI::TPS::AdminPanel();
+    my $importadmincertpanel = new  PKI::TPS::ImportAdminCertPanel();
+    my $donepanel = new PKI::TPS::DonePanel();
+
+    $symbol{panels}  = [ 
+        $welcome,           # com.netscape.cms.servlet.csadmin.WelcomePanel
+        $modulepanel,       # com.netscape.cms.servlet.csadmin.ModulePanel
+        $confighsmloginpanel,        # com.netscape.cms.servlet.csadmin.ConfigHSMLoginPanel
+        $securitydomain,    # com.netscape.cms.servlet.csadmin.SecurityDomainPanel
+        $displaycertchain,  # com.netscape.cms.servlet.csadmin.DisplayCertChainPanel
+        $subsystem,         # com.netscape.cms.servlet.csadmin.CreateSubsystemPanel
+        $cainfopanel,       # com.netscape.cms.servlet.csadmin.CAInfoPanel
+#        $displaycertchain2,  # com.netscape.cms.servlet.csadmin.DisplayCertChain2Panel
+        $tksinfopanel,       # com.netscape.cms.servlet.csadmin.TKSInfoPanel
+        $drminfopanel,       # com.netscape.cms.servlet.csadmin.DRMInfoPanel
+        $authdbpanel,     # com.netscape.cms.servlet.csadmin.DatabasePanel
+        $databasepanel,     # com.netscape.cms.servlet.csadmin.DatabasePanel
+        $sizepanel,         # com.netscape.cms.servlet.csadmin.SizePanel
+        $namepanel,         # com.netscape.cms.servlet.csadmin.NamePanel
+        $certrequestpanel,  # com.netscape.cms.servlet.csadmin.CertRequestPanel
+        $adminpanel,        # com.netscape.cms.servlet.csadmin.AdminPanel
+        $importadmincertpanel,  # com.netscape.cms.servlet.csadmin.ImportAdminCertPanel
+        $donepanel,         # com.netscape.cms.servlet.csadmin.DonePanel</param-value>
+    ];
+};
+
+sub render_panel
+{
+    my ($panelnum, $q) = @_;
+
+    $symbol{errorString} = "";
+
+    my $currentpanel;
+
+    if ($q->param('op') && $q->param('op') eq "next") {
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        my $status = "0";
+
+        if ($currentpanel->{update}) {
+            $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+
+        &debug_log("TPS wizard: about to find out about sub panel");
+        if ($status eq "1") {
+          if ($currentpanel->{hasSubPanel} && &{$currentpanel->{hasSubPanel}}($q)) {
+              &debug_log("TPS wizard: has sub panel");
+              $panelnum = $panelnum + 2;
+	  } elsif ($currentpanel->{isSubPanel} && &{$currentpanel->{isSubPanel}}($q)) {
+              &debug_log("TPS wizard: is sub panel");
+              $panelnum = $panelnum - 1;
+          } else {
+              &debug_log("TPS wizard: no sub panel and is not subpanel");
+              $panelnum = $panelnum + 1;
+          }
+        }
+    } elsif ($q->param('op') && $q->param('op') eq "back") {
+            $panelnum = $panelnum - 1;
+            #check if this a subpanel, if so, go back to it's parent.
+            #only handles one-deep at this point
+            my $panel = $symbol{panels}[$panelnum];
+            if (&{$panel->{isSubPanel}}($q)) {
+                $panelnum = $panelnum - 1;
+	    }
+    } elsif ($q->param('op') && $q->param('op') eq "apply") {
+        &debug_log("TPS wizard: update : apply button pressed");
+        $currentpanel = $symbol{panels}[$panelnum];
+        # validate variables for panel
+        if ($currentpanel->{validate}) {
+            $currentpanel->{validate}($q);
+        }
+        # execute current panel
+        if ($currentpanel->{update}) {
+            my $status = $currentpanel->{update}($q);
+            &debug_log("TPS wizard: update returns status '" . 
+			$status . "'");
+            if ($status == $STATUS_REDIRECT) {
+              return $STATUS_REDIRECT;
+            }
+           
+	}
+    }
+
+    &debug_log("TPS wizard: after looking into about sub panel");
+
+    # advance to next panel
+    $currentpanel = $symbol{panels}[$panelnum];
+
+    # initialize symbol table values
+    $symbol{showApplyButton} = "false";
+
+    # fill in variables for new panel
+    if ($currentpanel->{panelvars}) {
+        $Data::Dumper::Indent = 1;
+        # The '&debug_log("q=".Dumper($q));' call must be commented out to fix
+        # Bugzilla Bug #249923:  Incorrect file permissions on
+        #                        various files and/or directories 
+        # &debug_log("q=".Dumper($q));
+        $currentpanel->{panelvars}($q);
+    }
+
+    $symbol{panel} = "tps/admin/console/config/".$currentpanel->{vmfile};
+
+    #wizard.vm:
+    $symbol{name}    = "Token Processing System";
+    $symbol{title}   = $currentpanel->{getName}();
+    if ($panelnum == 0) {
+      $symbol{firstpanel} = "1";
+    } else {
+      $symbol{firstpanel} = "0";
+    }
+    if ($panelnum == 16) {
+      $symbol{lastpanel}  = "1";
+    } else {
+      $symbol{lastpanel}  = "0";
+    }
+    $symbol{p}        = $panelnum;
+    $symbol{subpanelno}        = $panelnum+1;
+    $symbol{productversion}    =  $::config->get("preop.product.version");
+    $symbol{csstate}        = "1";
+
+#    $symbol{urls}        = [ "cert1", "cert2" ];  #createsubsystem
+#    $symbol{urls_size}   = 2;
+#    $symbol{instanceId}  = "tps";
+#    $symbol{errorString}  = "";
+
+    #modulepanel
+#    $symbol{certs}   = [ ];
+#    $symbol{reqscerts}   = [ ];
+    $symbol{ppcerts}   = [ ];
+
+    return $STATUS_OK;
+}
+
+
+
+sub dbg {
+    my $msg = shift;
+    $::symbol{dbg} .= "$msg\n";
+}
+
+sub handler {
+    my $r = shift;
+
+    *::symbol = \%symbol;
+    *::s = \$s;
+    *::config = \$config;
+    *::pwdconf = \$pwdconf;
+
+    &debug_log("TPS wizard: in handler");
+    if ($#ARGV == -1) {
+        $r->send_http_header('text/html');
+    }
+
+    my $q = new CGI;
+
+    # check cookie
+    my $cookie = $q->cookie('pin');
+    my $pin = $::config->get("preop.pin");
+    if ($cookie ne $pin) {
+         print $q->redirect("login");
+         return;
+    }
+
+    # output http parameters
+    &debug_log("TPS wizard: uri='" . $ENV{REQUEST_URI} . "'");
+    my @pnames = $q->param();
+    foreach $pn (@pnames) {
+      # added this facility so that password can be hidden,
+      # all sensitive parameters should be prefixed with 
+      # __ (double underscores); however, in the event that
+      # a security parameter slips through, we perform multiple
+      # additional checks to insure that it is NOT displayed
+      if( $pn =~ /^__/                   ||
+          $pn =~ /password$/             ||
+          $pn =~ /passwd$/               ||
+          $pn =~ /pwd$/                  ||
+          $pn =~ /admin_password_again/i ||
+          $pn =~ /directoryManagerPwd/i  ||
+          $pn =~ /bindpassword/i         ||
+          $pn =~ /bindpwd/i              ||
+          $pn =~ /passwd/i               ||
+          $pn =~ /password/i             ||
+          $pn =~ /pin/i                  ||
+          $pn =~ /pwd/i                  ||
+          $pn =~ /pwdagain/i             ||
+          $pn =~ /uPasswd/i ) {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='(sensitive)'");
+      } else {
+        &debug_log("TPS wizard: http parameter name='" . $pn . "' value='" . $q->param($pn) . "'");
+      }
+    }
+
+    my $panelnum = $q->param('p');
+    if (!defined($panelnum) || $panelnum eq "") {
+      # Apache fails to pick up the p parameter after 
+      # redirecting from the security domain. This is 
+      # a quick hack to solve the issue.
+      if ($ENV{'QUERY_STRING'} ne "") {
+        $ENV{'QUERY_STRING'} =~ /p=([0-9]+)&/;
+        $panelnum = $1;
+      }
+    }
+
+    use subs qw(debug);
+    *debug = \&Template::Velocity::Executor::debug;
+
+    $::symbol{dbg} = "";
+
+    &debug_log("TPS wizard: before argparsing");
+    if ($#ARGV == -1) {
+     $Data::Dumper::Maxdepth = 7;
+        $startfile = "tps/admin/console/config/wizard.vm";
+    }
+
+    &debug_log("TPS wizard: setting up test objects");
+
+    #initialize from config file
+    my $certlist = $::config->get("preop.cert.list");
+    if ($certlist eq "") {
+       $certlist = "sslserver,subsystem"; 
+    }
+    @certtags = split(/,/, $certlist);
+    $numtags =  @certtags;
+    if ($numtags eq 0) {
+         @certtags = ("sslserver", "subsystem");
+    }
+    &debug_log("TPS wizard: found $numtags certtags");
+
+    if (! $panelnum) {
+        $panelnum = 0;
+    }
+
+    my $status = render_panel($panelnum, $q);
+    if ($status == 3) {
+        $r->header_out(Location => $symbol{redirect});
+        $r->status(301);
+        $r->send_http_header();
+        return;
+    }
+
+    use Data::Dumper;
+    &debug_log("TPS wizard: executing file $startfile");
+    foreach $q (sort keys %symbol) {
+        &debug_log("TPS wizard:/config/wizard?p=9&SecToken=NSS%20Generic%20Crypto%20Services sym{$q}=".$symbol{$q});
+    }
+
+    my $result;
+    if ($q->param('xml') && $q->param('xml') eq "true") {
+        $r->send_http_header('text/xml');
+        $result = "<xml>";
+        foreach $s (sort keys %symbol) {
+          if ($s =~ /^__/) {
+              next;
+          }
+          $result .= "<" . $s . ">"; 
+          my $v = $symbol{$s};
+          $result .= &get_xml($s, $v);
+          $result .= "</" . $s . ">"; 
+        }
+        $result .= "</xml>";
+    } else {
+      $result = $parser->execute_file($startfile);
+      if (!defined $result) {
+          die("Couldn't execute template file: $docroot/$startfile");
+      }
+    }
+
+    print "$result\n";
+    return $STATUS_OK;
+}
+
+sub escape_xml
+{
+  my ($v) = @_;
+  $v =~ s/\"/&quot;/g;
+  $v =~ s/\'/&apos;/g;
+  $v =~ s/\&/&amp;/g;
+  $v =~ s/</&lt;/g;
+  $v =~ s/>/&gt;/g;
+  return $v;
+}
+
+sub get_xml 
+{
+    my ($s, $v) = @_;
+
+    my $result;
+    if (ref($v) eq "HASH") {
+      foreach my $xkey (keys %$v) {
+              $result .= "<" . $xkey . ">";
+              $result .= &get_xml($xkey, $v{$xkey});
+          #    $result .= "-" . ref($xkey);
+              $result .= "</" . $xkey . ">";
+            }
+    } elsif (ref($v) eq "PKI::TPS::CertInfo") {
+              my $certinfo = $v;
+              $result .= "<certinfo>";
+              $result .= "<dn>" . $certinfo->get_dn() ."</dn>";
+              $result .= "<tag>" . $certinfo->get_cert_tag() . "</tag>";
+              $result .= "<friendly>" . $certinfo->get_user_friendly_name() .
+                             "</friendly>";
+              $result .= "</certinfo>";
+    } elsif (ref($v) eq "PKI::TPS::ReqCertInfo") {
+              my $reqcertinfo = $v;
+              $result .= "<reqcertinfo>";
+              $result .= "<name>" . $reqcertinfo->get_user_friendly_name() ."</name>";
+              $result .= "<req>" . $reqcertinfo->get_request() ."</req>";
+              $result .= "<cert>" . $reqcertinfo->get_cert() ."</cert>";
+              $result .= "<certpp>" . &escape_xml($reqcertinfo->get_cert_pp()) ."</certpp>";
+              $result .= "<tag>" . $reqcertinfo->get_cert_tag() ."</tag>";
+              $result .= "<dn>" . $reqcertinfo->get_cert_tag() ."</dn>";
+              $result .= "</reqcertinfo>";
+    } elsif (ref($v) eq "ARRAY") {
+            my $pos = 0;
+            foreach my $item (@$v) {
+              $result .= "<element>";
+              $result .= &get_xml("p" . $pos, $item);
+          #    $result .= "-" . ref($item);
+              $result .= "</element>";
+              $pos++;
+            }
+    } else {
+            $result .= &escape_xml($v);
+    }
+  return $result;
+}
+
+1;
diff --git a/pki/base/tps/lib/perl/Template/Velocity.pm b/pki/base/tps/lib/perl/Template/Velocity.pm
new file mode 100755
index 000000000..ea5eb6d72
--- /dev/null
+++ b/pki/base/tps/lib/perl/Template/Velocity.pm
@@ -0,0 +1,1052 @@
+#!/usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+use strict;
+
+package Template::Velocity::Executor;
+sub new;
+
+package Template::Velocity;
+
+
+# The Template::Velocity package implements a Template execution
+# engine similar to the Java Velocity package.
+
+use Parse::RecDescent;
+use Data::Dumper;
+
+
+$Template::Velocity::parser;
+
+our  $docroot="docroot";
+our  $parser;
+my %parsetrees = ();
+my $debugflag = 0;
+
+
+#GRAMMAR defined here
+
+my $vmgrammar = q{
+
+	{
+			use Data::Dumper;
+			sub Dumper
+			{
+				$::debugdumper = undef;
+				if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); }
+				else {""};
+			}
+
+	}
+	
+
+# Template is the top-level object
+	template: <skip:'[ \t]*'> section(s) /\Z/
+
+	section: blockdirective
+		   | nonblockdirective
+		   | plainline 
+
+	blockdirective: ifblock
+				  | foreachblock
+
+	plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/
+
+	HASH: '#'
+
+# HMM - this doesn't handle multiple variables on one line?
+	linecomp: variable 
+	        | <skip:'[ \t]*'> /[^\$\n]*/
+
+	nonblockdirective: '#' 'include' <commit> includeargs /\n*/ {  $item[4] ; }
+					 | '#' 'parse'   <commit> parseargs   /\n*/ {  $item[4] ; }
+					 | '#' 'set'     <commit> setargs     /\n*/ {  $item[4] ; }
+ 					 | <error:unknown command $text>
+
+
+	ifblock: ifdirective section(s) elseclause(?) enddirective 
+
+
+# this bubbles up the result of the expression inside the if()
+# which is from the 'ifargs' rule
+ 	ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+
+ 	enddirective: <skip:'[ \t]*'> '#' 'end' "\n"
+
+	elseclause: elsedirective section(s) 
+
+ 	elsedirective: '#' 'else' "\n"
+
+	foreachblock: foreachdirective section(s) enddirective
+
+ 	foreachdirective: '#' 'foreach' foreachargs "\n"
+
+   ifargs:        '(' expression ')' 
+			| <error:Argument to if must be an expression: $text>
+
+   foreachargs:   '(' variablename 'in' variable ')'
+			|  <error:Arguments to 'foreach' must be of form \$a in \$b: $text>
+
+   includeargs:   '(' string ')'
+			|  <error:invalid argument to include: $text>
+
+   parseargs:   '(' expression ')'
+			|  <error:invalid argument to parsearges: $text>
+
+
+   setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+			|  <error:Argument to set must be an assignment : $text>
+
+
+# expression evaluation
+
+# this goes roughly in order of precendence:
+#   ==
+#   &&, ||
+#   +, -
+#   *
+#   !
+
+# does not properly distinguish between lvalues and rvalues
+
+
+    expression: boolean
+			  | <error>
+
+
+    assignment: variablename '=' boolean 
+
+    boolean:    equality (boolean_operator equality)(?)
+
+	boolean_operator:     ( '&&' | '||' )
+
+	equality:   summation (equality_operator summation)(?)
+			
+
+	equality_operator:    ( '==' | '!=' )
+
+    summation:   product (summation_operator summation)(?)
+
+	summation_operator:   ( '+' | '-' )
+
+
+# must parenthesize operator '*' to get it to appear in the $item array
+
+    product:   negation ('*' product)(?)
+
+#XXX need to implement
+	negation:   notoperator(?) factor 
+
+	notoperator: "!"
+
+    factor:      number
+		|        string
+        |        variable
+
+
+
+#  These rules deal with variables
+#  handles $process
+#          $file.executablename
+#          $process.getpid()
+#          $person.getparent().getbrother().slap()
+#          $fred.getchildren()
+
+#   You'd make a dependency on the 'variable' rule if you want the value
+#   of the variable.
+#   You'd make a dependency on the 'variablename' rule if you want the
+#   name of the variable.
+#   (There's no real difference here - the expression evaluation is
+#   in the variable() subroutine)
+
+	variable:  variablename { ["variable", $item[1][1] ]; }
+
+	variablename: '$' identifier subfield(s?)
+		{
+			my $variableinfo = { 
+					top    => $item{identifier}, 
+					fields => $item{'subfield(s?)'}
+				};
+   			$return = [ "variablename", \$variableinfo ];
+		}
+
+	subfield:     '.' identifier arglist(?)
+		{
+			my $d;
+			my $a = $item{"arglist(?)"};
+			my $args;
+			
+			#::debug "arglist = ".Dumper($a)."\n";
+			if ($a) {
+
+				my ($argcount, $al, $alpresent);
+			
+				#$args = @{$a}->[2];
+				$args = $a->[0][2];
+				#::debug "arglist args=".Dumper($args)."\n";
+				$alpresent = $args;
+				$argcount = $#$args;
+				if ($alpresent && $argcount == -1) {
+					$args->[0] = [ ];
+				}
+			}
+
+			#::debug "arglist identifier=".$item{identifier}."\n";
+			$return = [ "subfield", { 
+					fieldname => $item{identifier},
+					arglist   => $args->[0],
+					} ];
+		}
+
+	arglist:      '(' list(?) ')'
+
+    list:         expression (',' list)(s?)
+	
+
+# Basic data types
+# identifiers, numbers and strings
+
+	identifier:  /[A-Za-z0-9_]+/ { $item[1]; }
+
+    number: /\d+/   {$item[1]; }
+
+	#XXX skip is all wrong here... should be in []
+    string:   <skip:'[ \t]'>   '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; }
+          |   <skip:'[ \t]'>   "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; }
+
+
+# other literals
+	whitespace:  /\s*/
+
+  
+};
+
+
+# Get a parser object (transforming the built-in text grammar into RecDescent
+# data structure). This object can be reused for parsing multiple velocity files
+sub new
+{
+	#$::debugflag = 0;
+	my $class = shift;
+	$docroot = shift;
+	undef $::RD_HINT;
+	undef $::RD_WARN;
+	#$::RD_TRACE = 1;
+	$parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; 
+	$Data::Dumper::Maxdepth = 1;;
+	my $self = {};
+	$self->{parser} = $parser;
+	# ugly - :-(
+	$Template::Velocity::parser = $parser;
+	bless $self, $class;
+	return $self;
+}
+
+
+# Execute a template.  Given a text string and a parser object, will return
+# a parse tree, useful for feeding into the executor.
+sub execute_string
+{
+	my $self = shift;
+	my $string = shift;
+	my $rule = shift;
+	if (! $rule ) { $rule = "template"; }
+	#print Dumper($self);
+
+	my $parser = $self->{parser};
+	my $parsetree = $parser->$rule($string);
+	my $executor = new Template::Velocity::Executor($parsetree, $parser );
+	
+	my @value = $executor->run();
+	#my @value = Template::Velocity::Executor::execute($parsetree, $parser);
+	my $value = shift @value;
+	return $value;
+}
+
+
+sub execute_file
+{
+
+	my $self = shift;
+	my $filename = shift;
+
+	my $rule;
+	my $tree = $parsetrees{$filename};
+
+	if (! $tree) {
+		$rule = "template";
+		open my $fh, "<$docroot/$filename" or return undef;
+		my $string = join "",<$fh>;
+		close $fh;
+		$tree = $parser->$rule($string);
+		$parsetrees{$filename} = $tree;
+	}
+	
+	my $executor = new Template::Velocity::Executor($tree, $parser );
+
+	my @value = $executor->run();
+	my $value = shift @value;
+	return $value;
+	
+
+}
+
+
+
+
+
+
+
+
+sub Dumper
+{
+ return "";
+ if ($::debugflag && $::debugdumper) { 
+	return Data::Dumper->Dump([@_]); 
+ }
+ else {""};
+}
+
+
+
+
+# This autoaction returns an array of each parse element
+# The net result is a parse tree
+# I couldn't use <autotree> because I wanted to preserve
+# the order of the elements, and <autotree> returns a
+# hashtable, not an array
+
+$::RD_AUTOACTION = q{
+   [@item];
+};
+
+# debug flags set here
+
+
+
+
+
+
+#########   EXECUTE FUNCTIONS
+
+
+# These functions deal with executing the velocity parse tree
+{
+	package Template::Velocity::Executor::Rules;
+	use Data::Dumper;
+
+	# this imports symbols from these other packages, so
+    # we don't have to always use the fully-qualified names
+	*exe_all      = \&Template::Velocity::Executor::exe_all;
+	*exe_optional = \&Template::Velocity::Executor::exe_optional;
+	*execute      = \&Template::Velocity::Executor::execute;
+	*debug        = \&Template::Velocity::Executor::debug;
+	*indent       = \&Template::Velocity::Executor::indent;
+	*deindent     = \&Template::Velocity::Executor::deindent;
+#XXX probably should be $, not &
+	*docroot      = \&Template::Velocity::docroot;
+
+	sub Dumper
+	{
+		return "";
+ 		if ($::debugflag && $::debugdumper) { return Dumper(@_); }
+ 		else {""};
+	}
+
+	#template: <skip:'[ \t]*'> section(s) /\Z/
+	sub template {
+		my $f = "template";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		debug ("sections is a: ".(ref $sections)." - it should be an array\n");
+		my $r= ( join "", @{$item[2]});
+		return $r;
+	}
+	
+
+	#linecomp: variable 
+	#        | <skip:'[ \t]*'> /[^\$\n]*/
+	sub linecomp {
+		my $item;
+		debug ("linecomp: _[2] = '".$_[2]."'\n");
+		if ($_[2]) {
+			debug ("linecomp: inside if\n");
+			$item = $_[1].$_[2];
+		} else {
+			debug ("linecomp: inside else{\n");
+			($item) = exe_all($_[1]);
+			debug ("linecomp: end of else}\n");
+			debug ("linecomp: item =\n".Dumper($item)."\n");
+		}
+		debug ("linecomp: returning $item\n");
+		return $item;
+	}
+
+	# plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/
+	sub plainline {
+		my @item = exe_all(@_);
+		debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n");
+		my $r = join "", @{$item[4]};
+		debug ("$::level in plainline - joined as: $r\n");
+		$r = $item[2] . $r. $item[5];
+		debug ("$::level in plainline - returning : $r\n");
+		return $r;
+	}
+
+	sub expression {
+		debug ("$::level expression  = ".Dumper($_[1])."\n");
+		my ($item) = exe_all($_[1]);
+		debug ("$::level expression returning $item\n");
+		return $item;
+	}
+
+	#foreachblock: foreachdirective section(s) enddirective
+	sub foreachblock {
+		my $f = "foreachblock";
+		debug ("$::level $f started!\n");
+		my ($directive)  = exe_all($_[1]);
+		debug ("$::level $f directive = \n".Dumper($directive)."\n");
+		my ($variable, $list) = @{$directive};
+		my $variablename = $$variable->{top};
+		debug ("$::level $f variable = $variablename\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+
+		my $result = "";
+		foreach my $q (@{$list}) {
+			debug ("$::level $f q=$q\n");
+			$::symbol{$variablename} = $q;
+			debug ("$::level $f setting variable $variablename = $q\n");
+			
+			my ($sections)  = exe_all($_[2]);
+			debug ("$::level $f sections was: ".Dumper($sections)."\n");
+			$result .= join "",@{$sections};
+		}
+		return $result;
+	}
+
+ 	#foreachdirective: '#' 'foreach' foreachargs "\n"
+	sub foreachdirective {
+		my ($item) = exe_all($_[3]);
+		return $item;
+	}
+
+    #foreachargs:   '(' variablename 'in' expression ')'
+	sub foreachargs {
+		my $f = "foreachargs";
+		my ($variable, $list) = exe_all($_[2], $_[4]);
+		debug ("$::level $f variable = \n".Dumper($variable)."\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+		return [$variable, $list];
+	}
+
+	# XXX if block should only execute section(s) if if arg is positve)
+	# likewise for else
+	#ifblock: ifdirective section(s) elseclause(?) enddirective 
+	sub ifblock {
+		my $f = "ifblock";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		my $else = $item[3];
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		debug ("$::level   item1: if expression = ".$item[1]."\n");
+		debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n");
+		my $r= ( 
+				$item[1]>0 ?                           # if expression
+					(join "", @{$item[2]}) : 
+					($item[3] ? join "",@{$item[3]} : "")
+			   );
+		# this is not quite right ... elseclause returns a scalar (it joins the sections)
+		# so why do I have to join again here? possibly because it's a '?'
+		return $r;
+	}
+
+	#elseclause: elsedirective section(s) 
+	sub elseclause {
+		my $f = "elseclause";
+		my ($sections) = exe_all($_[2]);
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		my $return = join "", @{$sections};
+		debug ("$::level $f returning: $return\n");
+		return $return;
+	}
+
+	sub ifargs {
+		debug ("$::level ifargs [2] = ".Dumper($_[2])."\n");
+		my ($item) = exe_all($_[2]);
+		debug ("$::level item  = ".Dumper($item)."\n");
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifargs returning $r\n");
+		return $r;
+	}
+
+ 	#ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+	sub ifdirective {
+		my ($item) = exe_all($_[4]);
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifdirective returning $r\n");
+		return $r;
+	}
+
+    #boolean:    equality (boolean_operator equality)(?)
+	sub boolean {
+		my $f = "boolean";
+		my ($equality, $alt) = ( execute($_[1]), $_[2]);
+		my $r = $equality;
+		if (scalar @$alt) {
+			my ($op, $equality2) = exe_optional($alt, 1,2);
+
+			if ($op eq '&&') { 
+				$r = $equality && $equality2;
+			}
+			if ($op eq '||') {
+				$r = $equality || $equality2;
+			}
+		}
+
+		return $r;
+	}
+
+
+    #summation:   product (summation_operator summation)(?)
+	sub summation {
+		#my @item = exe_all(@_);
+		my $f = "summation";
+		my ($product, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f - product = $product, alternation = $alt\n");
+		debug("$::level $f - alternation = \n".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $summation) = exe_optional($alt, 1,2);
+
+			if ($operator eq '+') { return $product + $summation;
+			} else { return $product - $summation; }
+		} else {
+			return $product;
+		}
+	}
+
+	
+
+	#equality:   summation (equality_operator summation)(?)
+	sub equality {
+		my $f = "equality";
+		my ($summation, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($operator, $summation2) = exe_optional($alt, 1,2);
+
+			# string comparison used, so (0.0) is NOT equal to (0)
+			if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; }
+			else { return ($summation eq $summation2) ? 0:1; }
+		} else {
+			return $summation;
+		}
+	}
+
+
+	sub product {
+		my $f = "product";
+		my ($negation, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f negation = $negation, alternation = $alt\n");
+		debug("$::level $f - alternation = ".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $product) = exe_optional($alt,1,2);
+			return ($negation * $product);
+		} else {
+			return $negation;
+		}
+	}
+
+	sub factor {
+		my ($value) = exe_all($_[1]);
+		return $value;
+	}
+
+	#negation:   notoperator(?) factor 
+	sub negation {
+		debug ("$::level in negation... input = ".(join ",",@_)."\n");
+		#my @item = exe_all(@_);
+		my ($alt, $value) = ( $_[1], execute($_[2]) );
+		debug ("$::level negation: alternation= $alt\n");
+		debug ("$::level negation: value = $value\n");
+		my $operator = execute($alt->[0][1]);
+
+		my $r;
+		if ($operator && $operator eq '!') {
+			if ($value ) { $r = 0; }
+			else { $r = 1; }
+			debug ("$::level negation: inverting\n");
+		} else {
+			debug ("$::level negation: not inverting\n");
+			$r = $value;
+		}
+		debug ("$::level negation: returning $r\n");
+		return $r;
+	}
+
+   #setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+	sub setargs {
+		my $f = "setargs";
+		my ($args) = exe_all($_[3]);
+		debug("$::level $f args = \n".Dumper($args)."\n");
+		my ($variable, $value) = @{$args};
+		debug("$::level $f variable type =".(ref $variable)."\n");
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $symbolname = $$variable->{top};
+		debug("$::level $f setting variable '$symbolname' = $value\n");
+		$::symbol{$symbolname} = $value;
+		return "";
+	}
+
+    #assignment: variablename '=' boolean 
+	sub assignment { 
+		my $f = "assignment";
+		my ($variable, $value) = exe_all($_[1],$_[3]);
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $r = [ $variable, $value ];
+		debug("$::level $f returning: \n".Dumper($r)."\n");
+		return $r;
+	}
+
+   	#includeargs:   '(' string ')'
+	sub includeargs {
+		my $f = "includeargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("including file: $filename\n");
+		open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		my $file = join "", <$fh>;
+		close FILE;
+		
+		return $file;
+	}
+
+	sub parseargs {
+		my $f = "parseargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("parsing file: $filename\n");
+		
+		#open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		#my $file = join "", <$fh>;
+		#close FILE;
+
+		#my $parsetree = $Template::Velocity::parser->template($file);
+		#my @value = execute($parsetree);
+		#my $value = shift @value;
+
+		my @value = Template::Velocity::execute_file(undef,$filename);
+		my $value = shift @value;
+
+		return $value;
+	}
+
+# variables
+
+# variables
+# this rule converts a variable name/identifier into its value
+# $main.subfield(argument1,argument2).subfield2(arg1,arg2)
+# There are two data structures at work here.
+#  1. the data structure specifying the variable name to be queried
+# this represents  $a.b.c(100,9,5,4)
+#{
+# 'top' => 'a'
+# 'fields' => [
+#   { 'fieldname' => 'b', 'arglist' => undef },
+#   { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], }
+#   ],
+#}
+#  2. Data structure specifying the symbol table
+
+# return value could be:
+#  a scalar: either a string/number value or reference to an array of values
+#  an array
+ 
+	sub  variable {
+# look up the root object in the symbol table
+		my $f = "variable";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		debug("$::level $f var=\n".Dumper($var)."\n");
+# $$var works with # 27:   '#set (\$a=1+3)\n\$a\n'
+#0  REF(0x8fa0510)
+#   -> HASH(0x8fa1454)
+#        'fields' => ARRAY(0x8fa8c08)
+#            empty array
+#        'top' => 'a'
+
+# $var works with # 25:   '$employee.add(100,4+5,2+3,4,4,5,6)'
+#DB<2> x $var
+#0  HASH(0x9c7a340)
+#  'fields' => ARRAY(0xa06e7d8)
+#  0  ARRAY(0xa06e9ac)
+#     0  'subfield'
+#     1  HASH(0xa06e880)
+#        'arglist' => ARRAY(0xa074184)
+
+		my $top    = $$var->{top};    # name of the root object
+			debug("$::level $f top=\n".Dumper($top)."\n");
+		my $fields  = $$var->{fields}; # array of the subidentifiers
+			my $val    = "";
+
+		debug("$::level $f - top_id = $top\n");
+		debug("$::level $f : var: \n".Dumper($var)."\n");
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+
+
+		debug("$::level $f : top = ".$top."\n");
+		if (! defined $::symbol{$top} ) {
+# XXX
+			debug ("symbol table = ",(join ",",sort keys %::symbol)."\n");
+			debug ("undefined variable: $top\n");
+			return 0;
+		}
+		debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n");
+		$val = $::symbol{$top};
+		debug("$::level $f val before: \n".Dumper($val)."\n");
+
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+		my $pass = 1;
+		foreach my $field (@$fields) {
+			my $args;
+
+			my ($fieldname, $values);
+			{
+				debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n");
+				debug("$::level $f before strip field = \n".Dumper($field)."\n");
+#shift @$fn;   # 'subfield' string
+#$fn = $fn->[0];
+#$fn = [ (@{$fn}) ];
+#shift @$fn;
+				debug("$::level $f after strip fn = \n".Dumper($field)."\n");
+
+				$fieldname = $field->[1]->{fieldname};
+				debug("$::level $f processing field: $fieldname\n");
+				$args= $field->[1]->{arglist};
+
+
+# convert the argument list (which could be expressions, other
+# variables, etc) into raw values
+				if ($args) {
+					debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n");
+					($values) = execute($args);
+					debug("$::level $f returned values:\n".Dumper($values)."\n");
+				}
+			}
+
+			debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n");
+
+#call the function
+			if (ref $val) {
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				if ($args) {
+					debug("$::level $f: function call\n");
+#$val = $$val->$fieldname ($args);    # method call
+					my $func = $val->{$fieldname};    # method call
+					debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n");
+					no strict;
+					$val = &$func($val, @$values);
+					debug("$::level $f: $fieldname result=$val\n");
+					debug("$::level $f: $fieldname result=\n".Dumper($val)."\n");
+
+				} else {
+					&::debug("$::level $f: plain field access\n");
+					if (ref $val eq "REF") {
+						$val = $$val->{$fieldname};  # field access
+					} else {
+						$val = $val->{$fieldname};  # field access
+					}
+				}
+				debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n");
+			} 
+			$pass++;
+
+		}
+
+		return $val;
+	}
+
+	#$return = [ "variablename", \$variableinfo ];
+	sub  variablename {
+		my $f = "variablename";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		return $var;
+	}
+
+	#arglist:      '(' list(?) ')'
+	sub arglist {
+		my ($list) = exe_all($_[2]);
+		debug("$::level list: ".Dumper($list)."\n");
+		if ($list) {
+			my $ll = $list->[0];
+			debug("$::level ll \n".Dumper($ll)."\n");
+			debug("$::level \$\$list: \n");
+			return $ll;
+		}
+		return undef;
+	}
+
+    #list:         expression (',' list)(s?)
+	sub list {
+		my ($expr, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($list) = exe_optional($alt, 2);
+
+			debug("$::level list: expr: $expr\n");
+			debug("$::level list: list: $list\n:");
+			debug("$::level list ".Dumper($list)."\n");
+			my $r = [ $expr, (@$list) ];
+			return $r;
+		}
+		debug("$::level returning simple expression: $expr\n:");
+		return [$expr];
+	}
+
+	
+
+	sub _default {
+		debug ("$::level default rule {\n");
+		indent();
+		debug ("$::level parsing parameters\n");
+		my @item = exe_all(@_);
+		debug ("$::level default rule - last item in array is: ".$item[$#item]."\n");
+		my $r = join "",@item[1..$#item];
+		debug ("$::level default rule - returning: $r\n");
+		deindent();
+		debug ("$::level }\n");
+		return $r;
+
+	}
+
+
+}
+
+
+package Template::Velocity::Executor;
+
+use Data::Dumper;
+
+
+
+sub new
+{
+	my $class = shift;
+
+	my $parsetree = shift;
+	my $parser    = shift;
+
+	my $self = {};
+	$self->{parser} = $parser;
+	$self->{parsetree} = $parsetree;
+	bless $self, $class;
+	return $self;
+}
+
+
+sub run {
+	my $self = shift;
+
+	return (execute($self->{parsetree}));
+}
+
+
+
+my $level = " ";
+
+sub debug {
+	if ($::debugflag) {
+		print @_;
+	}
+}
+
+# This basically all works calling execute($parsetree).
+# Execute will look the Parsetree, which is built by a special autoaction
+#
+# It will call top-down, into functions called 'Executor::XXX', (where XXX is
+# the name of the production)
+#
+# Additional trees, representing child productions, will be passed in
+# as arguments to the Executor::XXX function. These arguments be processed
+# before the Executor::XXX function can proceed.
+#
+# If no such function is present, Executor:_default will be run
+# 
+# To process the arguments, use this in the Executor function:
+#     my @item = exe(@_);
+# Which will give you an @item array similar to that in the RD rules, one
+# exception being that productions which return arrays are flattened into
+# the @item array. (bad idea?)
+# 
+
+
+
+# executes a parsetree (gotten as a result of calling recdescent $parser->rule()
+# and returns the string value of the result.
+
+sub Dumper {
+ "";
+}
+
+sub execute {
+		my $result;
+		my $tree = shift;   # a reference to a tree is passed in
+		debug "$level execute: {\n";	
+		indent();
+		debug ("$level tree = \n".Dumper($tree)."\n");
+
+# there are 3 possible things this tree could be:
+
+# 1 a scalar .. in which case this rule represents a literal, and the
+#              the literal is just returned
+#
+# 2 an array of the form (array, ...)   - in which case this is the result of a production
+#                                         which returned an array of trees. This happens
+#                                         if you specify (s), (?), etc, in a production.
+# 3 an array of the form (scalar, ...)  - in which case this refers to a subrule
+# 
+
+# case 1...
+		my $type = ref $tree;
+		if ($type) {
+			debug "\n$level tree type: ".(ref $tree)." \n";
+		} else {
+			debug "\n$level tree type: scalar \n";
+		}
+		if ($type ne "ARRAY") {
+			debug "$level   returning literal: '$tree'\n";
+			deindent();
+			debug "$level }\n\n";
+			return $tree;
+		}
+
+		my @result;
+
+# if this tree is the result of a auto-generated rule (e.g. alternation)
+# then tree[0] is not a name.. it is an array. just call the default action with
+# the arguments
+
+		my $rule = @{$tree}->[0];   # rule name is first
+
+		if ($rule && ref $rule eq "ARRAY") {    # case 2
+			debug "$level element[0] is an array (case 2) \n";
+			debug "$level contents of input: \n".Dumper(\@{$tree})."\n";
+			#@result = exe(@{$rule});
+			debug "$level running exe on the array..\n";
+		# not sure about this...
+			@result = (exe_all(@{$tree}));
+			debug "$level contents of output: \n".Dumper(\@result)."\n";
+			#shift @result;   # get rid of function name
+			$result = \@result;
+			
+		} else {                                # case 3
+			my @args = @{$tree};
+
+			debug "$level rule is a function to execute (case 3): '$rule'\n";
+			indent();
+			my $qr = "Template::Velocity::Executor::Rules::$rule";
+			if (defined &$qr) {
+				no strict ;
+				$result = (&$qr(@args));
+			} else {
+				debug "$level no function defined for: '$rule' - calling default action\n";
+				$result = Template::Velocity::Executor::Rules::_default(@args);
+			}
+		}
+		deindent();
+		debug "$level function: $rule returned=\n".Dumper($result)."\n";
+
+		debug "$level }\n";
+		return $result;
+
+		}
+
+# these hold and set the current indent level. It's only used for nested debug messages
+sub indent {
+	if (!$debugflag) { return; }
+	$level .= "  ";
+	$Data::Dumper::Pad = $level."  ";
+}
+sub deindent {
+	if (!$debugflag) { return; }
+	$level = substr ($level,0,-2);
+	$Data::Dumper::Pad = $level."  ";
+}
+
+
+sub exe_optional {
+	my @r;
+	my $f = shift;
+	foreach my $q (@_) {
+		debug("$level: getting arg# $q\n");
+		push @r, execute($f->[0][$q]);
+	}
+	return @r;
+}
+
+# exe: for each argument, run the 'execute' function
+#
+
+sub exe_all {
+	my $d = $Data::Dumper::Maxdepth;
+	$Data::Dumper::Maxdepth = 9;
+	debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n";
+	my @r;
+	indent();
+
+	foreach my $i (@_) {
+		push @r, execute($i);
+	}
+	deindent();
+	debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n";
+	$Data::Dumper::Maxdepth = $d;
+	return @r;
+}
+
+
+
+
+
+#package RHCS::TPS::GlobalVar;
+
+#sub new { my $self = {}; bless $self; return $self; }
+
+
+1;
+
diff --git a/pki/base/tps/ltmain.sh b/pki/base/tps/ltmain.sh
new file mode 100644
index 000000000..a72f2fd78
--- /dev/null
+++ b/pki/base/tps/ltmain.sh
@@ -0,0 +1,8406 @@
+# Generated from ltmain.m4sh.
+
+# ltmain.sh (GNU libtool) 2.2.6b
+# Written by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+
+# Copyright (C) 1996, 1997, 1998, 1999, 2000, 2001, 2003, 2004, 2005, 2006, 2007 2008 Free Software Foundation, Inc.
+# This is free software; see the source for copying conditions.  There is NO
+# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+
+# GNU Libtool is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# As a special exception to the GNU General Public License,
+# if you distribute this file as part of a program or library that
+# is built using GNU Libtool, you may include this file under the
+# same distribution terms that you use for the rest of that program.
+#
+# GNU Libtool is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with GNU Libtool; see the file COPYING.  If not, a copy
+# can be downloaded from http://www.gnu.org/licenses/gpl.html,
+# or obtained by writing to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Usage: $progname [OPTION]... [MODE-ARG]...
+#
+# Provide generalized library-building support services.
+#
+#     --config             show all configuration variables
+#     --debug              enable verbose shell tracing
+# -n, --dry-run            display commands without modifying any files
+#     --features           display basic configuration information and exit
+#     --mode=MODE          use operation mode MODE
+#     --preserve-dup-deps  don't remove duplicate dependency libraries
+#     --quiet, --silent    don't print informational messages
+#     --tag=TAG            use configuration variables from tag TAG
+# -v, --verbose            print informational messages (default)
+#     --version            print version information
+# -h, --help               print short or long help message
+#
+# MODE must be one of the following:
+#
+#       clean              remove files from the build directory
+#       compile            compile a source file into a libtool object
+#       execute            automatically set library path, then run a program
+#       finish             complete the installation of libtool libraries
+#       install            install libraries or executables
+#       link               create a library or an executable
+#       uninstall          remove libraries from an installed directory
+#
+# MODE-ARGS vary depending on the MODE.
+# Try `$progname --help --mode=MODE' for a more detailed description of MODE.
+#
+# When reporting a bug, please describe a test case to reproduce it and
+# include the following information:
+#
+#       host-triplet:	$host
+#       shell:		$SHELL
+#       compiler:		$LTCC
+#       compiler flags:		$LTCFLAGS
+#       linker:		$LD (gnu? $with_gnu_ld)
+#       $progname:		(GNU libtool) 2.2.6b
+#       automake:		$automake_version
+#       autoconf:		$autoconf_version
+#
+# Report bugs to <bug-libtool@gnu.org>.
+
+PROGRAM=ltmain.sh
+PACKAGE=libtool
+VERSION=2.2.6b
+TIMESTAMP=""
+package_revision=1.3017
+
+# Be Bourne compatible
+if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on ${1+"$@"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '${1+"$@"}'='"$@"'
+  setopt NO_GLOB_SUBST
+else
+  case `(set -o) 2>/dev/null` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# NLS nuisances: We save the old values to restore during execute mode.
+# Only set LANG and LC_ALL to C if already set.
+# These must not be set unconditionally because not all systems understand
+# e.g. LANG=C (notably SCO).
+lt_user_locale=
+lt_safe_locale=
+for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+do
+  eval "if test \"\${$lt_var+set}\" = set; then
+          save_$lt_var=\$$lt_var
+          $lt_var=C
+	  export $lt_var
+	  lt_user_locale=\"$lt_var=\\\$save_\$lt_var; \$lt_user_locale\"
+	  lt_safe_locale=\"$lt_var=C; \$lt_safe_locale\"
+	fi"
+done
+
+$lt_unset CDPATH
+
+
+
+
+
+: ${CP="cp -f"}
+: ${ECHO="echo"}
+: ${EGREP="/bin/grep -E"}
+: ${FGREP="/bin/grep -F"}
+: ${GREP="/bin/grep"}
+: ${LN_S="ln -s"}
+: ${MAKE="make"}
+: ${MKDIR="mkdir"}
+: ${MV="mv -f"}
+: ${RM="rm -f"}
+: ${SED="/bin/sed"}
+: ${SHELL="${CONFIG_SHELL-/bin/sh}"}
+: ${Xsed="$SED -e 1s/^X//"}
+
+# Global variables:
+EXIT_SUCCESS=0
+EXIT_FAILURE=1
+EXIT_MISMATCH=63  # $? = 63 is used to indicate version mismatch to missing.
+EXIT_SKIP=77	  # $? = 77 is used to indicate a skipped test to automake.
+
+exit_status=$EXIT_SUCCESS
+
+# Make sure IFS has a sensible default
+lt_nl='
+'
+IFS=" 	$lt_nl"
+
+dirname="s,/[^/]*$,,"
+basename="s,^.*/,,"
+
+# func_dirname_and_basename file append nondir_replacement
+# perform func_basename and func_dirname in a single function
+# call:
+#   dirname:  Compute the dirname of FILE.  If nonempty,
+#             add APPEND to the result, otherwise set result
+#             to NONDIR_REPLACEMENT.
+#             value returned in "$func_dirname_result"
+#   basename: Compute filename of FILE.
+#             value retuned in "$func_basename_result"
+# Implementation must be kept synchronized with func_dirname
+# and func_basename. For efficiency, we do not delegate to
+# those functions but instead duplicate the functionality here.
+func_dirname_and_basename ()
+{
+  # Extract subdirectory from the argument.
+  func_dirname_result=`$ECHO "X${1}" | $Xsed -e "$dirname"`
+  if test "X$func_dirname_result" = "X${1}"; then
+    func_dirname_result="${3}"
+  else
+    func_dirname_result="$func_dirname_result${2}"
+  fi
+  func_basename_result=`$ECHO "X${1}" | $Xsed -e "$basename"`
+}
+
+# Generated shell functions inserted here.
+
+# Work around backward compatibility issue on IRIX 6.5. On IRIX 6.4+, sh
+# is ksh but when the shell is invoked as "sh" and the current value of
+# the _XPG environment variable is not equal to 1 (one), the special
+# positional parameter $0, within a function call, is the name of the
+# function.
+progpath="$0"
+
+# The name of this program:
+# In the unlikely event $progname began with a '-', it would play havoc with
+# func_echo (imagine progname=-n), so we prepend ./ in that case:
+func_dirname_and_basename "$progpath"
+progname=$func_basename_result
+case $progname in
+  -*) progname=./$progname ;;
+esac
+
+# Make sure we have an absolute path for reexecution:
+case $progpath in
+  [\\/]*|[A-Za-z]:\\*) ;;
+  *[\\/]*)
+     progdir=$func_dirname_result
+     progdir=`cd "$progdir" && pwd`
+     progpath="$progdir/$progname"
+     ;;
+  *)
+     save_IFS="$IFS"
+     IFS=:
+     for progdir in $PATH; do
+       IFS="$save_IFS"
+       test -x "$progdir/$progname" && break
+     done
+     IFS="$save_IFS"
+     test -n "$progdir" || progdir=`pwd`
+     progpath="$progdir/$progname"
+     ;;
+esac
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed="${SED}"' -e 1s/^X//'
+sed_quote_subst='s/\([`"$\\]\)/\\\1/g'
+
+# Same as above, but do not quote variable references.
+double_quote_subst='s/\(["`\\]\)/\\\1/g'
+
+# Re-`\' parameter expansions in output of double_quote_subst that were
+# `\'-ed in input to the same.  If an odd number of `\' preceded a '$'
+# in input to double_quote_subst, that '$' was protected from expansion.
+# Since each input `\' is now two `\'s, look for any number of runs of
+# four `\'s followed by two `\'s and then a '$'.  `\' that '$'.
+bs='\\'
+bs2='\\\\'
+bs4='\\\\\\\\'
+dollar='\$'
+sed_double_backslash="\
+  s/$bs4/&\\
+/g
+  s/^$bs2$dollar/$bs&/
+  s/\\([^$bs]\\)$bs2$dollar/\\1$bs2$bs$dollar/g
+  s/\n//g"
+
+# Standard options:
+opt_dry_run=false
+opt_help=false
+opt_quiet=false
+opt_verbose=false
+opt_warning=:
+
+# func_echo arg...
+# Echo program name prefixed message, along with the current mode
+# name if it has been set yet.
+func_echo ()
+{
+    $ECHO "$progname${mode+: }$mode: $*"
+}
+
+# func_verbose arg...
+# Echo program name prefixed message in verbose mode only.
+func_verbose ()
+{
+    $opt_verbose && func_echo ${1+"$@"}
+
+    # A bug in bash halts the script if the last line of a function
+    # fails when set -e is in force, so we need another command to
+    # work around that:
+    :
+}
+
+# func_error arg...
+# Echo program name prefixed message to standard error.
+func_error ()
+{
+    $ECHO "$progname${mode+: }$mode: "${1+"$@"} 1>&2
+}
+
+# func_warning arg...
+# Echo program name prefixed warning message to standard error.
+func_warning ()
+{
+    $opt_warning && $ECHO "$progname${mode+: }$mode: warning: "${1+"$@"} 1>&2
+
+    # bash bug again:
+    :
+}
+
+# func_fatal_error arg...
+# Echo program name prefixed message to standard error, and exit.
+func_fatal_error ()
+{
+    func_error ${1+"$@"}
+    exit $EXIT_FAILURE
+}
+
+# func_fatal_help arg...
+# Echo program name prefixed message to standard error, followed by
+# a help hint, and exit.
+func_fatal_help ()
+{
+    func_error ${1+"$@"}
+    func_fatal_error "$help"
+}
+help="Try \`$progname --help' for more information."  ## default
+
+
+# func_grep expression filename
+# Check whether EXPRESSION matches any line of FILENAME, without output.
+func_grep ()
+{
+    $GREP "$1" "$2" >/dev/null 2>&1
+}
+
+
+# func_mkdir_p directory-path
+# Make sure the entire path to DIRECTORY-PATH is available.
+func_mkdir_p ()
+{
+    my_directory_path="$1"
+    my_dir_list=
+
+    if test -n "$my_directory_path" && test "$opt_dry_run" != ":"; then
+
+      # Protect directory names starting with `-'
+      case $my_directory_path in
+        -*) my_directory_path="./$my_directory_path" ;;
+      esac
+
+      # While some portion of DIR does not yet exist...
+      while test ! -d "$my_directory_path"; do
+        # ...make a list in topmost first order.  Use a colon delimited
+	# list incase some portion of path contains whitespace.
+        my_dir_list="$my_directory_path:$my_dir_list"
+
+        # If the last portion added has no slash in it, the list is done
+        case $my_directory_path in */*) ;; *) break ;; esac
+
+        # ...otherwise throw away the child directory and loop
+        my_directory_path=`$ECHO "X$my_directory_path" | $Xsed -e "$dirname"`
+      done
+      my_dir_list=`$ECHO "X$my_dir_list" | $Xsed -e 's,:*$,,'`
+
+      save_mkdir_p_IFS="$IFS"; IFS=':'
+      for my_dir in $my_dir_list; do
+	IFS="$save_mkdir_p_IFS"
+        # mkdir can fail with a `File exist' error if two processes
+        # try to create one of the directories concurrently.  Don't
+        # stop in that case!
+        $MKDIR "$my_dir" 2>/dev/null || :
+      done
+      IFS="$save_mkdir_p_IFS"
+
+      # Bail out if we (or some other process) failed to create a directory.
+      test -d "$my_directory_path" || \
+        func_fatal_error "Failed to create \`$1'"
+    fi
+}
+
+
+# func_mktempdir [string]
+# Make a temporary directory that won't clash with other running
+# libtool processes, and avoids race conditions if possible.  If
+# given, STRING is the basename for that directory.
+func_mktempdir ()
+{
+    my_template="${TMPDIR-/tmp}/${1-$progname}"
+
+    if test "$opt_dry_run" = ":"; then
+      # Return a directory name, but don't create it in dry-run mode
+      my_tmpdir="${my_template}-$$"
+    else
+
+      # If mktemp works, use that first and foremost
+      my_tmpdir=`mktemp -d "${my_template}-XXXXXXXX" 2>/dev/null`
+
+      if test ! -d "$my_tmpdir"; then
+        # Failing that, at least try and use $RANDOM to avoid a race
+        my_tmpdir="${my_template}-${RANDOM-0}$$"
+
+        save_mktempdir_umask=`umask`
+        umask 0077
+        $MKDIR "$my_tmpdir"
+        umask $save_mktempdir_umask
+      fi
+
+      # If we're not in dry-run mode, bomb out on failure
+      test -d "$my_tmpdir" || \
+        func_fatal_error "cannot create temporary directory \`$my_tmpdir'"
+    fi
+
+    $ECHO "X$my_tmpdir" | $Xsed
+}
+
+
+# func_quote_for_eval arg
+# Aesthetically quote ARG to be evaled later.
+# This function returns two values: FUNC_QUOTE_FOR_EVAL_RESULT
+# is double-quoted, suitable for a subsequent eval, whereas
+# FUNC_QUOTE_FOR_EVAL_UNQUOTED_RESULT has merely all characters
+# which are still active within double quotes backslashified.
+func_quote_for_eval ()
+{
+    case $1 in
+      *[\\\`\"\$]*)
+	func_quote_for_eval_unquoted_result=`$ECHO "X$1" | $Xsed -e "$sed_quote_subst"` ;;
+      *)
+        func_quote_for_eval_unquoted_result="$1" ;;
+    esac
+
+    case $func_quote_for_eval_unquoted_result in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting, command substitution and and variable
+      # expansion for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        func_quote_for_eval_result="\"$func_quote_for_eval_unquoted_result\""
+        ;;
+      *)
+        func_quote_for_eval_result="$func_quote_for_eval_unquoted_result"
+    esac
+}
+
+
+# func_quote_for_expand arg
+# Aesthetically quote ARG to be evaled later; same as above,
+# but do not quote variable references.
+func_quote_for_expand ()
+{
+    case $1 in
+      *[\\\`\"]*)
+	my_arg=`$ECHO "X$1" | $Xsed \
+	    -e "$double_quote_subst" -e "$sed_double_backslash"` ;;
+      *)
+        my_arg="$1" ;;
+    esac
+
+    case $my_arg in
+      # Double-quote args containing shell metacharacters to delay
+      # word splitting and command substitution for a subsequent eval.
+      # Many Bourne shells cannot handle close brackets correctly
+      # in scan sets, so we specify it separately.
+      *[\[\~\#\^\&\*\(\)\{\}\|\;\<\>\?\'\ \	]*|*]*|"")
+        my_arg="\"$my_arg\""
+        ;;
+    esac
+
+    func_quote_for_expand_result="$my_arg"
+}
+
+
+# func_show_eval cmd [fail_exp]
+# Unless opt_silent is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.
+func_show_eval ()
+{
+    my_cmd="$1"
+    my_fail_exp="${2-:}"
+
+    ${opt_silent-false} || {
+      func_quote_for_expand "$my_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    if ${opt_dry_run-false}; then :; else
+      eval "$my_cmd"
+      my_status=$?
+      if test "$my_status" -eq 0; then :; else
+	eval "(exit $my_status); $my_fail_exp"
+      fi
+    fi
+}
+
+
+# func_show_eval_locale cmd [fail_exp]
+# Unless opt_silent is true, then output CMD.  Then, if opt_dryrun is
+# not true, evaluate CMD.  If the evaluation of CMD fails, and FAIL_EXP
+# is given, then evaluate it.  Use the saved locale for evaluation.
+func_show_eval_locale ()
+{
+    my_cmd="$1"
+    my_fail_exp="${2-:}"
+
+    ${opt_silent-false} || {
+      func_quote_for_expand "$my_cmd"
+      eval "func_echo $func_quote_for_expand_result"
+    }
+
+    if ${opt_dry_run-false}; then :; else
+      eval "$lt_user_locale
+	    $my_cmd"
+      my_status=$?
+      eval "$lt_safe_locale"
+      if test "$my_status" -eq 0; then :; else
+	eval "(exit $my_status); $my_fail_exp"
+      fi
+    fi
+}
+
+
+
+
+
+# func_version
+# Echo version message to standard output and exit.
+func_version ()
+{
+    $SED -n '/^# '$PROGRAM' (GNU /,/# warranty; / {
+        s/^# //
+	s/^# *$//
+        s/\((C)\)[ 0-9,-]*\( [1-9][0-9]*\)/\1\2/
+        p
+     }' < "$progpath"
+     exit $?
+}
+
+# func_usage
+# Echo short help message to standard output and exit.
+func_usage ()
+{
+    $SED -n '/^# Usage:/,/# -h/ {
+        s/^# //
+	s/^# *$//
+	s/\$progname/'$progname'/
+	p
+    }' < "$progpath"
+    $ECHO
+    $ECHO "run \`$progname --help | more' for full usage"
+    exit $?
+}
+
+# func_help
+# Echo long help message to standard output and exit.
+func_help ()
+{
+    $SED -n '/^# Usage:/,/# Report bugs to/ {
+        s/^# //
+	s/^# *$//
+	s*\$progname*'$progname'*
+	s*\$host*'"$host"'*
+	s*\$SHELL*'"$SHELL"'*
+	s*\$LTCC*'"$LTCC"'*
+	s*\$LTCFLAGS*'"$LTCFLAGS"'*
+	s*\$LD*'"$LD"'*
+	s/\$with_gnu_ld/'"$with_gnu_ld"'/
+	s/\$automake_version/'"`(automake --version) 2>/dev/null |$SED 1q`"'/
+	s/\$autoconf_version/'"`(autoconf --version) 2>/dev/null |$SED 1q`"'/
+	p
+     }' < "$progpath"
+    exit $?
+}
+
+# func_missing_arg argname
+# Echo program name prefixed message to standard error and set global
+# exit_cmd.
+func_missing_arg ()
+{
+    func_error "missing argument for $1"
+    exit_cmd=exit
+}
+
+exit_cmd=:
+
+
+
+
+
+# Check that we have a working $ECHO.
+if test "X$1" = X--no-reexec; then
+  # Discard the --no-reexec flag, and continue.
+  shift
+elif test "X$1" = X--fallback-echo; then
+  # Avoid inline document here, it may be left over
+  :
+elif test "X`{ $ECHO '\t'; } 2>/dev/null`" = 'X\t'; then
+  # Yippee, $ECHO works!
+  :
+else
+  # Restart under the correct shell, and then maybe $ECHO will work.
+  exec $SHELL "$progpath" --no-reexec ${1+"$@"}
+fi
+
+if test "X$1" = X--fallback-echo; then
+  # used as fallback echo
+  shift
+  cat <<EOF
+$*
+EOF
+  exit $EXIT_SUCCESS
+fi
+
+magic="%%%MAGIC variable%%%"
+magic_exe="%%%MAGIC EXE variable%%%"
+
+# Global variables.
+# $mode is unset
+nonopt=
+execute_dlfiles=
+preserve_args=
+lo2o="s/\\.lo\$/.${objext}/"
+o2lo="s/\\.${objext}\$/.lo/"
+extracted_archives=
+extracted_serial=0
+
+opt_dry_run=false
+opt_duplicate_deps=false
+opt_silent=false
+opt_debug=:
+
+# If this variable is set in any of the actions, the command in it
+# will be execed at the end.  This prevents here-documents from being
+# left over by shells.
+exec_cmd=
+
+# func_fatal_configuration arg...
+# Echo program name prefixed message to standard error, followed by
+# a configuration failure hint, and exit.
+func_fatal_configuration ()
+{
+    func_error ${1+"$@"}
+    func_error "See the $PACKAGE documentation for more information."
+    func_fatal_error "Fatal configuration error."
+}
+
+
+# func_config
+# Display the configuration for all the tags in this script.
+func_config ()
+{
+    re_begincf='^# ### BEGIN LIBTOOL'
+    re_endcf='^# ### END LIBTOOL'
+
+    # Default configuration.
+    $SED "1,/$re_begincf CONFIG/d;/$re_endcf CONFIG/,\$d" < "$progpath"
+
+    # Now print the configurations for the tags.
+    for tagname in $taglist; do
+      $SED -n "/$re_begincf TAG CONFIG: $tagname\$/,/$re_endcf TAG CONFIG: $tagname\$/p" < "$progpath"
+    done
+
+    exit $?
+}
+
+# func_features
+# Display the features supported by this script.
+func_features ()
+{
+    $ECHO "host: $host"
+    if test "$build_libtool_libs" = yes; then
+      $ECHO "enable shared libraries"
+    else
+      $ECHO "disable shared libraries"
+    fi
+    if test "$build_old_libs" = yes; then
+      $ECHO "enable static libraries"
+    else
+      $ECHO "disable static libraries"
+    fi
+
+    exit $?
+}
+
+# func_enable_tag tagname
+# Verify that TAGNAME is valid, and either flag an error and exit, or
+# enable the TAGNAME tag.  We also add TAGNAME to the global $taglist
+# variable here.
+func_enable_tag ()
+{
+  # Global variable:
+  tagname="$1"
+
+  re_begincf="^# ### BEGIN LIBTOOL TAG CONFIG: $tagname\$"
+  re_endcf="^# ### END LIBTOOL TAG CONFIG: $tagname\$"
+  sed_extractcf="/$re_begincf/,/$re_endcf/p"
+
+  # Validate tagname.
+  case $tagname in
+    *[!-_A-Za-z0-9,/]*)
+      func_fatal_error "invalid tag name: $tagname"
+      ;;
+  esac
+
+  # Don't test for the "default" C tag, as we know it's
+  # there but not specially marked.
+  case $tagname in
+    CC) ;;
+    *)
+      if $GREP "$re_begincf" "$progpath" >/dev/null 2>&1; then
+	taglist="$taglist $tagname"
+
+	# Evaluate the configuration.  Be careful to quote the path
+	# and the sed script, to avoid splitting on whitespace, but
+	# also don't use non-portable quotes within backquotes within
+	# quotes we have to do it in 2 steps:
+	extractedcf=`$SED -n -e "$sed_extractcf" < "$progpath"`
+	eval "$extractedcf"
+      else
+	func_error "ignoring unknown tag $tagname"
+      fi
+      ;;
+  esac
+}
+
+# Parse options once, thoroughly.  This comes as soon as possible in
+# the script to make things like `libtool --version' happen quickly.
+{
+
+  # Shorthand for --mode=foo, only valid as the first argument
+  case $1 in
+  clean|clea|cle|cl)
+    shift; set dummy --mode clean ${1+"$@"}; shift
+    ;;
+  compile|compil|compi|comp|com|co|c)
+    shift; set dummy --mode compile ${1+"$@"}; shift
+    ;;
+  execute|execut|execu|exec|exe|ex|e)
+    shift; set dummy --mode execute ${1+"$@"}; shift
+    ;;
+  finish|finis|fini|fin|fi|f)
+    shift; set dummy --mode finish ${1+"$@"}; shift
+    ;;
+  install|instal|insta|inst|ins|in|i)
+    shift; set dummy --mode install ${1+"$@"}; shift
+    ;;
+  link|lin|li|l)
+    shift; set dummy --mode link ${1+"$@"}; shift
+    ;;
+  uninstall|uninstal|uninsta|uninst|unins|unin|uni|un|u)
+    shift; set dummy --mode uninstall ${1+"$@"}; shift
+    ;;
+  esac
+
+  # Parse non-mode specific arguments:
+  while test "$#" -gt 0; do
+    opt="$1"
+    shift
+
+    case $opt in
+      --config)		func_config					;;
+
+      --debug)		preserve_args="$preserve_args $opt"
+			func_echo "enabling shell trace mode"
+			opt_debug='set -x'
+			$opt_debug
+			;;
+
+      -dlopen)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			execute_dlfiles="$execute_dlfiles $1"
+			shift
+			;;
+
+      --dry-run | -n)	opt_dry_run=:					;;
+      --features)       func_features					;;
+      --finish)		mode="finish"					;;
+
+      --mode)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			case $1 in
+			  # Valid mode arguments:
+			  clean)	;;
+			  compile)	;;
+			  execute)	;;
+			  finish)	;;
+			  install)	;;
+			  link)		;;
+			  relink)	;;
+			  uninstall)	;;
+
+			  # Catch anything else as an error
+			  *) func_error "invalid argument for $opt"
+			     exit_cmd=exit
+			     break
+			     ;;
+		        esac
+
+			mode="$1"
+			shift
+			;;
+
+      --preserve-dup-deps)
+			opt_duplicate_deps=:				;;
+
+      --quiet|--silent)	preserve_args="$preserve_args $opt"
+			opt_silent=:
+			;;
+
+      --verbose| -v)	preserve_args="$preserve_args $opt"
+			opt_silent=false
+			;;
+
+      --tag)		test "$#" -eq 0 && func_missing_arg "$opt" && break
+			preserve_args="$preserve_args $opt $1"
+			func_enable_tag "$1"	# tagname is set here
+			shift
+			;;
+
+      # Separate optargs to long options:
+      -dlopen=*|--mode=*|--tag=*)
+			func_opt_split "$opt"
+			set dummy "$func_opt_split_opt" "$func_opt_split_arg" ${1+"$@"}
+			shift
+			;;
+
+      -\?|-h)		func_usage					;;
+      --help)		opt_help=:					;;
+      --version)	func_version					;;
+
+      -*)		func_fatal_help "unrecognized option \`$opt'"	;;
+
+      *)		nonopt="$opt"
+			break
+			;;
+    esac
+  done
+
+
+  case $host in
+    *cygwin* | *mingw* | *pw32* | *cegcc*)
+      # don't eliminate duplications in $postdeps and $predeps
+      opt_duplicate_compiler_generated_deps=:
+      ;;
+    *)
+      opt_duplicate_compiler_generated_deps=$opt_duplicate_deps
+      ;;
+  esac
+
+  # Having warned about all mis-specified options, bail out if
+  # anything was wrong.
+  $exit_cmd $EXIT_FAILURE
+}
+
+# func_check_version_match
+# Ensure that we are using m4 macros, and libtool script from the same
+# release of libtool.
+func_check_version_match ()
+{
+  if test "$package_revision" != "$macro_revision"; then
+    if test "$VERSION" != "$macro_version"; then
+      if test -z "$macro_version"; then
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from an older release.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+      else
+        cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, but the
+$progname: definition of this LT_INIT comes from $PACKAGE $macro_version.
+$progname: You should recreate aclocal.m4 with macros from $PACKAGE $VERSION
+$progname: and run autoconf again.
+_LT_EOF
+      fi
+    else
+      cat >&2 <<_LT_EOF
+$progname: Version mismatch error.  This is $PACKAGE $VERSION, revision $package_revision,
+$progname: but the definition of this LT_INIT comes from revision $macro_revision.
+$progname: You should recreate aclocal.m4 with macros from revision $package_revision
+$progname: of $PACKAGE $VERSION and run autoconf again.
+_LT_EOF
+    fi
+
+    exit $EXIT_MISMATCH
+  fi
+}
+
+
+## ----------- ##
+##    Main.    ##
+## ----------- ##
+
+$opt_help || {
+  # Sanity checks first:
+  func_check_version_match
+
+  if test "$build_libtool_libs" != yes && test "$build_old_libs" != yes; then
+    func_fatal_configuration "not configured to build any kind of library"
+  fi
+
+  test -z "$mode" && func_fatal_error "error: you must specify a MODE."
+
+
+  # Darwin sucks
+  eval std_shrext=\"$shrext_cmds\"
+
+
+  # Only execute mode is allowed to have -dlopen flags.
+  if test -n "$execute_dlfiles" && test "$mode" != execute; then
+    func_error "unrecognized option \`-dlopen'"
+    $ECHO "$help" 1>&2
+    exit $EXIT_FAILURE
+  fi
+
+  # Change the help message to a mode-specific one.
+  generic_help="$help"
+  help="Try \`$progname --help --mode=$mode' for more information."
+}
+
+
+# func_lalib_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_lalib_p ()
+{
+    test -f "$1" &&
+      $SED -e 4q "$1" 2>/dev/null \
+        | $GREP "^# Generated by .*$PACKAGE" > /dev/null 2>&1
+}
+
+# func_lalib_unsafe_p file
+# True iff FILE is a libtool `.la' library or `.lo' object file.
+# This function implements the same check as func_lalib_p without
+# resorting to external programs.  To this end, it redirects stdin and
+# closes it afterwards, without saving the original file descriptor.
+# As a safety measure, use it only where a negative result would be
+# fatal anyway.  Works if `file' does not exist.
+func_lalib_unsafe_p ()
+{
+    lalib_p=no
+    if test -f "$1" && test -r "$1" && exec 5<&0 <"$1"; then
+	for lalib_p_l in 1 2 3 4
+	do
+	    read lalib_p_line
+	    case "$lalib_p_line" in
+		\#\ Generated\ by\ *$PACKAGE* ) lalib_p=yes; break;;
+	    esac
+	done
+	exec 0<&5 5<&-
+    fi
+    test "$lalib_p" = yes
+}
+
+# func_ltwrapper_script_p file
+# True iff FILE is a libtool wrapper script
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_script_p ()
+{
+    func_lalib_p "$1"
+}
+
+# func_ltwrapper_executable_p file
+# True iff FILE is a libtool wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_executable_p ()
+{
+    func_ltwrapper_exec_suffix=
+    case $1 in
+    *.exe) ;;
+    *) func_ltwrapper_exec_suffix=.exe ;;
+    esac
+    $GREP "$magic_exe" "$1$func_ltwrapper_exec_suffix" >/dev/null 2>&1
+}
+
+# func_ltwrapper_scriptname file
+# Assumes file is an ltwrapper_executable
+# uses $file to determine the appropriate filename for a
+# temporary ltwrapper_script.
+func_ltwrapper_scriptname ()
+{
+    func_ltwrapper_scriptname_result=""
+    if func_ltwrapper_executable_p "$1"; then
+	func_dirname_and_basename "$1" "" "."
+	func_stripname '' '.exe' "$func_basename_result"
+	func_ltwrapper_scriptname_result="$func_dirname_result/$objdir/${func_stripname_result}_ltshwrapper"
+    fi
+}
+
+# func_ltwrapper_p file
+# True iff FILE is a libtool wrapper script or wrapper executable
+# This function is only a basic sanity check; it will hardly flush out
+# determined imposters.
+func_ltwrapper_p ()
+{
+    func_ltwrapper_script_p "$1" || func_ltwrapper_executable_p "$1"
+}
+
+
+# func_execute_cmds commands fail_cmd
+# Execute tilde-delimited COMMANDS.
+# If FAIL_CMD is given, eval that upon failure.
+# FAIL_CMD may read-access the current command in variable CMD!
+func_execute_cmds ()
+{
+    $opt_debug
+    save_ifs=$IFS; IFS='~'
+    for cmd in $1; do
+      IFS=$save_ifs
+      eval cmd=\"$cmd\"
+      func_show_eval "$cmd" "${2-:}"
+    done
+    IFS=$save_ifs
+}
+
+
+# func_source file
+# Source FILE, adding directory component if necessary.
+# Note that it is not necessary on cygwin/mingw to append a dot to
+# FILE even if both FILE and FILE.exe exist: automatic-append-.exe
+# behavior happens only for exec(3), not for open(2)!  Also, sourcing
+# `FILE.' does not work on cygwin managed mounts.
+func_source ()
+{
+    $opt_debug
+    case $1 in
+    */* | *\\*)	. "$1" ;;
+    *)		. "./$1" ;;
+    esac
+}
+
+
+# func_infer_tag arg
+# Infer tagged configuration to use if any are available and
+# if one wasn't chosen via the "--tag" command line option.
+# Only attempt this if the compiler in the base compile
+# command doesn't match the default compiler.
+# arg is usually of the form 'gcc ...'
+func_infer_tag ()
+{
+    $opt_debug
+    if test -n "$available_tags" && test -z "$tagname"; then
+      CC_quoted=
+      for arg in $CC; do
+        func_quote_for_eval "$arg"
+	CC_quoted="$CC_quoted $func_quote_for_eval_result"
+      done
+      case $@ in
+      # Blanks in the command may have been stripped by the calling shell,
+      # but not from the CC environment variable when configure was run.
+      " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*) ;;
+      # Blanks at the start of $base_compile will cause this to fail
+      # if we don't check for them as well.
+      *)
+	for z in $available_tags; do
+	  if $GREP "^# ### BEGIN LIBTOOL TAG CONFIG: $z$" < "$progpath" > /dev/null; then
+	    # Evaluate the configuration.
+	    eval "`${SED} -n -e '/^# ### BEGIN LIBTOOL TAG CONFIG: '$z'$/,/^# ### END LIBTOOL TAG CONFIG: '$z'$/p' < $progpath`"
+	    CC_quoted=
+	    for arg in $CC; do
+	      # Double-quote args containing other shell metacharacters.
+	      func_quote_for_eval "$arg"
+	      CC_quoted="$CC_quoted $func_quote_for_eval_result"
+	    done
+	    case "$@ " in
+	      " $CC "* | "$CC "* | " `$ECHO $CC` "* | "`$ECHO $CC` "* | " $CC_quoted"* | "$CC_quoted "* | " `$ECHO $CC_quoted` "* | "`$ECHO $CC_quoted` "*)
+	      # The compiler in the base compile command matches
+	      # the one in the tagged configuration.
+	      # Assume this is the tagged configuration we want.
+	      tagname=$z
+	      break
+	      ;;
+	    esac
+	  fi
+	done
+	# If $tagname still isn't set, then no tagged configuration
+	# was found and let the user know that the "--tag" command
+	# line option must be used.
+	if test -z "$tagname"; then
+	  func_echo "unable to infer tagged configuration"
+	  func_fatal_error "specify a tag with \`--tag'"
+#	else
+#	  func_verbose "using $tagname tagged configuration"
+	fi
+	;;
+      esac
+    fi
+}
+
+
+
+# func_write_libtool_object output_name pic_name nonpic_name
+# Create a libtool object file (analogous to a ".la" file),
+# but don't create it if we're doing a dry run.
+func_write_libtool_object ()
+{
+    write_libobj=${1}
+    if test "$build_libtool_libs" = yes; then
+      write_lobj=\'${2}\'
+    else
+      write_lobj=none
+    fi
+
+    if test "$build_old_libs" = yes; then
+      write_oldobj=\'${3}\'
+    else
+      write_oldobj=none
+    fi
+
+    $opt_dry_run || {
+      cat >${write_libobj}T <<EOF
+# $write_libobj - a libtool object file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# Name of the PIC object.
+pic_object=$write_lobj
+
+# Name of the non-PIC object
+non_pic_object=$write_oldobj
+
+EOF
+      $MV "${write_libobj}T" "${write_libobj}"
+    }
+}
+
+# func_mode_compile arg...
+func_mode_compile ()
+{
+    $opt_debug
+    # Get the compilation command and the source file.
+    base_compile=
+    srcfile="$nonopt"  #  always keep a non-empty value in "srcfile"
+    suppress_opt=yes
+    suppress_output=
+    arg_mode=normal
+    libobj=
+    later=
+    pie_flag=
+
+    for arg
+    do
+      case $arg_mode in
+      arg  )
+	# do not "continue".  Instead, add this to base_compile
+	lastarg="$arg"
+	arg_mode=normal
+	;;
+
+      target )
+	libobj="$arg"
+	arg_mode=normal
+	continue
+	;;
+
+      normal )
+	# Accept any command-line options.
+	case $arg in
+	-o)
+	  test -n "$libobj" && \
+	    func_fatal_error "you cannot specify \`-o' more than once"
+	  arg_mode=target
+	  continue
+	  ;;
+
+	-pie | -fpie | -fPIE)
+          pie_flag="$pie_flag $arg"
+	  continue
+	  ;;
+
+	-shared | -static | -prefer-pic | -prefer-non-pic)
+	  later="$later $arg"
+	  continue
+	  ;;
+
+	-no-suppress)
+	  suppress_opt=no
+	  continue
+	  ;;
+
+	-Xcompiler)
+	  arg_mode=arg  #  the next one goes into the "base_compile" arg list
+	  continue      #  The current "srcfile" will either be retained or
+	  ;;            #  replaced later.  I would guess that would be a bug.
+
+	-Wc,*)
+	  func_stripname '-Wc,' '' "$arg"
+	  args=$func_stripname_result
+	  lastarg=
+	  save_ifs="$IFS"; IFS=','
+	  for arg in $args; do
+	    IFS="$save_ifs"
+	    func_quote_for_eval "$arg"
+	    lastarg="$lastarg $func_quote_for_eval_result"
+	  done
+	  IFS="$save_ifs"
+	  func_stripname ' ' '' "$lastarg"
+	  lastarg=$func_stripname_result
+
+	  # Add the arguments to base_compile.
+	  base_compile="$base_compile $lastarg"
+	  continue
+	  ;;
+
+	*)
+	  # Accept the current argument as the source file.
+	  # The previous "srcfile" becomes the current argument.
+	  #
+	  lastarg="$srcfile"
+	  srcfile="$arg"
+	  ;;
+	esac  #  case $arg
+	;;
+      esac    #  case $arg_mode
+
+      # Aesthetically quote the previous argument.
+      func_quote_for_eval "$lastarg"
+      base_compile="$base_compile $func_quote_for_eval_result"
+    done # for arg
+
+    case $arg_mode in
+    arg)
+      func_fatal_error "you must specify an argument for -Xcompile"
+      ;;
+    target)
+      func_fatal_error "you must specify a target with \`-o'"
+      ;;
+    *)
+      # Get the name of the library object.
+      test -z "$libobj" && {
+	func_basename "$srcfile"
+	libobj="$func_basename_result"
+      }
+      ;;
+    esac
+
+    # Recognize several different file suffixes.
+    # If the user specifies -o file.o, it is replaced with file.lo
+    case $libobj in
+    *.[cCFSifmso] | \
+    *.ada | *.adb | *.ads | *.asm | \
+    *.c++ | *.cc | *.ii | *.class | *.cpp | *.cxx | \
+    *.[fF][09]? | *.for | *.java | *.obj | *.sx)
+      func_xform "$libobj"
+      libobj=$func_xform_result
+      ;;
+    esac
+
+    case $libobj in
+    *.lo) func_lo2o "$libobj"; obj=$func_lo2o_result ;;
+    *)
+      func_fatal_error "cannot determine name of library object from \`$libobj'"
+      ;;
+    esac
+
+    func_infer_tag $base_compile
+
+    for arg in $later; do
+      case $arg in
+      -shared)
+	test "$build_libtool_libs" != yes && \
+	  func_fatal_configuration "can not build a shared library"
+	build_old_libs=no
+	continue
+	;;
+
+      -static)
+	build_libtool_libs=no
+	build_old_libs=yes
+	continue
+	;;
+
+      -prefer-pic)
+	pic_mode=yes
+	continue
+	;;
+
+      -prefer-non-pic)
+	pic_mode=no
+	continue
+	;;
+      esac
+    done
+
+    func_quote_for_eval "$libobj"
+    test "X$libobj" != "X$func_quote_for_eval_result" \
+      && $ECHO "X$libobj" | $GREP '[]~#^*{};<>?"'"'"'	 &()|`$[]' \
+      && func_warning "libobj name \`$libobj' may not contain shell special characters."
+    func_dirname_and_basename "$obj" "/" ""
+    objname="$func_basename_result"
+    xdir="$func_dirname_result"
+    lobj=${xdir}$objdir/$objname
+
+    test -z "$base_compile" && \
+      func_fatal_help "you must specify a compilation command"
+
+    # Delete any leftover library objects.
+    if test "$build_old_libs" = yes; then
+      removelist="$obj $lobj $libobj ${libobj}T"
+    else
+      removelist="$lobj $libobj ${libobj}T"
+    fi
+
+    # On Cygwin there's no "real" PIC flag so we must build both object types
+    case $host_os in
+    cygwin* | mingw* | pw32* | os2* | cegcc*)
+      pic_mode=default
+      ;;
+    esac
+    if test "$pic_mode" = no && test "$deplibs_check_method" != pass_all; then
+      # non-PIC code in shared libraries is not supported
+      pic_mode=default
+    fi
+
+    # Calculate the filename of the output object if compiler does
+    # not support -o with -c
+    if test "$compiler_c_o" = no; then
+      output_obj=`$ECHO "X$srcfile" | $Xsed -e 's%^.*/%%' -e 's%\.[^.]*$%%'`.${objext}
+      lockfile="$output_obj.lock"
+    else
+      output_obj=
+      need_locks=no
+      lockfile=
+    fi
+
+    # Lock this critical section if it is needed
+    # We use this script file to make the link, it avoids creating a new file
+    if test "$need_locks" = yes; then
+      until $opt_dry_run || ln "$progpath" "$lockfile" 2>/dev/null; do
+	func_echo "Waiting for $lockfile to be removed"
+	sleep 2
+      done
+    elif test "$need_locks" = warn; then
+      if test -f "$lockfile"; then
+	$ECHO "\
+*** ERROR, $lockfile exists and contains:
+`cat $lockfile 2>/dev/null`
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+      removelist="$removelist $output_obj"
+      $ECHO "$srcfile" > "$lockfile"
+    fi
+
+    $opt_dry_run || $RM $removelist
+    removelist="$removelist $lockfile"
+    trap '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE' 1 2 15
+
+    if test -n "$fix_srcfile_path"; then
+      eval srcfile=\"$fix_srcfile_path\"
+    fi
+    func_quote_for_eval "$srcfile"
+    qsrcfile=$func_quote_for_eval_result
+
+    # Only build a PIC object if we are building libtool libraries.
+    if test "$build_libtool_libs" = yes; then
+      # Without this assignment, base_compile gets emptied.
+      fbsd_hideous_sh_bug=$base_compile
+
+      if test "$pic_mode" != no; then
+	command="$base_compile $qsrcfile $pic_flag"
+      else
+	# Don't build PIC code
+	command="$base_compile $qsrcfile"
+      fi
+
+      func_mkdir_p "$xdir$objdir"
+
+      if test -z "$output_obj"; then
+	# Place PIC objects in $objdir
+	command="$command -o $lobj"
+      fi
+
+      func_show_eval_locale "$command"	\
+          'test -n "$output_obj" && $RM $removelist; exit $EXIT_FAILURE'
+
+      if test "$need_locks" = warn &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed, then go on to compile the next one
+      if test -n "$output_obj" && test "X$output_obj" != "X$lobj"; then
+	func_show_eval '$MV "$output_obj" "$lobj"' \
+	  'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+      fi
+
+      # Allow error messages only from the first compilation.
+      if test "$suppress_opt" = yes; then
+	suppress_output=' >/dev/null 2>&1'
+      fi
+    fi
+
+    # Only build a position-dependent object if we build old libraries.
+    if test "$build_old_libs" = yes; then
+      if test "$pic_mode" != yes; then
+	# Don't build PIC code
+	command="$base_compile $qsrcfile$pie_flag"
+      else
+	command="$base_compile $qsrcfile $pic_flag"
+      fi
+      if test "$compiler_c_o" = yes; then
+	command="$command -o $obj"
+      fi
+
+      # Suppress compiler output if we already did a PIC compilation.
+      command="$command$suppress_output"
+      func_show_eval_locale "$command" \
+        '$opt_dry_run || $RM $removelist; exit $EXIT_FAILURE'
+
+      if test "$need_locks" = warn &&
+	 test "X`cat $lockfile 2>/dev/null`" != "X$srcfile"; then
+	$ECHO "\
+*** ERROR, $lockfile contains:
+`cat $lockfile 2>/dev/null`
+
+but it should contain:
+$srcfile
+
+This indicates that another process is trying to use the same
+temporary object file, and libtool could not work around it because
+your compiler does not support \`-c' and \`-o' together.  If you
+repeat this compilation, it may succeed, by chance, but you had better
+avoid parallel builds (make -j) in this platform, or get a better
+compiler."
+
+	$opt_dry_run || $RM $removelist
+	exit $EXIT_FAILURE
+      fi
+
+      # Just move the object if needed
+      if test -n "$output_obj" && test "X$output_obj" != "X$obj"; then
+	func_show_eval '$MV "$output_obj" "$obj"' \
+	  'error=$?; $opt_dry_run || $RM $removelist; exit $error'
+      fi
+    fi
+
+    $opt_dry_run || {
+      func_write_libtool_object "$libobj" "$objdir/$objname" "$objname"
+
+      # Unlock the critical section if it was locked
+      if test "$need_locks" != no; then
+	removelist=$lockfile
+        $RM "$lockfile"
+      fi
+    }
+
+    exit $EXIT_SUCCESS
+}
+
+$opt_help || {
+test "$mode" = compile && func_mode_compile ${1+"$@"}
+}
+
+func_mode_help ()
+{
+    # We need to display help for each of the modes.
+    case $mode in
+      "")
+        # Generic help is extracted from the usage comments
+        # at the start of this file.
+        func_help
+        ;;
+
+      clean)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=clean RM [RM-OPTION]... FILE...
+
+Remove files from the build directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, object or program, all the files associated
+with it are deleted. Otherwise, only FILE itself is deleted using RM."
+        ;;
+
+      compile)
+      $ECHO \
+"Usage: $progname [OPTION]... --mode=compile COMPILE-COMMAND... SOURCEFILE
+
+Compile a source file into a libtool library object.
+
+This mode accepts the following additional options:
+
+  -o OUTPUT-FILE    set the output file name to OUTPUT-FILE
+  -no-suppress      do not suppress compiler output for multiple passes
+  -prefer-pic       try to building PIC objects only
+  -prefer-non-pic   try to building non-PIC objects only
+  -shared           do not build a \`.o' file suitable for static linking
+  -static           only build a \`.o' file suitable for static linking
+
+COMPILE-COMMAND is a command to be used in creating a \`standard' object file
+from the given SOURCEFILE.
+
+The output file name is determined by removing the directory component from
+SOURCEFILE, then substituting the C source code suffix \`.c' with the
+library object suffix, \`.lo'."
+        ;;
+
+      execute)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=execute COMMAND [ARGS]...
+
+Automatically set library path, then run a program.
+
+This mode accepts the following additional options:
+
+  -dlopen FILE      add the directory containing FILE to the library path
+
+This mode sets the library path environment variable according to \`-dlopen'
+flags.
+
+If any of the ARGS are libtool executable wrappers, then they are translated
+into their corresponding uninstalled binary, and any of their required library
+directories are added to the library path.
+
+Then, COMMAND is executed, with ARGS as arguments."
+        ;;
+
+      finish)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=finish [LIBDIR]...
+
+Complete the installation of libtool libraries.
+
+Each LIBDIR is a directory that contains libtool libraries.
+
+The commands that this mode executes may require superuser privileges.  Use
+the \`--dry-run' option if you just want to see what would be executed."
+        ;;
+
+      install)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=install INSTALL-COMMAND...
+
+Install executables or libraries.
+
+INSTALL-COMMAND is the installation command.  The first component should be
+either the \`install' or \`cp' program.
+
+The following components of INSTALL-COMMAND are treated specially:
+
+  -inst-prefix PREFIX-DIR  Use PREFIX-DIR as a staging area for installation
+
+The rest of the components are interpreted as arguments to that command (only
+BSD-compatible install options are recognized)."
+        ;;
+
+      link)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=link LINK-COMMAND...
+
+Link object files or libraries together to form another library, or to
+create an executable program.
+
+LINK-COMMAND is a command using the C compiler that you would use to create
+a program from several object files.
+
+The following components of LINK-COMMAND are treated specially:
+
+  -all-static       do not do any dynamic linking at all
+  -avoid-version    do not add a version suffix if possible
+  -dlopen FILE      \`-dlpreopen' FILE if it cannot be dlopened at runtime
+  -dlpreopen FILE   link in FILE and add its symbols to lt_preloaded_symbols
+  -export-dynamic   allow symbols from OUTPUT-FILE to be resolved with dlsym(3)
+  -export-symbols SYMFILE
+                    try to export only the symbols listed in SYMFILE
+  -export-symbols-regex REGEX
+                    try to export only the symbols matching REGEX
+  -LLIBDIR          search LIBDIR for required installed libraries
+  -lNAME            OUTPUT-FILE requires the installed library libNAME
+  -module           build a library that can dlopened
+  -no-fast-install  disable the fast-install mode
+  -no-install       link a not-installable executable
+  -no-undefined     declare that a library does not refer to external symbols
+  -o OUTPUT-FILE    create OUTPUT-FILE from the specified objects
+  -objectlist FILE  Use a list of object files found in FILE to specify objects
+  -precious-files-regex REGEX
+                    don't remove output files matching REGEX
+  -release RELEASE  specify package release information
+  -rpath LIBDIR     the created library will eventually be installed in LIBDIR
+  -R[ ]LIBDIR       add LIBDIR to the runtime path of programs and libraries
+  -shared           only do dynamic linking of libtool libraries
+  -shrext SUFFIX    override the standard shared library file extension
+  -static           do not do any dynamic linking of uninstalled libtool libraries
+  -static-libtool-libs
+                    do not do any dynamic linking of libtool libraries
+  -version-info CURRENT[:REVISION[:AGE]]
+                    specify library version info [each variable defaults to 0]
+  -weak LIBNAME     declare that the target provides the LIBNAME interface
+
+All other options (arguments beginning with \`-') are ignored.
+
+Every other argument is treated as a filename.  Files ending in \`.la' are
+treated as uninstalled libtool libraries, other files are standard or library
+object files.
+
+If the OUTPUT-FILE ends in \`.la', then a libtool library is created,
+only library objects (\`.lo' files) may be specified, and \`-rpath' is
+required, except when creating a convenience library.
+
+If OUTPUT-FILE ends in \`.a' or \`.lib', then a standard library is created
+using \`ar' and \`ranlib', or on Windows using \`lib'.
+
+If OUTPUT-FILE ends in \`.lo' or \`.${objext}', then a reloadable object file
+is created, otherwise an executable program is created."
+        ;;
+
+      uninstall)
+        $ECHO \
+"Usage: $progname [OPTION]... --mode=uninstall RM [RM-OPTION]... FILE...
+
+Remove libraries from an installation directory.
+
+RM is the name of the program to use to delete files associated with each FILE
+(typically \`/bin/rm').  RM-OPTIONS are options (such as \`-f') to be passed
+to RM.
+
+If FILE is a libtool library, all the files associated with it are deleted.
+Otherwise, only FILE itself is deleted using RM."
+        ;;
+
+      *)
+        func_fatal_help "invalid operation mode \`$mode'"
+        ;;
+    esac
+
+    $ECHO
+    $ECHO "Try \`$progname --help' for more information about other modes."
+
+    exit $?
+}
+
+  # Now that we've collected a possible --mode arg, show help if necessary
+  $opt_help && func_mode_help
+
+
+# func_mode_execute arg...
+func_mode_execute ()
+{
+    $opt_debug
+    # The first argument is the command name.
+    cmd="$nonopt"
+    test -z "$cmd" && \
+      func_fatal_help "you must specify a COMMAND"
+
+    # Handle -dlopen flags immediately.
+    for file in $execute_dlfiles; do
+      test -f "$file" \
+	|| func_fatal_help "\`$file' is not a file"
+
+      dir=
+      case $file in
+      *.la)
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$file" \
+	  || func_fatal_help "\`$lib' is not a valid libtool archive"
+
+	# Read the libtool library.
+	dlname=
+	library_names=
+	func_source "$file"
+
+	# Skip this library if it cannot be dlopened.
+	if test -z "$dlname"; then
+	  # Warn if it was a shared library.
+	  test -n "$library_names" && \
+	    func_warning "\`$file' was not linked with \`-export-dynamic'"
+	  continue
+	fi
+
+	func_dirname "$file" "" "."
+	dir="$func_dirname_result"
+
+	if test -f "$dir/$objdir/$dlname"; then
+	  dir="$dir/$objdir"
+	else
+	  if test ! -f "$dir/$dlname"; then
+	    func_fatal_error "cannot find \`$dlname' in \`$dir' or \`$dir/$objdir'"
+	  fi
+	fi
+	;;
+
+      *.lo)
+	# Just add the directory containing the .lo file.
+	func_dirname "$file" "" "."
+	dir="$func_dirname_result"
+	;;
+
+      *)
+	func_warning "\`-dlopen' is ignored for non-libtool libraries and objects"
+	continue
+	;;
+      esac
+
+      # Get the absolute pathname.
+      absdir=`cd "$dir" && pwd`
+      test -n "$absdir" && dir="$absdir"
+
+      # Now add the directory to shlibpath_var.
+      if eval "test -z \"\$$shlibpath_var\""; then
+	eval "$shlibpath_var=\"\$dir\""
+      else
+	eval "$shlibpath_var=\"\$dir:\$$shlibpath_var\""
+      fi
+    done
+
+    # This variable tells wrapper scripts just to set shlibpath_var
+    # rather than running their programs.
+    libtool_execute_magic="$magic"
+
+    # Check if any of the arguments is a wrapper script.
+    args=
+    for file
+    do
+      case $file in
+      -*) ;;
+      *)
+	# Do a test to see if this is really a libtool program.
+	if func_ltwrapper_script_p "$file"; then
+	  func_source "$file"
+	  # Transform arg to wrapped name.
+	  file="$progdir/$program"
+	elif func_ltwrapper_executable_p "$file"; then
+	  func_ltwrapper_scriptname "$file"
+	  func_source "$func_ltwrapper_scriptname_result"
+	  # Transform arg to wrapped name.
+	  file="$progdir/$program"
+	fi
+	;;
+      esac
+      # Quote arguments (to preserve shell metacharacters).
+      func_quote_for_eval "$file"
+      args="$args $func_quote_for_eval_result"
+    done
+
+    if test "X$opt_dry_run" = Xfalse; then
+      if test -n "$shlibpath_var"; then
+	# Export the shlibpath_var.
+	eval "export $shlibpath_var"
+      fi
+
+      # Restore saved environment variables
+      for lt_var in LANG LANGUAGE LC_ALL LC_CTYPE LC_COLLATE LC_MESSAGES
+      do
+	eval "if test \"\${save_$lt_var+set}\" = set; then
+                $lt_var=\$save_$lt_var; export $lt_var
+	      else
+		$lt_unset $lt_var
+	      fi"
+      done
+
+      # Now prepare to actually exec the command.
+      exec_cmd="\$cmd$args"
+    else
+      # Display what would be done.
+      if test -n "$shlibpath_var"; then
+	eval "\$ECHO \"\$shlibpath_var=\$$shlibpath_var\""
+	$ECHO "export $shlibpath_var"
+      fi
+      $ECHO "$cmd$args"
+      exit $EXIT_SUCCESS
+    fi
+}
+
+test "$mode" = execute && func_mode_execute ${1+"$@"}
+
+
+# func_mode_finish arg...
+func_mode_finish ()
+{
+    $opt_debug
+    libdirs="$nonopt"
+    admincmds=
+
+    if test -n "$finish_cmds$finish_eval" && test -n "$libdirs"; then
+      for dir
+      do
+	libdirs="$libdirs $dir"
+      done
+
+      for libdir in $libdirs; do
+	if test -n "$finish_cmds"; then
+	  # Do each command in the finish commands.
+	  func_execute_cmds "$finish_cmds" 'admincmds="$admincmds
+'"$cmd"'"'
+	fi
+	if test -n "$finish_eval"; then
+	  # Do the single finish_eval.
+	  eval cmds=\"$finish_eval\"
+	  $opt_dry_run || eval "$cmds" || admincmds="$admincmds
+       $cmds"
+	fi
+      done
+    fi
+
+    # Exit here if they wanted silent mode.
+    $opt_silent && exit $EXIT_SUCCESS
+
+    $ECHO "X----------------------------------------------------------------------" | $Xsed
+    $ECHO "Libraries have been installed in:"
+    for libdir in $libdirs; do
+      $ECHO "   $libdir"
+    done
+    $ECHO
+    $ECHO "If you ever happen to want to link against installed libraries"
+    $ECHO "in a given directory, LIBDIR, you must either use libtool, and"
+    $ECHO "specify the full pathname of the library, or use the \`-LLIBDIR'"
+    $ECHO "flag during linking and do at least one of the following:"
+    if test -n "$shlibpath_var"; then
+      $ECHO "   - add LIBDIR to the \`$shlibpath_var' environment variable"
+      $ECHO "     during execution"
+    fi
+    if test -n "$runpath_var"; then
+      $ECHO "   - add LIBDIR to the \`$runpath_var' environment variable"
+      $ECHO "     during linking"
+    fi
+    if test -n "$hardcode_libdir_flag_spec"; then
+      libdir=LIBDIR
+      eval flag=\"$hardcode_libdir_flag_spec\"
+
+      $ECHO "   - use the \`$flag' linker flag"
+    fi
+    if test -n "$admincmds"; then
+      $ECHO "   - have your system administrator run these commands:$admincmds"
+    fi
+    if test -f /etc/ld.so.conf; then
+      $ECHO "   - have your system administrator add LIBDIR to \`/etc/ld.so.conf'"
+    fi
+    $ECHO
+
+    $ECHO "See any operating system documentation about shared libraries for"
+    case $host in
+      solaris2.[6789]|solaris2.1[0-9])
+        $ECHO "more information, such as the ld(1), crle(1) and ld.so(8) manual"
+	$ECHO "pages."
+	;;
+      *)
+        $ECHO "more information, such as the ld(1) and ld.so(8) manual pages."
+        ;;
+    esac
+    $ECHO "X----------------------------------------------------------------------" | $Xsed
+    exit $EXIT_SUCCESS
+}
+
+test "$mode" = finish && func_mode_finish ${1+"$@"}
+
+
+# func_mode_install arg...
+func_mode_install ()
+{
+    $opt_debug
+    # There may be an optional sh(1) argument at the beginning of
+    # install_prog (especially on Windows NT).
+    if test "$nonopt" = "$SHELL" || test "$nonopt" = /bin/sh ||
+       # Allow the use of GNU shtool's install command.
+       $ECHO "X$nonopt" | $GREP shtool >/dev/null; then
+      # Aesthetically quote it.
+      func_quote_for_eval "$nonopt"
+      install_prog="$func_quote_for_eval_result "
+      arg=$1
+      shift
+    else
+      install_prog=
+      arg=$nonopt
+    fi
+
+    # The real first argument should be the name of the installation program.
+    # Aesthetically quote it.
+    func_quote_for_eval "$arg"
+    install_prog="$install_prog$func_quote_for_eval_result"
+
+    # We need to accept at least all the BSD install flags.
+    dest=
+    files=
+    opts=
+    prev=
+    install_type=
+    isdir=no
+    stripme=
+    for arg
+    do
+      if test -n "$dest"; then
+	files="$files $dest"
+	dest=$arg
+	continue
+      fi
+
+      case $arg in
+      -d) isdir=yes ;;
+      -f)
+	case " $install_prog " in
+	*[\\\ /]cp\ *) ;;
+	*) prev=$arg ;;
+	esac
+	;;
+      -g | -m | -o)
+	prev=$arg
+	;;
+      -s)
+	stripme=" -s"
+	continue
+	;;
+      -*)
+	;;
+      *)
+	# If the previous option needed an argument, then skip it.
+	if test -n "$prev"; then
+	  prev=
+	else
+	  dest=$arg
+	  continue
+	fi
+	;;
+      esac
+
+      # Aesthetically quote the argument.
+      func_quote_for_eval "$arg"
+      install_prog="$install_prog $func_quote_for_eval_result"
+    done
+
+    test -z "$install_prog" && \
+      func_fatal_help "you must specify an install program"
+
+    test -n "$prev" && \
+      func_fatal_help "the \`$prev' option requires an argument"
+
+    if test -z "$files"; then
+      if test -z "$dest"; then
+	func_fatal_help "no file or destination specified"
+      else
+	func_fatal_help "you must specify a destination"
+      fi
+    fi
+
+    # Strip any trailing slash from the destination.
+    func_stripname '' '/' "$dest"
+    dest=$func_stripname_result
+
+    # Check to see that the destination is a directory.
+    test -d "$dest" && isdir=yes
+    if test "$isdir" = yes; then
+      destdir="$dest"
+      destname=
+    else
+      func_dirname_and_basename "$dest" "" "."
+      destdir="$func_dirname_result"
+      destname="$func_basename_result"
+
+      # Not a directory, so check to see that there is only one file specified.
+      set dummy $files; shift
+      test "$#" -gt 1 && \
+	func_fatal_help "\`$dest' is not a directory"
+    fi
+    case $destdir in
+    [\\/]* | [A-Za-z]:[\\/]*) ;;
+    *)
+      for file in $files; do
+	case $file in
+	*.lo) ;;
+	*)
+	  func_fatal_help "\`$destdir' must be an absolute directory name"
+	  ;;
+	esac
+      done
+      ;;
+    esac
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic="$magic"
+
+    staticlibs=
+    future_libdirs=
+    current_libdirs=
+    for file in $files; do
+
+      # Do each installation.
+      case $file in
+      *.$libext)
+	# Do the static libraries later.
+	staticlibs="$staticlibs $file"
+	;;
+
+      *.la)
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$file" \
+	  || func_fatal_help "\`$file' is not a valid libtool archive"
+
+	library_names=
+	old_library=
+	relink_command=
+	func_source "$file"
+
+	# Add the libdir to current_libdirs if it is the destination.
+	if test "X$destdir" = "X$libdir"; then
+	  case "$current_libdirs " in
+	  *" $libdir "*) ;;
+	  *) current_libdirs="$current_libdirs $libdir" ;;
+	  esac
+	else
+	  # Note the libdir as a future libdir.
+	  case "$future_libdirs " in
+	  *" $libdir "*) ;;
+	  *) future_libdirs="$future_libdirs $libdir" ;;
+	  esac
+	fi
+
+	func_dirname "$file" "/" ""
+	dir="$func_dirname_result"
+	dir="$dir$objdir"
+
+	if test -n "$relink_command"; then
+	  # Determine the prefix the user has applied to our future dir.
+	  inst_prefix_dir=`$ECHO "X$destdir" | $Xsed -e "s%$libdir\$%%"`
+
+	  # Don't allow the user to place us outside of our expected
+	  # location b/c this prevents finding dependent libraries that
+	  # are installed to the same prefix.
+	  # At present, this check doesn't affect windows .dll's that
+	  # are installed into $libdir/../bin (currently, that works fine)
+	  # but it's something to keep an eye on.
+	  test "$inst_prefix_dir" = "$destdir" && \
+	    func_fatal_error "error: cannot install \`$file' to a directory not ending in $libdir"
+
+	  if test -n "$inst_prefix_dir"; then
+	    # Stick the inst_prefix_dir data into the link command.
+	    relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%-inst-prefix-dir $inst_prefix_dir%"`
+	  else
+	    relink_command=`$ECHO "X$relink_command" | $Xsed -e "s%@inst_prefix_dir@%%"`
+	  fi
+
+	  func_warning "relinking \`$file'"
+	  func_show_eval "$relink_command" \
+	    'func_fatal_error "error: relink \`$file'\'' with the above command before installing it"'
+	fi
+
+	# See the names of the shared library.
+	set dummy $library_names; shift
+	if test -n "$1"; then
+	  realname="$1"
+	  shift
+
+	  srcname="$realname"
+	  test -n "$relink_command" && srcname="$realname"T
+
+	  # Install the shared library and build the symlinks.
+	  func_show_eval "$install_prog $dir/$srcname $destdir/$realname" \
+	      'exit $?'
+	  tstripme="$stripme"
+	  case $host_os in
+	  cygwin* | mingw* | pw32* | cegcc*)
+	    case $realname in
+	    *.dll.a)
+	      tstripme=""
+	      ;;
+	    esac
+	    ;;
+	  esac
+	  if test -n "$tstripme" && test -n "$striplib"; then
+	    func_show_eval "$striplib $destdir/$realname" 'exit $?'
+	  fi
+
+	  if test "$#" -gt 0; then
+	    # Delete the old symlinks, and create new ones.
+	    # Try `ln -sf' first, because the `ln' binary might depend on
+	    # the symlink we replace!  Solaris /bin/ln does not understand -f,
+	    # so we also need to try rm && ln -s.
+	    for linkname
+	    do
+	      test "$linkname" != "$realname" \
+		&& func_show_eval "(cd $destdir && { $LN_S -f $realname $linkname || { $RM $linkname && $LN_S $realname $linkname; }; })"
+	    done
+	  fi
+
+	  # Do each command in the postinstall commands.
+	  lib="$destdir/$realname"
+	  func_execute_cmds "$postinstall_cmds" 'exit $?'
+	fi
+
+	# Install the pseudo-library for information purposes.
+	func_basename "$file"
+	name="$func_basename_result"
+	instname="$dir/$name"i
+	func_show_eval "$install_prog $instname $destdir/$name" 'exit $?'
+
+	# Maybe install the static library, too.
+	test -n "$old_library" && staticlibs="$staticlibs $dir/$old_library"
+	;;
+
+      *.lo)
+	# Install (i.e. copy) a libtool object.
+
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile="$destdir/$destname"
+	else
+	  func_basename "$file"
+	  destfile="$func_basename_result"
+	  destfile="$destdir/$destfile"
+	fi
+
+	# Deduce the name of the destination old-style object file.
+	case $destfile in
+	*.lo)
+	  func_lo2o "$destfile"
+	  staticdest=$func_lo2o_result
+	  ;;
+	*.$objext)
+	  staticdest="$destfile"
+	  destfile=
+	  ;;
+	*)
+	  func_fatal_help "cannot copy a libtool object to \`$destfile'"
+	  ;;
+	esac
+
+	# Install the libtool object if requested.
+	test -n "$destfile" && \
+	  func_show_eval "$install_prog $file $destfile" 'exit $?'
+
+	# Install the old object if enabled.
+	if test "$build_old_libs" = yes; then
+	  # Deduce the name of the old-style object file.
+	  func_lo2o "$file"
+	  staticobj=$func_lo2o_result
+	  func_show_eval "$install_prog \$staticobj \$staticdest" 'exit $?'
+	fi
+	exit $EXIT_SUCCESS
+	;;
+
+      *)
+	# Figure out destination file name, if it wasn't already specified.
+	if test -n "$destname"; then
+	  destfile="$destdir/$destname"
+	else
+	  func_basename "$file"
+	  destfile="$func_basename_result"
+	  destfile="$destdir/$destfile"
+	fi
+
+	# If the file is missing, and there is a .exe on the end, strip it
+	# because it is most likely a libtool script we actually want to
+	# install
+	stripped_ext=""
+	case $file in
+	  *.exe)
+	    if test ! -f "$file"; then
+	      func_stripname '' '.exe' "$file"
+	      file=$func_stripname_result
+	      stripped_ext=".exe"
+	    fi
+	    ;;
+	esac
+
+	# Do a test to see if this is really a libtool program.
+	case $host in
+	*cygwin* | *mingw*)
+	    if func_ltwrapper_executable_p "$file"; then
+	      func_ltwrapper_scriptname "$file"
+	      wrapper=$func_ltwrapper_scriptname_result
+	    else
+	      func_stripname '' '.exe' "$file"
+	      wrapper=$func_stripname_result
+	    fi
+	    ;;
+	*)
+	    wrapper=$file
+	    ;;
+	esac
+	if func_ltwrapper_script_p "$wrapper"; then
+	  notinst_deplibs=
+	  relink_command=
+
+	  func_source "$wrapper"
+
+	  # Check the variables that should have been set.
+	  test -z "$generated_by_libtool_version" && \
+	    func_fatal_error "invalid libtool wrapper script \`$wrapper'"
+
+	  finalize=yes
+	  for lib in $notinst_deplibs; do
+	    # Check to see that each library is installed.
+	    libdir=
+	    if test -f "$lib"; then
+	      func_source "$lib"
+	    fi
+	    libfile="$libdir/"`$ECHO "X$lib" | $Xsed -e 's%^.*/%%g'` ### testsuite: skip nested quoting test
+	    if test -n "$libdir" && test ! -f "$libfile"; then
+	      func_warning "\`$lib' has not been installed in \`$libdir'"
+	      finalize=no
+	    fi
+	  done
+
+	  relink_command=
+	  func_source "$wrapper"
+
+	  outputname=
+	  if test "$fast_install" = no && test -n "$relink_command"; then
+	    $opt_dry_run || {
+	      if test "$finalize" = yes; then
+	        tmpdir=`func_mktempdir`
+		func_basename "$file$stripped_ext"
+		file="$func_basename_result"
+	        outputname="$tmpdir/$file"
+	        # Replace the output file specification.
+	        relink_command=`$ECHO "X$relink_command" | $Xsed -e 's%@OUTPUT@%'"$outputname"'%g'`
+
+	        $opt_silent || {
+	          func_quote_for_expand "$relink_command"
+		  eval "func_echo $func_quote_for_expand_result"
+	        }
+	        if eval "$relink_command"; then :
+	          else
+		  func_error "error: relink \`$file' with the above command before installing it"
+		  $opt_dry_run || ${RM}r "$tmpdir"
+		  continue
+	        fi
+	        file="$outputname"
+	      else
+	        func_warning "cannot relink \`$file'"
+	      fi
+	    }
+	  else
+	    # Install the binary that we compiled earlier.
+	    file=`$ECHO "X$file$stripped_ext" | $Xsed -e "s%\([^/]*\)$%$objdir/\1%"`
+	  fi
+	fi
+
+	# remove .exe since cygwin /usr/bin/install will append another
+	# one anyway
+	case $install_prog,$host in
+	*/usr/bin/install*,*cygwin*)
+	  case $file:$destfile in
+	  *.exe:*.exe)
+	    # this is ok
+	    ;;
+	  *.exe:*)
+	    destfile=$destfile.exe
+	    ;;
+	  *:*.exe)
+	    func_stripname '' '.exe' "$destfile"
+	    destfile=$func_stripname_result
+	    ;;
+	  esac
+	  ;;
+	esac
+	func_show_eval "$install_prog\$stripme \$file \$destfile" 'exit $?'
+	$opt_dry_run || if test -n "$outputname"; then
+	  ${RM}r "$tmpdir"
+	fi
+	;;
+      esac
+    done
+
+    for file in $staticlibs; do
+      func_basename "$file"
+      name="$func_basename_result"
+
+      # Set up the ranlib parameters.
+      oldlib="$destdir/$name"
+
+      func_show_eval "$install_prog \$file \$oldlib" 'exit $?'
+
+      if test -n "$stripme" && test -n "$old_striplib"; then
+	func_show_eval "$old_striplib $oldlib" 'exit $?'
+      fi
+
+      # Do each command in the postinstall commands.
+      func_execute_cmds "$old_postinstall_cmds" 'exit $?'
+    done
+
+    test -n "$future_libdirs" && \
+      func_warning "remember to run \`$progname --finish$future_libdirs'"
+
+    if test -n "$current_libdirs"; then
+      # Maybe just do a dry run.
+      $opt_dry_run && current_libdirs=" -n$current_libdirs"
+      exec_cmd='$SHELL $progpath $preserve_args --finish$current_libdirs'
+    else
+      exit $EXIT_SUCCESS
+    fi
+}
+
+test "$mode" = install && func_mode_install ${1+"$@"}
+
+
+# func_generate_dlsyms outputname originator pic_p
+# Extract symbols from dlprefiles and create ${outputname}S.o with
+# a dlpreopen symbol table.
+func_generate_dlsyms ()
+{
+    $opt_debug
+    my_outputname="$1"
+    my_originator="$2"
+    my_pic_p="${3-no}"
+    my_prefix=`$ECHO "$my_originator" | sed 's%[^a-zA-Z0-9]%_%g'`
+    my_dlsyms=
+
+    if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+      if test -n "$NM" && test -n "$global_symbol_pipe"; then
+	my_dlsyms="${my_outputname}S.c"
+      else
+	func_error "not configured to extract global symbols from dlpreopened files"
+      fi
+    fi
+
+    if test -n "$my_dlsyms"; then
+      case $my_dlsyms in
+      "") ;;
+      *.c)
+	# Discover the nlist of each of the dlfiles.
+	nlist="$output_objdir/${my_outputname}.nm"
+
+	func_show_eval "$RM $nlist ${nlist}S ${nlist}T"
+
+	# Parse the name list into a source file.
+	func_verbose "creating $output_objdir/$my_dlsyms"
+
+	$opt_dry_run || $ECHO > "$output_objdir/$my_dlsyms" "\
+/* $my_dlsyms - symbol resolution table for \`$my_outputname' dlsym emulation. */
+/* Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION */
+
+#ifdef __cplusplus
+extern \"C\" {
+#endif
+
+/* External symbol declarations for the compiler. */\
+"
+
+	if test "$dlself" = yes; then
+	  func_verbose "generating symbol list for \`$output'"
+
+	  $opt_dry_run || echo ': @PROGRAM@ ' > "$nlist"
+
+	  # Add our own program objects to the symbol list.
+	  progfiles=`$ECHO "X$objs$old_deplibs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	  for progfile in $progfiles; do
+	    func_verbose "extracting global C symbols from \`$progfile'"
+	    $opt_dry_run || eval "$NM $progfile | $global_symbol_pipe >> '$nlist'"
+	  done
+
+	  if test -n "$exclude_expsyms"; then
+	    $opt_dry_run || {
+	      eval '$EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	    }
+	  fi
+
+	  if test -n "$export_symbols_regex"; then
+	    $opt_dry_run || {
+	      eval '$EGREP -e "$export_symbols_regex" "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	    }
+	  fi
+
+	  # Prepare the list of exported symbols
+	  if test -z "$export_symbols"; then
+	    export_symbols="$output_objdir/$outputname.exp"
+	    $opt_dry_run || {
+	      $RM $export_symbols
+	      eval "${SED} -n -e '/^: @PROGRAM@ $/d' -e 's/^.* \(.*\)$/\1/p' "'< "$nlist" > "$export_symbols"'
+	      case $host in
+	      *cygwin* | *mingw* | *cegcc* )
+                eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+                eval 'cat "$export_symbols" >> "$output_objdir/$outputname.def"'
+	        ;;
+	      esac
+	    }
+	  else
+	    $opt_dry_run || {
+	      eval "${SED} -e 's/\([].[*^$]\)/\\\\\1/g' -e 's/^/ /' -e 's/$/$/'"' < "$export_symbols" > "$output_objdir/$outputname.exp"'
+	      eval '$GREP -f "$output_objdir/$outputname.exp" < "$nlist" > "$nlist"T'
+	      eval '$MV "$nlist"T "$nlist"'
+	      case $host in
+	        *cygwin | *mingw* | *cegcc* )
+	          eval "echo EXPORTS "'> "$output_objdir/$outputname.def"'
+	          eval 'cat "$nlist" >> "$output_objdir/$outputname.def"'
+	          ;;
+	      esac
+	    }
+	  fi
+	fi
+
+	for dlprefile in $dlprefiles; do
+	  func_verbose "extracting global C symbols from \`$dlprefile'"
+	  func_basename "$dlprefile"
+	  name="$func_basename_result"
+	  $opt_dry_run || {
+	    eval '$ECHO ": $name " >> "$nlist"'
+	    eval "$NM $dlprefile 2>/dev/null | $global_symbol_pipe >> '$nlist'"
+	  }
+	done
+
+	$opt_dry_run || {
+	  # Make sure we have at least an empty file.
+	  test -f "$nlist" || : > "$nlist"
+
+	  if test -n "$exclude_expsyms"; then
+	    $EGREP -v " ($exclude_expsyms)$" "$nlist" > "$nlist"T
+	    $MV "$nlist"T "$nlist"
+	  fi
+
+	  # Try sorting and uniquifying the output.
+	  if $GREP -v "^: " < "$nlist" |
+	      if sort -k 3 </dev/null >/dev/null 2>&1; then
+		sort -k 3
+	      else
+		sort +2
+	      fi |
+	      uniq > "$nlist"S; then
+	    :
+	  else
+	    $GREP -v "^: " < "$nlist" > "$nlist"S
+	  fi
+
+	  if test -f "$nlist"S; then
+	    eval "$global_symbol_to_cdecl"' < "$nlist"S >> "$output_objdir/$my_dlsyms"'
+	  else
+	    $ECHO '/* NONE */' >> "$output_objdir/$my_dlsyms"
+	  fi
+
+	  $ECHO >> "$output_objdir/$my_dlsyms" "\
+
+/* The mapping between symbol names and symbols.  */
+typedef struct {
+  const char *name;
+  void *address;
+} lt_dlsymlist;
+"
+	  case $host in
+	  *cygwin* | *mingw* | *cegcc* )
+	    $ECHO >> "$output_objdir/$my_dlsyms" "\
+/* DATA imports from DLLs on WIN32 con't be const, because
+   runtime relocations are performed -- see ld's documentation
+   on pseudo-relocs.  */"
+	    lt_dlsym_const= ;;
+	  *osf5*)
+	    echo >> "$output_objdir/$my_dlsyms" "\
+/* This system does not cope well with relocations in const data */"
+	    lt_dlsym_const= ;;
+	  *)
+	    lt_dlsym_const=const ;;
+	  esac
+
+	  $ECHO >> "$output_objdir/$my_dlsyms" "\
+extern $lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[];
+$lt_dlsym_const lt_dlsymlist
+lt_${my_prefix}_LTX_preloaded_symbols[] =
+{\
+  { \"$my_originator\", (void *) 0 },"
+
+	  case $need_lib_prefix in
+	  no)
+	    eval "$global_symbol_to_c_name_address" < "$nlist" >> "$output_objdir/$my_dlsyms"
+	    ;;
+	  *)
+	    eval "$global_symbol_to_c_name_address_lib_prefix" < "$nlist" >> "$output_objdir/$my_dlsyms"
+	    ;;
+	  esac
+	  $ECHO >> "$output_objdir/$my_dlsyms" "\
+  {0, (void *) 0}
+};
+
+/* This works around a problem in FreeBSD linker */
+#ifdef FREEBSD_WORKAROUND
+static const void *lt_preloaded_setup() {
+  return lt_${my_prefix}_LTX_preloaded_symbols;
+}
+#endif
+
+#ifdef __cplusplus
+}
+#endif\
+"
+	} # !$opt_dry_run
+
+	pic_flag_for_symtable=
+	case "$compile_command " in
+	*" -static "*) ;;
+	*)
+	  case $host in
+	  # compiling the symbol table file with pic_flag works around
+	  # a FreeBSD bug that causes programs to crash when -lm is
+	  # linked before any other PIC object.  But we must not use
+	  # pic_flag when linking with -static.  The problem exists in
+	  # FreeBSD 2.2.6 and is fixed in FreeBSD 3.1.
+	  *-*-freebsd2*|*-*-freebsd3.0*|*-*-freebsdelf3.0*)
+	    pic_flag_for_symtable=" $pic_flag -DFREEBSD_WORKAROUND" ;;
+	  *-*-hpux*)
+	    pic_flag_for_symtable=" $pic_flag"  ;;
+	  *)
+	    if test "X$my_pic_p" != Xno; then
+	      pic_flag_for_symtable=" $pic_flag"
+	    fi
+	    ;;
+	  esac
+	  ;;
+	esac
+	symtab_cflags=
+	for arg in $LTCFLAGS; do
+	  case $arg in
+	  -pie | -fpie | -fPIE) ;;
+	  *) symtab_cflags="$symtab_cflags $arg" ;;
+	  esac
+	done
+
+	# Now compile the dynamic symbol file.
+	func_show_eval '(cd $output_objdir && $LTCC$symtab_cflags -c$no_builtin_flag$pic_flag_for_symtable "$my_dlsyms")' 'exit $?'
+
+	# Clean up the generated files.
+	func_show_eval '$RM "$output_objdir/$my_dlsyms" "$nlist" "${nlist}S" "${nlist}T"'
+
+	# Transform the symbol file into the correct name.
+	symfileobj="$output_objdir/${my_outputname}S.$objext"
+	case $host in
+	*cygwin* | *mingw* | *cegcc* )
+	  if test -f "$output_objdir/$my_outputname.def"; then
+	    compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+	    finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$output_objdir/$my_outputname.def $symfileobj%"`
+	  else
+	    compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	    finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	  fi
+	  ;;
+	*)
+	  compile_command=`$ECHO "X$compile_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	  finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s%@SYMFILE@%$symfileobj%"`
+	  ;;
+	esac
+	;;
+      *)
+	func_fatal_error "unknown suffix for \`$my_dlsyms'"
+	;;
+      esac
+    else
+      # We keep going just in case the user didn't refer to
+      # lt_preloaded_symbols.  The linker will fail if global_symbol_pipe
+      # really was required.
+
+      # Nullify the symbol file.
+      compile_command=`$ECHO "X$compile_command" | $Xsed -e "s% @SYMFILE@%%"`
+      finalize_command=`$ECHO "X$finalize_command" | $Xsed -e "s% @SYMFILE@%%"`
+    fi
+}
+
+# func_win32_libid arg
+# return the library type of file 'arg'
+#
+# Need a lot of goo to handle *both* DLLs and import libs
+# Has to be a shell function in order to 'eat' the argument
+# that is supplied when $file_magic_command is called.
+func_win32_libid ()
+{
+  $opt_debug
+  win32_libid_type="unknown"
+  win32_fileres=`file -L $1 2>/dev/null`
+  case $win32_fileres in
+  *ar\ archive\ import\ library*) # definitely import
+    win32_libid_type="x86 archive import"
+    ;;
+  *ar\ archive*) # could be an import, or static
+    if eval $OBJDUMP -f $1 | $SED -e '10q' 2>/dev/null |
+       $EGREP 'file format pe-i386(.*architecture: i386)?' >/dev/null ; then
+      win32_nmres=`eval $NM -f posix -A $1 |
+	$SED -n -e '
+	    1,100{
+		/ I /{
+		    s,.*,import,
+		    p
+		    q
+		}
+	    }'`
+      case $win32_nmres in
+      import*)  win32_libid_type="x86 archive import";;
+      *)        win32_libid_type="x86 archive static";;
+      esac
+    fi
+    ;;
+  *DLL*)
+    win32_libid_type="x86 DLL"
+    ;;
+  *executable*) # but shell scripts are "executable" too...
+    case $win32_fileres in
+    *MS\ Windows\ PE\ Intel*)
+      win32_libid_type="x86 DLL"
+      ;;
+    esac
+    ;;
+  esac
+  $ECHO "$win32_libid_type"
+}
+
+
+
+# func_extract_an_archive dir oldlib
+func_extract_an_archive ()
+{
+    $opt_debug
+    f_ex_an_ar_dir="$1"; shift
+    f_ex_an_ar_oldlib="$1"
+    func_show_eval "(cd \$f_ex_an_ar_dir && $AR x \"\$f_ex_an_ar_oldlib\")" 'exit $?'
+    if ($AR t "$f_ex_an_ar_oldlib" | sort | sort -uc >/dev/null 2>&1); then
+     :
+    else
+      func_fatal_error "object name conflicts in archive: $f_ex_an_ar_dir/$f_ex_an_ar_oldlib"
+    fi
+}
+
+
+# func_extract_archives gentop oldlib ...
+func_extract_archives ()
+{
+    $opt_debug
+    my_gentop="$1"; shift
+    my_oldlibs=${1+"$@"}
+    my_oldobjs=""
+    my_xlib=""
+    my_xabs=""
+    my_xdir=""
+
+    for my_xlib in $my_oldlibs; do
+      # Extract the objects.
+      case $my_xlib in
+	[\\/]* | [A-Za-z]:[\\/]*) my_xabs="$my_xlib" ;;
+	*) my_xabs=`pwd`"/$my_xlib" ;;
+      esac
+      func_basename "$my_xlib"
+      my_xlib="$func_basename_result"
+      my_xlib_u=$my_xlib
+      while :; do
+        case " $extracted_archives " in
+	*" $my_xlib_u "*)
+	  func_arith $extracted_serial + 1
+	  extracted_serial=$func_arith_result
+	  my_xlib_u=lt$extracted_serial-$my_xlib ;;
+	*) break ;;
+	esac
+      done
+      extracted_archives="$extracted_archives $my_xlib_u"
+      my_xdir="$my_gentop/$my_xlib_u"
+
+      func_mkdir_p "$my_xdir"
+
+      case $host in
+      *-darwin*)
+	func_verbose "Extracting $my_xabs"
+	# Do not bother doing anything if just a dry run
+	$opt_dry_run || {
+	  darwin_orig_dir=`pwd`
+	  cd $my_xdir || exit $?
+	  darwin_archive=$my_xabs
+	  darwin_curdir=`pwd`
+	  darwin_base_archive=`basename "$darwin_archive"`
+	  darwin_arches=`$LIPO -info "$darwin_archive" 2>/dev/null | $GREP Architectures 2>/dev/null || true`
+	  if test -n "$darwin_arches"; then
+	    darwin_arches=`$ECHO "$darwin_arches" | $SED -e 's/.*are://'`
+	    darwin_arch=
+	    func_verbose "$darwin_base_archive has multiple architectures $darwin_arches"
+	    for darwin_arch in  $darwin_arches ; do
+	      func_mkdir_p "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      $LIPO -thin $darwin_arch -output "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}" "${darwin_archive}"
+	      cd "unfat-$$/${darwin_base_archive}-${darwin_arch}"
+	      func_extract_an_archive "`pwd`" "${darwin_base_archive}"
+	      cd "$darwin_curdir"
+	      $RM "unfat-$$/${darwin_base_archive}-${darwin_arch}/${darwin_base_archive}"
+	    done # $darwin_arches
+            ## Okay now we've a bunch of thin objects, gotta fatten them up :)
+	    darwin_filelist=`find unfat-$$ -type f -name \*.o -print -o -name \*.lo -print | $SED -e "$basename" | sort -u`
+	    darwin_file=
+	    darwin_files=
+	    for darwin_file in $darwin_filelist; do
+	      darwin_files=`find unfat-$$ -name $darwin_file -print | $NL2SP`
+	      $LIPO -create -output "$darwin_file" $darwin_files
+	    done # $darwin_filelist
+	    $RM -rf unfat-$$
+	    cd "$darwin_orig_dir"
+	  else
+	    cd $darwin_orig_dir
+	    func_extract_an_archive "$my_xdir" "$my_xabs"
+	  fi # $darwin_arches
+	} # !$opt_dry_run
+	;;
+      *)
+        func_extract_an_archive "$my_xdir" "$my_xabs"
+	;;
+      esac
+      my_oldobjs="$my_oldobjs "`find $my_xdir -name \*.$objext -print -o -name \*.lo -print | $NL2SP`
+    done
+
+    func_extract_archives_result="$my_oldobjs"
+}
+
+
+
+# func_emit_wrapper_part1 [arg=no]
+#
+# Emit the first part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part1 ()
+{
+	func_emit_wrapper_part1_arg1=no
+	if test -n "$1" ; then
+	  func_emit_wrapper_part1_arg1=$1
+	fi
+
+	$ECHO "\
+#! $SHELL
+
+# $output - temporary wrapper script for $objdir/$outputname
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# The $output program cannot be directly executed until all the libtool
+# libraries that it depends on are installed.
+#
+# This wrapper script should never be moved out of the build directory.
+# If it is, it will not operate correctly.
+
+# Sed substitution that helps us do robust quoting.  It backslashifies
+# metacharacters that are still active within double-quoted strings.
+Xsed='${SED} -e 1s/^X//'
+sed_quote_subst='$sed_quote_subst'
+
+# Be Bourne compatible
+if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then
+  emulate sh
+  NULLCMD=:
+  # Zsh 3.x and 4.x performs word splitting on \${1+\"\$@\"}, which
+  # is contrary to our usage.  Disable this feature.
+  alias -g '\${1+\"\$@\"}'='\"\$@\"'
+  setopt NO_GLOB_SUBST
+else
+  case \`(set -o) 2>/dev/null\` in *posix*) set -o posix;; esac
+fi
+BIN_SH=xpg4; export BIN_SH # for Tru64
+DUALCASE=1; export DUALCASE # for MKS sh
+
+# The HP-UX ksh and POSIX shell print the target directory to stdout
+# if CDPATH is set.
+(unset CDPATH) >/dev/null 2>&1 && unset CDPATH
+
+relink_command=\"$relink_command\"
+
+# This environment variable determines our operation mode.
+if test \"\$libtool_install_magic\" = \"$magic\"; then
+  # install mode needs the following variables:
+  generated_by_libtool_version='$macro_version'
+  notinst_deplibs='$notinst_deplibs'
+else
+  # When we are sourced in execute mode, \$file and \$ECHO are already set.
+  if test \"\$libtool_execute_magic\" != \"$magic\"; then
+    ECHO=\"$qecho\"
+    file=\"\$0\"
+    # Make sure echo works.
+    if test \"X\$1\" = X--no-reexec; then
+      # Discard the --no-reexec flag, and continue.
+      shift
+    elif test \"X\`{ \$ECHO '\t'; } 2>/dev/null\`\" = 'X\t'; then
+      # Yippee, \$ECHO works!
+      :
+    else
+      # Restart under the correct shell, and then maybe \$ECHO will work.
+      exec $SHELL \"\$0\" --no-reexec \${1+\"\$@\"}
+    fi
+  fi\
+"
+	$ECHO "\
+
+  # Find the directory that this script lives in.
+  thisdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*$%%'\`
+  test \"x\$thisdir\" = \"x\$file\" && thisdir=.
+
+  # Follow symbolic links until we get to the real thisdir.
+  file=\`ls -ld \"\$file\" | ${SED} -n 's/.*-> //p'\`
+  while test -n \"\$file\"; do
+    destdir=\`\$ECHO \"X\$file\" | \$Xsed -e 's%/[^/]*\$%%'\`
+
+    # If there was a directory component, then change thisdir.
+    if test \"x\$destdir\" != \"x\$file\"; then
+      case \"\$destdir\" in
+      [\\\\/]* | [A-Za-z]:[\\\\/]*) thisdir=\"\$destdir\" ;;
+      *) thisdir=\"\$thisdir/\$destdir\" ;;
+      esac
+    fi
+
+    file=\`\$ECHO \"X\$file\" | \$Xsed -e 's%^.*/%%'\`
+    file=\`ls -ld \"\$thisdir/\$file\" | ${SED} -n 's/.*-> //p'\`
+  done
+"
+}
+# end: func_emit_wrapper_part1
+
+# func_emit_wrapper_part2 [arg=no]
+#
+# Emit the second part of a libtool wrapper script on stdout.
+# For more information, see the description associated with
+# func_emit_wrapper(), below.
+func_emit_wrapper_part2 ()
+{
+	func_emit_wrapper_part2_arg1=no
+	if test -n "$1" ; then
+	  func_emit_wrapper_part2_arg1=$1
+	fi
+
+	$ECHO "\
+
+  # Usually 'no', except on cygwin/mingw when embedded into
+  # the cwrapper.
+  WRAPPER_SCRIPT_BELONGS_IN_OBJDIR=$func_emit_wrapper_part2_arg1
+  if test \"\$WRAPPER_SCRIPT_BELONGS_IN_OBJDIR\" = \"yes\"; then
+    # special case for '.'
+    if test \"\$thisdir\" = \".\"; then
+      thisdir=\`pwd\`
+    fi
+    # remove .libs from thisdir
+    case \"\$thisdir\" in
+    *[\\\\/]$objdir ) thisdir=\`\$ECHO \"X\$thisdir\" | \$Xsed -e 's%[\\\\/][^\\\\/]*$%%'\` ;;
+    $objdir )   thisdir=. ;;
+    esac
+  fi
+
+  # Try to get the absolute directory name.
+  absdir=\`cd \"\$thisdir\" && pwd\`
+  test -n \"\$absdir\" && thisdir=\"\$absdir\"
+"
+
+	if test "$fast_install" = yes; then
+	  $ECHO "\
+  program=lt-'$outputname'$exeext
+  progdir=\"\$thisdir/$objdir\"
+
+  if test ! -f \"\$progdir/\$program\" ||
+     { file=\`ls -1dt \"\$progdir/\$program\" \"\$progdir/../\$program\" 2>/dev/null | ${SED} 1q\`; \\
+       test \"X\$file\" != \"X\$progdir/\$program\"; }; then
+
+    file=\"\$\$-\$program\"
+
+    if test ! -d \"\$progdir\"; then
+      $MKDIR \"\$progdir\"
+    else
+      $RM \"\$progdir/\$file\"
+    fi"
+
+	  $ECHO "\
+
+    # relink executable if necessary
+    if test -n \"\$relink_command\"; then
+      if relink_command_output=\`eval \$relink_command 2>&1\`; then :
+      else
+	$ECHO \"\$relink_command_output\" >&2
+	$RM \"\$progdir/\$file\"
+	exit 1
+      fi
+    fi
+
+    $MV \"\$progdir/\$file\" \"\$progdir/\$program\" 2>/dev/null ||
+    { $RM \"\$progdir/\$program\";
+      $MV \"\$progdir/\$file\" \"\$progdir/\$program\"; }
+    $RM \"\$progdir/\$file\"
+  fi"
+	else
+	  $ECHO "\
+  program='$outputname'
+  progdir=\"\$thisdir/$objdir\"
+"
+	fi
+
+	$ECHO "\
+
+  if test -f \"\$progdir/\$program\"; then"
+
+	# Export our shlibpath_var if we have one.
+	if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+	  $ECHO "\
+    # Add our own library path to $shlibpath_var
+    $shlibpath_var=\"$temp_rpath\$$shlibpath_var\"
+
+    # Some systems cannot cope with colon-terminated $shlibpath_var
+    # The second colon is a workaround for a bug in BeOS R4 sed
+    $shlibpath_var=\`\$ECHO \"X\$$shlibpath_var\" | \$Xsed -e 's/::*\$//'\`
+
+    export $shlibpath_var
+"
+	fi
+
+	# fixup the dll searchpath if we need to.
+	if test -n "$dllsearchpath"; then
+	  $ECHO "\
+    # Add the dll search path components to the executable PATH
+    PATH=$dllsearchpath:\$PATH
+"
+	fi
+
+	$ECHO "\
+    if test \"\$libtool_execute_magic\" != \"$magic\"; then
+      # Run the actual program with our arguments.
+"
+	case $host in
+	# Backslashes separate directories on plain windows
+	*-*-mingw | *-*-os2* | *-cegcc*)
+	  $ECHO "\
+      exec \"\$progdir\\\\\$program\" \${1+\"\$@\"}
+"
+	  ;;
+
+	*)
+	  $ECHO "\
+      exec \"\$progdir/\$program\" \${1+\"\$@\"}
+"
+	  ;;
+	esac
+	$ECHO "\
+      \$ECHO \"\$0: cannot exec \$program \$*\" 1>&2
+      exit 1
+    fi
+  else
+    # The program doesn't exist.
+    \$ECHO \"\$0: error: \\\`\$progdir/\$program' does not exist\" 1>&2
+    \$ECHO \"This script is just a wrapper for \$program.\" 1>&2
+    $ECHO \"See the $PACKAGE documentation for more information.\" 1>&2
+    exit 1
+  fi
+fi\
+"
+}
+# end: func_emit_wrapper_part2
+
+
+# func_emit_wrapper [arg=no]
+#
+# Emit a libtool wrapper script on stdout.
+# Don't directly open a file because we may want to
+# incorporate the script contents within a cygwin/mingw
+# wrapper executable.  Must ONLY be called from within
+# func_mode_link because it depends on a number of variables
+# set therein.
+#
+# ARG is the value that the WRAPPER_SCRIPT_BELONGS_IN_OBJDIR
+# variable will take.  If 'yes', then the emitted script
+# will assume that the directory in which it is stored is
+# the $objdir directory.  This is a cygwin/mingw-specific
+# behavior.
+func_emit_wrapper ()
+{
+	func_emit_wrapper_arg1=no
+	if test -n "$1" ; then
+	  func_emit_wrapper_arg1=$1
+	fi
+
+	# split this up so that func_emit_cwrapperexe_src
+	# can call each part independently.
+	func_emit_wrapper_part1 "${func_emit_wrapper_arg1}"
+	func_emit_wrapper_part2 "${func_emit_wrapper_arg1}"
+}
+
+
+# func_to_host_path arg
+#
+# Convert paths to host format when used with build tools.
+# Intended for use with "native" mingw (where libtool itself
+# is running under the msys shell), or in the following cross-
+# build environments:
+#    $build          $host
+#    mingw (msys)    mingw  [e.g. native]
+#    cygwin          mingw
+#    *nix + wine     mingw
+# where wine is equipped with the `winepath' executable.
+# In the native mingw case, the (msys) shell automatically
+# converts paths for any non-msys applications it launches,
+# but that facility isn't available from inside the cwrapper.
+# Similar accommodations are necessary for $host mingw and
+# $build cygwin.  Calling this function does no harm for other
+# $host/$build combinations not listed above.
+#
+# ARG is the path (on $build) that should be converted to
+# the proper representation for $host. The result is stored
+# in $func_to_host_path_result.
+func_to_host_path ()
+{
+  func_to_host_path_result="$1"
+  if test -n "$1" ; then
+    case $host in
+      *mingw* )
+        lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+        case $build in
+          *mingw* ) # actually, msys
+            # awkward: cmd appends spaces to result
+            lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+            func_to_host_path_tmp1=`( cmd //c echo "$1" |\
+              $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+            func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          *cygwin* )
+            func_to_host_path_tmp1=`cygpath -w "$1"`
+            func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          * )
+            # Unfortunately, winepath does not exit with a non-zero
+            # error code, so we are forced to check the contents of
+            # stdout. On the other hand, if the command is not
+            # found, the shell will set an exit code of 127 and print
+            # *an error message* to stdout. So we must check for both
+            # error code of zero AND non-empty stdout, which explains
+            # the odd construction:
+            func_to_host_path_tmp1=`winepath -w "$1" 2>/dev/null`
+            if test "$?" -eq 0 && test -n "${func_to_host_path_tmp1}"; then
+              func_to_host_path_result=`echo "$func_to_host_path_tmp1" |\
+                $SED -e "$lt_sed_naive_backslashify"`
+            else
+              # Allow warning below.
+              func_to_host_path_result=""
+            fi
+            ;;
+        esac
+        if test -z "$func_to_host_path_result" ; then
+          func_error "Could not determine host path corresponding to"
+          func_error "  '$1'"
+          func_error "Continuing, but uninstalled executables may not work."
+          # Fallback:
+          func_to_host_path_result="$1"
+        fi
+        ;;
+    esac
+  fi
+}
+# end: func_to_host_path
+
+# func_to_host_pathlist arg
+#
+# Convert pathlists to host format when used with build tools.
+# See func_to_host_path(), above. This function supports the
+# following $build/$host combinations (but does no harm for
+# combinations not listed here):
+#    $build          $host
+#    mingw (msys)    mingw  [e.g. native]
+#    cygwin          mingw
+#    *nix + wine     mingw
+#
+# Path separators are also converted from $build format to
+# $host format. If ARG begins or ends with a path separator
+# character, it is preserved (but converted to $host format)
+# on output.
+#
+# ARG is a pathlist (on $build) that should be converted to
+# the proper representation on $host. The result is stored
+# in $func_to_host_pathlist_result.
+func_to_host_pathlist ()
+{
+  func_to_host_pathlist_result="$1"
+  if test -n "$1" ; then
+    case $host in
+      *mingw* )
+        lt_sed_naive_backslashify='s|\\\\*|\\|g;s|/|\\|g;s|\\|\\\\|g'
+        # Remove leading and trailing path separator characters from
+        # ARG. msys behavior is inconsistent here, cygpath turns them
+        # into '.;' and ';.', and winepath ignores them completely.
+        func_to_host_pathlist_tmp2="$1"
+        # Once set for this call, this variable should not be
+        # reassigned. It is used in tha fallback case.
+        func_to_host_pathlist_tmp1=`echo "$func_to_host_pathlist_tmp2" |\
+          $SED -e 's|^:*||' -e 's|:*$||'`
+        case $build in
+          *mingw* ) # Actually, msys.
+            # Awkward: cmd appends spaces to result.
+            lt_sed_strip_trailing_spaces="s/[ ]*\$//"
+            func_to_host_pathlist_tmp2=`( cmd //c echo "$func_to_host_pathlist_tmp1" |\
+              $SED -e "$lt_sed_strip_trailing_spaces" ) 2>/dev/null || echo ""`
+            func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          *cygwin* )
+            func_to_host_pathlist_tmp2=`cygpath -w -p "$func_to_host_pathlist_tmp1"`
+            func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp2" |\
+              $SED -e "$lt_sed_naive_backslashify"`
+            ;;
+          * )
+            # unfortunately, winepath doesn't convert pathlists
+            func_to_host_pathlist_result=""
+            func_to_host_pathlist_oldIFS=$IFS
+            IFS=:
+            for func_to_host_pathlist_f in $func_to_host_pathlist_tmp1 ; do
+              IFS=$func_to_host_pathlist_oldIFS
+              if test -n "$func_to_host_pathlist_f" ; then
+                func_to_host_path "$func_to_host_pathlist_f"
+                if test -n "$func_to_host_path_result" ; then
+                  if test -z "$func_to_host_pathlist_result" ; then
+                    func_to_host_pathlist_result="$func_to_host_path_result"
+                  else
+                    func_to_host_pathlist_result="$func_to_host_pathlist_result;$func_to_host_path_result"
+                  fi
+                fi
+              fi
+              IFS=:
+            done
+            IFS=$func_to_host_pathlist_oldIFS
+            ;;
+        esac
+        if test -z "$func_to_host_pathlist_result" ; then
+          func_error "Could not determine the host path(s) corresponding to"
+          func_error "  '$1'"
+          func_error "Continuing, but uninstalled executables may not work."
+          # Fallback. This may break if $1 contains DOS-style drive
+          # specifications. The fix is not to complicate the expression
+          # below, but for the user to provide a working wine installation
+          # with winepath so that path translation in the cross-to-mingw
+          # case works properly.
+          lt_replace_pathsep_nix_to_dos="s|:|;|g"
+          func_to_host_pathlist_result=`echo "$func_to_host_pathlist_tmp1" |\
+            $SED -e "$lt_replace_pathsep_nix_to_dos"`
+        fi
+        # Now, add the leading and trailing path separators back
+        case "$1" in
+          :* ) func_to_host_pathlist_result=";$func_to_host_pathlist_result"
+            ;;
+        esac
+        case "$1" in
+          *: ) func_to_host_pathlist_result="$func_to_host_pathlist_result;"
+            ;;
+        esac
+        ;;
+    esac
+  fi
+}
+# end: func_to_host_pathlist
+
+# func_emit_cwrapperexe_src
+# emit the source code for a wrapper executable on stdout
+# Must ONLY be called from within func_mode_link because
+# it depends on a number of variable set therein.
+func_emit_cwrapperexe_src ()
+{
+	cat <<EOF
+
+/* $cwrappersource - temporary wrapper executable for $objdir/$outputname
+   Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+
+   The $output program cannot be directly executed until all the libtool
+   libraries that it depends on are installed.
+
+   This wrapper executable should never be moved out of the build directory.
+   If it is, it will not operate correctly.
+
+   Currently, it simply execs the wrapper *script* "$SHELL $output",
+   but could eventually absorb all of the scripts functionality and
+   exec $objdir/$outputname directly.
+*/
+EOF
+	    cat <<"EOF"
+#include <stdio.h>
+#include <stdlib.h>
+#ifdef _MSC_VER
+# include <direct.h>
+# include <process.h>
+# include <io.h>
+# define setmode _setmode
+#else
+# include <unistd.h>
+# include <stdint.h>
+# ifdef __CYGWIN__
+#  include <io.h>
+#  define HAVE_SETENV
+#  ifdef __STRICT_ANSI__
+char *realpath (const char *, char *);
+int putenv (char *);
+int setenv (const char *, const char *, int);
+#  endif
+# endif
+#endif
+#include <malloc.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <string.h>
+#include <ctype.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+
+#if defined(PATH_MAX)
+# define LT_PATHMAX PATH_MAX
+#elif defined(MAXPATHLEN)
+# define LT_PATHMAX MAXPATHLEN
+#else
+# define LT_PATHMAX 1024
+#endif
+
+#ifndef S_IXOTH
+# define S_IXOTH 0
+#endif
+#ifndef S_IXGRP
+# define S_IXGRP 0
+#endif
+
+#ifdef _MSC_VER
+# define S_IXUSR _S_IEXEC
+# define stat _stat
+# ifndef _INTPTR_T_DEFINED
+#  define intptr_t int
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR
+# define DIR_SEPARATOR '/'
+# define PATH_SEPARATOR ':'
+#endif
+
+#if defined (_WIN32) || defined (__MSDOS__) || defined (__DJGPP__) || \
+  defined (__OS2__)
+# define HAVE_DOS_BASED_FILE_SYSTEM
+# define FOPEN_WB "wb"
+# ifndef DIR_SEPARATOR_2
+#  define DIR_SEPARATOR_2 '\\'
+# endif
+# ifndef PATH_SEPARATOR_2
+#  define PATH_SEPARATOR_2 ';'
+# endif
+#endif
+
+#ifndef DIR_SEPARATOR_2
+# define IS_DIR_SEPARATOR(ch) ((ch) == DIR_SEPARATOR)
+#else /* DIR_SEPARATOR_2 */
+# define IS_DIR_SEPARATOR(ch) \
+	(((ch) == DIR_SEPARATOR) || ((ch) == DIR_SEPARATOR_2))
+#endif /* DIR_SEPARATOR_2 */
+
+#ifndef PATH_SEPARATOR_2
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR)
+#else /* PATH_SEPARATOR_2 */
+# define IS_PATH_SEPARATOR(ch) ((ch) == PATH_SEPARATOR_2)
+#endif /* PATH_SEPARATOR_2 */
+
+#ifdef __CYGWIN__
+# define FOPEN_WB "wb"
+#endif
+
+#ifndef FOPEN_WB
+# define FOPEN_WB "w"
+#endif
+#ifndef _O_BINARY
+# define _O_BINARY 0
+#endif
+
+#define XMALLOC(type, num)      ((type *) xmalloc ((num) * sizeof(type)))
+#define XFREE(stale) do { \
+  if (stale) { free ((void *) stale); stale = 0; } \
+} while (0)
+
+#undef LTWRAPPER_DEBUGPRINTF
+#if defined DEBUGWRAPPER
+# define LTWRAPPER_DEBUGPRINTF(args) ltwrapper_debugprintf args
+static void
+ltwrapper_debugprintf (const char *fmt, ...)
+{
+    va_list args;
+    va_start (args, fmt);
+    (void) vfprintf (stderr, fmt, args);
+    va_end (args);
+}
+#else
+# define LTWRAPPER_DEBUGPRINTF(args)
+#endif
+
+const char *program_name = NULL;
+
+void *xmalloc (size_t num);
+char *xstrdup (const char *string);
+const char *base_name (const char *name);
+char *find_executable (const char *wrapper);
+char *chase_symlinks (const char *pathspec);
+int make_executable (const char *path);
+int check_executable (const char *path);
+char *strendzap (char *str, const char *pat);
+void lt_fatal (const char *message, ...);
+void lt_setenv (const char *name, const char *value);
+char *lt_extend_str (const char *orig_value, const char *add, int to_end);
+void lt_opt_process_env_set (const char *arg);
+void lt_opt_process_env_prepend (const char *arg);
+void lt_opt_process_env_append (const char *arg);
+int lt_split_name_value (const char *arg, char** name, char** value);
+void lt_update_exe_path (const char *name, const char *value);
+void lt_update_lib_path (const char *name, const char *value);
+
+static const char *script_text_part1 =
+EOF
+
+	    func_emit_wrapper_part1 yes |
+	        $SED -e 's/\([\\"]\)/\\\1/g' \
+	             -e 's/^/  "/' -e 's/$/\\n"/'
+	    echo ";"
+	    cat <<EOF
+
+static const char *script_text_part2 =
+EOF
+	    func_emit_wrapper_part2 yes |
+	        $SED -e 's/\([\\"]\)/\\\1/g' \
+	             -e 's/^/  "/' -e 's/$/\\n"/'
+	    echo ";"
+
+	    cat <<EOF
+const char * MAGIC_EXE = "$magic_exe";
+const char * LIB_PATH_VARNAME = "$shlibpath_var";
+EOF
+
+	    if test "$shlibpath_overrides_runpath" = yes && test -n "$shlibpath_var" && test -n "$temp_rpath"; then
+              func_to_host_pathlist "$temp_rpath"
+	      cat <<EOF
+const char * LIB_PATH_VALUE   = "$func_to_host_pathlist_result";
+EOF
+	    else
+	      cat <<"EOF"
+const char * LIB_PATH_VALUE   = "";
+EOF
+	    fi
+
+	    if test -n "$dllsearchpath"; then
+              func_to_host_pathlist "$dllsearchpath:"
+	      cat <<EOF
+const char * EXE_PATH_VARNAME = "PATH";
+const char * EXE_PATH_VALUE   = "$func_to_host_pathlist_result";
+EOF
+	    else
+	      cat <<"EOF"
+const char * EXE_PATH_VARNAME = "";
+const char * EXE_PATH_VALUE   = "";
+EOF
+	    fi
+
+	    if test "$fast_install" = yes; then
+	      cat <<EOF
+const char * TARGET_PROGRAM_NAME = "lt-$outputname"; /* hopefully, no .exe */
+EOF
+	    else
+	      cat <<EOF
+const char * TARGET_PROGRAM_NAME = "$outputname"; /* hopefully, no .exe */
+EOF
+	    fi
+
+
+	    cat <<"EOF"
+
+#define LTWRAPPER_OPTION_PREFIX         "--lt-"
+#define LTWRAPPER_OPTION_PREFIX_LENGTH  5
+
+static const size_t opt_prefix_len         = LTWRAPPER_OPTION_PREFIX_LENGTH;
+static const char *ltwrapper_option_prefix = LTWRAPPER_OPTION_PREFIX;
+
+static const char *dumpscript_opt       = LTWRAPPER_OPTION_PREFIX "dump-script";
+
+static const size_t env_set_opt_len     = LTWRAPPER_OPTION_PREFIX_LENGTH + 7;
+static const char *env_set_opt          = LTWRAPPER_OPTION_PREFIX "env-set";
+  /* argument is putenv-style "foo=bar", value of foo is set to bar */
+
+static const size_t env_prepend_opt_len = LTWRAPPER_OPTION_PREFIX_LENGTH + 11;
+static const char *env_prepend_opt      = LTWRAPPER_OPTION_PREFIX "env-prepend";
+  /* argument is putenv-style "foo=bar", new value of foo is bar${foo} */
+
+static const size_t env_append_opt_len  = LTWRAPPER_OPTION_PREFIX_LENGTH + 10;
+static const char *env_append_opt       = LTWRAPPER_OPTION_PREFIX "env-append";
+  /* argument is putenv-style "foo=bar", new value of foo is ${foo}bar */
+
+int
+main (int argc, char *argv[])
+{
+  char **newargz;
+  int  newargc;
+  char *tmp_pathspec;
+  char *actual_cwrapper_path;
+  char *actual_cwrapper_name;
+  char *target_name;
+  char *lt_argv_zero;
+  intptr_t rval = 127;
+
+  int i;
+
+  program_name = (char *) xstrdup (base_name (argv[0]));
+  LTWRAPPER_DEBUGPRINTF (("(main) argv[0]      : %s\n", argv[0]));
+  LTWRAPPER_DEBUGPRINTF (("(main) program_name : %s\n", program_name));
+
+  /* very simple arg parsing; don't want to rely on getopt */
+  for (i = 1; i < argc; i++)
+    {
+      if (strcmp (argv[i], dumpscript_opt) == 0)
+	{
+EOF
+	    case "$host" in
+	      *mingw* | *cygwin* )
+		# make stdout use "unix" line endings
+		echo "          setmode(1,_O_BINARY);"
+		;;
+	      esac
+
+	    cat <<"EOF"
+	  printf ("%s", script_text_part1);
+	  printf ("%s", script_text_part2);
+	  return 0;
+	}
+    }
+
+  newargz = XMALLOC (char *, argc + 1);
+  tmp_pathspec = find_executable (argv[0]);
+  if (tmp_pathspec == NULL)
+    lt_fatal ("Couldn't find %s", argv[0]);
+  LTWRAPPER_DEBUGPRINTF (("(main) found exe (before symlink chase) at : %s\n",
+			  tmp_pathspec));
+
+  actual_cwrapper_path = chase_symlinks (tmp_pathspec);
+  LTWRAPPER_DEBUGPRINTF (("(main) found exe (after symlink chase) at : %s\n",
+			  actual_cwrapper_path));
+  XFREE (tmp_pathspec);
+
+  actual_cwrapper_name = xstrdup( base_name (actual_cwrapper_path));
+  strendzap (actual_cwrapper_path, actual_cwrapper_name);
+
+  /* wrapper name transforms */
+  strendzap (actual_cwrapper_name, ".exe");
+  tmp_pathspec = lt_extend_str (actual_cwrapper_name, ".exe", 1);
+  XFREE (actual_cwrapper_name);
+  actual_cwrapper_name = tmp_pathspec;
+  tmp_pathspec = 0;
+
+  /* target_name transforms -- use actual target program name; might have lt- prefix */
+  target_name = xstrdup (base_name (TARGET_PROGRAM_NAME));
+  strendzap (target_name, ".exe");
+  tmp_pathspec = lt_extend_str (target_name, ".exe", 1);
+  XFREE (target_name);
+  target_name = tmp_pathspec;
+  tmp_pathspec = 0;
+
+  LTWRAPPER_DEBUGPRINTF (("(main) libtool target name: %s\n",
+			  target_name));
+EOF
+
+	    cat <<EOF
+  newargz[0] =
+    XMALLOC (char, (strlen (actual_cwrapper_path) +
+		    strlen ("$objdir") + 1 + strlen (actual_cwrapper_name) + 1));
+  strcpy (newargz[0], actual_cwrapper_path);
+  strcat (newargz[0], "$objdir");
+  strcat (newargz[0], "/");
+EOF
+
+	    cat <<"EOF"
+  /* stop here, and copy so we don't have to do this twice */
+  tmp_pathspec = xstrdup (newargz[0]);
+
+  /* do NOT want the lt- prefix here, so use actual_cwrapper_name */
+  strcat (newargz[0], actual_cwrapper_name);
+
+  /* DO want the lt- prefix here if it exists, so use target_name */
+  lt_argv_zero = lt_extend_str (tmp_pathspec, target_name, 1);
+  XFREE (tmp_pathspec);
+  tmp_pathspec = NULL;
+EOF
+
+	    case $host_os in
+	      mingw*)
+	    cat <<"EOF"
+  {
+    char* p;
+    while ((p = strchr (newargz[0], '\\')) != NULL)
+      {
+	*p = '/';
+      }
+    while ((p = strchr (lt_argv_zero, '\\')) != NULL)
+      {
+	*p = '/';
+      }
+  }
+EOF
+	    ;;
+	    esac
+
+	    cat <<"EOF"
+  XFREE (target_name);
+  XFREE (actual_cwrapper_path);
+  XFREE (actual_cwrapper_name);
+
+  lt_setenv ("BIN_SH", "xpg4"); /* for Tru64 */
+  lt_setenv ("DUALCASE", "1");  /* for MSK sh */
+  lt_update_lib_path (LIB_PATH_VARNAME, LIB_PATH_VALUE);
+  lt_update_exe_path (EXE_PATH_VARNAME, EXE_PATH_VALUE);
+
+  newargc=0;
+  for (i = 1; i < argc; i++)
+    {
+      if (strncmp (argv[i], env_set_opt, env_set_opt_len) == 0)
+        {
+          if (argv[i][env_set_opt_len] == '=')
+            {
+              const char *p = argv[i] + env_set_opt_len + 1;
+              lt_opt_process_env_set (p);
+            }
+          else if (argv[i][env_set_opt_len] == '\0' && i + 1 < argc)
+            {
+              lt_opt_process_env_set (argv[++i]); /* don't copy */
+            }
+          else
+            lt_fatal ("%s missing required argument", env_set_opt);
+          continue;
+        }
+      if (strncmp (argv[i], env_prepend_opt, env_prepend_opt_len) == 0)
+        {
+          if (argv[i][env_prepend_opt_len] == '=')
+            {
+              const char *p = argv[i] + env_prepend_opt_len + 1;
+              lt_opt_process_env_prepend (p);
+            }
+          else if (argv[i][env_prepend_opt_len] == '\0' && i + 1 < argc)
+            {
+              lt_opt_process_env_prepend (argv[++i]); /* don't copy */
+            }
+          else
+            lt_fatal ("%s missing required argument", env_prepend_opt);
+          continue;
+        }
+      if (strncmp (argv[i], env_append_opt, env_append_opt_len) == 0)
+        {
+          if (argv[i][env_append_opt_len] == '=')
+            {
+              const char *p = argv[i] + env_append_opt_len + 1;
+              lt_opt_process_env_append (p);
+            }
+          else if (argv[i][env_append_opt_len] == '\0' && i + 1 < argc)
+            {
+              lt_opt_process_env_append (argv[++i]); /* don't copy */
+            }
+          else
+            lt_fatal ("%s missing required argument", env_append_opt);
+          continue;
+        }
+      if (strncmp (argv[i], ltwrapper_option_prefix, opt_prefix_len) == 0)
+        {
+          /* however, if there is an option in the LTWRAPPER_OPTION_PREFIX
+             namespace, but it is not one of the ones we know about and
+             have already dealt with, above (inluding dump-script), then
+             report an error. Otherwise, targets might begin to believe
+             they are allowed to use options in the LTWRAPPER_OPTION_PREFIX
+             namespace. The first time any user complains about this, we'll
+             need to make LTWRAPPER_OPTION_PREFIX a configure-time option
+             or a configure.ac-settable value.
+           */
+          lt_fatal ("Unrecognized option in %s namespace: '%s'",
+                    ltwrapper_option_prefix, argv[i]);
+        }
+      /* otherwise ... */
+      newargz[++newargc] = xstrdup (argv[i]);
+    }
+  newargz[++newargc] = NULL;
+
+  LTWRAPPER_DEBUGPRINTF     (("(main) lt_argv_zero : %s\n", (lt_argv_zero ? lt_argv_zero : "<NULL>")));
+  for (i = 0; i < newargc; i++)
+    {
+      LTWRAPPER_DEBUGPRINTF (("(main) newargz[%d]   : %s\n", i, (newargz[i] ? newargz[i] : "<NULL>")));
+    }
+
+EOF
+
+	    case $host_os in
+	      mingw*)
+		cat <<"EOF"
+  /* execv doesn't actually work on mingw as expected on unix */
+  rval = _spawnv (_P_WAIT, lt_argv_zero, (const char * const *) newargz);
+  if (rval == -1)
+    {
+      /* failed to start process */
+      LTWRAPPER_DEBUGPRINTF (("(main) failed to launch target \"%s\": errno = %d\n", lt_argv_zero, errno));
+      return 127;
+    }
+  return rval;
+EOF
+		;;
+	      *)
+		cat <<"EOF"
+  execv (lt_argv_zero, newargz);
+  return rval; /* =127, but avoids unused variable warning */
+EOF
+		;;
+	    esac
+
+	    cat <<"EOF"
+}
+
+void *
+xmalloc (size_t num)
+{
+  void *p = (void *) malloc (num);
+  if (!p)
+    lt_fatal ("Memory exhausted");
+
+  return p;
+}
+
+char *
+xstrdup (const char *string)
+{
+  return string ? strcpy ((char *) xmalloc (strlen (string) + 1),
+			  string) : NULL;
+}
+
+const char *
+base_name (const char *name)
+{
+  const char *base;
+
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  /* Skip over the disk name in MSDOS pathnames. */
+  if (isalpha ((unsigned char) name[0]) && name[1] == ':')
+    name += 2;
+#endif
+
+  for (base = name; *name; name++)
+    if (IS_DIR_SEPARATOR (*name))
+      base = name + 1;
+  return base;
+}
+
+int
+check_executable (const char *path)
+{
+  struct stat st;
+
+  LTWRAPPER_DEBUGPRINTF (("(check_executable)  : %s\n",
+			  path ? (*path ? path : "EMPTY!") : "NULL!"));
+  if ((!path) || (!*path))
+    return 0;
+
+  if ((stat (path, &st) >= 0)
+      && (st.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))
+    return 1;
+  else
+    return 0;
+}
+
+int
+make_executable (const char *path)
+{
+  int rval = 0;
+  struct stat st;
+
+  LTWRAPPER_DEBUGPRINTF (("(make_executable)   : %s\n",
+			  path ? (*path ? path : "EMPTY!") : "NULL!"));
+  if ((!path) || (!*path))
+    return 0;
+
+  if (stat (path, &st) >= 0)
+    {
+      rval = chmod (path, st.st_mode | S_IXOTH | S_IXGRP | S_IXUSR);
+    }
+  return rval;
+}
+
+/* Searches for the full path of the wrapper.  Returns
+   newly allocated full path name if found, NULL otherwise
+   Does not chase symlinks, even on platforms that support them.
+*/
+char *
+find_executable (const char *wrapper)
+{
+  int has_slash = 0;
+  const char *p;
+  const char *p_next;
+  /* static buffer for getcwd */
+  char tmp[LT_PATHMAX + 1];
+  int tmp_len;
+  char *concat_name;
+
+  LTWRAPPER_DEBUGPRINTF (("(find_executable)   : %s\n",
+			  wrapper ? (*wrapper ? wrapper : "EMPTY!") : "NULL!"));
+
+  if ((wrapper == NULL) || (*wrapper == '\0'))
+    return NULL;
+
+  /* Absolute path? */
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+  if (isalpha ((unsigned char) wrapper[0]) && wrapper[1] == ':')
+    {
+      concat_name = xstrdup (wrapper);
+      if (check_executable (concat_name))
+	return concat_name;
+      XFREE (concat_name);
+    }
+  else
+    {
+#endif
+      if (IS_DIR_SEPARATOR (wrapper[0]))
+	{
+	  concat_name = xstrdup (wrapper);
+	  if (check_executable (concat_name))
+	    return concat_name;
+	  XFREE (concat_name);
+	}
+#if defined (HAVE_DOS_BASED_FILE_SYSTEM)
+    }
+#endif
+
+  for (p = wrapper; *p; p++)
+    if (*p == '/')
+      {
+	has_slash = 1;
+	break;
+      }
+  if (!has_slash)
+    {
+      /* no slashes; search PATH */
+      const char *path = getenv ("PATH");
+      if (path != NULL)
+	{
+	  for (p = path; *p; p = p_next)
+	    {
+	      const char *q;
+	      size_t p_len;
+	      for (q = p; *q; q++)
+		if (IS_PATH_SEPARATOR (*q))
+		  break;
+	      p_len = q - p;
+	      p_next = (*q == '\0' ? q : q + 1);
+	      if (p_len == 0)
+		{
+		  /* empty path: current directory */
+		  if (getcwd (tmp, LT_PATHMAX) == NULL)
+		    lt_fatal ("getcwd failed");
+		  tmp_len = strlen (tmp);
+		  concat_name =
+		    XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+		  memcpy (concat_name, tmp, tmp_len);
+		  concat_name[tmp_len] = '/';
+		  strcpy (concat_name + tmp_len + 1, wrapper);
+		}
+	      else
+		{
+		  concat_name =
+		    XMALLOC (char, p_len + 1 + strlen (wrapper) + 1);
+		  memcpy (concat_name, p, p_len);
+		  concat_name[p_len] = '/';
+		  strcpy (concat_name + p_len + 1, wrapper);
+		}
+	      if (check_executable (concat_name))
+		return concat_name;
+	      XFREE (concat_name);
+	    }
+	}
+      /* not found in PATH; assume curdir */
+    }
+  /* Relative path | not found in path: prepend cwd */
+  if (getcwd (tmp, LT_PATHMAX) == NULL)
+    lt_fatal ("getcwd failed");
+  tmp_len = strlen (tmp);
+  concat_name = XMALLOC (char, tmp_len + 1 + strlen (wrapper) + 1);
+  memcpy (concat_name, tmp, tmp_len);
+  concat_name[tmp_len] = '/';
+  strcpy (concat_name + tmp_len + 1, wrapper);
+
+  if (check_executable (concat_name))
+    return concat_name;
+  XFREE (concat_name);
+  return NULL;
+}
+
+char *
+chase_symlinks (const char *pathspec)
+{
+#ifndef S_ISLNK
+  return xstrdup (pathspec);
+#else
+  char buf[LT_PATHMAX];
+  struct stat s;
+  char *tmp_pathspec = xstrdup (pathspec);
+  char *p;
+  int has_symlinks = 0;
+  while (strlen (tmp_pathspec) && !has_symlinks)
+    {
+      LTWRAPPER_DEBUGPRINTF (("checking path component for symlinks: %s\n",
+			      tmp_pathspec));
+      if (lstat (tmp_pathspec, &s) == 0)
+	{
+	  if (S_ISLNK (s.st_mode) != 0)
+	    {
+	      has_symlinks = 1;
+	      break;
+	    }
+
+	  /* search backwards for last DIR_SEPARATOR */
+	  p = tmp_pathspec + strlen (tmp_pathspec) - 1;
+	  while ((p > tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+	    p--;
+	  if ((p == tmp_pathspec) && (!IS_DIR_SEPARATOR (*p)))
+	    {
+	      /* no more DIR_SEPARATORS left */
+	      break;
+	    }
+	  *p = '\0';
+	}
+      else
+	{
+	  char *errstr = strerror (errno);
+	  lt_fatal ("Error accessing file %s (%s)", tmp_pathspec, errstr);
+	}
+    }
+  XFREE (tmp_pathspec);
+
+  if (!has_symlinks)
+    {
+      return xstrdup (pathspec);
+    }
+
+  tmp_pathspec = realpath (pathspec, buf);
+  if (tmp_pathspec == 0)
+    {
+      lt_fatal ("Could not follow symlinks for %s", pathspec);
+    }
+  return xstrdup (tmp_pathspec);
+#endif
+}
+
+char *
+strendzap (char *str, const char *pat)
+{
+  size_t len, patlen;
+
+  assert (str != NULL);
+  assert (pat != NULL);
+
+  len = strlen (str);
+  patlen = strlen (pat);
+
+  if (patlen <= len)
+    {
+      str += len - patlen;
+      if (strcmp (str, pat) == 0)
+	*str = '\0';
+    }
+  return str;
+}
+
+static void
+lt_error_core (int exit_status, const char *mode,
+	       const char *message, va_list ap)
+{
+  fprintf (stderr, "%s: %s: ", program_name, mode);
+  vfprintf (stderr, message, ap);
+  fprintf (stderr, ".\n");
+
+  if (exit_status >= 0)
+    exit (exit_status);
+}
+
+void
+lt_fatal (const char *message, ...)
+{
+  va_list ap;
+  va_start (ap, message);
+  lt_error_core (EXIT_FAILURE, "FATAL", message, ap);
+  va_end (ap);
+}
+
+void
+lt_setenv (const char *name, const char *value)
+{
+  LTWRAPPER_DEBUGPRINTF (("(lt_setenv) setting '%s' to '%s'\n",
+                          (name ? name : "<NULL>"),
+                          (value ? value : "<NULL>")));
+  {
+#ifdef HAVE_SETENV
+    /* always make a copy, for consistency with !HAVE_SETENV */
+    char *str = xstrdup (value);
+    setenv (name, str, 1);
+#else
+    int len = strlen (name) + 1 + strlen (value) + 1;
+    char *str = XMALLOC (char, len);
+    sprintf (str, "%s=%s", name, value);
+    if (putenv (str) != EXIT_SUCCESS)
+      {
+        XFREE (str);
+      }
+#endif
+  }
+}
+
+char *
+lt_extend_str (const char *orig_value, const char *add, int to_end)
+{
+  char *new_value;
+  if (orig_value && *orig_value)
+    {
+      int orig_value_len = strlen (orig_value);
+      int add_len = strlen (add);
+      new_value = XMALLOC (char, add_len + orig_value_len + 1);
+      if (to_end)
+        {
+          strcpy (new_value, orig_value);
+          strcpy (new_value + orig_value_len, add);
+        }
+      else
+        {
+          strcpy (new_value, add);
+          strcpy (new_value + add_len, orig_value);
+        }
+    }
+  else
+    {
+      new_value = xstrdup (add);
+    }
+  return new_value;
+}
+
+int
+lt_split_name_value (const char *arg, char** name, char** value)
+{
+  const char *p;
+  int len;
+  if (!arg || !*arg)
+    return 1;
+
+  p = strchr (arg, (int)'=');
+
+  if (!p)
+    return 1;
+
+  *value = xstrdup (++p);
+
+  len = strlen (arg) - strlen (*value);
+  *name = XMALLOC (char, len);
+  strncpy (*name, arg, len-1);
+  (*name)[len - 1] = '\0';
+
+  return 0;
+}
+
+void
+lt_opt_process_env_set (const char *arg)
+{
+  char *name = NULL;
+  char *value = NULL;
+
+  if (lt_split_name_value (arg, &name, &value) != 0)
+    {
+      XFREE (name);
+      XFREE (value);
+      lt_fatal ("bad argument for %s: '%s'", env_set_opt, arg);
+    }
+
+  lt_setenv (name, value);
+  XFREE (name);
+  XFREE (value);
+}
+
+void
+lt_opt_process_env_prepend (const char *arg)
+{
+  char *name = NULL;
+  char *value = NULL;
+  char *new_value = NULL;
+
+  if (lt_split_name_value (arg, &name, &value) != 0)
+    {
+      XFREE (name);
+      XFREE (value);
+      lt_fatal ("bad argument for %s: '%s'", env_prepend_opt, arg);
+    }
+
+  new_value = lt_extend_str (getenv (name), value, 0);
+  lt_setenv (name, new_value);
+  XFREE (new_value);
+  XFREE (name);
+  XFREE (value);
+}
+
+void
+lt_opt_process_env_append (const char *arg)
+{
+  char *name = NULL;
+  char *value = NULL;
+  char *new_value = NULL;
+
+  if (lt_split_name_value (arg, &name, &value) != 0)
+    {
+      XFREE (name);
+      XFREE (value);
+      lt_fatal ("bad argument for %s: '%s'", env_append_opt, arg);
+    }
+
+  new_value = lt_extend_str (getenv (name), value, 1);
+  lt_setenv (name, new_value);
+  XFREE (new_value);
+  XFREE (name);
+  XFREE (value);
+}
+
+void
+lt_update_exe_path (const char *name, const char *value)
+{
+  LTWRAPPER_DEBUGPRINTF (("(lt_update_exe_path) modifying '%s' by prepending '%s'\n",
+                          (name ? name : "<NULL>"),
+                          (value ? value : "<NULL>")));
+
+  if (name && *name && value && *value)
+    {
+      char *new_value = lt_extend_str (getenv (name), value, 0);
+      /* some systems can't cope with a ':'-terminated path #' */
+      int len = strlen (new_value);
+      while (((len = strlen (new_value)) > 0) && IS_PATH_SEPARATOR (new_value[len-1]))
+        {
+          new_value[len-1] = '\0';
+        }
+      lt_setenv (name, new_value);
+      XFREE (new_value);
+    }
+}
+
+void
+lt_update_lib_path (const char *name, const char *value)
+{
+  LTWRAPPER_DEBUGPRINTF (("(lt_update_lib_path) modifying '%s' by prepending '%s'\n",
+                          (name ? name : "<NULL>"),
+                          (value ? value : "<NULL>")));
+
+  if (name && *name && value && *value)
+    {
+      char *new_value = lt_extend_str (getenv (name), value, 0);
+      lt_setenv (name, new_value);
+      XFREE (new_value);
+    }
+}
+
+
+EOF
+}
+# end: func_emit_cwrapperexe_src
+
+# func_mode_link arg...
+func_mode_link ()
+{
+    $opt_debug
+    case $host in
+    *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+      # It is impossible to link a dll without this setting, and
+      # we shouldn't force the makefile maintainer to figure out
+      # which system we are compiling for in order to pass an extra
+      # flag for every libtool invocation.
+      # allow_undefined=no
+
+      # FIXME: Unfortunately, there are problems with the above when trying
+      # to make a dll which has undefined symbols, in which case not
+      # even a static library is built.  For now, we need to specify
+      # -no-undefined on the libtool link line when we can be certain
+      # that all symbols are satisfied, otherwise we get a static library.
+      allow_undefined=yes
+      ;;
+    *)
+      allow_undefined=yes
+      ;;
+    esac
+    libtool_args=$nonopt
+    base_compile="$nonopt $@"
+    compile_command=$nonopt
+    finalize_command=$nonopt
+
+    compile_rpath=
+    finalize_rpath=
+    compile_shlibpath=
+    finalize_shlibpath=
+    convenience=
+    old_convenience=
+    deplibs=
+    old_deplibs=
+    compiler_flags=
+    linker_flags=
+    dllsearchpath=
+    lib_search_path=`pwd`
+    inst_prefix_dir=
+    new_inherited_linker_flags=
+
+    avoid_version=no
+    dlfiles=
+    dlprefiles=
+    dlself=no
+    export_dynamic=no
+    export_symbols=
+    export_symbols_regex=
+    generated=
+    libobjs=
+    ltlibs=
+    module=no
+    no_install=no
+    objs=
+    non_pic_objects=
+    precious_files_regex=
+    prefer_static_libs=no
+    preload=no
+    prev=
+    prevarg=
+    release=
+    rpath=
+    xrpath=
+    perm_rpath=
+    temp_rpath=
+    thread_safe=no
+    vinfo=
+    vinfo_number=no
+    weak_libs=
+    single_module="${wl}-single_module"
+    func_infer_tag $base_compile
+
+    # We need to know -static, to get the right output filenames.
+    for arg
+    do
+      case $arg in
+      -shared)
+	test "$build_libtool_libs" != yes && \
+	  func_fatal_configuration "can not build a shared library"
+	build_old_libs=no
+	break
+	;;
+      -all-static | -static | -static-libtool-libs)
+	case $arg in
+	-all-static)
+	  if test "$build_libtool_libs" = yes && test -z "$link_static_flag"; then
+	    func_warning "complete static linking is impossible in this configuration"
+	  fi
+	  if test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	-static)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=built
+	  ;;
+	-static-libtool-libs)
+	  if test -z "$pic_flag" && test -n "$link_static_flag"; then
+	    dlopen_self=$dlopen_self_static
+	  fi
+	  prefer_static_libs=yes
+	  ;;
+	esac
+	build_libtool_libs=no
+	build_old_libs=yes
+	break
+	;;
+      esac
+    done
+
+    # See if our shared archives depend on static archives.
+    test -n "$old_archive_from_new_cmds" && build_old_libs=yes
+
+    # Go through the arguments, transforming them on the way.
+    while test "$#" -gt 0; do
+      arg="$1"
+      shift
+      func_quote_for_eval "$arg"
+      qarg=$func_quote_for_eval_unquoted_result
+      func_append libtool_args " $func_quote_for_eval_result"
+
+      # If the previous option needs an argument, assign it.
+      if test -n "$prev"; then
+	case $prev in
+	output)
+	  func_append compile_command " @OUTPUT@"
+	  func_append finalize_command " @OUTPUT@"
+	  ;;
+	esac
+
+	case $prev in
+	dlfiles|dlprefiles)
+	  if test "$preload" = no; then
+	    # Add the symbol object into the linking commands.
+	    func_append compile_command " @SYMFILE@"
+	    func_append finalize_command " @SYMFILE@"
+	    preload=yes
+	  fi
+	  case $arg in
+	  *.la | *.lo) ;;  # We handle these cases below.
+	  force)
+	    if test "$dlself" = no; then
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  self)
+	    if test "$prev" = dlprefiles; then
+	      dlself=yes
+	    elif test "$prev" = dlfiles && test "$dlopen_self" != yes; then
+	      dlself=yes
+	    else
+	      dlself=needless
+	      export_dynamic=yes
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  *)
+	    if test "$prev" = dlfiles; then
+	      dlfiles="$dlfiles $arg"
+	    else
+	      dlprefiles="$dlprefiles $arg"
+	    fi
+	    prev=
+	    continue
+	    ;;
+	  esac
+	  ;;
+	expsyms)
+	  export_symbols="$arg"
+	  test -f "$arg" \
+	    || func_fatal_error "symbol file \`$arg' does not exist"
+	  prev=
+	  continue
+	  ;;
+	expsyms_regex)
+	  export_symbols_regex="$arg"
+	  prev=
+	  continue
+	  ;;
+	framework)
+	  case $host in
+	    *-*-darwin*)
+	      case "$deplibs " in
+		*" $qarg.ltframework "*) ;;
+		*) deplibs="$deplibs $qarg.ltframework" # this is fixed later
+		   ;;
+	      esac
+	      ;;
+	  esac
+	  prev=
+	  continue
+	  ;;
+	inst_prefix)
+	  inst_prefix_dir="$arg"
+	  prev=
+	  continue
+	  ;;
+	objectlist)
+	  if test -f "$arg"; then
+	    save_arg=$arg
+	    moreargs=
+	    for fil in `cat "$save_arg"`
+	    do
+#	      moreargs="$moreargs $fil"
+	      arg=$fil
+	      # A libtool-controlled object.
+
+	      # Check to see that this really is a libtool object.
+	      if func_lalib_unsafe_p "$arg"; then
+		pic_object=
+		non_pic_object=
+
+		# Read the .lo file
+		func_source "$arg"
+
+		if test -z "$pic_object" ||
+		   test -z "$non_pic_object" ||
+		   test "$pic_object" = none &&
+		   test "$non_pic_object" = none; then
+		  func_fatal_error "cannot find name of object for \`$arg'"
+		fi
+
+		# Extract subdirectory from the argument.
+		func_dirname "$arg" "/" ""
+		xdir="$func_dirname_result"
+
+		if test "$pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  pic_object="$xdir$pic_object"
+
+		  if test "$prev" = dlfiles; then
+		    if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		      dlfiles="$dlfiles $pic_object"
+		      prev=
+		      continue
+		    else
+		      # If libtool objects are unsupported, then we need to preload.
+		      prev=dlprefiles
+		    fi
+		  fi
+
+		  # CHECK ME:  I think I busted this.  -Ossama
+		  if test "$prev" = dlprefiles; then
+		    # Preload the old-style object.
+		    dlprefiles="$dlprefiles $pic_object"
+		    prev=
+		  fi
+
+		  # A PIC object.
+		  func_append libobjs " $pic_object"
+		  arg="$pic_object"
+		fi
+
+		# Non-PIC object.
+		if test "$non_pic_object" != none; then
+		  # Prepend the subdirectory the object is found in.
+		  non_pic_object="$xdir$non_pic_object"
+
+		  # A standard non-PIC object
+		  func_append non_pic_objects " $non_pic_object"
+		  if test -z "$pic_object" || test "$pic_object" = none ; then
+		    arg="$non_pic_object"
+		  fi
+		else
+		  # If the PIC object exists, use it instead.
+		  # $xdir was prepended to $pic_object above.
+		  non_pic_object="$pic_object"
+		  func_append non_pic_objects " $non_pic_object"
+		fi
+	      else
+		# Only an error if not doing a dry-run.
+		if $opt_dry_run; then
+		  # Extract subdirectory from the argument.
+		  func_dirname "$arg" "/" ""
+		  xdir="$func_dirname_result"
+
+		  func_lo2o "$arg"
+		  pic_object=$xdir$objdir/$func_lo2o_result
+		  non_pic_object=$xdir$func_lo2o_result
+		  func_append libobjs " $pic_object"
+		  func_append non_pic_objects " $non_pic_object"
+	        else
+		  func_fatal_error "\`$arg' is not a valid libtool object"
+		fi
+	      fi
+	    done
+	  else
+	    func_fatal_error "link input file \`$arg' does not exist"
+	  fi
+	  arg=$save_arg
+	  prev=
+	  continue
+	  ;;
+	precious_regex)
+	  precious_files_regex="$arg"
+	  prev=
+	  continue
+	  ;;
+	release)
+	  release="-$arg"
+	  prev=
+	  continue
+	  ;;
+	rpath | xrpath)
+	  # We need an absolute path.
+	  case $arg in
+	  [\\/]* | [A-Za-z]:[\\/]*) ;;
+	  *)
+	    func_fatal_error "only absolute run-paths are allowed"
+	    ;;
+	  esac
+	  if test "$prev" = rpath; then
+	    case "$rpath " in
+	    *" $arg "*) ;;
+	    *) rpath="$rpath $arg" ;;
+	    esac
+	  else
+	    case "$xrpath " in
+	    *" $arg "*) ;;
+	    *) xrpath="$xrpath $arg" ;;
+	    esac
+	  fi
+	  prev=
+	  continue
+	  ;;
+	shrext)
+	  shrext_cmds="$arg"
+	  prev=
+	  continue
+	  ;;
+	weak)
+	  weak_libs="$weak_libs $arg"
+	  prev=
+	  continue
+	  ;;
+	xcclinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  func_append compile_command " $qarg"
+	  func_append finalize_command " $qarg"
+	  continue
+	  ;;
+	xcompiler)
+	  compiler_flags="$compiler_flags $qarg"
+	  prev=
+	  func_append compile_command " $qarg"
+	  func_append finalize_command " $qarg"
+	  continue
+	  ;;
+	xlinker)
+	  linker_flags="$linker_flags $qarg"
+	  compiler_flags="$compiler_flags $wl$qarg"
+	  prev=
+	  func_append compile_command " $wl$qarg"
+	  func_append finalize_command " $wl$qarg"
+	  continue
+	  ;;
+	*)
+	  eval "$prev=\"\$arg\""
+	  prev=
+	  continue
+	  ;;
+	esac
+      fi # test -n "$prev"
+
+      prevarg="$arg"
+
+      case $arg in
+      -all-static)
+	if test -n "$link_static_flag"; then
+	  # See comment for -static flag below, for more details.
+	  func_append compile_command " $link_static_flag"
+	  func_append finalize_command " $link_static_flag"
+	fi
+	continue
+	;;
+
+      -allow-undefined)
+	# FIXME: remove this flag sometime in the future.
+	func_fatal_error "\`-allow-undefined' must not be used because it is the default"
+	;;
+
+      -avoid-version)
+	avoid_version=yes
+	continue
+	;;
+
+      -dlopen)
+	prev=dlfiles
+	continue
+	;;
+
+      -dlpreopen)
+	prev=dlprefiles
+	continue
+	;;
+
+      -export-dynamic)
+	export_dynamic=yes
+	continue
+	;;
+
+      -export-symbols | -export-symbols-regex)
+	if test -n "$export_symbols" || test -n "$export_symbols_regex"; then
+	  func_fatal_error "more than one -exported-symbols argument is not allowed"
+	fi
+	if test "X$arg" = "X-export-symbols"; then
+	  prev=expsyms
+	else
+	  prev=expsyms_regex
+	fi
+	continue
+	;;
+
+      -framework)
+	prev=framework
+	continue
+	;;
+
+      -inst-prefix-dir)
+	prev=inst_prefix
+	continue
+	;;
+
+      # The native IRIX linker understands -LANG:*, -LIST:* and -LNO:*
+      # so, if we see these flags be careful not to treat them like -L
+      -L[A-Z][A-Z]*:*)
+	case $with_gcc/$host in
+	no/*-*-irix* | /*-*-irix*)
+	  func_append compile_command " $arg"
+	  func_append finalize_command " $arg"
+	  ;;
+	esac
+	continue
+	;;
+
+      -L*)
+	func_stripname '-L' '' "$arg"
+	dir=$func_stripname_result
+	if test -z "$dir"; then
+	  if test "$#" -gt 0; then
+	    func_fatal_error "require no space between \`-L' and \`$1'"
+	  else
+	    func_fatal_error "need path for \`-L' option"
+	  fi
+	fi
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  absdir=`cd "$dir" && pwd`
+	  test -z "$absdir" && \
+	    func_fatal_error "cannot determine absolute directory name of \`$dir'"
+	  dir="$absdir"
+	  ;;
+	esac
+	case "$deplibs " in
+	*" -L$dir "*) ;;
+	*)
+	  deplibs="$deplibs -L$dir"
+	  lib_search_path="$lib_search_path $dir"
+	  ;;
+	esac
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	  testbindir=`$ECHO "X$dir" | $Xsed -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$dir:"*) ;;
+	  ::) dllsearchpath=$dir;;
+	  *) dllsearchpath="$dllsearchpath:$dir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  ::) dllsearchpath=$testbindir;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
+	  ;;
+	esac
+	continue
+	;;
+
+      -l*)
+	if test "X$arg" = "X-lc" || test "X$arg" = "X-lm"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-beos* | *-cegcc*)
+	    # These systems don't actually have a C or math library (as such)
+	    continue
+	    ;;
+	  *-*-os2*)
+	    # These systems don't actually have a C library (as such)
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C and math libraries are in the System framework
+	    deplibs="$deplibs System.ltframework"
+	    continue
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    test "X$arg" = "X-lc" && continue
+	    ;;
+	  esac
+	elif test "X$arg" = "X-lc_r"; then
+	 case $host in
+	 *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	   # Do not include libc_r directly, use -pthread flag.
+	   continue
+	   ;;
+	 esac
+	fi
+	deplibs="$deplibs $arg"
+	continue
+	;;
+
+      -module)
+	module=yes
+	continue
+	;;
+
+      # Tru64 UNIX uses -model [arg] to determine the layout of C++
+      # classes, name mangling, and exception handling.
+      # Darwin uses the -arch flag to determine output architecture.
+      -model|-arch|-isysroot)
+	compiler_flags="$compiler_flags $arg"
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+	prev=xcompiler
+	continue
+	;;
+
+      -mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	compiler_flags="$compiler_flags $arg"
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+	case "$new_inherited_linker_flags " in
+	    *" $arg "*) ;;
+	    * ) new_inherited_linker_flags="$new_inherited_linker_flags $arg" ;;
+	esac
+	continue
+	;;
+
+      -multi_module)
+	single_module="${wl}-multi_module"
+	continue
+	;;
+
+      -no-fast-install)
+	fast_install=no
+	continue
+	;;
+
+      -no-install)
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-darwin* | *-cegcc*)
+	  # The PATH hackery in wrapper scripts is required on Windows
+	  # and Darwin in order for the loader to find any dlls it needs.
+	  func_warning "\`-no-install' is ignored for $host"
+	  func_warning "assuming \`-no-fast-install' instead"
+	  fast_install=no
+	  ;;
+	*) no_install=yes ;;
+	esac
+	continue
+	;;
+
+      -no-undefined)
+	allow_undefined=no
+	continue
+	;;
+
+      -objectlist)
+	prev=objectlist
+	continue
+	;;
+
+      -o) prev=output ;;
+
+      -precious-files-regex)
+	prev=precious_regex
+	continue
+	;;
+
+      -release)
+	prev=release
+	continue
+	;;
+
+      -rpath)
+	prev=rpath
+	continue
+	;;
+
+      -R)
+	prev=xrpath
+	continue
+	;;
+
+      -R*)
+	func_stripname '-R' '' "$arg"
+	dir=$func_stripname_result
+	# We need an absolute path.
+	case $dir in
+	[\\/]* | [A-Za-z]:[\\/]*) ;;
+	*)
+	  func_fatal_error "only absolute run-paths are allowed"
+	  ;;
+	esac
+	case "$xrpath " in
+	*" $dir "*) ;;
+	*) xrpath="$xrpath $dir" ;;
+	esac
+	continue
+	;;
+
+      -shared)
+	# The effects of -shared are defined in a previous loop.
+	continue
+	;;
+
+      -shrext)
+	prev=shrext
+	continue
+	;;
+
+      -static | -static-libtool-libs)
+	# The effects of -static are defined in a previous loop.
+	# We used to do the same as -all-static on platforms that
+	# didn't have a PIC flag, but the assumption that the effects
+	# would be equivalent was wrong.  It would break on at least
+	# Digital Unix and AIX.
+	continue
+	;;
+
+      -thread-safe)
+	thread_safe=yes
+	continue
+	;;
+
+      -version-info)
+	prev=vinfo
+	continue
+	;;
+
+      -version-number)
+	prev=vinfo
+	vinfo_number=yes
+	continue
+	;;
+
+      -weak)
+        prev=weak
+	continue
+	;;
+
+      -Wc,*)
+	func_stripname '-Wc,' '' "$arg"
+	args=$func_stripname_result
+	arg=
+	save_ifs="$IFS"; IFS=','
+	for flag in $args; do
+	  IFS="$save_ifs"
+          func_quote_for_eval "$flag"
+	  arg="$arg $wl$func_quote_for_eval_result"
+	  compiler_flags="$compiler_flags $func_quote_for_eval_result"
+	done
+	IFS="$save_ifs"
+	func_stripname ' ' '' "$arg"
+	arg=$func_stripname_result
+	;;
+
+      -Wl,*)
+	func_stripname '-Wl,' '' "$arg"
+	args=$func_stripname_result
+	arg=
+	save_ifs="$IFS"; IFS=','
+	for flag in $args; do
+	  IFS="$save_ifs"
+          func_quote_for_eval "$flag"
+	  arg="$arg $wl$func_quote_for_eval_result"
+	  compiler_flags="$compiler_flags $wl$func_quote_for_eval_result"
+	  linker_flags="$linker_flags $func_quote_for_eval_result"
+	done
+	IFS="$save_ifs"
+	func_stripname ' ' '' "$arg"
+	arg=$func_stripname_result
+	;;
+
+      -Xcompiler)
+	prev=xcompiler
+	continue
+	;;
+
+      -Xlinker)
+	prev=xlinker
+	continue
+	;;
+
+      -XCClinker)
+	prev=xcclinker
+	continue
+	;;
+
+      # -msg_* for osf cc
+      -msg_*)
+	func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+	;;
+
+      # -64, -mips[0-9] enable 64-bit mode on the SGI compiler
+      # -r[0-9][0-9]* specifies the processor on the SGI compiler
+      # -xarch=*, -xtarget=* enable 64-bit mode on the Sun compiler
+      # +DA*, +DD* enable 64-bit mode on the HP compiler
+      # -q* pass through compiler args for the IBM compiler
+      # -m*, -t[45]*, -txscale* pass through architecture-specific
+      # compiler args for GCC
+      # -F/path gives path to uninstalled frameworks, gcc on darwin
+      # -p, -pg, --coverage, -fprofile-* pass through profiling flag for GCC
+      # @file GCC response files
+      -64|-mips[0-9]|-r[0-9][0-9]*|-xarch=*|-xtarget=*|+DA*|+DD*|-q*|-m*| \
+      -t[45]*|-txscale*|-p|-pg|--coverage|-fprofile-*|-F*|@*)
+        func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+        func_append compile_command " $arg"
+        func_append finalize_command " $arg"
+        compiler_flags="$compiler_flags $arg"
+        continue
+        ;;
+
+      # Some other compiler flag.
+      -* | +*)
+        func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+	;;
+
+      *.$objext)
+	# A standard object.
+	objs="$objs $arg"
+	;;
+
+      *.lo)
+	# A libtool-controlled object.
+
+	# Check to see that this really is a libtool object.
+	if func_lalib_unsafe_p "$arg"; then
+	  pic_object=
+	  non_pic_object=
+
+	  # Read the .lo file
+	  func_source "$arg"
+
+	  if test -z "$pic_object" ||
+	     test -z "$non_pic_object" ||
+	     test "$pic_object" = none &&
+	     test "$non_pic_object" = none; then
+	    func_fatal_error "cannot find name of object for \`$arg'"
+	  fi
+
+	  # Extract subdirectory from the argument.
+	  func_dirname "$arg" "/" ""
+	  xdir="$func_dirname_result"
+
+	  if test "$pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    pic_object="$xdir$pic_object"
+
+	    if test "$prev" = dlfiles; then
+	      if test "$build_libtool_libs" = yes && test "$dlopen_support" = yes; then
+		dlfiles="$dlfiles $pic_object"
+		prev=
+		continue
+	      else
+		# If libtool objects are unsupported, then we need to preload.
+		prev=dlprefiles
+	      fi
+	    fi
+
+	    # CHECK ME:  I think I busted this.  -Ossama
+	    if test "$prev" = dlprefiles; then
+	      # Preload the old-style object.
+	      dlprefiles="$dlprefiles $pic_object"
+	      prev=
+	    fi
+
+	    # A PIC object.
+	    func_append libobjs " $pic_object"
+	    arg="$pic_object"
+	  fi
+
+	  # Non-PIC object.
+	  if test "$non_pic_object" != none; then
+	    # Prepend the subdirectory the object is found in.
+	    non_pic_object="$xdir$non_pic_object"
+
+	    # A standard non-PIC object
+	    func_append non_pic_objects " $non_pic_object"
+	    if test -z "$pic_object" || test "$pic_object" = none ; then
+	      arg="$non_pic_object"
+	    fi
+	  else
+	    # If the PIC object exists, use it instead.
+	    # $xdir was prepended to $pic_object above.
+	    non_pic_object="$pic_object"
+	    func_append non_pic_objects " $non_pic_object"
+	  fi
+	else
+	  # Only an error if not doing a dry-run.
+	  if $opt_dry_run; then
+	    # Extract subdirectory from the argument.
+	    func_dirname "$arg" "/" ""
+	    xdir="$func_dirname_result"
+
+	    func_lo2o "$arg"
+	    pic_object=$xdir$objdir/$func_lo2o_result
+	    non_pic_object=$xdir$func_lo2o_result
+	    func_append libobjs " $pic_object"
+	    func_append non_pic_objects " $non_pic_object"
+	  else
+	    func_fatal_error "\`$arg' is not a valid libtool object"
+	  fi
+	fi
+	;;
+
+      *.$libext)
+	# An archive.
+	deplibs="$deplibs $arg"
+	old_deplibs="$old_deplibs $arg"
+	continue
+	;;
+
+      *.la)
+	# A libtool-controlled library.
+
+	if test "$prev" = dlfiles; then
+	  # This library was specified with -dlopen.
+	  dlfiles="$dlfiles $arg"
+	  prev=
+	elif test "$prev" = dlprefiles; then
+	  # The library was specified with -dlpreopen.
+	  dlprefiles="$dlprefiles $arg"
+	  prev=
+	else
+	  deplibs="$deplibs $arg"
+	fi
+	continue
+	;;
+
+      # Some other compiler argument.
+      *)
+	# Unknown arguments in both finalize_command and compile_command need
+	# to be aesthetically quoted because they are evaled later.
+	func_quote_for_eval "$arg"
+	arg="$func_quote_for_eval_result"
+	;;
+      esac # arg
+
+      # Now actually substitute the argument into the commands.
+      if test -n "$arg"; then
+	func_append compile_command " $arg"
+	func_append finalize_command " $arg"
+      fi
+    done # argument parsing loop
+
+    test -n "$prev" && \
+      func_fatal_help "the \`$prevarg' option requires an argument"
+
+    if test "$export_dynamic" = yes && test -n "$export_dynamic_flag_spec"; then
+      eval arg=\"$export_dynamic_flag_spec\"
+      func_append compile_command " $arg"
+      func_append finalize_command " $arg"
+    fi
+
+    oldlibs=
+    # calculate the name of the file, without its directory
+    func_basename "$output"
+    outputname="$func_basename_result"
+    libobjs_save="$libobjs"
+
+    if test -n "$shlibpath_var"; then
+      # get the directories listed in $shlibpath_var
+      eval shlib_search_path=\`\$ECHO \"X\${$shlibpath_var}\" \| \$Xsed -e \'s/:/ /g\'\`
+    else
+      shlib_search_path=
+    fi
+    eval sys_lib_search_path=\"$sys_lib_search_path_spec\"
+    eval sys_lib_dlsearch_path=\"$sys_lib_dlsearch_path_spec\"
+
+    func_dirname "$output" "/" ""
+    output_objdir="$func_dirname_result$objdir"
+    # Create the object directory.
+    func_mkdir_p "$output_objdir"
+
+    # Determine the type of output
+    case $output in
+    "")
+      func_fatal_help "you must specify an output file"
+      ;;
+    *.$libext) linkmode=oldlib ;;
+    *.lo | *.$objext) linkmode=obj ;;
+    *.la) linkmode=lib ;;
+    *) linkmode=prog ;; # Anything else should be a program.
+    esac
+
+    specialdeplibs=
+
+    libs=
+    # Find all interdependent deplibs by searching for libraries
+    # that are linked more than once (e.g. -la -lb -la)
+    for deplib in $deplibs; do
+      if $opt_duplicate_deps ; then
+	case "$libs " in
+	*" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	esac
+      fi
+      libs="$libs $deplib"
+    done
+
+    if test "$linkmode" = lib; then
+      libs="$predeps $libs $compiler_lib_search_path $postdeps"
+
+      # Compute libraries that are listed more than once in $predeps
+      # $postdeps and mark them as special (i.e., whose duplicates are
+      # not to be eliminated).
+      pre_post_deps=
+      if $opt_duplicate_compiler_generated_deps; then
+	for pre_post_dep in $predeps $postdeps; do
+	  case "$pre_post_deps " in
+	  *" $pre_post_dep "*) specialdeplibs="$specialdeplibs $pre_post_deps" ;;
+	  esac
+	  pre_post_deps="$pre_post_deps $pre_post_dep"
+	done
+      fi
+      pre_post_deps=
+    fi
+
+    deplibs=
+    newdependency_libs=
+    newlib_search_path=
+    need_relink=no # whether we're linking any uninstalled libtool libraries
+    notinst_deplibs= # not-installed libtool libraries
+    notinst_path= # paths that contain not-installed libtool libraries
+
+    case $linkmode in
+    lib)
+	passes="conv dlpreopen link"
+	for file in $dlfiles $dlprefiles; do
+	  case $file in
+	  *.la) ;;
+	  *)
+	    func_fatal_help "libraries can \`-dlopen' only libtool libraries: $file"
+	    ;;
+	  esac
+	done
+	;;
+    prog)
+	compile_deplibs=
+	finalize_deplibs=
+	alldeplibs=no
+	newdlfiles=
+	newdlprefiles=
+	passes="conv scan dlopen dlpreopen link"
+	;;
+    *)  passes="conv"
+	;;
+    esac
+
+    for pass in $passes; do
+      # The preopen pass in lib mode reverses $deplibs; put it back here
+      # so that -L comes before libs that need it for instance...
+      if test "$linkmode,$pass" = "lib,link"; then
+	## FIXME: Find the place where the list is rebuilt in the wrong
+	##        order, and fix it there properly
+        tmp_deplibs=
+	for deplib in $deplibs; do
+	  tmp_deplibs="$deplib $tmp_deplibs"
+	done
+	deplibs="$tmp_deplibs"
+      fi
+
+      if test "$linkmode,$pass" = "lib,link" ||
+	 test "$linkmode,$pass" = "prog,scan"; then
+	libs="$deplibs"
+	deplibs=
+      fi
+      if test "$linkmode" = prog; then
+	case $pass in
+	dlopen) libs="$dlfiles" ;;
+	dlpreopen) libs="$dlprefiles" ;;
+	link) libs="$deplibs %DEPLIBS% $dependency_libs" ;;
+	esac
+      fi
+      if test "$linkmode,$pass" = "lib,dlpreopen"; then
+	# Collect and forward deplibs of preopened libtool libs
+	for lib in $dlprefiles; do
+	  # Ignore non-libtool-libs
+	  dependency_libs=
+	  case $lib in
+	  *.la)	func_source "$lib" ;;
+	  esac
+
+	  # Collect preopened libtool deplibs, except any this library
+	  # has declared as weak libs
+	  for deplib in $dependency_libs; do
+            deplib_base=`$ECHO "X$deplib" | $Xsed -e "$basename"`
+	    case " $weak_libs " in
+	    *" $deplib_base "*) ;;
+	    *) deplibs="$deplibs $deplib" ;;
+	    esac
+	  done
+	done
+	libs="$dlprefiles"
+      fi
+      if test "$pass" = dlopen; then
+	# Collect dlpreopened libraries
+	save_deplibs="$deplibs"
+	deplibs=
+      fi
+
+      for deplib in $libs; do
+	lib=
+	found=no
+	case $deplib in
+	-mt|-mthreads|-kthread|-Kthread|-pthread|-pthreads|--thread-safe|-threads)
+	  if test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    compiler_flags="$compiler_flags $deplib"
+	    if test "$linkmode" = lib ; then
+		case "$new_inherited_linker_flags " in
+		    *" $deplib "*) ;;
+		    * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+		esac
+	    fi
+	  fi
+	  continue
+	  ;;
+	-l*)
+	  if test "$linkmode" != lib && test "$linkmode" != prog; then
+	    func_warning "\`-l' is ignored for archives/objects"
+	    continue
+	  fi
+	  func_stripname '-l' '' "$deplib"
+	  name=$func_stripname_result
+	  if test "$linkmode" = lib; then
+	    searchdirs="$newlib_search_path $lib_search_path $compiler_lib_search_dirs $sys_lib_search_path $shlib_search_path"
+	  else
+	    searchdirs="$newlib_search_path $lib_search_path $sys_lib_search_path $shlib_search_path"
+	  fi
+	  for searchdir in $searchdirs; do
+	    for search_ext in .la $std_shrext .so .a; do
+	      # Search the libtool library
+	      lib="$searchdir/lib${name}${search_ext}"
+	      if test -f "$lib"; then
+		if test "$search_ext" = ".la"; then
+		  found=yes
+		else
+		  found=no
+		fi
+		break 2
+	      fi
+	    done
+	  done
+	  if test "$found" != yes; then
+	    # deplib doesn't seem to be a libtool library
+	    if test "$linkmode,$pass" = "prog,link"; then
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      deplibs="$deplib $deplibs"
+	      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    continue
+	  else # deplib is a libtool library
+	    # If $allow_libtool_libs_with_static_runtimes && $deplib is a stdlib,
+	    # We need to do some special things here, and not later.
+	    if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	      case " $predeps $postdeps " in
+	      *" $deplib "*)
+		if func_lalib_p "$lib"; then
+		  library_names=
+		  old_library=
+		  func_source "$lib"
+		  for l in $old_library $library_names; do
+		    ll="$l"
+		  done
+		  if test "X$ll" = "X$old_library" ; then # only static version available
+		    found=no
+		    func_dirname "$lib" "" "."
+		    ladir="$func_dirname_result"
+		    lib=$ladir/$old_library
+		    if test "$linkmode,$pass" = "prog,link"; then
+		      compile_deplibs="$deplib $compile_deplibs"
+		      finalize_deplibs="$deplib $finalize_deplibs"
+		    else
+		      deplibs="$deplib $deplibs"
+		      test "$linkmode" = lib && newdependency_libs="$deplib $newdependency_libs"
+		    fi
+		    continue
+		  fi
+		fi
+		;;
+	      *) ;;
+	      esac
+	    fi
+	  fi
+	  ;; # -l
+	*.ltframework)
+	  if test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$deplib $compile_deplibs"
+	    finalize_deplibs="$deplib $finalize_deplibs"
+	  else
+	    deplibs="$deplib $deplibs"
+	    if test "$linkmode" = lib ; then
+		case "$new_inherited_linker_flags " in
+		    *" $deplib "*) ;;
+		    * ) new_inherited_linker_flags="$new_inherited_linker_flags $deplib" ;;
+		esac
+	    fi
+	  fi
+	  continue
+	  ;;
+	-L*)
+	  case $linkmode in
+	  lib)
+	    deplibs="$deplib $deplibs"
+	    test "$pass" = conv && continue
+	    newdependency_libs="$deplib $newdependency_libs"
+	    func_stripname '-L' '' "$deplib"
+	    newlib_search_path="$newlib_search_path $func_stripname_result"
+	    ;;
+	  prog)
+	    if test "$pass" = conv; then
+	      deplibs="$deplib $deplibs"
+	      continue
+	    fi
+	    if test "$pass" = scan; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    func_stripname '-L' '' "$deplib"
+	    newlib_search_path="$newlib_search_path $func_stripname_result"
+	    ;;
+	  *)
+	    func_warning "\`-L' is ignored for archives/objects"
+	    ;;
+	  esac # linkmode
+	  continue
+	  ;; # -L
+	-R*)
+	  if test "$pass" = link; then
+	    func_stripname '-R' '' "$deplib"
+	    dir=$func_stripname_result
+	    # Make sure the xrpath contains only unique directories.
+	    case "$xrpath " in
+	    *" $dir "*) ;;
+	    *) xrpath="$xrpath $dir" ;;
+	    esac
+	  fi
+	  deplibs="$deplib $deplibs"
+	  continue
+	  ;;
+	*.la) lib="$deplib" ;;
+	*.$libext)
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	    continue
+	  fi
+	  case $linkmode in
+	  lib)
+	    # Linking convenience modules into shared libraries is allowed,
+	    # but linking other static libraries is non-portable.
+	    case " $dlpreconveniencelibs " in
+	    *" $deplib "*) ;;
+	    *)
+	      valid_a_lib=no
+	      case $deplibs_check_method in
+		match_pattern*)
+		  set dummy $deplibs_check_method; shift
+		  match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+		  if eval "\$ECHO \"X$deplib\"" 2>/dev/null | $Xsed -e 10q \
+		    | $EGREP "$match_pattern_regex" > /dev/null; then
+		    valid_a_lib=yes
+		  fi
+		;;
+		pass_all)
+		  valid_a_lib=yes
+		;;
+	      esac
+	      if test "$valid_a_lib" != yes; then
+		$ECHO
+		$ECHO "*** Warning: Trying to link with static lib archive $deplib."
+		$ECHO "*** I have the capability to make that library automatically link in when"
+		$ECHO "*** you link to this library.  But I can only do this if you have a"
+		$ECHO "*** shared version of the library, which you do not appear to have"
+		$ECHO "*** because the file extensions .$libext of this argument makes me believe"
+		$ECHO "*** that it is just a static archive that I should not use here."
+	      else
+		$ECHO
+		$ECHO "*** Warning: Linking the shared library $output against the"
+		$ECHO "*** static library $deplib is not portable!"
+		deplibs="$deplib $deplibs"
+	      fi
+	      ;;
+	    esac
+	    continue
+	    ;;
+	  prog)
+	    if test "$pass" != link; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    fi
+	    continue
+	    ;;
+	  esac # linkmode
+	  ;; # *.$libext
+	*.lo | *.$objext)
+	  if test "$pass" = conv; then
+	    deplibs="$deplib $deplibs"
+	  elif test "$linkmode" = prog; then
+	    if test "$pass" = dlpreopen || test "$dlopen_support" != yes || test "$build_libtool_libs" = no; then
+	      # If there is no dlopen support or we're linking statically,
+	      # we need to preload.
+	      newdlprefiles="$newdlprefiles $deplib"
+	      compile_deplibs="$deplib $compile_deplibs"
+	      finalize_deplibs="$deplib $finalize_deplibs"
+	    else
+	      newdlfiles="$newdlfiles $deplib"
+	    fi
+	  fi
+	  continue
+	  ;;
+	%DEPLIBS%)
+	  alldeplibs=yes
+	  continue
+	  ;;
+	esac # case $deplib
+
+	if test "$found" = yes || test -f "$lib"; then :
+	else
+	  func_fatal_error "cannot find the library \`$lib' or unhandled argument \`$deplib'"
+	fi
+
+	# Check to see that this really is a libtool archive.
+	func_lalib_unsafe_p "$lib" \
+	  || func_fatal_error "\`$lib' is not a valid libtool archive"
+
+	func_dirname "$lib" "" "."
+	ladir="$func_dirname_result"
+
+	dlname=
+	dlopen=
+	dlpreopen=
+	libdir=
+	library_names=
+	old_library=
+	inherited_linker_flags=
+	# If the library was installed with an old release of libtool,
+	# it will not redefine variables installed, or shouldnotlink
+	installed=yes
+	shouldnotlink=no
+	avoidtemprpath=
+
+
+	# Read the .la file
+	func_source "$lib"
+
+	# Convert "-framework foo" to "foo.ltframework"
+	if test -n "$inherited_linker_flags"; then
+	  tmp_inherited_linker_flags=`$ECHO "X$inherited_linker_flags" | $Xsed -e 's/-framework \([^ $]*\)/\1.ltframework/g'`
+	  for tmp_inherited_linker_flag in $tmp_inherited_linker_flags; do
+	    case " $new_inherited_linker_flags " in
+	      *" $tmp_inherited_linker_flag "*) ;;
+	      *) new_inherited_linker_flags="$new_inherited_linker_flags $tmp_inherited_linker_flag";;
+	    esac
+	  done
+	fi
+	dependency_libs=`$ECHO "X $dependency_libs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	if test "$linkmode,$pass" = "lib,link" ||
+	   test "$linkmode,$pass" = "prog,scan" ||
+	   { test "$linkmode" != prog && test "$linkmode" != lib; }; then
+	  test -n "$dlopen" && dlfiles="$dlfiles $dlopen"
+	  test -n "$dlpreopen" && dlprefiles="$dlprefiles $dlpreopen"
+	fi
+
+	if test "$pass" = conv; then
+	  # Only check for convenience libraries
+	  deplibs="$lib $deplibs"
+	  if test -z "$libdir"; then
+	    if test -z "$old_library"; then
+	      func_fatal_error "cannot find name of link library for \`$lib'"
+	    fi
+	    # It is a libtool convenience library, so add in its objects.
+	    convenience="$convenience $ladir/$objdir/$old_library"
+	    old_convenience="$old_convenience $ladir/$objdir/$old_library"
+	  elif test "$linkmode" != prog && test "$linkmode" != lib; then
+	    func_fatal_error "\`$lib' is not a convenience library"
+	  fi
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    deplibs="$deplib $deplibs"
+	    if $opt_duplicate_deps ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done
+	  continue
+	fi # $pass = conv
+
+
+	# Get the name of the library we link against.
+	linklib=
+	for l in $old_library $library_names; do
+	  linklib="$l"
+	done
+	if test -z "$linklib"; then
+	  func_fatal_error "cannot find name of link library for \`$lib'"
+	fi
+
+	# This library was specified with -dlopen.
+	if test "$pass" = dlopen; then
+	  if test -z "$libdir"; then
+	    func_fatal_error "cannot -dlopen a convenience library: \`$lib'"
+	  fi
+	  if test -z "$dlname" ||
+	     test "$dlopen_support" != yes ||
+	     test "$build_libtool_libs" = no; then
+	    # If there is no dlname, no dlopen support or we're linking
+	    # statically, we need to preload.  We also need to preload any
+	    # dependent libraries so libltdl's deplib preloader doesn't
+	    # bomb out in the load deplibs phase.
+	    dlprefiles="$dlprefiles $lib $dependency_libs"
+	  else
+	    newdlfiles="$newdlfiles $lib"
+	  fi
+	  continue
+	fi # $pass = dlopen
+
+	# We need an absolute path.
+	case $ladir in
+	[\\/]* | [A-Za-z]:[\\/]*) abs_ladir="$ladir" ;;
+	*)
+	  abs_ladir=`cd "$ladir" && pwd`
+	  if test -z "$abs_ladir"; then
+	    func_warning "cannot determine absolute directory name of \`$ladir'"
+	    func_warning "passing it literally to the linker, although it might fail"
+	    abs_ladir="$ladir"
+	  fi
+	  ;;
+	esac
+	func_basename "$lib"
+	laname="$func_basename_result"
+
+	# Find the relevant object directory and library name.
+	if test "X$installed" = Xyes; then
+	  if test ! -f "$libdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    func_warning "library \`$lib' was moved."
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    libdir="$abs_ladir"
+	  else
+	    dir="$libdir"
+	    absdir="$libdir"
+	  fi
+	  test "X$hardcode_automatic" = Xyes && avoidtemprpath=yes
+	else
+	  if test ! -f "$ladir/$objdir/$linklib" && test -f "$abs_ladir/$linklib"; then
+	    dir="$ladir"
+	    absdir="$abs_ladir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  else
+	    dir="$ladir/$objdir"
+	    absdir="$abs_ladir/$objdir"
+	    # Remove this search path later
+	    notinst_path="$notinst_path $abs_ladir"
+	  fi
+	fi # $installed = yes
+	func_stripname 'lib' '.la' "$laname"
+	name=$func_stripname_result
+
+	# This library was specified with -dlpreopen.
+	if test "$pass" = dlpreopen; then
+	  if test -z "$libdir" && test "$linkmode" = prog; then
+	    func_fatal_error "only libraries may -dlpreopen a convenience library: \`$lib'"
+	  fi
+	  # Prefer using a static library (so that no silly _DYNAMIC symbols
+	  # are required to link).
+	  if test -n "$old_library"; then
+	    newdlprefiles="$newdlprefiles $dir/$old_library"
+	    # Keep a list of preopened convenience libraries to check
+	    # that they are being used correctly in the link pass.
+	    test -z "$libdir" && \
+		dlpreconveniencelibs="$dlpreconveniencelibs $dir/$old_library"
+	  # Otherwise, use the dlname, so that lt_dlopen finds it.
+	  elif test -n "$dlname"; then
+	    newdlprefiles="$newdlprefiles $dir/$dlname"
+	  else
+	    newdlprefiles="$newdlprefiles $dir/$linklib"
+	  fi
+	fi # $pass = dlpreopen
+
+	if test -z "$libdir"; then
+	  # Link the convenience library
+	  if test "$linkmode" = lib; then
+	    deplibs="$dir/$old_library $deplibs"
+	  elif test "$linkmode,$pass" = "prog,link"; then
+	    compile_deplibs="$dir/$old_library $compile_deplibs"
+	    finalize_deplibs="$dir/$old_library $finalize_deplibs"
+	  else
+	    deplibs="$lib $deplibs" # used for prog,scan pass
+	  fi
+	  continue
+	fi
+
+
+	if test "$linkmode" = prog && test "$pass" != link; then
+	  newlib_search_path="$newlib_search_path $ladir"
+	  deplibs="$lib $deplibs"
+
+	  linkalldeplibs=no
+	  if test "$link_all_deplibs" != no || test -z "$library_names" ||
+	     test "$build_libtool_libs" = no; then
+	    linkalldeplibs=yes
+	  fi
+
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    case $deplib in
+	    -L*) func_stripname '-L' '' "$deplib"
+	         newlib_search_path="$newlib_search_path $func_stripname_result"
+		 ;;
+	    esac
+	    # Need to link against all dependency_libs?
+	    if test "$linkalldeplibs" = yes; then
+	      deplibs="$deplib $deplibs"
+	    else
+	      # Need to hardcode shared library paths
+	      # or/and link against static libraries
+	      newdependency_libs="$deplib $newdependency_libs"
+	    fi
+	    if $opt_duplicate_deps ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done # for deplib
+	  continue
+	fi # $linkmode = prog...
+
+	if test "$linkmode,$pass" = "prog,link"; then
+	  if test -n "$library_names" &&
+	     { { test "$prefer_static_libs" = no ||
+	         test "$prefer_static_libs,$installed" = "built,yes"; } ||
+	       test -z "$old_library"; }; then
+	    # We need to hardcode the library path
+	    if test -n "$shlibpath_var" && test -z "$avoidtemprpath" ; then
+	      # Make sure the rpath contains only unique directories.
+	      case "$temp_rpath:" in
+	      *"$absdir:"*) ;;
+	      *) temp_rpath="$temp_rpath$absdir:" ;;
+	      esac
+	    fi
+
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi # $linkmode,$pass = prog,link...
+
+	  if test "$alldeplibs" = yes &&
+	     { test "$deplibs_check_method" = pass_all ||
+	       { test "$build_libtool_libs" = yes &&
+		 test -n "$library_names"; }; }; then
+	    # We only need to search for static libraries
+	    continue
+	  fi
+	fi
+
+	link_static=no # Whether the deplib will be linked statically
+	use_static_libs=$prefer_static_libs
+	if test "$use_static_libs" = built && test "$installed" = yes; then
+	  use_static_libs=no
+	fi
+	if test -n "$library_names" &&
+	   { test "$use_static_libs" = no || test -z "$old_library"; }; then
+	  case $host in
+	  *cygwin* | *mingw* | *cegcc*)
+	      # No point in relinking DLLs because paths are not encoded
+	      notinst_deplibs="$notinst_deplibs $lib"
+	      need_relink=no
+	    ;;
+	  *)
+	    if test "$installed" = no; then
+	      notinst_deplibs="$notinst_deplibs $lib"
+	      need_relink=yes
+	    fi
+	    ;;
+	  esac
+	  # This is a shared library
+
+	  # Warn about portability, can't link against -module's on some
+	  # systems (darwin).  Don't bleat about dlopened modules though!
+	  dlopenmodule=""
+	  for dlpremoduletest in $dlprefiles; do
+	    if test "X$dlpremoduletest" = "X$lib"; then
+	      dlopenmodule="$dlpremoduletest"
+	      break
+	    fi
+	  done
+	  if test -z "$dlopenmodule" && test "$shouldnotlink" = yes && test "$pass" = link; then
+	    $ECHO
+	    if test "$linkmode" = prog; then
+	      $ECHO "*** Warning: Linking the executable $output against the loadable module"
+	    else
+	      $ECHO "*** Warning: Linking the shared library $output against the loadable module"
+	    fi
+	    $ECHO "*** $linklib is not portable!"
+	  fi
+	  if test "$linkmode" = lib &&
+	     test "$hardcode_into_libs" = yes; then
+	    # Hardcode the library path.
+	    # Skip directories that are in the system default run-time
+	    # search path.
+	    case " $sys_lib_dlsearch_path " in
+	    *" $absdir "*) ;;
+	    *)
+	      case "$compile_rpath " in
+	      *" $absdir "*) ;;
+	      *) compile_rpath="$compile_rpath $absdir"
+	      esac
+	      ;;
+	    esac
+	    case " $sys_lib_dlsearch_path " in
+	    *" $libdir "*) ;;
+	    *)
+	      case "$finalize_rpath " in
+	      *" $libdir "*) ;;
+	      *) finalize_rpath="$finalize_rpath $libdir"
+	      esac
+	      ;;
+	    esac
+	  fi
+
+	  if test -n "$old_archive_from_expsyms_cmds"; then
+	    # figure out the soname
+	    set dummy $library_names
+	    shift
+	    realname="$1"
+	    shift
+	    libname=`eval "\\$ECHO \"$libname_spec\""`
+	    # use dlname if we got it. it's perfectly good, no?
+	    if test -n "$dlname"; then
+	      soname="$dlname"
+	    elif test -n "$soname_spec"; then
+	      # bleh windows
+	      case $host in
+	      *cygwin* | mingw* | *cegcc*)
+	        func_arith $current - $age
+		major=$func_arith_result
+		versuffix="-$major"
+		;;
+	      esac
+	      eval soname=\"$soname_spec\"
+	    else
+	      soname="$realname"
+	    fi
+
+	    # Make a new name for the extract_expsyms_cmds to use
+	    soroot="$soname"
+	    func_basename "$soroot"
+	    soname="$func_basename_result"
+	    func_stripname 'lib' '.dll' "$soname"
+	    newlib=libimp-$func_stripname_result.a
+
+	    # If the library has no export list, then create one now
+	    if test -f "$output_objdir/$soname-def"; then :
+	    else
+	      func_verbose "extracting exported symbol list from \`$soname'"
+	      func_execute_cmds "$extract_expsyms_cmds" 'exit $?'
+	    fi
+
+	    # Create $newlib
+	    if test -f "$output_objdir/$newlib"; then :; else
+	      func_verbose "generating import library for \`$soname'"
+	      func_execute_cmds "$old_archive_from_expsyms_cmds" 'exit $?'
+	    fi
+	    # make sure the library variables are pointing to the new library
+	    dir=$output_objdir
+	    linklib=$newlib
+	  fi # test -n "$old_archive_from_expsyms_cmds"
+
+	  if test "$linkmode" = prog || test "$mode" != relink; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    lib_linked=yes
+	    case $hardcode_action in
+	    immediate | unsupported)
+	      if test "$hardcode_direct" = no; then
+		add="$dir/$linklib"
+		case $host in
+		  *-*-sco3.2v5.0.[024]*) add_dir="-L$dir" ;;
+		  *-*-sysv4*uw2*) add_dir="-L$dir" ;;
+		  *-*-sysv5OpenUNIX* | *-*-sysv5UnixWare7.[01].[10]* | \
+		    *-*-unixware7*) add_dir="-L$dir" ;;
+		  *-*-darwin* )
+		    # if the lib is a (non-dlopened) module then we can not
+		    # link against it, someone is ignoring the earlier warnings
+		    if /usr/bin/file -L $add 2> /dev/null |
+			 $GREP ": [^:]* bundle" >/dev/null ; then
+		      if test "X$dlopenmodule" != "X$lib"; then
+			$ECHO "*** Warning: lib $linklib is a module, not a shared library"
+			if test -z "$old_library" ; then
+			  $ECHO
+			  $ECHO "*** And there doesn't seem to be a static archive available"
+			  $ECHO "*** The link will probably fail, sorry"
+			else
+			  add="$dir/$old_library"
+			fi
+		      elif test -n "$old_library"; then
+			add="$dir/$old_library"
+		      fi
+		    fi
+		esac
+	      elif test "$hardcode_minus_L" = no; then
+		case $host in
+		*-*-sunos*) add_shlibpath="$dir" ;;
+		esac
+		add_dir="-L$dir"
+		add="-l$name"
+	      elif test "$hardcode_shlibpath_var" = no; then
+		add_shlibpath="$dir"
+		add="-l$name"
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    relink)
+	      if test "$hardcode_direct" = yes &&
+	         test "$hardcode_direct_absolute" = no; then
+		add="$dir/$linklib"
+	      elif test "$hardcode_minus_L" = yes; then
+		add_dir="-L$dir"
+		# Try looking first in the location we're being installed to.
+		if test -n "$inst_prefix_dir"; then
+		  case $libdir in
+		    [\\/]*)
+		      add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		      ;;
+		  esac
+		fi
+		add="-l$name"
+	      elif test "$hardcode_shlibpath_var" = yes; then
+		add_shlibpath="$dir"
+		add="-l$name"
+	      else
+		lib_linked=no
+	      fi
+	      ;;
+	    *) lib_linked=no ;;
+	    esac
+
+	    if test "$lib_linked" != yes; then
+	      func_fatal_configuration "unsupported hardcode properties"
+	    fi
+
+	    if test -n "$add_shlibpath"; then
+	      case :$compile_shlibpath: in
+	      *":$add_shlibpath:"*) ;;
+	      *) compile_shlibpath="$compile_shlibpath$add_shlibpath:" ;;
+	      esac
+	    fi
+	    if test "$linkmode" = prog; then
+	      test -n "$add_dir" && compile_deplibs="$add_dir $compile_deplibs"
+	      test -n "$add" && compile_deplibs="$add $compile_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	      if test "$hardcode_direct" != yes &&
+		 test "$hardcode_minus_L" != yes &&
+		 test "$hardcode_shlibpath_var" = yes; then
+		case :$finalize_shlibpath: in
+		*":$libdir:"*) ;;
+		*) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+		esac
+	      fi
+	    fi
+	  fi
+
+	  if test "$linkmode" = prog || test "$mode" = relink; then
+	    add_shlibpath=
+	    add_dir=
+	    add=
+	    # Finalize command for both is simple: just hardcode it.
+	    if test "$hardcode_direct" = yes &&
+	       test "$hardcode_direct_absolute" = no; then
+	      add="$libdir/$linklib"
+	    elif test "$hardcode_minus_L" = yes; then
+	      add_dir="-L$libdir"
+	      add="-l$name"
+	    elif test "$hardcode_shlibpath_var" = yes; then
+	      case :$finalize_shlibpath: in
+	      *":$libdir:"*) ;;
+	      *) finalize_shlibpath="$finalize_shlibpath$libdir:" ;;
+	      esac
+	      add="-l$name"
+	    elif test "$hardcode_automatic" = yes; then
+	      if test -n "$inst_prefix_dir" &&
+		 test -f "$inst_prefix_dir$libdir/$linklib" ; then
+		add="$inst_prefix_dir$libdir/$linklib"
+	      else
+		add="$libdir/$linklib"
+	      fi
+	    else
+	      # We cannot seem to hardcode it, guess we'll fake it.
+	      add_dir="-L$libdir"
+	      # Try looking first in the location we're being installed to.
+	      if test -n "$inst_prefix_dir"; then
+		case $libdir in
+		  [\\/]*)
+		    add_dir="$add_dir -L$inst_prefix_dir$libdir"
+		    ;;
+		esac
+	      fi
+	      add="-l$name"
+	    fi
+
+	    if test "$linkmode" = prog; then
+	      test -n "$add_dir" && finalize_deplibs="$add_dir $finalize_deplibs"
+	      test -n "$add" && finalize_deplibs="$add $finalize_deplibs"
+	    else
+	      test -n "$add_dir" && deplibs="$add_dir $deplibs"
+	      test -n "$add" && deplibs="$add $deplibs"
+	    fi
+	  fi
+	elif test "$linkmode" = prog; then
+	  # Here we assume that one of hardcode_direct or hardcode_minus_L
+	  # is not unsupported.  This is valid on all known static and
+	  # shared platforms.
+	  if test "$hardcode_direct" != unsupported; then
+	    test -n "$old_library" && linklib="$old_library"
+	    compile_deplibs="$dir/$linklib $compile_deplibs"
+	    finalize_deplibs="$dir/$linklib $finalize_deplibs"
+	  else
+	    compile_deplibs="-l$name -L$dir $compile_deplibs"
+	    finalize_deplibs="-l$name -L$dir $finalize_deplibs"
+	  fi
+	elif test "$build_libtool_libs" = yes; then
+	  # Not a shared library
+	  if test "$deplibs_check_method" != pass_all; then
+	    # We're trying link a shared library against a static one
+	    # but the system doesn't support it.
+
+	    # Just print a warning and add the library to dependency_libs so
+	    # that the program can be linked against the static library.
+	    $ECHO
+	    $ECHO "*** Warning: This system can not link to static lib archive $lib."
+	    $ECHO "*** I have the capability to make that library automatically link in when"
+	    $ECHO "*** you link to this library.  But I can only do this if you have a"
+	    $ECHO "*** shared version of the library, which you do not appear to have."
+	    if test "$module" = yes; then
+	      $ECHO "*** But as you try to build a module library, libtool will still create "
+	      $ECHO "*** a static module, that should work as long as the dlopening application"
+	      $ECHO "*** is linked with the -dlopen flag to resolve symbols at runtime."
+	      if test -z "$global_symbol_pipe"; then
+		$ECHO
+		$ECHO "*** However, this would only work if libtool was able to extract symbol"
+		$ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+		$ECHO "*** not find such a program.  So, this module is probably useless."
+		$ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+	      fi
+	      if test "$build_old_libs" = no; then
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  else
+	    deplibs="$dir/$old_library $deplibs"
+	    link_static=yes
+	  fi
+	fi # link shared/static library?
+
+	if test "$linkmode" = lib; then
+	  if test -n "$dependency_libs" &&
+	     { test "$hardcode_into_libs" != yes ||
+	       test "$build_old_libs" = yes ||
+	       test "$link_static" = yes; }; then
+	    # Extract -R from dependency_libs
+	    temp_deplibs=
+	    for libdir in $dependency_libs; do
+	      case $libdir in
+	      -R*) func_stripname '-R' '' "$libdir"
+	           temp_xrpath=$func_stripname_result
+		   case " $xrpath " in
+		   *" $temp_xrpath "*) ;;
+		   *) xrpath="$xrpath $temp_xrpath";;
+		   esac;;
+	      *) temp_deplibs="$temp_deplibs $libdir";;
+	      esac
+	    done
+	    dependency_libs="$temp_deplibs"
+	  fi
+
+	  newlib_search_path="$newlib_search_path $absdir"
+	  # Link against this library
+	  test "$link_static" = no && newdependency_libs="$abs_ladir/$laname $newdependency_libs"
+	  # ... and its dependency_libs
+	  tmp_libs=
+	  for deplib in $dependency_libs; do
+	    newdependency_libs="$deplib $newdependency_libs"
+	    if $opt_duplicate_deps ; then
+	      case "$tmp_libs " in
+	      *" $deplib "*) specialdeplibs="$specialdeplibs $deplib" ;;
+	      esac
+	    fi
+	    tmp_libs="$tmp_libs $deplib"
+	  done
+
+	  if test "$link_all_deplibs" != no; then
+	    # Add the search paths of all dependency libraries
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      -L*) path="$deplib" ;;
+	      *.la)
+	        func_dirname "$deplib" "" "."
+		dir="$func_dirname_result"
+		# We need an absolute path.
+		case $dir in
+		[\\/]* | [A-Za-z]:[\\/]*) absdir="$dir" ;;
+		*)
+		  absdir=`cd "$dir" && pwd`
+		  if test -z "$absdir"; then
+		    func_warning "cannot determine absolute directory name of \`$dir'"
+		    absdir="$dir"
+		  fi
+		  ;;
+		esac
+		if $GREP "^installed=no" $deplib > /dev/null; then
+		case $host in
+		*-*-darwin*)
+		  depdepl=
+		  eval deplibrary_names=`${SED} -n -e 's/^library_names=\(.*\)$/\1/p' $deplib`
+		  if test -n "$deplibrary_names" ; then
+		    for tmp in $deplibrary_names ; do
+		      depdepl=$tmp
+		    done
+		    if test -f "$absdir/$objdir/$depdepl" ; then
+		      depdepl="$absdir/$objdir/$depdepl"
+		      darwin_install_name=`${OTOOL} -L $depdepl | awk '{if (NR == 2) {print $1;exit}}'`
+                      if test -z "$darwin_install_name"; then
+                          darwin_install_name=`${OTOOL64} -L $depdepl  | awk '{if (NR == 2) {print $1;exit}}'`
+                      fi
+		      compiler_flags="$compiler_flags ${wl}-dylib_file ${wl}${darwin_install_name}:${depdepl}"
+		      linker_flags="$linker_flags -dylib_file ${darwin_install_name}:${depdepl}"
+		      path=
+		    fi
+		  fi
+		  ;;
+		*)
+		  path="-L$absdir/$objdir"
+		  ;;
+		esac
+		else
+		  eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		  test -z "$libdir" && \
+		    func_fatal_error "\`$deplib' is not a valid libtool archive"
+		  test "$absdir" != "$libdir" && \
+		    func_warning "\`$deplib' seems to be moved"
+
+		  path="-L$absdir"
+		fi
+		;;
+	      esac
+	      case " $deplibs " in
+	      *" $path "*) ;;
+	      *) deplibs="$path $deplibs" ;;
+	      esac
+	    done
+	  fi # link_all_deplibs != no
+	fi # linkmode = lib
+      done # for deplib in $libs
+      if test "$pass" = link; then
+	if test "$linkmode" = "prog"; then
+	  compile_deplibs="$new_inherited_linker_flags $compile_deplibs"
+	  finalize_deplibs="$new_inherited_linker_flags $finalize_deplibs"
+	else
+	  compiler_flags="$compiler_flags "`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	fi
+      fi
+      dependency_libs="$newdependency_libs"
+      if test "$pass" = dlpreopen; then
+	# Link the dlpreopened libraries before other libraries
+	for deplib in $save_deplibs; do
+	  deplibs="$deplib $deplibs"
+	done
+      fi
+      if test "$pass" != dlopen; then
+	if test "$pass" != conv; then
+	  # Make sure lib_search_path contains only unique directories.
+	  lib_search_path=
+	  for dir in $newlib_search_path; do
+	    case "$lib_search_path " in
+	    *" $dir "*) ;;
+	    *) lib_search_path="$lib_search_path $dir" ;;
+	    esac
+	  done
+	  newlib_search_path=
+	fi
+
+	if test "$linkmode,$pass" != "prog,link"; then
+	  vars="deplibs"
+	else
+	  vars="compile_deplibs finalize_deplibs"
+	fi
+	for var in $vars dependency_libs; do
+	  # Add libraries to $var in reverse order
+	  eval tmp_libs=\"\$$var\"
+	  new_libs=
+	  for deplib in $tmp_libs; do
+	    # FIXME: Pedantically, this is the right thing to do, so
+	    #        that some nasty dependency loop isn't accidentally
+	    #        broken:
+	    #new_libs="$deplib $new_libs"
+	    # Pragmatically, this seems to cause very few problems in
+	    # practice:
+	    case $deplib in
+	    -L*) new_libs="$deplib $new_libs" ;;
+	    -R*) ;;
+	    *)
+	      # And here is the reason: when a library appears more
+	      # than once as an explicit dependence of a library, or
+	      # is implicitly linked in more than once by the
+	      # compiler, it is considered special, and multiple
+	      # occurrences thereof are not removed.  Compare this
+	      # with having the same library being listed as a
+	      # dependency of multiple other libraries: in this case,
+	      # we know (pedantically, we assume) the library does not
+	      # need to be listed more than once, so we keep only the
+	      # last copy.  This is not always right, but it is rare
+	      # enough that we require users that really mean to play
+	      # such unportable linking tricks to link the library
+	      # using -Wl,-lname, so that libtool does not consider it
+	      # for duplicate removal.
+	      case " $specialdeplibs " in
+	      *" $deplib "*) new_libs="$deplib $new_libs" ;;
+	      *)
+		case " $new_libs " in
+		*" $deplib "*) ;;
+		*) new_libs="$deplib $new_libs" ;;
+		esac
+		;;
+	      esac
+	      ;;
+	    esac
+	  done
+	  tmp_libs=
+	  for deplib in $new_libs; do
+	    case $deplib in
+	    -L*)
+	      case " $tmp_libs " in
+	      *" $deplib "*) ;;
+	      *) tmp_libs="$tmp_libs $deplib" ;;
+	      esac
+	      ;;
+	    *) tmp_libs="$tmp_libs $deplib" ;;
+	    esac
+	  done
+	  eval $var=\"$tmp_libs\"
+	done # for var
+      fi
+      # Last step: remove runtime libs from dependency_libs
+      # (they stay in deplibs)
+      tmp_libs=
+      for i in $dependency_libs ; do
+	case " $predeps $postdeps $compiler_lib_search_path " in
+	*" $i "*)
+	  i=""
+	  ;;
+	esac
+	if test -n "$i" ; then
+	  tmp_libs="$tmp_libs $i"
+	fi
+      done
+      dependency_libs=$tmp_libs
+    done # for pass
+    if test "$linkmode" = prog; then
+      dlfiles="$newdlfiles"
+    fi
+    if test "$linkmode" = prog || test "$linkmode" = lib; then
+      dlprefiles="$newdlprefiles"
+    fi
+
+    case $linkmode in
+    oldlib)
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	func_warning "\`-dlopen' is ignored for archives"
+      fi
+
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	func_warning "\`-l' and \`-L' are ignored for archives" ;;
+      esac
+
+      test -n "$rpath" && \
+	func_warning "\`-rpath' is ignored for archives"
+
+      test -n "$xrpath" && \
+	func_warning "\`-R' is ignored for archives"
+
+      test -n "$vinfo" && \
+	func_warning "\`-version-info/-version-number' is ignored for archives"
+
+      test -n "$release" && \
+	func_warning "\`-release' is ignored for archives"
+
+      test -n "$export_symbols$export_symbols_regex" && \
+	func_warning "\`-export-symbols' is ignored for archives"
+
+      # Now set the variables for building old libraries.
+      build_libtool_libs=no
+      oldlibs="$output"
+      objs="$objs$old_deplibs"
+      ;;
+
+    lib)
+      # Make sure we only generate libraries of the form `libNAME.la'.
+      case $outputname in
+      lib*)
+	func_stripname 'lib' '.la' "$outputname"
+	name=$func_stripname_result
+	eval shared_ext=\"$shrext_cmds\"
+	eval libname=\"$libname_spec\"
+	;;
+      *)
+	test "$module" = no && \
+	  func_fatal_help "libtool library \`$output' must begin with \`lib'"
+
+	if test "$need_lib_prefix" != no; then
+	  # Add the "lib" prefix for modules if required
+	  func_stripname '' '.la' "$outputname"
+	  name=$func_stripname_result
+	  eval shared_ext=\"$shrext_cmds\"
+	  eval libname=\"$libname_spec\"
+	else
+	  func_stripname '' '.la' "$outputname"
+	  libname=$func_stripname_result
+	fi
+	;;
+      esac
+
+      if test -n "$objs"; then
+	if test "$deplibs_check_method" != pass_all; then
+	  func_fatal_error "cannot build libtool library \`$output' from non-libtool objects on this host:$objs"
+	else
+	  $ECHO
+	  $ECHO "*** Warning: Linking the shared library $output against the non-libtool"
+	  $ECHO "*** objects $objs is not portable!"
+	  libobjs="$libobjs $objs"
+	fi
+      fi
+
+      test "$dlself" != no && \
+	func_warning "\`-dlopen self' is ignored for libtool libraries"
+
+      set dummy $rpath
+      shift
+      test "$#" -gt 1 && \
+	func_warning "ignoring multiple \`-rpath's for a libtool library"
+
+      install_libdir="$1"
+
+      oldlibs=
+      if test -z "$rpath"; then
+	if test "$build_libtool_libs" = yes; then
+	  # Building a libtool convenience library.
+	  # Some compilers have problems with a `.al' extension so
+	  # convenience libraries should have the same extension an
+	  # archive normally would.
+	  oldlibs="$output_objdir/$libname.$libext $oldlibs"
+	  build_libtool_libs=convenience
+	  build_old_libs=yes
+	fi
+
+	test -n "$vinfo" && \
+	  func_warning "\`-version-info/-version-number' is ignored for convenience libraries"
+
+	test -n "$release" && \
+	  func_warning "\`-release' is ignored for convenience libraries"
+      else
+
+	# Parse the version information argument.
+	save_ifs="$IFS"; IFS=':'
+	set dummy $vinfo 0 0 0
+	shift
+	IFS="$save_ifs"
+
+	test -n "$7" && \
+	  func_fatal_help "too many parameters to \`-version-info'"
+
+	# convert absolute version numbers to libtool ages
+	# this retains compatibility with .la files and attempts
+	# to make the code below a bit more comprehensible
+
+	case $vinfo_number in
+	yes)
+	  number_major="$1"
+	  number_minor="$2"
+	  number_revision="$3"
+	  #
+	  # There are really only two kinds -- those that
+	  # use the current revision as the major version
+	  # and those that subtract age and use age as
+	  # a minor version.  But, then there is irix
+	  # which has an extra 1 added just for fun
+	  #
+	  case $version_type in
+	  darwin|linux|osf|windows|none)
+	    func_arith $number_major + $number_minor
+	    current=$func_arith_result
+	    age="$number_minor"
+	    revision="$number_revision"
+	    ;;
+	  freebsd-aout|freebsd-elf|sunos)
+	    current="$number_major"
+	    revision="$number_minor"
+	    age="0"
+	    ;;
+	  irix|nonstopux)
+	    func_arith $number_major + $number_minor
+	    current=$func_arith_result
+	    age="$number_minor"
+	    revision="$number_minor"
+	    lt_irix_increment=no
+	    ;;
+	  esac
+	  ;;
+	no)
+	  current="$1"
+	  revision="$2"
+	  age="$3"
+	  ;;
+	esac
+
+	# Check that each of the things are valid numbers.
+	case $current in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "CURRENT \`$current' must be a nonnegative integer"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	case $revision in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "REVISION \`$revision' must be a nonnegative integer"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	case $age in
+	0|[1-9]|[1-9][0-9]|[1-9][0-9][0-9]|[1-9][0-9][0-9][0-9]|[1-9][0-9][0-9][0-9][0-9]) ;;
+	*)
+	  func_error "AGE \`$age' must be a nonnegative integer"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	  ;;
+	esac
+
+	if test "$age" -gt "$current"; then
+	  func_error "AGE \`$age' is greater than the current interface number \`$current'"
+	  func_fatal_error "\`$vinfo' is not valid version information"
+	fi
+
+	# Calculate the version variables.
+	major=
+	versuffix=
+	verstring=
+	case $version_type in
+	none) ;;
+
+	darwin)
+	  # Like Linux, but with the current version available in
+	  # verstring for coding it into the library header
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix="$major.$age.$revision"
+	  # Darwin ld doesn't like 0 for these options...
+	  func_arith $current + 1
+	  minor_current=$func_arith_result
+	  xlcverstring="${wl}-compatibility_version ${wl}$minor_current ${wl}-current_version ${wl}$minor_current.$revision"
+	  verstring="-compatibility_version $minor_current -current_version $minor_current.$revision"
+	  ;;
+
+	freebsd-aout)
+	  major=".$current"
+	  versuffix=".$current.$revision";
+	  ;;
+
+	freebsd-elf)
+	  major=".$current"
+	  versuffix=".$current"
+	  ;;
+
+	irix | nonstopux)
+	  if test "X$lt_irix_increment" = "Xno"; then
+	    func_arith $current - $age
+	  else
+	    func_arith $current - $age + 1
+	  fi
+	  major=$func_arith_result
+
+	  case $version_type in
+	    nonstopux) verstring_prefix=nonstopux ;;
+	    *)         verstring_prefix=sgi ;;
+	  esac
+	  verstring="$verstring_prefix$major.$revision"
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$revision
+	  while test "$loop" -ne 0; do
+	    func_arith $revision - $loop
+	    iface=$func_arith_result
+	    func_arith $loop - 1
+	    loop=$func_arith_result
+	    verstring="$verstring_prefix$major.$iface:$verstring"
+	  done
+
+	  # Before this point, $major must not contain `.'.
+	  major=.$major
+	  versuffix="$major.$revision"
+	  ;;
+
+	linux)
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix="$major.$age.$revision"
+	  ;;
+
+	osf)
+	  func_arith $current - $age
+	  major=.$func_arith_result
+	  versuffix=".$current.$age.$revision"
+	  verstring="$current.$age.$revision"
+
+	  # Add in all the interfaces that we are compatible with.
+	  loop=$age
+	  while test "$loop" -ne 0; do
+	    func_arith $current - $loop
+	    iface=$func_arith_result
+	    func_arith $loop - 1
+	    loop=$func_arith_result
+	    verstring="$verstring:${iface}.0"
+	  done
+
+	  # Make executables depend on our current version.
+	  verstring="$verstring:${current}.0"
+	  ;;
+
+	qnx)
+	  major=".$current"
+	  versuffix=".$current"
+	  ;;
+
+	sunos)
+	  major=".$current"
+	  versuffix=".$current.$revision"
+	  ;;
+
+	windows)
+	  # Use '-' rather than '.', since we only want one
+	  # extension on DOS 8.3 filesystems.
+	  func_arith $current - $age
+	  major=$func_arith_result
+	  versuffix="-$major"
+	  ;;
+
+	*)
+	  func_fatal_configuration "unknown library version type \`$version_type'"
+	  ;;
+	esac
+
+	# Clear the version info if we defaulted, and they specified a release.
+	if test -z "$vinfo" && test -n "$release"; then
+	  major=
+	  case $version_type in
+	  darwin)
+	    # we can't check for "0.0" in archive_cmds due to quoting
+	    # problems, so we reset it completely
+	    verstring=
+	    ;;
+	  *)
+	    verstring="0.0"
+	    ;;
+	  esac
+	  if test "$need_version" = no; then
+	    versuffix=
+	  else
+	    versuffix=".0.0"
+	  fi
+	fi
+
+	# Remove version info from name if versioning should be avoided
+	if test "$avoid_version" = yes && test "$need_version" = no; then
+	  major=
+	  versuffix=
+	  verstring=""
+	fi
+
+	# Check to see if the archive will have undefined symbols.
+	if test "$allow_undefined" = yes; then
+	  if test "$allow_undefined_flag" = unsupported; then
+	    func_warning "undefined symbols not allowed in $host shared libraries"
+	    build_libtool_libs=no
+	    build_old_libs=yes
+	  fi
+	else
+	  # Don't allow undefined symbols.
+	  allow_undefined_flag="$no_undefined_flag"
+	fi
+
+      fi
+
+      func_generate_dlsyms "$libname" "$libname" "yes"
+      libobjs="$libobjs $symfileobj"
+      test "X$libobjs" = "X " && libobjs=
+
+      if test "$mode" != relink; then
+	# Remove our outputs, but don't remove object files since they
+	# may have been created when compiling PIC objects.
+	removelist=
+	tempremovelist=`$ECHO "$output_objdir/*"`
+	for p in $tempremovelist; do
+	  case $p in
+	    *.$objext | *.gcno)
+	       ;;
+	    $output_objdir/$outputname | $output_objdir/$libname.* | $output_objdir/${libname}${release}.*)
+	       if test "X$precious_files_regex" != "X"; then
+		 if $ECHO "$p" | $EGREP -e "$precious_files_regex" >/dev/null 2>&1
+		 then
+		   continue
+		 fi
+	       fi
+	       removelist="$removelist $p"
+	       ;;
+	    *) ;;
+	  esac
+	done
+	test -n "$removelist" && \
+	  func_show_eval "${RM}r \$removelist"
+      fi
+
+      # Now set the variables for building old libraries.
+      if test "$build_old_libs" = yes && test "$build_libtool_libs" != convenience ; then
+	oldlibs="$oldlibs $output_objdir/$libname.$libext"
+
+	# Transform .lo files to .o files.
+	oldobjs="$objs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}'$/d' -e "$lo2o" | $NL2SP`
+      fi
+
+      # Eliminate all temporary directories.
+      #for path in $notinst_path; do
+      #	lib_search_path=`$ECHO "X$lib_search_path " | $Xsed -e "s% $path % %g"`
+      #	deplibs=`$ECHO "X$deplibs " | $Xsed -e "s% -L$path % %g"`
+      #	dependency_libs=`$ECHO "X$dependency_libs " | $Xsed -e "s% -L$path % %g"`
+      #done
+
+      if test -n "$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	temp_xrpath=
+	for libdir in $xrpath; do
+	  temp_xrpath="$temp_xrpath -R$libdir"
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+	  esac
+	done
+	if test "$hardcode_into_libs" != yes || test "$build_old_libs" = yes; then
+	  dependency_libs="$temp_xrpath $dependency_libs"
+	fi
+      fi
+
+      # Make sure dlfiles contains only unique files that won't be dlpreopened
+      old_dlfiles="$dlfiles"
+      dlfiles=
+      for lib in $old_dlfiles; do
+	case " $dlprefiles $dlfiles " in
+	*" $lib "*) ;;
+	*) dlfiles="$dlfiles $lib" ;;
+	esac
+      done
+
+      # Make sure dlprefiles contains only unique files
+      old_dlprefiles="$dlprefiles"
+      dlprefiles=
+      for lib in $old_dlprefiles; do
+	case "$dlprefiles " in
+	*" $lib "*) ;;
+	*) dlprefiles="$dlprefiles $lib" ;;
+	esac
+      done
+
+      if test "$build_libtool_libs" = yes; then
+	if test -n "$rpath"; then
+	  case $host in
+	  *-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-*-beos* | *-cegcc*)
+	    # these systems don't actually have a c library (as such)!
+	    ;;
+	  *-*-rhapsody* | *-*-darwin1.[012])
+	    # Rhapsody C library is in the System framework
+	    deplibs="$deplibs System.ltframework"
+	    ;;
+	  *-*-netbsd*)
+	    # Don't link with libc until the a.out ld.so is fixed.
+	    ;;
+	  *-*-openbsd* | *-*-freebsd* | *-*-dragonfly*)
+	    # Do not include libc due to us having libc/libc_r.
+	    ;;
+	  *-*-sco3.2v5* | *-*-sco5v6*)
+	    # Causes problems with __ctype
+	    ;;
+	  *-*-sysv4.2uw2* | *-*-sysv5* | *-*-unixware* | *-*-OpenUNIX*)
+	    # Compiler inserts libc in the correct place for threads to work
+	    ;;
+	  *)
+	    # Add libc to deplibs on all other systems if necessary.
+	    if test "$build_libtool_need_lc" = "yes"; then
+	      deplibs="$deplibs -lc"
+	    fi
+	    ;;
+	  esac
+	fi
+
+	# Transform deplibs into only deplibs that can be linked in shared.
+	name_save=$name
+	libname_save=$libname
+	release_save=$release
+	versuffix_save=$versuffix
+	major_save=$major
+	# I'm not sure if I'm treating the release correctly.  I think
+	# release should show up in the -l (ie -lgmp5) so we don't want to
+	# add it in twice.  Is that correct?
+	release=""
+	versuffix=""
+	major=""
+	newdeplibs=
+	droppeddeps=no
+	case $deplibs_check_method in
+	pass_all)
+	  # Don't check for shared/static.  Everything works.
+	  # This might be a little naive.  We might want to check
+	  # whether the library exists or not.  But this is on
+	  # osf3 & osf4 and I'm not really sure... Just
+	  # implementing what was already the behavior.
+	  newdeplibs=$deplibs
+	  ;;
+	test_compile)
+	  # This code stresses the "libraries are programs" paradigm to its
+	  # limits. Maybe even breaks it.  We compile a program, linking it
+	  # against the deplibs as a proxy for the library.  Then we can check
+	  # whether they linked in statically or dynamically with ldd.
+	  $opt_dry_run || $RM conftest.c
+	  cat > conftest.c <<EOF
+	  int main() { return 0; }
+EOF
+	  $opt_dry_run || $RM conftest
+	  if $LTCC $LTCFLAGS -o conftest conftest.c $deplibs; then
+	    ldd_output=`ldd conftest`
+	    for i in $deplibs; do
+	      case $i in
+	      -l*)
+		func_stripname -l '' "$i"
+		name=$func_stripname_result
+		if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		  case " $predeps $postdeps " in
+		  *" $i "*)
+		    newdeplibs="$newdeplibs $i"
+		    i=""
+		    ;;
+		  esac
+		fi
+		if test -n "$i" ; then
+		  libname=`eval "\\$ECHO \"$libname_spec\""`
+		  deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+		  set dummy $deplib_matches; shift
+		  deplib_match=$1
+		  if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		    newdeplibs="$newdeplibs $i"
+		  else
+		    droppeddeps=yes
+		    $ECHO
+		    $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+		    $ECHO "*** I have the capability to make that library automatically link in when"
+		    $ECHO "*** you link to this library.  But I can only do this if you have a"
+		    $ECHO "*** shared version of the library, which I believe you do not have"
+		    $ECHO "*** because a test_compile did reveal that the linker did not use it for"
+		    $ECHO "*** its dynamic dependency list that programs get resolved with at runtime."
+		  fi
+		fi
+		;;
+	      *)
+		newdeplibs="$newdeplibs $i"
+		;;
+	      esac
+	    done
+	  else
+	    # Error occurred in the first compile.  Let's try to salvage
+	    # the situation: Compile a separate program for each library.
+	    for i in $deplibs; do
+	      case $i in
+	      -l*)
+		func_stripname -l '' "$i"
+		name=$func_stripname_result
+		$opt_dry_run || $RM conftest
+		if $LTCC $LTCFLAGS -o conftest conftest.c $i; then
+		  ldd_output=`ldd conftest`
+		  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		    case " $predeps $postdeps " in
+		    *" $i "*)
+		      newdeplibs="$newdeplibs $i"
+		      i=""
+		      ;;
+		    esac
+		  fi
+		  if test -n "$i" ; then
+		    libname=`eval "\\$ECHO \"$libname_spec\""`
+		    deplib_matches=`eval "\\$ECHO \"$library_names_spec\""`
+		    set dummy $deplib_matches; shift
+		    deplib_match=$1
+		    if test `expr "$ldd_output" : ".*$deplib_match"` -ne 0 ; then
+		      newdeplibs="$newdeplibs $i"
+		    else
+		      droppeddeps=yes
+		      $ECHO
+		      $ECHO "*** Warning: dynamic linker does not accept needed library $i."
+		      $ECHO "*** I have the capability to make that library automatically link in when"
+		      $ECHO "*** you link to this library.  But I can only do this if you have a"
+		      $ECHO "*** shared version of the library, which you do not appear to have"
+		      $ECHO "*** because a test_compile did reveal that the linker did not use this one"
+		      $ECHO "*** as a dynamic dependency that programs can get resolved with at runtime."
+		    fi
+		  fi
+		else
+		  droppeddeps=yes
+		  $ECHO
+		  $ECHO "*** Warning!  Library $i is needed by this library but I was not able to"
+		  $ECHO "*** make it link in!  You will probably need to install it or some"
+		  $ECHO "*** library that it depends on before this library will be fully"
+		  $ECHO "*** functional.  Installing it before continuing would be even better."
+		fi
+		;;
+	      *)
+		newdeplibs="$newdeplibs $i"
+		;;
+	      esac
+	    done
+	  fi
+	  ;;
+	file_magic*)
+	  set dummy $deplibs_check_method; shift
+	  file_magic_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    case $a_deplib in
+	    -l*)
+	      func_stripname -l '' "$a_deplib"
+	      name=$func_stripname_result
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval "\\$ECHO \"$libname_spec\""`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		      # Follow soft links.
+		      if ls -lLd "$potent_lib" 2>/dev/null |
+			 $GREP " -> " >/dev/null; then
+			continue
+		      fi
+		      # The statement above tries to avoid entering an
+		      # endless loop below, in case of cyclic links.
+		      # We might still enter an endless loop, since a link
+		      # loop can be closed while we follow links,
+		      # but so what?
+		      potlib="$potent_lib"
+		      while test -h "$potlib" 2>/dev/null; do
+			potliblink=`ls -ld $potlib | ${SED} 's/.* -> //'`
+			case $potliblink in
+			[\\/]* | [A-Za-z]:[\\/]*) potlib="$potliblink";;
+			*) potlib=`$ECHO "X$potlib" | $Xsed -e 's,[^/]*$,,'`"$potliblink";;
+			esac
+		      done
+		      if eval $file_magic_cmd \"\$potlib\" 2>/dev/null |
+			 $SED -e 10q |
+			 $EGREP "$file_magic_regex" > /dev/null; then
+			newdeplibs="$newdeplibs $a_deplib"
+			a_deplib=""
+			break 2
+		      fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib" ; then
+		droppeddeps=yes
+		$ECHO
+		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+		$ECHO "*** I have the capability to make that library automatically link in when"
+		$ECHO "*** you link to this library.  But I can only do this if you have a"
+		$ECHO "*** shared version of the library, which you do not appear to have"
+		$ECHO "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $ECHO "*** with $libname but no candidates were found. (...for file magic test)"
+		else
+		  $ECHO "*** with $libname and none of the candidates passed a file format test"
+		  $ECHO "*** using a file magic. Last file checked: $potlib"
+		fi
+	      fi
+	      ;;
+	    *)
+	      # Add a -L argument.
+	      newdeplibs="$newdeplibs $a_deplib"
+	      ;;
+	    esac
+	  done # Gone through all deplibs.
+	  ;;
+	match_pattern*)
+	  set dummy $deplibs_check_method; shift
+	  match_pattern_regex=`expr "$deplibs_check_method" : "$1 \(.*\)"`
+	  for a_deplib in $deplibs; do
+	    case $a_deplib in
+	    -l*)
+	      func_stripname -l '' "$a_deplib"
+	      name=$func_stripname_result
+	      if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+		case " $predeps $postdeps " in
+		*" $a_deplib "*)
+		  newdeplibs="$newdeplibs $a_deplib"
+		  a_deplib=""
+		  ;;
+		esac
+	      fi
+	      if test -n "$a_deplib" ; then
+		libname=`eval "\\$ECHO \"$libname_spec\""`
+		for i in $lib_search_path $sys_lib_search_path $shlib_search_path; do
+		  potential_libs=`ls $i/$libname[.-]* 2>/dev/null`
+		  for potent_lib in $potential_libs; do
+		    potlib="$potent_lib" # see symlink-check above in file_magic test
+		    if eval "\$ECHO \"X$potent_lib\"" 2>/dev/null | $Xsed -e 10q | \
+		       $EGREP "$match_pattern_regex" > /dev/null; then
+		      newdeplibs="$newdeplibs $a_deplib"
+		      a_deplib=""
+		      break 2
+		    fi
+		  done
+		done
+	      fi
+	      if test -n "$a_deplib" ; then
+		droppeddeps=yes
+		$ECHO
+		$ECHO "*** Warning: linker path does not have real file for library $a_deplib."
+		$ECHO "*** I have the capability to make that library automatically link in when"
+		$ECHO "*** you link to this library.  But I can only do this if you have a"
+		$ECHO "*** shared version of the library, which you do not appear to have"
+		$ECHO "*** because I did check the linker path looking for a file starting"
+		if test -z "$potlib" ; then
+		  $ECHO "*** with $libname but no candidates were found. (...for regex pattern test)"
+		else
+		  $ECHO "*** with $libname and none of the candidates passed a file format test"
+		  $ECHO "*** using a regex pattern. Last file checked: $potlib"
+		fi
+	      fi
+	      ;;
+	    *)
+	      # Add a -L argument.
+	      newdeplibs="$newdeplibs $a_deplib"
+	      ;;
+	    esac
+	  done # Gone through all deplibs.
+	  ;;
+	none | unknown | *)
+	  newdeplibs=""
+	  tmp_deplibs=`$ECHO "X $deplibs" | $Xsed \
+	      -e 's/ -lc$//' -e 's/ -[LR][^ ]*//g'`
+	  if test "X$allow_libtool_libs_with_static_runtimes" = "Xyes" ; then
+	    for i in $predeps $postdeps ; do
+	      # can't use Xsed below, because $i might contain '/'
+	      tmp_deplibs=`$ECHO "X $tmp_deplibs" | $Xsed -e "s,$i,,"`
+	    done
+	  fi
+	  if $ECHO "X $tmp_deplibs" | $Xsed -e 's/[	 ]//g' |
+	     $GREP . >/dev/null; then
+	    $ECHO
+	    if test "X$deplibs_check_method" = "Xnone"; then
+	      $ECHO "*** Warning: inter-library dependencies are not supported in this platform."
+	    else
+	      $ECHO "*** Warning: inter-library dependencies are not known to be supported."
+	    fi
+	    $ECHO "*** All declared inter-library dependencies are being dropped."
+	    droppeddeps=yes
+	  fi
+	  ;;
+	esac
+	versuffix=$versuffix_save
+	major=$major_save
+	release=$release_save
+	libname=$libname_save
+	name=$name_save
+
+	case $host in
+	*-*-rhapsody* | *-*-darwin1.[012])
+	  # On Rhapsody replace the C library with the System framework
+	  newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+	  ;;
+	esac
+
+	if test "$droppeddeps" = yes; then
+	  if test "$module" = yes; then
+	    $ECHO
+	    $ECHO "*** Warning: libtool could not satisfy all declared inter-library"
+	    $ECHO "*** dependencies of module $libname.  Therefore, libtool will create"
+	    $ECHO "*** a static module, that should work as long as the dlopening"
+	    $ECHO "*** application is linked with the -dlopen flag."
+	    if test -z "$global_symbol_pipe"; then
+	      $ECHO
+	      $ECHO "*** However, this would only work if libtool was able to extract symbol"
+	      $ECHO "*** lists from a program, using \`nm' or equivalent, but libtool could"
+	      $ECHO "*** not find such a program.  So, this module is probably useless."
+	      $ECHO "*** \`nm' from GNU binutils and a full rebuild may help."
+	    fi
+	    if test "$build_old_libs" = no; then
+	      oldlibs="$output_objdir/$libname.$libext"
+	      build_libtool_libs=module
+	      build_old_libs=yes
+	    else
+	      build_libtool_libs=no
+	    fi
+	  else
+	    $ECHO "*** The inter-library dependencies that have been dropped here will be"
+	    $ECHO "*** automatically added whenever a program is linked with this library"
+	    $ECHO "*** or is declared to -dlopen it."
+
+	    if test "$allow_undefined" = no; then
+	      $ECHO
+	      $ECHO "*** Since this library must not contain undefined symbols,"
+	      $ECHO "*** because either the platform does not support them or"
+	      $ECHO "*** it was explicitly requested with -no-undefined,"
+	      $ECHO "*** libtool will only create a static version of it."
+	      if test "$build_old_libs" = no; then
+		oldlibs="$output_objdir/$libname.$libext"
+		build_libtool_libs=module
+		build_old_libs=yes
+	      else
+		build_libtool_libs=no
+	      fi
+	    fi
+	  fi
+	fi
+	# Done checking deplibs!
+	deplibs=$newdeplibs
+      fi
+      # Time to change all our "foo.ltframework" stuff back to "-framework foo"
+      case $host in
+	*-*-darwin*)
+	  newdeplibs=`$ECHO "X $newdeplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  new_inherited_linker_flags=`$ECHO "X $new_inherited_linker_flags" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  deplibs=`$ECHO "X $deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	  ;;
+      esac
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      deplibs="$new_libs"
+
+      # All the library-specific variables (install_libdir is set above).
+      library_names=
+      old_library=
+      dlname=
+
+      # Test again, we may have decided not to build it any more
+      if test "$build_libtool_libs" = yes; then
+	if test "$hardcode_into_libs" = yes; then
+	  # Hardcode the library paths
+	  hardcode_libdirs=
+	  dep_rpath=
+	  rpath="$finalize_rpath"
+	  test "$mode" != relink && rpath="$compile_rpath$rpath"
+	  for libdir in $rpath; do
+	    if test -n "$hardcode_libdir_flag_spec"; then
+	      if test -n "$hardcode_libdir_separator"; then
+		if test -z "$hardcode_libdirs"; then
+		  hardcode_libdirs="$libdir"
+		else
+		  # Just accumulate the unique libdirs.
+		  case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+		  *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		    ;;
+		  *)
+		    hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		    ;;
+		  esac
+		fi
+	      else
+		eval flag=\"$hardcode_libdir_flag_spec\"
+		dep_rpath="$dep_rpath $flag"
+	      fi
+	    elif test -n "$runpath_var"; then
+	      case "$perm_rpath " in
+	      *" $libdir "*) ;;
+	      *) perm_rpath="$perm_rpath $libdir" ;;
+	      esac
+	    fi
+	  done
+	  # Substitute the hardcoded libdirs into the rpath.
+	  if test -n "$hardcode_libdir_separator" &&
+	     test -n "$hardcode_libdirs"; then
+	    libdir="$hardcode_libdirs"
+	    if test -n "$hardcode_libdir_flag_spec_ld"; then
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec_ld\"
+	    else
+	      eval dep_rpath=\"$hardcode_libdir_flag_spec\"
+	    fi
+	  fi
+	  if test -n "$runpath_var" && test -n "$perm_rpath"; then
+	    # We should set the runpath_var.
+	    rpath=
+	    for dir in $perm_rpath; do
+	      rpath="$rpath$dir:"
+	    done
+	    eval "$runpath_var='$rpath\$$runpath_var'; export $runpath_var"
+	  fi
+	  test -n "$dep_rpath" && deplibs="$dep_rpath $deplibs"
+	fi
+
+	shlibpath="$finalize_shlibpath"
+	test "$mode" != relink && shlibpath="$compile_shlibpath$shlibpath"
+	if test -n "$shlibpath"; then
+	  eval "$shlibpath_var='$shlibpath\$$shlibpath_var'; export $shlibpath_var"
+	fi
+
+	# Get the real and link names of the library.
+	eval shared_ext=\"$shrext_cmds\"
+	eval library_names=\"$library_names_spec\"
+	set dummy $library_names
+	shift
+	realname="$1"
+	shift
+
+	if test -n "$soname_spec"; then
+	  eval soname=\"$soname_spec\"
+	else
+	  soname="$realname"
+	fi
+	if test -z "$dlname"; then
+	  dlname=$soname
+	fi
+
+	lib="$output_objdir/$realname"
+	linknames=
+	for link
+	do
+	  linknames="$linknames $link"
+	done
+
+	# Use standard objects if they are pic
+	test -z "$pic_flag" && libobjs=`$ECHO "X$libobjs" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	test "X$libobjs" = "X " && libobjs=
+
+	delfiles=
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  $opt_dry_run || cp "$export_symbols" "$output_objdir/$libname.uexp"
+	  export_symbols="$output_objdir/$libname.uexp"
+	  delfiles="$delfiles $export_symbols"
+	fi
+
+	orig_export_symbols=
+	case $host_os in
+	cygwin* | mingw* | cegcc*)
+	  if test -n "$export_symbols" && test -z "$export_symbols_regex"; then
+	    # exporting using user supplied symfile
+	    if test "x`$SED 1q $export_symbols`" != xEXPORTS; then
+	      # and it's NOT already a .def file. Must figure out
+	      # which of the given symbols are data symbols and tag
+	      # them as such. So, trigger use of export_symbols_cmds.
+	      # export_symbols gets reassigned inside the "prepare
+	      # the list of exported symbols" if statement, so the
+	      # include_expsyms logic still works.
+	      orig_export_symbols="$export_symbols"
+	      export_symbols=
+	      always_export_symbols=yes
+	    fi
+	  fi
+	  ;;
+	esac
+
+	# Prepare the list of exported symbols
+	if test -z "$export_symbols"; then
+	  if test "$always_export_symbols" = yes || test -n "$export_symbols_regex"; then
+	    func_verbose "generating symbol list for \`$libname.la'"
+	    export_symbols="$output_objdir/$libname.exp"
+	    $opt_dry_run || $RM $export_symbols
+	    cmds=$export_symbols_cmds
+	    save_ifs="$IFS"; IFS='~'
+	    for cmd in $cmds; do
+	      IFS="$save_ifs"
+	      eval cmd=\"$cmd\"
+	      func_len " $cmd"
+	      len=$func_len_result
+	      if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+		func_show_eval "$cmd" 'exit $?'
+		skipped_export=false
+	      else
+		# The command line is too long to execute in one step.
+		func_verbose "using reloadable object file for export list..."
+		skipped_export=:
+		# Break out early, otherwise skipped_export may be
+		# set to false by a later but shorter cmd.
+		break
+	      fi
+	    done
+	    IFS="$save_ifs"
+	    if test -n "$export_symbols_regex" && test "X$skipped_export" != "X:"; then
+	      func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+	fi
+
+	if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	  tmp_export_symbols="$export_symbols"
+	  test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+	  $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+	fi
+
+	if test "X$skipped_export" != "X:" && test -n "$orig_export_symbols"; then
+	  # The given exports_symbols file has to be filtered, so filter it.
+	  func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+	  # FIXME: $output_objdir/$libname.filter potentially contains lots of
+	  # 's' commands which not all seds can handle. GNU sed should be fine
+	  # though. Also, the filter scales superlinearly with the number of
+	  # global variables. join(1) would be nice here, but unfortunately
+	  # isn't a blessed tool.
+	  $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+	  delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+	  export_symbols=$output_objdir/$libname.def
+	  $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+	fi
+
+	tmp_deplibs=
+	for test_deplib in $deplibs; do
+	  case " $convenience " in
+	  *" $test_deplib "*) ;;
+	  *)
+	    tmp_deplibs="$tmp_deplibs $test_deplib"
+	    ;;
+	  esac
+	done
+	deplibs="$tmp_deplibs"
+
+	if test -n "$convenience"; then
+	  if test -n "$whole_archive_flag_spec" &&
+	    test "$compiler_needs_object" = yes &&
+	    test -z "$libobjs"; then
+	    # extract the archives, so we have objects to list.
+	    # TODO: could optimize this to just extract one archive.
+	    whole_archive_flag_spec=
+	  fi
+	  if test -n "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	    test "X$libobjs" = "X " && libobjs=
+	  else
+	    gentop="$output_objdir/${outputname}x"
+	    generated="$generated $gentop"
+
+	    func_extract_archives $gentop $convenience
+	    libobjs="$libobjs $func_extract_archives_result"
+	    test "X$libobjs" = "X " && libobjs=
+	  fi
+	fi
+
+	if test "$thread_safe" = yes && test -n "$thread_safe_flag_spec"; then
+	  eval flag=\"$thread_safe_flag_spec\"
+	  linker_flags="$linker_flags $flag"
+	fi
+
+	# Make a backup of the uninstalled library when relinking
+	if test "$mode" = relink; then
+	  $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}U && $MV $realname ${realname}U)' || exit $?
+	fi
+
+	# Do each of the archive commands.
+	if test "$module" = yes && test -n "$module_cmds" ; then
+	  if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	    eval test_cmds=\"$module_expsym_cmds\"
+	    cmds=$module_expsym_cmds
+	  else
+	    eval test_cmds=\"$module_cmds\"
+	    cmds=$module_cmds
+	  fi
+	else
+	  if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	    eval test_cmds=\"$archive_expsym_cmds\"
+	    cmds=$archive_expsym_cmds
+	  else
+	    eval test_cmds=\"$archive_cmds\"
+	    cmds=$archive_cmds
+	  fi
+	fi
+
+	if test "X$skipped_export" != "X:" &&
+	   func_len " $test_cmds" &&
+	   len=$func_len_result &&
+	   test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  :
+	else
+	  # The command line is too long to link in one step, link piecewise
+	  # or, if using GNU ld and skipped_export is not :, use a linker
+	  # script.
+
+	  # Save the value of $output and $libobjs because we want to
+	  # use them later.  If we have whole_archive_flag_spec, we
+	  # want to use save_libobjs as it was before
+	  # whole_archive_flag_spec was expanded, because we can't
+	  # assume the linker understands whole_archive_flag_spec.
+	  # This may have to be revisited, in case too many
+	  # convenience libraries get linked in and end up exceeding
+	  # the spec.
+	  if test -z "$convenience" || test -z "$whole_archive_flag_spec"; then
+	    save_libobjs=$libobjs
+	  fi
+	  save_output=$output
+	  output_la=`$ECHO "X$output" | $Xsed -e "$basename"`
+
+	  # Clear the reloadable object creation command queue and
+	  # initialize k to one.
+	  test_cmds=
+	  concat_cmds=
+	  objlist=
+	  last_robj=
+	  k=1
+
+	  if test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "$with_gnu_ld" = yes; then
+	    output=${output_objdir}/${output_la}.lnkscript
+	    func_verbose "creating GNU ld script: $output"
+	    $ECHO 'INPUT (' > $output
+	    for obj in $save_libobjs
+	    do
+	      $ECHO "$obj" >> $output
+	    done
+	    $ECHO ')' >> $output
+	    delfiles="$delfiles $output"
+	  elif test -n "$save_libobjs" && test "X$skipped_export" != "X:" && test "X$file_list_spec" != X; then
+	    output=${output_objdir}/${output_la}.lnk
+	    func_verbose "creating linker input file list: $output"
+	    : > $output
+	    set x $save_libobjs
+	    shift
+	    firstobj=
+	    if test "$compiler_needs_object" = yes; then
+	      firstobj="$1 "
+	      shift
+	    fi
+	    for obj
+	    do
+	      $ECHO "$obj" >> $output
+	    done
+	    delfiles="$delfiles $output"
+	    output=$firstobj\"$file_list_spec$output\"
+	  else
+	    if test -n "$save_libobjs"; then
+	      func_verbose "creating reloadable object files..."
+	      output=$output_objdir/$output_la-${k}.$objext
+	      eval test_cmds=\"$reload_cmds\"
+	      func_len " $test_cmds"
+	      len0=$func_len_result
+	      len=$len0
+
+	      # Loop over the list of objects to be linked.
+	      for obj in $save_libobjs
+	      do
+		func_len " $obj"
+		func_arith $len + $func_len_result
+		len=$func_arith_result
+		if test "X$objlist" = X ||
+		   test "$len" -lt "$max_cmd_len"; then
+		  func_append objlist " $obj"
+		else
+		  # The command $test_cmds is almost too long, add a
+		  # command to the queue.
+		  if test "$k" -eq 1 ; then
+		    # The first file doesn't have a previous command to add.
+		    eval concat_cmds=\"$reload_cmds $objlist $last_robj\"
+		  else
+		    # All subsequent reloadable object files will link in
+		    # the last one created.
+		    eval concat_cmds=\"\$concat_cmds~$reload_cmds $objlist $last_robj~\$RM $last_robj\"
+		  fi
+		  last_robj=$output_objdir/$output_la-${k}.$objext
+		  func_arith $k + 1
+		  k=$func_arith_result
+		  output=$output_objdir/$output_la-${k}.$objext
+		  objlist=$obj
+		  func_len " $last_robj"
+		  func_arith $len0 + $func_len_result
+		  len=$func_arith_result
+		fi
+	      done
+	      # Handle the remaining objects by creating one last
+	      # reloadable object file.  All subsequent reloadable object
+	      # files will link in the last one created.
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\${concat_cmds}$reload_cmds $objlist $last_robj\"
+	      if test -n "$last_robj"; then
+	        eval concat_cmds=\"\${concat_cmds}~\$RM $last_robj\"
+	      fi
+	      delfiles="$delfiles $output"
+
+	    else
+	      output=
+	    fi
+
+	    if ${skipped_export-false}; then
+	      func_verbose "generating symbol list for \`$libname.la'"
+	      export_symbols="$output_objdir/$libname.exp"
+	      $opt_dry_run || $RM $export_symbols
+	      libobjs=$output
+	      # Append the command to create the export file.
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\$concat_cmds$export_symbols_cmds\"
+	      if test -n "$last_robj"; then
+		eval concat_cmds=\"\$concat_cmds~\$RM $last_robj\"
+	      fi
+	    fi
+
+	    test -n "$save_libobjs" &&
+	      func_verbose "creating a temporary reloadable object file: $output"
+
+	    # Loop through the commands generated above and execute them.
+	    save_ifs="$IFS"; IFS='~'
+	    for cmd in $concat_cmds; do
+	      IFS="$save_ifs"
+	      $opt_silent || {
+		  func_quote_for_expand "$cmd"
+		  eval "func_echo $func_quote_for_expand_result"
+	      }
+	      $opt_dry_run || eval "$cmd" || {
+		lt_exit=$?
+
+		# Restore the uninstalled library and exit
+		if test "$mode" = relink; then
+		  ( cd "$output_objdir" && \
+		    $RM "${realname}T" && \
+		    $MV "${realname}U" "$realname" )
+		fi
+
+		exit $lt_exit
+	      }
+	    done
+	    IFS="$save_ifs"
+
+	    if test -n "$export_symbols_regex" && ${skipped_export-false}; then
+	      func_show_eval '$EGREP -e "$export_symbols_regex" "$export_symbols" > "${export_symbols}T"'
+	      func_show_eval '$MV "${export_symbols}T" "$export_symbols"'
+	    fi
+	  fi
+
+          if ${skipped_export-false}; then
+	    if test -n "$export_symbols" && test -n "$include_expsyms"; then
+	      tmp_export_symbols="$export_symbols"
+	      test -n "$orig_export_symbols" && tmp_export_symbols="$orig_export_symbols"
+	      $opt_dry_run || eval '$ECHO "X$include_expsyms" | $Xsed | $SP2NL >> "$tmp_export_symbols"'
+	    fi
+
+	    if test -n "$orig_export_symbols"; then
+	      # The given exports_symbols file has to be filtered, so filter it.
+	      func_verbose "filter symbol list for \`$libname.la' to tag DATA exports"
+	      # FIXME: $output_objdir/$libname.filter potentially contains lots of
+	      # 's' commands which not all seds can handle. GNU sed should be fine
+	      # though. Also, the filter scales superlinearly with the number of
+	      # global variables. join(1) would be nice here, but unfortunately
+	      # isn't a blessed tool.
+	      $opt_dry_run || $SED -e '/[ ,]DATA/!d;s,\(.*\)\([ \,].*\),s|^\1$|\1\2|,' < $export_symbols > $output_objdir/$libname.filter
+	      delfiles="$delfiles $export_symbols $output_objdir/$libname.filter"
+	      export_symbols=$output_objdir/$libname.def
+	      $opt_dry_run || $SED -f $output_objdir/$libname.filter < $orig_export_symbols > $export_symbols
+	    fi
+	  fi
+
+	  libobjs=$output
+	  # Restore the value of output.
+	  output=$save_output
+
+	  if test -n "$convenience" && test -n "$whole_archive_flag_spec"; then
+	    eval libobjs=\"\$libobjs $whole_archive_flag_spec\"
+	    test "X$libobjs" = "X " && libobjs=
+	  fi
+	  # Expand the library linking commands again to reset the
+	  # value of $libobjs for piecewise linking.
+
+	  # Do each of the archive commands.
+	  if test "$module" = yes && test -n "$module_cmds" ; then
+	    if test -n "$export_symbols" && test -n "$module_expsym_cmds"; then
+	      cmds=$module_expsym_cmds
+	    else
+	      cmds=$module_cmds
+	    fi
+	  else
+	    if test -n "$export_symbols" && test -n "$archive_expsym_cmds"; then
+	      cmds=$archive_expsym_cmds
+	    else
+	      cmds=$archive_cmds
+	    fi
+	  fi
+	fi
+
+	if test -n "$delfiles"; then
+	  # Append the command to remove temporary files to $cmds.
+	  eval cmds=\"\$cmds~\$RM $delfiles\"
+	fi
+
+	# Add any objects from preloaded convenience libraries
+	if test -n "$dlprefiles"; then
+	  gentop="$output_objdir/${outputname}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $dlprefiles
+	  libobjs="$libobjs $func_extract_archives_result"
+	  test "X$libobjs" = "X " && libobjs=
+	fi
+
+	save_ifs="$IFS"; IFS='~'
+	for cmd in $cmds; do
+	  IFS="$save_ifs"
+	  eval cmd=\"$cmd\"
+	  $opt_silent || {
+	    func_quote_for_expand "$cmd"
+	    eval "func_echo $func_quote_for_expand_result"
+	  }
+	  $opt_dry_run || eval "$cmd" || {
+	    lt_exit=$?
+
+	    # Restore the uninstalled library and exit
+	    if test "$mode" = relink; then
+	      ( cd "$output_objdir" && \
+	        $RM "${realname}T" && \
+		$MV "${realname}U" "$realname" )
+	    fi
+
+	    exit $lt_exit
+	  }
+	done
+	IFS="$save_ifs"
+
+	# Restore the uninstalled library and exit
+	if test "$mode" = relink; then
+	  $opt_dry_run || eval '(cd $output_objdir && $RM ${realname}T && $MV $realname ${realname}T && $MV ${realname}U $realname)' || exit $?
+
+	  if test -n "$convenience"; then
+	    if test -z "$whole_archive_flag_spec"; then
+	      func_show_eval '${RM}r "$gentop"'
+	    fi
+	  fi
+
+	  exit $EXIT_SUCCESS
+	fi
+
+	# Create links to the real library.
+	for linkname in $linknames; do
+	  if test "$realname" != "$linkname"; then
+	    func_show_eval '(cd "$output_objdir" && $RM "$linkname" && $LN_S "$realname" "$linkname")' 'exit $?'
+	  fi
+	done
+
+	# If -module or -export-dynamic was specified, set the dlname.
+	if test "$module" = yes || test "$export_dynamic" = yes; then
+	  # On all known operating systems, these are identical.
+	  dlname="$soname"
+	fi
+      fi
+      ;;
+
+    obj)
+      if test -n "$dlfiles$dlprefiles" || test "$dlself" != no; then
+	func_warning "\`-dlopen' is ignored for objects"
+      fi
+
+      case " $deplibs" in
+      *\ -l* | *\ -L*)
+	func_warning "\`-l' and \`-L' are ignored for objects" ;;
+      esac
+
+      test -n "$rpath" && \
+	func_warning "\`-rpath' is ignored for objects"
+
+      test -n "$xrpath" && \
+	func_warning "\`-R' is ignored for objects"
+
+      test -n "$vinfo" && \
+	func_warning "\`-version-info' is ignored for objects"
+
+      test -n "$release" && \
+	func_warning "\`-release' is ignored for objects"
+
+      case $output in
+      *.lo)
+	test -n "$objs$old_deplibs" && \
+	  func_fatal_error "cannot build library object \`$output' from non-libtool objects"
+
+	libobj=$output
+	func_lo2o "$libobj"
+	obj=$func_lo2o_result
+	;;
+      *)
+	libobj=
+	obj="$output"
+	;;
+      esac
+
+      # Delete the old objects.
+      $opt_dry_run || $RM $obj $libobj
+
+      # Objects from convenience libraries.  This assumes
+      # single-version convenience libraries.  Whenever we create
+      # different ones for PIC/non-PIC, this we'll have to duplicate
+      # the extraction.
+      reload_conv_objs=
+      gentop=
+      # reload_cmds runs $LD directly, so let us get rid of
+      # -Wl from whole_archive_flag_spec and hope we can get by with
+      # turning comma into space..
+      wl=
+
+      if test -n "$convenience"; then
+	if test -n "$whole_archive_flag_spec"; then
+	  eval tmp_whole_archive_flags=\"$whole_archive_flag_spec\"
+	  reload_conv_objs=$reload_objs\ `$ECHO "X$tmp_whole_archive_flags" | $Xsed -e 's|,| |g'`
+	else
+	  gentop="$output_objdir/${obj}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $convenience
+	  reload_conv_objs="$reload_objs $func_extract_archives_result"
+	fi
+      fi
+
+      # Create the old-style object.
+      reload_objs="$objs$old_deplibs "`$ECHO "X$libobjs" | $SP2NL | $Xsed -e '/\.'${libext}$'/d' -e '/\.lib$/d' -e "$lo2o" | $NL2SP`" $reload_conv_objs" ### testsuite: skip nested quoting test
+
+      output="$obj"
+      func_execute_cmds "$reload_cmds" 'exit $?'
+
+      # Exit if we aren't doing a library object file.
+      if test -z "$libobj"; then
+	if test -n "$gentop"; then
+	  func_show_eval '${RM}r "$gentop"'
+	fi
+
+	exit $EXIT_SUCCESS
+      fi
+
+      if test "$build_libtool_libs" != yes; then
+	if test -n "$gentop"; then
+	  func_show_eval '${RM}r "$gentop"'
+	fi
+
+	# Create an invalid libtool object if no PIC, so that we don't
+	# accidentally link it into a program.
+	# $show "echo timestamp > $libobj"
+	# $opt_dry_run || eval "echo timestamp > $libobj" || exit $?
+	exit $EXIT_SUCCESS
+      fi
+
+      if test -n "$pic_flag" || test "$pic_mode" != default; then
+	# Only do commands if we really have different PIC objects.
+	reload_objs="$libobjs $reload_conv_objs"
+	output="$libobj"
+	func_execute_cmds "$reload_cmds" 'exit $?'
+      fi
+
+      if test -n "$gentop"; then
+	func_show_eval '${RM}r "$gentop"'
+      fi
+
+      exit $EXIT_SUCCESS
+      ;;
+
+    prog)
+      case $host in
+	*cygwin*) func_stripname '' '.exe' "$output"
+	          output=$func_stripname_result.exe;;
+      esac
+      test -n "$vinfo" && \
+	func_warning "\`-version-info' is ignored for programs"
+
+      test -n "$release" && \
+	func_warning "\`-release' is ignored for programs"
+
+      test "$preload" = yes \
+        && test "$dlopen_support" = unknown \
+	&& test "$dlopen_self" = unknown \
+	&& test "$dlopen_self_static" = unknown && \
+	  func_warning "\`LT_INIT([dlopen])' not used. Assuming no dlopen support."
+
+      case $host in
+      *-*-rhapsody* | *-*-darwin1.[012])
+	# On Rhapsody replace the C library is the System framework
+	compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+	finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's/ -lc / System.ltframework /'`
+	;;
+      esac
+
+      case $host in
+      *-*-darwin*)
+	# Don't allow lazy linking, it breaks C++ global constructors
+	# But is supposedly fixed on 10.4 or later (yay!).
+	if test "$tagname" = CXX ; then
+	  case ${MACOSX_DEPLOYMENT_TARGET-10.0} in
+	    10.[0123])
+	      compile_command="$compile_command ${wl}-bind_at_load"
+	      finalize_command="$finalize_command ${wl}-bind_at_load"
+	    ;;
+	  esac
+	fi
+	# Time to change all our "foo.ltframework" stuff back to "-framework foo"
+	compile_deplibs=`$ECHO "X $compile_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	finalize_deplibs=`$ECHO "X $finalize_deplibs" | $Xsed -e 's% \([^ $]*\).ltframework% -framework \1%g'`
+	;;
+      esac
+
+
+      # move library search paths that coincide with paths to not yet
+      # installed libraries to the beginning of the library search list
+      new_libs=
+      for path in $notinst_path; do
+	case " $new_libs " in
+	*" -L$path/$objdir "*) ;;
+	*)
+	  case " $compile_deplibs " in
+	  *" -L$path/$objdir "*)
+	    new_libs="$new_libs -L$path/$objdir" ;;
+	  esac
+	  ;;
+	esac
+      done
+      for deplib in $compile_deplibs; do
+	case $deplib in
+	-L*)
+	  case " $new_libs " in
+	  *" $deplib "*) ;;
+	  *) new_libs="$new_libs $deplib" ;;
+	  esac
+	  ;;
+	*) new_libs="$new_libs $deplib" ;;
+	esac
+      done
+      compile_deplibs="$new_libs"
+
+
+      compile_command="$compile_command $compile_deplibs"
+      finalize_command="$finalize_command $finalize_deplibs"
+
+      if test -n "$rpath$xrpath"; then
+	# If the user specified any rpath flags, then add them.
+	for libdir in $rpath $xrpath; do
+	  # This is the magic to use -rpath.
+	  case "$finalize_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_rpath="$finalize_rpath $libdir" ;;
+	  esac
+	done
+      fi
+
+      # Now hardcode the library paths
+      rpath=
+      hardcode_libdirs=
+      for libdir in $compile_rpath $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs="$libdir"
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    rpath="$rpath $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) perm_rpath="$perm_rpath $libdir" ;;
+	  esac
+	fi
+	case $host in
+	*-*-cygwin* | *-*-mingw* | *-*-pw32* | *-*-os2* | *-cegcc*)
+	  testbindir=`${ECHO} "$libdir" | ${SED} -e 's*/lib$*/bin*'`
+	  case :$dllsearchpath: in
+	  *":$libdir:"*) ;;
+	  ::) dllsearchpath=$libdir;;
+	  *) dllsearchpath="$dllsearchpath:$libdir";;
+	  esac
+	  case :$dllsearchpath: in
+	  *":$testbindir:"*) ;;
+	  ::) dllsearchpath=$testbindir;;
+	  *) dllsearchpath="$dllsearchpath:$testbindir";;
+	  esac
+	  ;;
+	esac
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir="$hardcode_libdirs"
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      compile_rpath="$rpath"
+
+      rpath=
+      hardcode_libdirs=
+      for libdir in $finalize_rpath; do
+	if test -n "$hardcode_libdir_flag_spec"; then
+	  if test -n "$hardcode_libdir_separator"; then
+	    if test -z "$hardcode_libdirs"; then
+	      hardcode_libdirs="$libdir"
+	    else
+	      # Just accumulate the unique libdirs.
+	      case $hardcode_libdir_separator$hardcode_libdirs$hardcode_libdir_separator in
+	      *"$hardcode_libdir_separator$libdir$hardcode_libdir_separator"*)
+		;;
+	      *)
+		hardcode_libdirs="$hardcode_libdirs$hardcode_libdir_separator$libdir"
+		;;
+	      esac
+	    fi
+	  else
+	    eval flag=\"$hardcode_libdir_flag_spec\"
+	    rpath="$rpath $flag"
+	  fi
+	elif test -n "$runpath_var"; then
+	  case "$finalize_perm_rpath " in
+	  *" $libdir "*) ;;
+	  *) finalize_perm_rpath="$finalize_perm_rpath $libdir" ;;
+	  esac
+	fi
+      done
+      # Substitute the hardcoded libdirs into the rpath.
+      if test -n "$hardcode_libdir_separator" &&
+	 test -n "$hardcode_libdirs"; then
+	libdir="$hardcode_libdirs"
+	eval rpath=\" $hardcode_libdir_flag_spec\"
+      fi
+      finalize_rpath="$rpath"
+
+      if test -n "$libobjs" && test "$build_old_libs" = yes; then
+	# Transform all the library objects into standard objects.
+	compile_command=`$ECHO "X$compile_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+	finalize_command=`$ECHO "X$finalize_command" | $SP2NL | $Xsed -e "$lo2o" | $NL2SP`
+      fi
+
+      func_generate_dlsyms "$outputname" "@PROGRAM@" "no"
+
+      # template prelinking step
+      if test -n "$prelink_cmds"; then
+	func_execute_cmds "$prelink_cmds" 'exit $?'
+      fi
+
+      wrappers_required=yes
+      case $host in
+      *cygwin* | *mingw* )
+        if test "$build_libtool_libs" != yes; then
+          wrappers_required=no
+        fi
+        ;;
+      *cegcc)
+        # Disable wrappers for cegcc, we are cross compiling anyway.
+        wrappers_required=no
+        ;;
+      *)
+        if test "$need_relink" = no || test "$build_libtool_libs" != yes; then
+          wrappers_required=no
+        fi
+        ;;
+      esac
+      if test "$wrappers_required" = no; then
+	# Replace the output file specification.
+	compile_command=`$ECHO "X$compile_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	link_command="$compile_command$compile_rpath"
+
+	# We have no uninstalled library dependencies, so finalize right now.
+	exit_status=0
+	func_show_eval "$link_command" 'exit_status=$?'
+
+	# Delete the generated files.
+	if test -f "$output_objdir/${outputname}S.${objext}"; then
+	  func_show_eval '$RM "$output_objdir/${outputname}S.${objext}"'
+	fi
+
+	exit $exit_status
+      fi
+
+      if test -n "$compile_shlibpath$finalize_shlibpath"; then
+	compile_command="$shlibpath_var=\"$compile_shlibpath$finalize_shlibpath\$$shlibpath_var\" $compile_command"
+      fi
+      if test -n "$finalize_shlibpath"; then
+	finalize_command="$shlibpath_var=\"$finalize_shlibpath\$$shlibpath_var\" $finalize_command"
+      fi
+
+      compile_var=
+      finalize_var=
+      if test -n "$runpath_var"; then
+	if test -n "$perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $perm_rpath; do
+	    rpath="$rpath$dir:"
+	  done
+	  compile_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+	if test -n "$finalize_perm_rpath"; then
+	  # We should set the runpath_var.
+	  rpath=
+	  for dir in $finalize_perm_rpath; do
+	    rpath="$rpath$dir:"
+	  done
+	  finalize_var="$runpath_var=\"$rpath\$$runpath_var\" "
+	fi
+      fi
+
+      if test "$no_install" = yes; then
+	# We don't need to create a wrapper script.
+	link_command="$compile_var$compile_command$compile_rpath"
+	# Replace the output file specification.
+	link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output"'%g'`
+	# Delete the old output file.
+	$opt_dry_run || $RM $output
+	# Link the executable and exit
+	func_show_eval "$link_command" 'exit $?'
+	exit $EXIT_SUCCESS
+      fi
+
+      if test "$hardcode_action" = relink; then
+	# Fast installation is not supported
+	link_command="$compile_var$compile_command$compile_rpath"
+	relink_command="$finalize_var$finalize_command$finalize_rpath"
+
+	func_warning "this platform does not like uninstalled shared libraries"
+	func_warning "\`$output' will be relinked during installation"
+      else
+	if test "$fast_install" != no; then
+	  link_command="$finalize_var$compile_command$finalize_rpath"
+	  if test "$fast_install" = yes; then
+	    relink_command=`$ECHO "X$compile_var$compile_command$compile_rpath" | $Xsed -e 's%@OUTPUT@%\$progdir/\$file%g'`
+	  else
+	    # fast_install is set to needless
+	    relink_command=
+	  fi
+	else
+	  link_command="$compile_var$compile_command$compile_rpath"
+	  relink_command="$finalize_var$finalize_command$finalize_rpath"
+	fi
+      fi
+
+      # Replace the output file specification.
+      link_command=`$ECHO "X$link_command" | $Xsed -e 's%@OUTPUT@%'"$output_objdir/$outputname"'%g'`
+
+      # Delete the old output files.
+      $opt_dry_run || $RM $output $output_objdir/$outputname $output_objdir/lt-$outputname
+
+      func_show_eval "$link_command" 'exit $?'
+
+      # Now create the wrapper script.
+      func_verbose "creating $output"
+
+      # Quote the relink command for shipping.
+      if test -n "$relink_command"; then
+	# Preserve any variables that may affect compiler behavior
+	for var in $variables_saved_for_relink; do
+	  if eval test -z \"\${$var+set}\"; then
+	    relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+	  elif eval var_value=\$$var; test -z "$var_value"; then
+	    relink_command="$var=; export $var; $relink_command"
+	  else
+	    func_quote_for_eval "$var_value"
+	    relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	  fi
+	done
+	relink_command="(cd `pwd`; $relink_command)"
+	relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      fi
+
+      # Quote $ECHO for shipping.
+      if test "X$ECHO" = "X$SHELL $progpath --fallback-echo"; then
+	case $progpath in
+	[\\/]* | [A-Za-z]:[\\/]*) qecho="$SHELL $progpath --fallback-echo";;
+	*) qecho="$SHELL `pwd`/$progpath --fallback-echo";;
+	esac
+	qecho=`$ECHO "X$qecho" | $Xsed -e "$sed_quote_subst"`
+      else
+	qecho=`$ECHO "X$ECHO" | $Xsed -e "$sed_quote_subst"`
+      fi
+
+      # Only actually do things if not in dry run mode.
+      $opt_dry_run || {
+	# win32 will think the script is a binary if it has
+	# a .exe suffix, so we strip it off here.
+	case $output in
+	  *.exe) func_stripname '' '.exe' "$output"
+	         output=$func_stripname_result ;;
+	esac
+	# test for cygwin because mv fails w/o .exe extensions
+	case $host in
+	  *cygwin*)
+	    exeext=.exe
+	    func_stripname '' '.exe' "$outputname"
+	    outputname=$func_stripname_result ;;
+	  *) exeext= ;;
+	esac
+	case $host in
+	  *cygwin* | *mingw* )
+	    func_dirname_and_basename "$output" "" "."
+	    output_name=$func_basename_result
+	    output_path=$func_dirname_result
+	    cwrappersource="$output_path/$objdir/lt-$output_name.c"
+	    cwrapper="$output_path/$output_name.exe"
+	    $RM $cwrappersource $cwrapper
+	    trap "$RM $cwrappersource $cwrapper; exit $EXIT_FAILURE" 1 2 15
+
+	    func_emit_cwrapperexe_src > $cwrappersource
+
+	    # The wrapper executable is built using the $host compiler,
+	    # because it contains $host paths and files. If cross-
+	    # compiling, it, like the target executable, must be
+	    # executed on the $host or under an emulation environment.
+	    $opt_dry_run || {
+	      $LTCC $LTCFLAGS -o $cwrapper $cwrappersource
+	      $STRIP $cwrapper
+	    }
+
+	    # Now, create the wrapper script for func_source use:
+	    func_ltwrapper_scriptname $cwrapper
+	    $RM $func_ltwrapper_scriptname_result
+	    trap "$RM $func_ltwrapper_scriptname_result; exit $EXIT_FAILURE" 1 2 15
+	    $opt_dry_run || {
+	      # note: this script will not be executed, so do not chmod.
+	      if test "x$build" = "x$host" ; then
+		$cwrapper --lt-dump-script > $func_ltwrapper_scriptname_result
+	      else
+		func_emit_wrapper no > $func_ltwrapper_scriptname_result
+	      fi
+	    }
+	  ;;
+	  * )
+	    $RM $output
+	    trap "$RM $output; exit $EXIT_FAILURE" 1 2 15
+
+	    func_emit_wrapper no > $output
+	    chmod +x $output
+	  ;;
+	esac
+      }
+      exit $EXIT_SUCCESS
+      ;;
+    esac
+
+    # See if we need to build an old-fashioned archive.
+    for oldlib in $oldlibs; do
+
+      if test "$build_libtool_libs" = convenience; then
+	oldobjs="$libobjs_save $symfileobj"
+	addlibs="$convenience"
+	build_libtool_libs=no
+      else
+	if test "$build_libtool_libs" = module; then
+	  oldobjs="$libobjs_save"
+	  build_libtool_libs=no
+	else
+	  oldobjs="$old_deplibs $non_pic_objects"
+	  if test "$preload" = yes && test -f "$symfileobj"; then
+	    oldobjs="$oldobjs $symfileobj"
+	  fi
+	fi
+	addlibs="$old_convenience"
+      fi
+
+      if test -n "$addlibs"; then
+	gentop="$output_objdir/${outputname}x"
+	generated="$generated $gentop"
+
+	func_extract_archives $gentop $addlibs
+	oldobjs="$oldobjs $func_extract_archives_result"
+      fi
+
+      # Do each command in the archive commands.
+      if test -n "$old_archive_from_new_cmds" && test "$build_libtool_libs" = yes; then
+	cmds=$old_archive_from_new_cmds
+      else
+
+	# Add any objects from preloaded convenience libraries
+	if test -n "$dlprefiles"; then
+	  gentop="$output_objdir/${outputname}x"
+	  generated="$generated $gentop"
+
+	  func_extract_archives $gentop $dlprefiles
+	  oldobjs="$oldobjs $func_extract_archives_result"
+	fi
+
+	# POSIX demands no paths to be encoded in archives.  We have
+	# to avoid creating archives with duplicate basenames if we
+	# might have to extract them afterwards, e.g., when creating a
+	# static archive out of a convenience library, or when linking
+	# the entirety of a libtool archive into another (currently
+	# not supported by libtool).
+	if (for obj in $oldobjs
+	    do
+	      func_basename "$obj"
+	      $ECHO "$func_basename_result"
+	    done | sort | sort -uc >/dev/null 2>&1); then
+	  :
+	else
+	  $ECHO "copying selected object files to avoid basename conflicts..."
+	  gentop="$output_objdir/${outputname}x"
+	  generated="$generated $gentop"
+	  func_mkdir_p "$gentop"
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  counter=1
+	  for obj in $save_oldobjs
+	  do
+	    func_basename "$obj"
+	    objbase="$func_basename_result"
+	    case " $oldobjs " in
+	    " ") oldobjs=$obj ;;
+	    *[\ /]"$objbase "*)
+	      while :; do
+		# Make sure we don't pick an alternate name that also
+		# overlaps.
+		newobj=lt$counter-$objbase
+		func_arith $counter + 1
+		counter=$func_arith_result
+		case " $oldobjs " in
+		*[\ /]"$newobj "*) ;;
+		*) if test ! -f "$gentop/$newobj"; then break; fi ;;
+		esac
+	      done
+	      func_show_eval "ln $obj $gentop/$newobj || cp $obj $gentop/$newobj"
+	      oldobjs="$oldobjs $gentop/$newobj"
+	      ;;
+	    *) oldobjs="$oldobjs $obj" ;;
+	    esac
+	  done
+	fi
+	eval cmds=\"$old_archive_cmds\"
+
+	func_len " $cmds"
+	len=$func_len_result
+	if test "$len" -lt "$max_cmd_len" || test "$max_cmd_len" -le -1; then
+	  cmds=$old_archive_cmds
+	else
+	  # the command line is too long to link in one step, link in parts
+	  func_verbose "using piecewise archive linking..."
+	  save_RANLIB=$RANLIB
+	  RANLIB=:
+	  objlist=
+	  concat_cmds=
+	  save_oldobjs=$oldobjs
+	  oldobjs=
+	  # Is there a better way of finding the last object in the list?
+	  for obj in $save_oldobjs
+	  do
+	    last_oldobj=$obj
+	  done
+	  eval test_cmds=\"$old_archive_cmds\"
+	  func_len " $test_cmds"
+	  len0=$func_len_result
+	  len=$len0
+	  for obj in $save_oldobjs
+	  do
+	    func_len " $obj"
+	    func_arith $len + $func_len_result
+	    len=$func_arith_result
+	    func_append objlist " $obj"
+	    if test "$len" -lt "$max_cmd_len"; then
+	      :
+	    else
+	      # the above command should be used before it gets too long
+	      oldobjs=$objlist
+	      if test "$obj" = "$last_oldobj" ; then
+		RANLIB=$save_RANLIB
+	      fi
+	      test -z "$concat_cmds" || concat_cmds=$concat_cmds~
+	      eval concat_cmds=\"\${concat_cmds}$old_archive_cmds\"
+	      objlist=
+	      len=$len0
+	    fi
+	  done
+	  RANLIB=$save_RANLIB
+	  oldobjs=$objlist
+	  if test "X$oldobjs" = "X" ; then
+	    eval cmds=\"\$concat_cmds\"
+	  else
+	    eval cmds=\"\$concat_cmds~\$old_archive_cmds\"
+	  fi
+	fi
+      fi
+      func_execute_cmds "$cmds" 'exit $?'
+    done
+
+    test -n "$generated" && \
+      func_show_eval "${RM}r$generated"
+
+    # Now create the libtool archive.
+    case $output in
+    *.la)
+      old_library=
+      test "$build_old_libs" = yes && old_library="$libname.$libext"
+      func_verbose "creating $output"
+
+      # Preserve any variables that may affect compiler behavior
+      for var in $variables_saved_for_relink; do
+	if eval test -z \"\${$var+set}\"; then
+	  relink_command="{ test -z \"\${$var+set}\" || $lt_unset $var || { $var=; export $var; }; }; $relink_command"
+	elif eval var_value=\$$var; test -z "$var_value"; then
+	  relink_command="$var=; export $var; $relink_command"
+	else
+	  func_quote_for_eval "$var_value"
+	  relink_command="$var=$func_quote_for_eval_result; export $var; $relink_command"
+	fi
+      done
+      # Quote the link command for shipping.
+      relink_command="(cd `pwd`; $SHELL $progpath $preserve_args --mode=relink $libtool_args @inst_prefix_dir@)"
+      relink_command=`$ECHO "X$relink_command" | $Xsed -e "$sed_quote_subst"`
+      if test "$hardcode_automatic" = yes ; then
+	relink_command=
+      fi
+
+      # Only create the output if not a dry run.
+      $opt_dry_run || {
+	for installed in no yes; do
+	  if test "$installed" = yes; then
+	    if test -z "$install_libdir"; then
+	      break
+	    fi
+	    output="$output_objdir/$outputname"i
+	    # Replace all uninstalled libtool libraries with the installed ones
+	    newdependency_libs=
+	    for deplib in $dependency_libs; do
+	      case $deplib in
+	      *.la)
+		func_basename "$deplib"
+		name="$func_basename_result"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $deplib`
+		test -z "$libdir" && \
+		  func_fatal_error "\`$deplib' is not a valid libtool archive"
+		newdependency_libs="$newdependency_libs $libdir/$name"
+		;;
+	      *) newdependency_libs="$newdependency_libs $deplib" ;;
+	      esac
+	    done
+	    dependency_libs="$newdependency_libs"
+	    newdlfiles=
+
+	    for lib in $dlfiles; do
+	      case $lib in
+	      *.la)
+	        func_basename "$lib"
+		name="$func_basename_result"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+		test -z "$libdir" && \
+		  func_fatal_error "\`$lib' is not a valid libtool archive"
+		newdlfiles="$newdlfiles $libdir/$name"
+		;;
+	      *) newdlfiles="$newdlfiles $lib" ;;
+	      esac
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+	      *.la)
+		# Only pass preopened files to the pseudo-archive (for
+		# eventual linking with the app. that links it) if we
+		# didn't already link the preopened objects directly into
+		# the library:
+		func_basename "$lib"
+		name="$func_basename_result"
+		eval libdir=`${SED} -n -e 's/^libdir=\(.*\)$/\1/p' $lib`
+		test -z "$libdir" && \
+		  func_fatal_error "\`$lib' is not a valid libtool archive"
+		newdlprefiles="$newdlprefiles $libdir/$name"
+		;;
+	      esac
+	    done
+	    dlprefiles="$newdlprefiles"
+	  else
+	    newdlfiles=
+	    for lib in $dlfiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlfiles="$newdlfiles $abs"
+	    done
+	    dlfiles="$newdlfiles"
+	    newdlprefiles=
+	    for lib in $dlprefiles; do
+	      case $lib in
+		[\\/]* | [A-Za-z]:[\\/]*) abs="$lib" ;;
+		*) abs=`pwd`"/$lib" ;;
+	      esac
+	      newdlprefiles="$newdlprefiles $abs"
+	    done
+	    dlprefiles="$newdlprefiles"
+	  fi
+	  $RM $output
+	  # place dlname in correct position for cygwin
+	  tdlname=$dlname
+	  case $host,$output,$installed,$module,$dlname in
+	    *cygwin*,*lai,yes,no,*.dll | *mingw*,*lai,yes,no,*.dll | *cegcc*,*lai,yes,no,*.dll) tdlname=../bin/$dlname ;;
+	  esac
+	  $ECHO > $output "\
+# $outputname - a libtool library file
+# Generated by $PROGRAM (GNU $PACKAGE$TIMESTAMP) $VERSION
+#
+# Please DO NOT delete this file!
+# It is necessary for linking the library.
+
+# The name that we can dlopen(3).
+dlname='$tdlname'
+
+# Names of this library.
+library_names='$library_names'
+
+# The name of the static archive.
+old_library='$old_library'
+
+# Linker flags that can not go in dependency_libs.
+inherited_linker_flags='$new_inherited_linker_flags'
+
+# Libraries that this one depends upon.
+dependency_libs='$dependency_libs'
+
+# Names of additional weak libraries provided by this library
+weak_library_names='$weak_libs'
+
+# Version information for $libname.
+current=$current
+age=$age
+revision=$revision
+
+# Is this an already installed library?
+installed=$installed
+
+# Should we warn about portability when linking against -modules?
+shouldnotlink=$module
+
+# Files to dlopen/dlpreopen
+dlopen='$dlfiles'
+dlpreopen='$dlprefiles'
+
+# Directory that this library needs to be installed in:
+libdir='$install_libdir'"
+	  if test "$installed" = no && test "$need_relink" = yes; then
+	    $ECHO >> $output "\
+relink_command=\"$relink_command\""
+	  fi
+	done
+      }
+
+      # Do a symbolic link so that the libtool archive can be found in
+      # LD_LIBRARY_PATH before the program is installed.
+      func_show_eval '( cd "$output_objdir" && $RM "$outputname" && $LN_S "../$outputname" "$outputname" )' 'exit $?'
+      ;;
+    esac
+    exit $EXIT_SUCCESS
+}
+
+{ test "$mode" = link || test "$mode" = relink; } &&
+    func_mode_link ${1+"$@"}
+
+
+# func_mode_uninstall arg...
+func_mode_uninstall ()
+{
+    $opt_debug
+    RM="$nonopt"
+    files=
+    rmforce=
+    exit_status=0
+
+    # This variable tells wrapper scripts just to set variables rather
+    # than running their programs.
+    libtool_install_magic="$magic"
+
+    for arg
+    do
+      case $arg in
+      -f) RM="$RM $arg"; rmforce=yes ;;
+      -*) RM="$RM $arg" ;;
+      *) files="$files $arg" ;;
+      esac
+    done
+
+    test -z "$RM" && \
+      func_fatal_help "you must specify an RM program"
+
+    rmdirs=
+
+    origobjdir="$objdir"
+    for file in $files; do
+      func_dirname "$file" "" "."
+      dir="$func_dirname_result"
+      if test "X$dir" = X.; then
+	objdir="$origobjdir"
+      else
+	objdir="$dir/$origobjdir"
+      fi
+      func_basename "$file"
+      name="$func_basename_result"
+      test "$mode" = uninstall && objdir="$dir"
+
+      # Remember objdir for removal later, being careful to avoid duplicates
+      if test "$mode" = clean; then
+	case " $rmdirs " in
+	  *" $objdir "*) ;;
+	  *) rmdirs="$rmdirs $objdir" ;;
+	esac
+      fi
+
+      # Don't error if the file doesn't exist and rm -f was used.
+      if { test -L "$file"; } >/dev/null 2>&1 ||
+	 { test -h "$file"; } >/dev/null 2>&1 ||
+	 test -f "$file"; then
+	:
+      elif test -d "$file"; then
+	exit_status=1
+	continue
+      elif test "$rmforce" = yes; then
+	continue
+      fi
+
+      rmfiles="$file"
+
+      case $name in
+      *.la)
+	# Possibly a libtool archive, so verify it.
+	if func_lalib_p "$file"; then
+	  func_source $dir/$name
+
+	  # Delete the libtool libraries and symlinks.
+	  for n in $library_names; do
+	    rmfiles="$rmfiles $objdir/$n"
+	  done
+	  test -n "$old_library" && rmfiles="$rmfiles $objdir/$old_library"
+
+	  case "$mode" in
+	  clean)
+	    case "  $library_names " in
+	    # "  " in the beginning catches empty $dlname
+	    *" $dlname "*) ;;
+	    *) rmfiles="$rmfiles $objdir/$dlname" ;;
+	    esac
+	    test -n "$libdir" && rmfiles="$rmfiles $objdir/$name $objdir/${name}i"
+	    ;;
+	  uninstall)
+	    if test -n "$library_names"; then
+	      # Do each command in the postuninstall commands.
+	      func_execute_cmds "$postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+	    fi
+
+	    if test -n "$old_library"; then
+	      # Do each command in the old_postuninstall commands.
+	      func_execute_cmds "$old_postuninstall_cmds" 'test "$rmforce" = yes || exit_status=1'
+	    fi
+	    # FIXME: should reinstall the best remaining shared library.
+	    ;;
+	  esac
+	fi
+	;;
+
+      *.lo)
+	# Possibly a libtool object, so verify it.
+	if func_lalib_p "$file"; then
+
+	  # Read the .lo file
+	  func_source $dir/$name
+
+	  # Add PIC object to the list of files to remove.
+	  if test -n "$pic_object" &&
+	     test "$pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$pic_object"
+	  fi
+
+	  # Add non-PIC object to the list of files to remove.
+	  if test -n "$non_pic_object" &&
+	     test "$non_pic_object" != none; then
+	    rmfiles="$rmfiles $dir/$non_pic_object"
+	  fi
+	fi
+	;;
+
+      *)
+	if test "$mode" = clean ; then
+	  noexename=$name
+	  case $file in
+	  *.exe)
+	    func_stripname '' '.exe' "$file"
+	    file=$func_stripname_result
+	    func_stripname '' '.exe' "$name"
+	    noexename=$func_stripname_result
+	    # $file with .exe has already been added to rmfiles,
+	    # add $file without .exe
+	    rmfiles="$rmfiles $file"
+	    ;;
+	  esac
+	  # Do a test to see if this is a libtool program.
+	  if func_ltwrapper_p "$file"; then
+	    if func_ltwrapper_executable_p "$file"; then
+	      func_ltwrapper_scriptname "$file"
+	      relink_command=
+	      func_source $func_ltwrapper_scriptname_result
+	      rmfiles="$rmfiles $func_ltwrapper_scriptname_result"
+	    else
+	      relink_command=
+	      func_source $dir/$noexename
+	    fi
+
+	    # note $name still contains .exe if it was in $file originally
+	    # as does the version of $file that was added into $rmfiles
+	    rmfiles="$rmfiles $objdir/$name $objdir/${name}S.${objext}"
+	    if test "$fast_install" = yes && test -n "$relink_command"; then
+	      rmfiles="$rmfiles $objdir/lt-$name"
+	    fi
+	    if test "X$noexename" != "X$name" ; then
+	      rmfiles="$rmfiles $objdir/lt-${noexename}.c"
+	    fi
+	  fi
+	fi
+	;;
+      esac
+      func_show_eval "$RM $rmfiles" 'exit_status=1'
+    done
+    objdir="$origobjdir"
+
+    # Try to remove the ${objdir}s in the directories where we deleted files
+    for dir in $rmdirs; do
+      if test -d "$dir"; then
+	func_show_eval "rmdir $dir >/dev/null 2>&1"
+      fi
+    done
+
+    exit $exit_status
+}
+
+{ test "$mode" = uninstall || test "$mode" = clean; } &&
+    func_mode_uninstall ${1+"$@"}
+
+test -z "$mode" && {
+  help="$generic_help"
+  func_fatal_help "you must specify a MODE"
+}
+
+test -z "$exec_cmd" && \
+  func_fatal_help "invalid operation mode \`$mode'"
+
+if test -n "$exec_cmd"; then
+  eval exec "$exec_cmd"
+  exit $EXIT_FAILURE
+fi
+
+exit $exit_status
+
+
+# The TAGs below are defined such that we never get into a situation
+# in which we disable both kinds of libraries.  Given conflicting
+# choices, we go for a static library, that is the most portable,
+# since we can't tell whether shared libraries were disabled because
+# the user asked for that or because the platform doesn't support
+# them.  This is particularly important on AIX, because we don't
+# support having both static and shared libraries enabled at the same
+# time on that platform, so we default to a shared-only configuration.
+# If a disable-shared tag is given, we'll fallback to a static-only
+# configuration.  But we'll never go from static-only to shared-only.
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-shared
+build_libtool_libs=no
+build_old_libs=yes
+# ### END LIBTOOL TAG CONFIG: disable-shared
+
+# ### BEGIN LIBTOOL TAG CONFIG: disable-static
+build_old_libs=`case $build_libtool_libs in yes) echo no;; *) echo yes;; esac`
+# ### END LIBTOOL TAG CONFIG: disable-static
+
+# Local Variables:
+# mode:shell-script
+# sh-indentation:2
+# End:
+# vi:sw=2
+
diff --git a/pki/base/tps/m4/apr.m4 b/pki/base/tps/m4/apr.m4
new file mode 100644
index 000000000..88c177b02
--- /dev/null
+++ b/pki/base/tps/m4/apr.m4
@@ -0,0 +1,345 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for Apr)
+
+# check for --with-apr
+AC_MSG_CHECKING(for --with-apr)
+AC_ARG_WITH(apr, [  --with-apr=PATH        Apr directory],
+[
+  if test -e "$withval"/include/apr-0/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    AC_MSG_RESULT([using $withval])
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-0"
+    apr_lib_version="apr-0"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        AC_MSG_ERROR([unconfigured platform $host])
+        ;;
+    esac
+  elif test -e "$withval"/include/apr-1/apr.h -a -d "$withval"/lib -a -d "$withval"/bin
+  then
+    AC_MSG_RESULT([using $withval])
+    APRDIR=$withval
+    apr_inc="-DAPRDIR -I$APRDIR/include -I$APRDIR/include/apr-1"
+    apr_lib_version="apr-1"
+    case $host in
+      *-*-linux*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib64"
+          apr_libdir="$APRDIR/lib64"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+        fi
+        apr_bindir="$APRDIR/bin"
+        ;;
+      sparc-sun-solaris*)
+        if test -n "$USE_64"
+        then
+          apr_lib="-L$APRDIR/lib/sparcv9"
+          apr_libdir="$APRDIR/lib/sparcv9"
+          apr_bindir="$APRDIR/bin/sparcv9"
+        else
+          apr_lib="-L$APRDIR/lib"
+          apr_libdir="$APRDIR/lib"
+          apr_bindir="$APRDIR/bin"
+        fi
+        ;;
+      *)
+        AC_MSG_ERROR([unconfigured platform $host])
+        ;;
+    esac
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apr-inc
+AC_MSG_CHECKING(for --with-apr-inc)
+AC_ARG_WITH(apr-inc, [  --with-apr-inc=PATH        Apr include file directory],
+[
+  if test -e "$withval"/apr.h
+  then
+    AC_MSG_RESULT([using $withval])
+    APRDIR=$withval/..
+    apr_inc="-DAPRDIR -I$withval/.. -I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apr-lib
+AC_MSG_CHECKING(for --with-apr-lib)
+AC_ARG_WITH(apr-lib, [  --with-apr-lib=PATH        Apr library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    apr_lib="-L$withval"
+    apr_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+  if test -e "$withval/libapr-0.so"
+  then
+    apr_lib_version="apr-0"
+  elif test -e "$withval/libapr-1.so"
+  then
+    apr_lib_version="apr-1"
+  else
+    AC_MSG_ERROR([libapr in $withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-apr-bin
+AC_MSG_CHECKING(for --with-apr-bin)
+AC_ARG_WITH(apr-bin, [  --with-apr-bin=PATH        Apr executables directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    apr_bindir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for Apr in well-known locations
+# e. g. - on certain platforms, check for the presence
+#         of a "Fortitude"-enabled web-server first
+AC_MSG_CHECKING(for APR in well-known locations)
+case $host in
+  *-*-linux*)
+    if test -f /usr/include/apr-0/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-0"
+    elif test -f /usr/include/apr-1/apr.h
+    then
+      apr_inc="-DAPRDIR -I/usr/include -I/usr/include/apr-1"
+    else
+      AC_MSG_ERROR([apr.h not found])
+    fi
+    if test -n "$USE_64"
+    then
+      if test -e /usr/lib64/libapr-0.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib64/libapr-1.so
+      then
+        apr_lib="-L/usr/lib64"
+        apr_libdir="/usr/lib64"
+        apr_lib_version="apr-1"
+      else
+        AC_MSG_ERROR([libapr not found])
+      fi
+    else
+      if test -e /usr/lib/libapr-0.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-0"
+      elif test -e /usr/lib/libapr-1.so
+      then
+        apr_lib="-L/usr/lib"
+        apr_libdir="/usr/lib"
+        apr_lib_version="apr-1"
+      else
+        AC_MSG_ERROR([libapr not found])
+      fi
+    fi
+    if test -x /usr/bin/apr-config
+    then
+      apr_bindir="/usr/bin"
+    elif test -x /usr/bin/apr-1-config
+    then
+      apr_bindir="/usr/bin"
+    else
+      AC_MSG_ERROR([apr-config or apr-1-config not found])
+    fi
+    AC_MSG_RESULT([using system Apr in /usr])
+    ;;
+  sparc-sun-solaris*)
+    if test -d /opt/fortitude
+    then
+      if test -f /opt/fortitude/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/opt/fortitude/include -I/opt/fortitude/include/apr-0"
+      else
+        AC_MSG_ERROR([/opt/fortitude/include/apr-0/apr.h not found])
+      fi
+      if test -n "$USE_64"
+      then
+        #############################################################
+        ###  NOTE:  The 64-bit Fortitude "sparcv9" libraries and  ###
+        ###         programs are now under "/opt/fortitude/lib"   ###
+        ###         and "/opt/fortitude/bin" rather than          ###
+        ###         "/opt/fortitude/lib/sparcv9" and              ###
+        ###         "/opt/fortitude/bin/sparcv9"!!!               ###
+        ###                                                       ###
+        ###         To help guard against any future movement     ###
+        ###         of any of these libraries and/or programs,    ###
+        ###         this m4 file will first check under the       ###
+        ###         "sparcv9" directory, and then the directory   ###
+        ###         immediately above the "sparcv9" directory.    ###
+        #############################################################
+        if test -e /opt/fortitude/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib/sparcv9"
+          apr_libdir="/opt/fortitude/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          if test -e /opt/fortitude/lib/libapr-0.so
+          then
+            apr_lib="-L/opt/fortitude/lib"
+            apr_libdir="/opt/fortitude/lib"
+            apr_lib_version="apr-0"
+          else
+            AC_MSG_ERROR([Fortitude-enabled libapr-0.so not found])
+          fi
+        fi
+        if test -x /opt/fortitude/bin/sparcv9/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin/sparcv9"
+        else
+          if test -x /opt/fortitude/bin/apr-config
+          then
+            apr_bindir="/opt/fortitude/bin"
+          else
+            AC_MSG_ERROR([Fortitude-enabled apr-config not found])
+          fi
+        fi
+      else
+        if test -e /opt/fortitude/lib/libapr-0.so
+        then
+          apr_lib="-L/opt/fortitude/lib"
+          apr_libdir="/opt/fortitude/lib"
+          apr_lib_version="apr-0"
+        else
+          AC_MSG_ERROR([/opt/fortitude/lib/libapr-0.so not found])
+        fi
+        if test -x /opt/fortitude/bin/apr-config
+        then
+          apr_bindir="/opt/fortitude/bin"
+        else
+          AC_MSG_ERROR([/opt/fortitude/bin/apr-config not found])
+        fi
+      fi
+      AC_MSG_RESULT([using Fortitude-enabled Apr in /opt/fortitude])
+    else
+      if test -f /usr/local/include/apr-0/apr.h
+      then
+        apr_inc="-DAPRDIR -I/usr/local/include -I/usr/local/include/apr-0"
+      else
+        AC_MSG_ERROR([/usr/local/include/apr-0/apr.h not found])
+      fi
+      if test -n "$USE_64"
+      then
+        if test -e /usr/local/lib/sparcv9/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib/sparcv9"
+          apr_libdir="/usr/local/lib/sparcv9"
+          apr_lib_version="apr-0"
+        else
+          AC_MSG_ERROR([/usr/local/lib/sparcv9/libapr-0.so not found])
+        fi
+        if test -x /usr/local/bin/sparcv9/apr-config
+        then
+          apr_bindir="/usr/local/bin/sparcv9"
+        else
+          AC_MSG_ERROR([/usr/local/bin/sparcv9/apr-config not found])
+        fi
+      else
+        if test -e /usr/local/lib/libapr-0.so
+        then
+          apr_lib="-L/usr/local/lib"
+          apr_libdir="/usr/local/lib"
+          apr_lib_version="apr-0"
+        else
+          AC_MSG_ERROR([/usr/local/lib/libapr-0.so not found])
+        fi
+        if test -x /usr/local/bin/apr-config
+        then
+          apr_bindir="/usr/local/bin"
+        else
+          AC_MSG_ERROR([/usr/local/bin/apr-config not found])
+        fi
+      fi
+    fi
+    AC_MSG_RESULT([using system Apr in /usr/local])
+    ;;
+  *)
+    AC_MSG_ERROR([unconfigured platform $host])
+    ;;
+esac
+
+# if Apr has not been found, print an error and exit
+if test -z "$apr_inc"
+then
+  AC_MSG_ERROR([Apr include file directory not found, specify with --with-apr.])
+fi
+if test -z "$apr_lib" -o -z "$apr_libdir"
+then
+  AC_MSG_ERROR([Apr library directory not found, specify with --with-apr.])
+fi
+if test -z "$apr_bindir"
+then
+  AC_MSG_ERROR([Apr executables directory not found, specify with --with-apr.])
+fi
+if test -z "$apr_lib_version"
+then
+  AC_MSG_ERROR([Apr library version not found, specify with --with-apr.])
+fi
+
diff --git a/pki/base/tps/m4/nspr.m4 b/pki/base/tps/m4/nspr.m4
new file mode 100644
index 000000000..c6d0694f9
--- /dev/null
+++ b/pki/base/tps/m4/nspr.m4
@@ -0,0 +1,93 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for NSPR)
+
+# check for --with-nspr
+AC_MSG_CHECKING(for --with-nspr)
+AC_ARG_WITH(nspr, [  --with-nspr=PATH        Netscape Portable Runtime (NSPR) directory],
+[
+  if test -e "$withval"/include/nspr.h -a -d "$withval"/lib
+  then
+    AC_MSG_RESULT([using $withval])
+    NSPRDIR=$withval
+    nspr_inc="-I$NSPRDIR/include"
+    nspr_lib="-L$NSPRDIR/lib"
+    nspr_libdir="$NSPRDIR/lib"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nspr-inc
+AC_MSG_CHECKING(for --with-nspr-inc)
+AC_ARG_WITH(nspr-inc, [  --with-nspr-inc=PATH        Netscape Portable Runtime (NSPR) include file directory],
+[
+  if test -e "$withval"/nspr.h
+  then
+    AC_MSG_RESULT([using $withval])
+    nspr_inc="-I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nspr-lib
+AC_MSG_CHECKING(for --with-nspr-lib)
+AC_ARG_WITH(nspr-lib, [  --with-nspr-lib=PATH        Netscape Portable Runtime (NSPR) library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    nspr_lib="-L$withval"
+    nspr_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# if NSPR is not found yet, try pkg-config
+
+# last resort
+if test -z "$nspr_inc" -o -z "$nspr_lib" -o -z "$nspr_libdir"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for nspr with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L nspr | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system NSPR])
+    elif $PKG_CONFIG --exists dirsec-nspr; then
+      nspr_inc=`$PKG_CONFIG --cflags-only-I dirsec-nspr`
+      nspr_lib=`$PKG_CONFIG --libs-only-L dirsec-nspr`
+      nspr_libdir=`$PKG_CONFIG --libs-only-L dirsec-nspr | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system dirsec NSPR])
+    else
+      AC_MSG_ERROR([NSPR not found, specify with --with-nspr.])
+    fi
+  fi
+fi
diff --git a/pki/base/tps/m4/nss.m4 b/pki/base/tps/m4/nss.m4
new file mode 100644
index 000000000..46e74cdb1
--- /dev/null
+++ b/pki/base/tps/m4/nss.m4
@@ -0,0 +1,93 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+AC_CHECKING(for NSS)
+
+# check for --with-nss
+AC_MSG_CHECKING(for --with-nss)
+AC_ARG_WITH(nss, [  --with-nss=PATH         Network Security Services (NSS) directory],
+[
+  if test -e "$withval"/include/nss.h -a -d "$withval"/lib
+  then
+    AC_MSG_RESULT([using $withval])
+    NSSDIR=$withval
+    nss_inc="-I$NSSDIR/include"
+    nss_lib="-L$NSSDIR/lib"
+    nss_libdir="$NSSDIR/lib"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nss-inc
+AC_MSG_CHECKING(for --with-nss-inc)
+AC_ARG_WITH(nss-inc, [  --with-nss-inc=PATH         Network Security Services (NSS) include directory],
+[
+  if test -e "$withval"/nss.h
+  then
+    AC_MSG_RESULT([using $withval])
+    nss_inc="-I$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-nss-lib
+AC_MSG_CHECKING(for --with-nss-lib)
+AC_ARG_WITH(nss-lib, [  --with-nss-lib=PATH         Network Security Services (NSS) library directory],
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    nss_lib="-L$withval"
+    nss_libdir="$withval"
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# if NSS is not found yet, try pkg-config
+
+# last resort
+if test -z "$nss_inc" -o -z "$nss_lib" -o -z "$nss_libdir"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for nss with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L nss | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system NSS])
+    elif $PKG_CONFIG --exists dirsec-nss; then
+      nss_inc=`$PKG_CONFIG --cflags-only-I dirsec-nss`
+      nss_lib=`$PKG_CONFIG --libs-only-L dirsec-nss`
+      nss_libdir=`$PKG_CONFIG --libs-only-L dirsec-nss | sed -e s/-L// | sed -e s/\ *$//`
+      AC_MSG_RESULT([using system dirsec NSS])
+    else
+      AC_MSG_ERROR([NSS not found, specify with --with-nss.])
+    fi
+  fi
+fi
diff --git a/pki/base/tps/m4/openldap.m4 b/pki/base/tps/m4/openldap.m4
new file mode 100644
index 000000000..b92b1990c
--- /dev/null
+++ b/pki/base/tps/m4/openldap.m4
@@ -0,0 +1,157 @@
+# BEGIN COPYRIGHT BLOCK
+# Copyright (C) 2009 Red Hat, Inc.
+# All rights reserved.
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License
+# as published by the Free Software Foundation; either version 2
+# of the License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
+#
+# END COPYRIGHT BLOCK
+
+AC_CHECKING(for OpenLDAP)
+
+# check for --with-openldap
+AC_MSG_CHECKING(for --with-openldap)
+AC_ARG_WITH(openldap, AS_HELP_STRING([--with-openldap@<:@=PATH@:>@],[Use OpenLDAP - optional PATH is path to OpenLDAP SDK]),
+[
+  if test "$withval" = yes
+  then
+    AC_MSG_RESULT([using system OpenLDAP])
+  elif test "$withval" = no
+  then
+    AC_MSG_RESULT(no)
+  elif test -e "$withval"/include/ldap.h -a -d "$withval"/lib
+  then
+    AC_MSG_RESULT([using $withval])
+    OPENLDAPDIR=$withval
+    openldap_incdir="$OPENLDAPDIR/include"
+    openldap_inc="-I$openldap_incdir"
+    openldap_lib="-L$OPENLDAPDIR/lib"
+    openldap_libdir="$OPENLDAPDIR/lib"
+    openldap_bindir="$OPENLDAPDIR/bin"
+    with_openldap=yes
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-openldap-inc
+AC_MSG_CHECKING(for --with-openldap-inc)
+AC_ARG_WITH(openldap-inc, AS_HELP_STRING([--with-openldap-inc=PATH],[OpenLDAP SDK include directory]),
+[
+  if test -e "$withval"/ldap.h
+  then
+    AC_MSG_RESULT([using $withval])
+    openldap_incdir="$withval"
+    openldap_inc="-I$withval"
+    with_openldap=yes
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-openldap-lib
+AC_MSG_CHECKING(for --with-openldap-lib)
+AC_ARG_WITH(openldap-lib, AS_HELP_STRING([--with-openldap-lib=PATH],[OpenLDAP SDK library directory]),
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    openldap_lib="-L$withval"
+    openldap_libdir="$withval"
+    with_openldap=yes
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# check for --with-openldap-bin
+AC_MSG_CHECKING(for --with-openldap-bin)
+AC_ARG_WITH(openldap-bin, AS_HELP_STRING([--with-openldap-bin=PATH],[OpenLDAP SDK binary directory]),
+[
+  if test -d "$withval"
+  then
+    AC_MSG_RESULT([using $withval])
+    openldap_bindir="$withval"
+    with_openldap=yes
+  else
+    echo
+    AC_MSG_ERROR([$withval not found])
+  fi
+],
+AC_MSG_RESULT(no))
+
+# if OPENLDAP is not found yet, try pkg-config
+
+if test "$with_openldap" = yes ; then # user wants to use openldap, but didn't specify paths
+  if test -z "$openldap_inc" -o -z "$openldap_lib" -o -z "$openldap_libdir" -o -z "$openldap_bindir"; then
+    AC_PATH_PROG(PKG_CONFIG, pkg-config)
+    AC_MSG_CHECKING(for OpenLDAP with pkg-config)
+    if test -n "$PKG_CONFIG" && $PKG_CONFIG --exists openldap; then
+      openldap_inc=`$PKG_CONFIG --cflags-only-I openldap`
+      openldap_lib=`$PKG_CONFIG --libs-only-L openldap`
+      openldap_libdir=`$PKG_CONFIG --libs-only-L openldap | sed -e s/-L// | sed -e s/\ .*$//`
+      openldap_bindir=`$PKG_CONFIG --variable=bindir openldap`
+      openldap_incdir=`$PKG_CONFIG --variable=includedir openldap`
+      AC_MSG_RESULT([using system OpenLDAP from pkg-config])
+    else
+      openldap_incdir="/usr/include"
+      openldap_inc="-I$openldap_incdir"
+      AC_MSG_RESULT([no OpenLDAP pkg-config files])
+    fi
+  fi
+fi
+
+dnl lets see if we can find the headers and libs
+
+if test "$with_openldap" = yes ; then
+  save_cppflags="$CPPFLAGS"
+  CPPFLAGS="$openldap_inc $nss_inc $nspr_inc"
+  AC_CHECK_HEADER([ldap_features.h], [],
+    [AC_MSG_ERROR([specified with-openldap but ldap_features.h not found])])
+  dnl figure out which version we're using from the header file
+  ol_ver_maj=`grep LDAP_VENDOR_VERSION_MAJOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+  ol_ver_min=`grep LDAP_VENDOR_VERSION_MINOR $openldap_incdir/ldap_features.h | awk '{print $3}'`
+  ol_ver_pat=`grep LDAP_VENDOR_VERSION_PATCH $openldap_incdir/ldap_features.h | awk '{print $3}'`
+  dnl full libname is libname-$maj.$min
+  ol_libver="-${ol_ver_maj}.${ol_ver_min}"
+  dnl look for ldap lib
+  save_ldflags="$LDFLAGS"
+  LDFLAGS="$openldap_lib $LDFLAGS"
+  AC_CHECK_LIB([ldap$ol_libver], [ldap_initialize], [have_ldap_lib=1])
+  if test -z "$have_ldap_lib" ; then
+    AC_CHECK_LIB([ldap], [ldap_initialize], [unset ol_libver],
+      [AC_MSG_ERROR([specified with-openldap but libldap not found])])
+  fi
+  dnl look for ldap_url_parse_ext
+  AC_CHECK_LIB([ldap$ol_libver], [ldap_url_parse_ext],
+    [AC_DEFINE([HAVE_LDAP_URL_PARSE_EXT], [1], [have the function ldap_url_parse_ext])])
+  LDFLAGS="$save_ldflags"
+  CPPFLAGS="$save_cppflags"
+
+  AC_DEFINE([USE_OPENLDAP], [1], [If defined, using OpenLDAP for LDAP SDK])
+  # where to find ldapsearch, et. al.
+  ldaptool_bindir=$openldap_bindir
+  # default options to pass to the tools
+  # use -x because all of our scripts use simple bind
+  ldaptool_opts=-x
+  # get plain output from ldapsearch - no version, no comments
+  plainldif_opts=-LLL
+fi
+
diff --git a/pki/base/tps/m4/sasl.m4 b/pki/base/tps/m4/sasl.m4
new file mode 100644
index 000000000..fb46c1ad6
--- /dev/null
+++ b/pki/base/tps/m4/sasl.m4
@@ -0,0 +1,112 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+# Configure paths for SASL
+
+dnl ========================================================
+dnl = sasl is used to support various authentication mechanisms
+dnl = such as DIGEST-MD5 and GSSAPI.
+dnl ========================================================
+dnl ========================================================
+dnl = Use the sasl libraries on the system (assuming it exists)
+dnl ========================================================
+AC_CHECKING(for sasl)
+
+AC_MSG_CHECKING(for --with-sasl)
+AC_ARG_WITH(sasl,
+    [[  --with-sasl=PATH   Use sasl from supplied path]],
+    dnl = Look in the standard system locations
+    [
+      if test "$withval" = "yes"; then
+        AC_MSG_RESULT(yes)
+
+        dnl = Check for sasl.h in the normal locations
+        if test -f /usr/include/sasl/sasl.h; then
+          sasl_inc="-I/usr/include/sasl"
+        elif test -f /usr/include/sasl.h; then
+          sasl_inc="-I/usr/include"
+        else
+          AC_MSG_ERROR(sasl.h not found)
+        fi
+
+      dnl = Check the user provided location
+      elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        AC_MSG_RESULT([using $withval])
+
+        if test -f "$withval/include/sasl/sasl.h"; then
+          sasl_inc="-I$withval/include/sasl"
+        elif test -f "$withval/include/sasl.h"; then
+          sasl_inc="-I$withval/include"
+        else
+          AC_MSG_ERROR(sasl.h not found)
+        fi
+
+        sasl_lib="-L$withval/lib"
+        sasl_libdir="$withval/lib"
+      else
+          AC_MSG_RESULT(yes)
+          AC_MSG_ERROR([sasl not found in $withval])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-sasl-inc)
+AC_ARG_WITH(sasl-inc,
+    [[  --with-sasl-inc=PATH   SASL include file directory]],
+    [
+      if test -f "$withval"/sasl.h; then
+        AC_MSG_RESULT([using $withval])
+        sasl_inc="-I$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval/sasl.h not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-sasl-lib)
+AC_ARG_WITH(sasl-lib,
+    [[  --with-sasl-lib=PATH   SASL library directory]],
+    [
+      if test -d "$withval"; then
+        AC_MSG_RESULT([using $withval])
+        sasl_lib="-L$withval"
+        sasl_libdir="$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+if test -z "$sasl_inc"; then
+  AC_MSG_CHECKING(for sasl.h)
+  dnl - Check for sasl in standard system locations
+  if test -f /usr/include/sasl/sasl.h; then
+    AC_MSG_RESULT([using /usr/include/sasl/sasl.h])
+    sasl_inc="-I/usr/include/sasl"
+  elif test -f /usr/include/sasl.h; then
+    AC_MSG_RESULT([using /usr/include/sasl.h])
+    sasl_inc="-I/usr/include"
+  else
+    AC_MSG_RESULT(no)
+    AC_MSG_ERROR([sasl not found, specify with --with-sasl.])
+  fi
+fi
diff --git a/pki/base/tps/m4/svrcore.m4 b/pki/base/tps/m4/svrcore.m4
new file mode 100644
index 000000000..14a5d387a
--- /dev/null
+++ b/pki/base/tps/m4/svrcore.m4
@@ -0,0 +1,113 @@
+dnl BEGIN COPYRIGHT BLOCK
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation;
+dnl version 2.1 of the License.
+dnl 
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+dnl Lesser General Public License for more details.
+dnl 
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library; if not, write to the Free Software
+dnl Foundation, Inc., 51 Franklin Street, Fifth Floor,
+dnl Boston, MA  02110-1301  USA 
+dnl 
+dnl Copyright (C) 2007 Red Hat, Inc.
+dnl All rights reserved.
+dnl END COPYRIGHT BLOCK
+
+# Configure paths for SVRCORE
+AC_CHECKING(for svrcore)
+
+AC_MSG_CHECKING(for --with-svrcore)
+AC_ARG_WITH(svrcore,
+    [[  --with-svrcore[=PATH]   Use system installed svrcore - optional path for svrcore]],
+    dnl = Look in the standard system locations
+    [
+      if test "$withval" = "yes"; then
+        AC_MSG_RESULT(yes)
+
+        dnl = Check for svrcore.h in the normal locations
+        if test -f /usr/include/svrcore.h; then
+          svrcore_inc="-I/usr/include"
+        else
+          AC_MSG_ERROR(svrcore.h not found)
+        fi
+
+      dnl = Check the user provided location
+      elif test -d "$withval" -a -d "$withval/lib" -a -d "$withval/include" ; then
+        AC_MSG_RESULT([using $withval])
+
+        if test -f "$withval/include/svrcore.h"; then
+          svrcore_inc="-I$withval/include"
+        else
+          AC_MSG_ERROR(svrcore.h not found)
+        fi
+
+        svrcore_lib="-L$withval/lib"
+      else
+        AC_MSG_RESULT(yes)
+        AC_MSG_ERROR([svrcore not found in $withval])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-svrcore-inc)
+AC_ARG_WITH(svrcore-inc,
+    [[  --with-svrcore-inc=PATH   SVRCORE include file directory]],
+    [
+      if test -f "$withval"/svrcore.h; then
+        AC_MSG_RESULT([using $withval])
+        svrcore_inc="-I$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval/svrcore.h not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+AC_MSG_CHECKING(for --with-svrcore-lib)
+AC_ARG_WITH(svrcore-lib,
+    [[  --with-svrcore-lib=PATH   SVRCORE library directory]],
+    [
+      if test -d "$withval"; then
+        AC_MSG_RESULT([using $withval])
+        svrcore_lib="-L$withval"
+      else
+        echo
+        AC_MSG_ERROR([$withval not found])
+      fi
+    ],
+    AC_MSG_RESULT(no))
+
+dnl svrcore not given - look for pkg-config
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+  AC_PATH_PROG(PKG_CONFIG, pkg-config)
+  AC_MSG_CHECKING(for svrcore with pkg-config)
+  if test -n "$PKG_CONFIG"; then
+    if $PKG_CONFIG --exists svrcore; then
+      svrcore_inc=`$PKG_CONFIG --cflags-only-I svrcore`
+      svrcore_lib=`$PKG_CONFIG --libs-only-L svrcore`
+      AC_MSG_RESULT([using system svrcore])
+    fi
+  fi
+fi
+
+if test -z "$svrcore_inc" -o -z "$svrcore_lib"; then
+dnl just see if svrcore is already a system library
+  AC_CHECK_LIB([svrcore], [SVRCORE_GetRegisteredPinObj], [havesvrcore=1],
+	       [], [$nss_inc $nspr_inc $nss_lib -lnss3 -lsoftokn3 $nspr_lib -lplds4 -lplc4 -lnspr4])
+  if test -n "$havesvrcore" ; then
+dnl just see if svrcore is already a system header file
+    save_cppflags="$CPPFLAGS"
+    CPPFLAGS="$nss_inc $nspr_inc"
+    AC_CHECK_HEADER([svrcore.h], [havesvrcore=1], [havesvrcore=])
+    CPPFLAGS="$save_cppflags"
+  fi
+dnl for svrcore to be present, both the library and the header must exist
+  if test -z "$havesvrcore" ; then
+    AC_MSG_ERROR([svrcore not found, specify with --with-svrcore.])
+  fi
+fi
diff --git a/pki/base/tps/missing b/pki/base/tps/missing
new file mode 100755
index 000000000..28055d2ae
--- /dev/null
+++ b/pki/base/tps/missing
@@ -0,0 +1,376 @@
+#! /bin/sh
+# Common stub for a few missing GNU programs while installing.
+
+scriptversion=2009-04-28.21; # UTC
+
+# Copyright (C) 1996, 1997, 1999, 2000, 2002, 2003, 2004, 2005, 2006,
+# 2008, 2009 Free Software Foundation, Inc.
+# Originally by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# As a special exception to the GNU General Public License, if you
+# distribute this file as part of a program that contains a
+# configuration script generated by Autoconf, you may include it under
+# the same distribution terms that you use for the rest of that program.
+
+if test $# -eq 0; then
+  echo 1>&2 "Try \`$0 --help' for more information"
+  exit 1
+fi
+
+run=:
+sed_output='s/.* --output[ =]\([^ ]*\).*/\1/p'
+sed_minuso='s/.* -o \([^ ]*\).*/\1/p'
+
+# In the cases where this matters, `missing' is being run in the
+# srcdir already.
+if test -f configure.ac; then
+  configure_ac=configure.ac
+else
+  configure_ac=configure.in
+fi
+
+msg="missing on your system"
+
+case $1 in
+--run)
+  # Try to run requested program, and just exit if it succeeds.
+  run=
+  shift
+  "$@" && exit 0
+  # Exit code 63 means version mismatch.  This often happens
+  # when the user try to use an ancient version of a tool on
+  # a file that requires a minimum version.  In this case we
+  # we should proceed has if the program had been absent, or
+  # if --run hadn't been passed.
+  if test $? = 63; then
+    run=:
+    msg="probably too old"
+  fi
+  ;;
+
+  -h|--h|--he|--hel|--help)
+    echo "\
+$0 [OPTION]... PROGRAM [ARGUMENT]...
+
+Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an
+error status if there is no known handling for PROGRAM.
+
+Options:
+  -h, --help      display this help and exit
+  -v, --version   output version information and exit
+  --run           try to run the given command, and emulate it if it fails
+
+Supported PROGRAM values:
+  aclocal      touch file \`aclocal.m4'
+  autoconf     touch file \`configure'
+  autoheader   touch file \`config.h.in'
+  autom4te     touch the output file, or create a stub one
+  automake     touch all \`Makefile.in' files
+  bison        create \`y.tab.[ch]', if possible, from existing .[ch]
+  flex         create \`lex.yy.c', if possible, from existing .c
+  help2man     touch the output file
+  lex          create \`lex.yy.c', if possible, from existing .c
+  makeinfo     touch the output file
+  tar          try tar, gnutar, gtar, then tar without non-portable flags
+  yacc         create \`y.tab.[ch]', if possible, from existing .[ch]
+
+Version suffixes to PROGRAM as well as the prefixes \`gnu-', \`gnu', and
+\`g' are ignored when checking the name.
+
+Send bug reports to <bug-automake@gnu.org>."
+    exit $?
+    ;;
+
+  -v|--v|--ve|--ver|--vers|--versi|--versio|--version)
+    echo "missing $scriptversion (GNU Automake)"
+    exit $?
+    ;;
+
+  -*)
+    echo 1>&2 "$0: Unknown \`$1' option"
+    echo 1>&2 "Try \`$0 --help' for more information"
+    exit 1
+    ;;
+
+esac
+
+# normalize program name to check for.
+program=`echo "$1" | sed '
+  s/^gnu-//; t
+  s/^gnu//; t
+  s/^g//; t'`
+
+# Now exit if we have it, but it failed.  Also exit now if we
+# don't have it and --version was passed (most likely to detect
+# the program).  This is about non-GNU programs, so use $1 not
+# $program.
+case $1 in
+  lex*|yacc*)
+    # Not GNU programs, they don't have --version.
+    ;;
+
+  tar*)
+    if test -n "$run"; then
+       echo 1>&2 "ERROR: \`tar' requires --run"
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       exit 1
+    fi
+    ;;
+
+  *)
+    if test -z "$run" && ($1 --version) > /dev/null 2>&1; then
+       # We have it, but it failed.
+       exit 1
+    elif test "x$2" = "x--version" || test "x$2" = "x--help"; then
+       # Could not run --version or --help.  This is probably someone
+       # running `$TOOL --version' or `$TOOL --help' to check whether
+       # $TOOL exists and not knowing $TOOL uses missing.
+       exit 1
+    fi
+    ;;
+esac
+
+# If it does not exist, or fails to run (possibly an outdated version),
+# try to emulate it.
+case $program in
+  aclocal*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acinclude.m4' or \`${configure_ac}'.  You might want
+         to install the \`Automake' and \`Perl' packages.  Grab them from
+         any GNU archive site."
+    touch aclocal.m4
+    ;;
+
+  autoconf*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`${configure_ac}'.  You might want to install the
+         \`Autoconf' and \`GNU m4' packages.  Grab them from any GNU
+         archive site."
+    touch configure
+    ;;
+
+  autoheader*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`acconfig.h' or \`${configure_ac}'.  You might want
+         to install the \`Autoconf' and \`GNU m4' packages.  Grab them
+         from any GNU archive site."
+    files=`sed -n 's/^[ ]*A[CM]_CONFIG_HEADER(\([^)]*\)).*/\1/p' ${configure_ac}`
+    test -z "$files" && files="config.h"
+    touch_files=
+    for f in $files; do
+      case $f in
+      *:*) touch_files="$touch_files "`echo "$f" |
+				       sed -e 's/^[^:]*://' -e 's/:.*//'`;;
+      *) touch_files="$touch_files $f.in";;
+      esac
+    done
+    touch $touch_files
+    ;;
+
+  automake*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified \`Makefile.am', \`acinclude.m4' or \`${configure_ac}'.
+         You might want to install the \`Automake' and \`Perl' packages.
+         Grab them from any GNU archive site."
+    find . -type f -name Makefile.am -print |
+	   sed 's/\.am$/.in/' |
+	   while read f; do touch "$f"; done
+    ;;
+
+  autom4te*)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, but is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.
+         You can get \`$1' as part of \`Autoconf' from any GNU
+         archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo "#! /bin/sh"
+	echo "# Created by GNU Automake missing as a replacement of"
+	echo "#  $ $@"
+	echo "exit 0"
+	chmod +x $file
+	exit 1
+    fi
+    ;;
+
+  bison*|yacc*)
+    echo 1>&2 "\
+WARNING: \`$1' $msg.  You should only need it if
+         you modified a \`.y' file.  You may need the \`Bison' package
+         in order for those modifications to take effect.  You can get
+         \`Bison' from any GNU archive site."
+    rm -f y.tab.c y.tab.h
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.y)
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.c
+	    fi
+	    SRCFILE=`echo "$LASTARG" | sed 's/y$/h/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" y.tab.h
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f y.tab.h; then
+	echo >y.tab.h
+    fi
+    if test ! -f y.tab.c; then
+	echo 'main() { return 0; }' >y.tab.c
+    fi
+    ;;
+
+  lex*|flex*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.l' file.  You may need the \`Flex' package
+         in order for those modifications to take effect.  You can get
+         \`Flex' from any GNU archive site."
+    rm -f lex.yy.c
+    if test $# -ne 1; then
+        eval LASTARG="\${$#}"
+	case $LASTARG in
+	*.l)
+	    SRCFILE=`echo "$LASTARG" | sed 's/l$/c/'`
+	    if test -f "$SRCFILE"; then
+	         cp "$SRCFILE" lex.yy.c
+	    fi
+	  ;;
+	esac
+    fi
+    if test ! -f lex.yy.c; then
+	echo 'main() { return 0; }' >lex.yy.c
+    fi
+    ;;
+
+  help2man*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+	 you modified a dependency of a manual page.  You may need the
+	 \`Help2man' package in order for those modifications to take
+	 effect.  You can get \`Help2man' from any GNU archive site."
+
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -f "$file"; then
+	touch $file
+    else
+	test -z "$file" || exec >$file
+	echo ".ab help2man is required to generate this page"
+	exit $?
+    fi
+    ;;
+
+  makeinfo*)
+    echo 1>&2 "\
+WARNING: \`$1' is $msg.  You should only need it if
+         you modified a \`.texi' or \`.texinfo' file, or any other file
+         indirectly affecting the aspect of the manual.  The spurious
+         call might also be the consequence of using a buggy \`make' (AIX,
+         DU, IRIX).  You might want to install the \`Texinfo' package or
+         the \`GNU make' package.  Grab either from any GNU archive site."
+    # The file to touch is that specified with -o ...
+    file=`echo "$*" | sed -n "$sed_output"`
+    test -z "$file" && file=`echo "$*" | sed -n "$sed_minuso"`
+    if test -z "$file"; then
+      # ... or it is the one specified with @setfilename ...
+      infile=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'`
+      file=`sed -n '
+	/^@setfilename/{
+	  s/.* \([^ ]*\) *$/\1/
+	  p
+	  q
+	}' $infile`
+      # ... or it is derived from the source name (dir/f.texi becomes f.info)
+      test -z "$file" && file=`echo "$infile" | sed 's,.*/,,;s,.[^.]*$,,'`.info
+    fi
+    # If the file does not exist, the user really needs makeinfo;
+    # let's fail without touching anything.
+    test -f $file || exit 1
+    touch $file
+    ;;
+
+  tar*)
+    shift
+
+    # We have already tried tar in the generic part.
+    # Look for gnutar/gtar before invocation to avoid ugly error
+    # messages.
+    if (gnutar --version > /dev/null 2>&1); then
+       gnutar "$@" && exit 0
+    fi
+    if (gtar --version > /dev/null 2>&1); then
+       gtar "$@" && exit 0
+    fi
+    firstarg="$1"
+    if shift; then
+	case $firstarg in
+	*o*)
+	    firstarg=`echo "$firstarg" | sed s/o//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+	case $firstarg in
+	*h*)
+	    firstarg=`echo "$firstarg" | sed s/h//`
+	    tar "$firstarg" "$@" && exit 0
+	    ;;
+	esac
+    fi
+
+    echo 1>&2 "\
+WARNING: I can't seem to be able to run \`tar' with the given arguments.
+         You may want to install GNU tar or Free paxutils, or check the
+         command line arguments."
+    exit 1
+    ;;
+
+  *)
+    echo 1>&2 "\
+WARNING: \`$1' is needed, and is $msg.
+         You might have modified some files without having the
+         proper tools for further handling them.  Check the \`README' file,
+         it often tells you about the needed prerequisites for installing
+         this package.  You may also peek at any GNU archive site, in case
+         some other package would contain this missing \`$1' program."
+    exit 1
+    ;;
+esac
+
+exit 0
+
+# Local variables:
+# eval: (add-hook 'write-file-hooks 'time-stamp)
+# time-stamp-start: "scriptversion="
+# time-stamp-format: "%:y-%02m-%02d.%02H"
+# time-stamp-time-zone: "UTC"
+# time-stamp-end: "; # UTC"
+# End:
diff --git a/pki/base/tps/scripts/addAgents.ldif b/pki/base/tps/scripts/addAgents.ldif
new file mode 100644
index 000000000..840c83f0c
--- /dev/null
+++ b/pki/base/tps/scripts/addAgents.ldif
@@ -0,0 +1,53 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: uid=admin,ou=People,$TOKENDB_ROOT
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: inetOrgPerson
+objectClass: tpsProfileId
+uid: admin
+userPassword: $TOKENDB_AGENT_PWD
+sn: TUS Administrator
+cn: TUS Administrator
+userCertificate:: $TOKENDB_AGENT_CERT
+profileID: All Profiles
+
+dn: cn=TUS Agents,ou=Groups,$TOKENDB_ROOT
+objectClass: top
+objectClass: groupOfNames
+cn: TUS Agents
+member: uid=admin,ou=People,$TOKENDB_ROOT
+description: Agents for TUS
+
+dn: cn=TUS Officers,ou=Groups,$TOKENDB_ROOT
+objectClass: top
+objectClass: groupOfNames
+cn: TUS Officers
+member: uid=admin,ou=People,$TOKENDB_ROOT
+description: Operators for TUS
+
+dn: cn=TUS Administrators,ou=Groups,$TOKENDB_ROOT
+objectClass: top
+objectClass: groupOfNames
+cn: TUS Administrators
+member: uid=admin,ou=People,$TOKENDB_ROOT
+description: Administrators for TUS
diff --git a/pki/base/tps/scripts/addIndexes.ldif b/pki/base/tps/scripts/addIndexes.ldif
new file mode 100644
index 000000000..7a910be3e
--- /dev/null
+++ b/pki/base/tps/scripts/addIndexes.ldif
@@ -0,0 +1,76 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=tokenUserID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenUserID
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=tokenID,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenID
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=dateOfCreate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: dateOfCreate
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=dateOfModify,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: dateOfModify
+nsindextype: eq
+nsindextype: pres
+nsindextype: sub
+nssystemindex: false
+
+dn: cn=userCertificate,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: userCertificate
+nsindextype: eq
+nssystemindex: false
+
+dn: cn=tokenSerial,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenSerial
+nsindextype: eq
+nssystemindex: false
+
+dn: cn=tokenKeyType,cn=index,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+objectclass: top
+objectclass: nsIndex
+cn: tokenKeyType
+nsindextype: eq
+nssystemindex: false
diff --git a/pki/base/tps/scripts/addTokens.ldif b/pki/base/tps/scripts/addTokens.ldif
new file mode 100644
index 000000000..9b8a99e27
--- /dev/null
+++ b/pki/base/tps/scripts/addTokens.ldif
@@ -0,0 +1,44 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: ou=Tokens,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Tokens
+
+dn: ou=Activities,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Activities
+
+dn: ou=Certificates,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Certificates
+
+dn: ou=People,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: People
+
+dn: ou=Groups,$TOKENDB_ROOT
+objectclass: top
+objectclass: organizationalunit
+ou: Groups
diff --git a/pki/base/tps/scripts/addVLVIndexes.ldif b/pki/base/tps/scripts/addVLVIndexes.ldif
new file mode 100644
index 000000000..9dc86ece1
--- /dev/null
+++ b/pki/base/tps/scripts/addVLVIndexes.ldif
@@ -0,0 +1,51 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=tus-listTokens-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: tus-listtokens-vlv
+objectClass: top
+objectClass: vlvsearch
+vlvBase: ou=Tokens,$TOKENDB_ROOT
+vlvFilter: (&(cn=*)(tokenUserID=*))
+vlvScope: 2
+
+dn: cn=tus-listActivities-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: tus-listActivities-vlv
+objectClass: top
+objectClass: vlvsearch
+vlvBase: ou=Activities,$TOKENDB_ROOT
+vlvFilter: (&(tokenID=*)(tokenUserID=*))
+vlvScope: 2
+
+dn: cn=listTokensIndex,cn=tus-listTokens-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: listTokensIndex
+objectClass: top
+objectClass: vlvindex
+vlvSort: -dateOfModify
+vlvEnabled: 1
+vlvUses: 0
+
+dn: cn=listActivitiesIndex,cn=tus-listActivities-vlv,cn=userRoot,cn=ldbm database,cn=plugins,cn=config
+cn: listActivitiesIndex
+objectClass: top
+objectClass: vlvindex
+vlvSort: -dateOfCreate
+vlvEnabled: 1
+vlvUses: 0
diff --git a/pki/base/tps/scripts/database.ldif b/pki/base/tps/scripts/database.ldif
new file mode 100644
index 000000000..706a3327e
--- /dev/null
+++ b/pki/base/tps/scripts/database.ldif
@@ -0,0 +1,39 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=$DATABASE, cn=ldbm database, cn=plugins, cn=config
+objectClass: top
+objectClass: extensibleObject
+objectClass: nsBackendInstance
+cn: $DATABASE
+nsslapd-suffix: $BASEDN
+
+dn: cn=$BASEDN, cn=mapping tree, cn=config
+objectClass: top
+objectClass: extensibleObject
+objectClass: nsMappingTree
+cn: $BASEDN
+nsslapd-backend: $DATABASE
+nsslapd-state: Backend
+
+dn: $BASEDN
+objectClass: top
+objectClass: $OBJECTCLASS
+$TYPE: $VALUE
diff --git a/pki/base/tps/scripts/nss_pcache b/pki/base/tps/scripts/nss_pcache
new file mode 100755
index 000000000..f87d7bbf6
--- /dev/null
+++ b/pki/base/tps/scripts/nss_pcache
@@ -0,0 +1,66 @@
+#!/bin/bash
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+# Check to insure that this script's original invocation directory
+# has not been deleted!
+CWD=`/bin/pwd > /dev/null 2>&1`
+if [ $? -ne 0 ] ; then
+	echo "Cannot invoke '$0' from non-existent directory!"
+	exit 255
+fi
+
+OS=`uname -s`
+PLATFORM=""
+
+if [ $OS = "Linux" ]; then
+	PLATFORM=`uname -i`
+	if [ $PLATFORM = "i386" ]; then
+		# 32-bit Linux
+		LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH
+	elif [ $PLATFORM = "x86_64" ]; then
+		# 64-bit Linux
+		LD_LIBRARY_PATH=/usr/lib64/dirsec:/usr/lib64:/usr/lib:$LD_LIBRARY_PATH
+	fi 
+	export LD_LIBRARY_PATH
+elif [ $OS = "SunOS" ]; then
+	PLATFORM=`uname -p`
+	if	[ "${PLATFORM}" = "sparc" ] &&
+		[ -d "/usr/lib/sparcv9/" ] ; then
+		PLATFORM="sparcv9"
+	fi
+	if [ $PLATFORM = "sparc" ]; then
+		# 32-bit Solaris
+		LD_LIBRARY_PATH=/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH
+	elif [ $PLATFORM = "sparcv9" ]; then
+		# 64-bit Solaris
+		LD_LIBRARY_PATH=/usr/lib/sparcv9/dirsec:/usr/lib/sparcv9:/usr/lib/dirsec:/usr/lib:$LD_LIBRARY_PATH
+	fi 
+	export LD_LIBRARY_PATH
+fi 
+
+FORTITUDE_DIR=/usr/sbin
+if [ $OS = "SunOS" ]; then
+  FORTITUDE_DIR=/opt/fortitude/bin
+fi
+
+$FORTITUDE_DIR/nss_pcache $@
diff --git a/pki/base/tps/scripts/schemaMods.ldif b/pki/base/tps/scripts/schemaMods.ldif
new file mode 100644
index 000000000..fd7b09331
--- /dev/null
+++ b/pki/base/tps/scripts/schemaMods.ldif
@@ -0,0 +1,58 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=schema
+changetype: modify
+add: attributeTypes
+attributeTypes: ( dateOfCreate-oid NAME 'dateOfCreate' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( dateOfModify-oid NAME 'dateOfModify' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( modified-oid NAME 'modified' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenUserID-oid NAME 'tokenUserID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenStatus-oid NAME 'tokenStatus' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenAppletID-oid NAME 'tokenAppletID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( keyInfo-oid NAME 'keyInfo' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfResets-oid NAME 'numberOfResets' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfEnrollments-oid NAME 'numberOfEnrollments' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfRenewals-oid NAME 'numberOfRenewals' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( numberOfRecoveries-oid NAME 'numberOfRecoveries' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'user defined' )
+attributeTypes: ( allowPinReset-oid NAME 'allowPinReset' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( extensions-oid NAME 'extensions' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenOp-oid NAME 'tokenOp' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenID-oid NAME 'tokenID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenMsg-oid NAME 'tokenMsg' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenResult-oid NAME 'tokenResult' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenIP-oid NAME 'tokenIP' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenPolicy-oid NAME 'tokenPolicy' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenIssuer-oid NAME 'tokenIssuer' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenSubject-oid NAME 'tokenSubject' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenSerial-oid NAME 'tokenSerial' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenOrigin-oid NAME 'tokenOrigin' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenType-oid NAME 'tokenType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenKeyType-oid NAME 'tokenKeyType' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenReason-oid NAME 'tokenReason' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenNotBefore-oid NAME 'tokenNotBefore' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( tokenNotAfter-oid NAME 'tokenNotAfter' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+attributeTypes: ( profileID-oid NAME 'profileID' DESC 'CMS defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'user defined' )
+-
+add: objectClasses
+objectClasses: ( tokenRecord-oid NAME 'tokenRecord' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ modified $ tokenReason $ tokenUserID $ tokenStatus $ tokenAppletID $ keyInfo $ tokenPolicy $ extensions $ numberOfResets $ numberOfEnrollments $ numberOfRenewals $ numberOfRecoveries $ userCertificate $ tokenType ) X-ORIGIN 'user defined' )
+objectClasses: ( tokenActivity-oid NAME 'tokenActivity' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ tokenOp $ tokenIP $ tokenResult $ tokenID $ tokenUserID $ tokenMsg $ extensions $ tokenType ) X-ORIGIN 'user defined' )
+objectClasses: ( tokenCert-oid NAME 'tokenCert' DESC 'CMS defined class' SUP top STRUCTURAL MUST cn MAY ( dateOfCreate $ dateOfModify $ userCertificate $ tokenUserID $ tokenID $ tokenIssuer $ tokenOrigin $ tokenSubject $ tokenSerial $ tokenStatus $ tokenType $ tokenKeyType $ tokenNotBefore $ tokenNotAfter $ extensions ) X-ORIGIN 'user defined' )
+objectClasses: ( tpsProfileID-oid NAME 'tpsProfileID' DESC 'CMS defined class' SUP top AUXILIARY MAY ( profileID ) X-ORIGIN 'user-defined' )
diff --git a/pki/base/tps/scripts/vlvtasks.ldif b/pki/base/tps/scripts/vlvtasks.ldif
new file mode 100644
index 000000000..b6b4bb762
--- /dev/null
+++ b/pki/base/tps/scripts/vlvtasks.ldif
@@ -0,0 +1,28 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+dn: cn=index1160528734, cn=index, cn=tasks, cn=config
+objectclass: top
+objectclass: extensibleObject
+cn: index1160528734
+ttl: 4
+nsInstance: userRoot
+nsIndexVLVAttribute: listTokensIndex
+nsIndexVLVAttribute: listActivitiesIndex
diff --git a/pki/base/tps/setup/CMakeLists.txt b/pki/base/tps/setup/CMakeLists.txt
new file mode 100644
index 000000000..25ea20ffe
--- /dev/null
+++ b/pki/base/tps/setup/CMakeLists.txt
@@ -0,0 +1,11 @@
+set(VERSION ${APPLICATION_VERSION})
+
+configure_file(${CMAKE_CURRENT_SOURCE_DIR}/config.desktop.in ${CMAKE_CURRENT_BINARY_DIR}/config.desktop @ONLY)
+
+install(
+    FILES
+        ${CMAKE_CURRENT_BINARY_DIR}/config.desktop
+        registry_instance
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/setup
+)
diff --git a/pki/base/tps/setup/config.desktop.in b/pki/base/tps/setup/config.desktop.in
new file mode 100644
index 000000000..9ce641be7
--- /dev/null
+++ b/pki/base/tps/setup/config.desktop.in
@@ -0,0 +1,33 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+[Desktop Entry]
+Version=@VERSION@
+Encoding=UTF-8
+Name=Token Processing System Configuration - [PKI_INSTANCE_ID]
+GenericName=Token Processing System Configuration
+Comment=Configure Token Processing System
+Exec=firefox https://[SERVER_NAME]:[SECURE_PORT]/tps/admin/console/config/login?pin=[PKI_RANDOM_NUMBER]
+Icon=firefox.png
+Terminal=false
+Type=Application
+MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;
+X-Desktop-File-Install-Version=0.9
+Categories=Application;CertServer;
diff --git a/pki/base/tps/setup/create.pl b/pki/base/tps/setup/create.pl
new file mode 100755
index 000000000..e8da7d859
--- /dev/null
+++ b/pki/base/tps/setup/create.pl
@@ -0,0 +1,973 @@
+##############################################################
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+# This script is to create a new instance of Token Processing
+# Service within CS installation.
+#
+# To execute:
+#   perl create.pl
+#
+##############################################################
+
+use FindBin;
+
+##############################################################
+# Advance Options
+##############################################################
+
+my $hsm = "";                       # hardware token label (i.e. 'nFast')
+my $hsm_ca = "";                    # hardware token label for CA certificate (i.e. 'nFast')
+my $nickName = "Server-Cert";       # nickname
+
+##############################################################
+# Private
+##############################################################
+my $hsmLabel;
+my $serverRoot;
+my $instanceID;
+my $serverID;
+my $serverName;
+my $port;
+my $securePort;
+my $uid;
+my $gid;
+my $tmpDir;
+my $tpsDir;
+my $tusHost;
+my $tusPort;
+my $tusRoot;
+my $tusSuffix;
+my $tusAgentCert;
+my $caHost;
+my $caPort;
+my $drmHost;
+my $drmPort;
+my $serverKeyGen;
+my $tksHost;
+my $tksPort;
+my $ldapHost;
+my $ldapPort;
+my $ldapRoot;
+my $pathSep;
+my $objExt;
+my $libPrefix;
+
+my $defaultUID = "root";
+my $defaultServerRoot = "$FindBin::Bin";
+$defaultServerRoot =~ s/\/bin\/cert\/tps\/setup//;
+$defaultServerRoot =~ s/\/$//;
+my $defaultServerID = "machine";
+my $defaultServerName = "machine.fedora.com";
+my $defaultInstanceID = "tps-machine";
+my $defaultSuffix = "dc=machine,dc=fedora,dc=com";
+
+sub PromptUser
+{
+  print ("************************************************\n");
+  print ("Token Processing Service (TPS) Setup\n");
+  print ("************************************************\n");
+  print ("This script will assist you in setting up TPS.\n");
+  print ("Before running this script, you should already \n");
+  print ("install a certificate authority (CA), a token key \n");
+  print ("service (TKS), an authentication directory and a token \n");
+  print ("database.\n");
+  print ("\n");
+  print ("CA is responsible for issuing certificates while TKS \n");
+  print ("ensures a secure channel between the client and \n");
+  print ("the backend. User requests are authenticated against \n");
+  print ("the authentication directory which contains user \n");
+  print ("information. The token database collects statistics \n");
+  print ("on token activities.\n");
+  print ("\n");
+  print ("The authentication database and the token database are \n");
+  print ("regular directory server instances that can be created \n");
+  print ("via Console.\n");
+  print ("\n");
+  print ("If you need other advanced options such as hardware \n");
+  print ("token support, you need to modify the advanced option \n");
+  print ("section of this script manually.\n");
+  print ("\n");
+  print ("************************************************\n");
+  print ("GENERAL SETUP SECTION \n");
+  print ("\n");
+  print ("This script is about to create your TPS instance in your \n");
+  print ("existing CS installation.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_SERVER_ROOT:
+  print ("Enter the path to the server root [$defaultServerRoot]: ");
+  chomp ($serverRoot = <STDIN>);
+  if ($serverRoot eq "") {
+    $serverRoot = "$defaultServerRoot";
+  }
+  if ($serverRoot =~ /\/$/) {
+    print ("Error: '$serverRoot' cannot end with '/'.\n");
+    goto ASK_SERVER_ROOT;
+  }
+  if (!(-d $serverRoot)) {
+    print ("Error: '$serverRoot' directory does not exit.\n");
+    goto ASK_SERVER_ROOT;
+  }
+  if (!(-f "$serverRoot/admin-serv/config/adm.conf")) {
+    print ("Error: '$serverRoot' directory does not contain $serverRoot/admin-serv/config/adm.conf.\n");
+    goto ASK_SERVER_ROOT;
+  }
+
+  # read some good parameters from adm.conf
+  open(F, "$serverRoot/admin-serv/config/adm.conf");
+  while (<F>) {
+    if (/ldapHost:\s*(\S+)/) {
+      $defaultServerName = $1;
+    }
+    if (/ldapStart:\s*slapd-(\S+)\//) {
+      $defaultServerID = $1;
+    }
+  }
+  close(F);
+
+  open(F, "$serverRoot/admin-serv/config/magnus.conf");
+  while (<F>) {
+    if (/User (\S+)/) {
+      $defaultUID = $1;
+    }
+  }
+  close(F);
+
+  $defaultSuffix = $defaultServerName;
+  $defaultSuffix =~ s/\./,dc=/g;
+  $defaultSuffix =~ s/^[^,]+,//;
+
+ASK_TPS_ROOT:
+  print ("Enter the path to the TPS release [$serverRoot/bin/cert/tps]: ");
+  chomp ($tpsDir = <STDIN>);
+  if ($tpsDir eq "") {
+    $tpsDir = "$serverRoot/bin/cert/tps";
+  }
+  if (!(-d $tpsDir)) {
+    print ("Error: '$tpsDir' directory does not exit.\n");
+    goto ASK_TPS_ROOT;
+  }
+  if (!(-d "$tpsDir/config")) {
+    print ("Error: '$tpsDir/config' directory does not exit.\n");
+    goto ASK_TPS_ROOT;
+  }
+
+  print ("Enter the hostname of this machine [$defaultServerID]: ");
+  chomp ($serverID = <STDIN>);
+  if ($serverID eq "") {
+    $serverID = "$defaultServerID";
+  }
+  print ("Enter the fully-qualified hostname of this machine [$defaultServerName]: ");
+  chomp ($serverName = <STDIN>);
+  if ($serverName eq "") {
+    $serverName = "$defaultServerName";
+  }
+
+ASK_INSTANCE_ID:
+  print ("Enter the instance ID of your new TPS instance [tps-$defaultServerID]: ");
+  chomp ($instanceID = <STDIN>);
+  if ($instanceID eq "") {
+    $instanceID = "tps-$defaultServerID";
+  }
+  if (-d "$serverRoot/$instanceID") {
+    print ("Error: '$serverRoot/$instanceID' directory already exist.\n");
+    goto ASK_INSTANCE_ID;
+  }
+
+  # update nickName
+  $nickName = "$nickName $instanceID";
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("SERVICE PORTS SECTION \n");
+  print ("\n");
+  print ("TPS listens on the following ports. Please make \n");
+  print ("sure you specify unused ports.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+  print ("Enter the UID that TPS should be running as [$defaultUID]: ");
+  chomp ($uid = <STDIN>);
+  if ($uid eq "") {
+    $uid = "$defaultUID";
+  }
+
+  my $defaultGID = $defaultUID;
+  print ("Enter the GID that TPS should be running as [$defaultGID]: ");
+  chomp ($gid = <STDIN>);
+  if ($gid eq "") {
+    $gid = "$defaultGID";
+  }
+
+ASK_EE_PORT:
+  print ("Enter the end entity port number of your TPS [7888]: ");
+  chomp ($port = <STDIN>);
+  if ($port eq "") {
+    $port = "7888";
+  }
+  if ($port eq "") {
+    goto ASK_EE_PORT;
+  }
+
+ASK_AGENT_PORT:
+  print ("Enter the agent port number of your TPS [7889]: ");
+  chomp ($securePort = <STDIN>);
+  if ($securePort eq "") {
+    $securePort = "7889";
+  }
+  if ($securePort eq "") {
+    goto ASK_AGENT_PORT;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("AUTHENTICATION (LDAP) DIRECTORY SECTION \n");
+  print ("\n");
+  print ("TPS verifies the user IDs and \n");
+  print ("passwords against this LDAP database before executing \n");
+  print ("requests from users.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_AUTH_HOST:
+  print ("Enter the hostname of the authentication directory [$defaultServerName]: ");
+  chomp ($ldapHost = <STDIN>);
+  if ($ldapHost eq "") {
+    $ldapHost = "$defaultServerName";
+  }
+  if ($ldapHost eq "") {
+    goto ASK_AUTH_HOST;
+  }
+
+ASK_AUTH_PORT:
+  print ("Enter the port number of the authentication directory [389]: ");
+  chomp ($ldapPort = <STDIN>);
+  if ($ldapPort eq "") {
+    $ldapPort = "389";
+  }
+  if ($ldapPort eq "") {
+    goto ASK_AUTH_PORT;
+  }
+
+ASK_AUTH_ROOT:
+  print ("Enter the root suffix of the authentication directory [$defaultSuffix]: ");
+  chomp ($ldapRoot = <STDIN>);
+  if ($ldapRoot eq "") {
+    $ldapRoot = "$defaultSuffix";
+  }
+  if ($ldapRoot eq "") {
+    goto ASK_AUTH_ROOT;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("CA CONNECTION SECTION \n");
+  print ("\n");
+  print ("TPS submits certificate requests \n");
+  print ("to CA for signing.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_CA_HOST:
+  print ("Enter the hostname of the CA [$defaultServerName]: ");
+  chomp ($caHost = <STDIN>);
+  if ($caHost eq "") {
+    $caHost = "$defaultServerName";
+  }
+  if ($caHost eq "") {
+    goto ASK_CA_HOST;
+  }
+
+ASK_CA_PORT:
+  print ("Enter the secure end entity port number of the CA [443]: ");
+  chomp ($caPort = <STDIN>);
+  if ($caPort eq "") {
+    $caPort = "443";
+  }
+  if ($caPort eq "") {
+    goto ASK_CA_PORT;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("TKS CONNECTION SECTION \n");
+  print ("\n");
+  print ("TPS obtains session keys from TKS \n");
+  print ("for establishing secure channels.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_TKS_HOST:
+  print ("Enter the hostname of the TKS [$defaultServerName]: ");
+  chomp ($tksHost = <STDIN>);
+  if ($tksHost eq "") {
+    $tksHost = "$defaultServerName";
+  }
+  if ($tksHost eq "") {
+    goto ASK_TKS_HOST;
+  }
+
+ASK_TKS_PORT:
+  print ("Enter the secure agent port number of the TKS [8100]: ");
+  chomp ($tksPort = <STDIN>);
+  if ($tksPort eq "") {
+    $tksPort = "8100";
+  }
+  if ($tksPort eq "") {
+    goto ASK_TKS_PORT;
+  }
+
+  print ("\n");
+  print ("Do you want to perform server-side key generation optionally [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "yes") {
+    $serverKeyGen = "true";
+
+    print ("************************************************\n");
+    print ("DRM CONNECTION SECTION \n");
+    print ("\n");
+    print ("TPS submits archival and recovery requests \n");
+    print ("to DRM.\n");
+    print ("************************************************\n");
+    print ("\n");
+
+ASK_DRM_HOST:
+    print ("Enter the hostname of the DRM [$defaultServerName]: ");
+    chomp ($drmHost = <STDIN>);
+    if ($drmHost eq "") {
+      $drmHost = "$defaultServerName";
+    }
+    if ($drmHost eq "") {
+      goto ASK_DRM_HOST;
+    }
+
+ASK_DRM_PORT:
+    print ("Enter the secure agent port number of the DRM [8100]: ");
+    chomp ($drmPort = <STDIN>);
+    if ($drmPort eq "") {
+      $drmPort = "8100";
+    }
+    if ($drmPort eq "") {
+      goto ASK_DRM_PORT;
+    }
+    print ("\n");
+  } else {
+    $serverKeyGen = "false";
+  }
+
+  print ("************************************************\n");
+  print ("TOKEN DATABASE (LDAP) CONNECTION SECTION \n");
+  print ("\n");
+  print ("TPS sends statistics information to the database \n");
+  print ("for auditing purposes.\n");
+  print ("************************************************\n");
+  print ("\n");
+
+ASK_TUS_HOST:
+  print ("Enter the hostname of the token database [$defaultServerName]: ");
+  chomp ($tusHost = <STDIN>);
+  if ($tusHost eq "") {
+    $tusHost = "$defaultServerName";
+  }
+  if ($tusHost eq "") {
+    goto ASK_TUS_HOST;
+  }
+
+ASK_TUS_PORT:
+  print ("Enter the port number of the token database [3890]: ");
+  chomp ($tusPort = <STDIN>);
+  if ($tusPort eq "") {
+    $tusPort = "3890";
+  }
+  if ($tusPort eq "") {
+    goto ASK_TUS_PORT;
+  }
+
+ASK_TUS_ROOT:
+  print ("Enter the root suffix of the token database [$defaultSuffix]: ");
+  chomp ($tusRoot = <STDIN>);
+  if ($tusRoot eq "") {
+    $tusRoot = "$defaultSuffix";
+  }
+  if ($tusRoot eq "") {
+    goto ASK_TUS_ROOT;
+  }
+
+ASK_TUS_PWD:
+  print ("Enter the password of the directory manager: ");
+  if (!&IsWindows()) {
+    system("stty -echo");
+  }
+  chomp ($tusPass = <STDIN>);
+  if (!&IsWindows()) {
+    system("stty echo");
+  }
+  if ($tusPass eq "") {
+    goto ASK_TUS_PWD;
+  }
+        
+  if (&IsWindows()) {
+    $tmpDir = "c:\\temp";
+  } else {
+    $tmpDir = "/tmp";
+  }
+  print ("\n");
+}
+
+sub ToContinue
+{
+  do {
+    print ("Please enter 'proceed' to continue.\n");
+    chomp ($continue = <STDIN>);
+  } while ($continue ne "proceed");
+}
+
+sub CreateSecurityDatabase
+{
+  print ("This program is about to create the NSS certificate DB.\n");
+  &ToContinue();
+  print ("\n");
+
+  &CertUtil_CreateDatabase($serverRoot, "$instanceID-$serverID-");
+  print ("\n");
+
+  print ("This program is about to generate the certificate request.\n");
+  &ToContinue();
+  print ("\n");
+
+ASK_SERVER_CERT:
+  &CertUtil_GenerateCSR($serverRoot, "$instanceID-$serverID-", 
+     $hsm, "CN=" . $serverName);
+  print ("\n");
+
+  print ("Please submit the certificate request to the CA's Manual TPS Server Certificate Enrollment profile for signing.\n");
+  print ("Note that correct OIDs (i.e. 1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2 and 1.3.6.1.5.5.7.3.4) must be populated in the\n");
+  print ("extended key usage extension of the certificate.\n");
+  print ("In addition, this certificate must be added to \n");
+  print ("CA and TKS as trusted agent.\n");
+  print ("\n");
+  print ("This program is about to import the TPS system certificate.\n");
+  print ("Please paste in your certificate (including header and footer).\n");
+  print ("\n");
+  my $serverCert = &PromptCertificate();
+  &CertUtil_ImportServerCert($serverRoot, "$instanceID-$serverID-", 
+    $hsm, $nickName, $serverCert);
+  print ("\n");
+
+  &CertUtil_Print($serverRoot, "$instanceID-$serverID-", $hsm, $nickName);
+  print ("\n");
+  print ("Is the server certificate correct [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "no") {
+    goto ASK_SERVER_CERT;
+  }
+
+  $i = 0;
+  print ("This program is about to import one or more CA certificates.\n");
+  while (1) {
+ASK_AGAIN:
+    print ("Do you have CA certificate to import [yes]: \n");
+    chomp ($continue = <STDIN>);
+    print ("\n");
+    if ($continue eq "") {
+      $continue = "yes";
+    }
+    if ($continue eq "no") {
+      goto DONE;
+    }
+    print ("Please paste in your CA certificate (including header and footer).\n");
+    print ("\n");
+    my $caCert = &PromptCertificate();
+    &CertUtil_ImportCACert($serverRoot, "$instanceID-$serverID-", 
+        $hsm_ca, "caCert$i $instanceID", "$caCert");
+    print ("\n");
+
+    &CertUtil_Print($serverRoot, "$instanceID-$serverID-", $hsm_ca, "caCert$i $instanceID");
+    print ("\n");
+    print ("Is the CA certificate correct [yes]: \n");
+    chomp ($continue = <STDIN>);
+    print ("\n");
+    if ($continue eq "") {
+      $continue = "yes";
+    }
+    if ($continue eq "no") {
+      &CertUtil_Delete($serverRoot, "$instanceID-$serverID-", $hsm, "caCert$i $instanceID");
+      goto ASK_AGAIN;
+    }
+    $i++;
+  }
+
+DONE:
+
+  print ("The following shows all imported certificates.\n");
+  &CertUtil_List($serverRoot, "$instanceID-$serverID-", $hsm);
+  print ("\n");
+  &ToContinue();
+}
+
+sub PromptCertificate
+{
+  my $startCert = 0;
+  my $cert;
+  while (1) {
+    chomp ($continue = <STDIN>);
+    if ($continue eq "-----END CERTIFICATE-----") {
+      $cert .= $continue . "\n";
+      goto DONE;
+    }
+    if ($startCert == 1) {
+      $cert .= $continue . "\n";
+    }
+    if ($continue eq "-----BEGIN CERTIFICATE-----") {
+      $startCert = 1;
+      $cert .= $continue . "\n";
+    }
+  }
+DONE:
+  return $cert;
+}
+
+sub Main
+{
+  if (&IsWindows()) {
+    $pathSep = ";";
+    $objExt = ".dll";
+    $libPrefix = "";
+  } else {
+    $pathSep = ":";
+    $objExt = ".so";
+    $libPrefix = "lib";
+  }
+
+  if ($hsm eq "") {
+    $hsmLabel = "";
+  } else {
+    $hsmLabel = $hsm . ":";
+  }
+
+  &PromptUser();
+
+  print ("************************************************\n");
+  print ("TPS INSTANCE CREATION \n");
+  print ("************************************************\n");
+  print ("This program is about to create the TPS instance.\n");
+  print ("If there is any error, please ctrl-C to exit and ");
+  print ("restart the process.\n");
+  print ("\n");
+  &ToContinue();
+  print ("\n");
+
+  &CreateInstanceDir();
+  &CopyTemplates();
+  &PopulateTPSTemplates();
+  print ("\n");
+
+  print ("************************************************\n");
+  print ("SECURITY DATABASE CREATION (OPTIONAL) \n");
+  print ("\n");
+  print ("Keys and certificates will be stored in the security\n");
+  print ("databases.\n");
+  print ("************************************************\n");
+
+  print ("This program is about to create the security databases.\n");
+
+ASK_AGAIN:
+  print ("Do you want to create the security databases automatically [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "no") {
+    print ("Please place your own security databases ");
+    print ("in $serverRoot/alias/$instanceID-$serverID-*.db\n");
+    print ("\n");
+  } elsif ($continue eq "yes") {
+    &CreateSecurityDatabase();
+  } else {
+    goto ASK_AGAIN;
+  }
+
+  print ("************************************************\n");
+  print ("TOKEN DATABASE POPULATION (OPTIONAL) \n");
+  print ("\n");
+  print ("Token database's Schema and default structure will be setup.\n");
+  print ("Your first authorized agent certificate will be \n");
+  print ("imported into the database. TPS agent port can \n");
+  print ("be accessed by browser that contain the authorized \n");
+  print ("agent certificate.\n");
+  print ("************************************************\n");
+  print ("This program is about to populate the token database.\n");
+
+ASK_AGAIN2:
+  print ("Do you want to populate the token database automatically [yes]: \n");
+  chomp ($continue = <STDIN>);
+  print ("\n");
+  if ($continue eq "") {
+    $continue = "yes";
+  }
+  if ($continue eq "no") {
+    print ("Please populate the token database manually.\n");
+  } elsif ($continue eq "yes") {
+    &PopulateTUS();
+  } else {
+    goto ASK_AGAIN2;
+  }
+
+  print ("\n");
+  print ("************************************************\n");
+  print ("SETUP IS DONE \n");
+  print ("************************************************\n");
+  print ("You should manually start your TPS by \n");
+  print ("running the start script in the TPS instance.\n");
+  print ("\n");
+  print ("  $serverRoot/$instanceID/start\n");
+  print ("\n");
+  print ("You can use your ESC client to access TPS's \n");
+  print ("end entity port.\n");
+  print ("\n");
+  print ("  http://$serverName:$port/nk_service\n");
+  print ("\n");
+  print ("You can use your browser to access TPS's \n");
+  print ("agent port for agent/administrator operations.\n");
+  print ("\n");
+  print ("  https://$serverName:$securePort/tus\n");
+  print ("\n");
+  print ("\n");
+}
+
+sub CopyTemplate
+{
+  my ($from, $to) = @_;
+
+  print "Copying $from to $to ...\n";
+  open(IN, "<$from");
+  open(OUT, ">$to");
+  while (<IN>) {
+    s/\[SERVER_ROOT\]/$serverRoot/g;
+    s/\[INSTANCE_ID\]/$instanceID/g;
+    s/\[SERVER_NAME\]/$serverName/g;
+    s/\[PORT\]/$port/g;
+    s/\[SECURE_PORT\]/$securePort/g;
+    s/\[NICKNAME\]/$nickName/g;
+    s/\[USERID\]/$uid/g;
+    s/\[GROUPID\]/$gid/g;
+    s/\[TMP_DIR\]/$tmpDir/g;
+    s/\[TPS_DIR\]/$tpsDir/g;
+    s/\[LIB_PREFIX\]/$libPrefix/g;
+    s/\[OBJ_EXT\]/$objExt/g;
+    s/\[HSM_LABEL\]/$hsmLabel/g;
+    s/\[TUS_AGENT_CERT\]/$tusAgentCert/g;
+    s/\[TUS_HOST\]/$tusHost/g;
+    s/\[TUS_PORT\]/$tusPort/g;
+    s/\[TUS_ROOT\]/$tusRoot/g;
+    s/\[TUS_PASS\]/$tusPass/g;
+    s/\[CA_HOST\]/$caHost/g;
+    s/\[CA_PORT\]/$caPort/g;
+    s/\[DRM_HOST\]/$drmHost/g;
+    s/\[DRM_PORT\]/$drmPort/g;
+    s/\[SERVER_KEYGEN\]/$serverKeyGen/g;
+    s/\[TKS_HOST\]/$tksHost/g;
+    s/\[TKS_PORT\]/$tksPort/g;
+    s/\[LDAP_HOST\]/$ldapHost/g;
+    s/\[LDAP_PORT\]/$ldapPort/g;
+    s/\[LDAP_ROOT\]/$ldapRoot/g;
+    s/\[PROCESS_ID\]/$$/g;
+    print OUT $_;
+  }
+  close(OUT);
+  close(IN);
+}
+
+sub IsWindows
+{
+  if ($^O eq "MSWin32") {
+    return 1;
+  } else {
+    return 0;
+  }
+}
+
+sub CopyFiles
+{
+  my ($from, $to) = @_;
+
+  print("Copying files from $from to $to ...\n");
+  if (&IsWindows()) {
+    system("xcopy /E /I /Q $from $to");
+  } else {
+    system("cp -R $from $to");
+  }
+}
+
+sub PopulateTPSTemplates
+{
+  &CopyTemplate("$tpsDir/config/CS.cfg", 
+    "$serverRoot/$instanceID/config/CS.cfg");
+  chmod(00660, "$serverRoot/$instanceID/config/CS.cfg");
+
+  print "Creating $serverRoot/cgi-bin ...\n";
+  mkdir ("$serverRoot/cgi-bin", 0755);
+
+  &CopyFiles("$tpsDir/forms/esc", "$serverRoot/cgi-bin");
+  &CopyFiles("$tpsDir/forms/tus", "$serverRoot/cgi-bin");
+}
+
+sub PopulateTUS
+{
+  print ("Please paste in your TPS Agent certificate (including header and footer).\n");
+  print ("\n");
+  my $cert = &PromptCertificate();
+  $cert =~ s/-----BEGIN CERTIFICATE-----\s*//g;
+  $cert =~ s/-----END CERTIFICATE-----\s*//g;
+  $cert =~ s/\s*//g;
+
+  $tusAgentCert = $cert;
+
+  print ("\n");
+  &ToContinue();
+  print ("\n");
+
+  open(F1, "$tpsDir/scripts/addVLVIndexes.ldif");
+  open(F2, ">$serverRoot/$instanceID/config/addVLVIndexes.ldif");
+  while (<F1>) {
+    s/{rootSuffix}/$tusRoot/;
+    print F2 $_;
+  }
+
+  close(F1);
+  close(F2);
+  &LDAPAdd("$serverRoot/$instanceID/config/addVLVIndexes.ldif");
+
+  &CopyTemplate("$tpsDir/scripts/schemaMods.ldif", 
+    "$serverRoot/$instanceID/config/schemaMods.ldif");
+  &CopyTemplate("$tpsDir/scripts/addTokens.ldif", 
+    "$serverRoot/$instanceID/config/addTokens.ldif");
+  &CopyTemplate("$tpsDir/scripts/addIndexes.ldif", 
+    "$serverRoot/$instanceID/config/addIndexes.ldif");
+  &CopyTemplate("$tpsDir/scripts/addAgents.ldif", 
+    "$serverRoot/$instanceID/config/addAgents.ldif");
+
+  &LDAPModify("$serverRoot/$instanceID/config/schemaMods.ldif");
+  &LDAPAdd("$serverRoot/$instanceID/config/addIndexes.ldif");
+  &LDAPAdd("$serverRoot/$instanceID/config/addTokens.ldif");
+  &LDAPAdd("$serverRoot/$instanceID/config/addAgents.ldif");
+}
+
+sub CopyTemplates
+{
+  &CopyTemplate("./templates/start", "$serverRoot/$instanceID/start");
+  chmod(0755, "$serverRoot/$instanceID/start");
+  &CopyTemplate("./templates/stop", "$serverRoot/$instanceID/stop");
+  chmod(0755, "$serverRoot/$instanceID/stop");
+  &CopyTemplate("./templates/config/contexts.properties", 
+    "$serverRoot/$instanceID/config/contexts.properties");
+  &CopyTemplate("./templates/config/jvm12.conf", 
+    "$serverRoot/$instanceID/config/jvm12.conf");
+  &CopyTemplate("./templates/config/magnus.conf", 
+    "$serverRoot/$instanceID/config/magnus.conf");
+  &CopyTemplate("./templates/config/magnus.conf.clfilter", 
+    "$serverRoot/$instanceID/config/magnus.conf.clfilter");
+  &CopyTemplate("./templates/config/mime.types", 
+    "$serverRoot/$instanceID/config/mime.types");
+  &CopyTemplate("./templates/config/obj.conf", 
+    "$serverRoot/$instanceID/config/obj.conf");
+  &CopyTemplate("./templates/config/obj.conf.clfilter", 
+    "$serverRoot/$instanceID/config/obj.conf.clfilter");
+  &CopyTemplate("./templates/config/rules.properties", 
+    "$serverRoot/$instanceID/config/rules.properties");
+  &CopyTemplate("./templates/config/server.dtd", 
+    "$serverRoot/$instanceID/config/server.dtd");
+  &CopyTemplate("./templates/config/server.xml", 
+    "$serverRoot/$instanceID/config/server.xml");
+  &CopyTemplate("./templates/config/server.xml.clfilter", 
+    "$serverRoot/$instanceID/config/server.xml.clfilter");
+  &CopyTemplate("./templates/config/servlets.properties", 
+    "$serverRoot/$instanceID/config/servlets.properties");
+  &CopyTemplate("./templates/config/web-apps.xml", 
+    "$serverRoot/$instanceID/config/web-apps.xml");
+  &CopyTemplate("./templates/config/web-apps.xml.clfilter", 
+    "$serverRoot/$instanceID/config/web-apps.xml.clfilter");
+}
+
+sub CreateInstanceDir
+{
+  print "Creating $serverRoot/$instanceID ...\n";
+  mkdir ("$serverRoot/$instanceID", 0755);
+
+  print "Creating $serverRoot/$instanceID/config ...\n";
+  mkdir ("$serverRoot/$instanceID/config", 0755);
+
+  print "Creating $serverRoot/$instanceID/logs ...\n";
+  mkdir ("$serverRoot/$instanceID/logs", 0755);
+}
+
+sub getPath
+{
+  if (&IsWindows()) {
+    return $ENV{PATH};
+  } else {
+    return $ENV{LD_LIBRARY_PATH};
+  }
+}
+
+sub setPath
+{
+  my ($path) = @_;
+
+  if (&IsWindows()) {
+    $ENV{PATH} = $path;
+  } else {
+    $ENV{LD_LIBRARY_PATH} = $path;
+  }
+}
+
+sub CertUtil_CreateDatabase
+{
+  my ($serverRoot, $prefix) = @_;
+	
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib"  . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -N -d $serverRoot/alias -P $prefix");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_GenerateCSR
+{
+  my ($serverRoot, $prefix, $token, $subject) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -R -d $serverRoot/alias -P $prefix -h '$token' -s '$subject' -a");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_List
+{
+  my ($serverRoot, $prefix, $token) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token'");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_Print
+{
+  my ($serverRoot, $prefix, $token, $nickName) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  if ($token ne "") {
+    #57616 - certutil is not being consistent, nickname 
+    #        requires token name for no reason.
+    system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token' -n '$token:$nickName'");
+  } else {
+    system("$serverRoot/bin/cert/tools/certutil -L -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName'");
+  }
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_Delete
+{
+  my ($serverRoot, $prefix, $token, $nickName) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/bin/cert/tools/certutil -D -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName'");
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_ImportServerCert
+{
+  my ($serverRoot, $prefix, $token, $nickName, $cert) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  open(F, "|$serverRoot/bin/cert/tools/certutil -A -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName' -t 'u,u,u' -a");
+  print F $cert;
+  close(F);
+
+  &setPath($OrgPath);
+}
+
+sub CertUtil_ImportCACert
+{
+  my ($serverRoot, $prefix, $token, $nickName, $cert) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/bin/cert/lib" . $pathSep . $OrgPath);
+
+  open(F, "|$serverRoot/bin/cert/tools/certutil -A -d $serverRoot/alias -P $prefix -h '$token' -n '$nickName' -t 'CT,CT,CT' -a");
+  print F $cert;
+  close(F);
+
+  &setPath($OrgPath);
+}
+
+sub LDAPModify
+{
+  my ($file) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/shared/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/shared/bin/ldapmodify -x -h '$tusHost' -p '$tusPort' -D 'cn=directory manager' -w '$tusPass' -f '$file'");
+
+  &setPath($OrgPath);
+}
+
+sub LDAPAdd
+{
+  my ($file) = @_;
+
+  $OrgPath = &getPath();
+  &setPath($serverRoot . "/shared/lib" . $pathSep . $OrgPath);
+
+  system("$serverRoot/shared/bin/ldapmodify -x -h '$tusHost' -p '$tusPort' -D 'cn=directory manager' -w '$tusPass' -a -f '$file'");
+
+  &setPath($OrgPath);
+}
+
+&Main();
diff --git a/pki/base/tps/setup/registry_instance b/pki/base/tps/setup/registry_instance
new file mode 100644
index 000000000..cb1c4b344
--- /dev/null
+++ b/pki/base/tps/setup/registry_instance
@@ -0,0 +1,116 @@
+# Establish PKI Variable "Slot" Substitutions
+
+PKI_FLAVOR=[PKI_FLAVOR]
+export PKI_FLAVOR
+
+PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE]
+export PKI_SUBSYSTEM_TYPE
+
+PKI_USER=[PKI_USER]
+export PKI_USER
+
+PKI_GROUP=[PKI_GROUP]
+export PKI_GROUP
+
+PKI_INSTANCE_ID=[PKI_INSTANCE_ID]
+export PKI_INSTANCE_ID
+
+PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT]
+export PKI_INSTANCE_INITSCRIPT
+
+PKI_HTTPD_CONF=[HTTPD_CONF]
+export PKI_HTTPD_CONF
+
+PKI_SERVER_ROOT=[SERVER_ROOT]
+export PKI_SERVER_ROOT
+
+PKI_SYSTEM_USER_LIBRARIES=[SYSTEM_USER_LIBRARIES]
+export PKI_SYSTEM_USER_LIBRARIES
+
+PKI_FORTITUDE_DIR=[FORTITUDE_DIR]
+export PKI_FORTITUDE_DIR
+
+PKI_NSS_CONF=[NSS_CONF]
+export PKI_NSS_CONF
+
+PKI_SERVER_NAME=[SERVER_NAME]
+export PKI_SERVER_NAME
+
+PKI_LOCK_FILE="[PKI_LOCKDIR]/${PKI_INSTANCE_ID}.pid"
+export PKI_LOCK_FILE
+
+PKI_PID_FILE="[PKI_PIDDIR]/${PKI_INSTANCE_ID}.pid"
+export PKI_PID_FILE
+
+PKI_SELINUX_TYPE="pki_tps_t"
+export PKI_SELINUX_TYPE
+
+pki_instance_configuration_file=${PKI_SERVER_ROOT}/conf/CS.cfg
+export pki_instance_configuration_file
+
+RESTART_SERVER=${PKI_SERVER_ROOT}/conf/restart_server_after_configuration
+export RESTART_SERVER
+
+########################################################################
+#   This section contains modified content of "/etc/sysconfig/httpd"   #
+########################################################################
+# Configuration file for the ${PKI_INSTANCE_ID} service.
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model.  A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
+#
+PKI_HTTPD=${PKI_FORTITUDE_DIR}/sbin/httpd.worker
+export PKI_HTTPD
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set PKI_OPTIONS here.
+#
+PKI_OPTIONS="-f ${PKI_HTTPD_CONF}"
+export PKI_OPTIONS
+
+#
+# By default, the httpd process is started in the C locale; to
+# change the locale in which the server runs, the PKI_HTTPD_LANG
+# variable can be set.
+#
+PKI_HTTPD_LANG=C
+export PKI_HTTPD_LANG
+########################################################################
+#                                                                      #
+########################################################################
+
+# This will prevent initlog from swallowing up a pass-phrase prompt if
+# mod_ssl needs a pass-phrase from the user.
+PKI_INITLOG_ARGS=""
+export PKI_INITLOG_ARGS
+
+# Set PKI_HTTPD=/usr/sbin/httpd.worker in /etc/sysconfig/httpd to use a server
+# with the thread-based "worker" MPM; BE WARNED that some modules may not
+# work correctly with a thread-based MPM; notably PHP will refuse to start.
+
+# Path to the server binary and short-form for messages.
+httpd=${PKI_HTTPD}
+export httpd
+
+pki_logs_directory=${PKI_SERVER_ROOT}/logs
+export pki_logs_directory
+
+# see if httpd is linked with the openldap libraries - we need to override
+# their use of OpenSSL
+if [ ${OS} = "Linux" ]; then
+    hasopenldap=0
+
+    /usr/bin/ldd ${httpd} 2>&1 | grep libldap- > /dev/null 2>&1 && hasopenldap=1
+
+    if [ ${hasopenldap} -eq 1 ] ; then
+        LD_PRELOAD="${PKI_SYSTEM_USER_LIBRARIES}/libssl3.so:${LD_PRELOAD}"
+        export LD_PRELOAD
+    fi
+elif [ ${OS} = "SunOS" ]; then
+    LD_PRELOAD_64="${PKI_SYSTEM_USER_LIBRARIES}/dirsec/libssl3.so:${LD_PRELOAD_64}"
+    export LD_PRELOAD_64
+fi
diff --git a/pki/base/tps/setup_package b/pki/base/tps/setup_package
new file mode 100755
index 000000000..32ff70985
--- /dev/null
+++ b/pki/base/tps/setup_package
@@ -0,0 +1,390 @@
+#!/bin/bash
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+
+###############################################################################
+##  (1)  Check command line arguments to see how many were passed in.        ##
+###############################################################################
+
+if [ $# -eq 6 ]
+then
+	PKI_BUILD_PREFIX=$1
+	PKI_PRODUCT_NAME=$2
+	PKI_SUBSYSTEM_NAME=$3
+	VERSION=$4
+	RELEASE=$5
+	PKI_STAGING_PATH=$6
+else
+	echo
+	echo "Usage:  $0"
+	echo "        PKI_build_prefix"
+	echo "        PKI_product_name"
+	echo "        PKI_subsystem_name"
+	echo "        version"
+	echo "        release"
+	echo "        PKI_staging_path"
+	echo
+
+	exit 255
+fi
+
+
+###############################################################################
+##  (2)  Specify variables used by this script.                              ##
+###############################################################################
+
+# specify generic helper functions
+usage() {
+	if [ $# -gt 0 ] ; then
+		echo
+		echo "$1"
+	fi
+	echo
+	echo "Usage:  $0"
+	echo "        PKI_build_prefix"
+	echo "        PKI_product_name"
+	echo "        PKI_subsystem_name"
+	echo "        version"
+	echo "        release"
+	echo "        PKI_staging_path"
+	echo
+}
+
+# specify generic helper variables
+OS=`uname`
+ARCHITECTURE=""
+if [ "${OS}" = "Linux" ] ; then
+	if [ -e /etc/fedora-release ] ; then
+		USE_OPT_FORTITUDE="FALSE"
+	elif [ -e /etc/redhat-release ] ; then
+		RHEL_VERSION=`cat /etc/redhat-release | tr -d [:alpha:][:blank:] | cut -d \( -f 1 | awk -F. '{ print $1 }'`
+		if [ ${RHEL_VERSION} = "4" ]; then
+			USE_OPT_FORTITUDE="TRUE"
+		else
+			USE_OPT_FORTITUDE="FALSE"
+		fi
+	else
+		usage "ERROR:  Only Fedora and Red Hat '${OS}' are supported!"
+		exit 255
+	fi
+	ARCHITECTURE=`uname -i`
+elif [ "${OS}" = "SunOS" ] ; then
+	USE_OPT_FORTITUDE="TRUE"
+	ARCHITECTURE=`uname -p`
+else
+	usage "ERROR:  Unsupported operating system '${OS}'!"
+	exit 255
+fi
+
+# Since "rpmbuild" fails to process "%ifarch" macros inside the
+# "%install" section of a spec file, the actual hardware
+# architecture will be determined at this point in time.
+if   [ "${ARCHITECTURE}" = "i386" ] ; then
+	LIB_DIR="lib"
+	WRAPPER_DIR="bin"
+elif [ "${ARCHITECTURE}" = "x86_64" ] ; then
+	LIB_DIR="lib64"
+	WRAPPER_DIR="bin"
+elif [ "${ARCHITECTURE}" = "ppc" ] ; then
+	LIB_DIR="lib"
+	PERL_DIR="/usr/bin/perl"
+	SCRIPTS_DIR="bin"
+	WRAPPER_DIR="bin"
+elif [ "${ARCHITECTURE}" = "ppc64" ] ; then
+	LIB_DIR="lib64"
+	PERL_DIR="/usr/bin/perl"
+	SCRIPTS_DIR="bin"
+	WRAPPER_DIR="bin"
+elif [ "${ARCHITECTURE}" = "s390x" ] ; then
+	LIB_DIR="lib"
+	PERL_DIR="/usr/bin/perl"
+	SCRIPTS_DIR="bin"
+	WRAPPER_DIR="bin"
+elif	[ "${OS}" = "SunOS" ] &&
+		[ "${ARCHITECTURE}" = "sparc" ] ; then
+	# Note that "pkgbuild" successfully processes "%ifarch" macros
+	# inside the "%install" section of a spec file.
+	#
+	# LIB_DIR="lib"
+	# WRAPPER_DIR="bin"
+	#
+	# NOTE:  ONLY support 64-bit sparcv9 on this architecture!
+	#
+	LIB_DIR="lib/sparcv9"
+	WRAPPER_DIR="bin"
+else
+	usage "ERROR:  Unsupported architecture '${ARCHITECTURE}'!"
+	exit 255
+fi
+
+# break the VERSION number into its various components
+MAJOR_VERSION=`echo ${VERSION} | awk -F. '{ print $1 }'`
+MINOR_VERSION=`echo ${VERSION} | awk -F. '{ print $2 }'`
+PATCH_VERSION=`echo ${VERSION} | awk -F. '{ print $3 }'`
+
+PRODUCT_VERSION=${MAJOR_VERSION}.${MINOR_VERSION}
+
+
+# comply with standard FHS 2.3 binary locations (executables)
+PKI_EXECUTABLES=${PKI_BUILD_PREFIX}/usr/${LIB_DIR}/${PKI_PRODUCT_NAME}/${PKI_SUBSYSTEM_NAME}
+
+# comply with standard FHS 2.3 library locations
+SYSTEM_LIBRARIES=${PKI_BUILD_PREFIX}/usr/${LIB_DIR}
+
+# comply with standard Apache 2.0 module locations
+if [ "${USE_OPT_FORTITUDE}" = "TRUE" ] ; then
+	APACHE_MODULES=${PKI_BUILD_PREFIX}/opt/fortitude/modules.local
+else
+	APACHE_MODULES=${PKI_BUILD_PREFIX}/usr/${LIB_DIR}/httpd/modules
+fi
+
+# comply with standard JPackage 1.6.0 jar locations
+
+# comply with standard FHS 2.3 binary locations (wrappers)
+PKI_WRAPPERS=${PKI_BUILD_PREFIX}/usr/${WRAPPER_DIR}
+
+# comply with standard FHS 2.3 shared data locations (templates)
+PKI_SHARED_DATA=${PKI_BUILD_PREFIX}/usr/share/${PKI_PRODUCT_NAME}
+PKI_SUBSYSTEM_SHARED_DATA=${PKI_SHARED_DATA}/${PKI_SUBSYSTEM_NAME}
+PKI_SUBSYSTEM_SHARED_DOCROOT_DATA=${PKI_SHARED_DATA}/${PKI_SUBSYSTEM_NAME}/docroot
+PKI_SUBSYSTEM_SHARED_PERL_BASE=${PKI_SUBSYSTEM_SHARED_DATA}/lib/perl/PKI/Base
+PKI_SUBSYSTEM_SHARED_PERL_MODULES=${PKI_SUBSYSTEM_SHARED_DATA}/lib/perl/PKI/TPS
+PKI_SUBSYSTEM_SHARED_PERL_SERVICE=${PKI_SUBSYSTEM_SHARED_DATA}/lib/perl/PKI/Service
+PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES=${PKI_SUBSYSTEM_SHARED_DATA}/lib/perl/Template
+
+# comply with standard FHS 2.3 start/stop script locations
+
+# comply with standard FHS 2.3 configuration file locations
+
+# comply with standard FHS 2.3 documentation locations
+PKI_DOCUMENTATION=${PKI_BUILD_PREFIX}/usr/share/doc/${PKI_PRODUCT_NAME}-${PKI_SUBSYSTEM_NAME}-${VERSION}
+
+# comply with standard FHS 2.3 log file locations
+
+# comply with default FHS 2.3 instance locations
+
+
+###############################################################################
+##  (3)  Create the appropriate subdirectories.                              ##
+###############################################################################
+
+##
+## System
+##
+
+mkdir -p ${PKI_WRAPPERS}
+
+
+##
+## Product
+##
+
+mkdir -p ${SYSTEM_LIBRARIES}
+mkdir -p ${APACHE_MODULES}
+
+
+##
+## Subsystem
+##
+
+mkdir -p ${PKI_DOCUMENTATION}
+mkdir -p ${PKI_EXECUTABLES}
+mkdir -p ${PKI_SHARED_DATA}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_DATA}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_DATA}/etc
+mkdir -p ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_PERL_BASE}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_PERL_MODULES}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_PERL_SERVICE}
+mkdir -p ${PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES}
+
+
+##
+## Initial Instance
+##
+
+
+###############################################################################
+##  (4)  Unpack the package contents to the appropriate subdirectories.      ##
+###############################################################################
+
+##
+## Executables
+##
+
+cp -p ${PKI_BUILD_PREFIX}/usr/libexec/apachectl* ${PKI_EXECUTABLES}
+cp -p ${PKI_BUILD_PREFIX}/usr/libexec/tpsclient* ${PKI_EXECUTABLES}
+
+
+##
+## Libraries
+##
+
+cp -p ${PKI_STAGING_PATH}/apache/modules/*.so ${APACHE_MODULES}
+
+
+##
+## Jars
+##
+
+
+##
+## Wrappers
+##
+
+
+##
+## Shared Data
+##
+
+cp -rp ${PKI_STAGING_PATH}/doc/LICENSE         ${PKI_DOCUMENTATION}
+
+cp -rp ${PKI_STAGING_PATH}/templates*          ${PKI_SHARED_DATA}
+
+cp -rp ${PKI_STAGING_PATH}/alias*              ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/applets*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/cgi-bin*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/conf*               ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -p  ${PKI_STAGING_PATH}/docroot/index.cgi   ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+chmod 00755   ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}/index.cgi
+cp -p  ${PKI_STAGING_PATH}/docroot/index.html  ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/demo*       ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/home*       ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/so*         ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/sow*        ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/tokendb*    ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_STAGING_PATH}/docroot/tps*        ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+cp -rp ${PKI_BUILD_PREFIX}/etc/init.d*         ${PKI_SUBSYSTEM_SHARED_DATA}/etc
+cp -rp ${PKI_STAGING_PATH}/logs*               ${PKI_SUBSYSTEM_SHARED_DATA}
+
+cp -rp ${PKI_STAGING_PATH}/perl/base/*         ${PKI_SUBSYSTEM_SHARED_PERL_BASE}
+chmod 00644 ${PKI_SUBSYSTEM_SHARED_PERL_BASE}/*.pm
+cp -rp ${PKI_STAGING_PATH}/perl/modules/*      ${PKI_SUBSYSTEM_SHARED_PERL_MODULES}
+chmod 00644 ${PKI_SUBSYSTEM_SHARED_PERL_MODULES}/*.pm
+cp -rp ${PKI_STAGING_PATH}/perl/service/*      ${PKI_SUBSYSTEM_SHARED_PERL_SERVICE}
+chmod 00644 ${PKI_SUBSYSTEM_SHARED_PERL_SERVICE}/*.pm
+cp -rp ${PKI_STAGING_PATH}/perl/templates/*    ${PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES}
+chmod 00644 ${PKI_SUBSYSTEM_SHARED_PERL_TEMPLATES}/*.pm
+cp -rp ${PKI_STAGING_PATH}/samples*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/scripts*            ${PKI_SUBSYSTEM_SHARED_DATA}
+cp -rp ${PKI_STAGING_PATH}/setup*              ${PKI_SUBSYSTEM_SHARED_DATA}
+
+
+###############################################################################
+##  (5)  Unpack the package contents to the initial instance directories.    ##
+###############################################################################
+
+##
+## Start/Stop Script
+##
+
+
+##
+## Configuration
+##
+
+
+##
+## Logs
+##
+
+
+##
+## Default Instance
+##
+
+
+###############################################################################
+##  (6)  Rename the extracted contents following appropriate naming rules.   ##
+###############################################################################
+
+# comply with standard Linux/UNIX shared library naming conventions
+
+# comply with standard JPackage 1.6.0 jar naming conventions
+
+# strip symbolic information from libraries
+cd ${SYSTEM_LIBRARIES} ;
+strip libldapauth.so   ;
+strip libtokendb.so    ;
+strip libtps.so
+
+# strip symbolic information from modules
+cd ${APACHE_MODULES} ;
+strip mod_tokendb.so ;
+strip mod_tps.so
+
+# strip symbolic information from executables
+cd ${PKI_EXECUTABLES} ;
+strip tpsclient
+
+
+###############################################################################
+##  (7)  Create a command wrapper for each specified command.                ##
+###############################################################################
+
+COMMANDS="tpsclient"
+
+create_wrapper()
+{
+	PRODUCT=$1
+	SUBSYSTEM=$2
+	COMMAND=$3
+
+	TEMPLATE=pki_subsystem_command_wrapper
+
+	WRAPPER=${PKI_WRAPPERS}/${COMMAND}
+
+	sed	-e "s|\[PKI_PRODUCT\]|${PRODUCT}|g"     \
+		-e "s|\[PKI_SUBSYSTEM\]|${SUBSYSTEM}|g" \
+		-e "s|\[PKI_COMMAND\]|${COMMAND}|g"     \
+		${PKI_SHARED_DATA}/templates/${TEMPLATE} > ${WRAPPER} ;
+}
+
+
+for cmd in ${COMMANDS}
+do
+	create_wrapper ${PKI_PRODUCT_NAME} ${PKI_SUBSYSTEM_NAME} ${cmd}
+done
+
+
+rm -rf ${PKI_SHARED_DATA}/templates
+
+
+###############################################################################
+##  (8)  Create useful symbolic links as appropriate.                        ##
+###############################################################################
+
+# create legacy "tus" directory symbolic-link for backwards compatibility
+cd ${PKI_SUBSYSTEM_SHARED_DOCROOT_DATA}
+ln -s tokendb tus
+
+# create shared library sans version "linker-name" to protect this namespace
+
+# create jar sans version to be used by classpath
+
+# create assorted symbolic links to various file dependencies (Tomcat)
+
+
+###############################################################################
+##  (9)  Successfully exit from this setup script.                           ##
+###############################################################################
+
+exit 0
+
diff --git a/pki/base/tps/src/CMakeLists.txt b/pki/base/tps/src/CMakeLists.txt
new file mode 100644
index 000000000..5f588663c
--- /dev/null
+++ b/pki/base/tps/src/CMakeLists.txt
@@ -0,0 +1,148 @@
+project(tps_library CXX)
+
+set(TPS_INCLUDE_DIR ${CMAKE_CURRENT_SOURCE_DIR}/include)
+
+add_subdirectory(tus)
+
+set(TPS_PUBLIC_INCLUDE_DIRS
+  ${CMAKE_CURRENT_BINARY_DIR}
+  ${CMAKE_CURRENT_SOURCE_DIR}
+  ${TPS_INCLUDE_DIR}
+  CACHE INTERNAL "tps public include directories"
+)
+
+set(TPS_PRIVATE_INCLUDE_DIRS
+  ${TPS_PUBLIC_INCLUDE_DIRS}
+  ${CMAKE_BINARY_DIR}
+  ${NSS_INCLUDE_DIRS}
+  ${NSPR_INCLUDE_DIRS}
+  ${APR_INCLUDE_DIRS}
+  ${SVRCORE_INCLUDE_DIRS}
+  ${LDAP_INCLUDE_DIRS}
+)
+
+set(TPS_SHARED_LIBRARY
+  tps_library
+  CACHE INTERNAL "tps shared library"
+)
+
+set(TPS_LINK_LIBRARIES
+  ${NSPR_LIBRARIES}
+  ${NSS_LIBRARIES}
+  ${APR_LIBRARIES}
+  ${SVRCORE_LIBRARIES}
+  ${LDAP_LIBRARIES}
+  ${TOKENDB_SHARED_LIBRARY}
+)
+
+set(tps_library_SRCS
+    main/Buffer.cpp
+    main/NameValueSet.cpp
+    main/ConfigStore.cpp
+    main/Util.cpp
+    main/RA_Msg.cpp
+    main/RA_pblock.cpp
+    main/RA_Session.cpp
+    main/RA_Context.cpp
+    main/Login.cpp
+    main/SecureId.cpp
+    main/Memory.cpp
+    main/AuthenticationEntry.cpp
+    main/AuthParams.cpp
+    main/Authentication.cpp
+    main/AttributeSpec.cpp
+    main/ObjectSpec.cpp
+    main/PKCS11Obj.cpp
+    main/LogFile.cpp
+    main/RollingLogFile.cpp
+    httpClient/httpClient.cpp
+    httpClient/Cache.cpp
+    httpClient/engine.cpp
+    httpClient/http.cpp
+    httpClient/response.cpp
+    httpClient/request.cpp
+    httpClient/nscperror.cpp
+    cms/HttpConnection.cpp
+    cms/ConnectionInfo.cpp
+    cms/CertEnroll.cpp
+    apdu/APDU.cpp
+    apdu/Unblock_Pin_APDU.cpp
+    apdu/Create_Object_APDU.cpp
+    apdu/Set_Pin_APDU.cpp
+    apdu/Set_IssuerInfo_APDU.cpp
+    apdu/Get_IssuerInfo_APDU.cpp
+    apdu/Create_Pin_APDU.cpp
+    apdu/List_Pins_APDU.cpp
+    apdu/Initialize_Update_APDU.cpp
+    apdu/Get_Version_APDU.cpp
+    apdu/Get_Status_APDU.cpp
+    apdu/Get_Data_APDU.cpp
+    apdu/External_Authenticate_APDU.cpp
+    apdu/Generate_Key_APDU.cpp
+    apdu/Read_Buffer_APDU.cpp
+    apdu/Read_Object_APDU.cpp
+    apdu/Write_Object_APDU.cpp
+    apdu/Put_Key_APDU.cpp
+    apdu/Select_APDU.cpp
+    apdu/Delete_File_APDU.cpp
+    apdu/Install_Applet_APDU.cpp
+    apdu/Format_Muscle_Applet_APDU.cpp
+    apdu/Load_File_APDU.cpp
+    apdu/Install_Load_APDU.cpp
+    apdu/Lifecycle_APDU.cpp
+    apdu/List_Objects_APDU.cpp
+    apdu/Import_Key_APDU.cpp
+    apdu/Import_Key_Enc_APDU.cpp
+    apdu/APDU_Response.cpp
+    msg/RA_Begin_Op_Msg.cpp
+    msg/RA_End_Op_Msg.cpp
+    msg/RA_Login_Request_Msg.cpp
+    msg/RA_Login_Response_Msg.cpp
+    msg/RA_SecureId_Request_Msg.cpp
+    msg/RA_SecureId_Response_Msg.cpp
+    msg/RA_ASQ_Request_Msg.cpp
+    msg/RA_ASQ_Response_Msg.cpp
+    msg/RA_New_Pin_Request_Msg.cpp
+    msg/RA_New_Pin_Response_Msg.cpp
+    msg/RA_Token_PDU_Request_Msg.cpp
+    msg/RA_Token_PDU_Response_Msg.cpp
+    msg/RA_Status_Update_Request_Msg.cpp
+    msg/RA_Status_Update_Response_Msg.cpp
+    msg/RA_Extended_Login_Request_Msg.cpp
+    msg/RA_Extended_Login_Response_Msg.cpp
+    channel/Channel.cpp
+    channel/Secure_Channel.cpp
+    engine/RA.cpp
+    processor/RA_Processor.cpp
+    processor/RA_Enroll_Processor.cpp
+    processor/RA_Pin_Reset_Processor.cpp
+    processor/RA_Renew_Processor.cpp
+    processor/RA_Unblock_Processor.cpp
+    processor/RA_Format_Processor.cpp
+    selftests/SelfTest.cpp
+    selftests/TPSPresence.cpp
+    selftests/TPSSystemCertsVerification.cpp
+    selftests/TPSValidity.cpp
+)
+
+include_directories(${TPS_PRIVATE_INCLUDE_DIRS})
+
+add_library(${TPS_SHARED_LIBRARY} SHARED ${tps_library_SRCS})
+target_link_libraries(${TPS_SHARED_LIBRARY} ${TPS_LINK_LIBRARIES})
+
+set_target_properties(
+    ${TPS_SHARED_LIBRARY}
+    PROPERTIES
+        OUTPUT_NAME
+            tps
+)
+
+install(
+    TARGETS
+        ${TPS_SHARED_LIBRARY}
+    LIBRARY DESTINATION ${LIB_INSTALL_DIR}/tps
+)
+
+add_subdirectory(authentication)
+add_subdirectory(modules)
+
diff --git a/pki/base/tps/src/apdu/APDU.cpp b/pki/base/tps/src/apdu/APDU.cpp
new file mode 100644
index 000000000..1ae729cc5
--- /dev/null
+++ b/pki/base/tps/src/apdu/APDU.cpp
@@ -0,0 +1,331 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs an APDU.
+ *
+ * ==============
+ * APDU:
+ * APDU are commands that can be sent from an authorized entity
+ * (such as RA) to the token.  It takes the following form:
+ * ---------------------------------------------------
+ * | CLA | INS | P1  | P2  | lc  | data...
+ * ---------------------------------------------------
+ *
+ * The values for the APDU header: CLA, INS, P1, P2 and lc are defined
+ * in each individual APDU class.
+ *
+ * ==============
+ * Status Words (response):
+ * When APDUs are sent to the token, a response is returned.  The following
+ * is a list of all possible Return Codes (Status Words):
+ *
+ * <I'm hoping not having to type this out...waiting for Bob to get back
+ * to me with an electronic copy of his file...>
+ *
+ * ==============
+ * ObjectID:
+ *    byte[0] - an ASCII letter, 
+ *          'c' - An object containing PKCS11 attributes for a certificate
+ *          'k' - An object containing PKCS11 attributes for a public or private key
+ *          'r' - An object containing PKCS11 attributes for a "reader"
+ *          <upper case letters signify objects containing raw data 
+ *           corresponding to lower cases objects above
+ *    byte[1] - an ASCII numeral, in the range '0' - '9'
+ *    byte[2] - binary zero
+ *    byte[3] - binary zero
+ *
+ * ==============
+ * ACLs:
+ *    Each key or object on the card is associated with an ACL.
+ *
+ * ACL for objects:
+ * [2-byte] Read Permissions;
+ * [2-byte] Write Permissions;
+ * [2-byte] Delete Permissions;
+ *
+ * Each permission is a 2-byte word.  A 1 in a bit grants permission
+ * to it's corresponding identity if pass authentication.
+ * permission 2-byte word format:
+ * Bit 15 - reserved
+ * Bit 14 - Identity #14 (strong - Secure Channel required)
+ * Bit 13 - reserved
+ * ...
+ * Bit  7 - Identity #7 (PIN identity)
+ * ...
+ * Bit  1 - Identity #1 (PIN identity)
+ * Bit  0 - Identity #0 (PIN identity)
+ *
+ * All 0 means operation never allowed
+ */
+TPS_PUBLIC APDU::APDU ()
+{
+	m_data = Buffer(0, (BYTE)0);
+	m_mac = Buffer(0, (BYTE)0);
+} /* APDU */
+
+/**
+ * Destroys an APDU.
+ */ 
+TPS_PUBLIC APDU::~APDU ()
+{
+} /* ~APDU */
+
+/**
+ * Copy constructor.
+ */
+TPS_PUBLIC APDU::APDU (const APDU &cpy)
+{
+    *this = cpy;
+} /* APDU */
+
+/**
+ * Operator for simple assignment.
+ */
+TPS_PUBLIC APDU& APDU::operator=(const APDU &cpy)
+{
+    if (this == &cpy) 
+      return *this;
+    m_cla = cpy.m_cla;
+    m_ins = cpy.m_ins;
+    m_p1 = cpy.m_p1;
+    m_p2 = cpy.m_p2;
+    m_data = cpy.m_data;
+    return *this;
+} /* operator= */
+
+TPS_PUBLIC APDU_Type APDU::GetType()
+{
+	return APDU_UNDEFINED;
+}
+
+/**
+ * Sets APDU's CLA parameter.
+ */
+TPS_PUBLIC void APDU::SetCLA(BYTE cla)
+{
+    m_cla = cla;
+} /* SetCLA */
+
+/**
+ * Sets APDU's INS parameter.
+ */
+TPS_PUBLIC void APDU::SetINS(BYTE ins)
+{
+    m_ins = ins;
+} /* SetINS */
+
+/**
+ * Sets APDU's P1 parameter.
+ */
+TPS_PUBLIC void APDU::SetP1(BYTE p1)
+{
+    m_p1 = p1;
+} /* SetP1 */
+
+/**
+ * Sets APDU's P2 parameter.
+ */
+TPS_PUBLIC void APDU::SetP2(BYTE p2)
+{
+    m_p2 = p2;
+} /* SetP2 */
+
+
+TPS_PUBLIC BYTE APDU::GetCLA()
+{
+	return m_cla;
+}
+
+TPS_PUBLIC BYTE APDU::GetINS()
+{
+	return m_ins;
+}
+
+TPS_PUBLIC BYTE APDU::GetP1()
+{
+	return m_p1;
+}
+
+TPS_PUBLIC BYTE APDU::GetP2()
+{
+	return m_p2;
+}
+
+TPS_PUBLIC Buffer &APDU::GetData()
+{
+	return m_data;
+}
+
+TPS_PUBLIC Buffer &APDU::GetMAC()
+{
+	return m_mac;
+}
+
+/**
+ * Sets APDU's data parameter.
+ */
+TPS_PUBLIC void APDU::SetData(Buffer &data)
+{
+    m_data = data;
+} /* SetData */
+
+TPS_PUBLIC void APDU::SetMAC(Buffer &mac)
+{
+    m_mac = mac;
+} /* SetMAC */
+
+/**
+ * populates "data" with data that's to be mac'd.
+ * note: mac is not handled in here
+ *
+ * @param data results buffer
+ */
+TPS_PUBLIC void APDU::GetDataToMAC(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size() + 8);
+    data += Buffer(m_data, m_data.size());
+}
+
+/*
+ * pad the message, if needed, and then
+ * encrypt it with the encryption session key
+ * and then set data
+ *
+ */
+TPS_PUBLIC PRStatus APDU::SecureMessage(PK11SymKey *encSessionKey)
+{
+    PRStatus rv = PR_SUCCESS;
+    Buffer data_to_enc;
+    Buffer padding;
+    Buffer data_encrypted;
+    int pad_needed = 0;
+#ifdef ENC_DEBUG
+    m_plainText = m_data;
+    // developer debugging only, not for production
+//    RA::DebugBuffer("APDU::SecureMessage", "plaintext (pre padding) = ", &m_plainText);
+#endif
+
+    if (encSessionKey == NULL) {
+ //     RA::Debug("APDU::SecureMessage", "no encryption session key");
+      rv = PR_FAILURE;
+      goto done;
+    }
+//    RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "plaintext data length = %d", m_data.size());
+
+    data_to_enc +=  (BYTE)m_data.size();
+    data_to_enc += m_data;
+
+    if ((data_to_enc.size() % 8) == 0)
+      pad_needed = 0;
+    else if (data_to_enc.size() < 8) {
+      pad_needed = 8 - data_to_enc.size();
+    } else { // data size > 8 and not divisible by 8
+      pad_needed = 8 - (data_to_enc.size() % 8);
+    }
+    if (pad_needed) {
+//      RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "padding needed =%d", pad_needed);
+      data_to_enc += Buffer(1, 0x80);
+      pad_needed --;
+
+      if (pad_needed) {
+//	RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "padding needed =%d", pad_needed);
+	padding = Buffer(pad_needed, (BYTE)0);
+	for (int i = 0; i < pad_needed; i++) {
+	    ((BYTE*)padding)[i] = 0x00;
+	} /* for */
+      } // pad needed
+
+    } else {
+ //     RA::Debug(LL_ALL_DATA_IN_PDU, "APDU::SecureMessage", "padding not needed");
+    }
+
+    if (padding.size() > 0) {
+        data_to_enc += Buffer(padding, padding.size());
+    }
+
+#ifdef ENC_DEBUG
+//    RA::DebugBuffer("APDU::SecureMessage", "data to encrypt (post padding)= ",&data_to_enc);
+#endif
+
+    // now, encrypt "data_to_enc"
+    rv = Util::EncryptData(encSessionKey, data_to_enc, data_encrypted);
+    if (rv == PR_FAILURE) {
+ //     RA::Error("APDU::SecureMessage", "encryption failed");
+      goto done;
+    } else {
+ //     RA::Debug(LL_PER_PDU, "APDU::SecureMessage", "encryption succeeded");
+ //      RA::Debug(LL_PER_PDU, "APDU::SecureMessage", "encrypted data length = %d",
+//	      data_encrypted.size());
+      // set "m_data"
+      m_data = data_encrypted;
+    }
+
+    // lc should be automatically set correctly when getEncoding is called
+
+ done:
+    return rv;
+
+}
+
+
+/**
+ * Retrieves APDU's encoding. 
+ * The encoding of APDU is as follows:
+ *
+ *   CLA            1 byte
+ *   INS            1 byte
+ *   P1             1 byte
+ *   P2             1 byte
+ *   <Data Size>    1 byte
+ *   <Data>         <Data Size> byte(s)
+ *   0              1 byte
+ * 
+ * @param data the result buffer which will contain the actual data
+ *        including the APDU header, data, and pre-calculated mac.
+ */
+TPS_PUBLIC void APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size() + m_mac.size());
+    data += Buffer(m_data, m_data.size());
+    if (m_mac.size() > 0) {
+      data += Buffer(m_mac, m_mac.size());
+    }
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/APDU_Response.cpp b/pki/base/tps/src/apdu/APDU_Response.cpp
new file mode 100644
index 000000000..fac9b1ff4
--- /dev/null
+++ b/pki/base/tps/src/apdu/APDU_Response.cpp
@@ -0,0 +1,111 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU_Response.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a response object.
+ */
+APDU_Response::APDU_Response ()
+{
+}
+
+TPS_PUBLIC APDU_Response::APDU_Response (Buffer &data)
+{
+    m_data = data;
+}
+
+/**
+ * Destroys a response object.
+ */
+APDU_Response::~APDU_Response ()
+{
+}
+
+/**
+ * Copy constructor.
+ */
+APDU_Response::APDU_Response (const APDU_Response &cpy)
+{   
+    *this = cpy;
+}
+
+/**
+ * Operator for simple assignment.
+ */
+APDU_Response& APDU_Response::operator=(const APDU_Response &cpy)
+{   
+    if (this == &cpy)
+      return *this;
+    m_data = cpy.m_data;
+    return *this;
+}
+
+
+
+/**
+ * Retrieves the byte encoding of the response
+ * object including the last 2 state bytes.
+ */
+TPS_PUBLIC Buffer &APDU_Response::GetData()
+{
+    return m_data;
+}
+
+/**
+ * Retrieves the 1st status byte.
+ */
+BYTE APDU_Response::GetSW1()
+{
+    if (m_data == NULL) {
+        return 0x0;
+    } else {
+	if (m_data.size() < 2) {
+            return 0x0;
+        } else {
+            return ((BYTE*)m_data)[((int)m_data.size())-2];
+	}
+    }
+}
+
+
+/**
+ * Retrieves the 2nd status byte.
+ */
+BYTE APDU_Response::GetSW2()
+{
+    if (m_data == NULL) {
+        return 0x0;
+    } else {
+	if (m_data.size() < 2) {
+            return 0x0;
+	} else {
+            return ((BYTE*)m_data)[((int)m_data.size())-1];
+	}
+    }
+}
diff --git a/pki/base/tps/src/apdu/Create_Object_APDU.cpp b/pki/base/tps/src/apdu/Create_Object_APDU.cpp
new file mode 100644
index 000000000..2da9f20d3
--- /dev/null
+++ b/pki/base/tps/src/apdu/Create_Object_APDU.cpp
@@ -0,0 +1,121 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Create Object APDU.  This APDU is usually sent right
+ * before Write_Buffer_APDU is sent.  This APDU only creates an Object
+ * on token, but does not actually writes object content until
+ * Write_Buffer_APDU is sent.
+ *
+ * CreateObject APDU format:
+ * CLA    0x84
+ * INS    0x5a
+ * P1     0x00
+ * P2     0x00
+ * lc     0x0e
+ * DATA   <Object Parameters>
+ *
+ * [DATA] Object Parameters are:
+ *        Long Object ID;
+ *        Long Object Size;
+ *        ObjectACL ObjectACL;
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 08 - object already exists
+ *  9C 01 - insufficient memory on card to complete the operation
+ *
+ * NOTE:
+ *     Observe that the PIN identity is hard-coded at n.2 for each
+ *   permission. In Housekey, this is probably a non-issue, however,
+ *   in housekey, do we not allow multiple people (presumably closely
+ *   -related) to share one token with individual certs?  We should
+ *   consider exposing this as an input param.
+ *
+ * @param object_id as defined in APDU
+ * @param len length of object
+ * @see APDU
+ */
+TPS_PUBLIC Create_Object_APDU::Create_Object_APDU (BYTE *object_id, BYTE *permissions, int len)
+{
+    SetCLA(0x84);
+    SetINS(0x5a);
+    SetP1(0x00);
+    SetP2(0x00);
+    Buffer data;
+    data =
+        /* Object ID */
+        Buffer(1, (BYTE)object_id[0]) +
+        Buffer(1, (BYTE)object_id[1]) +
+        Buffer(1, (BYTE)object_id[2]) +
+        Buffer(1, (BYTE)object_id[3]) +
+        /* data length */
+        Buffer(1, (BYTE)(len >> 24)) +
+        Buffer(1, (BYTE)((len >> 16) & 0xff)) +
+        Buffer(1, (BYTE)((len >> 8) & 0xff)) +
+        Buffer(1, (BYTE)(len & 0xff)) +
+        /* ACLs */
+
+      /* should take from caller
+        // read permission
+        Buffer(1, (BYTE)0xFF) +  // means "read"  never allowed
+        Buffer(1, (BYTE)0xFF) +
+
+        // write permission
+        Buffer(1, (BYTE)0x40) +  //means "write" for identity n.2 (PIN required)
+        Buffer(1, (BYTE)0x00) +
+
+        // delete permission
+        Buffer(1, (BYTE)0x40) +  //means "delete" for identity n.2 (PIN) required
+        Buffer(1, (BYTE)0x00);
+      */
+
+      Buffer(1, (BYTE) permissions[0]) +
+      Buffer(1, (BYTE) permissions[1]) +
+      Buffer(1, (BYTE) permissions[2]) +
+      Buffer(1, (BYTE) permissions[3]) +
+      Buffer(1, (BYTE) permissions[4]) +
+      Buffer(1, (BYTE) permissions[5]);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Create_Object_APDU::~Create_Object_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Create_Object_APDU::GetType()
+{
+      return APDU_CREATE_OBJECT;
+}
diff --git a/pki/base/tps/src/apdu/Create_Pin_APDU.cpp b/pki/base/tps/src/apdu/Create_Pin_APDU.cpp
new file mode 100644
index 000000000..db2ad3d0a
--- /dev/null
+++ b/pki/base/tps/src/apdu/Create_Pin_APDU.cpp
@@ -0,0 +1,73 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs CreatePIN APDU.
+ * CLA    0x80
+ * INS    0x40
+ * P1     <Pin number>
+ * P2     <Max # of allowed attempts>
+ * lc     <data length>
+ * DATA   <Pin Value>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 10 - incorrect p1
+ *  9C 0E - invalid parameter (data)
+ * 
+ * @param p1 Pin number: 0x00 - 0x07
+ * @param p2 Max # of consecutive unsuccessful verifications
+ *           before the PIN blocks.
+ * @param data pin
+ * @see APDU
+ */
+TPS_PUBLIC Create_Pin_APDU::Create_Pin_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+//    SetCLA(0xB0);
+    SetCLA(0x84);
+    SetINS(0x40);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Create_Pin_APDU::~Create_Pin_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Create_Pin_APDU::GetType()
+{
+        return APDU_CREATE_PIN;
+}
diff --git a/pki/base/tps/src/apdu/Delete_File_APDU.cpp b/pki/base/tps/src/apdu/Delete_File_APDU.cpp
new file mode 100644
index 000000000..2306f0255
--- /dev/null
+++ b/pki/base/tps/src/apdu/Delete_File_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Delete File APDU.
+ */
+TPS_PUBLIC Delete_File_APDU::Delete_File_APDU (Buffer &AID)
+{
+    SetCLA(0x84);
+    SetINS(0xE4);
+    SetP1(0x00);
+    SetP2(0x00);
+
+    Buffer AIDTLV(AID.size() + 2);
+    ((BYTE*)AIDTLV)[0] = 0x4F;
+    ((BYTE*)AIDTLV)[1] = AID.size();
+    for(unsigned int i=0; i < AID.size(); ++i ) {
+        ((BYTE*)AIDTLV)[i+2] = ((BYTE*)AID)[i];
+    }
+
+    SetData(AIDTLV);
+}
+
+TPS_PUBLIC Delete_File_APDU::~Delete_File_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Delete_File_APDU::GetType()
+{
+        return APDU_DELETE_FILE;
+}
diff --git a/pki/base/tps/src/apdu/External_Authenticate_APDU.cpp b/pki/base/tps/src/apdu/External_Authenticate_APDU.cpp
new file mode 100644
index 000000000..32c414584
--- /dev/null
+++ b/pki/base/tps/src/apdu/External_Authenticate_APDU.cpp
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "channel/Secure_Channel.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs External Authenticate APDU. This  allows
+ * setting of the security level.
+ */
+TPS_PUBLIC External_Authenticate_APDU::External_Authenticate_APDU (Buffer &data,
+						SecurityLevel sl)
+{
+    SetCLA(0x84);
+    SetINS(0x82);
+    SetP1(0x01);
+
+    if (sl == SECURE_MSG_MAC_ENC) {
+      SetP1(0x03);
+//     RA::Debug("External_Authenticate_APDU::External_Authenticate_APDU",
+	//	"Security level set to 3 - attempted =%d", (int)sl);
+    } else if (sl == SECURE_MSG_NONE) {
+      SetP1(0x00);
+//     RA::Debug("External_Authenticate_APDU::External_Authenticate_APDU",
+//		"Security level set to 0 - attempted =%d", (int)sl);
+    } else { // default
+      SetP1(0x01);
+ //    RA::Debug("External_Authenticate_APDU::External_Authenticate_APDU",
+//		"Security level set to 1 - attempted =%d", (int)sl);
+    }
+
+    SetP2(0x00);
+    SetData(data);
+}
+
+TPS_PUBLIC External_Authenticate_APDU::~External_Authenticate_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &External_Authenticate_APDU::GetHostCryptogram()
+{
+    return GetData();
+}
+
+TPS_PUBLIC APDU_Type External_Authenticate_APDU::GetType()
+{
+	        return APDU_EXTERNAL_AUTHENTICATE;
+}
+
diff --git a/pki/base/tps/src/apdu/Format_Muscle_Applet_APDU.cpp b/pki/base/tps/src/apdu/Format_Muscle_Applet_APDU.cpp
new file mode 100644
index 000000000..dff95b8cd
--- /dev/null
+++ b/pki/base/tps/src/apdu/Format_Muscle_Applet_APDU.cpp
@@ -0,0 +1,107 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Format Muscle Applet APDU.
+ */
+TPS_PUBLIC Format_Muscle_Applet_APDU::Format_Muscle_Applet_APDU (
+		unsigned short memSize, 
+		Buffer &PIN0, BYTE pin0Tries, 
+		Buffer &unblockPIN0, BYTE unblock0Tries, 
+		Buffer &PIN1, BYTE pin1Tries, 
+		Buffer &unblockPIN1, BYTE unblock1Tries, 
+		unsigned short objCreationPermissions, 
+		unsigned short keyCreationPermissions, 
+		unsigned short pinCreationPermissions)
+{
+    SetCLA(0xB0);
+    SetINS(0x2A);
+    SetP1(0x00);
+    SetP2(0x00);
+
+    Buffer data; data.reserve(100);
+    Buffer pin((BYTE *)"Muscle00", 8);
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*) PIN0, PIN0.size());
+    data += pin0Tries; // pin tries
+    data += unblock0Tries; // unblock tries
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*)unblockPIN0, unblockPIN0.size());
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*)PIN1, PIN1.size());
+    data += pin1Tries; // pin tries
+    data += unblock1Tries; // unblock tries
+    data += pin.size();
+    data += pin;
+
+    pin = Buffer((BYTE*)unblockPIN1, unblockPIN1.size());
+    data += pin.size();
+    data += pin;
+
+    data += (BYTE)0; data += (BYTE)0; // fluff
+
+    data += (memSize >> 8) & 0xff;
+    data += memSize & 0xff;
+
+    data += (BYTE)(objCreationPermissions >> 8);
+    data += (BYTE)(objCreationPermissions & 0xFF);
+    data += (BYTE)(keyCreationPermissions >> 8);
+    data += (BYTE)(keyCreationPermissions & 0xFF);
+    data += (BYTE)(pinCreationPermissions >> 8);
+    data += (BYTE)(pinCreationPermissions & 0xFF);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Format_Muscle_Applet_APDU::~Format_Muscle_Applet_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Format_Muscle_Applet_APDU::GetType()
+{
+        return APDU_FORMAT_MUSCLE_APPLET;
+}
+
+TPS_PUBLIC void Format_Muscle_Applet_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size());
+    data += Buffer(m_data, m_data.size());
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Generate_Key_APDU.cpp b/pki/base/tps/src/apdu/Generate_Key_APDU.cpp
new file mode 100644
index 000000000..7d78b5513
--- /dev/null
+++ b/pki/base/tps/src/apdu/Generate_Key_APDU.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Generate Key APDU.
+ */
+TPS_PUBLIC Generate_Key_APDU::Generate_Key_APDU (BYTE p1, BYTE p2, BYTE alg, int keysize, BYTE option,
+BYTE type, Buffer &wrapped_challenge, Buffer &key_check)
+{
+    SetCLA(0x84);
+    SetINS(0x0C);
+    SetP1(p1);
+    SetP2(p2);
+    Buffer data;
+    data =
+    Buffer(1,alg) + 
+        Buffer(1,(BYTE)(keysize/256)) +
+        Buffer(1,(BYTE)(keysize%256)) +
+        Buffer(1,option) + 
+        Buffer(1,type) +
+        Buffer(1,(BYTE)wrapped_challenge.size()) +
+        Buffer(wrapped_challenge) +
+
+        Buffer(1,(BYTE)key_check.size());
+    
+        if(key_check.size() > 0) 
+            data = data + Buffer(key_check); 
+    
+    SetData(data);
+
+}
+
+TPS_PUBLIC Generate_Key_APDU::~Generate_Key_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Generate_Key_APDU::GetType()
+{
+        return APDU_GENERATE_KEY;
+}
diff --git a/pki/base/tps/src/apdu/Get_Data_APDU.cpp b/pki/base/tps/src/apdu/Get_Data_APDU.cpp
new file mode 100644
index 000000000..1cb4d9a5b
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_Data_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Get Data APDU.
+ */
+TPS_PUBLIC Get_Data_APDU::Get_Data_APDU ()
+{
+    SetCLA(0x80);
+    SetINS(0xCA);
+    SetP1(0x9F);
+    SetP2(0x7F);
+}
+
+TPS_PUBLIC Get_Data_APDU::~Get_Data_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_Data_APDU::GetType()
+{
+        return APDU_GET_DATA;
+}
+
+TPS_PUBLIC void Get_Data_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 0x2D);
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Get_IssuerInfo_APDU.cpp b/pki/base/tps/src/apdu/Get_IssuerInfo_APDU.cpp
new file mode 100644
index 000000000..c83d920df
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_IssuerInfo_APDU.cpp
@@ -0,0 +1,80 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs GetIssuer APDU.
+ *
+ * SecureGetIssuer APDU format:
+ * CLA    0x84
+ * INS    0xF6
+ * P1     0x00
+ * P2     0x00
+ * lc     0xE0
+ * DATA   <Issuer Info>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *
+ * @param p1 always 0x00
+ * @param p2 always 0x00
+ * @param data issuer info
+ * @see APDU
+ */
+TPS_PUBLIC Get_IssuerInfo_APDU::Get_IssuerInfo_APDU ()
+{
+    SetCLA(0x84);
+    SetINS(0xF6);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Get_IssuerInfo_APDU::~Get_IssuerInfo_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_IssuerInfo_APDU::GetType()
+{
+        return APDU_GET_ISSUERINFO;
+}
+
+TPS_PUBLIC void Get_IssuerInfo_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 0xe0);
+} /* Encode */
+
diff --git a/pki/base/tps/src/apdu/Get_Status_APDU.cpp b/pki/base/tps/src/apdu/Get_Status_APDU.cpp
new file mode 100644
index 000000000..dcf7c9fac
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_Status_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Get Status APDU.
+ */
+TPS_PUBLIC Get_Status_APDU::Get_Status_APDU ()
+{
+    SetCLA(0xB0);
+    SetINS(0x3C);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Get_Status_APDU::~Get_Status_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_Status_APDU::GetType()
+{
+        return APDU_GET_STATUS;
+}
+
+TPS_PUBLIC void Get_Status_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 16);
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Get_Version_APDU.cpp b/pki/base/tps/src/apdu/Get_Version_APDU.cpp
new file mode 100644
index 000000000..eb7e53728
--- /dev/null
+++ b/pki/base/tps/src/apdu/Get_Version_APDU.cpp
@@ -0,0 +1,59 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Get Version APDU.
+ */
+TPS_PUBLIC Get_Version_APDU::Get_Version_APDU ()
+{
+    SetCLA(0xB0);
+    SetINS(0x70);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Get_Version_APDU::~Get_Version_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Get_Version_APDU::GetType()
+{
+        return APDU_GET_VERSION;
+}
+
+TPS_PUBLIC void Get_Version_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 4);
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Import_Key_APDU.cpp b/pki/base/tps/src/apdu/Import_Key_APDU.cpp
new file mode 100644
index 000000000..18c6c886f
--- /dev/null
+++ b/pki/base/tps/src/apdu/Import_Key_APDU.cpp
@@ -0,0 +1,79 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Import Key APDU.
+ *
+ * CLA 0x84
+ * INS 0x32
+ * P1 Key Number (0x00 -0x0F) - key slot number defined in CS.cfg
+ * P2 0x00
+ * P3 Import Parameters Length (6 bytes: 3 shorts if just for ACL)
+ * DATA Import Parameters
+ *
+ * This function allows th eimport of a key into the card by (over)-writing the Cardlet memory.  Object ID 0xFFFFFFFE needs to be initialized with a key blob before invocation of this function so tha tit can retrieve the key from this object. The exact key blob contents depend on th ekey's algorithm, type and actual import parameters.  The key's number, algorithm type, and parameters are specified by argumetns P1, P2, P3, and DATA.  Appropriate values for these are specified below:
+
+[DATA]
+Import Parameters:
+KeyACL ACL for the imported key;
+Byte[] Additional parameters; // Optional
+If KeyBlob's Encoding is BLOB_ENC_PLAIN(0x00), there are no additional parameters.
+ */
+TPS_PUBLIC Import_Key_APDU::Import_Key_APDU (BYTE p1)
+{
+    SetCLA(0x84);
+    SetINS(0x32);
+    SetP1(p1);
+    SetP2(0x00);
+    //    SetP3(p3);
+
+    Buffer data;
+    data = 
+      Buffer(1, (BYTE)0xFF) +  // means "read allowed" by anyone
+      Buffer(1, (BYTE) 0xFF) +
+      Buffer(1, (BYTE) 0x40) + // means "write" allowed for RA only
+      Buffer(1, (BYTE) 0x00) +
+      Buffer(1, (BYTE) 0xFF) + // means "use" allowed for everyone
+      Buffer(1, (BYTE) 0xFF);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Import_Key_APDU::~Import_Key_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Import_Key_APDU::GetType()
+{
+        return APDU_IMPORT_KEY;
+}
diff --git a/pki/base/tps/src/apdu/Import_Key_Enc_APDU.cpp b/pki/base/tps/src/apdu/Import_Key_Enc_APDU.cpp
new file mode 100644
index 000000000..6df161157
--- /dev/null
+++ b/pki/base/tps/src/apdu/Import_Key_Enc_APDU.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Import Key Encrypted APDU.
+ *
+ * CLA 0x80
+ * INS 0x0A
+ * P1 private Key Number (0x00 -0x0F) - key slot number defined in CMS.cfg
+ * P2 public Key Number (0x00 -0x0F) - key slot number defined in CMS.cfg
+ * DATA:
+ *   Wrapped Key DesKey
+ *   Byte IV_Length
+ *   Byte IV_Data
+ *
+ * This function allows the import of a key into the card by (over)-writing the Cardlet memory.  Object ID 0xFFFFFFFE needs to be initialized with a key blob before invocation of this function so that it can retrieve the key from this object. The exact key blob contents depend on the key's algorithm, type and actual import parameters.  The key's number, algorithm type, and parameters are specified by argumetns P1, P2, P3, and DATA.  Appropriate values for these are specified below:
+
+[DATA]
+Import Parameters:
+...to be provided
+ */
+TPS_PUBLIC Import_Key_Enc_APDU::Import_Key_Enc_APDU (BYTE p1, BYTE p2,
+							   Buffer& data)
+{
+    SetCLA(0x84);
+    SetINS(0x0A);
+    SetP1(p1);
+    SetP2(p2);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Import_Key_Enc_APDU::~Import_Key_Enc_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Import_Key_Enc_APDU::GetType()
+{
+        return APDU_IMPORT_KEY_ENC;
+}
diff --git a/pki/base/tps/src/apdu/Initialize_Update_APDU.cpp b/pki/base/tps/src/apdu/Initialize_Update_APDU.cpp
new file mode 100644
index 000000000..a87091122
--- /dev/null
+++ b/pki/base/tps/src/apdu/Initialize_Update_APDU.cpp
@@ -0,0 +1,66 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Initialize Update APDU.
+ */
+TPS_PUBLIC Initialize_Update_APDU::Initialize_Update_APDU (BYTE key_version, BYTE key_index, Buffer &data)
+{
+    SetCLA(0x80);
+    SetINS(0x50);
+    SetP1(key_version);
+    SetP2(key_index);
+    SetData(data);
+}
+
+TPS_PUBLIC Initialize_Update_APDU::~Initialize_Update_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &Initialize_Update_APDU::GetHostChallenge()
+{
+	return GetData();
+}
+
+TPS_PUBLIC APDU_Type Initialize_Update_APDU::GetType()
+{
+        return APDU_INITIALIZE_UPDATE;
+}
+
+TPS_PUBLIC void Initialize_Update_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, (BYTE)m_data.size());
+    data += Buffer(m_data, m_data.size());
+} /* Encode */
diff --git a/pki/base/tps/src/apdu/Install_Applet_APDU.cpp b/pki/base/tps/src/apdu/Install_Applet_APDU.cpp
new file mode 100644
index 000000000..0a6b9b7c1
--- /dev/null
+++ b/pki/base/tps/src/apdu/Install_Applet_APDU.cpp
@@ -0,0 +1,112 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Install Applet APDU.
+ */
+TPS_PUBLIC Install_Applet_APDU::Install_Applet_APDU (Buffer &packageAID, Buffer &appletAID,
+		BYTE appPrivileges, unsigned int instanceSize, unsigned int appletMemorySize)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x0C);
+    SetP2(0x00);
+
+    Buffer data;
+    data.reserve(32); // pre-allocate
+    data += packageAID.size();
+    data += packageAID;
+    data += appletAID.size();
+    data += appletAID;
+    data += appletAID.size();
+    data += appletAID;
+
+    data += 0x01; // length of application privileges byte
+    data += appPrivileges;
+
+    Buffer installParams; installParams.reserve(6);
+    installParams += 0xEF;
+    installParams += 0x04;
+    installParams += 0xC8;
+    installParams += 0x02;
+
+    installParams += (instanceSize>>8) & 0xff;
+    installParams += instanceSize & 0xff;
+    installParams += 0xC9;
+
+
+    //installParams += 0x01;
+    //installParams += (BYTE)0x00;
+
+    //Now add some applet specific init data that the applet supports
+    //Length of applet specific data
+
+    installParams += 0x04;
+
+    //Issuer info length.
+    //Leave this to zero since TPS already writes phone home info to card.
+    installParams += (BYTE)0x00;
+
+    //Length of applet memory size
+    installParams += (BYTE)0x02;
+
+    // Applet memory block size
+
+    installParams += (appletMemorySize>>8) & 0xff;
+    installParams += appletMemorySize & 0xff;
+
+    data += installParams.size();
+    data += installParams;
+    data += (BYTE) 0x00; // size of token return data
+
+    SetData(data);
+}
+
+/**
+ * Constructs Install Applet APDU.
+ */
+TPS_PUBLIC Install_Applet_APDU::Install_Applet_APDU (Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x0C);
+    SetP2(0x00);
+    SetData(data);
+}
+
+TPS_PUBLIC Install_Applet_APDU::~Install_Applet_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Install_Applet_APDU::GetType()
+{
+        return APDU_INSTALL_APPLET;
+}
diff --git a/pki/base/tps/src/apdu/Install_Load_APDU.cpp b/pki/base/tps/src/apdu/Install_Load_APDU.cpp
new file mode 100644
index 000000000..6169538e5
--- /dev/null
+++ b/pki/base/tps/src/apdu/Install_Load_APDU.cpp
@@ -0,0 +1,91 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Install Load APDU.
+ */
+TPS_PUBLIC Install_Load_APDU::Install_Load_APDU (Buffer& packageAID, Buffer& sdAID, 
+		unsigned int fileLen)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x02);
+    SetP2(0x00);
+
+    Buffer inputData(packageAID.size() + sdAID.size() + 11);
+
+    unsigned int i = 0; // offset
+    ((BYTE*)inputData)[i++] = packageAID.size();
+    inputData.replace(i, packageAID, packageAID.size());
+    i += packageAID.size();
+
+    ((BYTE*)inputData)[i++] = sdAID.size();
+    inputData.replace(i, sdAID, sdAID.size());
+    i += sdAID.size();
+
+    ((BYTE*)inputData)[i++] = 0;
+
+    ((BYTE*)inputData)[i++] = 6;
+
+    ((BYTE*)inputData)[i++] = 0xEF;
+    ((BYTE*)inputData)[i++] = 0x04;
+    ((BYTE*)inputData)[i++] = 0xC6;
+    ((BYTE*)inputData)[i++] = 0x02;
+    fileLen += 24 + sdAID.size(); // !!! XXX
+
+    ((BYTE*)inputData)[i++] = ((fileLen) >> 8) & 0xff;
+    ((BYTE*)inputData)[i++] = fileLen & 0xff;
+
+    ((BYTE*)inputData)[i++] = 0;
+
+    SetData(inputData);
+}
+
+/**
+ * Constructs Install Load APDU. Used when data was pre-constructed
+ */
+TPS_PUBLIC Install_Load_APDU::Install_Load_APDU (Buffer& data)
+{
+    SetCLA(0x84);
+    SetINS(0xE6);
+    SetP1(0x02);
+    SetP2(0x00);
+    SetData(data);
+}
+
+TPS_PUBLIC Install_Load_APDU::~Install_Load_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Install_Load_APDU::GetType()
+{
+        return APDU_INSTALL_LOAD;
+}
diff --git a/pki/base/tps/src/apdu/Lifecycle_APDU.cpp b/pki/base/tps/src/apdu/Lifecycle_APDU.cpp
new file mode 100644
index 000000000..e7236147e
--- /dev/null
+++ b/pki/base/tps/src/apdu/Lifecycle_APDU.cpp
@@ -0,0 +1,50 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Lifecycle APDU.
+ */
+TPS_PUBLIC Lifecycle_APDU::Lifecycle_APDU (BYTE lifecycle)
+{
+    SetCLA(0x84);
+    SetINS(0xf0);
+    SetP1(lifecycle);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Lifecycle_APDU::~Lifecycle_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Lifecycle_APDU::GetType()
+{
+        return APDU_LIFECYCLE;
+}
diff --git a/pki/base/tps/src/apdu/List_Objects_APDU.cpp b/pki/base/tps/src/apdu/List_Objects_APDU.cpp
new file mode 100644
index 000000000..86ae570d9
--- /dev/null
+++ b/pki/base/tps/src/apdu/List_Objects_APDU.cpp
@@ -0,0 +1,61 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Set Pin APDU.
+ */
+TPS_PUBLIC List_Objects_APDU::List_Objects_APDU (BYTE seq)
+{
+    SetCLA(0xB0);
+    SetINS(0x58);
+    SetP1(seq);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC List_Objects_APDU::~List_Objects_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type List_Objects_APDU::GetType()
+{
+        return APDU_LIST_OBJECTS;
+}
+
+TPS_PUBLIC void List_Objects_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, 0x0E);
+} /* Encode */
+
diff --git a/pki/base/tps/src/apdu/List_Pins_APDU.cpp b/pki/base/tps/src/apdu/List_Pins_APDU.cpp
new file mode 100644
index 000000000..218072f21
--- /dev/null
+++ b/pki/base/tps/src/apdu/List_Pins_APDU.cpp
@@ -0,0 +1,63 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Set Pin APDU.
+ */
+TPS_PUBLIC List_Pins_APDU::List_Pins_APDU (BYTE ret_size)
+{
+    SetCLA(0xB0);
+//    SetCLA(0x84);
+    SetINS(0x48);
+    SetP1(0x00);
+    SetP2(0x00);
+    m_ret_size = ret_size;
+}
+
+TPS_PUBLIC List_Pins_APDU::~List_Pins_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type List_Pins_APDU::GetType()
+{
+        return APDU_LIST_PINS;
+}
+
+TPS_PUBLIC void List_Pins_APDU::GetEncoding(Buffer &data)
+{
+    data += Buffer(1, m_cla);
+    data += Buffer(1, m_ins);
+    data += Buffer(1, m_p1);
+    data += Buffer(1, m_p2);
+    data += Buffer(1, m_ret_size);
+} /* Encode */
+
diff --git a/pki/base/tps/src/apdu/Load_File_APDU.cpp b/pki/base/tps/src/apdu/Load_File_APDU.cpp
new file mode 100644
index 000000000..c41f0ec73
--- /dev/null
+++ b/pki/base/tps/src/apdu/Load_File_APDU.cpp
@@ -0,0 +1,52 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Load File APDU.
+ */
+TPS_PUBLIC Load_File_APDU::Load_File_APDU (BYTE refControl, BYTE blockNum, Buffer& data)
+{
+    SetCLA(0x84);
+    SetINS(0xE8);
+    SetP1(refControl);
+    SetP2(blockNum);
+
+    SetData(data);
+}
+
+TPS_PUBLIC Load_File_APDU::~Load_File_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Load_File_APDU::GetType()
+{
+        return APDU_LOAD_FILE;
+}
diff --git a/pki/base/tps/src/apdu/Put_Key_APDU.cpp b/pki/base/tps/src/apdu/Put_Key_APDU.cpp
new file mode 100644
index 000000000..0a061394f
--- /dev/null
+++ b/pki/base/tps/src/apdu/Put_Key_APDU.cpp
@@ -0,0 +1,53 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Put Key APDU.
+ */
+TPS_PUBLIC Put_Key_APDU::Put_Key_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0xd8);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Put_Key_APDU::~Put_Key_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Put_Key_APDU::GetType()
+{
+        return APDU_PUT_KEY;
+}
diff --git a/pki/base/tps/src/apdu/Read_Buffer_APDU.cpp b/pki/base/tps/src/apdu/Read_Buffer_APDU.cpp
new file mode 100644
index 000000000..22f23fe1f
--- /dev/null
+++ b/pki/base/tps/src/apdu/Read_Buffer_APDU.cpp
@@ -0,0 +1,63 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Read Buffer APDU.
+ */
+TPS_PUBLIC Read_Buffer_APDU::Read_Buffer_APDU (int len, int offset)
+{
+    SetCLA(0x84);
+    SetINS(0x08);
+    SetP1(len);
+    SetP2(0x00);
+    Buffer data;
+    data = Buffer(1,(BYTE)(offset/256)) + Buffer(1,(BYTE)(offset%256));
+    SetData(data);
+}
+
+TPS_PUBLIC Read_Buffer_APDU::~Read_Buffer_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Read_Buffer_APDU::GetType()
+{
+	        return APDU_READ_BUFFER;
+}
+
+TPS_PUBLIC int Read_Buffer_APDU::GetLen()
+{
+        return m_p1;
+}
+
+TPS_PUBLIC int Read_Buffer_APDU::GetOffset()
+{
+        return (((int)((BYTE*)m_data)[0]) << 8) + ((int)((BYTE*)m_data)[1]);
+}
diff --git a/pki/base/tps/src/apdu/Read_Object_APDU.cpp b/pki/base/tps/src/apdu/Read_Object_APDU.cpp
new file mode 100644
index 000000000..21722d331
--- /dev/null
+++ b/pki/base/tps/src/apdu/Read_Object_APDU.cpp
@@ -0,0 +1,88 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Read Object APDU. 
+ *
+ * ReadObject APDU format:
+ * CLA    0x84
+ * INS    0x56
+ * P1     0x00
+ * P2     0x00
+ * lc     0x09
+ * DATA   <Data Parameters>
+ *
+ * [DATA] Parameters are:
+ *        Long Object ID;
+ *        Long Offset
+ *        Byte Data Size;
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 07 - object not found
+ *
+ * @param object_id as defined in APDU
+ * @param offset
+ * @param data
+ * @see APDU
+ */
+TPS_PUBLIC Read_Object_APDU::Read_Object_APDU (BYTE *object_id, int offset, int len)
+{
+    SetCLA(0x84);
+    SetINS(0x56);
+    SetP1(0x00);
+    SetP2(0x00);
+    Buffer data;
+    data = 
+        Buffer(1, (BYTE)object_id[0]) +
+        Buffer(1, (BYTE)object_id[1]) +
+        Buffer(1, (BYTE)object_id[2]) +
+        Buffer(1, (BYTE)object_id[3]) +
+        Buffer(1,(BYTE)((offset>>24) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>16) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>8) & 0xff)) +
+        Buffer(1,(BYTE)(offset & 0xff)) +
+        Buffer(1, (BYTE)len);
+    SetData(data);
+}
+
+TPS_PUBLIC Read_Object_APDU::~Read_Object_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Read_Object_APDU::GetType()
+{
+	        return APDU_READ_OBJECT;
+}
+
diff --git a/pki/base/tps/src/apdu/Select_APDU.cpp b/pki/base/tps/src/apdu/Select_APDU.cpp
new file mode 100644
index 000000000..4f5917b29
--- /dev/null
+++ b/pki/base/tps/src/apdu/Select_APDU.cpp
@@ -0,0 +1,49 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Select_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC Select_APDU::Select_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x00);
+    SetINS(0xa4);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Select_APDU::~Select_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Select_APDU::GetType()
+{
+        return APDU_SELECT;
+}
diff --git a/pki/base/tps/src/apdu/Set_IssuerInfo_APDU.cpp b/pki/base/tps/src/apdu/Set_IssuerInfo_APDU.cpp
new file mode 100644
index 000000000..77b1d0f8d
--- /dev/null
+++ b/pki/base/tps/src/apdu/Set_IssuerInfo_APDU.cpp
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs SetIssuer APDU.
+ *
+ * SecureSetIssuer APDU format:
+ * CLA    0x84
+ * INS    0xF4
+ * P1     0x00
+ * P2     0x00
+ * lc     0xE0
+ * DATA   <Issuer Info>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *
+ * @param p1 always 0x00
+ * @param p2 always 0x00
+ * @param data issuer info
+ * @see APDU
+ */
+TPS_PUBLIC Set_IssuerInfo_APDU::Set_IssuerInfo_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0xF4);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Set_IssuerInfo_APDU::~Set_IssuerInfo_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &Set_IssuerInfo_APDU::GetIssuerInfo()
+{
+    return GetData();
+}
+
+TPS_PUBLIC APDU_Type Set_IssuerInfo_APDU::GetType()
+{
+        return APDU_SET_ISSUERINFO;
+}
diff --git a/pki/base/tps/src/apdu/Set_Pin_APDU.cpp b/pki/base/tps/src/apdu/Set_Pin_APDU.cpp
new file mode 100644
index 000000000..3faaa89ed
--- /dev/null
+++ b/pki/base/tps/src/apdu/Set_Pin_APDU.cpp
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "apdu/APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs SetPin APDU.
+ *
+ * SecureSetPIN APDU format:
+ * CLA    0x80
+ * INS    0x04
+ * P1     <Pin number>
+ * P2     0x00
+ * lc     <data length>
+ * DATA   <New Pin Value>
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *
+ * @param p1 Pin number: 0x00 - 0x07
+ * @param p2 always 0x00
+ * @param data pin
+ * @see APDU
+ */
+TPS_PUBLIC Set_Pin_APDU::Set_Pin_APDU (BYTE p1, BYTE p2, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0x04);
+    SetP1(p1);
+    SetP2(p2);
+    SetData(data);
+}
+
+TPS_PUBLIC Set_Pin_APDU::~Set_Pin_APDU ()
+{
+}
+
+TPS_PUBLIC Buffer &Set_Pin_APDU::GetNewPIN()
+{
+    return GetData();
+}
+
+TPS_PUBLIC APDU_Type Set_Pin_APDU::GetType()
+{
+        return APDU_SET_PIN;
+}
diff --git a/pki/base/tps/src/apdu/Unblock_Pin_APDU.cpp b/pki/base/tps/src/apdu/Unblock_Pin_APDU.cpp
new file mode 100644
index 000000000..c580dc9f2
--- /dev/null
+++ b/pki/base/tps/src/apdu/Unblock_Pin_APDU.cpp
@@ -0,0 +1,50 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Unblock_Pin_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Unblock Pin APDU.
+ */
+TPS_PUBLIC Unblock_Pin_APDU::Unblock_Pin_APDU ()
+{
+    SetCLA(0x84);
+    SetINS(0x02);
+    SetP1(0x00);
+    SetP2(0x00);
+}
+
+TPS_PUBLIC Unblock_Pin_APDU::~Unblock_Pin_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Unblock_Pin_APDU::GetType()
+{
+	        return APDU_UNBLOCK_PIN;
+}
diff --git a/pki/base/tps/src/apdu/Write_Object_APDU.cpp b/pki/base/tps/src/apdu/Write_Object_APDU.cpp
new file mode 100644
index 000000000..958ee4384
--- /dev/null
+++ b/pki/base/tps/src/apdu/Write_Object_APDU.cpp
@@ -0,0 +1,103 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include "apdu/APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs Write Buffer APDU.  This APDU is usually sent right after
+ * the Create_Object_APDU is sent.  This APDU writes the actual object
+ * content into the object that was created with Create_Object_APDU.
+ * This APDU is used for both write and re-writes of data.
+ * The object data is stored starting from the byte specified by the
+ * offset parameter.
+ * Up to 240 bytes can be transferred with a single APDU.  If more bytes
+ * need to be transferred, then multiple WriteObject commands must be
+ * used with different offsets.
+ *
+ * WriteObject APDU format:
+ * CLA    0x84
+ * INS    0x54
+ * P1     0x00
+ * P2     0x00
+ * lc     Data Size + 9
+ * DATA   <Data Parameters>
+ *
+ * [DATA] Parameters are:
+ *        Long Object ID;
+ *        Long Offset
+ *        Byte Data Size;
+ *        Byte[] Object Data
+ *
+ * Connection requirement:
+ *   Secure Channel
+ *
+ * Possible error Status Codes:
+ *  9C 06 - unauthorized
+ *  9C 07 - object not found
+ *
+ * @param object_id as defined in APDU
+ * @param offset
+ * @param data
+ * @see APDU
+ */
+TPS_PUBLIC Write_Object_APDU::Write_Object_APDU (BYTE *object_id, int offset, Buffer &data)
+{
+    SetCLA(0x84);
+    SetINS(0x54);
+    SetP1(0x00);
+    SetP2(0x00);
+    Buffer data1;
+    data1 =
+        Buffer(1, (BYTE)object_id[0]) +
+        Buffer(1, (BYTE)object_id[1]) +
+
+        Buffer(1, (BYTE)object_id[2]) +
+        Buffer(1, (BYTE)object_id[3]) +
+      /*
+      Buffer(1, (BYTE)0x00) +
+      Buffer(1, (BYTE)0x00) +
+      */
+        Buffer(1,(BYTE)((offset>>24) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>16) & 0xff)) +
+        Buffer(1,(BYTE)((offset>>8) & 0xff)) +
+        Buffer(1,(BYTE)(offset & 0xff)) +
+        Buffer(1, (BYTE)data.size()) +
+        Buffer(data);
+    SetData(data1);
+}
+
+TPS_PUBLIC Write_Object_APDU::~Write_Object_APDU ()
+{
+}
+
+TPS_PUBLIC APDU_Type Write_Object_APDU::GetType()
+{
+	        return APDU_WRITE_OBJECT;
+}
+
diff --git a/pki/base/tps/src/authentication/CMakeLists.txt b/pki/base/tps/src/authentication/CMakeLists.txt
new file mode 100644
index 000000000..ba8ca07dc
--- /dev/null
+++ b/pki/base/tps/src/authentication/CMakeLists.txt
@@ -0,0 +1,52 @@
+project(ldapauth_library CXX)
+
+set(LDAPAUTH_PUBLIC_INCLUDE_DIRS
+  ${CMAKE_CURRENT_BINARY_DIR}
+  ${CMAKE_CURRENT_SOURCE_DIR}
+  ${TPS_INCLUDE_DIR}
+  CACHE INTERNAL "ldapauth public include directories"
+)
+
+set(LDAPAUTH_PRIVATE_INCLUDE_DIRS
+  ${LDAPAUTH_PUBLIC_INCLUDE_DIRS}
+  ${CMAKE_BINARY_DIR}
+  ${NSPR_INCLUDE_DIRS}
+  ${NSS_INCLUDE_DIRS}
+  ${SVRCORE_INCLUDE_DIRS}
+  ${LDAP_INCLUDE_DIRS}
+)
+
+set(LDAPAUTH_SHARED_LIBRARY
+  ldapauth_library
+  CACHE INTERNAL "ldapauth shared library"
+)
+
+set(LDAPAUTH_LINK_LIBRARIES
+  ${NSPR_LIBRARIES}
+  ${NSS_LIBRARIES}
+  ${SVRCORE_LIBRARIES}
+  ${LDAP_LIBRARIES}
+  ${TOKENDB_SHARED_LIBRARY}
+  ${TPS_SHARED_LIBRARY}
+)
+
+set(ldapauth_library_SRCS
+    LDAP_Authentication.cpp
+)
+
+include_directories(${LDAPAUTH_PRIVATE_INCLUDE_DIRS})
+
+add_library(${LDAPAUTH_SHARED_LIBRARY} SHARED ${ldapauth_library_SRCS})
+target_link_libraries(${LDAPAUTH_SHARED_LIBRARY} ${LDAPAUTH_LINK_LIBRARIES})
+
+set_target_properties(${LDAPAUTH_SHARED_LIBRARY}
+    PROPERTIES
+        OUTPUT_NAME
+            ldapauth
+)
+
+install(
+    TARGETS
+        ${LDAPAUTH_SHARED_LIBRARY}
+    LIBRARY DESTINATION ${LIB_INSTALL_DIR}/tps
+)
diff --git a/pki/base/tps/src/authentication/LDAP_Authentication.cpp b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
new file mode 100644
index 000000000..651557fa7
--- /dev/null
+++ b/pki/base/tps/src/authentication/LDAP_Authentication.cpp
@@ -0,0 +1,424 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "engine/RA.h"
+#include "ldap.h"
+#include "authentication/LDAP_Authentication.h"
+#include "authentication/Authentication.h"
+#include "main/Memory.h"
+#include "main/Util.h"
+
+/**
+ * Constructs a base processor.
+ */
+LDAP_Authentication::LDAP_Authentication ()
+{
+    m_hostport = NULL;
+    m_baseDN = NULL;
+    m_connInfo = NULL;
+    m_attributes = NULL;
+    m_ssl = NULL;
+    m_bindDN = NULL;
+    m_bindPwd = NULL;
+}
+
+/**
+ * Destructs processor.
+ */
+LDAP_Authentication::~LDAP_Authentication ()
+{
+    if( m_hostport != NULL ) {
+        PL_strfree( m_hostport );
+        m_hostport = NULL;
+    }
+
+    if( m_baseDN != NULL ) {
+        PL_strfree( m_baseDN );
+        m_baseDN = NULL;
+    }
+
+    if( m_connInfo != NULL ) {
+        delete m_connInfo;
+        m_connInfo = NULL;
+    }
+}
+
+/*
+ * Search for password name "name" in the password file "filepath"
+ */
+static char *get_pwd_from_conf(char *filepath, const char *name)
+{
+    PRFileDesc *fd;
+    char line[1024];
+    int removed_return;
+    char *val= NULL;
+
+    fd= PR_Open(filepath, PR_RDONLY, 400);
+    if (fd == NULL) {
+        return NULL;
+    }
+
+    while (1) {
+        int n = Util::ReadLine(fd, line, 1024, &removed_return);
+        if (n > 0) {
+            /* handle comment line */
+            if (line[0] == '#')
+                continue;
+            int c = 0;
+            while ((c < n) && (line[c] != ':')) {
+                c++;
+            }
+            if (c < n) {
+                line[c] = '\0';
+            } else {
+                continue; /* no ':', skip this line */
+            }
+            if (!PL_strcmp (line, name)) {
+                val =  PL_strdup(&line[c+1]);
+                break;
+            }
+        } else if (n == 0 && removed_return == 1) {
+            continue; /* skip empty line */
+        } else {
+            break;
+        }
+    }
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+    return val;
+
+}
+
+void LDAP_Authentication::Initialize(int instanceIndex) {
+    char configname[256];
+    const char *prefix="auth.instance";
+    
+    m_index = instanceIndex;
+    PR_snprintf((char *)configname, 256, "%s.%d.hostport", prefix, instanceIndex);
+    m_hostport = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.SSLOn", prefix, instanceIndex);
+    m_isSSL = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+    PR_snprintf((char *)configname, 256, "%s.%d.retries", prefix, instanceIndex);
+    m_retries = RA::GetConfigStore()->GetConfigAsInt(configname, 1);
+    PR_snprintf((char *)configname, 256, "%s.%d.retryConnect", prefix, instanceIndex);
+    m_connectRetries = RA::GetConfigStore()->GetConfigAsInt(configname, 3);
+    m_connInfo = new ConnectionInfo();
+    m_connInfo->BuildFailoverList(m_hostport);
+    PR_snprintf((char *)configname, 256, "%s.%d.baseDN", prefix, instanceIndex);
+    m_baseDN = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.attributes", prefix, instanceIndex);
+    m_attributes = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    /* support of SSL */
+    PR_snprintf((char *)configname, 256, "%s.%d.ssl", prefix, instanceIndex);
+    m_ssl = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.bindDN", prefix, instanceIndex);
+    m_bindDN = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    PR_snprintf((char *)configname, 256, "%s.%d.bindPWD", prefix, instanceIndex);
+    char *m_bindPwdPath = PL_strdup(RA::GetConfigStore()->GetConfigAsString(configname));
+    m_bindPwd = get_pwd_from_conf(m_bindPwdPath, "tokendbBindPass");
+}
+
+/**
+ * @return (0:login correct) (-1:LDAP error)  (-2:User not found) (-3:Password error)
+ */
+
+#define TPS_AUTH_OK                       0
+#define TPS_AUTH_ERROR_LDAP              -1
+#define TPS_AUTH_ERROR_USERNOTFOUND      -2
+#define TPS_AUTH_ERROR_PASSWORDINCORRECT -3
+
+int LDAP_Authentication::Authenticate(AuthParams *params)
+{
+    char buffer[500];
+    char ldapuri[1024];
+    char *host = NULL;
+    char *portStr = NULL;
+    int port = 0;
+    LDAP *ld = NULL;
+    int status = TPS_AUTH_ERROR_LDAP;
+    int version = LDAP_VERSION3;
+    LDAPMessage *result, *e;
+    char *dn = NULL;
+    char *uid = NULL;
+    char *password = NULL;
+    int retries = 0;
+    int rc =0;
+
+    if (params == NULL) {
+        status = TPS_AUTH_ERROR_USERNOTFOUND;
+        goto loser;
+    }
+
+    uid = params->GetUID();
+    password = params->GetPassword();
+
+    GetHostPort(&host, &portStr);
+    port = atoi(portStr); 
+
+    if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) {
+      /* handling of SSL */
+      snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
+    } else {
+      snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
+    }
+    status = ldap_initialize(&ld, ldapuri);
+
+    while ((ld == NULL) && (retries < m_connectRetries)) {
+        RA::IncrementAuthCurrentIndex(m_connInfo->GetHostPortListLen());
+        GetHostPort(&host, &portStr);
+        port = atoi(portStr);
+        if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) {
+          /* handling of SSL */
+          snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
+        } else {
+          snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
+        }
+        status = ldap_initialize(&ld, ldapuri);
+        retries++;    
+    }
+
+    if (ld == NULL) {
+        status = TPS_AUTH_ERROR_LDAP;
+        goto loser;
+    }
+
+    PR_snprintf((char *)buffer, 500, "(uid=%s)", uid);
+
+    while (retries < m_connectRetries) {
+        RA::IncrementAuthCurrentIndex(m_connInfo->GetHostPortListLen());
+        GetHostPort(&host, &portStr);
+        port = atoi(portStr);
+        RA::Debug("ldap auth:"," host=%s, portstr=%s, port=%d", host, portStr, port);
+        if ((m_ssl != NULL) && (strcmp(m_ssl, "true")==0)) {
+          /* handling of SSL */
+          snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
+        } else {
+          snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
+        }
+        status = ldap_initialize(&ld, ldapuri);
+
+        if (ld == NULL) {
+            RA::Debug("LDAP_Authentication::Authenticate:", "ld null.  Trying failover...");
+            retries++;
+            continue;
+        }
+
+        if (ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version) != LDAP_SUCCESS) {
+            status = TPS_AUTH_ERROR_LDAP;
+            goto loser;
+        }
+
+        if (m_bindDN != NULL && strlen(m_bindDN) > 0) {
+            RA::Debug("LDAP_Authentication::Authenticate", "Simple bind required '%s'", m_bindDN);
+            struct berval credential;
+            credential.bv_val = m_bindPwd;
+            credential.bv_len= strlen(m_bindPwd);
+            rc = ldap_sasl_bind_s(ld, m_bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+        }
+
+        int ldap_status = LDAP_OTHER;
+        if ((ldap_status = ldap_search_ext_s(ld, m_baseDN, LDAP_SCOPE_SUBTREE, buffer, NULL, 0, NULL, NULL, NULL, 0, &result)) != LDAP_SUCCESS) {
+            if (ldap_status != LDAP_NO_SUCH_OBJECT) {
+              RA::Debug("LDAP_Authentication::Authenticate:", "LDAP_UNAVAILABLE.  Trying failover...");
+              retries++;
+              continue; // do failover
+            }
+            status = TPS_AUTH_ERROR_USERNOTFOUND;
+        } else {
+            for (e = ldap_first_entry(ld, result); e != NULL; e = ldap_next_entry(ld, e)) {
+                if ((dn = ldap_get_dn(ld, e)) != NULL) {
+                    RA::Debug("LDAP_Authentication::Authenticate", "User bind required '%s' '(sensitive)'", dn );
+                    struct berval credential;
+                    credential.bv_val = password;
+                    credential.bv_len= strlen(password);
+                    rc = ldap_sasl_bind_s(ld, dn, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                    if (rc == LDAP_SUCCESS) {
+                        /* retrieve attributes and, */
+                        /* put them into the auth parameters */
+                        if (m_attributes != NULL) { 
+                             RA::Debug("LDAP_Authentication::Authenticate", "Attributes %s", m_attributes);
+                             char *m_dup_attributes = strdup(m_attributes);
+                             char *token = NULL; 
+                             token = strtok(m_dup_attributes, ","); 
+                             while( token != NULL ) { 
+                                 struct berval **v = NULL;
+                                 v = ldap_get_values_len(ld, e, token);
+                                 if ((v != NULL) && (v[0]!= NULL) && (v[0]->bv_val != NULL)) {
+                                     RA::Debug("LDAP_Authentication::Authenticate", "Exposed %s=%s", token, v[0]->bv_val);
+                                     params->Add(token, PL_strdup(v[0]->bv_val));
+                                     RA::Debug("LDAP_Authentication::Authenticate", "Size %d", params->Size());
+                                 }
+                                 token = strtok( NULL, "," ); 
+                                 if( v != NULL ) {
+                                     ldap_value_free_len( v );
+                                     v = NULL;
+                                 }
+
+                             }
+						     free(m_dup_attributes);
+                        }
+				    	status = TPS_AUTH_OK;   // SUCCESS - PASSWORD VERIFIED
+			    	} else {
+                        status = TPS_AUTH_ERROR_PASSWORDINCORRECT;
+                        goto loser;
+                    } 
+                } else {
+                    status = TPS_AUTH_ERROR_USERNOTFOUND;
+                    goto loser;
+                } 
+            }
+            RA::Debug("LDAP_Authentication::Authenticate:", " authentication completed for %s",uid);
+            break;
+        }
+    } //while
+    
+    if (dn == NULL) {
+        status = TPS_AUTH_ERROR_USERNOTFOUND;
+        goto loser;
+    }
+
+loser:
+
+    if (result != NULL) {
+      ldap_msgfree(result);
+    }
+
+    if (dn != NULL) {
+      ldap_memfree(dn);
+    }
+
+    if (ld != NULL) {
+        ldap_unbind_ext_s(ld, NULL, NULL);
+        ld = NULL;
+    } 
+    return status;
+}
+
+void LDAP_Authentication::GetHostPort(char **p, char **q) {
+    int num=0;
+    int auth_curr = RA::GetAuthCurrentIndex();
+    char *hp = (m_connInfo->GetHostPortList())[auth_curr];
+    char *host_port = PL_strdup(hp);
+
+    char *lasts = NULL;
+    char *tok = PL_strtok_r((char *)host_port, ":", &lasts);
+    while (tok != NULL) {
+        if (num == 0)
+            *p = PL_strdup(tok);
+        else
+            *q = PL_strdup(tok);
+        tok = PL_strtok_r(NULL, ":", &lasts);
+        num++;
+    } 
+
+    PR_Free(host_port);
+} 
+
+bool LDAP_Authentication::IsSSL() {
+    return m_isSSL;
+}
+
+char *LDAP_Authentication::GetHostPort() {
+    return m_hostport;
+}
+
+Authentication *GetAuthentication() {
+    LDAP_Authentication *auth = new LDAP_Authentication();    
+    return (Authentication *)auth;
+}
+
+const char *LDAP_Authentication::GetTitle(char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.title.%s", 
+        prefix, m_index, locale);
+RA::Debug("LDAP_Authentication::GetTitle", "%s", configname);
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+
+const char *LDAP_Authentication::GetDescription(char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.description.%s", 
+        prefix, m_index, locale);
+RA::Debug("LDAP_Authentication::GetDescription", "%s", configname);
+RA::Debug("LDAP_Authentication::GetDescription", "%s", RA::GetConfigStore()->GetConfigAsString(configname));
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+
+int LDAP_Authentication::GetNumOfParamNames()
+{
+    return 2;
+}
+                                                                                
+char *LDAP_Authentication::GetParamID(int index)
+{
+    if (index == 0) 
+        return ( char * ) "UID";
+    else if (index == 1)
+        return ( char * ) "PASSWORD";
+    else
+        return NULL;
+}
+
+const char *LDAP_Authentication::GetParamName(int index, char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.id.%s.name.%s", 
+        prefix, m_index, GetParamID(index), locale);
+
+RA::Debug("LDAP_Authentication::GetParamName", "%s", configname);
+
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+                                                                                
+char *LDAP_Authentication::GetParamType(int index)
+{
+    if (index == 0) 
+        return ( char * ) "string";
+    else if (index == 1)
+        return ( char * ) "password";
+    else
+        return NULL;
+}
+                                                                                
+const char *LDAP_Authentication::GetParamDescription(int index, char *locale)
+{
+    char configname[256];
+    const char *prefix="auth.instance";
+    PR_snprintf((char *)configname, 256, "%s.%d.ui.id.%s.description.%s", 
+        prefix, m_index, GetParamID(index), locale);
+    return RA::GetConfigStore()->GetConfigAsString(configname);
+}
+                                                                                
+char *LDAP_Authentication::GetParamOption(int index)
+{
+    return ( char * ) "";
+}
+
diff --git a/pki/base/tps/src/channel/Channel.cpp b/pki/base/tps/src/channel/Channel.cpp
new file mode 100644
index 000000000..6b77d3a19
--- /dev/null
+++ b/pki/base/tps/src/channel/Channel.cpp
@@ -0,0 +1,69 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "channel/Channel.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/APDU_Response.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a secure channel between the RA and the 
+ * token key directly.
+ */
+Channel::Channel()
+{
+} /* Channel */
+
+/**
+ * Destroys this secure channel.
+ */
+Channel::~Channel ()
+{
+} /* ~Channel */
+
+/**
+ * Closes secure channel.
+ */
+int Channel::Close()
+{
+    /* currently do not have anything to terminate here */
+    return 1;
+}
diff --git a/pki/base/tps/src/channel/Secure_Channel.cpp b/pki/base/tps/src/channel/Secure_Channel.cpp
new file mode 100644
index 000000000..50b24ae99
--- /dev/null
+++ b/pki/base/tps/src/channel/Secure_Channel.cpp
@@ -0,0 +1,2550 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "channel/Secure_Channel.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/APDU_Response.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a secure channel between the RA and the 
+ * token key directly. APDUs that are sent via this channel 
+ * will be  mac'ed using the session key calculated by
+ * TKS which maintains all the user keys.
+ */
+
+Secure_Channel::Secure_Channel(RA_Session *session, PK11SymKey *session_key,
+			       PK11SymKey *enc_session_key,
+			       char *drm_des_key_s,
+			       char *kek_des_key_s, char *keycheck_s,
+    Buffer &key_diversification_data, Buffer &key_info_data,
+    Buffer &card_challenge, Buffer &card_cryptogram,
+    Buffer &host_challenge, Buffer &host_cryptogram)
+{
+    m_icv = Buffer(8,(BYTE)0);
+    m_session = session;
+    m_session_key = session_key;
+    m_enc_session_key = enc_session_key;
+    m_drm_wrapped_des_key_s = drm_des_key_s;
+    m_kek_wrapped_des_key_s = kek_des_key_s;
+    m_keycheck_s = keycheck_s;
+    m_key_diversification_data = key_diversification_data;
+    m_key_info_data = key_info_data;
+    m_card_challenge = card_challenge;
+    m_card_cryptogram = card_cryptogram;
+    m_host_challenge = host_challenge;
+    m_host_cryptogram = host_cryptogram;
+} /* Secure_Channel */
+
+/**
+ * Destroys this secure channel.
+ */
+Secure_Channel::~Secure_Channel ()
+{
+    /* m_session (RA_Session) should not be destroyed at this level. */
+    if( m_session_key != NULL ) {
+        PK11_FreeSymKey( m_session_key );
+        m_session_key = NULL;
+    }
+    if( m_enc_session_key != NULL ) {
+        PK11_FreeSymKey( m_enc_session_key );
+        m_enc_session_key = NULL;
+    }
+    if (m_drm_wrapped_des_key_s != NULL) {
+      PR_Free(m_drm_wrapped_des_key_s);
+      m_drm_wrapped_des_key_s = NULL;
+    }
+    if (m_kek_wrapped_des_key_s != NULL) {
+      PR_Free(m_kek_wrapped_des_key_s);
+      m_kek_wrapped_des_key_s = NULL;
+    }
+    if (m_keycheck_s != NULL) {
+      PR_Free(m_keycheck_s);
+      m_keycheck_s = NULL;
+    }
+} /* ~Secure_Channel */
+
+/**
+ * Closes secure channel.
+ */
+int Secure_Channel::Close()
+{
+    /* currently do not have anything to terminate here */
+    return 1;
+}
+
+/*
+ * to be called by all token request types
+ * it resets m_data if security level is to do encryption
+ */
+int Secure_Channel::ComputeAPDU(APDU *apdu)
+{
+    int rc = -1;
+    Buffer *mac = NULL;
+
+    if (apdu == NULL) {
+      goto loser;
+    }
+    RA::Debug(LL_PER_PDU, "Secure_Channel::ComputeAPDU", "apdu type = %d",
+	      apdu->GetType());
+
+    mac = ComputeAPDUMac(apdu);
+    if (mac == NULL)
+      goto loser;
+
+    if (m_security_level == SECURE_MSG_MAC_ENC) {
+      PRStatus status = apdu->SecureMessage(m_enc_session_key);
+      if (status == PR_FAILURE) {
+	goto loser;
+      }
+    }
+
+    rc = 1;
+ loser: 
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Calculates MAC for the given APDU.
+ */
+Buffer *Secure_Channel::ComputeAPDUMac(APDU *apdu)
+{
+    Buffer data;
+    Buffer *mac = new Buffer(8, (BYTE)0);
+
+    if (apdu == NULL) {
+      RA::Error("Secure_Channel::ComputeAPDUMac", "apdu NULL");
+      if( mac != NULL ) {
+          delete mac;
+          mac = NULL;
+      }
+      return NULL;
+    }
+    apdu->GetDataToMAC(data);
+
+    // developer debugging only - not for deployment
+    //        RA::DebugBuffer("Secure_Channel::ComputeAPDUMac", "Data To MAC'ed",
+    //    		&data);
+
+    // Compute MAC will padd the data if it is 
+    // not in 8 byte multiples
+    Util::ComputeMAC(m_session_key, data, m_icv, *mac);
+    apdu->SetMAC(*mac);
+    m_icv = *mac;
+
+    return mac;
+} /* EncodeAPDUMac */
+
+/**
+ * Sends the token an external authenticate APDU.
+ */
+int Secure_Channel::ExternalAuthenticate()
+{
+    int rc = -1;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    External_Authenticate_APDU *external_auth_apdu = NULL;
+    APDU_Response *response = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::ExternalAuthenticate",
+        "Secure_Channel::ExternalAuthenticate");
+
+    // This command is very strange
+    external_auth_apdu =
+        new External_Authenticate_APDU(m_host_cryptogram, m_security_level);
+
+    // Need to update APDU length to include 8-bytes MAC
+    // before mac'ing the data
+    mac = ComputeAPDUMac(external_auth_apdu);
+    external_auth_apdu->SetMAC(*mac);
+
+    token_pdu_request_msg =
+        new RA_Token_PDU_Request_Msg(external_auth_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ExternalAuthenticate",
+        "Sent external_auth_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "Invalid Msg Type");
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "No Response From Token");
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ExternalAuthenticate",
+            "Invalid Response From Token");
+        goto loser;
+    }
+
+    // must return 0x90 0x00
+    if (!(response->GetSW1() == 0x90 && response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ExternalAuthenticate",
+                "Bad Response %x %x", response->GetSW1(), response->GetSW2());
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ExternalAuthenticate */
+
+int Secure_Channel::DeleteFileX(RA_Session *session, Buffer *aid)
+{
+    int rc = 0;
+    APDU_Response *delete_response = NULL;
+    RA_Token_PDU_Request_Msg *delete_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *delete_response_msg = NULL;
+    Delete_File_APDU *delete_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug("RA_Processor::DeleteFile",
+        "RA_Processor::DeleteFile");
+
+    delete_apdu = new Delete_File_APDU(*aid);
+    rc = ComputeAPDU(delete_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(delete_apdu);
+    delete_apdu->SetMAC(*mac);
+    */
+    delete_request_msg =
+        new RA_Token_PDU_Request_Msg(delete_apdu);
+    session->WriteMsg(delete_request_msg);
+
+    RA::Debug("RA_Processor::DeleteFile",
+        "Sent delete_request_msg");
+
+    delete_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (delete_response_msg == NULL)
+    {
+       RA::Error("RA_Processor::DeleteFile",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (delete_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::DeleteFile",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    delete_response = delete_response_msg->GetResponse();
+    if (delete_response == NULL) {
+        RA::Error("Secure_Channel::DeleteFile",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (delete_response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::DeleteFile",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(delete_response->GetSW1() == 0x90 && 
+	 	delete_response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::DeleteFile",
+                "Bad Response %x %x", delete_response->GetSW1(),
+		delete_response->GetSW2());
+	   rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( delete_request_msg != NULL ) {
+        delete delete_request_msg;
+        delete_request_msg = NULL;
+    }
+    if( delete_response_msg != NULL ) {
+        delete delete_response_msg;
+        delete_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::InstallLoad(RA_Session *session, 
+		Buffer& packageAID, Buffer& sdAID, unsigned int fileLen)
+{
+    int rc = 0;
+    APDU_Response *install_response = NULL;
+    RA_Token_PDU_Request_Msg *install_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *install_response_msg = NULL;
+    Install_Load_APDU *install_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug("RA_Processor::InstallLoad",
+        "RA_Processor::InstallLoad");
+
+    install_apdu = new Install_Load_APDU(packageAID, sdAID, fileLen);
+    rc = ComputeAPDU(install_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(install_apdu);
+    install_apdu->SetMAC(*mac);
+    */
+    install_request_msg =
+        new RA_Token_PDU_Request_Msg(install_apdu);
+    session->WriteMsg(install_request_msg);
+
+    RA::Debug("RA_Processor::InstallLoad",
+        "Sent install_request_msg");
+
+    install_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (install_response_msg == NULL)
+    {
+       RA::Error("RA_Processor::InstallLoad",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::InstallLoad",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    install_response = install_response_msg->GetResponse();
+    if (install_response == NULL) {
+        RA::Error("Secure_Channel::InstallLoad",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::InstallLoad",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(install_response->GetSW1() == 0x90 && 
+	 	install_response->GetSW2() == 0x00)) {
+           RA::Error("Secure_Channel::InstallLoad",
+                "Error Response from token %2x%2x",
+				install_response->GetSW1(),
+				install_response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( install_request_msg != NULL ) {
+        delete install_request_msg;
+        install_request_msg = NULL;
+    }
+    if( install_response_msg != NULL ) {
+        delete install_response_msg;
+        install_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::InstallApplet(RA_Session *session, 
+		Buffer &packageAID, Buffer &appletAID, 
+		BYTE appPrivileges, unsigned int instanceSize, unsigned int appletMemorySize)
+{
+    int rc = 0;
+    APDU_Response *install_response = NULL;
+    RA_Token_PDU_Request_Msg *install_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *install_response_msg = NULL;
+    Install_Applet_APDU *install_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug("RA_Processor::InstallApplet",
+        "RA_Processor::InstallApplet");
+
+    install_apdu = new Install_Applet_APDU(packageAID, appletAID, appPrivileges, 
+		    	instanceSize, appletMemorySize );
+    rc =  ComputeAPDU(install_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(install_apdu);
+    install_apdu->SetMAC(*mac);
+    */
+    install_request_msg =
+        new RA_Token_PDU_Request_Msg(install_apdu);
+    session->WriteMsg(install_request_msg);
+
+    RA::Debug("RA_Processor::InstallApplet",
+        "Sent install_request_msg");
+
+    install_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (install_response_msg == NULL)
+    {
+        RA::Error("RA_Processor::InstallApplet",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::InstallApplet",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    install_response = install_response_msg->GetResponse();
+    if (install_response == NULL) {
+        RA::Error("Secure_Channel::InstallApplet",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (install_response->GetData().size() < 2) {
+        RA::Debug("Secure_Channel::InstallApplet",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(install_response->GetSW1() == 0x90 && 
+	 	install_response->GetSW2() == 0x00)) {
+           RA::Error("Secure_Channel::InstallApplet",
+                "Error Response from Token %2x%2x",
+				install_response->GetSW1(),
+				install_response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( install_request_msg != NULL ) {
+        delete install_request_msg;
+        install_request_msg = NULL;
+    }
+    if( install_response_msg != NULL ) {
+        delete install_response_msg;
+        install_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::LoadFile(RA_Session *session, BYTE refControl, BYTE blockNum, 
+	Buffer *data)
+{
+    int rc = 0;
+    APDU_Response *load_file_response = NULL;
+    RA_Token_PDU_Request_Msg *load_file_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *load_file_response_msg = NULL;
+    Load_File_APDU *load_file_apdu = NULL;
+    //    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::LoadFile",
+        "begin LoadFile");
+
+    load_file_apdu = new Load_File_APDU(refControl, blockNum, *data);
+
+    rc = ComputeAPDU(load_file_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(load_file_apdu);
+    load_file_apdu->SetMAC(*mac);
+    */
+    load_file_request_msg =
+        new RA_Token_PDU_Request_Msg(load_file_apdu);
+
+    session->WriteMsg(load_file_request_msg);
+
+    RA::Debug("RA_Processor::LoadFile",
+        "Sent load_file_request_msg");
+
+    load_file_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (load_file_response_msg == NULL)
+    {
+        RA::Error("RA_Processor::LoadFile",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (load_file_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::LoadFile",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    load_file_response = load_file_response_msg->GetResponse();
+    if (load_file_response == NULL) {
+        RA::Error("Secure_Channel::LoadFile",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (load_file_response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::LoadFile",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(load_file_response->GetSW1() == 0x90 && 
+	 	load_file_response->GetSW2() == 0x00)) {
+           RA::Error("Secure_Channel::LoadFile",
+                "Error Response from Token %2x%2x",
+				load_file_response->GetSW1(),
+				load_file_response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+
+loser:
+    if( load_file_request_msg != NULL ) {
+        delete load_file_request_msg;
+        load_file_request_msg = NULL;
+    }
+    if( load_file_response_msg != NULL ) {
+        delete load_file_response_msg;
+        load_file_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+int Secure_Channel::IsPinPresent(BYTE pin_number)
+{
+    int rc = -1;
+    List_Pins_APDU *list_pins_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Secure_Channel::IsPinPresent");
+    list_pins_apdu = new List_Pins_APDU(2);
+    list_pins_apdu = (List_Pins_APDU *) ComputeAPDU(list_pins_apdu);
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        list_pins_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::IsPinReset",
+            "Invalid Msg Type");
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Response From Token");
+        goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Get Issuer Info
+ */
+Buffer Secure_Channel::GetIssuerInfo()
+{
+    Buffer data;
+    int rc = -1;
+    Get_IssuerInfo_APDU *get_issuerinfo_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::GetIssuerInfo",
+        "Secure_Channel::GetIssuerInfo");
+    get_issuerinfo_apdu = new Get_IssuerInfo_APDU();
+    rc = ComputeAPDU(get_issuerinfo_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        get_issuerinfo_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::GetIssuerInfo",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "No Token PDU Response Msg Received");
+	    rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "Invalid Msg Type");
+	    rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::GetIssuerInfo",
+            "Invalid Response From Token");
+	    rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::GetIssuerInfo",
+                "Bad Response");
+	       rc = -1;
+           goto loser;
+     }
+
+    data = response->GetData();
+    rc = 1;
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return data;
+} /* SetIssuerInfo */
+/**
+ * Set Issuer Info
+ */
+int Secure_Channel::SetIssuerInfo(Buffer *info)
+{
+    int rc = -1;
+    Set_IssuerInfo_APDU *set_issuerinfo_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::SetIssuerInfo",
+        "Secure_Channel::SetIssuerInfo");
+    set_issuerinfo_apdu = new Set_IssuerInfo_APDU(0x0, 0x0, *info);
+    rc = ComputeAPDU(set_issuerinfo_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        set_issuerinfo_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::SetIssuerInfo",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "No Token PDU Response Msg Received");
+	    rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "Invalid Msg Type");
+	    rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::SetIssuerInfo",
+            "Invalid Response From Token");
+	    rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::SetIssuerInfo",
+                "Bad Response");
+	       rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* SetIssuerInfo */
+
+/**
+ * Resets token's pin.
+ */
+int Secure_Channel::ResetPin(BYTE pin_number, char *new_pin)
+{
+    int rc = -1;
+    Set_Pin_APDU *set_pin_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::ResetPin",
+        "Secure_Channel::ResetPin");
+    Buffer data = Buffer((BYTE *)new_pin, strlen(new_pin));
+    set_pin_apdu = new Set_Pin_APDU(0x0, 0x0, data);
+    rc = ComputeAPDU(set_pin_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        set_pin_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ResetPin",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ResetPin",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ResetPin",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ResetPin",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ResetPin",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ResetPin",
+                "Bad Response");
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ResetPin */
+
+/**
+ * inject key (public key, mostly)
+ * @param key_number key slot number (from config file)
+ */
+int Secure_Channel::ImportKey(BYTE key_number)
+{
+    int rc = -1;
+    Import_Key_APDU *import_key_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::ImportKey",
+        "Secure_Channel::ImportKey");
+
+    import_key_apdu = new Import_Key_APDU(key_number);
+    rc = ComputeAPDU(import_key_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    /*
+    mac = ComputeAPDUMac(import_key_apdu);
+    import_key_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        import_key_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ImportKey",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ImportKey",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ImportKey",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ImportKey",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ImportKey",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ImportKey",
+                "Error Response from Token %2x%2x",
+			response->GetSW1(),
+			response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ImportKey */
+
+/**
+ * inject an encrypted key (private key, mostly)
+ * @param key_number key slot number (from config file)
+ */
+int Secure_Channel::ImportKeyEnc(BYTE priv_key_number, BYTE pub_key_number, Buffer* data)
+{
+    int rc = -1;
+    Import_Key_Enc_APDU *import_key_enc_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+      BYTE objid[4];
+
+      objid[0] = 0xFF;
+      objid[1] = 0xFF;
+      objid[2] = 0xFF;
+      objid[3] = 0xFE;
+
+
+    RA::Debug("Secure_Channel::ImportKeyEnc",
+        "Secure_Channel::ImportKeyEnc");
+
+    import_key_enc_apdu = new Import_Key_Enc_APDU(priv_key_number, pub_key_number, *data);
+    rc = ComputeAPDU(import_key_enc_apdu);
+    if (rc == -1) {
+      goto loser;
+    }
+
+    /*
+    mac = ComputeAPDUMac(import_key_enc_apdu);
+    import_key_enc_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        import_key_enc_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::ImportKeyEnc",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::ImportKeyEnc",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    if (!(response->GetSW1() == 0x90 && 
+		response->GetSW2() == 0x00)) {
+      RA::Error("RA_Processor::ImportKeyEnc",
+                "Error Response from Token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+      /*XXX debuging
+      debugBuf = ReadObject((BYTE*)objid, 0, 16);
+      if (debugBuf != NULL)
+	RA::DebugBuffer("Secure_Channel::ImportKeyEnc(): Error:", "debugBuf=",
+    		debugBuf);
+      else
+	RA::Debug("Secure_Channel::ImportKeyEnc(): Error:", "ReadObject for debugging returns none");
+      */
+	rc = -1;
+	goto loser;
+     }
+
+    /*      XXX debugging
+      debugBuf = ReadObject((BYTE*)objid, 0, 200);
+      if (debugBuf != NULL)
+	RA::DebugBuffer("Secure_Channel::ImportKeyEnc(): Success:", "debugBuf=",
+		    debugBuf);
+      else
+	RA::Debug("Secure_Channel::ImportKeyEnc(): Sucess:", "ReadObject for debugging returns none");
+
+    */
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ImportKeyEnc */
+
+
+/**
+ * Put Keys
+ *
+ * Global Platform Open Platform Card Specification 
+ * Version 2.0.1 Page 9-19
+ * Sample Data:
+ *
+ * _____________ CLA
+ * |  __________ INS
+ * |  |  _______ P1
+ * |  |  |  ____ P2
+ * |  |  |  |  _ Len
+ * |  |  |  |  |
+ * 84 D8 00 81 4B
+ * 01 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (AUTH KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (MAC KEY) 
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (KEK KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ * 5E B8 64 3F 73 9D 7D 62
+ *
+ * Data:
+ *
+ * - New key set version
+ * - key set data field (implicit key index P2+0)
+ * - key set data field (implicit key index P2+1)
+ * - key set data field (implicit key index P2+2)
+ * 
+ * Key Set Data:
+ * 
+ * Length    Meaning
+ * ======    =========
+ * 1         Algorithm ID of key
+ * 1-n       Length of key
+ * variable  Key data value
+ * 0-n       Length of Key check value
+ * variable  Key check value (if present)
+ */
+int Secure_Channel::PutKeys(RA_Session *session, BYTE key_version, 
+                   BYTE key_index, Buffer *key_data)
+{
+    int rc = 0;
+    APDU_Response *put_key_response = NULL;
+    RA_Token_PDU_Request_Msg *put_key_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *put_key_response_msg = NULL;
+    Put_Key_APDU *put_key_apdu = NULL;
+    // Buffer *mac = NULL;
+	const char *FN="Secure_Channel::PutKeys";
+
+    RA::Debug(LL_PER_CONNECTION, FN,
+        "RA_Processor::PutKey");
+
+    //For certain keys that require the implicit keyset
+    //00 00
+    //
+    if(key_version == 0xFF)
+        key_version = 0;
+
+    put_key_apdu = new Put_Key_APDU(key_version, 0x80 | key_index, 
+             *key_data);
+    rc = ComputeAPDU(put_key_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(put_key_apdu);
+    put_key_apdu->SetMAC(*mac);
+    */
+    put_key_request_msg =
+        new RA_Token_PDU_Request_Msg(put_key_apdu);
+    session->WriteMsg(put_key_request_msg);
+    RA::Debug(LL_PER_CONNECTION, FN,
+        "Sent put_key_request_msg");
+
+    put_key_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (put_key_response_msg == NULL)
+    {
+    	RA::Error(LL_PER_CONNECTION, FN,
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (put_key_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error(LL_PER_CONNECTION, FN,
+            "Invalid Msg Type");
+	rc = -1;
+        goto loser;
+    }
+    put_key_response =
+        put_key_response_msg->GetResponse();
+    if (put_key_response == NULL) {
+        RA::Error(LL_PER_CONNECTION, FN,
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (put_key_response->GetData().size() < 2) {
+        RA::Error(LL_PER_CONNECTION, FN,
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(put_key_response->GetSW1() == 0x90 && 
+	 	put_key_response->GetSW2() == 0x00)) {
+           RA::Error(LL_PER_CONNECTION, FN,
+                "Error Response %2x%2x", 
+					put_key_response->GetSW1(),
+					put_key_response->GetSW2());
+		rc = -1;
+           goto loser;
+     }
+
+    /* check error */
+    rc = 0;
+
+loser:
+    if( put_key_request_msg != NULL ) {
+        delete put_key_request_msg;
+        put_key_request_msg = NULL;
+    }
+    if( put_key_response_msg != NULL ) {
+        delete put_key_response_msg;
+        put_key_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Sets token's lifecycle state.
+ */
+int Secure_Channel::SetLifecycleState(BYTE flag)
+{
+    int rc = -1;
+    Lifecycle_APDU *lifecycle_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+	const char *FN = "Secure_Channel::SetLifecycleState";
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+        "Begin");
+    lifecycle_apdu = new Lifecycle_APDU(flag);
+    rc = ComputeAPDU(lifecycle_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(lifecycle_apdu);
+    lifecycle_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        lifecycle_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug(LL_PER_CONNECTION,FN,
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "No Token PDU Response Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE)
+    {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "Invalid Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error(LL_PER_CONNECTION,FN,
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error(LL_PER_CONNECTION,FN,
+                "Error Response from token: %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	   rc = -1;
+           goto loser;
+     }
+
+    rc = 0;
+
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* SetLifecycleState */
+
+
+char * Secure_Channel::getDrmWrappedDESKey()
+{
+    return PL_strdup(m_drm_wrapped_des_key_s);
+}
+
+char * Secure_Channel::getKekWrappedDESKey()
+{
+    return PL_strdup(m_kek_wrapped_des_key_s);
+}
+
+char * Secure_Channel::getKeycheck()
+{
+    return PL_strdup(m_keycheck_s);
+}
+
+
+/**
+ * Requests token to generate key in buffer.
+ */
+int Secure_Channel::StartEnrollment(BYTE p1, BYTE p2, Buffer *wrapped_challenge, 
+	Buffer *key_check, BYTE alg, int keysize, BYTE option)
+{
+    int rc = -1;
+    Generate_Key_APDU *generate_key_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+    Buffer data;
+
+    RA::Debug("Secure_Channel::GenerateKey",
+        "Secure_Channel::GenerateKey");
+    generate_key_apdu = new Generate_Key_APDU(p1, p2, alg, keysize, option,
+        alg, *wrapped_challenge, *key_check);
+    rc = ComputeAPDU(generate_key_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(generate_key_apdu);
+    generate_key_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        generate_key_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::GenerateKey",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::GenerateKey",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE)
+    {
+        RA::Error("Secure_Channel::GenerateKey",
+            "Invalid Msg Received");
+	rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+	RA::Error("SecureChannel::GenerateKey", "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+
+    data = response->GetData();
+    if (data.size() != 4) {
+	RA::Error("SecureChannel::GenerateKey", "Token returned error");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::GenerateKey",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	rc = -1;
+           goto loser;
+     }
+
+    /* key length */
+    rc = ((BYTE*)data)[0] * 256 + ((BYTE*)data)[1];               
+
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* GenerateKey */
+
+/**
+ * Reads data from token's buffer.
+ */
+int Secure_Channel::ReadBuffer(BYTE *buf, int buf_len)
+{
+    int rc = -1;
+    Read_Buffer_APDU *read_buffer_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    int offset = 0;
+    int wanted = buf_len;
+    int received = 0;
+    int request = 0;
+    int data_len;
+    Buffer data;
+    Buffer *mac = NULL;
+	const char *FN="Secure_Channel::ReadBuffer";
+
+#define MAX_READ_BUFFER_SIZE 0xd0
+        RA::Debug("Secure_Channel::ReadBuffer",
+            "Secure_Channel::ReadBuffer");
+
+    while (1)
+    {
+        if (wanted > MAX_READ_BUFFER_SIZE)
+        {
+            request = MAX_READ_BUFFER_SIZE;
+        }
+        else
+        {
+            request = wanted;
+        }
+        read_buffer_apdu = new Read_Buffer_APDU(request,offset);
+	rc = ComputeAPDU(read_buffer_apdu);
+	if (rc == -1)
+	  goto loser;
+
+	/*
+        mac = ComputeAPDUMac(read_buffer_apdu);
+        read_buffer_apdu->SetMAC(*mac);
+	*/
+        token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+            read_buffer_apdu);
+        m_session->WriteMsg(token_pdu_request_msg);
+        RA::Debug(LL_PER_CONNECTION, FN,
+            "Sent token_pdu_request_msg");
+
+        token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+            m_session->ReadMsg();
+        if (token_pdu_response_msg == NULL)
+        {
+            RA::Error(LL_PER_CONNECTION, FN,
+                "No Token PDU Response Msg Received");
+            rc = -1;
+            goto loser;
+        }
+        if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+            RA::Error(LL_PER_CONNECTION, FN,
+            "Invalid Msg Type");
+            rc = -1;
+            goto loser;
+        }
+        response = token_pdu_response_msg->GetResponse();
+        if (response == NULL)
+        {
+            RA::Error(LL_PER_CONNECTION, FN,
+                "No Response From Token");
+            rc = -1;
+            goto loser;
+        }
+        if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error(LL_PER_CONNECTION, FN,
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+            rc = -1;
+           goto loser;
+        }
+        data = response->GetData();
+        data_len = data.size() - 2;
+        if (data_len == 0)
+        {
+            break;
+        }
+
+// copy data into buffer
+        for (int i = 0; i < data_len; i++)
+        {
+            buf[offset+i] = ((BYTE*)data)[i];
+        }
+
+        received += data_len;
+        wanted -= data_len;
+        offset += data_len;
+
+        if (wanted == 0)
+        {
+            break;
+        }
+
+        if( token_pdu_request_msg != NULL ) {
+            delete token_pdu_request_msg;
+            token_pdu_request_msg = NULL;
+        }
+        if( token_pdu_response_msg != NULL ) {
+            delete token_pdu_response_msg;
+            token_pdu_response_msg = NULL;
+        }
+    };
+
+    rc = received;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* ReadBuffer */
+
+/**
+ * Writes object to token.
+ */
+int Secure_Channel::CreateObject(BYTE *object_id, BYTE *permissions, int len)
+{
+    int rc = -1;
+    Create_Object_APDU *create_obj_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::CreateObject",
+        "Secure_Channel::CreateObject");
+    create_obj_apdu = new Create_Object_APDU(object_id, permissions, len);
+    rc = ComputeAPDU(create_obj_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(create_obj_apdu);
+    create_obj_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        create_obj_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::CreateObject",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::CreateObject",
+            "No Token PDU Response Msg Received");
+	rc = -1;
+        goto loser;
+    }
+
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+            RA::Error("Secure_Channel::CreateObject",
+            "Invalid Msg Type");
+	rc = -1;
+            goto loser;
+    }
+
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::CreateObject",
+            "No Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (response->GetData().size() < 2) {
+        RA::Error("Secure_Channel::CreateObject",
+            "Invalid Response From Token");
+	rc = -1;
+        goto loser;
+    }
+    if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::CreateObject",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	rc = -1;
+           goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+} /* CreateObject */ 
+
+Buffer *Secure_Channel::ReadObject(BYTE *object_id, int offset, int len)
+{
+    int rc = -1;
+    Buffer data;
+    Read_Object_APDU *read_obj_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+    Buffer *buf = NULL;
+    Buffer result = Buffer();
+
+    RA::Debug("Secure_Channel::ReadObject",
+        "Secure_Channel::ReadObject");
+    int cur_read = 0;
+    int cur_offset = 0;
+    int sum = 0;
+
+#define MAX_READ_BUFFER_SIZE 0xd0
+
+    if (len > MAX_READ_BUFFER_SIZE) {
+        cur_offset = offset;
+    	cur_read = MAX_READ_BUFFER_SIZE;
+    } else {
+        cur_offset = offset;
+    	cur_read = len;
+    }
+
+    while (sum < len) {
+
+        read_obj_apdu = new Read_Object_APDU(object_id, cur_offset, cur_read);
+        rc = ComputeAPDU(read_obj_apdu);
+        if (rc == -1)
+          goto loser;
+
+        token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        	read_obj_apdu);
+        m_session->WriteMsg(token_pdu_request_msg);
+        RA::Debug("Secure_Channel::ReadObject",
+            "Sent token_pdu_request_msg");
+
+        token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+           m_session->ReadMsg();
+        if (token_pdu_response_msg == NULL)
+        {
+           RA::Error("Secure_Channel::ReadObject",
+            "No Token PDU Response Msg Received");
+  	   rc = -1;
+           goto loser;
+        }
+
+        if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) 
+	{
+            RA::Error("Secure_Channel::ReadObject",
+            "Invalid Msg Type");
+  	    rc = -1;
+            goto loser;
+        }
+
+        response = token_pdu_response_msg->GetResponse();
+        if (response == NULL) {
+            RA::Error("Secure_Channel::ReadObject",
+            "No Response From Token");
+	    rc = -1;
+           goto loser;
+        }
+
+        if (response->GetData().size() < 2) {
+            RA::Error("Secure_Channel::ReadObject",
+            "Invalid Response From Token");
+	    rc = -1;
+            goto loser;
+        }
+        if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::ReadObject",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+    	   rc = -1;
+           goto loser;
+        }
+        data = response->GetData();
+        result += Buffer(data.substr(0, data.size() - 2));
+
+	sum += (data.size() - 2);
+	cur_offset += (data.size() - 2);
+
+	if ((len - sum) < MAX_READ_BUFFER_SIZE) {
+		cur_read = len - sum;
+	} else {
+		cur_read = MAX_READ_BUFFER_SIZE;
+	}
+        if (token_pdu_request_msg != NULL) {
+            delete token_pdu_request_msg;
+	    token_pdu_request_msg = NULL;
+	}
+        if (token_pdu_response_msg != NULL) {
+            delete token_pdu_response_msg;
+	    token_pdu_response_msg = NULL;
+	}
+
+    }
+
+    buf = new Buffer((BYTE*)result, result.size());
+
+loser:
+    if (mac != NULL)
+        delete mac;
+    if (token_pdu_request_msg != NULL)
+        delete token_pdu_request_msg;
+    if (token_pdu_response_msg != NULL)
+        delete token_pdu_response_msg;
+
+    return buf;
+}
+
+/**
+ * Writes data to token's buffer.
+ */
+int Secure_Channel::WriteObject(BYTE *objid, BYTE *buf, int buf_len)
+{
+    int rc = -1;
+    int i;
+    Write_Object_APDU *write_buffer_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    int offset = 0;
+    int len = 0;
+    int to_send = buf_len;
+    BYTE *data = buf;
+#define MAX_WRITE_BUFFER_SIZE 0xd0
+    Buffer *send_buf = NULL;
+    Buffer *mac = NULL;
+
+        RA::Debug("Secure_Channel::WriteObject",
+            "Secure_Channel::WriteObject");
+    while (1)
+    {
+        send_buf = new Buffer(MAX_WRITE_BUFFER_SIZE, (BYTE)0);
+        mac = new Buffer(8, (BYTE)0);
+
+        if (to_send > MAX_WRITE_BUFFER_SIZE)
+        {
+            len = MAX_WRITE_BUFFER_SIZE;
+        }
+        else
+        {
+            len = to_send;
+        }
+        RA::Debug("Secure_Channel::WriteObject",
+            "Sent total=%d len=%d", buf_len, len);
+
+        for (i = 0; i < len; i++)
+        {
+            ((BYTE*)*send_buf)[i] = ((BYTE*)data)[i];
+        }
+	Buffer x_buf = Buffer(*send_buf, len);
+
+        write_buffer_apdu = new Write_Object_APDU(objid, offset, x_buf);
+        rc = ComputeAPDU(write_buffer_apdu);
+	if (rc == -1)
+	  goto loser;
+
+	/*
+        mac = ComputeAPDUMac(write_buffer_apdu);
+        write_buffer_apdu->SetMAC(*mac);
+	*/
+        token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+            write_buffer_apdu);
+        m_session->WriteMsg(token_pdu_request_msg);
+        RA::Debug("Secure_Channel::WriteObject",
+            "Sent token_pdu_request_msg");
+
+        token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+            m_session->ReadMsg();
+        if (token_pdu_response_msg == NULL)
+        {
+            RA::Error("Secure_Channel::WriteObject",
+                "No Token PDU Response Msg Received");
+	    rc = -1;
+            goto loser;
+        }
+
+        if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+            RA::Error("Secure_Channel::WriteObject",
+            "Invalid Msg Type");
+	    rc = -1;
+            goto loser;
+        }
+        response = token_pdu_response_msg->GetResponse();
+        if (response == NULL) {
+            RA::Error("Secure_Channel::WriteObject",
+               "No Response From Token");
+	    rc = -1;
+            goto loser;
+        }
+        if (!(response->GetSW1() == 0x90 && 
+	 	response->GetSW2() == 0x00)) {
+           RA::Error("RA_Processor::WriteObject",
+                "Error Response from token %2x%2x",
+				response->GetSW1(),
+				response->GetSW2());
+	    rc = -1;
+           goto loser;
+        }
+        data += len;
+        to_send -= len;
+        offset += len;
+
+        if (to_send == 0)
+            break;                                /* done */
+        if( mac != NULL ) {
+            delete mac;
+            mac = NULL;
+        }
+        if( token_pdu_request_msg != NULL ) {
+            delete token_pdu_request_msg;
+            token_pdu_request_msg = NULL;
+        }
+        if( token_pdu_response_msg != NULL ) {
+            delete token_pdu_response_msg;
+            token_pdu_response_msg = NULL;
+        }
+        if( send_buf != NULL ) {
+            delete send_buf;
+            send_buf = NULL;
+        }
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+    if( send_buf != NULL ) {
+        delete send_buf;
+        send_buf = NULL;
+    }
+
+    return rc;
+} /* WriteObject */ 
+
+int Secure_Channel::CreatePin(BYTE pin_number,
+                BYTE max_retries, const char *pin)
+{
+    int rc = -1;
+    Create_Pin_APDU *create_pin_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::CreatePin",
+        "Secure_Channel::CreatePin");
+    Buffer pin_buffer = Buffer((BYTE*)pin, strlen(pin));
+    create_pin_apdu = new Create_Pin_APDU(pin_number, max_retries,
+                    pin_buffer);
+    rc = ComputeAPDU(create_pin_apdu);
+    if (rc == -1)
+      goto loser;
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        create_pin_apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::CreatePin",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Token PDU Response Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::CreatePin",
+            "Invalid Msg Type");
+        rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Response From Token");
+        rc = -1;
+        goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+APDU_Response *Secure_Channel::SendTokenAPU(APDU *apdu)
+{
+    int rc;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+
+    RA::Debug("Secure_Channel::SendTokenAPDU",
+        "Secure_Channel::SendTokenAPDU");
+    rc = ComputeAPDU(apdu);
+    if (rc == -1)
+      goto loser;
+
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        apdu);
+    m_session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::SendTokenAPDU",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        m_session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::SendTokenAPDU",
+            "No Token PDU Response Msg Received");
+        rc = -1;
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+        RA::Error("Secure_Channel::SendTokenAPDU",
+            "Invalid Msg Type");
+        rc = -1;
+        goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::SendTokenAPDU",
+            "No Response From Token");
+        rc = -1;
+        goto loser;
+    }
+
+loser:
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return response;
+}
+
+
+static void AppendSHORTtoBuffer(Buffer &buf,unsigned short s)
+{
+
+    buf += s/256;
+    buf += s%256;
+}
+
+
+static void AppendLONGtoBuffer(Buffer &buf, unsigned int l)
+{
+    buf += l>>24;
+    buf += (l >> 16) & 0xFF;
+    buf += (l >> 8) & 0xFF;
+    buf += l & 0xFF;
+}
+
+static void AppendAttribute(Buffer &buf, unsigned int type, unsigned int length, BYTE *b)
+{
+    AppendLONGtoBuffer(buf, type);
+    AppendSHORTtoBuffer(buf, length);
+    buf += Buffer(b,length);
+}
+
+static void AppendKeyCapabilities(Buffer &b, const char *opType, const char *tokenType, const char *keyTypePrefix, const char *keyType) {
+    char configname[256];
+
+    bool bvalue = false;
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.encrypt",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_ENCRYPT, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.sign",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_SIGN, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.signRecover",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_SIGN_RECOVER, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.decrypt",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_DECRYPT, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.derive",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_DERIVE, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.unwrap",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_UNWRAP, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.wrap",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_WRAP, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.verifyRecover",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_VERIFY_RECOVER, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.verify",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_VERIFY, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.sensitive",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_SENSITIVE, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.private",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_PRIVATE, 1, Util::bool2byte(bvalue));
+        PR_snprintf((char *)configname, 256, "%s.%s.keyCapabilities.token",
+          keyTypePrefix, keyType);
+        bvalue = RA::GetConfigStore()->GetConfigAsBool(configname);
+        AppendAttribute(b,CKA_TOKEN, 1, Util::bool2byte(bvalue));
+}
+
+static void FinalizeBuffer(Buffer &b, const char* id)
+{
+        ((BYTE*)b)[0] = 0;
+        ((BYTE*)b)[1] = id[0];
+        ((BYTE*)b)[2] = id[1];
+        ((BYTE*)b)[3] = 0;
+        ((BYTE*)b)[4] = 0;
+        ((BYTE*)b)[5] = (b.size()-7) / 256;
+        ((BYTE*)b)[6] = (b.size()-7) % 256;
+}
+
+/**
+ * Creates object on token.
+ */
+int Secure_Channel::CreateObject(BYTE *objid, BYTE *permissions, Buffer *obj)
+{
+    int rc = -1;
+    rc = CreateObject(objid, permissions, obj->size());
+    if (rc == -1)
+        goto loser;
+    rc = WriteObject(objid, (BYTE*)*obj, obj->size());
+    if (rc == -1)
+        goto loser;
+    rc = 1;
+loser:
+    return rc;
+} /* CreateObject */
+
+int Secure_Channel::CreateCertificate(const char *id, Buffer *cert)
+{
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, cert);
+} /* CreateCertificate */
+
+/*
+Cert attrib object (c0):
+CKA_LABEL(0x0003): cert nickname
+CKA_ID (0x0102): 20 bytes same as public key
+CKA_CERTIFICATE_TYPE(0x0080): 00 00 00 00 (CKC_X_509)
+CKA_CLASS(0x0000): 01 00 00 00 (little-endian for CKO_CERTIFICATE)
+CKA_TOKEN(0x0001): true
+
+0000000 0063 3000 0000 6400 0000 0300 294a 616d   /Jam
+0000020 6965 204e 6963 6f6c 736f 6e27 7320 416d   /ie Nicolson's Am
+0000040 6572 6963 6120 4f6e 6c69 6e65 2049 6e63   /erica Online Inc
+0000060 2049 4420 2332
+                       0000 0102 0014 709b a306   /ID #2
+0000100 3fc8 9ad4 23c6 a1b2 eb04 d8ff f7dd 3f55
+0000120 0000 0080 0004 0000 0000 0000 0000 0004
+0000140 0100 0000 0000 0001 0001 0100 0000 0000
+0000160 0000 0000 0000 0000 0000 0000 0000 0000
+
+mine: (no subject)
+
+
+        0063 3000 0000 4500 0000 0300 0A74 6861
+        7965 7330 3939 33
+                       0000 0102 0014 206E 8B36
+                03A5 568D 266D 51EC 40F0 E35B B55F 8BCC
+                0000 0080 0004 0000 0000 0000 0000 0004
+                0100 0000 0000 0001 0001 01
+
+*/
+
+Buffer Secure_Channel::CreatePKCS11CertAttrsBuffer(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid)
+{
+    BYTE type[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 1,0,0,0 };
+    BYTE tokenflag[1] = { 1 };
+
+    Buffer b(256);       // allocate some space
+    b.resize(7);         // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "id=%s", id);
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrs", "keyid", keyid);
+    AppendAttribute(b, CKA_LABEL, strlen(label), (BYTE*)label);
+    // hash of pubk
+    AppendAttribute(b, CKA_ID,  keyid->size(), (BYTE*)*keyid);
+     // type of cert
+    AppendAttribute(b, CKA_CERTIFICATE_TYPE, 4, type);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+    AppendAttribute(b, CKA_TOKEN, 1, tokenflag);
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrsBuffer", "buffer", &b);
+
+   return b;
+}
+
+int Secure_Channel::CreatePKCS11CertAttrs(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid)
+{
+    BYTE type[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 1,0,0,0 };
+    BYTE tokenflag[1] = { 1 };
+
+    Buffer b(256);       // allocate some space
+    b.resize(7);         // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "id=%s", id);
+  RA::Debug("Secure_Channel::CreatePKCS11CertAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrs", "keyid", keyid);
+    AppendAttribute(b, CKA_LABEL, strlen(label), (BYTE*)label);
+    // hash of pubk
+    AppendAttribute(b, CKA_ID,  keyid->size(), (BYTE*)*keyid);
+     // type of cert
+    AppendAttribute(b, CKA_CERTIFICATE_TYPE, 4, type);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+    AppendAttribute(b, CKA_TOKEN, 1, tokenflag);
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11CertAttrs", "buffer", &b);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, &b);
+} /* CreatePKCS11CertAttrs */
+
+/*
+
+Private Key: (k0)
+CKA_SUBJECT (0x0101): subject name of cert
+CKA_LABEL (0x0003): nickname of cert
+CKA_MODULUS (0x0120)
+   (sha1 hash of spki)
+CKA_ID (0x0102): ?? (20 bytes, 70 9b a3 06 3f c8 9a d4 23 c6 a1 b2 eb 04 d8 ff f7 dd 3f 55)
+CKA_SENSITIVE(0x0103): true
+CKA_PRIVATE(0x0002): true
+CKA_TOKEN(0x0001): true
+CKA_KEY_TYPE(0x0100): 0x00000000 (CKK_RSA)
+cKA_CLASS(0x0000): 03 00 00 00 (little-endian(!) for CKO_PRIVATE_KEY)
+
+
+0000000 006b 3000 0001 8400 0001 0100 8630 8183
+0000020 310b 3009 0603 5504 0613 0255 5331 1b30
+0000040 1906 0355 040a 1312 416d 6572 6963 6120
+0000060 4f6e 6c69 6e65 2049 6e63 3118 3016 060a 
+0000100 0992 2689 93f2 2c64 0101 1308 6e69 636f
+0000120 6c73 6f6e 3124 3022 0609 2a86 4886 f70d
+0000140 0109 0116 156e 6963 6f6c 736f 6e40 6e65
+0000160 7473 6361 7065 2e63 6f6d 3117 3015 0603
+0000200 5504 0313 0e4a 616d 6965 204e 6963 6f6c
+0000220 736f 6e00 00
+        00 0300 294a 616d 6965 204e
+0000240 6963 6f6c 736f 6e27 7320 416d 6572 6963
+0000260 6120 4f6e 6c69 6e65 2049 6e63 2049 4420
+0000300 2332 
+             0000 0120 0080 a70e 07f4 3f51 86c7
+0000320 4f8d 4b64 522d 8c4b 31ae 58f2 f04d a9fd
+0000340 2701 637e 5245 bb48 23ec 2259 742b ddc4
+0000360 e5da f571 78df 07ba b555 6d05 0de5 7329
+0000400 f073 94e2 00a6 f846 d99d d01c 8b62 684c
+0000420 5133 9b16 3c8f ee83 34fc 844d 829b 6fca
+0000440 e694 c432 9532 6413 323c 8b81 bc64 ed30
+0000460 6074 6926 aff5 6b7f cb43 0c40 c039 ba55
+0000500 7d3a 365d bb82 0b49 0000 0102 0014 709b
+0000520 a306 3fc8 9ad4 23c6 a1b2 eb04 d8ff f7dd
+0000540 3f55 0000 0103 0001 0100 0000 0200 0101
+0000560 0000 0001 0001 0100 0001 0000 0400 0000
+0000600 0000 0000 0000 0403 0000 0000 0000 0000
+0000620 0000 0000 0000 0000 0000 0000 0000 0000
+0000640 0000 015e ffff ffff fffe 0002 0002 0002
+0000660 014e 0000 0000 0000 0000 0000 0000 0000
+0000700 0000 0000 0000 0000 0000 0000 0000 0000
+
+mine:
+
+        006B 3000 0000 D900 0000 0300 0A74 6861
+        7965 7330 3939 33
+             0000 0120 0080 DB1F EF
+        9EEA 63EC F3A9 F831 EDB2 AC38 3957 1917
+        186D 1CEB 782D 34BA B6DA 4F65 54A5 68B0
+        A08F 7840 FDF8 E115 E8A4 1522 4706 B807
+        572A 31D2 2BB9 DD9F AF0C 2E0B 8183 ADE2
+        78C4 B13E 0ED6 92F1 9989 D872 1474 A7A6
+        2205 7928 1977 075A 5A76 B24D 8FE0 99C1
+        32BE AE72 5C5D A8FA 3E93 F815 0669 074A
+        2FF5 99EE 4A29 EDC8 5B79 7B93 5D
+                0000 0102 0014 206E 8B36 03A5 568D 266D
+            51EC 40F0 E35B B55F 8BCC
+        0000 0103 0001 0100 00
+        00020001010000000100010100000100
+        00040000000000000000000403000000
+
+        H 00020001010000000100010100000100
+                H 00040000000000000000000403000000
+
+        M 00020001010000000100010100000100
+        M 00040000000000000000000403000000
+*/
+Buffer Secure_Channel::CreatePKCS11PriKeyAttrsBuffer(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+    // BYTE sensitiveflag[1] = { 1 };
+    // BYTE privateflag[1] = { 1 };
+    // BYTE token[1] = { 1 };
+    BYTE keytype[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 3,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);               // allocate some space
+    b.resize(7);                 // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PriAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "modulus", modulus);
+  RA::Debug("Secure_Channel::CreatePKCS11PriAttrs", "id=%s",id);
+
+//    AppendAttribute(b,CKA_LABEL, strlen(label), (BYTE*)label);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+    AppendAttribute(b,CKA_KEY_TYPE, 4, keytype);
+    AppendAttribute(b,CKA_CLASS, 4, p11class );
+    // hash of pubk
+    AppendAttribute(b,CKA_ID, keyid->size(),   (BYTE*)*keyid);
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "private");
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrsBuffer", "buffer", &b);
+
+    return b;
+
+} /* CreatePKCS11PriKeyAttrs */
+
+int Secure_Channel::CreatePKCS11PriKeyAttrs(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+    // BYTE sensitiveflag[1] = { 1 };
+    // BYTE privateflag[1] = { 1 };
+    // BYTE token[1] = { 1 };
+    BYTE keytype[4] = { 0,0,0,0 };
+    BYTE p11class[4] = { 3,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);               // allocate some space
+    b.resize(7);                 // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PriAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "modulus", modulus);
+
+//    AppendAttribute(b,CKA_LABEL, strlen(label), (BYTE*)label);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+    AppendAttribute(b,CKA_KEY_TYPE, 4, keytype);
+    AppendAttribute(b,CKA_CLASS, 4, p11class );
+    // hash of pubk
+    AppendAttribute(b,CKA_ID, keyid->size(),   (BYTE*)*keyid);
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "private");
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PriAttrs", "buffer", &b);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, &b);
+
+} /* CreatePKCS11PriKeyAttrs */
+
+/*
+Public Key: (k1)
+CKA_PUBLIC_EXPONENT(0x0122)
+CKA_MODULUS(0x0120)
+CKA_ID (0x0102): (20 bytes) same as private key
+CKA_CLASS(0x0000): 02 00 00 00 (little-endian for CKO_PUBLIC_KEY)
+
+0000000 006b 3100 0000 b300 0001 2200 0301 0001
+0000020 0000 0120 0080 a70e 07f4 3f51 86c7 4f8d
+0000040 4b64 522d 8c4b 31ae 58f2 f04d a9fd 2701
+0000060 637e 5245 bb48 23ec 2259 742b ddc4 e5da 
+0000100 f571 78df 07ba b555 6d05 0de5 7329 f073
+0000120 94e2 00a6 f846 d99d d01c 8b62 684c 5133
+0000140 9b16 3c8f ee83 34fc 844d 829b 6fca e694
+0000160 c432 9532 6413 323c 8b81 bc64 ed30 6074
+0000200 6926 aff5 6b7f cb43 0c40 c039 ba55 7d3a 
+0000220 365d bb82 0b49 0000 0102 0014 709b a306
+0000240 3fc8 9ad4 23c6 a1b2 eb04 d8ff f7dd 3f55
+0000260 0000 0000 0004 0200 0000 0000 0000 0000
+0000300 0000 0000 0000 0000 0000 0000 0000 0000
+*   
+0000400
+
+mine:
+        006B 3100 0000 B300 0001 2200 0301 0001
+        0000 0120 0080 F3E1 1AF0 906D BD35 4792 
+                348A CC4D 6147 CFAC 659A D018 34DD 4621
+                AB57 75F5 B5E0 87D4 F6C2 2B89 3324 D980
+                2926 4BF1 0F64 A6E5 4368 9DA5 2620 335E
+                ADCD 7540 7CBA B1F9 4ACE EEF8 13FF 6524
+                B76F C7B1 2D21 DD42 5342 EFC3 034E 39DD
+                ACBC 5C43 AC14 974A 45D4 5E66 6FFA BB17
+                1E98 C177 68CC B51B 1B7E 28C5 38AB 729D
+                27FD 3077 8C39 0000 0102 0014 815B 6FFE
+                9B2A 8515 9C76 0F92 4A4E 349F 61EA 521F
+                0000 0000 0004 0200 0000
+
+
+*/
+Buffer Secure_Channel::CreatePKCS11PubKeyAttrsBuffer(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+#if 0
+    BYTE pubexp[3] =     // XXX should I really hardcode this!?
+    {
+        0x01,0x00,0x01
+    };
+#endif
+    BYTE p11class[4] = { 2,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);        // allocate some space
+    b.resize(7);          // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PubAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "modulus", modulus);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "exponent", exponent);
+
+    AppendAttribute(b, CKA_PUBLIC_EXPONENT, exponent->size(),(BYTE*) *exponent);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+     // XXX TUES
+    // hash of pubk
+    AppendAttribute(b,CKA_ID,  keyid->size(), (BYTE*)*keyid);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "public");
+
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrsBuffer", "buffer", &b);
+
+    return b;
+} /* CreatePKCS11PubKeyAttrs */
+
+int Secure_Channel::CreatePKCS11PubKeyAttrs(TokenKeyType key_type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix)
+{
+#if 0
+    BYTE pubexp[3] =     // XXX should I really hardcode this!?
+    {
+        0x01,0x00,0x01
+    };
+#endif
+    BYTE p11class[4] = { 2,0,0,0 };
+    // BYTE ZERO[1] = { 0 };
+    // BYTE ONE[1] = { 1 };
+    // char configname[256];
+
+    Buffer b(256);        // allocate some space
+    b.resize(7);          // this keeps the allocated space around
+
+  RA::Debug("Secure_Channel::CreatePKCS11PubAttrs", "label=%s", label);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "keyid", keyid);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "modulus", modulus);
+  RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "exponent", exponent);
+
+    AppendAttribute(b, CKA_PUBLIC_EXPONENT, exponent->size(),(BYTE*) *exponent);
+    AppendAttribute(b,CKA_MODULUS, modulus->size(), (BYTE*)*modulus);
+     // XXX TUES
+    // hash of pubk
+    AppendAttribute(b,CKA_ID,  keyid->size(), (BYTE*)*keyid);
+    AppendAttribute(b, CKA_CLASS, 4, p11class );  // type of object
+
+    AppendKeyCapabilities(b, opType, tokenType, keyTypePrefix, "public");
+
+
+    FinalizeBuffer(b, id);
+
+ RA::DebugBuffer("Secure_Channel::CreatePKCS11PubAttrs", "buffer", &b);
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+    return CreateObject((BYTE*)id, perms, &b);
+} /* CreatePKCS11PubKeyAttrs */
+
+Buffer &Secure_Channel::GetKeyDiversificationData()
+{
+    return m_key_diversification_data;
+} /* GetKeyDiversificationData */
+
+Buffer &Secure_Channel::GetKeyInfoData()
+{
+    return m_key_info_data;
+} /* GetKeyInfoData */
+
+Buffer &Secure_Channel::GetCardChallenge()
+{
+    return m_card_challenge;
+} /* GetCardChallenge */
+
+Buffer &Secure_Channel::GetCardCryptogram()
+{
+    return m_card_cryptogram;
+} /* GetCardCryptogram */
+
+Buffer &Secure_Channel::GetHostChallenge()
+{
+    return m_host_challenge;
+} /* GetCardCryptogram */
+
+Buffer &Secure_Channel::GetHostCryptogram()
+{
+    return m_host_cryptogram;
+} /* GetHostCryptogram */
+
+SecurityLevel Secure_Channel::GetSecurityLevel()
+{
+    return m_security_level;
+}
+
+void Secure_Channel::SetSecurityLevel(SecurityLevel level)
+{
+    m_security_level = level;
+}
diff --git a/pki/base/tps/src/cms/CertEnroll.cpp b/pki/base/tps/src/cms/CertEnroll.cpp
new file mode 100644
index 000000000..602e0cc22
--- /dev/null
+++ b/pki/base/tps/src/cms/CertEnroll.cpp
@@ -0,0 +1,725 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "cms/HttpConnection.h"
+#include "cms/CertEnroll.h"
+
+// for public key processing
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+
+#include "main/Memory.h"
+
+Buffer * parseResponse(char * /*response*/);
+ReturnStatus verifyProof(SECKEYPublicKey* , SECItem* ,
+             unsigned short , unsigned char* ,
+             unsigned char* );
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs handle for Certificate Enrollment
+ */
+TOKENDB_PUBLIC CertEnroll::CertEnroll()
+{
+}
+
+/**
+ * Destructs handle for Certificate Enrollment
+ */
+TOKENDB_PUBLIC CertEnroll::~CertEnroll()
+{
+}
+
+/**
+ * Revokes a certificate in the CA
+ * reason:
+ *   0 = Unspecified
+ *   1 = Key compromised
+ *   2 = CA key compromised
+ *   3 = Affiliation changed
+ *   4 = Certificate superseded
+ *   5 = Cessation of operation
+ *   6 = Certificate is on hold
+ * serialno: serial number in decimal
+ */
+TOKENDB_PUBLIC int CertEnroll::RevokeCertificate(const char *reason, const char *serialno, const char *connid, char *&o_status)
+{
+    char parameters[5000];
+    char configname[5000];
+    int num;
+
+    PR_snprintf((char *)parameters, 5000, "op=revoke&revocationReason=%s&revokeAll=(certRecordId%%3D%s)&totalRecordCount=1", reason, serialno);
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.revoke", connid);
+    char *servletID = (char*)RA::GetConfigStore()->GetConfigAsString(configname);
+
+    PSHttpResponse *resp =  sendReqToCA(servletID, parameters, connid);
+
+    if (resp != NULL) {
+        char *content = resp->getContent();
+        char *p = strstr(content, "status=");
+        num = *(p+7) - '0';
+        RA::Debug("CertEnroll::RevokeCertificate", "serialno=%s reason=%s connid=%s status=%d", serialno, reason, connid, num);
+        if (num != 0) {
+            char *q = strstr(p, "error=");
+            q = q+6;
+            o_status = PL_strdup(q);
+            RA::Debug("CertEnroll::RevokeCertificate", "status string=%s", q);
+        }
+        if (content != NULL) {
+            resp->freeContent();
+            content = NULL;
+        }    
+        delete resp;
+        resp = NULL;
+    } else {
+        RA::Debug("CertEnroll::RevokeCertificate", "serialno=%s reason=%s connid=%s failed: resp is NULL");
+        o_status = PL_strdup("resp from sendReqToCA is NULL");
+        num = 1;  //non-zero
+    }
+    return num;
+}
+
+TOKENDB_PUBLIC int CertEnroll::UnrevokeCertificate(const char *serialno, const char *connid,
+  char *&o_status)
+{
+    char parameters[5000];
+    char configname[5000];
+    int num;
+
+    PR_snprintf((char *)parameters, 5000, "serialNumber=%s",serialno);
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.unrevoke", connid);
+    char *servletID = (char*)RA::GetConfigStore()->GetConfigAsString(configname);
+
+    PSHttpResponse *resp =  sendReqToCA(servletID, parameters, connid);
+    if (resp != NULL) {
+        // XXX - need to parse response
+        char *content = resp->getContent();
+        char *p = strstr(content, "status=");
+        num = *(p+7) - '0';
+        RA::Debug("CertEnroll::UnrevokeCertificate", "status=%d", num);
+        
+        if (num != 0) {
+            char *q = strstr(p, "error=");
+            q = q+6;
+            o_status = PL_strdup(q);
+            RA::Debug("CertEnroll::UnrevokeCertificate", "status string=%s", q);
+        }
+
+        if (content != NULL) {
+            resp->freeContent();
+            content = NULL;
+        }    
+        delete resp;
+        resp = NULL;
+    }  else {
+        RA::Debug("CertEnroll::UnrevokeCertificate", "serialno=%s reason=%s connid=%s failed: resp is NULL");
+        o_status = PL_strdup("resp from sendReqToCA is NULL");
+        num = 1;  //non-zero
+    }
+
+    return num;
+}
+
+TOKENDB_PUBLIC Buffer *CertEnroll::RenewCertificate(PRUint64 serialno, const char *connid, const char *profileId, char *error_msg)
+{
+    char parameters[5000];
+    char configname[5000];
+
+    RA::Debug("CertEnroll::RenewCertificate", "begins. profileId=%s",profileId);
+    // on CA, renewal expects parameter "serial_num" if renew by serial number
+    // ahh.  need to allow larger serialno...later
+    PR_snprintf((char *)parameters, 5000, "serial_num=%u&profileId=%s&renewal=true",
+               (int)serialno, profileId);
+    RA::Debug("CertEnroll::RenewCertificate", "got parameters =%s", parameters);
+    //e.g. conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.renewal", connid);
+    const char *servlet = RA::GetConfigStore()->GetConfigAsString(configname);
+        if (servlet == NULL) {
+            RA::Debug("CertEnroll::RenewCertificate",
+                "Missing the configuration parameter for %s", configname);
+            PR_snprintf(error_msg, 512, "Missing the configuration parameter for %s", configname);
+            return NULL;
+        }
+
+    // on CA, same profile servlet processes the renewal as well as enrollment
+    PSHttpResponse *resp =  sendReqToCA(servlet, parameters, connid);
+    // XXX - need to parse response
+    Buffer * certificate = NULL;
+    if (resp != NULL) {
+      RA::Debug(LL_PER_PDU, "CertEnroll::RenewCertificate",
+          "sendReqToCA done");
+
+      certificate = parseResponse(resp);
+      RA::Debug(LL_PER_PDU, "CertEnroll::RenewCertificate",
+          "parseResponse done");
+
+      if( resp != NULL ) { 
+          delete resp;
+          resp = NULL;
+      }
+    } else {
+      RA::Error("CertEnroll::RenewCertificate",
+        "sendReqToCA failure");
+      PR_snprintf(error_msg, 512, "sendReqToCA failure");
+      return NULL;
+    }
+
+    return certificate;
+}
+
+
+/**
+ * Sends certificate request to CA for enrollment.
+ */
+Buffer * CertEnroll::EnrollCertificate( 
+					SECKEYPublicKey *pk_parsed,
+					const char *profileId,
+					const char *uid,
+					const char *cuid /*token id*/,
+					const char *connid, 
+                                        char *error_msg,
+                                        SECItem** encodedPublicKeyInfo)
+{
+    char parameters[5000];
+ 
+    SECItem* si = SECKEY_EncodeDERSubjectPublicKeyInfo(pk_parsed);
+    if (si == NULL) {
+
+      RA::Error("CertEnroll::EnrollCertificate",
+          "SECKEY_EncodeDERSubjectPublicKeyInfo  returns error");
+      PR_snprintf(error_msg, 512, "SECKEY_EncodeDERSubjectPublicKeyInfo  returns error");
+      return NULL;
+    }
+
+    // b64 encode it
+    char* pk_b64 = BTOA_ConvertItemToAscii(si);
+
+    if(encodedPublicKeyInfo == NULL)
+    {
+        if( si != NULL ) {
+            SECITEM_FreeItem( si, PR_TRUE );
+            si = NULL;
+        }
+    }
+    else
+    {
+
+        *encodedPublicKeyInfo = si;
+
+    }
+
+    if (pk_b64 == NULL) {
+    RA::Error(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "BTOA_ConvertItemToAscii returns error");
+
+        PR_snprintf(error_msg, 512, "BTOA_ConvertItemToAscii returns error");
+        return NULL;
+    }
+    RA::Debug(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "after BTOA_ConvertItemToAscii pk_b64=%s",pk_b64);
+
+    char *url_pk = Util::URLEncode(pk_b64);
+    char *url_uid = Util::URLEncode(uid);
+    char *url_cuid = Util::URLEncode(cuid);
+    const char *servlet;
+    char configname[256];
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.enrollment", connid);
+    servlet = RA::GetConfigStore()->GetConfigAsString(configname);
+
+    PR_snprintf((char *)parameters, 5000, "profileId=%s&tokencuid=%s&screenname=%s&publickey=%s", profileId, url_cuid, url_uid, url_pk);
+
+    PSHttpResponse *resp =  sendReqToCA(servlet, parameters, connid);
+    Buffer * certificate = NULL;
+    if (resp != NULL) {
+      RA::Debug(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "sendReqToCA done");
+
+      certificate = parseResponse(resp);
+      RA::Debug(LL_PER_PDU, "CertEnroll::EnrollCertificate",
+          "parseResponse done");
+
+      if( resp != NULL ) { 
+          delete resp;
+          resp = NULL;
+      }
+    } else {
+      RA::Error("CertEnroll::EnrollCertificate",
+        "sendReqToCA failure");
+      PR_snprintf(error_msg, 512, "sendReqToCA failure");
+      return NULL;
+    }
+
+    if( pk_b64 != NULL ) {
+        PR_Free( pk_b64 );
+        pk_b64 = NULL;
+    }
+    if( url_pk != NULL ) {
+        PR_Free( url_pk );
+        url_pk = NULL;
+    }
+    if( url_uid != NULL ) {
+        PR_Free( url_uid );
+        url_uid = NULL;
+    }
+    if( url_cuid != NULL ) {
+        PR_Free( url_cuid );
+        url_cuid = NULL;
+    }
+
+    return certificate;
+}
+
+/**
+ * Extracts information from the public key blob and verify proof.
+ *
+ * Muscle Key Blob Format (RSA Public Key)
+ * ---------------------------------------
+ * 
+ * The key generation operation places the newly generated key into
+ * the output buffer encoding in the standard Muscle key blob format.
+ *  For an RSA key the data is as follows:
+ * 
+ * Byte     Encoding (0 for plaintext)
+ * 
+ * Byte     Key Type (1 for RSA public)
+ * 
+ * Short     Key Length (1024 � high byte first)
+ * 
+ * Short     Modulus Length
+ * 
+ * Byte[]     Modulus
+ * 
+ * Short     Exponent Length
+ * 
+ * Byte[]     Exponent
+ * 
+ *  
+ * Signature Format (Proof)
+ * ---------------------------------------
+ *  
+ * The key generation operation creates a proof-of-location for the
+ * newly generated key. This proof is a signature computed with the 
+ * new private key using the RSA-with-MD5 signature algorithm.  The 
+ * signature is computed over the Muscle Key Blob representation of 
+ * the new public key and the challenge sent in the key generation 
+ * request.  These two data fields are concatenated together to form
+ * the input to the signature, without any other data or length fields.
+ * 
+ * Byte[]     Key Blob Data
+ * 
+ * Byte[]     Challenge
+ * 
+ * 
+ * Key Generation Result
+ * ---------------------------------------
+ * 
+ * The key generation command puts the key blob and the signature (proof)
+ * into the output buffer using the following format:
+ * 
+ * Short     Length of the Key Blob
+ * 
+ * Byte[]     Key Blob Data
+ * 
+ * Short     Length of the Proof
+ * 
+ * Byte[]     Proof (Signature) Data
+ *
+ * @param blob the publickey blob to be parsed
+ * @param challenge the challenge generated by RA
+ * @return
+ *      rc is 1 if success, -1 if failure
+ *      pk is the public key resulted from parsing the blob.
+ *
+ ******/
+
+SECKEYPublicKey *CertEnroll::ParsePublicKeyBlob(unsigned char *blob,
+                             Buffer *challenge)
+{
+    char configname[5000];
+    SECKEYPublicKey *pk = NULL;
+
+    ReturnStatus rs;
+    rs.status = PR_FAILURE;
+    rs.statusNum = ::MSG_INVALID;
+
+    if ((blob == NULL) || (challenge == NULL)) {
+        RA::Error(LL_PER_PDU, "CertEnroll::ParsePublicKeyBlob", "invalid input");
+	return NULL;
+    }
+
+    /*
+     * decode blob into structures
+     */
+
+    // offset to the beginning of the public key length.  should be 0
+    unsigned short pkeyb_len_offset = 0;
+
+    unsigned short pkeyb_len = 0;
+    unsigned char* pkeyb;
+    unsigned short proofb_len = 0;
+    unsigned char* proofb;
+
+    /*
+     * now, convert lengths
+     */
+    // 1st, keyblob length
+    unsigned char len0 = blob[pkeyb_len_offset];
+    unsigned char len1 = blob[pkeyb_len_offset +1];
+    pkeyb_len = (unsigned short) ((len0 << 8) | (len1 & 0xFF));
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::ParsePublicKeyBlob",
+          "pkeyb_len =%d",pkeyb_len);
+
+    if (pkeyb_len <= 0) {
+      RA::Error("CertEnroll::ParsePublicKeyBlob", "public key blob length = %d", pkeyb_len);
+      return NULL;
+    }
+    // 2nd, proofblob length
+    unsigned short proofb_len_offset = pkeyb_len_offset + 2 + pkeyb_len;
+    len0 = blob[proofb_len_offset];
+    len1 = blob[proofb_len_offset +1];
+    proofb_len = (unsigned short) (len0 << 8 | len1 & 0xFF);
+    RA::Debug(LL_PER_PDU, "CertEnroll::ParsePublicKeyBlob",
+          "proofb_len =%d", proofb_len);
+
+    // public key blob
+    pkeyb = &blob[pkeyb_len_offset + 2];
+
+    // proof blob
+    proofb = &blob[proofb_len_offset + 2];
+
+    SECItem siProof;
+    siProof.type = (SECItemType) 0;
+    siProof.data = (unsigned char *)proofb;
+    siProof.len = proofb_len;
+
+    // convert pkeyb to pkey
+    // 1 byte encoding, 1 byte key type, 2 bytes key length, then the key
+    unsigned short pkey_offset = 4;
+    // now, convert lengths for modulus and exponent
+    len0 = pkeyb[pkey_offset];
+    len1 = pkeyb[pkey_offset + 1];
+    unsigned short mod_len = (len0 << 8 | len1);
+
+    len0 = pkeyb[pkey_offset + 2 + mod_len];
+    len1 = pkeyb[pkey_offset + 2 + mod_len + 1];
+    unsigned short exp_len = (len0 << 8 | len1);
+
+
+    // public key mod blob
+    unsigned char * modb = &pkeyb[pkey_offset + 2];
+
+    // public key exp blob
+    unsigned char * expb = &pkeyb[pkey_offset + 2 + mod_len + 2];
+
+    // construct SECItem
+    SECItem siMod;
+    siMod.type = (SECItemType) 0;
+    siMod.data = (unsigned char *) modb;
+    siMod.len = mod_len;
+
+    SECItem siExp;
+    siExp.type = (SECItemType) 0;
+    siExp.data = (unsigned char *)expb;
+    siExp.len = exp_len;
+
+    // construct SECKEYRSAPublicKeyStr
+    SECKEYRSAPublicKeyStr rsa_pks;
+    rsa_pks.modulus = siMod;
+    rsa_pks.publicExponent = siExp;
+
+    // construct SECKEYPublicKey
+    // this is to be returned
+    pk = (SECKEYPublicKey *) malloc(sizeof(SECKEYPublicKey));
+    pk->keyType = rsaKey;
+    pk->pkcs11Slot = NULL;
+    pk->pkcs11ID = CK_INVALID_HANDLE;
+    pk->u.rsa = rsa_pks;
+
+    PR_snprintf((char *)configname, 256, "general.verifyProof");
+    int verifyProofEnable = RA::GetConfigStore()->GetConfigAsInt(configname, 0x1);
+    if (verifyProofEnable) {
+      rs = verifyProof(pk, &siProof, pkeyb_len, pkeyb, challenge);
+      if (rs.status == PR_FAILURE) {
+        RA::Error("CertEnroll::ParsePublicKeyBlob",
+          "verify proof failed");
+        free(pk);
+        pk = NULL;
+      }
+    }
+
+    return pk;
+}
+
+
+/**
+ * verify the proof.
+ * @param pk the public key from the input blob
+ * @param siProof the proof from the input blob
+ * @param pkeyb_len the length of the publickey blob
+ * @param pkeyb the public key blob
+ * @param challenge the challenge generated by RA
+ *
+ * @return
+ *      returns success indication in case of success
+ *      returns error message number as defined in ReturnStatus in Base.h
+ */
+ReturnStatus CertEnroll::verifyProof(SECKEYPublicKey* pk, SECItem* siProof,
+             unsigned short pkeyb_len, unsigned char* pkeyb,
+             Buffer* challenge) {
+
+    ReturnStatus rs;
+    VFYContext * vc = NULL;
+    rs.statusNum = ::VRFY_SUCCESS;
+    rs.status = PR_SUCCESS;
+
+    // verify proof (signature)
+    RA::Debug(LL_PER_PDU, "CertEnroll::verifyProof",
+          "verify proof begins");
+
+    vc = VFY_CreateContext(pk, siProof, SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE, NULL);
+
+    if (vc == NULL) {
+        RA::Error("CertEnroll::verifyProof",
+        "VFY_CreateContext() failed");
+        rs.status = PR_FAILURE;
+        rs.statusNum = ::VFY_BEGIN_FAILURE;
+        return rs;
+    } else {
+        RA::Debug(LL_PER_PDU, "CertEnroll::verifyProof",
+        "VFY_CreateContext() succeeded");
+    }
+
+    unsigned char proof[1024];
+    int i =0; 
+    for (i = 0; i<pkeyb_len; i++) {
+        proof[i] = pkeyb[i];
+    }
+    //    RA::DebugBuffer("CertEnroll::VerifyProof","VerifyProof:: challenge =", challenge);
+    unsigned char* chal = (unsigned char *)(BYTE *) (*challenge);
+    unsigned int j = 0;
+    for (j=0; j < challenge->size(); i++, j++) {
+        proof[i] = chal[j];
+	//	RA::Debug(LL_PER_PDU, "CertEnroll::VerifyProof","proof[%d]= %x",
+	//		  i, proof[i]);
+    }
+
+    SECStatus vs = VFY_Begin(vc);
+    if (vs == SECSuccess) {
+      vs = VFY_Update(vc, (unsigned char *)proof , pkeyb_len + challenge->size());
+      if (vs == SECSuccess) {
+          vs = VFY_End(vc);
+          if (vs == SECFailure) {
+            RA::Error("CertEnroll::verifyProof",
+                "VFY_End() failed pkeyb_len=%d challenge_size=%d", pkeyb_len, challenge->size());
+            rs.statusNum = ::VFY_UPDATE_FAILURE;
+            rs.status = PR_FAILURE;
+          }
+      } else {
+          RA::Error("CertEnroll::verifyProof",
+              "VFY_Update() failed");
+          rs.statusNum = ::VFY_UPDATE_FAILURE;
+          rs.status = PR_FAILURE;
+      }
+    } else {
+      RA::Error("CertEnroll::verifyProof",
+          "VFY_Begin() failed");
+
+      rs.statusNum = ::VFY_BEGIN_FAILURE;
+      rs.status = PR_FAILURE;
+    }
+
+    if( vc != NULL ) {
+        VFY_DestroyContext( vc, PR_TRUE );
+        vc = NULL;
+    }
+    RA::Debug(LL_PER_PDU, "CertEnroll::verifyProof",
+        " VFY_End() returned %d",vs);
+
+    return rs;
+
+}
+
+/**
+ * sendReqToCA sends cert enrollment request via HTTPS to the CA
+ * @param pk normalized public key
+ * @param uid uid/screenname
+ * @param cuid cud number of the client token
+ * @param timeout timeout value for connection
+ * @return
+ *     PSHttpResponse if success
+ *     NULL if failure
+ */
+PSHttpResponse * CertEnroll::sendReqToCA(const char *servlet, const char *parameters, const char *connid)
+{
+    // compose http uri
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::sendReqToCA",
+          "begins");
+
+    HttpConnection *caConn = RA::GetCAConn(connid);
+    if (caConn == NULL) {
+        RA::Debug(LL_PER_PDU, "CertEnroll::sendReqToCA", "Failed to get CA Connection %s", connid);
+        RA::Error(LL_PER_PDU, "CertEnroll::sendReqToCA", "Failed to get CA Connection %s", connid);
+        return NULL;
+    }
+    // PRLock *ca_lock = RA::GetCALock();
+    int ca_curr = RA::GetCurrentIndex(caConn);
+    int maxRetries = caConn->GetNumOfRetries();
+    ConnectionInfo *connInfo = caConn->GetFailoverList();
+    char **hostport = connInfo->GetHostPortList();
+    int currRetries = 0;
+
+    RA::Debug(LL_PER_PDU, "Before calling getResponse, caHostPort is %s", hostport[ca_curr]);
+
+    PSHttpResponse * response = caConn->getResponse(ca_curr, servlet, parameters);
+    while (response == NULL) {
+        RA::Failover(caConn, connInfo->GetHostPortListLen());
+        ca_curr = RA::GetCurrentIndex(caConn);
+
+        if (++currRetries >= maxRetries) {
+            RA::Debug(LL_PER_PDU, "Used up all the retries. Response is NULL","");
+            RA::Error("CertEnroll::sendReqToCA", "Failed connecting to CA after %d retries", currRetries);
+	    if (caConn != NULL) {
+		    RA::ReturnCAConn(caConn);
+	    }
+            return NULL;
+        }
+        response = caConn->getResponse(ca_curr, servlet, parameters);
+    }
+
+    if (caConn != NULL) {
+	    RA::ReturnCAConn(caConn);
+    }
+    return response;
+}
+
+/**
+ * parse the http response and retrieve the certificate.
+ * @param resp the response returned from http request
+ * @return
+ *      The certificate in Buffer if success
+ *      NULL if failure
+ */
+Buffer * CertEnroll::parseResponse(PSHttpResponse * resp)
+{
+    unsigned int i;
+    unsigned char blob[8192]; /* cert returned */
+    int blob_len; /* cert length */
+    char *certB64 = NULL;
+    char *certB64End = NULL;
+    unsigned int certB64Len = 0;
+    Buffer *cert = NULL;
+    char * response = NULL;
+    SECItem * outItemOpt = NULL;
+    
+    if (resp == NULL) {
+        RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "no response found");
+	    return NULL;
+    }
+    response = resp->getContent();
+    if (response == NULL) {
+        RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "no content found");
+	    return NULL;
+    }
+
+    // process result
+    // first look for errorCode="" to look for success clue
+    // and errorReason="..." to extract error reason
+    char pattern[20] = "errorCode=\"0\"";
+    char * err = strstr((char *)response, (char *)pattern);
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "begin parsing");
+
+    if (err == NULL) {
+      RA::Error("CertEnroll::parseResponse",
+		"can't find pattern for cert request response");
+      goto endParseResp;
+    }
+
+    // if success, look for "outputList.outputVal=" to extract
+    // the cert
+    certB64 = strstr((char *)response, "outputVal=");
+    certB64 = &certB64[11]; // point pass open "
+
+    certB64End = strstr(certB64, "\";");
+    *certB64End = '\0';
+
+    certB64Len = strlen(certB64);
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "certB64 len = %d", certB64Len);
+
+    for (i=0; i<certB64Len-1 ; i++) {
+        if (certB64[i] == '\\') { certB64[i] = ' '; certB64[i+1] = ' '; }
+    }
+
+    // b64 decode and put back in blob
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "b64 decode received cert");
+
+    outItemOpt = NSSBase64_DecodeBuffer(NULL, NULL, certB64, certB64Len);
+    if (outItemOpt == NULL) {
+        RA::Error("CertEnroll::parseResponse",
+          "b64 decode failed");
+
+	goto endParseResp;
+    }
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "b64 decode len =%d",outItemOpt->len);
+
+    memcpy((char*)blob, (const char*)(outItemOpt->data), outItemOpt->len);
+    blob_len = outItemOpt->len;
+
+    cert = new Buffer((BYTE *) blob, blob_len);
+    if( outItemOpt != NULL ) {
+        SECITEM_FreeItem( outItemOpt, PR_TRUE );
+        outItemOpt = NULL;
+    }
+
+    RA::Debug(LL_PER_PDU, "CertEnroll::parseResponse",
+          "finished");
+
+ endParseResp:
+    resp->freeContent();
+    return cert;
+}
+
diff --git a/pki/base/tps/src/cms/ConnectionInfo.cpp b/pki/base/tps/src/cms/ConnectionInfo.cpp
new file mode 100644
index 000000000..3ab503c5d
--- /dev/null
+++ b/pki/base/tps/src/cms/ConnectionInfo.cpp
@@ -0,0 +1,78 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "plstr.h"
+#include "cms/ConnectionInfo.h"
+#include "engine/RA.h"
+#include "httpClient/httpc/engine.h"
+#include "main/Util.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a base processor.
+ */
+TPS_PUBLIC ConnectionInfo::ConnectionInfo ()
+{
+    for( int i = 0; i < HOST_PORT_MEMBERS; i++ ) {
+        m_hostPortList[i] = NULL;
+    }
+}
+
+/**
+ * Destructs processor.
+ */
+TPS_PUBLIC ConnectionInfo::~ConnectionInfo()
+{
+    for (int i=0; i<m_len; i++) {
+        if( m_hostPortList[i] != NULL ) {
+            PL_strfree( m_hostPortList[i] );
+            m_hostPortList[i] = NULL;
+        }
+    }
+}
+
+TPS_PUBLIC void ConnectionInfo::BuildFailoverList(const char *str) {
+    char *lasts = NULL;
+    char *tok = PL_strtok_r((char *)str, " ", &lasts);
+    m_len = 0;
+    while (tok != NULL) {
+        m_hostPortList[m_len] = PL_strdup(tok);
+        tok = PL_strtok_r(NULL, " ", &lasts);
+        m_len++;
+    }
+}
+
+TPS_PUBLIC int ConnectionInfo::GetHostPortListLen() {
+    return m_len;
+}
+
+TPS_PUBLIC char **ConnectionInfo::GetHostPortList() { 
+    return m_hostPortList;
+}
+
diff --git a/pki/base/tps/src/cms/HttpConnection.cpp b/pki/base/tps/src/cms/HttpConnection.cpp
new file mode 100644
index 000000000..89f773557
--- /dev/null
+++ b/pki/base/tps/src/cms/HttpConnection.cpp
@@ -0,0 +1,245 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "cms/HttpConnection.h"
+#include "main/Memory.h"
+#include "main/NameValueSet.h"
+#include "engine/RA.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a base class for HttpConnection
+ */
+TPS_PUBLIC HttpConnection::HttpConnection(const char *id, ConnectionInfo *cinfo, int retries, int timeout,
+  bool isSSL, const char *nickname, bool keepAlive, NameValueSet *headers)
+{
+    m_failoverList = cinfo;
+    m_retries = retries;
+    m_timeout = timeout;
+    m_Id = PL_strdup(id);
+    m_isSSL = isSSL;
+    m_clientnickname = PL_strdup(nickname);
+    m_keepAlive = keepAlive;
+    m_headers = headers;
+    m_curr = 0;
+    m_lock = PR_NewLock();
+}
+
+/**
+ * Destructs processor.
+ */
+TPS_PUBLIC HttpConnection::~HttpConnection ()
+{
+    if( m_clientnickname != NULL ) {
+        PL_strfree( m_clientnickname );
+        m_clientnickname = NULL;
+    }
+    if( m_Id != NULL ) {
+        PL_strfree( m_Id );
+        m_Id = NULL;
+    }
+    if( m_failoverList != NULL ) {
+        delete m_failoverList;
+        m_failoverList = NULL;
+    }
+    if( m_headers != NULL ) {
+        delete m_headers;
+        m_headers = NULL;
+    }
+    if( m_lock != NULL ) {
+        PR_DestroyLock( m_lock );
+        m_lock = NULL;
+    }
+}
+
+TPS_PUBLIC int HttpConnection::GetNumOfRetries() {
+    return m_retries;
+}
+
+int HttpConnection::GetTimeout() {
+    return m_timeout;
+}
+
+TPS_PUBLIC ConnectionInfo *HttpConnection::GetFailoverList() {
+    return m_failoverList;
+}
+
+TPS_PUBLIC char *HttpConnection::GetId() {
+    return m_Id;
+}
+
+TPS_PUBLIC bool HttpConnection::IsSSL() {
+    return m_isSSL;
+}
+
+TPS_PUBLIC char * HttpConnection::GetClientNickname() {
+    return m_clientnickname;
+}
+
+TPS_PUBLIC bool HttpConnection::IsKeepAlive() {
+    return m_keepAlive;
+}
+
+TPS_PUBLIC PSHttpResponse *HttpConnection::getResponse(int index, const char *servlet, const char *body) {
+    char *host_port;
+    char uri[800];
+    char *nickname;
+    const char *httpprotocol;
+
+    ConnectionInfo *failoverList = GetFailoverList();
+    int len = failoverList->ConnectionInfo::GetHostPortListLen(); 
+    if (index >= len) {
+      index = len - 1; // use the last one
+    }
+    host_port= (failoverList->GetHostPortList())[index];
+
+    if (IsSSL()) {
+        httpprotocol = "https";
+    } else {
+        httpprotocol = "http";
+    }
+
+    PR_snprintf((char *)uri, 800,
+      "%s://%s/%s",
+      httpprotocol, host_port, servlet);
+
+    RA::Debug("HttpConnection::getResponse", "Send request to host %s servlet %s", host_port, servlet);
+
+    RA::Debug(LL_PER_PDU, "HttpConnection::getResponse", "uri=%s", uri);
+    RA::Debug(LL_PER_PDU, "HttpConnection::getResponse", "host_port=%s", host_port);
+
+    char *pPort = NULL;
+    char *pPortActual = NULL;
+
+
+    char hostName[512];
+
+    /*
+     * Isolate the host name, account for IPV6 numeric addresses.
+     *
+     */
+
+    if(host_port)
+        strncpy(hostName,host_port,512);
+
+    pPort = hostName;
+    while(1)  {
+        pPort = strchr(pPort, ':');
+        if (pPort) {
+            pPortActual = pPort;
+            pPort++;
+        } else
+            break;
+    }
+
+    if(pPortActual)
+        *pPortActual = '\0';
+
+
+    /*
+    *  Rifle through the values for the host
+    */
+
+    PRAddrInfo *ai;
+    void *iter;
+    PRNetAddr addr;
+    int family = PR_AF_INET;
+
+    ai = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+    if (ai) {
+        printf("%s\n", PR_GetCanonNameFromAddrInfo(ai));
+        iter = NULL;
+        while ((iter = PR_EnumerateAddrInfo(iter, ai, 0, &addr)) != NULL) {
+            char buf[512];
+            PR_NetAddrToString(&addr, buf, sizeof buf);
+            RA::Debug( LL_PER_PDU,
+                       "HttpConnection::getResponse: ",
+                           "Sending addr -- Msg='%s'\n",
+                           buf );
+            family = PR_NetAddrFamily(&addr);
+            RA::Debug( LL_PER_PDU,
+                       "HttpConnection::getResponse: ",
+                           "Sending family -- Msg='%d'\n",
+                           family );
+            break;
+        }
+        PR_FreeAddrInfo(ai);
+        
+    }
+
+    PSHttpServer httpserver(host_port, family);
+    nickname = GetClientNickname();
+    if (IsSSL())
+       httpserver.setSSL(PR_TRUE);
+    else
+       httpserver.setSSL(PR_FALSE);
+
+    PSHttpRequest httprequest(&httpserver, uri, HTTP11, 0);
+    if (IsSSL()) {
+        httprequest.setSSL(PR_TRUE);
+        if (nickname != NULL) {
+            httprequest.setCertNickName(nickname);
+        } else {
+            return NULL;
+        }
+    } else
+        httprequest.setSSL(PR_FALSE);
+
+    httprequest.setMethod("POST");
+
+    if (body != NULL) {
+        httprequest.setBody( strlen(body), body);
+    }
+
+    httprequest.addHeader( "Content-Type", "application/x-www-form-urlencoded" );
+    if (m_headers != NULL) {
+        for (int i=0; i<m_headers->Size(); i++) {
+            char *name = m_headers->GetNameAt(i);
+            httprequest.addHeader(name, m_headers->GetValue(name));
+        }
+    }
+
+    if (IsKeepAlive())
+        httprequest.addHeader( "Connection", "keep-alive" );
+
+    HttpEngine httpEngine;
+    return httpEngine.makeRequest(httprequest, httpserver, (PRIntervalTime)GetTimeout(),
+      PR_FALSE /*expectChunked*/);
+}
+
+TPS_PUBLIC PRLock * HttpConnection::GetLock() {
+    return m_lock;
+}
+
+TPS_PUBLIC int HttpConnection::GetCurrentIndex() {
+    return m_curr;
+}
+
+TPS_PUBLIC void HttpConnection::SetCurrentIndex(int index) {
+    m_curr = index;
+}
diff --git a/pki/base/tps/src/engine/RA.cpp b/pki/base/tps/src/engine/RA.cpp
new file mode 100644
index 000000000..62dd0c2e6
--- /dev/null
+++ b/pki/base/tps/src/engine/RA.cpp
@@ -0,0 +1,3390 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+//#include <wchar.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "httpd/httpd.h"
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "plhash.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "certt.h"
+#include "secerr.h"
+#include "tus/tus_db.h"
+#include "secder.h"
+#include "nss.h"
+#include "nssb64.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+#include "main/Memory.h"
+#include "main/ConfigStore.h"
+#include "main/RA_Context.h"
+#include "channel/Secure_Channel.h"
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "cms/HttpConnection.h"
+#include "main/RA_pblock.h"
+#include "main/LogFile.h"
+#include "main/RollingLogFile.h"
+#include "selftests/SelfTest.h"
+
+static ConfigStore *m_cfg = NULL;
+static LogFile* m_debug_log = (LogFile *)NULL; 
+static LogFile* m_error_log = (LogFile *)NULL; 
+static LogFile* m_audit_log = (LogFile *)NULL; 
+static LogFile* m_selftest_log = (LogFile *)NULL;
+
+static int tokendbInitialized = 0;
+static int tpsConfigured = 0;
+
+RA_Context *RA::m_ctx = NULL;
+bool RA::m_pod_enable=false;
+int RA::m_pod_curr = 0;
+PRLock *RA::m_pod_lock = NULL;
+int RA::m_auth_curr;
+PRLock *RA::m_verify_lock = NULL;
+PRLock *RA::m_auth_lock = NULL;
+PRLock *RA::m_debug_log_lock = NULL;
+PRLock *RA::m_error_log_lock = NULL;
+PRLock *RA::m_selftest_log_lock = NULL;
+PRLock *RA::m_config_lock = NULL;
+PRMonitor *RA::m_audit_log_monitor = NULL;
+bool RA::m_audit_enabled = false;
+bool RA::m_audit_signed = false;
+SECKEYPrivateKey *RA::m_audit_signing_key = NULL;
+NSSUTF8 *RA::m_last_audit_signature = NULL;
+SECOidTag RA::m_audit_signAlgTag;
+SecurityLevel RA::m_global_security_level;
+char *RA::m_signedAuditSelectedEvents = NULL;
+char *RA::m_signedAuditSelectableEvents = NULL;
+char *RA::m_signedAuditNonSelectableEvents = NULL;
+
+char *RA::m_audit_log_buffer = NULL;
+PRThread *RA::m_flush_thread = (PRThread *) NULL;
+size_t RA::m_bytes_unflushed =0;
+size_t RA::m_buffer_size = 512;
+int RA::m_flush_interval = 5;
+
+int RA::m_audit_log_level = (int) LL_PER_SERVER;
+int RA::m_debug_log_level = (int) LL_PER_SERVER;
+int RA::m_error_log_level = (int) LL_PER_SERVER;
+int RA::m_selftest_log_level = (int) LL_PER_SERVER;
+int RA::m_caConns_len = 0;
+int RA::m_tksConns_len = 0;
+int RA::m_drmConns_len = 0;
+int RA::m_auth_len = 0;
+
+#define MAX_BODY_LEN 4096
+
+#define MAX_CA_CONNECTIONS 20
+#define MAX_TKS_CONNECTIONS 20
+#define MAX_DRM_CONNECTIONS 20
+#define MAX_AUTH_LIST_MEMBERS 20
+HttpConnection* RA::m_caConnection[MAX_CA_CONNECTIONS];
+HttpConnection* RA::m_tksConnection[MAX_TKS_CONNECTIONS];
+AuthenticationEntry* RA::m_auth_list[MAX_AUTH_LIST_MEMBERS];
+HttpConnection* RA::m_drmConnection[MAX_DRM_CONNECTIONS];
+int RA::m_num_publishers = 0;
+PublisherEntry *RA::publisher_list = NULL;
+
+/* TKS response parameters */
+const char *RA::TKS_RESPONSE_STATUS = "status";
+const char *RA::TKS_RESPONSE_SessionKey = "sessionKey";
+const char *RA::TKS_RESPONSE_EncSessionKey = "encSessionKey";
+const char *RA::TKS_RESPONSE_KEK_DesKey = "kek_wrapped_desKey";
+const char *RA::TKS_RESPONSE_DRM_Trans_DesKey = "drm_trans_wrapped_desKey";
+const char *RA::TKS_RESPONSE_HostCryptogram = "hostCryptogram";
+
+const char *RA::CFG_DEBUG_ENABLE = "logging.debug.enable"; 
+const char *RA::CFG_DEBUG_FILENAME = "logging.debug.filename"; 
+const char *RA::CFG_DEBUG_LEVEL = "logging.debug.level";
+const char *RA::CFG_AUDIT_ENABLE = "logging.audit.enable"; 
+const char *RA::CFG_AUDIT_FILENAME = "logging.audit.filename"; 
+const char *RA::CFG_SIGNED_AUDIT_FILENAME = "logging.audit.signedAuditFilename"; 
+const char *RA::CFG_AUDIT_LEVEL = "logging.audit.level";
+const char *RA::CFG_AUDIT_SIGNED = "logging.audit.logSigning";
+const char *RA::CFG_AUDIT_SIGNING_CERT_NICK = "logging.audit.signedAuditCertNickname";
+const char *RA::CFG_ERROR_ENABLE = "logging.error.enable"; 
+const char *RA::CFG_ERROR_FILENAME = "logging.error.filename"; 
+const char *RA::CFG_ERROR_LEVEL = "logging.error.level";
+const char *RA::CFG_SELFTEST_ENABLE = "selftests.container.logger.enable";
+const char *RA::CFG_SELFTEST_FILENAME = "selftests.container.logger.fileName";
+const char *RA::CFG_SELFTEST_LEVEL = "selftests.container.logger.level";
+const char *RA::CFG_CHANNEL_SEC_LEVEL = "channel.securityLevel"; 
+const char *RA::CFG_CHANNEL_ENCRYPTION = "channel.encryption";
+const char *RA::CFG_APPLET_CARDMGR_INSTANCE_AID = "applet.aid.cardmgr_instance"; 
+const char *RA::CFG_APPLET_NETKEY_INSTANCE_AID = "applet.aid.netkey_instance"; 
+const char *RA::CFG_APPLET_NETKEY_FILE_AID = "applet.aid.netkey_file"; 
+const char *RA::CFG_APPLET_NETKEY_OLD_INSTANCE_AID = "applet.aid.netkey_old_instance"; 
+const char *RA::CFG_APPLET_NETKEY_OLD_FILE_AID = "applet.aid.netkey_old_file"; 
+const char *RA::CFG_APPLET_SO_PIN = "applet.so_pin"; 
+const char *RA::CFG_APPLET_DELETE_NETKEY_OLD = "applet.delete_old"; 
+const char *RA::CFG_AUDIT_SELECTED_EVENTS="logging.audit.selected.events";
+const char *RA::CFG_AUDIT_NONSELECTABLE_EVENTS="logging.audit.nonselectable.events";
+const char *RA::CFG_AUDIT_SELECTABLE_EVENTS="logging.audit.selectable.events";
+const char *RA::CFG_AUDIT_BUFFER_SIZE = "logging.audit.buffer.size";
+const char *RA::CFG_AUDIT_FLUSH_INTERVAL = "logging.audit.flush.interval";
+const char *RA::CFG_AUDIT_FILE_TYPE = "logging.audit.file.type";
+const char *RA::CFG_DEBUG_FILE_TYPE = "logging.debug.file.type";
+const char *RA::CFG_ERROR_FILE_TYPE = "logging.error.file.type";
+const char *RA::CFG_SELFTEST_FILE_TYPE = "selftests.container.logger.file.type";
+const char *RA::CFG_AUDIT_PREFIX = "logging.audit";
+const char *RA::CFG_ERROR_PREFIX = "logging.error";
+const char *RA::CFG_DEBUG_PREFIX = "logging.debug";
+const char *RA::CFG_SELFTEST_PREFIX = "selftests.container.logger";
+
+const char *RA::CFG_AUTHS_ENABLE="auth.enable";
+
+/* default values */
+const char *RA::CFG_DEF_CARDMGR_INSTANCE_AID = "A0000000030000"; 
+const char *RA::CFG_DEF_NETKEY_INSTANCE_AID = "627601FF000000"; 
+const char *RA::CFG_DEF_NETKEY_FILE_AID = "627601FF0000"; 
+const char *RA::CFG_DEF_NETKEY_OLD_INSTANCE_AID = "A00000000101"; 
+const char *RA::CFG_DEF_NETKEY_OLD_FILE_AID = "A000000001"; 
+const char *RA::CFG_DEF_APPLET_SO_PIN = "000000000000"; 
+
+typedef IPublisher* (*makepublisher)();
+typedef Authentication* (*makeauthentication)();
+
+extern void BuildHostPortLists(char *host, char *port, char **hostList, 
+  char **portList, int len);
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Registration Authority object.
+ */
+RA::RA ()
+{ 
+}
+
+/**
+ * Destructs a Registration Authority object.
+ */
+RA::~RA ()
+{
+    do_free(m_signedAuditSelectedEvents);
+    do_free(m_signedAuditSelectableEvents);
+    do_free(m_signedAuditNonSelectableEvents);
+
+    if (m_cfg != NULL) {
+        delete m_cfg;
+        m_cfg = NULL;
+    }
+}
+
+TPS_PUBLIC ConfigStore *RA::GetConfigStore()
+{
+	return m_cfg;
+}
+
+PRLock *RA::GetVerifyLock()
+{
+  return m_verify_lock;
+}
+
+PRLock *RA::GetConfigLock()
+{
+  return m_config_lock;
+}
+
+void RA::do_free(char *p)
+{
+    if (p != NULL) {
+        PR_Free(p);
+        p = NULL;
+    }
+}
+
+int RA::InitializeSignedAudit()
+{
+    // cfu
+    RA::Debug("RA:: InitializeSignedAudit", "begins");
+    tpsConfigured = m_cfg->GetConfigAsBool("tps.configured", false);
+    // During installation config, don't do this
+    if (IsTpsConfigured() && (m_audit_signed == true) && (m_audit_signing_key == NULL)) {
+        RA::Debug("RA:: InitializeSignedAudit", "signed audit is on... initializing signing key...");
+        // get audit signing cert
+        const char *audit_signing_cert_nick = m_cfg->GetConfigAsString(CFG_AUDIT_SIGNING_CERT_NICK, "auditSigningCert cert-pki-tps");
+        char certNick[256];
+        PR_snprintf((char *)certNick, 256, audit_signing_cert_nick);
+        RA::Debug("RA:: InitializeSignedAudit", "got audit signing cert nickname: %s", certNick);
+
+        CERTCertDBHandle *cert_handle = 0;
+        cert_handle = CERT_GetDefaultCertDB();
+        if (cert_handle == 0) {
+            RA::Debug("RA:: InitializeSignedAudit", "did not get cert_handle");
+            goto loser;
+        } else {
+            RA::Debug("RA:: InitializeSignedAudit", "got cert_handle");
+        }
+        CERTCertificate *cert = NULL; 
+        cert = CERT_FindCertByNickname( cert_handle, (char *) certNick );
+        if (cert != NULL) { // already configed
+            RA::Debug("RA:: InitializeSignedAudit", "got audit signing cert");
+            // get private key from cert
+            m_audit_signing_key =
+            PK11_FindKeyByAnyCert(cert, /*wincx*/ NULL);
+            if (m_audit_signing_key == NULL) {
+                RA::Debug("RA:: InitializeSignedAudit", "audit signing key not initialized...");
+                goto loser;
+            } else {
+                RA::Debug("RA:: InitializeSignedAudit", "got audit signing key");
+            }
+            switch(m_audit_signing_key->keyType) {
+                case rsaKey:
+                  m_audit_signAlgTag = SEC_OID_PKCS1_SHA256_WITH_RSA_ENCRYPTION;
+                  break;
+                case dsaKey:
+                  m_audit_signAlgTag = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST;
+                  break;
+                default:
+                  RA::Debug("RA:: InitializeSignedAudit", "unknown key type for audit signing cert");
+                  goto loser;
+                  break;
+            } //switch
+            RA::Debug("RA:: InitializeSignedAudit", "audit signing initialized");
+//            m_cfg->Add("tps.signedAudit.initialized", "true");
+        } else {
+            RA::Debug("RA:: InitializeSignedAudit", "no audit signing cert found... still configuring...");
+        }
+
+        RA::getLastSignature();
+        if (cert != NULL) {
+            CERT_DestroyCertificate(cert);
+            cert = NULL;
+        }
+    } // if (m_audit_signed == true)
+
+    // Initialize audit flush thread
+    if (IsTpsConfigured() && (m_flush_thread == NULL)) {
+        m_flush_thread = PR_CreateThread( PR_USER_THREAD, RunFlushThread, (void *) NULL,
+                                 PR_PRIORITY_NORMAL,      /* Priority */
+                                 PR_GLOBAL_THREAD,   /* Scope */
+                                 PR_JOINABLE_THREAD, /* State */
+                                 0   /* Stack Size */);
+    }
+
+    return 0;
+loser:
+    RA::Debug("RA:: InitializeSignedAudit", "audit function startup failed");
+    return -1;
+//do something
+}
+
+void RA::RunFlushThread(void *arg) {
+    RA::Debug("RA::FlushThread", "Starting audit flush thread");
+    while (m_flush_interval >0) {
+        PR_Sleep(PR_SecondsToInterval(m_flush_interval));
+        if (m_flush_interval ==0)
+            break;
+        if (m_bytes_unflushed > 0)
+            FlushAuditLogBuffer();
+    }
+}
+
+/*
+ * read off the last sig record of the audit file for computing MAC
+ */
+void RA::getLastSignature() {
+    char line[1024];
+    char *sig = NULL;
+
+    RA::Debug("RA:: getLastSignature", "starts");
+    if ((m_audit_log != NULL) && (m_audit_log_monitor != NULL)) {
+        PR_EnterMonitor(m_audit_log_monitor);
+        int removed_return;
+        while (1) {
+          int n = m_audit_log->ReadLine(line, 1024, &removed_return);
+          if (n > 0) {
+            sig = strstr(line, "AUDIT_LOG_SIGNING");
+            if (sig != NULL) {
+                // sig entry found
+                m_last_audit_signature = PL_strdup(line);
+            }
+          } else if (n == 0 && removed_return == 1) {
+            continue; /* skip empty line */
+          } else {
+            break;
+          }
+        } 
+        RA::Debug("RA:: getLastSignature", "ends");
+        PR_ExitMonitor(m_audit_log_monitor);
+    }
+
+    if (m_last_audit_signature != NULL) {
+        RA::Debug("RA:: getLastSignature", "got last sig from file: %s",
+            m_last_audit_signature);
+    }
+}
+
+TPS_PUBLIC LogFile* RA::GetLogFile(const char *log_type)
+{
+    if (strcmp(log_type, "RollingLogFile") == 0) {
+        return new RollingLogFile();
+    } else {
+        return new LogFile();  // default
+    }
+}
+
+/**
+ * Initializes RA with the given configuration file.
+ */
+TPS_PUBLIC int RA::Initialize(char *cfg_path, RA_Context *ctx)
+{
+	int rc = -1;
+        int i = 0;
+        int status = 0;
+
+    //  Authentication *auth;
+	//	int secLevel = 0; // for getting config param
+	bool global_enc = false;
+	SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+
+	m_verify_lock = PR_NewLock();
+	m_debug_log_lock = PR_NewLock();
+	m_audit_log_monitor = PR_NewMonitor();
+	m_error_log_lock = PR_NewLock();
+	m_selftest_log_lock = PR_NewLock();
+	m_config_lock = PR_NewLock();
+	m_cfg = ConfigStore::CreateFromConfigFile(cfg_path);
+    if( m_cfg == NULL ) {
+        rc = -2;
+        goto loser;
+    }
+
+        m_ctx = ctx;
+
+	if (m_cfg->GetConfigAsBool(CFG_DEBUG_ENABLE, 0)) {
+                m_debug_log = GetLogFile(m_cfg->GetConfigAsString(CFG_DEBUG_FILE_TYPE, "LogFile"));
+                status = m_debug_log->startup(ctx, CFG_DEBUG_PREFIX, 
+                             m_cfg->GetConfigAsString(CFG_DEBUG_FILENAME, "/tmp/debug.log"),
+                             false);
+                if (status != PR_SUCCESS) 
+                    goto loser;
+
+                status = m_debug_log->open();
+                if (status != PR_SUCCESS) 
+                    goto loser;
+	}
+
+        m_error_log_level = m_cfg->GetConfigAsInt(CFG_ERROR_LEVEL, (int) LL_PER_SERVER);
+        m_audit_log_level = m_cfg->GetConfigAsInt(CFG_AUDIT_LEVEL, (int) LL_PER_SERVER);
+        m_debug_log_level = m_cfg->GetConfigAsInt(CFG_DEBUG_LEVEL, (int) LL_PER_SERVER);
+        m_selftest_log_level = m_cfg->GetConfigAsInt(CFG_SELFTEST_LEVEL, (int) LL_PER_SERVER);
+
+        // get events for audit signing
+        m_signedAuditSelectedEvents = PL_strdup(m_cfg->GetConfigAsString(CFG_AUDIT_SELECTED_EVENTS, ""));
+        m_signedAuditSelectableEvents = PL_strdup(m_cfg->GetConfigAsString(CFG_AUDIT_SELECTABLE_EVENTS, ""));
+        m_signedAuditNonSelectableEvents= PL_strdup(m_cfg->GetConfigAsString(CFG_AUDIT_NONSELECTABLE_EVENTS, ""));
+        m_audit_enabled = m_cfg->GetConfigAsBool(CFG_AUDIT_ENABLE, false);
+        m_buffer_size = m_cfg->GetConfigAsInt(CFG_AUDIT_BUFFER_SIZE, 512);
+        m_flush_interval = m_cfg->GetConfigAsInt(CFG_AUDIT_FLUSH_INTERVAL, 5);
+
+	if (m_audit_enabled) {
+                // is audit logSigning on?
+                m_audit_signed = m_cfg->GetConfigAsBool(CFG_AUDIT_SIGNED, false);
+                RA::Debug("RA:: Initialize", "Audit signing is %s",
+                          m_audit_signed? "true":"false");
+
+                m_audit_log = GetLogFile(m_cfg->GetConfigAsString(CFG_AUDIT_FILE_TYPE, "LogFile"));
+                status = m_audit_log->startup(ctx, CFG_AUDIT_PREFIX,
+                             m_cfg->GetConfigAsString((m_audit_signed)? 
+                                 CFG_SIGNED_AUDIT_FILENAME:CFG_AUDIT_FILENAME,
+                                 "/tmp/audit.log"),
+                             m_audit_signed);
+                if (status != PR_SUCCESS) 
+                    goto loser;
+
+                status = m_audit_log->open();
+             
+                if (status != PR_SUCCESS)
+                    goto loser;
+
+                m_audit_log_buffer = (char *) PR_Malloc(m_buffer_size);
+                if (m_audit_log_buffer == NULL) {
+                    RA::Debug("RA:: Initialize", "Unable to allocate memory for audit log buffer ..");
+                    goto loser;
+                }
+                PR_snprintf((char *) m_audit_log_buffer, m_buffer_size, "");
+                m_bytes_unflushed = 0;
+	}
+
+	if (m_cfg->GetConfigAsBool(CFG_ERROR_ENABLE, 0)) {
+                m_error_log = GetLogFile(m_cfg->GetConfigAsString(CFG_ERROR_FILE_TYPE, "LogFile"));
+                status = m_error_log->startup(ctx, CFG_ERROR_PREFIX,
+                             m_cfg->GetConfigAsString(CFG_ERROR_FILENAME, "/tmp/error.log"),
+                             false);
+                if (status != PR_SUCCESS)
+                    goto loser;
+
+                status = m_error_log->open();
+                if (status != PR_SUCCESS)
+                    goto loser;
+
+	}
+
+	if (m_cfg->GetConfigAsBool(CFG_SELFTEST_ENABLE, 0)) {
+                m_selftest_log = GetLogFile(m_cfg->GetConfigAsString(CFG_SELFTEST_FILE_TYPE, "LogFile"));
+                status = m_selftest_log->startup(ctx, CFG_SELFTEST_PREFIX,
+                             m_cfg->GetConfigAsString(CFG_SELFTEST_FILENAME, "/tmp/selftest.log"),
+                             false);
+                if (status != PR_SUCCESS)
+                    goto loser;
+
+                status = m_selftest_log->open();
+                if (status != PR_SUCCESS)
+                    goto loser;
+
+	}
+
+
+	RA::Debug("RA:: Initialize", "CS TPS starting...");
+
+    rc = InitializeTokendb(cfg_path);
+    if( rc != LDAP_SUCCESS ) {
+      RA::Debug("RA:: Initialize", "Token DB initialization failed, server continues");
+        ctx->LogError( "RA::Initialize",
+                       __LINE__,
+                       "The TPS plugin could NOT load the "
+                       "Tokendb library!  See specific details in the "
+                       "TPS plugin log files." );
+        // Since the server hasn't started yet, there is
+        // no need to perform a call to RA::Shutdown()!
+        //goto loser;
+    } else
+      RA::Debug("RA:: Initialize", "Token DB initialization succeeded");
+
+    //testTokendb();
+
+    m_pod_enable = m_cfg->GetConfigAsBool("failover.pod.enable", false);
+    m_pod_curr = 0;
+    m_auth_curr = 0;
+    m_pod_lock = PR_NewLock();
+    m_auth_lock = PR_NewLock();
+
+
+    // make encryption not default for operations globally
+    // individual security levels can override
+    //    secLevel = RA::GetConfigAsInt(RA::CFG_CHANNEL_SEC_LEVEL,
+    //				  SECURE_MSG_MAC);
+
+    global_enc = m_cfg->GetConfigAsBool(RA::CFG_CHANNEL_ENCRYPTION, true);
+    if (global_enc == true)
+	  security_level = SECURE_MSG_MAC_ENC;
+	else
+	  security_level = SECURE_MSG_MAC;
+
+    RA::SetGlobalSecurityLevel(security_level);
+
+    // Initialize the CA connection pool to be empty
+    for (i=0; i<MAX_CA_CONNECTIONS; i++) {
+        m_caConnection[i] = NULL;
+    }
+
+    // Initialize the TKS connection pool to be empty
+    for (i=0; i<MAX_TKS_CONNECTIONS; i++) {
+        m_tksConnection[i] = NULL;
+    }
+
+    // Initialize the DRM connection pool to be empty
+    for (i=0; i<MAX_DRM_CONNECTIONS; i++) {
+        m_drmConnection[i] = NULL;
+    }
+
+    // Initialize the authentication list to be empty
+    for (i=0; i<MAX_AUTH_LIST_MEMBERS; i++) {
+        m_auth_list[i] = NULL;
+    }
+
+    // even rc != 0, we still go ahead starting up the server.
+    rc = InitializeAuthentication();
+
+    //Initialize Publisher Library
+    InitializePublishers();
+
+    rc = 1;
+loser:
+	
+    // Log the status of this TPS plugin into the web server's log:
+    if( rc != 1 ) {
+        ctx->LogError( "RA::Initialize",
+                       __LINE__,
+                       "The TPS plugin could NOT be "
+                       "loaded (rc = %d)!  See specific details in the "
+                       "TPS plugin log files.", rc );
+    } else {
+        ctx->LogInfo( "RA::Initialize",
+                      __LINE__,
+                      "The TPS plugin was "
+                      "successfully loaded!" );
+    }
+    return rc;
+}
+
+int RA::InitializeInChild(RA_Context *ctx, int nSignedAuditInitCount) {
+
+    int rc = -1;
+    SECStatus rv;
+    int status = 0;
+    char configname[256];
+
+    RA::Debug( LL_PER_SERVER, "RA::InitializeInChild", "begins: %d",
+                 nSignedAuditInitCount);
+    if (!NSS_IsInitialized()) {
+
+        RA::Debug( LL_PER_SERVER, "RA::InitializeInChild", "Initializing NSS");
+
+        PR_snprintf((char *)configname, 256, "%s/alias", 
+            m_cfg->GetConfigAsString("service.instanceDir", NULL));
+        rv = NSS_Initialize (configname, "", "", SECMOD_DB, NSS_INIT_READONLY);
+        if (rv != SECSuccess) {
+            RA::Error( LL_PER_SERVER, "RA::InitializeInChild",
+                "NSS not initialized successfully");
+            ctx->InitializationError( "RA::InitializeHttpConnections",
+                                       __LINE__ );
+            goto loser;
+        }
+    } else {
+        RA::Debug( LL_PER_SERVER, "RA::InitializeInChild", "NSS already initialized");
+    }
+    //initialize CA Connections
+    status = InitializeHttpConnections("ca", &m_caConns_len,
+         m_caConnection, ctx);
+    if (status != 0) {
+        RA::Debug( LL_PER_SERVER, "RA::InitializeInChild", 
+            "Failed to initialize CA Connection, rc=%i", 
+            (int)status);
+        goto loser;
+    } 
+    // initialize TKS connections
+    status = InitializeHttpConnections("tks", &m_tksConns_len,
+        m_tksConnection, ctx);
+    if (status != 0) {
+        RA::Debug( LL_PER_SERVER, "RA::InitializeInChild", 
+            "Failed to initialize TKS Connection, rc=%i", 
+            (int)status);
+        goto loser;
+    } 
+    // initialize DRM connections
+    status = InitializeHttpConnections("drm", &m_drmConns_len,
+        m_drmConnection, ctx);
+    if (status != 0) {
+        RA::Debug( LL_PER_SERVER, "RA::InitializeInChild", 
+            "Failed to initialize DRM Connection, rc=%i", 
+            (int)status);
+        goto loser;
+    } 
+
+    RA::Debug("RA::InitializeInChild", "nSignedAuditInitCount=%i",
+             nSignedAuditInitCount); 
+    if (NSS_IsInitialized() && (nSignedAuditInitCount >1)) {
+        status = InitializeSignedAudit();
+        if (status == 0) {
+            RA::Audit(EV_AUDIT_LOG_STARTUP, AUDIT_MSG_FORMAT, "System", "Success",
+              "audit function startup");
+        }
+ 
+        // As per CC requirements, we want to flush the audit log immediately
+        // to ensure that the audit log is not full
+        FlushAuditLogBuffer();
+
+        rc = SelfTest::runStartUpSelfTests(); // run general self tests
+        if (rc != 0) goto loser;
+    }
+
+    if (m_debug_log != NULL) {
+        m_debug_log->child_init();
+    }
+     
+    if (m_error_log != NULL) {
+        m_error_log->child_init();
+    }
+
+    if (m_selftest_log != NULL) {
+        m_selftest_log->child_init();
+    }
+
+    if (m_audit_log != NULL) {
+        m_audit_log->child_init();
+    }
+
+    rc =1;
+loser: 
+    return rc;
+}
+
+int RA::testTokendb() {
+    // try to see if we can talk to the database
+    int st = 0;
+    LDAPMessage  *ldapResult = NULL;
+    const char * filter = "(cn=0000000000080000*)";
+
+    if ((st = find_tus_db_entries(filter, 0, &ldapResult)) != LDAP_SUCCESS) {
+        RA::Debug("RA::testing", "response from token DB failed");
+    } else {
+        RA::Debug("RA::testing", "response from token DB succeeded");
+    }
+    if (ldapResult != NULL) {
+        ldap_msgfree(ldapResult);
+    }
+
+    return st;
+}
+
+/*
+ * returns true if item is a value in the comma separated list
+ * used by audit logging functions and profile selection functions
+ */
+TPS_PUBLIC bool RA::match_comma_list(const char* item, char *list)
+{
+    char *pList = PL_strdup(list);
+    char *sresult = NULL;
+    char *lasts = NULL;
+
+    sresult = PL_strtok_r(pList, ",", &lasts);
+    while (sresult != NULL) {
+        if (PL_strcmp(sresult, item) == 0) {
+            if (pList != NULL) {
+                PR_Free(pList);
+                pList = NULL;
+            }
+            return true;
+        }
+        sresult = PL_strtok_r(NULL, ",", &lasts);
+    }
+    if (pList != NULL) {
+        PR_Free(pList);
+        pList = NULL;
+    }
+    return false;
+}
+
+/*
+ * return comma separated list with all instances of item removed
+ * must be freed by caller
+ */
+TPS_PUBLIC char* RA::remove_from_comma_list(const char*item, char *list)
+{
+    int len = PL_strlen(list);
+    char *pList=PL_strdup(list);
+    char *ret = (char *) PR_Malloc(len);
+    char  *sresult = NULL;
+    char *lasts = NULL;
+    
+
+    PR_snprintf(ret, len, "");
+    sresult = PL_strtok_r(pList, ",", &lasts);
+    while (sresult != NULL) {
+        if (PL_strcmp(sresult, item) != 0) {
+            PR_snprintf(ret, len, "%s%s%s", ret, (PL_strlen(ret)>0)? "," : "", sresult);
+        }
+        sresult = PL_strtok_r(NULL, ",",&lasts);
+    }
+    if (pList != NULL) {
+        PR_Free(pList);
+        pList = NULL;
+    }
+    return ret;
+}
+
+
+/*
+ * returns true if an audit event is valid, false if not
+ */
+bool RA::IsValidEvent(const char *auditEvent)
+{
+    return match_comma_list(auditEvent, m_signedAuditNonSelectableEvents) ||
+           match_comma_list(auditEvent, m_signedAuditSelectableEvents);
+}
+
+/*
+ * returns true if an audit event is selected, false if not
+ */
+bool RA::IsAuditEventSelected(const char* auditEvent)
+{
+  return match_comma_list(auditEvent, m_signedAuditNonSelectableEvents) || 
+         match_comma_list(auditEvent, m_signedAuditSelectedEvents);
+}
+
+int RA::IsTokendbInitialized()
+{
+  return tokendbInitialized;
+}
+
+int RA::IsTpsConfigured()
+{
+  return tpsConfigured;
+}
+
+/**
+ * Shutdown RA.
+ */
+TPS_PUBLIC int RA::Shutdown()
+{
+
+    tus_db_end();
+    tus_db_cleanup();
+
+    if( m_pod_lock != NULL ) {
+        PR_DestroyLock( m_pod_lock );
+        m_pod_lock = NULL;
+    }
+
+    if( m_auth_lock != NULL ) {
+        PR_DestroyLock( m_auth_lock );
+        m_auth_lock = NULL;
+    }
+
+    if (m_caConnection != NULL) {
+        for (int i=0; i<m_caConns_len; i++) {
+            if( m_caConnection[i] != NULL ) {
+                delete m_caConnection[i];
+                m_caConnection[i] = NULL;
+            }
+        }
+    }
+
+    if (m_tksConnection != NULL) {
+        for (int i=0; i<m_tksConns_len; i++) {
+            if( m_tksConnection[i] != NULL ) {
+                delete m_tksConnection[i];
+                m_tksConnection[i] = NULL;
+            }
+        }
+    }
+    if (m_drmConnection != NULL) {
+        for (int i=0; i<m_drmConns_len; i++) {
+            if( m_drmConnection[i] != NULL ) {
+                delete m_drmConnection[i];
+                m_drmConnection[i] = NULL;
+            }
+        }
+    }
+
+	/* close audit file if opened */
+    PR_EnterMonitor(m_audit_log_monitor);
+    if( (m_audit_log != NULL)  && (m_audit_log->isOpen())) {
+        if (m_audit_log_buffer != NULL) {
+            m_flush_interval = 0;  // terminate flush thread 
+            PR_Interrupt(m_flush_thread);
+            if (m_flush_thread != NULL) {
+                PR_JoinThread(m_flush_thread);
+            }
+        }
+        if ((m_audit_signed) && (m_audit_signing_key != NULL)) {
+            RA::Audit(EV_AUDIT_LOG_SHUTDOWN, AUDIT_MSG_FORMAT, "System", "Success",
+                "audit function shutdown");
+        }
+    
+        if (m_bytes_unflushed > 0) {
+                FlushAuditLogBuffer();
+        }
+    }
+    if (m_audit_log != NULL) {
+        m_audit_log->shutdown();
+        delete m_audit_log;
+        m_audit_log = NULL;
+    }
+    PR_ExitMonitor(m_audit_log_monitor);
+
+    if (m_audit_log_buffer) {
+        PR_Free(m_audit_log_buffer);
+        m_audit_log_buffer = NULL;
+    }
+
+    /* close debug file if opened */
+    if ( m_debug_log != NULL ) {
+        m_debug_log->shutdown();
+        delete m_debug_log;
+        m_debug_log = NULL;
+    }
+
+    /* close error file if opened */
+    if( m_error_log != NULL ) {
+        m_error_log->shutdown();
+        delete m_error_log;
+        m_error_log = NULL;
+    }
+
+    /* close self test file if opened */
+    if( m_selftest_log != NULL ) {
+        m_selftest_log->shutdown();
+        delete m_selftest_log;
+        m_selftest_log = NULL;
+    }
+
+    if( m_verify_lock != NULL ) {
+        PR_DestroyLock( m_verify_lock );
+        m_verify_lock = NULL;
+    }
+
+    if( m_debug_log_lock != NULL ) {
+        PR_DestroyLock( m_debug_log_lock );
+        m_debug_log_lock = NULL;
+    }
+
+    if( m_audit_log_monitor != NULL ) {
+        PR_DestroyMonitor( m_audit_log_monitor );
+        m_audit_log_monitor = NULL;
+    }
+
+    if( m_error_log_lock != NULL ) {
+        PR_DestroyLock( m_error_log_lock );
+        m_error_log_lock = NULL;
+    }
+
+    if( m_selftest_log_lock != NULL ) {
+        PR_DestroyLock( m_selftest_log_lock );
+        m_selftest_log_lock = NULL;
+    }
+
+    if( m_config_lock != NULL ) {
+        PR_DestroyLock( m_config_lock );
+        m_config_lock = NULL;
+    }
+
+    if (m_auth_list != NULL) {
+        for (int i=0; i<m_auth_len; i++) {
+            if( m_auth_list[i] != NULL ) {
+                delete m_auth_list[i];
+                m_auth_list[i] = NULL;
+            }
+        }
+    }
+
+    /* destroy configuration hashtable */
+    if( m_cfg != NULL ) {
+        delete m_cfg;
+        m_cfg = NULL;
+    }
+
+    CleanupPublishers();
+
+    return 1;
+}
+
+HttpConnection *RA::GetTKSConn(const char *id) {
+    HttpConnection *tksconn = NULL;
+    for (int i=0; i<m_tksConns_len; i++) {
+        if (strcmp(m_tksConnection[i]->GetId(), id) == 0) {
+            tksconn = m_tksConnection[i];   
+            break;
+        }
+    }
+    return tksconn; 
+}
+
+HttpConnection *RA::GetDRMConn(const char *id) {
+    HttpConnection *drmconn = NULL;
+    for (int i=0; i<m_drmConns_len; i++) {
+        if (strcmp(m_drmConnection[i]->GetId(), id) == 0) {
+            drmconn = m_drmConnection[i];   
+            break;
+        }
+    }
+    return drmconn; 
+}
+
+void RA::ReturnTKSConn(HttpConnection *conn) {
+    // do nothing for now
+}
+
+void RA::ReturnDRMConn(HttpConnection *conn) {
+    // do nothing for now
+}
+
+HttpConnection *RA::GetCAConn(const char *id) {
+    HttpConnection *caconn = NULL;
+    if (id == NULL)
+      return NULL;
+    for (int i=0; i<m_caConns_len; i++) {
+        if (strcmp(m_caConnection[i]->GetId(), id) == 0) {
+            caconn = m_caConnection[i];
+            break;
+        }
+    }
+    return caconn;
+}
+
+AuthenticationEntry *RA::GetAuth(const char *id) {
+    AuthenticationEntry *authEntry = NULL;
+    for (int i=0; i<m_auth_len; i++) {
+        authEntry = m_auth_list[i];
+        if (strcmp(authEntry->GetId(), id) == 0)
+            return authEntry;
+    }
+    return NULL;
+}
+
+void RA::ReturnCAConn(HttpConnection *conn) {
+    // do nothing for now
+}
+
+TPS_PUBLIC PRLock *RA::GetAuthLock() {
+    return m_auth_lock;
+}
+
+int RA::GetPodIndex() {
+    PR_Lock(m_pod_lock);
+    int index = m_pod_curr;
+    PR_Unlock(m_pod_lock);
+    return index;
+}
+
+void RA::SetPodIndex(int index) {
+    PR_Lock(m_pod_lock);
+    m_pod_curr = index;
+    PR_Unlock(m_pod_lock);
+}
+
+void RA::SetCurrentIndex(HttpConnection *&conn, int index) {
+    PRLock *lock = conn->GetLock();
+    PR_Lock(lock);
+    conn->SetCurrentIndex(index);
+    PR_Unlock(lock);
+}
+
+int RA::GetCurrentIndex(HttpConnection *conn) {
+    PRLock *lock = conn->GetLock();
+    PR_Lock(lock);
+    int index = conn->GetCurrentIndex();
+    PR_Unlock(lock);
+    return index;
+}
+
+TPS_PUBLIC int RA::GetAuthCurrentIndex() {
+    PR_Lock(m_auth_lock);
+    int index = m_auth_curr;
+    PR_Unlock(m_auth_lock);
+    return index;
+}
+
+void RA::SetAuthCurrentIndex(int index) {
+    PR_Lock(m_auth_lock);
+    m_auth_curr = index;
+    PR_Unlock(m_auth_lock);
+}
+
+TPS_PUBLIC void RA::IncrementAuthCurrentIndex(int len) {
+    PR_Lock(m_auth_lock);
+    if ((++m_auth_curr) >= len)
+        m_auth_curr = 0;
+    PR_Unlock(m_auth_lock);
+}
+
+void RA::SetGlobalSecurityLevel(SecurityLevel sl) {
+    m_global_security_level = sl;
+    RA::Debug(" RA::SetGlobalSecurityLevel", "global security level set to %d", (int) sl);
+
+}
+
+SecurityLevel RA::GetGlobalSecurityLevel() {
+    return m_global_security_level;
+}
+
+
+/*
+ * recovers user encryption key that was previously archived.
+ * It expects DRM to search its archival db by cert.
+ *
+ * input:
+ * @param cuid (cuid of the recovering key's token)
+ * @param userid (uid of the recovering key owner
+ * @param desKey_s (came from TKS - session key wrapped with DRM transport
+ * @param cert (base64 encoded cert of the recovering key)
+ * @param connId (drm connectoin id)
+ *
+ * output:
+ * @param publickey_s public key provided by DRM
+ * @param wrappedPrivateKey_s encrypted private key provided by DRM
+ * @param ivParam_s returned intialization vector
+ */
+void RA::RecoverKey(RA_Session *session, const char* cuid,
+                    const char *userid, char* desKey_s,
+                    char *b64cert, char **publicKey_s,
+                    char **wrappedPrivateKey_s, const char *connId,  char **ivParam_s)
+{
+    int status;
+    PSHttpResponse *response = NULL;
+    HttpConnection *drmConn = NULL;
+    char body[MAX_BODY_LEN];
+    char configname[256];
+    char * cert_s;
+    int drm_curr = 0;
+    long s;
+    char * content = NULL;
+    char ** hostport= NULL;
+    const char* servletID = NULL;
+    char *wrappedDESKey_s= NULL;
+    Buffer *decodeKey = NULL;
+    ConnectionInfo *connInfo = NULL;
+    RA_pblock *ra_pb = NULL;
+    int currRetries = 0;
+    char *p = NULL;
+
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey");
+    if (cuid == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, cuid NULL");
+      goto loser;
+    }
+    if (userid == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, userid NULL");
+      goto loser;
+    }
+    if (b64cert == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, b64cert NULL");
+      goto loser;
+    }
+    if (desKey_s == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, desKey_s NULL");
+      goto loser;
+    }
+    if (connId == NULL) {
+      RA::Debug(" RA:: RecoverKey", "in RecoverKey, connId NULL");
+      goto loser;
+    }
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, desKey_s=%s, connId=%s",desKey_s,  connId);
+
+    cert_s = Util::URLEncode(b64cert);
+    drmConn = RA::GetDRMConn(connId);
+    if (drmConn == NULL) {
+        RA::Debug(" RA:: RecoverKey", "in RecoverKey, failed getting drmconn");
+	goto loser;
+    }
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, got drmconn");
+    connInfo = drmConn->GetFailoverList();
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, got drm failover");
+    decodeKey = Util::URLDecode(desKey_s);
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey,url decoded des");
+    wrappedDESKey_s = Util::SpecialURLEncode(*decodeKey);
+
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, wrappedDESKey_s=%s", wrappedDESKey_s);
+
+    PR_snprintf((char *)body, MAX_BODY_LEN, 
+		"CUID=%s&userid=%s&drm_trans_desKey=%s&cert=%s",cuid, userid, wrappedDESKey_s, cert_s);
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, body=%s", body);
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.TokenKeyRecovery", connId);
+        servletID = GetConfigStore()->GetConfigAsString(configname);
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey, configname=%s", configname);
+
+    drm_curr = RA::GetCurrentIndex(drmConn);
+    response = drmConn->getResponse(drm_curr, servletID, body);
+    hostport = connInfo->GetHostPortList();
+    if (response == NULL) {
+        RA::Debug(LL_PER_PDU, "The recoverKey response from DRM ", 
+          "at %s is NULL.", hostport[drm_curr]);
+ 
+      //goto loser;
+    } else {
+        RA::Debug(LL_PER_PDU, "The recoverKey response from DRM ", 
+          "at %s is not NULL.", hostport[drm_curr]);
+    }
+
+    while (response == NULL) {
+        RA::Failover(drmConn, connInfo->GetHostPortListLen());
+    
+        drm_curr = RA::GetCurrentIndex(drmConn);
+        RA::Debug(LL_PER_PDU, "RA is reconnecting to DRM ", 
+          "at %s for recoverKey.", hostport[drm_curr]);
+    
+        if (++currRetries >= drmConn->GetNumOfRetries()) {
+            RA::Debug("Used up all the retries in recoverKey. Response is NULL","");
+            RA::Error("RA::RecoverKey","Failed connecting to DRM after %d retries", currRetries);
+
+            goto loser;
+        }
+        response = drmConn->getResponse(drm_curr, servletID, body);
+    }
+
+    RA::Debug(" RA:: RecoverKey", "in RecoverKey - got response");
+    // XXXskip handling fallback host for prototype
+
+    content = response->getContent();
+    p = strstr(content, "status=");
+    content = p; //skip the HTTP header
+
+    s = response->getStatus();
+
+    if ((content != NULL) && (s == 200)) {
+      RA::Debug("RA::RecoverKey", "response from DRM status ok");
+
+      Buffer* status_b;
+      char* status_s;
+
+      ra_pb = ( RA_pblock * ) session->create_pblock(content);
+      if (ra_pb == NULL)
+	goto loser;
+
+      status_b = ra_pb->find_val("status");
+      if (status_b == NULL) {
+	status = 4;
+	goto loser;
+      }
+      else {
+	status_s = status_b->string();
+	status = atoi(status_s);
+        if (status_s != NULL) {
+            PR_Free(status_s);
+        }
+      }
+
+
+      char * tmp = NULL;
+      tmp = ra_pb->find_val_s("public_key");
+      if ((tmp == NULL) || (strcmp(tmp,"")==0)) {
+	RA::Error(LL_PER_PDU, "RecoverKey"," got no public key");
+	goto loser;
+      } else {
+	RA::Debug(LL_PER_PDU, "RecoverKey", "got public key =%s", tmp);
+	*publicKey_s  = PL_strdup(tmp);
+      }
+
+      tmp = NULL;
+      tmp = ra_pb->find_val_s("wrapped_priv_key");
+      if ((tmp == NULL) || (strcmp(tmp,"")==0)) {
+	RA::Error(LL_PER_PDU, "RecoverKey"," got no wrapped private key");
+	//XXX	      goto loser;
+      } else {
+	RA::Debug(LL_PER_PDU, "RecoverKey", "got wrappedprivate key =%s", tmp);
+	*wrappedPrivateKey_s  = PL_strdup(tmp);
+      }
+
+      tmp = ra_pb->find_val_s("iv_param");
+      if ((tmp == NULL) || (strcmp(tmp,"")==0)) {
+          RA::Error(LL_PER_PDU, "RecoverKey",
+              "did not get iv_param for recovered  key in DRM response");
+      } else {
+          RA::Debug(LL_PER_PDU, "ServerSideKeyGen", "got iv_param for recovered key =%s", tmp);
+          *ivParam_s  = PL_strdup(tmp);
+      }
+
+    } else {// if content is NULL or status not 200
+      if (content != NULL)
+	RA::Debug("RA::RecoverKey", "response from DRM error status %ld", s);
+      else
+	RA::Debug("RA::RecoverKey", "response from DRM no content");
+    }
+ loser:
+    if (desKey_s != NULL)
+      PR_Free(desKey_s);
+
+    if (decodeKey != NULL)
+      PR_Free(decodeKey);
+
+    if (wrappedDESKey_s != NULL)
+      PR_Free(wrappedDESKey_s);
+
+    if (drmConn != NULL)
+      RA::ReturnDRMConn(drmConn);
+
+    if (response != NULL) {
+      if (content != NULL)
+	response->freeContent();
+      delete response;
+    }
+
+    if (ra_pb != NULL) {
+      delete ra_pb;
+    }
+
+}
+
+
+
+/*
+ * input:
+ * @param desKey_s provided for drm to wrap user private
+ * @param publicKey_s returned for key injection back to token
+ *
+ * Output:
+ * @param publicKey_s public key provided by DRM
+ * @param wrappedPrivateKey_s encrypted private key provided by DRM
+ */
+void RA::ServerSideKeyGen(RA_Session *session, const char* cuid,
+                          const char *userid, char* desKey_s,
+	                      char **publicKey_s,
+                          char **wrappedPrivateKey_s,
+                          char **ivParam_s, const char *connId,
+                          bool archive, int keysize)
+{
+
+	const char *FN="RA::ServerSideKeyGen";
+    int status;
+    PSHttpResponse *response = NULL;
+    HttpConnection *drmConn = NULL;
+    char body[MAX_BODY_LEN];
+    char configname[256];
+
+    long s;
+    char * content = NULL;
+    char ** hostport = NULL;
+    const char* servletID = NULL;
+    char *wrappedDESKey_s = NULL;
+    Buffer *decodeKey = NULL;
+    ConnectionInfo *connInfo = NULL;
+    RA_pblock *ra_pb = NULL;
+    int drm_curr = 0;
+    int currRetries = 0;
+    char *p = NULL;
+
+    if ((cuid == NULL) || (strcmp(cuid,"")==0)) {
+      RA::Debug( LL_PER_CONNECTION, FN,
+			"error: passed invalid cuid");
+      goto loser;
+    }
+    if ((userid == NULL) || (strcmp(userid,"")==0)) {
+      RA::Debug(LL_PER_CONNECTION, FN,
+			"error: passed invalid userid");
+      goto loser;
+    }
+    if ((desKey_s == NULL) || (strcmp(desKey_s,"")==0)) {
+      RA::Debug(LL_PER_CONNECTION, FN, 
+			 "error: passed invalid desKey_s");
+      goto loser;
+    }
+    if ((connId == NULL) ||(strcmp(connId,"")==0)) {
+      RA::Debug(LL_PER_CONNECTION, FN,
+			 "error: passed invalid connId");
+      goto loser;
+    }
+    RA::Debug(LL_PER_CONNECTION, FN,
+			 "desKey_s=%s, connId=%s",desKey_s,  connId);
+    drmConn = RA::GetDRMConn(connId);
+
+    if (drmConn == NULL) {
+        RA::Debug(LL_PER_CONNECTION, FN,
+			"drmconn is null");
+		goto loser;
+    }
+    RA::Debug(LL_PER_CONNECTION, FN,
+			"found DRM connection info");
+    connInfo = drmConn->GetFailoverList();
+    RA::Debug(LL_PER_CONNECTION, FN,
+		 "got DRM failover list");
+
+    decodeKey = Util::URLDecode(desKey_s);
+    if (decodeKey == NULL) {
+      RA::Debug(LL_PER_CONNECTION, FN,
+		"url-decoding of des key-transport-key failed");
+      goto loser;
+    }
+    RA::Debug(LL_PER_CONNECTION, FN,
+		"successfully url-decoded key-transport-key");
+    wrappedDESKey_s = Util::SpecialURLEncode(*decodeKey);
+
+    RA::Debug(LL_PER_CONNECTION, FN,
+		"wrappedDESKey_s=%s", wrappedDESKey_s);
+
+    PR_snprintf((char *)body, MAX_BODY_LEN, 
+		"archive=%s&CUID=%s&userid=%s&keysize=%d&drm_trans_desKey=%s",archive?"true":"false",cuid, userid, keysize, wrappedDESKey_s);
+    RA::Debug(LL_PER_CONNECTION, FN, 
+		"sending to DRM: query=%s", body);
+
+    PR_snprintf((char *)configname, 256, "conn.%s.servlet.GenerateKeyPair", connId);
+    servletID = GetConfigStore()->GetConfigAsString(configname);
+    RA::Debug(LL_PER_CONNECTION, FN,
+		 "finding DRM servlet info, configname=%s", configname);
+
+    drm_curr = RA::GetCurrentIndex(drmConn);
+    response = drmConn->getResponse(drm_curr, servletID, body);
+    hostport = connInfo->GetHostPortList();
+    if (response == NULL) {
+        RA::Error(LL_PER_CONNECTION, FN, 
+			"failed to get response from DRM at %s", 
+			hostport[drm_curr]);
+        RA::Debug(LL_PER_CONNECTION, FN, 
+			"failed to get response from DRM at %s", 
+			hostport[drm_curr]);
+    } else { 
+        RA::Debug(LL_PER_CONNECTION, FN,
+			"response from DRM (%s) is not NULL.",
+			 hostport[drm_curr]);
+    }
+
+    while (response == NULL) {
+        RA::Failover(drmConn, connInfo->GetHostPortListLen());
+
+        drm_curr = RA::GetCurrentIndex(drmConn);
+        RA::Debug(LL_PER_CONNECTION, FN,
+			"RA is failing over to DRM at %s", hostport[drm_curr]);
+
+        if (++currRetries >= drmConn->GetNumOfRetries()) {
+            RA::Debug(LL_PER_CONNECTION, FN,
+				"Failed to get response from all DRMs in conn group '%s'"
+				" after %d retries", connId, currRetries);
+            RA::Error(LL_PER_CONNECTION, FN,
+				"Failed to get response from all DRMs in conn group '%s'"
+				" after %d retries", connId, currRetries);
+
+
+            goto loser;
+        }
+        response = drmConn->getResponse(drm_curr, servletID, body);
+    }
+
+    RA::Debug(" RA:: ServerSideKeyGen", "in ServerSideKeyGen - got response");
+    // XXX skip handling fallback host for prototype
+
+    content = response->getContent();
+    p = strstr(content, "status=");
+    content = p; //skip the HTTP header
+    s = response->getStatus();
+
+    if ((content != NULL) && (s == 200)) {
+	  RA::Debug("RA::ServerSideKeyGen", "response from DRM status ok");
+
+	  Buffer* status_b;
+	  char* status_s;
+
+	  ra_pb = ( RA_pblock * ) session->create_pblock(content);
+	  if (ra_pb == NULL)
+	    goto loser;
+
+	  status_b = ra_pb->find_val("status");
+	  if (status_b == NULL) {
+	    status = 4;
+	    goto loser;
+	  } else {
+	    status_s = status_b->string();
+	    status = atoi(status_s);
+            if (status_s != NULL) {
+                PR_Free(status_s);
+            }
+	  }
+
+	  char * tmp = NULL;
+	  tmp = ra_pb->find_val_s("public_key");
+	  if (tmp == NULL) {
+	    RA::Error(LL_PER_CONNECTION, FN,
+			"Did not get public key in DRM response");
+	  } else {
+	    RA::Debug(LL_PER_PDU, "ServerSideKeyGen", "got public key =%s", tmp);
+	    *publicKey_s  = PL_strdup(tmp);
+	  }
+
+	  tmp = NULL;
+	  tmp = ra_pb->find_val_s("wrapped_priv_key");
+	  if ((tmp == NULL) || (strcmp(tmp,"")==0)) {
+	    RA::Error(LL_PER_CONNECTION, FN,
+				"did not get wrapped private key in DRM response");
+	  } else {
+	    RA::Debug(LL_PER_CONNECTION, FN,
+			"got wrappedprivate key =%s", tmp);
+	    *wrappedPrivateKey_s  = PL_strdup(tmp);
+	  }
+
+	  tmp = ra_pb->find_val_s("iv_param");
+	  if ((tmp == NULL) || (strcmp(tmp,"")==0)) {
+	    RA::Error(LL_PER_CONNECTION, FN,
+				"did not get iv_param for private key in DRM response");
+	  } else {
+	    RA::Debug(LL_PER_PDU, "ServerSideKeyGen", "got iv_param for private key =%s", tmp);
+	    *ivParam_s  = PL_strdup(tmp);
+	  }
+
+    } else {// if content is NULL or status not 200
+	  if (content != NULL)
+	    RA::Debug("RA::ServerSideKeyGen", "response from DRM error status %ld", s);
+	  else
+	    RA::Debug("RA::ServerSideKeyGen", "response from DRM no content");
+    }
+
+ loser:
+    if (desKey_s != NULL)
+      PR_Free(desKey_s);
+
+    if (decodeKey != NULL) {
+      delete decodeKey;
+    }
+
+    if (wrappedDESKey_s != NULL)
+      PR_Free(wrappedDESKey_s);
+
+    if (drmConn != NULL)
+      RA::ReturnDRMConn(drmConn);
+
+    if (response != NULL) {
+      if (content != NULL)
+	response->freeContent();
+      delete response;
+    }
+
+    if (ra_pb != NULL) {
+      delete ra_pb;
+    }
+
+}
+
+
+#define DES2_WORKAROUND
+#define MAX_BODY_LEN 4096
+
+PK11SymKey *RA::ComputeSessionKey(RA_Session *session,
+                                  Buffer &CUID,
+                                  Buffer &keyInfo,
+                                  Buffer &card_challenge,
+                                  Buffer &host_challenge,
+                                  Buffer **host_cryptogram,
+                                  Buffer &card_cryptogram,
+                                  PK11SymKey **encSymKey,
+                                  char** drm_desKey_s,
+                                  char** kek_desKey_s,
+                                  char** keycheck_s,
+                                  const char *connId)
+{
+    PK11SymKey *symKey = NULL;
+    char body[MAX_BODY_LEN];
+    char configname[256];
+    char * cardc = NULL;
+    char * hostc = NULL;
+    char * cardCrypto = NULL;
+    char * cuid = NULL;
+    char * keyinfo =  NULL;
+    PSHttpResponse *response = NULL;
+    HttpConnection *tksConn = NULL;
+    RA_pblock *ra_pb = NULL;
+
+    RA::Debug(LL_PER_PDU, "Start ComputeSessionKey", "");
+    tksConn = RA::GetTKSConn(connId);
+    if (tksConn == NULL) {
+        RA::Error(LL_PER_PDU, "RA::ComputeSessionKey", "Failed to get TKSConnection %s", connId);
+        return NULL;
+    } else {
+        int currRetries = 0;
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+
+	PR_snprintf((char *) configname, 256, "conn.%s.keySet", connId);
+	const char *keySet = RA::GetConfigStore()->GetConfigAsString(configname, "defKeySet");
+	// is serversideKeygen on?
+	PR_snprintf((char *) configname, 256, "conn.%s.serverKeygen", connId);
+	bool serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+	if (serverKeygen)
+	  RA::Debug(LL_PER_PDU, "RA::ComputeSessionKey", "serverKeygen for %s is on", connId);
+	else
+	  RA::Debug(LL_PER_PDU, "RA::ComputeSessionKey", "serverKeygen for %s is off", connId);
+
+        cardc = Util::SpecialURLEncode(card_challenge);
+        hostc = Util::SpecialURLEncode(host_challenge);
+        cardCrypto = Util::SpecialURLEncode(card_cryptogram);
+        cuid = Util::SpecialURLEncode(CUID);
+        keyinfo = Util::SpecialURLEncode(keyInfo);
+
+        if ((cardc == NULL) || (hostc == NULL) || (cardCrypto == NULL) ||
+          (cuid == NULL) || (keyinfo == NULL))
+	    goto loser;
+
+        PR_snprintf((char *)body, MAX_BODY_LEN, 
+          "serversideKeygen=%s&CUID=%s&card_challenge=%s&host_challenge=%s&KeyInfo=%s&card_cryptogram=%s&keySet=%s", serverKeygen? "true":"false", cuid, 
+          cardc, hostc, keyinfo, cardCrypto, keySet);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.computeSessionKey", connId);
+        const char *servletID = GetConfigStore()->GetConfigAsString(configname);
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        response = tksConn->getResponse(tks_curr, servletID, body);
+        char **hostport = connInfo->GetHostPortList();
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The computeSessionKey response from TKS ", 
+              "at %s is NULL.", hostport[tks_curr]);
+        else 
+            RA::Debug(LL_PER_PDU, "The computeSessionKey response from TKS ", 
+              "at %s is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+
+            tks_curr = RA::GetCurrentIndex(tksConn);
+            RA::Debug(LL_PER_PDU, "RA is reconnecting to TKS ", 
+              "at %s for computeSessionKey.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug("Used up all the retries in ComputeSessionKey. Response is NULL","");
+                RA::Error("RA::ComputeSessionKey","Failed connecting to TKS after %d retries", currRetries);
+
+                goto loser;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body); 
+        }
+
+        RA::Debug(LL_PER_PDU, "ComputeSessionKey Response is not ","NULL");
+        char * content = response->getContent();
+
+	PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+
+        if (content != NULL) {
+	  Buffer *status_b;
+
+	  char *status_s, *sessionKey_s, *encSessionKey_s, *hostCryptogram_s;
+	  int status;
+
+      /* strip the http header */
+      /* raidzilla 57722: strip the HTTP header and just pass
+         name value pairs into the pblock parsing code.
+       */
+      RA::Debug("RA::Engine", "Pre-processing content '%s", content);
+      char *cx = content;
+      while (cx[0] != '\0' && (!(cx[0] == '\r' && cx[1] == '\n' && 
+                 cx[2] == '\r' && cx[3] == '\n')))
+      {
+          cx++;
+      }
+      if (cx[0] != '\0') {
+          cx+=4;
+      }
+      RA::Debug("RA::Engine", "Post-processing content '%s", cx);
+	  ra_pb = ( RA_pblock * ) session->create_pblock(cx);
+	  if (ra_pb == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no ra_pb");
+	    goto loser;
+	  }
+
+	status_b = ra_pb->find_val(TKS_RESPONSE_STATUS);
+	if (status_b == NULL) {
+	  status = 4;
+	    RA::Error(LL_PER_SERVER, "RA:ComputeSessionKey", "Bad TKS Connection. Please make sure TKS is accessible by TPS.");
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no status");
+      goto loser;
+	  // return NULL;
+	}
+	else {
+	  status_s = status_b->string();
+	  status = atoi(status_s);
+          if (status_s != NULL) {
+              PR_Free(status_s);
+          }
+	}
+
+	sessionKey_s = ra_pb->find_val_s(TKS_RESPONSE_SessionKey);
+	if (sessionKey_s == NULL) {
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no sessionKey_b");
+	  goto loser;
+	}
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "mac session key=%s", sessionKey_s);
+	Buffer *decodeKey = Util::URLDecode(sessionKey_s);
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "decodekey len=%d",decodeKey->size());
+
+	BYTE masterKeyData[24];
+	SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData)};
+	BYTE *keyData = (BYTE *)*decodeKey;
+	memcpy(masterKeyData, (char*)keyData, 16);
+	memcpy(masterKeyData+16, (char*)keyData, 8);
+
+	symKey = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+					    PK11_OriginGenerated, CKA_ENCRYPT, &masterKeyItem,
+					    CKF_ENCRYPT, PR_FALSE, 0);
+
+	if( decodeKey != NULL ) {
+	  delete decodeKey;
+	  decodeKey = NULL;
+	}
+	if (symKey == NULL)
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "MAC Session key is NULL");
+
+
+	encSessionKey_s = ra_pb->find_val_s(TKS_RESPONSE_EncSessionKey);
+	if (encSessionKey_s == NULL) {
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "fail no encSessionKey_b");
+	  goto loser;
+	}
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "encSessionKey=%s", encSessionKey_s);
+	Buffer *decodeEncKey = Util::URLDecode(encSessionKey_s);
+
+	RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey",
+		  "decodeEnckey len=%d",decodeEncKey->size());
+
+	BYTE masterEncKeyData[24];
+	SECItem masterEncKeyItem =
+	  {siBuffer, masterEncKeyData, sizeof(masterEncKeyData)};
+	BYTE *EnckeyData = (BYTE *)*decodeEncKey;
+	memcpy(masterEncKeyData, (char*)EnckeyData, 16);
+	memcpy(masterEncKeyData+16, (char*)EnckeyData, 8);
+
+	*encSymKey =
+	  PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+				     PK11_OriginGenerated, CKA_ENCRYPT, &masterEncKeyItem,
+				     CKF_ENCRYPT, PR_FALSE, 0);
+
+	if( decodeEncKey != NULL ) {
+	  delete decodeEncKey;
+	  decodeEncKey = NULL;
+	}
+
+	if (encSymKey == NULL)
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "encSessionKey is NULL");
+
+
+	if (serverKeygen) {
+	  char * tmp= NULL;
+	  tmp = ra_pb->find_val_s(TKS_RESPONSE_DRM_Trans_DesKey);
+	  if (tmp == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "drm_desKey not retrieved");
+	    RA::Error(LL_PER_PDU, "RA:ComputeSessionKey", "drm_desKey not retrieved");
+	    goto loser;
+	  } else {
+	    *drm_desKey_s = PL_strdup(tmp);
+	  }
+	  // wrapped des key is to be sent to DRM "as is"
+	  // thus should not be touched
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "drm_desKey=%s", *drm_desKey_s );
+
+	  tmp = ra_pb->find_val_s(TKS_RESPONSE_KEK_DesKey);
+	  if (tmp == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "kek-wrapped desKey not retrieved");
+	    RA::Error(LL_PER_PDU, "RA:ComputeSessionKey", "kek-wrapped desKey not retrieved");
+	    goto loser;
+	  } else {
+	    *kek_desKey_s = PL_strdup(tmp);
+	  }
+	  RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "kek_desKey=%s", *kek_desKey_s );
+
+
+	  tmp = ra_pb->find_val_s("keycheck");
+	  if (tmp == NULL) {
+	    RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "keycheck not retrieved");
+	    RA::Error(LL_PER_PDU, "RA:ComputeSessionKey", "keycheck not retrieved");
+	    goto loser;
+	  } else {
+	    *keycheck_s = PL_strdup(tmp);
+	  }
+	}// serversideKeygen
+
+	hostCryptogram_s = ra_pb->find_val_s(TKS_RESPONSE_HostCryptogram);
+	if (hostCryptogram_s == NULL)
+	  goto loser;
+
+                        RA::Debug(LL_PER_PDU, "RA:ComputeSessionKey", "hostC=%s", hostCryptogram_s);
+                        *host_cryptogram = Util::URLDecode(hostCryptogram_s);
+	} // if content != NULL
+
+    } // else tksConn != NULL
+        RA::Debug(LL_PER_PDU, "finish ComputeSessionKey", "");
+
+
+ loser:
+	if (tksConn != NULL) {
+            RA::ReturnTKSConn(tksConn);
+	}
+    if( cardc != NULL ) {
+        PR_Free( cardc );
+        cardc = NULL;
+    }
+    if( hostc != NULL ) {
+        PR_Free( hostc );
+        hostc = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( cuid );
+        cuid = NULL;
+    }
+    if( keyinfo != NULL ) {
+        PR_Free( keyinfo );
+        keyinfo = NULL;
+    }
+    if (cardCrypto != NULL) {
+        PR_Free( cardCrypto );
+        cardCrypto = NULL;
+    }
+
+    if( response != NULL ) {
+        response->freeContent();
+        delete response;
+        response = NULL;
+    }
+
+    if (ra_pb != NULL) {
+      delete ra_pb;
+    }
+	// in production, if TKS is unreachable, symKey will be NULL,
+	// and this will signal error to the caller.
+	return symKey;
+
+}
+
+Buffer *RA::ComputeHostCryptogram(Buffer &card_challenge, 
+		Buffer &host_challenge)
+{ 
+	/* hardcoded enc auth key */
+	BYTE enc_auth_key[16] = {
+		0x40, 0x41, 0x42, 0x43, 
+		0x44, 0x45, 0x46, 0x47, 
+		0x48, 0x49, 0x4a, 0x4b, 
+		0x4c, 0x4d, 0x4e, 0x4f 
+	};
+	Buffer input = Buffer(16, (BYTE)0);
+	int i;
+	Buffer icv = Buffer(8, (BYTE)0);
+	Buffer *output = new Buffer(8, (BYTE)0);
+	BYTE *cc = (BYTE*)card_challenge;
+	int cc_len = card_challenge.size();
+	BYTE *hc = (BYTE*)host_challenge;
+	int hc_len = host_challenge.size();
+
+	/* copy card and host challenge into input buffer */
+	for (i = 0; i < 8; i++) {
+		((BYTE*)input)[i] = cc[i];
+	}
+	for (i = 0; i < 8; i++) {
+		((BYTE*)input)[8+i] = hc[i];
+	}
+
+	PK11SymKey *key = Util::DeriveKey(
+		Buffer(enc_auth_key, 16), Buffer(hc, hc_len), 
+		Buffer(cc, cc_len));
+	Util::ComputeMAC(key, input, icv, *output);
+
+	return output;
+}
+
+TPS_PUBLIC void RA::DebugBuffer(const char *func_name, const char *prefix, Buffer *buf)
+{
+	RA::DebugBuffer(LL_PER_CONNECTION, func_name, prefix, buf);
+}
+
+void RA::DebugBuffer(RA_Log_Level level, const char *func_name, const char *prefix, Buffer *buf)
+{
+    int i;
+    PRTime now;
+    const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+    char datetime[1024]; 
+    PRExplodedTime time;
+    BYTE *data = *buf;
+    int sum = 0;
+	PRThread *ct;
+
+    if ((m_debug_log == NULL) || (!m_debug_log->isOpen())) 
+        return;
+    if ((int) level >= m_debug_log_level)
+		return;
+    PR_Lock(m_debug_log_lock);
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+    ct = PR_GetCurrentThread();
+    m_debug_log->printf("[%s] %x %s - ", datetime, ct, func_name);
+    m_debug_log->printf("%s (length='%d')", prefix, buf->size());
+    m_debug_log->printf("\n");
+    m_debug_log->printf("[%s] %x %s - ", datetime, ct, func_name);
+    for (i=0; i<(int)buf->size(); i++) {
+        m_debug_log->printf("%02x ", (unsigned char)data[i]);
+        sum++; 
+	if (sum == 10) {
+    		m_debug_log->printf("\n");
+                m_debug_log->printf("[%s] %x %s - ", datetime, ct, func_name);
+                sum = 0;
+	}
+    }
+    m_debug_log->write("\n");
+    PR_Unlock(m_debug_log_lock);
+}
+
+TPS_PUBLIC void RA::Debug (const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::DebugThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::Debug (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::DebugThis(level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+
+
+void RA::DebugThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+
+ 	if ((m_debug_log == NULL) || (!m_debug_log->isOpen())) 
+		return;
+	if ((int) level >= m_debug_log_level)
+		return;
+	PR_Lock(m_debug_log_lock);
+	now = PR_Now();
+	ct = PR_GetCurrentThread();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	m_debug_log->printf("[%s] %x %s - ", datetime, ct, func_name);
+	m_debug_log->vfprintf(fmt, ap); 
+	m_debug_log->write("\n");
+	PR_Unlock(m_debug_log_lock);
+}
+
+TPS_PUBLIC void RA::Audit (const char *func_name, const char *fmt, ...)
+{ 
+        if (!RA::IsAuditEventSelected(func_name))
+            return;
+
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::AuditThis (LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+//	RA::DebugThis (LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::Audit (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+        if (!RA::IsAuditEventSelected(func_name))
+            return;
+
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::AuditThis (level, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis (level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+void RA::AuditThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+        char *message_p1 = NULL;
+        char *message_p2 = NULL;
+        int nbytes;
+        int status;
+
+        if (!m_audit_enabled) return;
+ 
+        if ((m_audit_log == NULL) || (!m_audit_log->isOpen()) || (m_audit_log_buffer == NULL))
+		return;
+	if ((int) level >= m_audit_log_level)
+		return;
+
+	PR_EnterMonitor(m_audit_log_monitor);
+	now = PR_Now();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	ct = PR_GetCurrentThread();
+
+        message_p1 = PR_smprintf("[%s] %x [AuditEvent=%s]", datetime, ct, func_name);
+	message_p2 = PR_vsmprintf(fmt, ap); 
+
+        /* write out the message first */
+        NSSUTF8 *audit_msg = PR_smprintf("%s%s\n", message_p1, message_p2);
+        nbytes = (unsigned) PL_strlen((const char*) audit_msg);
+        if ((m_bytes_unflushed + nbytes) >= m_buffer_size) {
+            FlushAuditLogBuffer();
+            status = m_audit_log->write(audit_msg); 
+            if (status != PR_SUCCESS) {
+                m_audit_log->get_context()->LogError( "RA::AuditThis",
+                      __LINE__,
+                      "AuditThis: Failure to write to the audit log.  Shutting down ..."); 
+                _exit(APEXIT_CHILDFATAL);
+            }
+
+            if (m_audit_signed) SignAuditLog(audit_msg);
+        } else {
+            PL_strcat(m_audit_log_buffer, audit_msg);
+            m_bytes_unflushed += nbytes; 
+        }
+
+        PR_Free(message_p1);
+        PR_Free(message_p2);
+
+        if (audit_msg)
+            PR_Free(audit_msg);
+
+        PR_ExitMonitor(m_audit_log_monitor);
+
+}
+
+TPS_PUBLIC void RA::FlushAuditLogBuffer()
+{
+    int status;
+
+    if (!m_audit_enabled) return;
+
+    PR_EnterMonitor(m_audit_log_monitor);
+    if ((m_bytes_unflushed > 0) && (m_audit_log_buffer != NULL) && (m_audit_log != NULL)) { 
+        status = m_audit_log->write(m_audit_log_buffer);
+        if (status != PR_SUCCESS) {
+            m_audit_log->get_context()->LogError( "RA::FlushAuditLogBuffer",
+                  __LINE__,
+                  "RA::FlushAuditLogBuffer: Failure to write to the audit log.  Shutting down ...");
+            _exit(APEXIT_CHILDFATAL);
+        }
+        if (m_audit_signed) {
+            SignAuditLog((NSSUTF8 *) m_audit_log_buffer);
+        }
+        m_bytes_unflushed=0;
+        PR_snprintf((char *) m_audit_log_buffer, m_buffer_size, "");
+    }
+    PR_ExitMonitor(m_audit_log_monitor);
+}
+
+TPS_PUBLIC void RA::SignAuditLog(NSSUTF8 * audit_msg)
+{
+    char *audit_sig_msg = NULL;
+    char sig[4096];
+    int status;
+
+    if (!m_audit_enabled) return;
+
+    PR_EnterMonitor(m_audit_log_monitor);
+    audit_sig_msg = GetAuditSigningMessage(audit_msg);
+    
+    if (audit_sig_msg != NULL) {
+        PR_snprintf(sig, 4096, "%s\n", audit_sig_msg);
+        status = m_audit_log->write(sig); 
+        if (status != PR_SUCCESS) {
+            m_audit_log->get_context()->LogError( "RA::SignAuditLog",
+                  __LINE__,
+                  "SignAuditLog: Failure to write to the audit log.  Shutting down ..");
+            _exit(APEXIT_CHILDFATAL);
+        }
+        if (m_last_audit_signature != NULL) {
+            PR_Free( m_last_audit_signature );
+        }
+        m_last_audit_signature = PL_strdup(audit_sig_msg);
+        m_audit_log->setSigned(true);
+        
+        PR_Free(audit_sig_msg);
+    }
+    PR_ExitMonitor(m_audit_log_monitor);
+}
+
+TPS_PUBLIC void RA::ra_free_values(struct berval **values) 
+{
+    free_values(values, 1);
+}
+     
+/* sign audit_msg and last signature 
+   returns char* - must be freed by caller */
+TPS_PUBLIC char * RA::GetAuditSigningMessage(const NSSUTF8 * audit_msg)
+{
+        PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024];
+        PRExplodedTime time;
+        PRThread *ct;
+        SECStatus rv;
+
+        SECItem signedResult;
+        NSSUTF8 *sig_b64 = NULL;
+        NSSUTF8 *out_sig_b64 = NULL;
+        SGNContext *sign_ctxt=NULL;
+        char *audit_sig_msg = NULL;
+        char sig[4096];
+
+        now = PR_Now();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+        PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+        ct = PR_GetCurrentThread();
+
+        if (m_audit_signed==true) {
+            sign_ctxt = SGN_NewContext(m_audit_signAlgTag, m_audit_signing_key);
+            if( SGN_Begin(sign_ctxt) != SECSuccess ) {
+                RA::Debug("RA:: SignAuditLog", "SGN_Begin failed");
+                goto loser;
+            }
+
+            if (m_last_audit_signature != NULL) {
+                RA::Debug("RA:: SignAuditLog", "m_last_audit_signature == %s",
+                       m_last_audit_signature);
+
+                PR_snprintf(sig, 4096, "%s\n", m_last_audit_signature);
+                rv = SGN_Update( (SGNContext*)sign_ctxt,
+                        (unsigned char *) sig, 
+                        (unsigned)PL_strlen((const char*)sig));
+                if (rv != SECSuccess) {
+                    RA::Debug("RA:: SignAuditLog", "SGN_Update failed");
+                    goto loser;
+                }
+
+            } else {
+                RA::Debug("RA:: SignAuditLog", "m_last_audit_signature == NULL");
+            }
+
+            /* make sign the UTF-8 bytes later */
+
+            if( SGN_Update( (SGNContext*)sign_ctxt,
+                        (unsigned char *) audit_msg,
+                        (unsigned)PL_strlen((const char*)audit_msg)) != SECSuccess) {
+                RA::Debug("RA:: SignAuditLog", "SGN_Update failed");
+                goto loser;
+            }
+
+            if( SGN_End(sign_ctxt, &signedResult) != SECSuccess) {
+                RA::Debug("RA:: SignAuditLog", "SGN_End failed");
+                goto loser;
+            }
+
+            sig_b64 = NSSBase64_EncodeItem(NULL, NULL, 0, &signedResult);
+            if (sig_b64 == NULL) {
+                RA::Debug("RA:: SignAuditLog", "NSSBase64_EncodeItem failed");
+                goto loser;
+            }
+
+            /* get rid of the carriage return line feed */
+            int sig_len = PL_strlen(sig_b64);
+            out_sig_b64 =  (char *) PORT_Alloc (sig_len);
+            if (out_sig_b64 == NULL) {
+                RA::Debug("RA:: SignAuditLog", "PORT_Alloc for out_sig_b64 failed");
+                goto loser;
+            }
+            int i = 0;
+            char *p = sig_b64;
+            for (i = 0; i< sig_len; i++, p++) {
+                if ((*p!=13) && (*p!= 10)) {
+                    out_sig_b64[i] = *p;
+                } else {
+                    i--;
+                    continue;
+                }
+            }
+
+            /*
+             * write out the signature
+             */
+            audit_sig_msg = PR_smprintf(AUDIT_SIG_MSG_FORMAT,
+                 datetime, ct, "AUDIT_LOG_SIGNING",
+                 "System", "Success", out_sig_b64);
+
+        }
+
+loser:
+        if (m_audit_signed==true) {
+            if (sign_ctxt)
+                SGN_DestroyContext(sign_ctxt, PR_TRUE);
+            if (sig_b64)
+                PR_Free(sig_b64);
+            if (out_sig_b64)
+                PR_Free(out_sig_b64);
+            if (&signedResult)
+                SECITEM_FreeItem(&signedResult, PR_FALSE);
+        }
+
+        return audit_sig_msg;
+} 
+
+TPS_PUBLIC void RA::SetFlushInterval(int interval)
+{
+    char interval_str[512];
+    int status;
+    char error_msg[512];
+
+    RA::Debug("RA::SetFlushInterval", "Setting flush interval to %d seconds", interval);
+    m_flush_interval = interval;
+
+    // Interrupt the flush thread to set new interval
+    // Get monitor so as not to interrupt the flush thread during flushing
+
+    PR_EnterMonitor(m_audit_log_monitor);
+    PR_Interrupt(m_flush_thread);
+    PR_ExitMonitor(m_audit_log_monitor);
+    
+    PR_snprintf((char *) interval_str, 512, "%d", interval);
+    m_cfg->Add(CFG_AUDIT_FLUSH_INTERVAL, interval_str);
+    status = m_cfg->Commit(false, error_msg, 512);
+    if (status != 0) {
+        RA::Debug("RA:SetFlushInterval", error_msg);
+    }
+}
+
+TPS_PUBLIC void RA::SetBufferSize(int size)
+{
+    char * new_buffer;
+    char size_str[512];
+    int status;
+    char error_msg[512];
+
+    RA::Debug("RA::SetBufferSize", "Setting buffer size to %d bytes", size);
+
+    PR_EnterMonitor(m_audit_log_monitor);
+    FlushAuditLogBuffer();
+    if (m_audit_log_buffer != NULL) {
+        new_buffer = (char *) PR_Realloc(m_audit_log_buffer, size);
+        m_audit_log_buffer = new_buffer;
+    } else {
+        m_audit_log_buffer = (char *) PR_Malloc(size);
+    }
+    m_buffer_size = size;
+    PR_ExitMonitor(m_audit_log_monitor);
+
+    PR_snprintf((char *) size_str, 512, "%d", size);
+    m_cfg->Add(CFG_AUDIT_BUFFER_SIZE, size_str);
+
+    status = m_cfg->Commit(false, error_msg, 512);
+    if (status != 0) {
+        RA::Debug("RA:SetFlushInterval", error_msg);
+    }
+}
+
+
+TPS_PUBLIC void RA::Error (const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::ErrorThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::Error (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::ErrorThis(level, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis(level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+void RA::ErrorThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+
+ 	if ((m_error_log == NULL) || (!m_error_log->isOpen()))
+		return;
+	if ((int) level >= m_error_log_level)
+		return;
+	PR_Lock(m_error_log_lock);
+	now = PR_Now();
+	ct = PR_GetCurrentThread();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	m_error_log->printf("[%s] %x %s - ", datetime, ct, func_name);
+	m_error_log->vfprintf(fmt, ap); 
+	m_error_log->write("\n");
+	PR_Unlock(m_error_log_lock);
+}
+
+TPS_PUBLIC void RA::SelfTestLog (const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::SelfTestLogThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis(LL_PER_SERVER, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+TPS_PUBLIC void RA::SelfTestLog (RA_Log_Level level, const char *func_name, const char *fmt, ...)
+{ 
+	va_list ap; 
+	va_start(ap, fmt); 
+	RA::SelfTestLogThis(level, func_name, fmt, ap);
+	va_end(ap); 
+	va_start(ap, fmt); 
+	RA::DebugThis(level, func_name, fmt, ap);
+	va_end(ap); 
+}
+
+void RA::SelfTestLogThis (RA_Log_Level level, const char *func_name, const char *fmt, va_list ap)
+{ 
+	PRTime now;
+        const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+        char datetime[1024]; 
+        PRExplodedTime time;
+	PRThread *ct;
+
+ 	if ((m_selftest_log == NULL) || (!m_selftest_log->isOpen()))
+		return;
+	if ((int) level >= m_selftest_log_level)
+		return;
+	PR_Lock(m_selftest_log_lock);
+	now = PR_Now();
+	ct = PR_GetCurrentThread();
+        PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+	PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+	m_selftest_log->printf("[%s] %x %s - ", datetime, ct, func_name);
+	m_selftest_log->vfprintf(fmt, ap); 
+	m_selftest_log->write("\n");
+	PR_Unlock(m_selftest_log_lock);
+}
+
+PublisherEntry *RA::getPublisherById(const char *publisher_id)
+{
+
+    PublisherEntry *cur = RA::publisher_list;
+
+    if(cur == NULL)
+    {
+         return NULL;
+    }
+
+    while(cur != NULL)
+    {
+       if(!strcmp(publisher_id,cur->id))
+       {
+           break;
+       }
+
+       cur = cur->next;
+    }
+
+    return cur;
+
+}
+
+int RA::InitializePublishers()
+
+{
+    RA::m_num_publishers = 0;
+
+    RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Attempting to load the configurable list of Publishers.", "");
+
+    const char *pub_prefix = "publisher.instance";
+    const char *pub_suffix = "publisherId"; 
+
+    const char *publisher_id = NULL;
+    const char *publisher_lib_name = NULL;
+    const char *publisher_lib_factory_name = NULL;
+
+    char config_str[500];
+
+    int i = -1;
+    int res = 0;
+
+    PublisherEntry *new_entry;
+
+    while(1)
+    {
+       i++;
+
+       PR_snprintf((char *)config_str, 256,"%s.%d.%s", pub_prefix,i,pub_suffix);
+       publisher_id = m_cfg->GetConfigAsString(config_str,NULL); 
+
+       if(publisher_id != NULL)
+       {
+           RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Found publisher id %s ", publisher_id);
+           PR_snprintf((char *)config_str, 256, "%s.%d.%s",pub_prefix,i,"libraryName");
+
+           publisher_lib_name = m_cfg->GetConfigAsString(config_str,NULL);
+
+           if(publisher_lib_name != NULL)
+           {
+              RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Found publisher lib name %s ", publisher_lib_name);
+              PR_snprintf((char *)config_str, 256, "%s.%d.%s",pub_prefix,i,"libraryFactory");
+
+              publisher_lib_factory_name = m_cfg->GetConfigAsString(config_str,NULL);
+
+             if(publisher_lib_factory_name)
+             {
+
+                 RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Found publisher lib factory name %s ", publisher_lib_factory_name);
+
+                 PRLibrary *pb  = PR_LoadLibrary(publisher_lib_name);
+
+                 if(pb)
+                 {
+                      void *sym = PR_FindSymbol(pb,publisher_lib_factory_name);
+
+                      if(sym == NULL)
+                      {
+
+                          RA::Error(LL_PER_PDU, "RA:InitializePublishers",
+                          "Failed to find symbol '%s' publisher %s error code: %d",publisher_lib_factory_name,publisher_lib_name,PR_GetError());
+
+                          RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to load publish library.", "");
+
+
+                          continue;
+                      }
+                      makepublisher make_pub = (makepublisher ) sym;
+
+                      IPublisher *publisher = (* make_pub )();
+
+                     if(publisher == NULL)
+                     {
+                       RA::Error(LL_PER_PDU, "RA:InitializePublishers",
+                           "Failed to initialize publisher %s error code: %d",publisher_lib_name,PR_GetError());
+                       RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to allocate Netkey publisher.", "");
+                       continue;
+                     }
+                     if(publisher)
+                     {
+                         res = publisher->init();
+                     }
+
+                     if(!res)
+                     {
+                         RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to initialize publisher %s.", publisher_lib_name);
+                         continue;                           
+                     } 
+
+                     new_entry = (PublisherEntry *) malloc(sizeof(PublisherEntry));
+
+                     if(new_entry == NULL)
+                     {
+
+                        RA::Debug(LL_PER_PDU, "RA::InitializePublishers: Failed to allocate PublisherEntry structure", "");
+
+                        break;
+
+                     }
+                     new_entry->id = strdup(publisher_id);
+                     new_entry->publisher = publisher;
+                     new_entry->publisher_lib = pb;
+
+                     if(RA::publisher_list == NULL)
+                     {
+                         RA::publisher_list = new_entry;
+                         new_entry->next = NULL;
+
+                     }
+
+                     else
+                     {
+                         PublisherEntry *cur = RA::publisher_list;
+
+                         while(cur->next != NULL)
+                         {
+                             cur= cur->next;
+                         }
+
+                         cur->next = new_entry;
+                         new_entry->next = NULL;
+
+                     }
+                         
+                     RA::m_num_publishers++;
+                     RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Successfully initialized publisher %s.", publisher_lib_name);
+                 }
+                 else
+                 {
+                     RA::Error(LL_PER_PDU, "RA:InitializePublishers",
+                        "Failed to open library %s error code: %d",publisher_lib_name,PR_GetError());
+
+                     RA::Debug(LL_PER_PDU, "RA::InitializePublishers"," Failed to load publish library.", "");
+
+                     continue;
+
+                 }
+             }
+             else
+             {
+                 continue;
+             }
+           }
+           else
+           {
+               continue;
+
+           }
+       }
+       else
+       {
+           break;
+       }
+    }
+
+    if(RA::m_num_publishers == 0)
+    {
+        RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Did not load any publisher libraries, possibly not configured for publishing. Server continues normally... ");
+        return 0;
+    }
+    else
+    {
+         RA::Debug(LL_PER_PDU, "RA::InitializePublishers:"," Loaded %d Publisher(s).", RA::m_num_publishers);
+
+         return 1;
+    }
+    
+}
+
+void RA::CleanupPublishers()
+{
+
+    if(RA::m_num_publishers == 0)
+      return;
+
+    RA::Debug(LL_PER_PDU, "RA::CleanupPublishers:"," Loaded %d publishers.", RA::m_num_publishers);
+
+    PublisherEntry *cur = RA::publisher_list;
+
+    if(cur == NULL)
+    {
+         return ;
+    }
+
+    while(cur != NULL)
+    {
+
+        PublisherEntry *next =cur->next;
+
+        if(cur)
+        {
+
+            RA::Debug(LL_PER_PDU, "RA::CleanupPublishers:"," Cleanup up publisher %s", cur->id);
+            if( cur->id != NULL)
+            {
+                 free( cur->id );
+                 cur->id = NULL;
+            }
+
+            if( cur->publisher != NULL ) {
+                delete cur->publisher;
+                cur->publisher = NULL;
+            }
+
+            if( cur->publisher_lib != NULL ) {
+                PR_UnloadLibrary( cur->publisher_lib );
+                cur->publisher_lib = NULL;
+            }
+
+            if( cur != NULL ) {
+                free( cur );
+                cur = NULL;
+            }
+
+            cur = next;
+
+        }
+    }
+
+  
+}
+
+int RA::InitializeHttpConnections(const char *id, int *len, HttpConnection **conn, RA_Context *ctx) {
+    char configname[256];
+    char connID[100];
+    CERTCertDBHandle *handle = 0;
+    int rc = 0;
+    int i=0;
+
+    *len = 0;
+
+    // Initialize each connection
+    while (1) {
+        i++;
+        PR_snprintf((char *)configname, 256, "conn.%s%d.hostport", id, i);
+        const char *host_port = m_cfg->GetConfigAsString(configname);
+        if (host_port == NULL) {
+            break;
+        }
+        ConnectionInfo *cinfo = new ConnectionInfo();
+        cinfo->BuildFailoverList(host_port);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.retryConnect", id, i);
+        int retries = m_cfg->GetConfigAsInt(configname, 3);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.timeout", id, i);
+        int timeout = m_cfg->GetConfigAsInt(configname, 10);
+        PR_snprintf((char *)connID, 100, "%s%d", id, i);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.clientNickname", id, i);
+        const char *clientnickname = m_cfg->GetConfigAsString(configname);
+
+        handle = CERT_GetDefaultCertDB();
+        if( handle == 0 ) {
+            ctx->InitializationError( "RA::InitializeHttpConnections",
+                                      __LINE__ );
+            rc = -1;
+            if (cinfo != NULL) { 
+                delete cinfo;
+                cinfo = NULL;
+            }
+            goto loser;
+        }
+
+        // (2) Since NSS has been initialized, verify the presence of the
+        //     specified certificate:
+        if( ( clientnickname != NULL ) &&
+            ( PL_strcmp( clientnickname, "" ) != 0 ) ) {
+            SelfTest::Initialize(m_cfg);
+
+            rc = SelfTest::runStartUpSelfTests(clientnickname);
+            if (rc != 0) goto loser;
+        } else {
+                RA::Error( LL_PER_SERVER,
+                           "RA::InitializeHttpConnections", 
+                           "An empty or missing %s certificate nickname "
+                           "was specified for connection %d!",
+                           id,
+                           i );
+                rc = -3;
+                if (cinfo != NULL) { 
+                    delete cinfo;
+                    cinfo = NULL;
+                }
+                goto loser;
+        }
+
+        PR_snprintf((char *)configname, 256, "conn.%s%d.SSLOn", id, i);
+        bool isSSL = m_cfg->GetConfigAsBool(configname, true);
+        PR_snprintf((char *)configname, 256, "conn.%s%d.keepAlive", id, i);
+        bool keepAlive = m_cfg->GetConfigAsBool(configname, true);
+        conn[*len] = new HttpConnection(connID, cinfo, retries, timeout, isSSL, clientnickname, keepAlive, NULL);
+        (*len)++;
+    }
+
+loser:
+
+    return rc;
+}
+
+int RA::InitializeTokendb(char *cfg_path)
+{
+    char *error    = NULL;
+    int status;
+
+    if (tokendbInitialized)
+      return 0;
+
+    RA::Debug("RA::InitializeTokendb", "config path = %s", cfg_path);
+
+    if (get_tus_db_config(cfg_path) != 1) {
+      RA::Debug("RA::InitializeTokendb", "get_tus_db_config failed");
+      return -1;
+    }
+
+    tokendbInitialized = 1;
+
+    RA::Debug("RA::InitializeTokendb", "Initializing TUS database");
+    if( ( status = tus_db_init( &error ) ) != LDAP_SUCCESS ) {
+        if( error != NULL ) {
+            RA::Debug( "RA::InitializeTokendb",
+                       "Token DB initialization failed: '%s'",
+                       error );
+            PR_smprintf_free( error );
+            error = NULL;
+        } else {
+            RA::Debug( "RA::InitializeTokendb",
+                       "Token DB initialization failed" );
+        }
+    }
+
+    return status;
+}
+
+TPS_PUBLIC void RA::update_signed_audit_selected_events(char *new_selected)
+{
+    char *tmp = NULL;
+    m_cfg->Add(CFG_AUDIT_SELECTED_EVENTS, new_selected);
+
+    tmp = m_signedAuditSelectedEvents;
+    m_signedAuditSelectedEvents = PL_strdup(new_selected);
+    PL_strfree(tmp);
+}
+
+TPS_PUBLIC void RA::update_signed_audit_enable(const char *enable)
+{
+   m_cfg->Add(CFG_AUDIT_ENABLE, enable);
+}
+
+
+TPS_PUBLIC void RA::update_signed_audit_log_signing(const char *enable)
+{
+   m_cfg->Add(CFG_AUDIT_SIGNED, enable);
+}
+
+TPS_PUBLIC int RA::setup_audit_log(bool enable_signing, bool signing_changed)
+{ 
+    int status =0;
+    PR_EnterMonitor(m_audit_log_monitor);
+
+    // get buffer if required
+    if (m_audit_log_buffer == NULL) {
+        m_audit_log_buffer = (char *) PR_Malloc(m_buffer_size);
+        if (m_audit_log_buffer == NULL) {
+            RA::Debug(LL_PER_PDU, "RA:: setup_audit_log", "Unable to allocate memory for audit log buffer ..");
+            goto loser;
+        }
+        PR_snprintf((char *) m_audit_log_buffer, m_buffer_size, "");
+        m_bytes_unflushed = 0;
+    }
+
+    // close old log file if signing config changed
+    if (signing_changed && m_audit_log !=NULL) {
+        RA::Debug(LL_PER_PDU, "RA::setup_audit_log","Closing old audit log file");
+        FlushAuditLogBuffer();
+        m_audit_log->shutdown();
+        delete m_audit_log;
+        m_audit_log = NULL;
+    }
+
+    // open new log file if required
+    if (m_audit_log == NULL) {
+        RA::Debug(LL_PER_PDU, "RA::setup_audit_log","Opening audit log file");
+        m_audit_log = GetLogFile(m_cfg->GetConfigAsString(CFG_AUDIT_FILE_TYPE, "LogFile"));
+        status = m_audit_log->startup(m_ctx, CFG_AUDIT_PREFIX,
+                                  m_cfg->GetConfigAsString((enable_signing)?
+                                  CFG_SIGNED_AUDIT_FILENAME:CFG_AUDIT_FILENAME,
+                                  "/tmp/audit.log"),
+                                  enable_signing);
+        if (status != PR_SUCCESS)
+           goto loser;
+
+        status = m_audit_log->open();
+        if (status != PR_SUCCESS)
+            goto loser;
+    }
+
+    // update variables and CS.cfg
+    m_audit_signed = enable_signing;
+    update_signed_audit_log_signing(enable_signing? "true":"false");
+
+    // initialize signing cert and flush thread, if needed
+    status = InitializeSignedAudit();
+    if (status != 0) {
+        RA::Debug(LL_PER_PDU, "RA::setup_audit_log","Failure in InitializeSignedAudit");
+        goto loser;
+    }
+
+    PR_ExitMonitor(m_audit_log_monitor);
+    return 0;
+
+    loser: 
+        RA::Debug(LL_PER_PDU, "RA::setup_audit_log","Failure in audit log setup");
+        PR_ExitMonitor(m_audit_log_monitor);
+        return -1;
+}
+
+TPS_PUBLIC void RA::enable_audit_logging(bool enable)
+{
+    m_audit_enabled = enable;
+    update_signed_audit_enable(enable? "true": "false");
+}
+
+
+TPS_PUBLIC int RA::ra_find_tus_certificate_entries_by_order_no_vlv (char *filter,
+  LDAPMessage **result, int order) 
+{
+    return find_tus_certificate_entries_by_order_no_vlv(filter, result, order);
+}
+
+TPS_PUBLIC int RA::ra_find_tus_certificate_entries_by_order (char *filter,
+  int max, LDAPMessage **result, int order) 
+{
+    return find_tus_certificate_entries_by_order(filter, max, result, order);
+}
+
+TPS_PUBLIC CERTCertificate **RA::ra_get_certificates(LDAPMessage *e) {
+    return get_certificates(e);
+}
+
+TPS_PUBLIC LDAPMessage *RA::ra_get_first_entry(LDAPMessage *e) {
+    return get_first_entry(e);
+}
+
+TPS_PUBLIC LDAPMessage *RA::ra_get_next_entry(LDAPMessage *e) {
+    return get_next_entry(e);
+}
+
+TPS_PUBLIC struct berval **RA::ra_get_attribute_values(LDAPMessage *e, const char *p) {
+    return get_attribute_values(e, p);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_id(LDAPMessage *e) {
+    return get_token_id(e);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_tokenType(LDAPMessage *entry) {
+    return get_cert_tokenType(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_status(LDAPMessage *entry) {
+    return get_token_status(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_cn(LDAPMessage *entry) {
+    return get_cert_cn(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_attr_byname(LDAPMessage *entry, const char *name) {
+    return get_cert_attr_byname(entry, name);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_status(LDAPMessage *entry) {
+    return get_cert_status(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_type(LDAPMessage *entry) {
+    return get_cert_type(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_serial(LDAPMessage *entry) {
+    return get_cert_serial(entry);
+}
+
+TPS_PUBLIC char *RA::ra_get_cert_issuer(LDAPMessage *entry) {
+    return get_cert_issuer(entry);
+}
+
+TPS_PUBLIC int RA::ra_tus_has_active_tokens(char *userid) {
+    return tus_has_active_tokens(userid);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_reason(LDAPMessage *msg) {
+    return get_token_reason(msg);
+}
+
+TPS_PUBLIC int RA::ra_get_number_of_entries(LDAPMessage *ldapResult) {
+    return get_number_of_entries(ldapResult);
+}
+
+TPS_PUBLIC int RA::ra_find_tus_token_entries_no_vlv(char *filter, 
+  LDAPMessage **ldapResult, int num) 
+{
+    return find_tus_token_entries_no_vlv(filter, ldapResult, num);
+}
+
+TPS_PUBLIC int RA::ra_find_tus_token_entries(char *filter, int maxReturns,
+  LDAPMessage **ldapResult, int num) 
+{
+    return find_tus_token_entries(filter, maxReturns, ldapResult, num);
+}
+
+TPS_PUBLIC int RA::ra_is_tus_db_entry_disabled(char *cuid)
+{
+   return is_tus_db_entry_disabled(cuid);
+}
+
+TPS_PUBLIC int RA::ra_is_token_present(char *cuid)
+{
+    return is_token_present(cuid);
+}
+
+TPS_PUBLIC int RA::ra_is_token_pin_resetable(char *cuid)
+{
+    return is_token_pin_resetable(cuid);
+}
+
+TPS_PUBLIC int RA::ra_is_update_pin_resetable_policy(char *cuid)
+{
+    return is_update_pin_resetable_policy(cuid);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_policy(char *cuid)
+{
+    return get_token_policy(cuid);
+}
+
+TPS_PUBLIC char *RA::ra_get_token_userid(char *cuid)
+{
+    return get_token_userid(cuid);
+}
+
+TPS_PUBLIC int RA::ra_update_token_policy(char *cuid, char *policy)
+{
+    return update_token_policy(cuid, policy);
+}
+
+TPS_PUBLIC int RA::ra_update_cert_status(char *cn, const char *status)
+{
+    return update_cert_status(cn, status);
+}
+
+TPS_PUBLIC int RA::ra_update_token_status_reason_userid(char *userid, char *cuid, const char *status, const char *reason, int modifyDateOfCreate)
+{
+    return update_token_status_reason_userid(userid, cuid, status, reason, modifyDateOfCreate);
+}
+
+TPS_PUBLIC int RA::ra_allow_token_reenroll(char *cuid)
+{
+    return allow_token_reenroll(cuid);
+}
+
+TPS_PUBLIC int RA::ra_allow_token_renew(char *cuid)
+{
+    return allow_token_renew(cuid);
+}
+
+TPS_PUBLIC int RA::ra_force_token_format(char *cuid)
+{
+    return force_token_format(cuid); 
+}
+
+TPS_PUBLIC void RA::ra_tus_print_integer(char *out, SECItem *data)
+{
+    tus_print_integer(out, data);
+}
+
+TPS_PUBLIC int RA::ra_delete_certificate_entry(LDAPMessage* e) 
+{
+   char *dn = get_dn(e);
+   int rc = LDAP_SUCCESS;
+
+   if (dn != NULL) {
+       rc = delete_tus_general_db_entry(dn);
+       if (rc != LDAP_SUCCESS) {
+           RA::Debug("RA::delete_certificate_entry", 
+                     "Failed to remove certificate entry: %s", dn);
+       }
+       PL_strfree(dn);
+       dn = NULL;
+   }
+   return rc;
+}
+
+int RA::tdb_activity(const char *ip, const char *cuid, const char *op, const char *result, const char *msg, const char *userid, const char *token_type)
+{
+  return add_activity(ip, cuid, op, result, msg, userid, token_type);
+}
+
+int RA::tdb_update_certificates(char* cuid, char **tokentypes, char *userid, CERTCertificate ** certificates, char **ktypes, char **origins, int numOfCerts)
+{
+    int rc = -1;
+    LDAPMessage  *ldapResult = NULL;
+    int k = 0;
+    char serialnumber[512];
+    char filter[512];
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    int i = 0;
+
+    if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) {
+	goto loser;
+    }
+
+     RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates","numOfCerts %d", numOfCerts);
+    /* update certificates */
+    for (i = 0; i < numOfCerts; i++) {
+      if (certificates[i] == NULL) {
+         RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+	      "no certificate found at index %d for tokendb entry: %s", i, cuid);
+      } else {
+         RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+	      "cert=%x", certificates[i]);
+	 
+	k++;
+      }
+    }
+
+    for (i = 0; i < numOfCerts; i++) {
+        if (certificates[i] != NULL) {
+            RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+	        "adding cert=%x", certificates[i]);
+
+            tus_print_integer(serialnumber, &(certificates[i])->serialNumber);
+            PR_snprintf(filter, 512, "tokenSerial=%s", serialnumber);
+
+            int r = find_tus_certificate_entries_by_order_no_vlv(filter, &result, 1);
+            RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+                "find_tus_certificate_entries_by_order_no_vlv returned %d", r);
+            bool found = false;
+            if (r == LDAP_SUCCESS) {
+                for (e = get_first_entry(result); e != NULL; e = get_next_entry(e)) {
+                    struct berval **values = get_attribute_values(e, "tokenID");
+                    if ((values == NULL) || (values[0] == NULL)) {
+                        RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates",
+                            "unable to get tokenid");
+                        if (values != NULL) { 
+                            ldap_value_free_len(values);
+                            values = NULL;
+                        }
+                        continue;
+                    }
+
+                    char *cn = get_cert_cn(e);
+                    if (PL_strcmp(cuid, values[0]->bv_val)== 0)  found = true;
+                    if (cn != NULL) {
+                        RA::Debug(LL_PER_PDU, "RA::tdb_update_certificates", "Updating cert status of %s to active in tokendb", cn);
+                        r = update_cert_status(cn, "active");
+                        if (r != LDAP_SUCCESS) {
+                            RA::Debug("RA::tdb_update_certificates", 
+                                      "Unable to modify cert status to active in tokendb: %s", cn);
+                        }
+                        PL_strfree(cn);
+                        cn = NULL;
+                    }
+ 
+                    ldap_value_free_len(values);
+                }
+
+                ldap_msgfree(result);
+            }
+            if (!found)
+                add_certificate(cuid, origins[i], tokentypes[i], userid, certificates[i], 
+                  ktypes[i], "active");
+        }
+    }
+loser: 
+    if (ldapResult != NULL) {
+        ldap_msgfree(ldapResult);
+    }
+    return rc;
+}
+
+/*
+ * This adds a brand new token entry to tus.
+ */
+int RA::tdb_add_token_entry(char *userid, char* cuid, const char *status, const char *token_type) {
+    int rc = -1;
+    int r = -1;
+    LDAPMessage  *ldapResult = NULL;
+
+    if (tokendbInitialized != 1) {
+      r = 0;
+      goto loser;
+    }
+
+    RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+	      "searching for tokendb entry: %s", cuid);
+
+    if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) {
+      /* create a new entry */
+      rc = add_default_tus_db_entry(userid, "~tps", cuid, status, NULL, NULL, token_type);
+      if (rc != LDAP_SUCCESS) {
+	RA::Error(LL_PER_PDU, "RA:tdb_add_token_entry",
+		  "failed to add tokendb entry");
+	r = -1;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+		  "add tokendb entry successful");
+	r = 0;
+        goto loser;
+    } else {
+      RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+		"entry in tokendb exists.");
+
+        // try to see if the userid is there
+        LDAPMessage *e = ra_get_first_entry(ldapResult);
+        struct berval **uid = ra_get_attribute_values(e, "tokenUserID");
+
+        if ((uid != NULL) && (uid[0] != NULL)) {
+            if (uid[0]->bv_val != NULL) {
+                if (strlen(uid[0]->bv_val) > 0 && strcmp(uid[0]->bv_val, userid) != 0) {
+                    ldap_value_free_len(uid);
+                    RA::Debug(LL_PER_PDU, "RA::tdb_add_token_entry",
+                          "This token does not belong to this user: %s", userid);
+                    r = -1;
+		    goto loser;
+                } else {
+                    if (strlen(uid[0]->bv_val) > 0 && strcmp(uid[0]->bv_val, userid) == 0) {
+                        ldap_value_free_len(uid);
+                        r = 0;
+			goto loser;
+                    }
+                }
+            }
+            ldap_value_free_len(uid);
+        }
+
+        // this is the recycled token, update userid and dateOfCreate
+        rc = ra_update_token_status_reason_userid(userid, cuid, status, "", 1);
+	r = rc;
+    }
+loser:
+    if (ldapResult != NULL) {
+	ldap_msgfree(ldapResult);
+    }
+    return r;
+}
+
+/*
+ * This adds entry to tokendb if entry not found
+ * It is then supposed to modify entry (not yet implemented)
+ */
+int RA::tdb_update(const char *userid, char* cuid, char* applet_version, char *key_info, const char *state, const char *reason, const char *token_type)
+{
+    int rc = -1;
+    LDAPMessage  *ldapResult = NULL;
+    //    char filter[255];
+
+    if (tokendbInitialized != 1) {
+	rc = 0;
+	goto loser;
+    }
+      
+
+    //    PR_snprintf(filter, 255, "(cn=%s)", cuid);
+    RA::Debug(LL_PER_PDU, "RA::tdb_update",
+	      "searching for tokendb entry: %s", cuid);
+
+    if ((rc = find_tus_db_entry(cuid, 0, &ldapResult)) != LDAP_SUCCESS) {
+      /* create a new entry */
+      rc = add_default_tus_db_entry(userid, "~tps", cuid, state, applet_version, 
+              key_info, token_type);
+      if (rc != LDAP_SUCCESS) {
+	RA::Error(LL_PER_PDU, "RA:tdb_update",
+		  "failed to add tokendb entry");
+	rc = -1;
+	goto loser;
+      } else
+	RA::Debug(LL_PER_PDU, "RA::tdb_update",
+		  "add tokendb entry successful");
+	rc = 0;
+    } else {
+      RA::Debug(LL_PER_PDU, "RA::tdb_update",
+		"entry in tokendb exists...should modify entry");
+
+      /* need code to modify things such as applet version ...*/
+      /* ldap modify code to follow...*/
+      rc =  update_tus_db_entry ("~tps", cuid, userid, key_info, state,
+                         applet_version, reason);
+    }
+loser:
+   if (ldapResult != NULL) {
+	ldap_msgfree(ldapResult);
+   }
+   return rc;
+}
+
+int RA::InitializeAuthentication() {
+    char configname[256];
+    const char *authid;
+    const char *type;
+    const char *authPrefix = "auth.instance";
+    const char *lib = NULL;
+    const char *libfactory = NULL;
+    int i=-1;
+    int rc=0;
+    // AuthenticationEntry *authEntry; 
+
+    while (1) {
+        i++;
+        PR_snprintf((char *)configname, 256, "%s.%d.authId", authPrefix, i);
+        authid = m_cfg->GetConfigAsString(configname, NULL);
+        if (authid != NULL) {
+            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+              "Found authentication id=%s", authid); 
+            PR_snprintf((char *)configname, 256, "%s.%d.libraryName", authPrefix, i);
+            lib = m_cfg->GetConfigAsString(configname, NULL);
+            if (lib != NULL) {
+                RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                  "Found authentication library=%s", lib); 
+                PR_snprintf((char *)configname, 256, "%s.%d.libraryFactory", authPrefix, i);
+                libfactory = m_cfg->GetConfigAsString(configname, NULL);
+                if (libfactory != NULL) {
+                    RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                      "Found authentication library factory=%s", libfactory); 
+                    PRLibrary *pb  = PR_LoadLibrary(lib);
+                    if (pb) {
+                        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", "Successfully loaded the library %s", lib);
+                        void *sym = PR_FindSymbol(pb, libfactory);
+                        if (sym == NULL) {
+                            RA::Error(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to find symbol '%s' in '%s' library, error code: %d", 
+                              libfactory, lib, PR_GetError());
+                            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to load the library symbol");
+                            continue;
+                        }
+                        makeauthentication make_auth = (makeauthentication)sym;
+                        Authentication *authentication = (*make_auth)();
+                        if (authentication == NULL) {
+                            RA::Error(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to create authentication instance with library %s, error code=%d.", 
+                              lib, PR_GetError()); 
+                            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                              "Failed to create authentication instance with library %s, error code=%d.", 
+                              lib, PR_GetError()); 
+                            continue;
+                        } else {
+                            authentication->Initialize(i);
+                            m_auth_list[m_auth_len] = new AuthenticationEntry();
+                            m_auth_list[m_auth_len]->SetId(authid);
+                            m_auth_list[m_auth_len]->SetLibrary(pb);
+                            m_auth_list[m_auth_len]->SetAuthentication(authentication);
+                            PR_snprintf((char *)configname, 256, "%s.%d.type", authPrefix, i);
+                            type = m_cfg->GetConfigAsString(configname, NULL);
+                            m_auth_list[m_auth_len]->SetType(type);
+                            RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication:",
+                              "Successfully initialized authentication %s.", lib);
+                        }
+                    } else {
+                        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                          "Failed to load the library %s: error=%d", lib, PR_GetError());
+                        continue;
+                    }
+                } else {
+                    RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                      "Failed to find the library factory %s", libfactory);
+                    continue;
+                }
+            } else {
+                RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+                  "Failed to find the library %s", lib);
+                continue;
+            }
+            m_auth_len++;
+        } else {
+            break;
+        }
+    }
+
+    if (m_auth_len == 0) {
+        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+          "No authentication module gets loaded, but server continues starting up...");
+        rc = -1;
+    } else {
+        RA::Debug(LL_PER_PDU, "RA::InitializeAuthentication", 
+          "Total number of authentication modules get loaded: %d", m_auth_len);
+    }
+
+    return rc;
+}
+
+int RA::Failover(HttpConnection *&conn, int len) {
+    int rc = 0;
+    if (m_pod_enable) {
+        PR_Lock(m_pod_lock);
+        if (++m_pod_curr >= len) 
+            m_pod_curr = 0;
+        HttpConnection *conn = NULL;
+        for (int i=0; i<m_caConns_len; i++) {
+            conn = m_caConnection[i];
+            RA::SetCurrentIndex(conn, m_pod_curr);
+            conn = m_drmConnection[i];
+            RA::SetCurrentIndex(conn, m_pod_curr);
+            conn = m_tksConnection[i];
+            RA::SetCurrentIndex(conn, m_pod_curr);
+        }
+        PR_Unlock(m_pod_lock);
+    } else {
+        if (conn != NULL) {
+            int curr = RA::GetCurrentIndex(conn);
+            if (++curr >= len)
+                curr = 0;
+            RA::SetCurrentIndex(conn, curr);
+        } else
+            rc = -1;
+    }
+    return rc;
+}
+
+TPS_PUBLIC SECCertificateUsage RA::getCertificateUsage(const char *certusage) {
+    SECCertificateUsage cu = -1;
+    if ((certusage == NULL) || *certusage == 0)
+         cu = certificateUsageCheckAllUsages;
+    else if (strcmp(certusage, "CheckAllUsages") == 0)
+         cu = certificateUsageCheckAllUsages;
+    else if (strcmp(certusage, "SSLServer") == 0)
+         cu = certificateUsageSSLServer;
+    else if (strcmp(certusage, "SSLServerWithStepUp") == 0)
+         cu = certificateUsageSSLServerWithStepUp;
+    else if (strcmp(certusage, "SSLClient") == 0)
+         cu = certificateUsageSSLClient;
+    else if (strcmp(certusage, "SSLCA") == 0)
+         cu = certificateUsageSSLCA;
+    else if (strcmp(certusage, "AnyCA") == 0)
+         cu = certificateUsageAnyCA;
+    else if (strcmp(certusage, "StatusResponder") == 0)
+         cu = certificateUsageStatusResponder;
+    else if (strcmp(certusage, "ObjectSigner") == 0)
+         cu = certificateUsageObjectSigner;
+    else if (strcmp(certusage, "UserCertImport") == 0)
+         cu = certificateUsageUserCertImport;
+    else if (strcmp(certusage, "ProtectedObjectSigner") == 0)
+         cu = certificateUsageProtectedObjectSigner;
+    else if (strcmp(certusage, "VerifyCA") == 0)
+         cu = certificateUsageVerifyCA;
+    else if (strcmp(certusage, "EmailSigner") == 0)
+         cu = certificateUsageEmailSigner;
+
+    return cu;
+}
+
+TPS_PUBLIC bool RA::verifySystemCertByNickname(const char *nickname, const char *certusage) {
+    SECStatus rv = SECFailure;
+    CERTCertDBHandle *certdb = CERT_GetDefaultCertDB();
+    if (certdb == NULL) {
+        RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "fatal error:%s", "cert db not found");
+        return false;
+    }
+    CERTCertificate *cert = NULL;
+    PR_ASSERT(certdb != NULL);
+    SECCertificateUsage cu = getCertificateUsage(certusage);
+    if (cu == -1) {
+        RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "error: invalid certificate usage %s for cert %s", (certusage !=NULL)? certusage:"", nickname);
+        return false;
+    }
+    SECCertificateUsage currUsage = 0;
+
+    cert = CERT_FindCertByNickname(certdb, nickname);
+    if (cert == NULL) {
+        RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "nickname not found:%s", 
+            nickname);
+    } else {
+        rv = CERT_VerifyCertificateNow(certdb, cert, true, cu , NULL, &currUsage);
+        /*
+         *  to find actual certificate usage, pass 0 as cu in above call
+         */
+        if (cu == certificateUsageCheckAllUsages) {
+            if (currUsage & certificateUsageSSLServer)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is SSLServer"); 
+            if (currUsage & certificateUsageSSLServerWithStepUp)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is SSLServerWithStepUp"); 
+            if (currUsage & certificateUsageSSLClient)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is SSLClient"); 
+            if (currUsage & certificateUsageAnyCA)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is AnyCA"); 
+            if (currUsage & certificateUsageSSLCA)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is SSLCA"); 
+            if (currUsage & certificateUsageEmailSigner)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is EmailSigner"); 
+            if (currUsage & certificateUsageStatusResponder)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is StatusResponder"); 
+            if (currUsage & certificateUsageObjectSigner)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is ObjectSigner"); 
+            if (currUsage & certificateUsageUserCertImport)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is UserCertImport"); 
+            if (currUsage & certificateUsageProtectedObjectSigner)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is ProtectedObjectSigner"); 
+            if (currUsage & certificateUsageVerifyCA)
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname", "cert is VerifyCA"); 
+
+            if (currUsage == 
+                /* 0x0b80 */
+                ( certUsageUserCertImport |
+                certUsageVerifyCA |
+                certUsageProtectedObjectSigner |
+                certUsageAnyCA )) { /* cert is good for nothing */
+
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname() failed:", "cert is good for nothing: %d %s", currUsage, nickname); 
+                rv = SECFailure;
+            } else {
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCertByNickname() passed:", "%s", nickname); 
+                rv = SECSuccess;
+            }
+        }
+    }
+
+    if (cert != NULL) {
+        CERT_DestroyCertificate(cert);
+    }
+    if (rv == SECSuccess)
+        return true;
+    else
+        return false;
+}
+
+/*
+ * tps.cert.list=sslserver,subsystem,audit_signing
+ * tps.cert.sslserver.nickname=xxx
+ * tps.cert.sslserver.certusage=SSLServer
+ * tps.cert.subsystem.nickname=xxx
+ * tps.cert.subsystem.certusage=SSLClient
+ * tps.cert.audit_signing.nickname=xxx
+ * tps.cert.audit_signing.certusage=ObjectSigner
+ */
+TPS_PUBLIC bool RA::verifySystemCerts() {
+    bool rv = false;
+    char configname[256];
+    char configname_nn[256];
+    char configname_cu[256];
+    char audit_msg[512]="";
+    const char *certList = NULL;
+    ConfigStore *store = RA::GetConfigStore();
+
+    PR_snprintf((char *)configname, 256, "tps.cert.list");
+    certList = store->GetConfigAsString(configname, NULL);
+    if (certList == NULL) {
+        RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+          "config not found:%s", configname);
+        PR_snprintf(audit_msg, 512, "%s undefined in CS.cfg", configname);
+        RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Failure", audit_msg);
+        return false;
+    } else {
+        char *certList_x = PL_strdup(certList);
+        RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+            "found cert list:%s", certList_x);
+        char *sresult = NULL;
+        char *lasts = NULL;
+        const char *nn = NULL;
+        const char *cu = NULL;
+
+        sresult = PL_strtok_r(certList_x, ",", &lasts);
+        while (sresult != NULL) {
+            PR_snprintf((char *)configname_nn, 256, "tps.cert.%s.nickname",
+                sresult);
+            nn = store->GetConfigAsString(configname_nn, NULL);
+            if ((nn == NULL) || *nn==0) {
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+                    "cert nickname not found for cert tag:%s", sresult);
+                PR_snprintf(audit_msg, 512, "%s undefined in CS.cfg", configname_nn);
+                RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Failure", audit_msg);
+                rv = false;
+                continue;
+            }
+            PR_snprintf((char *)configname_cu, 256, "tps.cert.%s.certusage",
+                sresult);
+            cu = store->GetConfigAsString(configname_cu, NULL);
+            if ((cu == NULL) || *cu==0) {
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+                    "certificate usage not found for cert tag:%s. Getting current certificate usage", sresult);
+            } else {
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+                    "found certificate usage:%s", cu);
+            }
+            RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+                "Verifying cert tag: %s, nickname:%s, certificate usage:%s"
+                    , sresult, nn, (cu!=NULL)? cu: "");
+
+            rv = verifySystemCertByNickname(nn, cu);
+            if (rv == true) {
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+                    "cert verification passed on cert nickname:%s", nn);
+                PR_snprintf(audit_msg, 512, "Certificate verification succeeded:%s",
+                    nn);
+                RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Success", audit_msg);
+            } else {
+                RA::Debug(LL_PER_SERVER, "RA::verifySystemCerts", 
+                    "cert verification failed on cert nickname:%s", nn);
+                PR_snprintf(audit_msg, 512, "Certificate verification failed:%s",
+                    nn);
+                RA::Audit(EV_CIMC_CERT_VERIFICATION, AUDIT_MSG_FORMAT, "System", "Failure", audit_msg);
+            }
+            sresult = PL_strtok_r(NULL, ",", &lasts);
+        }
+
+        if (certList_x != NULL) {
+            PL_strfree(certList_x);
+        }
+    }
+
+    return rv;
+}
diff --git a/pki/base/tps/src/httpClient/Cache.cpp b/pki/base/tps/src/httpClient/Cache.cpp
new file mode 100644
index 000000000..2ea628f8c
--- /dev/null
+++ b/pki/base/tps/src/httpClient/Cache.cpp
@@ -0,0 +1,496 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/**
+ * Simple cache implementation
+ */
+#include <string.h>
+#include <time.h>
+
+// NSS includes
+#include "pk11func.h"
+#include "hasht.h"
+
+// NSPR includes
+#include "nspr.h"
+#include "plhash.h"
+#include "plstr.h"
+#include "plbase64.h"
+
+// Always before PSCommonLib.h
+#define COMMON_LIB_DLL
+#include "httpClient/httpc/PSCommonLib.h"
+#include "httpClient/httpc/Defines.h"
+//-- #include "httpClient/httpc/PSError.h"
+#include "httpClient/httpc/Iterator.h"
+#include "httpClient/httpc/Cache.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+//-- #include "httpClient/httpc/ErrorLogger.h"
+
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+//-- static const char *DEBUG_MODULE = NULL;
+//-- static const char *DEBUG_CLASS_NAME = "StringKeyCache";
+
+// From the NSPR implementation of hashtables
+/* Compute the number of buckets in ht */
+#define NBUCKETS(ht)    (1 << (PL_HASH_BITS - (ht)->shift))
+
+
+/**
+ * Called from the destructor
+ */
+extern "C" {
+static PRIntn onCacheRelease( PLHashEntry* he, PRIntn index, void* arg );
+/**
+ * Called to allocate and return copies of keys
+ */
+static PRIntn getKeys( PLHashEntry* he, PRIntn index, void* arg );
+}
+
+/**
+ * Constructor
+ *
+ * @param key  Pointer to the key being cached
+ * @param data Pointer to the data being cached
+ */
+CacheEntry::CacheEntry( const char* key, void *data ) {
+    if( key != NULL ) {
+        m_key = strdup( key );
+    } else {
+        m_key = NULL; 
+    }
+    m_data = data;
+    // NSPR counts in microseconds
+    m_startTime = (time_t)(PR_Now() / 1000000);
+}
+
+/**
+ * Destructor
+ */
+CacheEntry::~CacheEntry() {
+    if( m_key != NULL ) {
+        free( m_key );
+        m_key = NULL;
+    }
+}
+
+/**
+ * Returns a pointer to the cached key
+ *
+ * @return A pointer to the cached key
+ */
+const char *CacheEntry::GetKey() {
+	return m_key;
+}
+
+/**
+ * Returns a pointer to the cached data
+ *
+ * @return A pointer to the cached data
+ */
+void *CacheEntry::GetData() {
+    return m_data;
+}
+
+
+/**
+ * Returns the time when the entry was created
+ *
+ * @return The time when the entry was created
+ */
+long CacheEntry::GetStartTime() {
+    return (long)m_startTime;
+}
+
+
+/**
+ * Default constructor
+ */
+Cache::Cache() {
+    m_cache = NULL;
+    m_cacheLock = NULL;
+}
+
+/**
+ * Constructor
+ *
+ * @param name of the cache
+ * @param ttl Time to live of each cache entry
+ * @param implicitLock true if the Cache is to do locking internally
+ * when required; false if the caller will take responsibility
+ */
+Cache::Cache( const char *name, int ttl, bool implicitLock ) {
+
+    Initialize( name, ttl, implicitLock );
+}
+
+/**
+ * Destructor
+ */
+Cache::~Cache() {
+
+    if( m_cacheLock ) {
+        PR_DestroyRWLock( m_cacheLock );
+        m_cacheLock = NULL;
+    }
+	if( m_cache ) {
+		PL_HashTableEnumerateEntries( m_cache, onCacheRelease, NULL );
+		PL_HashTableDestroy( m_cache );
+        m_cache = NULL;
+	}
+
+}
+
+/**
+ * Initializes the object - to be called from the constructor
+ *
+ * @param name of the cache
+ * @param ttl Time to live of each cache entry
+ * @param implicitLock true if the Cache is to do locking internally
+ * when required; false if the caller will take responsibility
+ */
+void Cache::Initialize( const char *name, int ttl, bool implicitLock ) {
+
+    if ( !m_cache ) {
+        m_implicitLock = implicitLock;
+        m_ttl = ttl;
+        m_cache = PL_NewHashTable( 0,
+                                   PL_HashString,
+                                   PL_CompareStrings,
+                                   PL_CompareValues,
+                                   NULL,
+                                   NULL
+            );
+        m_cacheLock	= PR_NewRWLock( PR_RWLOCK_RANK_NONE, name );
+        m_name = name;
+    }
+
+}
+
+/**
+ * Acquires a read lock on the cache. Multiple threads may simultaneously
+ * have a read lock, but attempts to acquire a read lock will block
+ * if another thread already has a write lock. It is illegal to request
+ * a read lock if the thread already has one.
+ */
+void Cache::ReadLock() {
+	PR_RWLock_Rlock( m_cacheLock );
+}
+
+/**
+ * Acquires a write lock on the cache. Only one thread may have a write
+ * lock at any given time; attempts to acquire a write lock will block
+ * if another thread already has one. It is illegal to request
+ * a write lock if the thread already has one.
+ */
+void Cache::WriteLock() {
+	PR_RWLock_Wlock( m_cacheLock );
+}
+
+/**
+ * Releases a read or write lock that the thread has on the cache
+ */
+void Cache::Unlock() {
+	PR_RWLock_Unlock( m_cacheLock );
+}
+
+/**
+ * Returns the number of entries in the cache
+ *
+ * @return The number of entries in the cache
+ */
+int Cache::GetCount() {
+    int nKeys = 0;
+    if ( m_implicitLock ) {
+        ReadLock();
+    }
+    nKeys = m_cache->nentries;
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+    return nKeys;
+}
+
+class KeyIterator : public Iterator {
+public:
+    /**
+     * Constructor
+     *
+     * @param ht A hashtable to iterate on
+     * @param cacheLock Lock for accessing the hashtable
+     * @param implictLock true if hashtable locking is to be done
+     * internally
+     */
+    KeyIterator( PLHashTable *ht, PRRWLock *cacheLock, bool implicitLock ) {
+        m_table = ht;
+        m_bucketIndex = 0;
+        m_entry = m_table->buckets[m_bucketIndex];
+        m_cacheLock = cacheLock;
+        m_implicitLock = implicitLock;
+    }
+
+    /**
+     * Destructor
+     */
+    virtual ~KeyIterator() {
+    }
+
+    /**
+     * Returns true if there is at least one more key
+     *
+     * @return true if there is at least one more key
+     */
+    bool HasMore() {
+        if ( NULL == m_entry ) {
+            Next();
+        }
+        return ( NULL != m_entry );
+    }
+
+   /**
+     * Returns the next key, if any; the key is deallocated by the Iterator
+     * in its destructor
+     *
+     * @return The next key, if any, or NULL
+     */
+    void *Next() {
+        PLHashEntry *he = m_entry;
+        m_entry = (m_entry != NULL) ? m_entry->next : NULL;
+        int nBuckets = NBUCKETS(m_table);
+        if ( m_implicitLock ) {
+            PR_RWLock_Rlock( m_cacheLock );
+        }
+        while ( (NULL == m_entry) && (m_bucketIndex < (nBuckets-1)) ) {
+            m_bucketIndex++;
+            m_entry = m_table->buckets[m_bucketIndex];
+        }
+        if ( m_implicitLock ) {
+            PR_RWLock_Unlock( m_cacheLock );
+        }
+        return ( he != NULL ) ? (void *)he->key : NULL;
+    }
+
+private:
+    PLHashTable *m_table;
+    PLHashEntry *m_entry;
+    int m_bucketIndex;
+	PRRWLock* m_cacheLock;
+    bool m_implicitLock;
+};
+
+/**
+ * Constructor
+ *
+ * @param name of the cache
+ * @param ttl Time to live of each cache entry
+ * @param implicitLock true if the Cache is to do locking internally
+ * when required; false if the caller will take responsibility
+ */
+StringKeyCache::StringKeyCache( const char *name, int ttl,
+                                bool implicitLock ) {
+
+    Initialize( name, ttl, implicitLock );
+
+}
+
+/**
+ * Destructor
+ */
+StringKeyCache::~StringKeyCache() {
+}
+
+/**
+ * Returns a cache entry
+ *
+ * @param key The name of the cache entry
+ * @return The corresponding cache entry, or NULL if not found
+ */
+CacheEntry *StringKeyCache::Get( const char *key ) {
+    // Avoid recursion when the debug log is starting up
+
+    if ( m_implicitLock ) {
+        ReadLock();
+    }
+	CacheEntry *entry =
+		(CacheEntry *)PL_HashTableLookupConst( m_cache, key );
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+	if ( entry && m_ttl ) {
+		// Check if the cache entry has expired
+        // NSPR counts in microseconds
+        time_t now = (time_t)(PR_Now() / 1000000);
+		if ( ((long)now - entry->GetStartTime()) > m_ttl ) {
+            if( key != NULL ) {
+                Remove( key );
+                key = NULL;
+            }
+            if( entry != NULL ) {
+                delete entry;
+                entry = NULL;
+            }
+			 // Avoid recursion when the debug log is starting up
+     		if ( PL_strcasecmp( m_name, "DebugLogModuleCache" ) ) {
+//--          		DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+//--          		logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//--                          "Get",
+                   RA::Debug( LL_PER_PDU,
+                              "StringKeyCache::Get: ",
+                              "Entry %s expired from cache %s",
+                              key,
+                              m_name ); 
+        	}
+		}
+    }
+
+	return entry;
+}
+
+/**
+ * Adds a cache entry
+ *
+ * @param key The name of the cache entry; an internal copy is made
+ * @param value The value of the cache entry
+ * @return The corresponding cache entry, or NULL if it couldn't be added
+ */
+CacheEntry *StringKeyCache::Put( const char *key, void *value ) {
+	CacheEntry *entry = new CacheEntry( key, value );
+    if ( m_implicitLock ) {
+        WriteLock();
+    }
+    PL_HashTableAdd( m_cache, entry->GetKey(), entry );
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+
+	return entry;
+}
+
+/**
+ * Removes a cache entry; does not free the entry object
+ *
+ * @param key The name of the cache entry
+ * @return The corresponding cache entry, or NULL if not found
+ */
+CacheEntry *StringKeyCache::Remove( const char *key ) {
+
+    if ( m_implicitLock ) {
+        WriteLock();
+    }
+	CacheEntry *entry =
+		(CacheEntry *)PL_HashTableLookupConst( m_cache, key );
+	if( entry ) {
+		PL_HashTableRemove( m_cache, key );
+	}
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+
+	return entry;
+}
+
+class KeyArray {
+public:
+    KeyArray( int nKeys ) {
+        m_nKeys = nKeys;
+        m_keys = new char *[m_nKeys];
+        m_currentKey = 0;
+    }
+    virtual ~KeyArray() {
+    }
+    int m_currentKey;
+    int m_nKeys;
+    char **m_keys;
+};
+
+/**
+ * Returns an iterator over keys in the cache
+ *
+ * @return An iterator over keys in the cache
+ */
+Iterator *StringKeyCache::GetKeyIterator() {
+    return new KeyIterator( m_cache, m_cacheLock, m_implicitLock );
+}
+
+/**
+ * Allocates and returns a list of keys in the cache
+ *
+ * @param keys Returns an array of names; each name and also the
+ * array itself are to be freed by the caller with delete
+ * @return The number of keys found
+ */
+int StringKeyCache::GetKeys( char ***keys ) {
+
+    int nKeys = GetCount();
+    if ( m_implicitLock ) {
+        ReadLock();
+    }
+    KeyArray keyArray( nKeys );
+    PL_HashTableEnumerateEntries( m_cache, getKeys, &keyArray );
+    if ( m_implicitLock ) {
+        Unlock();
+    }
+    if( ( keyArray.m_nKeys < 1 ) && keyArray.m_keys ) {
+        delete [] keyArray.m_keys;
+        keyArray.m_keys = NULL;
+    }
+    *keys = keyArray.m_keys;
+
+    return keyArray.m_nKeys;
+}
+
+/**
+ * Adds cache entry keys to an accumulator
+ */
+extern "C" {
+static PRIntn getKeys( PLHashEntry* he, PRIntn index, void* arg ) {
+	PRIntn result = HT_ENUMERATE_NEXT;
+	if ( he != NULL ) {
+		if ( he->key ) {
+            KeyArray *keys = (KeyArray *)arg;
+            int len = strlen( (char *)he->key );
+            int i = keys->m_currentKey;
+            keys->m_keys[i] = new char[len+1];
+            strcpy( keys->m_keys[i], (char *)he->key );
+            keys->m_currentKey++;
+		}
+	}
+	return result;
+}
+
+/**
+ * Frees keys of entries in cache; does not free values
+ */
+static PRIntn onCacheRelease( PLHashEntry* he, PRIntn index, void* arg ) {
+    PRIntn result = HT_ENUMERATE_NEXT;
+    if( he != NULL ) {
+        if( he->key != NULL ) {
+            free( (char *) he->key );
+            he->key = NULL;
+            result = HT_ENUMERATE_REMOVE;
+        }
+    }
+    return result;
+}
+} // extern "C"
diff --git a/pki/base/tps/src/httpClient/engine.cpp b/pki/base/tps/src/httpClient/engine.cpp
new file mode 100644
index 000000000..46efe42d3
--- /dev/null
+++ b/pki/base/tps/src/httpClient/engine.cpp
@@ -0,0 +1,727 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include "nspr.h"
+#include "sslproto.h"
+#include "prerror.h"
+
+#include "ssl.h"
+#include "nss.h"
+#include "pk11func.h"
+#include "cert.h"
+#include "certt.h"
+#include "sslerr.h"
+#include "secerr.h"
+
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "httpClient/httpc/Defines.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+char* certName = NULL;
+char* password = NULL;
+int ciphers[32];
+int cipherCount = 0;
+int _doVerifyServerCert = 1;
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "HttpEngine";
+
+PRIntervalTime Engine::globaltimeout = PR_TicksPerSecond()*30;
+
+static char * ownPasswd( PK11SlotInfo *slot, PRBool retry, void *arg) {
+	if (!retry) {
+       if( password != NULL ) {
+            return PL_strdup(password);
+       } else {
+            return PL_strdup( "httptest" );
+       }
+	} else {
+		return NULL;
+	}
+}
+
+/**
+ * Function: SECStatus myBadCertHandler()
+ * <BR>
+ * Purpose: This callback is called when the incoming certificate is not
+ * valid. We define a certain set of parameters that still cause the
+ * certificate to be "valid" for this session, and return SECSuccess to cause
+ * the server to continue processing the request when any of these conditions
+ * are met. Otherwise, SECFailure is return and the server rejects the 
+ * request.
+ */
+SECStatus myBadCertHandler( void *arg, PRFileDesc *socket ) {
+
+    SECStatus	secStatus = SECFailure;
+    PRErrorCode	err;
+
+    /* log invalid cert here */
+
+    if ( !arg ) {
+		return secStatus;
+    }
+
+    *(PRErrorCode *)arg = err = PORT_GetError();
+
+    /* If any of the cases in the switch are met, then we will proceed   */
+    /* with the processing of the request anyway. Otherwise, the default */	
+    /* case will be reached and we will reject the request.              */
+
+    switch (err) {
+    case SEC_ERROR_INVALID_AVA:
+    case SEC_ERROR_INVALID_TIME:
+    case SEC_ERROR_BAD_SIGNATURE:
+    case SEC_ERROR_EXPIRED_CERTIFICATE:
+    case SEC_ERROR_UNKNOWN_ISSUER:
+    case SEC_ERROR_UNTRUSTED_CERT:
+    case SEC_ERROR_CERT_VALID:
+    case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE:
+    case SEC_ERROR_CRL_EXPIRED:
+    case SEC_ERROR_CRL_BAD_SIGNATURE:
+    case SEC_ERROR_EXTENSION_VALUE_INVALID:
+    case SEC_ERROR_CA_CERT_INVALID:
+    case SEC_ERROR_CERT_USAGES_INVALID:
+    case SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION:
+	case SEC_ERROR_EXTENSION_NOT_FOUND: // Added by Rob 5/21/2002
+		secStatus = SECSuccess;
+	break;
+    default:
+		secStatus = SECFailure;
+	break;
+    }
+
+    return secStatus;
+}
+
+
+PRBool __EXPORT InitSecurity(char* certDir, char* certname, char* certpassword, char *prefix,int verify ) {
+    if (certpassword) {
+        password = PL_strdup(certpassword);
+	} else {
+        password = PL_strdup( "httptest" );
+    }
+    if (certname) {
+        certName = PL_strdup(certname);
+    }
+
+    SECStatus stat;
+	PR_Init( PR_USER_THREAD, PR_PRIORITY_NORMAL, 0 );
+     if (!NSS_IsInitialized()) { 
+        stat = NSS_Initialize( certDir, prefix, prefix,"secmod.db",
+									 NSS_INIT_READONLY);
+     } else {
+        stat = SECSuccess;
+        RA::Debug( LL_PER_PDU,
+                        "initSecurity: ",
+                        "NSS Already initialized" );
+
+    }
+
+    if (SECSuccess != stat) {
+		// int err = PR_GetError();
+        return PR_FAILURE;
+	}
+    PK11_SetPasswordFunc(ownPasswd);
+
+    stat = NSS_SetDomesticPolicy();
+    SSL_CipherPrefSetDefault( SSL_RSA_WITH_NULL_MD5, PR_TRUE );
+
+	_doVerifyServerCert = verify;
+
+
+     return PR_TRUE;
+}
+
+
+int ssl2Suites[] = {
+    SSL_EN_RC4_128_WITH_MD5,                    /* A */
+    SSL_EN_RC4_128_EXPORT40_WITH_MD5,           /* B */
+    SSL_EN_RC2_128_CBC_WITH_MD5,                /* C */
+    SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5,       /* D */
+    SSL_EN_DES_64_CBC_WITH_MD5,                 /* E */
+    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,           /* F */
+    0
+};
+
+int ssl3Suites[] = {
+    SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA,     /* a */
+    SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,          /* b */
+    SSL_RSA_WITH_RC4_128_MD5,                   /* c */
+    SSL_RSA_WITH_3DES_EDE_CBC_SHA,              /* d */
+    SSL_RSA_WITH_DES_CBC_SHA,                   /* e */
+    SSL_RSA_EXPORT_WITH_RC4_40_MD5,             /* f */
+    SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5,         /* g */
+    SSL_FORTEZZA_DMS_WITH_NULL_SHA,             /* h */
+    SSL_RSA_WITH_NULL_MD5,                      /* i */
+    SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,         /* j */
+    SSL_RSA_FIPS_WITH_DES_CBC_SHA,              /* k */
+    TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,        /* l */
+    TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,         /* m */
+    0
+};
+
+void disableAllCiphersOnSocket(PRFileDesc* sock) {
+    int i;
+    int numsuites = SSL_NumImplementedCiphers;
+
+    /* disable all the cipher suites for that socket */
+    for (i = 0; i<numsuites; i++) {
+        SSL_CipherPrefSet(sock, SSL_ImplementedCiphers[i], SSL_NOT_ALLOWED);
+    }
+}
+
+void __EXPORT EnableAllSSL3Ciphers(PRFileDesc* sock) {
+	int i =0;
+	while (ssl3Suites[i]) {
+        SSL_CipherPrefSet(sock, ssl3Suites[i], SSL_ALLOWED);
+	}
+}
+ 
+PRBool __EXPORT EnableCipher(const char* cipherString) {
+     int ndx;
+  
+     if (!cipherString) {
+        return PR_FALSE;
+	 }
+
+     while (0 != (ndx = *cipherString++)) {
+        int* cptr;
+        int cipher;
+
+        if (! isalpha(ndx)) {
+           continue;
+		}
+        cptr = islower(ndx) ? ssl3Suites : ssl2Suites;
+        for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; ) {
+			/* do nothing */;
+		}
+        ciphers[cipherCount++] = cipher;
+     }
+
+     return PR_TRUE;
+}
+
+SECStatus certcallback (
+    void *arg,
+    PRFileDesc *fd,
+    PRBool checksig,
+    PRBool isServer) {
+     return SECSuccess; // always succeed
+}
+
+/**
+ * Function: SECStatus myAuthCertificate()
+ * <BR>
+ * Purpose: This function is our custom certificate authentication handler.
+ * <BR>
+ * Note: This implementation is essentially the same as the default 
+ *       SSL_AuthCertificate().
+ */
+extern "C" {
+
+static SECStatus myAuthCertificate( void *arg,
+                             PRFileDesc *socket, 
+							 PRBool checksig,
+                             PRBool isServer ) {
+
+	SECCertUsage        certUsage;
+	CERTCertificate *   cert;
+	void *              pinArg;
+	char *              hostName = NULL;
+	SECStatus           secStatus = SECSuccess;
+//--	static const char *DEBUG_METHOD_NAME = "myAuthCertificate";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( "httpclient");
+
+	if ( !arg || !socket ) {
+		return SECFailure;
+	}
+
+	/* Define how the cert is being used based upon the isServer flag. */
+
+	certUsage = isServer ? certUsageSSLClient : certUsageSSLServer;
+
+	cert = SSL_PeerCertificate( socket );
+	
+	pinArg = SSL_RevealPinArg( socket );
+
+	// Skip the server cert verification fconditionally, because our test
+    // servers do not have a valid root CA cert.
+    if ( _doVerifyServerCert ) {
+
+        PRLock *verify_lock = RA::GetVerifyLock();
+        if (verify_lock == NULL) {
+		  return SECFailure;
+        }
+        PR_Lock(verify_lock);
+        /* This function is not thread-safe. So we need to use a global lock */
+        secStatus = CERT_VerifyCertNow( (CERTCertDBHandle *)arg,
+                                        cert,
+                                        checksig,
+                                        certUsage,
+                                        pinArg);
+        PR_Unlock(verify_lock);
+
+		if( SECSuccess != secStatus ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+	           if (cert == NULL) {	
+                        RA::Debug( LL_PER_PDU,
+                        "myAuthCertificate: ",
+                        "Server Certificate Not Found" );
+	           } else {
+			   if (cert->subjectName == NULL) {
+                        	RA::Debug( LL_PER_PDU,
+                        	"myAuthCertificate: ",
+                        	"Untrusted server certificate" );
+			   } else {
+                        	RA::Debug( LL_PER_PDU,
+                        	"myAuthCertificate: ",
+                        	"Untrusted server certificate error=%d subject='%s'", PORT_GetError(), cert->subjectName );
+			   }
+	           }
+		}
+    }
+
+	/* If this is a server, we're finished. */
+	if (isServer || secStatus != SECSuccess) {
+		return secStatus;
+	}
+
+	/* Certificate is OK.  Since this is the client side of an SSL
+	 * connection, we need to verify that the name field in the cert
+	 * matches the desired hostname.  This is our defense against
+	 * man-in-the-middle attacks.
+	 */
+
+	/* SSL_RevealURL returns a hostName, not an URL. */
+	hostName = SSL_RevealURL( socket );
+
+	if (hostName && hostName[0]) {
+		secStatus = CERT_VerifyCertName( cert, hostName );
+		if( SECSuccess != secStatus ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                 RA::Debug( LL_PER_PDU,
+                            "myAuthCertificate: ",
+                            "Server name does not match that in certificate" );
+		}
+	} else {
+		secStatus = SECFailure;
+//-- 		logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "myAuthCertificate: ",
+                       "server name has been specified" );
+	}
+
+    if( hostName != NULL ) {
+        PR_Free( hostName );
+        hostName = NULL;
+    }
+
+	return secStatus;
+}
+
+
+/* Function: SECStatus ownGetClientAuthData()
+ *
+ * Purpose: This callback is used by SSL to pull client certificate 
+ * information upon server request.
+ */
+static SECStatus ownGetClientAuthData(void *arg, PRFileDesc *socket,
+				    CERTDistNames *caNames,
+				    CERTCertificate **pRetCert,/*return */
+				    SECKEYPrivateKey **pRetKey) {
+    CERTCertificate *               cert = NULL;
+    SECKEYPrivateKey *              privKey = NULL;
+    void *                          proto_win = NULL;
+    SECStatus                       rv = SECFailure;
+    char *			    localNickName = (char *)arg;
+
+    proto_win = SSL_RevealPinArg(socket);
+   
+    if (localNickName) {
+        RA::Debug( LL_PER_PDU,
+                   "ownGetClientAuthData: ",
+                   "ownGetClientAuthData looking for nickname=%s",
+                   localNickName );
+     cert = PK11_FindCertFromNickname(localNickName, proto_win);
+        if (cert) {
+        RA::Debug( LL_PER_PDU,
+                   "ownGetClientAuthData: ",
+                   "ownGetClientAuthData found cert" );
+            privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privKey) {
+                RA::Debug( LL_PER_PDU,
+                           "ownGetClientAuthData: ",
+                           "ownGetClientAuthData found priv key for cert" );
+                    rv = SECSuccess;
+            } else {
+                    if( cert != NULL ) {
+                        CERT_DestroyCertificate( cert );
+                        cert = NULL;
+                    }
+            }
+        }
+        else {
+            RA::Debug( LL_PER_PDU,
+                       "ownGetClientAuthData: ",
+                       "ownGetClientAuthData did NOT find cert" );
+        }
+
+        if (rv == SECSuccess) {
+			*pRetCert = cert;
+			*pRetKey  = privKey;
+        }
+
+        // if( localNickName != NULL ) {
+        //     free( localNickName );
+        //     localNickName = NULL;
+        // }
+        return rv;
+    }
+    else {
+            RA::Debug( LL_PER_PDU,
+                       "ownGetClientAuthData: ",
+                       "ownGetClientAuthData does not have nickname" );
+    }
+
+    char* chosenNickName = certName ? (char *)PL_strdup(certName) : NULL;
+    if (chosenNickName) {
+        cert = PK11_FindCertFromNickname(chosenNickName, proto_win);
+        if (cert) {
+            privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+            if (privKey) {
+				rv = SECSuccess;
+            } else {
+                if( cert != NULL ) {
+                    CERT_DestroyCertificate( cert );
+                    cert = NULL;
+                }
+            }
+        }
+    } else {
+        /* no nickname given, automatically find the right cert */
+        CERTCertNicknames *     names;
+        int                     i;
+
+        names = CERT_GetCertNicknames(  CERT_GetDefaultCertDB(), 
+                                        SEC_CERT_NICKNAMES_USER,
+                                        proto_win);
+
+        if (names != NULL) {
+            for( i=0; i < names->numnicknames; i++ ) {
+                cert = PK11_FindCertFromNickname(names->nicknames[i],
+												 proto_win);
+                if (!cert) {
+                    continue;
+                }
+
+                /* Only check unexpired certs */
+                if (CERT_CheckCertValidTimes(cert, PR_Now(), PR_FALSE) != 
+					secCertTimeValid) {
+                    if( cert != NULL ) {
+                        CERT_DestroyCertificate( cert );
+                        cert = NULL;
+                    }
+                    continue;
+                }
+
+                rv = NSS_CmpCertChainWCANames(cert, caNames);
+
+                if (rv == SECSuccess) {
+                    privKey = PK11_FindKeyByAnyCert(cert, proto_win);
+                    if (privKey) {
+                        // got the key
+                        break;
+                    }
+
+                    // cert database password was probably wrong
+                    rv = SECFailure;
+                    break;
+                };
+            } /* for loop */
+            CERT_FreeNicknames(names);
+        } // names
+    } // no nickname chosen
+
+    if (rv == SECSuccess) {
+		*pRetCert = cert;
+		*pRetKey  = privKey;
+    }
+
+    if( chosenNickName != NULL ) {
+        free( chosenNickName );
+        chosenNickName = NULL;
+    }
+
+    return rv;
+}
+} // extern "C"
+
+void nodelay(PRFileDesc* fd) {
+    PRSocketOptionData opt;
+    PRStatus rv;
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = PR_FALSE;
+
+    rv = PR_GetSocketOption(fd, &opt);
+    if (rv == PR_FAILURE) {
+        return;
+    }
+
+    opt.option = PR_SockOpt_NoDelay;
+    opt.value.no_delay = PR_TRUE;
+    rv = PR_SetSocketOption(fd, &opt);
+    if (rv == PR_FAILURE) {
+        return;
+    }
+
+    return;
+}
+
+
+/**
+ * Returns a file descriptor for I/O if the HTTP connection is successful
+ * @param addr PRnetAddr structure which points to the server to connect to
+ * @param SSLOn boo;elan to state if this is an SSL client
+ */
+PRFileDesc * Engine::_doConnect(PRNetAddr *addr, PRBool SSLOn,
+								const PRInt32* cipherSuite, 
+                                PRInt32 count, const char *nickName,
+								PRBool handshake,
+								/*const SecurityProtocols& secprots,*/
+                                const char *serverName, PRIntervalTime timeout) {
+//--	static const char *DEBUG_METHOD_NAME = "doConnect";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( "httpclient");
+	PRFileDesc *tcpsock = NULL;
+	PRFileDesc *sock = NULL;
+
+    SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE);
+
+    tcpsock = PR_OpenTCPSocket(addr->raw.family);
+
+    if (nickName != NULL)
+        RA::Debug( LL_PER_PDU,
+                   "Engine::_doConnect: ",
+                   "_doConnect has nickname=%s",
+                   nickName );
+    else
+        RA::Debug( LL_PER_PDU,
+                   "Engine::_doConnect: ",
+                   "_doConnect has nickname=NULL" );
+
+    if (!tcpsock) {
+//-- 	    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                  DEBUG_METHOD_NAME,
+//XXXX log NSPR error code
+        RA::Debug( LL_PER_PDU,
+                   "Engine::_doConnect: ",
+                   "PR_OpenTCPSocket returned NULL" );
+        return NULL;
+    }
+
+    nodelay(tcpsock);
+
+    if (PR_TRUE == SSLOn) {
+        sock=SSL_ImportFD(NULL, tcpsock);
+        if (!sock) {
+            //xxx log
+            if( tcpsock != NULL ) {
+                PR_Close( tcpsock );
+                tcpsock = NULL;
+            }
+            return NULL;
+        }
+
+        int error = 0;
+        PRBool rv = SSL_OptionSet(sock, SSL_SECURITY, 1);
+        if ( SECSuccess == rv ) {
+			rv = SSL_OptionSet(sock, SSL_HANDSHAKE_AS_CLIENT, 1);
+		}
+        if ( SECSuccess == rv ) {
+			rv = SSL_OptionSet(sock, SSL_ENABLE_SSL3, PR_TRUE);
+		}
+        if ( SECSuccess == rv ) {
+			rv = SSL_OptionSet(sock, SSL_ENABLE_TLS, PR_TRUE);
+		}
+        if ( SECSuccess != rv ) {
+            error = PORT_GetError();
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "Engine::_doConnect: ",
+                       "SSL_OptionSet error: %d",
+                       error );
+            return NULL;
+		}
+
+		rv = SSL_GetClientAuthDataHook( sock,
+										ownGetClientAuthData,
+										(void*)nickName);
+        if ( SECSuccess != rv ) {
+            error = PORT_GetError();
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "Engine::_doConnect: ",
+                       "SSL_GetClientAuthDataHook error: %d",
+                       error );
+            return NULL;
+		}
+		
+        rv = SSL_AuthCertificateHook(sock,
+									 (SSLAuthCertificate)myAuthCertificate,
+									 (void *)CERT_GetDefaultCertDB()); 
+
+        if (rv != SECSuccess ) {
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+            return NULL;
+        }
+
+		PRErrorCode errCode = 0;
+
+        rv = SSL_BadCertHook( sock,
+							  (SSLBadCertHandler)myBadCertHandler,
+							  &errCode );
+		rv = SSL_SetURL( sock, serverName );
+
+		if (rv != SECSuccess ) {
+			error = PORT_GetError();
+            if( sock != NULL ) {
+                PR_Close( sock );
+                sock = NULL;
+            }
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                               "Engine::_doConnect: ",
+                               "SSL_SetURL error: %d",
+                               error );
+            return NULL;
+		}
+
+		//EnableAllSSL3Ciphers( sock);
+    } else {
+        sock = tcpsock;
+    }
+
+    RA::Debug( LL_PER_PDU,
+               "Engine::_doConnect: ",
+               "about to call PR_Connect, timeout =%d",
+               timeout );
+
+    if ( PR_Connect(sock, addr, timeout) == PR_FAILURE ) {
+//-- 	    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                  DEBUG_METHOD_NAME,
+             RA::Debug( LL_PER_PDU,
+                        "Engine::_doConnect: ",
+                        "PR_Connect error: %d Msg=%s",
+                        PR_GetError(),
+                        "XXX" );
+        if( sock != NULL ) {
+            PR_Close( sock );
+            sock = NULL;
+        }
+        return NULL;
+    }
+
+    return (sock);
+}
+
+/**
+ * Called from higher level to connect, sends a request 
+ * and gets a response as an HttpResponse object
+ *
+ * @param request Contains the entire request url + headers etc
+ * @param server Has the host, port, protocol info
+ * @param timeout Time in seconds to wait for a response
+ * @return The response body and headers
+ */
+PSHttpResponse * HttpEngine::makeRequest( PSHttpRequest &request, 
+										  const PSHttpServer& server,
+										  int timeout, PRBool expectChunked ) {
+    PRNetAddr addr;
+    PRFileDesc *sock = NULL;
+    PSHttpResponse *resp = NULL;
+
+    PRBool response_code = 0;
+
+	server.getAddr(&addr);
+
+	char *nickName = request.getCertNickName();
+
+	char *serverName = (char *)server.getAddr();
+    sock = _doConnect( &addr, request.isSSL(), 0, 0,nickName, 0, serverName );
+
+    if ( sock != NULL) {
+        PRBool status = request.send( sock );
+        if ( status ) {
+            resp = new PSHttpResponse( sock, &request, timeout, expectChunked );
+            response_code = resp->processResponse();
+
+            RA::Debug( LL_PER_PDU,
+                       "HttpEngine::makeRequest: ",
+                       "makeRequest response %d",
+                       response_code );
+
+            if(!response_code)
+            {
+                RA::Debug( LL_PER_PDU,
+                           "HttpEngine::makeRequest: ",
+                           "Deleting response because of FALSE return, returning NULL." );
+                if( resp != NULL ) {
+                    delete resp;
+                    resp = NULL;
+                }
+                if( sock != NULL ) {
+                    PR_Close( sock );
+                    sock = NULL;
+                }
+
+                return NULL;
+
+            }
+        }
+        if( sock != NULL ) {
+            PR_Close( sock );
+            sock = NULL;
+        }
+    }
+
+    return resp;
+}
diff --git a/pki/base/tps/src/httpClient/http.cpp b/pki/base/tps/src/httpClient/http.cpp
new file mode 100644
index 000000000..60ca48bf5
--- /dev/null
+++ b/pki/base/tps/src/httpClient/http.cpp
@@ -0,0 +1,307 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include <string.h>
+
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/response.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+//-- #include "httpClient/httpc/ErrorLogger.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "httpClient/httpc/Defines.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "PSHttpServer";
+
+/**
+ * Constructor
+ * @param addr The hostname:port of the server to connect to. The default
+ * port is 80
+ * @param af The protocol family like PR_AF_INET
+ */
+PSHttpServer::PSHttpServer(const char *addr, PRUint16 af) {
+    SSLOn = PR_FALSE;
+    PRUint16  port = 80;
+//--	static const char *DEBUG_METHOD_NAME = "Constructor";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    char *pPort;
+
+
+    _addr = NULL;
+//  if( _addr != NULL ) {
+//      PL_strfree( _addr );
+//      _addr = NULL;
+//  }
+
+    if (addr) {
+        _addr = PL_strdup(addr); 
+    }
+
+    pPort = PL_strchr(_addr, ':');
+    if (pPort) {
+        *pPort = '\0';
+        port = (PRUint16)  atoi(++pPort);
+    }
+
+    /* kludge for doing IPv6 tests on localhost */
+    if (!PL_strcmp(_addr, "ip6-localhost") && (af == PR_AF_INET6)) {
+         PL_strcpy(_addr, "::1");
+    }
+
+//    PR_InitializeNetAddr(PR_IpAddrNull, port, &_netAddr);
+
+    if (PR_StringToNetAddr(_addr, &_netAddr) == PR_FAILURE) {
+        char buf[2000];
+        PRHostEnt ent;
+
+        RA::Debug( LL_PER_PDU,
+                                   "PSHttpServer::PSHttpServer ",
+                                   " host %s port %d ",_addr,port );
+        PR_InitializeNetAddr(PR_IpAddrNull, port, &_netAddr);
+        if (PR_GetIPNodeByName(_addr, af, PR_AI_DEFAULT,
+							   buf, sizeof(buf), &ent) == PR_SUCCESS) {
+            PR_EnumerateHostEnt(0, &ent, port, &_netAddr);
+        } else {
+//-- 		    ErrorLogger::GetErrorLogger()->Log(
+//--                 LOGLEVEL_SEVERE, PR_GetError(),
+              RA::Debug( LL_PER_PDU,
+                         "PSHttpServer::PSHttpServer: ",
+                         "PR_GetIPNodeByName returned error %d [%s] for "
+                         "address %s",
+                         PR_GetError (),
+                         "XXX",
+                         addr );
+//-- 		    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpServer::PSHttpServer: ",
+                               "PR_GetIPNodeByName returned error %d [%s] for "
+                               "address %s",
+                               PR_GetError(),
+                               "XXX",
+                               addr );
+        }
+    }
+}
+
+/**
+ * Destructor of the Httpserver class 
+ */
+PSHttpServer::~PSHttpServer() {
+    if( _addr != NULL ) {
+        PL_strfree( _addr );
+        _addr = NULL;
+    }
+}
+
+/**
+ * Turns SSL on or off for the connection
+ * @param SSLstate PR_TRUE to make an SSL connection
+ */
+void PSHttpServer::setSSL(PRBool SSLstate) {
+  SSLOn = SSLstate;
+}
+
+/**
+ * Returns the current SSL state for this PSHttpServer object
+ * @return PR_TRUE if SSL is enabled else PR_FALSE
+ */
+PRBool PSHttpServer::isSSL() const {
+  return SSLOn;
+}
+
+/**
+ * Returns the IP address of the HTTP server
+ * @return IP address of the server as a long
+ */
+
+long PSHttpServer::getIp() const {
+    return _netAddr.inet.ip;
+}
+
+/**
+ * Returns the port for the HTTP server
+ * @return port of the server
+ */
+
+long PSHttpServer::getPort() const {
+    return (long)  PR_ntohs(_netAddr.inet.port);
+}
+
+/**
+ * Returns the server IP address as a string
+ * @return server address as string
+*/
+const char * PSHttpServer::getAddr() const {
+    return _addr;
+}
+
+/**
+ * Gets the server addr as a PR_NetAddr structure
+ * @param addr PR_netaddr struct in which server address is returned
+ */
+void PSHttpServer::getAddr(PRNetAddr *addr) const {
+    memcpy(addr, &_netAddr, sizeof(_netAddr));
+}
+
+/**
+ * Fets the protocol as string: "HTTP/1.0" "HTTP/1.1" etc
+ * @return Protocol string
+ */
+const char *HttpProtocolToString(HttpProtocol proto) {
+    switch(proto) {
+        case HTTP09:
+            return "";
+        case HTTP10:
+            return "HTTP/1.0";
+        case HTTP11:
+            return "HTTP/1.1";
+        case HTTPBOGUS:
+            return "BOGO-PROTO";
+        case HTTPNA:
+			return NULL;
+    }
+
+    return NULL;
+}
+
+/**
+* Constructor for HttpMessage. This is a base class for PSHttpRequest
+*/
+HttpMessage :: HttpMessage(long len, const char* buf) {
+    firstline = NULL;
+    cl = 0;
+    proto = HTTPNA;
+
+    // search for the first line
+    int counter=0;
+    PRBool found = PR_FALSE;
+    while ( ( (counter++<len) && (PR_FALSE == found) ) ) {
+        if (buf[counter] != '\n') {
+            continue;
+		}
+        found = PR_TRUE;
+    }
+
+    // extract the first line
+    if (PR_TRUE == found) {
+        firstline=new char[counter+1];
+        memcpy(firstline, buf, counter);
+        firstline[counter] = '\0';
+    }
+}
+
+HttpMessage :: ~HttpMessage() {
+    if( firstline != NULL ) {
+        delete firstline;
+        firstline = NULL;
+    }
+}
+
+/*SecurityProtocols :: SecurityProtocols(PRBool s2, PRBool s3, PRBool t)
+{
+    ssl2 = s2;
+    ssl3 = s3;
+    tls = t;
+};
+
+const SecurityProtocols& SecurityProtocols :: operator = (const RWTPtrSlist<char>& protlist)
+{
+    ssl2 = PR_FALSE;
+    ssl3 = PR_FALSE;
+    tls = PR_FALSE;
+    PRInt32 i;
+    for (i = 0;i<protlist.entries();i++)
+    {
+        if (0 == strcmp(protlist.at(i), "SSL2"))
+        {
+            ssl2 = PR_TRUE;
+        };
+        if (0 == strcmp(protlist.at(i), "SSL3"))
+        {
+            ssl3 = PR_TRUE;
+        };
+        if (0 == strcmp(protlist.at(i), "TLS"))
+        {
+            tls = PR_TRUE;
+        };
+    };
+    return *this;
+};
+
+const SecurityProtocols& SecurityProtocols :: operator = (const SecurityProtocols& rhs)
+{
+    ssl2 = rhs.ssl2;
+    ssl3 = rhs.ssl3;
+    tls = rhs.tls;
+    return *this;
+};
+*/
+
+
+PRBool PSHttpServer::putFile(const char* localFile,
+							 const char* remoteUri) const {
+    PSHttpRequest request(this, remoteUri, HTTP10, Engine::globaltimeout);
+    request.setMethod("PUT");
+    request.useLocalFileAsBody(localFile);
+
+    PRBool rv = _putFile(request);
+    return rv;
+}
+
+PRBool PSHttpServer::putFile(const char *uri, int size) const {
+    PSHttpRequest request(this, uri, HTTP10, Engine::globaltimeout);
+    request.setMethod("PUT");
+    request.addRandomBody(size);
+
+    PRBool rv = _putFile(request);;
+    return rv;
+}
+
+PRBool PSHttpServer::_putFile(PSHttpRequest& request) const {
+    HttpEngine engine;
+    PRBool rv = PR_TRUE;
+
+    PSHttpResponse* response = engine.makeRequest(request, *this);
+
+    if (response) {
+        int status = response->getStatus();
+        if (status == 200 || status == 201 || status == 204) {
+            rv = PR_TRUE;
+        } else {
+            rv = PR_FALSE;
+        }
+        if( response != NULL ) {
+            delete response;
+            response = NULL;
+        }
+    } else {
+        rv = PR_FALSE;
+	}
+    return rv;
+}
+
diff --git a/pki/base/tps/src/httpClient/httpClient.cpp b/pki/base/tps/src/httpClient/httpClient.cpp
new file mode 100644
index 000000000..7f4e9fff3
--- /dev/null
+++ b/pki/base/tps/src/httpClient/httpClient.cpp
@@ -0,0 +1,130 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "nspr.h"
+#include <sys/types.h>
+
+#include <stdio.h>
+#ifndef XP_WIN32
+#include <unistd.h>  /* sleep */
+#else /* XP_WIN32 */
+#include <windows.h>
+#endif /* XP_WIN32 */
+
+#include "main/Base.h"
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/engine.h"
+
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+/*
+ * httpSend: sends to an HTTP server
+ *   host_port should be in the for "host:port"
+ *     e.g. ca.fedora.redhat.com:1027
+ *   uri should contain uri including parameter values
+ *     e.g. https://ca.fedora.redhat.com:1027/ca/profileSubmitSSLClient?profileId=userKey&screenname=user1&publickey=YWJjMTIzCg
+ *   method has to be "GET" or "POST"
+ *   body is the HTTP body.  Can have nothing.
+ */
+PSHttpResponse *httpSend(char *host_port, char *uri, char *method, char *body)
+{
+    const char* nickname;
+    nickname = RA::GetConfigStore()->GetConfigAsString("ra.clientNickname", "");
+
+    char *pPort = NULL;
+    char *pPortActual = NULL;
+
+
+    char hostName[512];
+
+    /*
+     * Isolate the host name, account for IPV6 numeric addresses.
+     *
+     */
+
+    if(host_port)
+        strncpy(hostName,host_port,512);
+
+    pPort = hostName;
+    while(1)  {
+        pPort = strchr(pPort, ':');
+        if (pPort) {
+            pPortActual = pPort;
+            pPort++;
+        } else
+            break;
+    }
+
+    if(pPortActual)
+        *pPortActual = '\0';
+
+
+    /*
+    *  Rifle through the values for the host
+    */
+
+    PRAddrInfo *ai;
+    void *iter;
+    PRNetAddr addr;
+    int family = PR_AF_INET;
+
+    ai = PR_GetAddrInfoByName(hostName, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+    if (ai) {
+        printf("%s\n", PR_GetCanonNameFromAddrInfo(ai));
+        iter = NULL;
+        while ((iter = PR_EnumerateAddrInfo(iter, ai, 0, &addr)) != NULL) {
+            char buf[512];
+            PR_NetAddrToString(&addr, buf, sizeof buf);
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::httpSend: ",
+                           "Sending addr -- Msg='%s'\n",
+                           buf );
+            family = PR_NetAddrFamily(&addr);
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::httpSend: ",
+                           "Sending family -- Msg='%d'\n",
+                           family );
+            break;
+        }
+        PR_FreeAddrInfo(ai);
+        
+    }
+
+    PSHttpServer server(host_port, family);
+    server.setSSL(PR_TRUE);
+    // use "HTTP10" if no chunking
+    PSHttpRequest request( &server, uri, HTTP11, 0 );
+    request.setSSL(PR_TRUE);
+    request.setCertNickName(nickname);
+    request.setMethod(method);
+    if (body != NULL)
+        request.setBody( strlen(body), body);
+
+    // use with "POST" only
+    request.addHeader( "Content-Type", "text/xml" );
+    request.addHeader( "Connection", "keep-alive" );
+    HttpEngine engine;
+    PSHttpResponse *resp =  engine.makeRequest( request, server, 120 /*_timeout*/ , PR_TRUE /* expect chunked*/);
+
+    return resp;
+}
diff --git a/pki/base/tps/src/httpClient/nscperror.cpp b/pki/base/tps/src/httpClient/nscperror.cpp
new file mode 100644
index 000000000..38c722de2
--- /dev/null
+++ b/pki/base/tps/src/httpClient/nscperror.cpp
@@ -0,0 +1,358 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/* nscperrors.c
+ * Very crude error handling for nspr and libsec.
+ */
+
+#include "prerror.h"
+
+#define NSCP_NSPR_ERROR_BASE            (PR_NSPR_ERROR_BASE)
+#define NSCP_NSPR_MAX_ERROR             ((PR_MAX_ERROR) - 1)
+#define NSCP_LIBSEC_ERROR_BASE 		(-8192)
+#define NSCP_LIBSEC_MAX_ERROR           (NSCP_LIBSEC_ERROR_BASE + 118)
+#define NSCP_LIBSSL_ERROR_BASE 		(-12288)
+#define NSCP_LIBSSL_MAX_ERROR           (NSCP_LIBSSL_ERROR_BASE + 89)
+
+typedef struct nscp_error_t {
+    int errorNumber;
+    const char *errorString;
+} nscp_error_t;
+
+nscp_error_t nscp_nspr_errors[]  =  {
+    {  0, "Out of memory" },
+    {  1, "Bad file descriptor" },
+    {  2, "Data temporarily not available" },
+    {  3, "Access fault" },
+    {  4, "Invalid method" },
+    {  5, "Illegal access" },
+    {  6, "Unknown error" },
+    {  7, "Pending interrupt" },
+    {  8, "Not implemented" },
+    {  9, "IO error" },
+    { 10, "IO timeout error" },
+    { 11, "IO already pending error" },
+    { 12, "Directory open error" },
+    { 13, "Invalid Argument" },
+    { 14, "Address not available" },
+    { 15, "Address not supported" },
+    { 16, "Already connected" },
+    { 17, "Bad address" },
+    { 18, "Address already in use" },
+    { 19, "Connection refused" },
+    { 20, "Network unreachable" },
+    { 21, "Connection timed out" },
+    { 22, "Not connected" },
+    { 23, "Load library error" },
+    { 24, "Unload library error" },
+    { 25, "Find symbol error" },
+    { 26, "Insufficient resources" },
+    { 27, "Directory lookup error" },
+    { 28, "Invalid thread private data key" },
+    { 29, "PR_PROC_DESC_TABLE_FULL_ERROR" },
+    { 30, "PR_SYS_DESC_TABLE_FULL_ERROR" },
+    { 31, "Descriptor is not a socket" },
+    { 32, "Descriptor is not a TCP socket" },
+    { 33, "Socket address is already bound" },
+    { 34, "No access rights" },
+    { 35, "Operation not supported" },
+    { 36, "Protocol not supported" },
+    { 37, "Remote file error" },
+    { 38, "Buffer overflow error" },
+    { 39, "Connection reset by peer" },
+    { 40, "Range error" },
+    { 41, "Deadlock error" },
+    { 42, "File is locked" },
+    { 43, "File is too big" },
+    { 44, "No space on device" },
+    { 45, "Pipe error" },
+    { 46, "No seek on device" },
+    { 47, "File is a directory" },
+    { 48, "Loop error" },
+    { 49, "Name too long" },
+    { 50, "File not found" },
+    { 51, "File is not a directory" },
+    { 52, "Read-only filesystem" },
+    { 53, "Directory not empty" },
+    { 54, "Filesystem mounted" },
+    { 55, "Not same device" },
+    { 56, "Directory corrupted" },
+    { 57, "File exists" },
+    { 58, "Maximum directory entries" },
+    { 59, "Invalid device state" },
+    { 60, "Device is locked" },
+    { 61, "No more files" },
+    { 62, "End of file" },
+    { 63, "File seek error" },
+    { 64, "File is busy" },
+    { 65, "NSPR error 65" },
+    { 66, "In progress error" },
+    { 67, "Already initiated" },
+    { 68, "Group empty" },
+    { 69, "Invalid state" },
+    { 70, "Network down" },
+    { 71, "Socket shutdown" },
+    { 72, "Connect aborted" },
+    { 73, "Host unreachable" }
+};
+
+#if (PR_MAX_ERROR - PR_NSPR_ERROR_BASE) > 74
+// cfu temporarily get rid of the "#error NSPR error table is too small" error
+//#error NSPR error table is too small
+#endif
+
+nscp_error_t nscp_libsec_errors[] = {
+    {  0, "SEC_ERROR_IO - I/O Error" },
+    {  1, "SEC_ERROR_LIBRARY_FAILURE - Library Failure" },
+    {  2, "SEC_ERROR_BAD_DATA - Bad data was received" },
+    {  3, "SEC_ERROR_OUTPUT_LEN" },
+    {  4, "SEC_ERROR_INPUT_LEN" },
+    {  5, "SEC_ERROR_INVALID_ARGS" },
+    {  6, "SEC_ERROR_INVALID_ALGORITHM - Certificate contains invalid encryption or signature algorithm" },
+    {  7, "SEC_ERROR_INVALID_AVA" },
+    {  8, "SEC_ERROR_INVALID_TIME - Certificate contains an invalid time value" },
+    {  9, "SEC_ERROR_BAD_DER - Certificate is improperly DER encoded" },
+    { 10, "SEC_ERROR_BAD_SIGNATURE - Certificate has invalid signature" },
+    { 11, "SEC_ERROR_EXPIRED_CERTIFICATE - Certificate has expired" },
+    { 12, "SEC_ERROR_REVOKED_CERTIFICATE - Certificate has been revoked" },
+    { 13, "SEC_ERROR_UNKNOWN_ISSUER - Certificate is signed by an unknown issuer" },
+    { 14, "SEC_ERROR_BAD_KEY - Invalid public key in certificate." },
+    { 15, "SEC_ERROR_BAD_PASSWORD" },
+    { 16, "SEC_ERROR_UNUSED" },
+    { 17, "SEC_ERROR_NO_NODELOCK" },
+    { 18, "SEC_ERROR_BAD_DATABASE - Problem using certificate or key database" },
+    { 19, "SEC_ERROR_NO_MEMORY - Out of Memory" },
+    { 20, "SEC_ERROR_UNTRUSTED_ISSUER - Certificate is signed by an untrusted issuer" },
+    { 21, "SEC_ERROR_UNTRUSTED_CERT" },
+    { 22, "SEC_ERROR_DUPLICATE_CERT" },
+    { 23, "SEC_ERROR_DUPLICATE_CERT_TIME" },
+    { 24, "SEC_ERROR_ADDING_CERT" },
+    { 25, "SEC_ERROR_FILING_KEY" },
+    { 26, "SEC_ERROR_NO_KEY" },
+    { 27, "SEC_ERROR_CERT_VALID" },
+    { 28, "SEC_ERROR_CERT_NOT_VALID" },
+    { 29, "SEC_ERROR_CERT_NO_RESPONSE" },
+    { 30, "SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE" },
+    { 31, "SEC_ERROR_CRL_EXPIRED" },
+    { 32, "SEC_ERROR_CRL_BAD_SIGNATURE" },
+    { 33, "SEC_ERROR_CRL_INVALID" },
+    { 34, "SEC_ERROR_EXTENSION_VALUE_INVALID" },
+    { 35, "SEC_ERROR_EXTENSION_NOT_FOUND" },
+    { 36, "SEC_ERROR_CA_CERT_INVALID" },
+    { 37, "SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID" },
+    { 38, "SEC_ERROR_CERT_USAGES_INVALID" },
+    { 39, "SEC_INTERNAL_ONLY" },
+    { 40, "SEC_ERROR_INVALID_KEY" },
+    { 41, "SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION" },
+    { 42, "SEC_ERROR_OLD_CRL" },
+    { 43, "SEC_ERROR_NO_EMAIL_CERT" },
+    { 44, "SEC_ERROR_NO_RECIPIENT_CERTS_QUERY" },
+    { 45, "SEC_ERROR_NOT_A_RECIPIENT" },
+    { 46, "SEC_ERROR_PKCS7_KEYALG_MISMATCH" },
+    { 47, "SEC_ERROR_PKCS7_BAD_SIGNATURE" },
+    { 48, "SEC_ERROR_UNSUPPORTED_KEYALG" },
+    { 49, "SEC_ERROR_DECRYPTION_DISALLOWED" },
+    { 50, "XP_SEC_FORTEZZA_BAD_CARD" },
+    { 51, "XP_SEC_FORTEZZA_NO_CARD" },
+    { 52, "XP_SEC_FORTEZZA_NONE_SELECTED" },
+    { 53, "XP_SEC_FORTEZZA_MORE_INFO" },
+    { 54, "XP_SEC_FORTEZZA_PERSON_NOT_FOUND" },
+    { 55, "XP_SEC_FORTEZZA_NO_MORE_INFO" },
+    { 56, "XP_SEC_FORTEZZA_BAD_PIN" },
+    { 57, "XP_SEC_FORTEZZA_PERSON_ERROR" },
+    { 58, "SEC_ERROR_NO_KRL" },
+    { 59, "SEC_ERROR_KRL_EXPIRED" },
+    { 60, "SEC_ERROR_KRL_BAD_SIGNATURE" },
+    { 61, "SEC_ERROR_REVOKED_KEY" },
+    { 62, "SEC_ERROR_KRL_INVALID" },
+    { 63, "SEC_ERROR_NEED_RANDOM" },
+    { 64, "SEC_ERROR_NO_MODULE" },
+    { 65, "SEC_ERROR_NO_TOKEN" },
+    { 66, "SEC_ERROR_READ_ONLY" },
+    { 67, "SEC_ERROR_NO_SLOT_SELECTED" },
+    { 68, "SEC_ERROR_CERT_NICKNAME_COLLISION" },
+    { 69, "SEC_ERROR_KEY_NICKNAME_COLLISION" },
+    { 70, "SEC_ERROR_SAFE_NOT_CREATED" },
+    { 71, "SEC_ERROR_BAGGAGE_NOT_CREATED" },
+    { 72, "XP_JAVA_REMOVE_PRINCIPAL_ERROR" },
+    { 73, "XP_JAVA_DELETE_PRIVILEGE_ERROR" },
+    { 74, "XP_JAVA_CERT_NOT_EXISTS_ERROR" },
+    { 75, "SEC_ERROR_BAD_EXPORT_ALGORITHM" },
+    { 76, "SEC_ERROR_EXPORTING_CERTIFICATES" },
+    { 77, "SEC_ERROR_IMPORTING_CERTIFICATES" },
+    { 78, "SEC_ERROR_PKCS12_DECODING_PFX" },
+    { 79, "SEC_ERROR_PKCS12_INVALID_MAC" },
+    { 80, "SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM" },
+    { 81, "SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE" },
+    { 82, "SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE" },
+    { 83, "SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM" },
+    { 84, "SEC_ERROR_PKCS12_UNSUPPORTED_VERSION" },
+    { 85, "SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT" },
+    { 86, "SEC_ERROR_PKCS12_CERT_COLLISION" },
+    { 87, "SEC_ERROR_USER_CANCELLED" },
+    { 88, "SEC_ERROR_PKCS12_DUPLICATE_DATA" },
+    { 89, "SEC_ERROR_MESSAGE_SEND_ABORTED" },
+    { 90, "SEC_ERROR_INADEQUATE_KEY_USAGE" },
+    { 91, "SEC_ERROR_INADEQUATE_CERT_TYPE" },
+    { 92, "SEC_ERROR_CERT_ADDR_MISMATCH" },
+    { 93, "SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY" },
+    { 94, "SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN" },
+    { 95, "SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME" },
+    { 96, "SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY" },
+    { 97, "SEC_ERROR_PKCS12_UNABLE_TO_WRITE" },
+    { 98, "SEC_ERROR_PKCS12_UNABLE_TO_READ" },
+    { 99, "SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED" },
+    { 100, "SEC_ERROR_KEYGEN_FAIL" },
+    { 101, "SEC_ERROR_INVALID_PASSWORD" },
+    { 102, "SEC_ERROR_RETRY_OLD_PASSWORD" },
+    { 103, "SEC_ERROR_BAD_NICKNAME" },
+    { 104, "SEC_ERROR_NOT_FORTEZZA_ISSUER" },
+    { 105, "unused error" },
+    { 106, "SEC_ERROR_JS_INVALID_MODULE_NAME" },
+    { 107, "SEC_ERROR_JS_INVALID_DLL" },
+    { 108, "SEC_ERROR_JS_ADD_MOD_FAILURE" },
+    { 109, "SEC_ERROR_JS_DEL_MOD_FAILURE" },
+    { 110, "SEC_ERROR_OLD_KRL" },
+    { 111, "SEC_ERROR_CKL_CONFLICT" },
+    { 112, "SEC_ERROR_CERT_NOT_IN_NAME_SPACE" },
+    { 113, "SEC_ERROR_KRL_NOT_YET_VALID" },
+    { 114, "SEC_ERROR_CRL_NOT_YET_VALID" },
+    { 115, "SEC_ERROR_CERT_STATUS_SERVER_ERROR" },
+    { 116, "SEC_ERROR_CERT_STATUS_UNKNOWN" },
+    { 117, "SEC_ERROR_CERT_REVOKED_SINCE" },
+    { 118, "SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE" }
+};
+
+nscp_error_t nscp_libssl_errors[] = {
+    {  0, "SSL_ERROR_EXPORT_ONLY_SERVER - client does not support high-grade encryption." },
+    {  1, "SSL_ERROR_US_ONLY_SERVER - client requires high-grade encryption which is not supported." },
+    {  2, "SSL_ERROR_NO_CYPHER_OVERLAP - no common encryption algorithm(s) with client." },
+    {  3, "SSL_ERROR_NO_CERTIFICATE - unable to find the certificate or key necessary for authentication." },
+    {  4, "SSL_ERROR_BAD_CERTIFICATE - unable to communicate securely wih peer: peer's certificate was rejected." },
+    {  5, "unused SSL error #5" },
+    {  6, "SSL_ERROR_BAD_CLIENT - protocol error." },
+    {  7, "SSL_ERROR_BAD_SERVER - protocol error." },
+    {  8, "SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE - unsupported certificate type." },
+    {  9, "SSL_ERROR_UNSUPPORTED_VERSION - client is using unsupported SSL version." },
+    { 10, "unused SSL error #10" },
+    { 11, "SSL_ERROR_WRONG_CERTIFICATE - the public key in the server's own certificate does not match its private key" },
+    { 12, "SSL_ERROR_BAD_CERT_DOMAIN - requested domain name does not match the server's certificate." },
+    { 13, "SSL_ERROR_POST_WARNING" },
+    { 14, "SSL_ERROR_SSL2_DISABLED - peer only supports SSL version 2, which is locally disabled" },
+    { 15, "SSL_ERROR_BAD_MAC_READ - SSL has received a record with an incorrect Message Authentication Code." },
+    { 16, "SSL_ERROR_BAD_MAC_ALERT - SSL has received an error indicating an incorrect Message Authentication Code." },
+    { 17, "SSL_ERROR_BAD_CERT_ALERT - SSL client cannot verify your certificate." },
+    { 18, "SSL_ERROR_REVOKED_CERT_ALERT - the server has rejected your certificate as revoked." },
+    { 19, "SSL_ERROR_EXPIRED_CERT_ALERT - the server has rejected your certificate as expired." },
+    { 20, "SSL_ERROR_SSL_DISABLED - cannot connect: SSL is disabled." },
+    { 21, "SSL_ERROR_FORTEZZA_PQG - cannot connect: SSL peer is in another Fortezza domain" },
+    { 22, "SSL_ERROR_UNKNOWN_CIPHER_SUITE - an unknown SSL cipher suite has been requested" },
+    { 23, "SSL_ERROR_NO_CIPHERS_SUPPORTED - no cipher suites are present and enabled in this program" },
+    { 24, "SSL_ERROR_BAD_BLOCK_PADDING" },
+    { 25, "SSL_ERROR_RX_RECORD_TOO_LONG" },
+    { 26, "SSL_ERROR_TX_RECORD_TOO_LONG" },
+    { 27, "SSL_ERROR_RX_MALFORMED_HELLO_REQUEST" },
+    { 28, "SSL_ERROR_RX_MALFORMED_CLIENT_HELLO" },
+    { 29, "SSL_ERROR_RX_MALFORMED_SERVER_HELLO" },
+    { 30, "SSL_ERROR_RX_MALFORMED_CERTIFICATE" },
+    { 31, "SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH" },
+    { 32, "SSL_ERROR_RX_MALFORMED_CERT_REQUEST" },
+    { 33, "SSL_ERROR_RX_MALFORMED_HELLO_DONE" },
+    { 34, "SSL_ERROR_RX_MALFORMED_CERT_VERIFY" },
+    { 35, "SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH" },
+    { 36, "SSL_ERROR_RX_MALFORMED_FINISHED" },
+    { 37, "SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER" },
+    { 38, "SSL_ERROR_RX_MALFORMED_ALERT" },
+    { 39, "SSL_ERROR_RX_MALFORMED_HANDSHAKE" },
+    { 40, "SSL_ERROR_RX_MALFORMED_APPLICATION_DATA" },
+    { 41, "SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST" },
+    { 42, "SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO" },
+    { 43, "SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO" },
+    { 44, "SSL_ERROR_RX_UNEXPECTED_CERTIFICATE" },
+    { 45, "SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH" },
+    { 46, "SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST" },
+    { 47, "SSL_ERROR_RX_UNEXPECTED_HELLO_DONE" },
+    { 48, "SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY" },
+    { 49, "SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH" },
+    { 50, "SSL_ERROR_RX_UNEXPECTED_FINISHED" },
+    { 51, "SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER" },
+    { 52, "SSL_ERROR_RX_UNEXPECTED_ALERT" },
+    { 53, "SSL_ERROR_RX_UNEXPECTED_HANDSHAKE" },
+    { 54, "SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA" },
+    { 55, "SSL_ERROR_RX_UNKNOWN_RECORD_TYPE" },
+    { 56, "SSL_ERROR_RX_UNKNOWN_HANDSHAKE" },
+    { 57, "SSL_ERROR_RX_UNKNOWN_ALERT" },
+    { 58, "SSL_ERROR_CLOSE_NOTIFY_ALERT - SSL peer has closed the connection" },
+    { 59, "SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT" },
+    { 60, "SSL_ERROR_DECOMPRESSION_FAILURE_ALERT" },
+    { 61, "SSL_ERROR_HANDSHAKE_FAILURE_ALERT" },
+    { 62, "SSL_ERROR_ILLEGAL_PARAMETER_ALERT" },
+    { 63, "SSL_ERROR_UNSUPPORTED_CERT_ALERT" },
+    { 64, "SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT" },
+    { 65, "SSL_ERROR_GENERATE_RANDOM_FAILURE" },
+    { 66, "SSL_ERROR_SIGN_HASHES_FAILURE" },
+    { 67, "SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE" },
+    { 68, "SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE" },
+    { 69, "SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE" },
+    { 70, "SSL_ERROR_ENCRYPTION_FAILURE" },
+    { 71, "SSL_ERROR_DECRYPTION_FAILURE" },
+    { 72, "SSL_ERROR_SOCKET_WRITE_FAILURE" },
+    { 73, "SSL_ERROR_MD5_DIGEST_FAILURE" },
+    { 74, "SSL_ERROR_SHA_DIGEST_FAILURE" },
+    { 75, "SSL_ERROR_MAC_COMPUTATION_FAILURE" },
+    { 76, "SSL_ERROR_SYM_KEY_CONTEXT_FAILURE" },
+    { 77, "SSL_ERROR_SYM_KEY_UNWRAP_FAILURE" },
+    { 78, "SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED" },
+    { 79, "SSL_ERROR_IV_PARAM_FAILURE" },
+    { 80, "SSL_ERROR_INIT_CIPHER_SUITE_FAILURE" },
+    { 81, "SSL_ERROR_SESSION_KEY_GEN_FAILURE" },
+    { 82, "SSL_ERROR_NO_SERVER_KEY_FOR_ALG" },
+    { 83, "SSL_ERROR_TOKEN_INSERTION_REMOVAL" },
+    { 84, "SSL_ERROR_TOKEN_SLOT_NOT_FOUND" },
+    { 85, "SSL_ERROR_NO_COMPRESSION_OVERLAP" },
+    { 86, "SSL_ERROR_HANDSHAKE_NOT_COMPLETED" },
+    { 87, "SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE" },
+    { 88, "SSL_ERROR_CERT_KEA_MISMATCH" },
+    { 89, "SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA - the CA that signed the client certificate is not trusted locally" }
+};
+
+#ifdef WIN32
+#define __EXPORT __declspec(dllexport)
+#else
+#define __EXPORT
+#endif
+
+__EXPORT const char* nscperror_lookup(int error)
+{
+    const char *errmsg;
+
+    if ((error >= NSCP_NSPR_ERROR_BASE) && (error <= NSCP_NSPR_MAX_ERROR)) {
+        errmsg = nscp_nspr_errors[error-NSCP_NSPR_ERROR_BASE].errorString;
+        return errmsg;
+    } else if ((error >= NSCP_LIBSEC_ERROR_BASE) &&
+        (error <= NSCP_LIBSEC_MAX_ERROR)) {
+        return nscp_libsec_errors[error-NSCP_LIBSEC_ERROR_BASE].errorString;
+    } else if ((error >= NSCP_LIBSSL_ERROR_BASE) &&
+        (error <= NSCP_LIBSSL_MAX_ERROR)) {
+        return nscp_libssl_errors[error-NSCP_LIBSSL_ERROR_BASE].errorString;
+    } else {
+        return (const char *)NULL;
+    }
+}
diff --git a/pki/base/tps/src/httpClient/request.cpp b/pki/base/tps/src/httpClient/request.cpp
new file mode 100644
index 000000000..629f74821
--- /dev/null
+++ b/pki/base/tps/src/httpClient/request.cpp
@@ -0,0 +1,431 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#include <string.h>
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "PSHttpRequest";
+
+/**
+ * Constructor
+ * @param server The server to send request to 
+ * @param uri The uri representing the request e.g /presence/start
+ * @param prot HTTP10 or HTTP11 .
+ * @param to Timeout ... ignore for now
+ */
+
+PSHttpRequest::PSHttpRequest(const PSHttpServer* server,
+							 const char *uri,
+							 HttpProtocol prot,
+							 PRIntervalTime to) :  NetRequest(server) {
+    //timeout = to;
+	timeout = PR_INTERVAL_NO_TIMEOUT;
+    _method = PL_strdup("GET");
+    _uri = PL_strdup(uri);
+    _proto = prot;
+    _body = NULL;
+    _bodyLength = -1;
+    _expectedResponseLength = -1;
+    _expectStandardBody = PR_FALSE;
+    _expectDynamicBody = PR_FALSE;
+    _hangupOk = PR_FALSE;
+	_fileFd = NULL;
+	nickName = NULL;
+	_headers = new StringKeyCache("request",10*60);
+}
+
+/**
+ * Destructor
+ *
+ */
+
+PSHttpRequest::~PSHttpRequest() {
+    if( _method != NULL ) {
+        PL_strfree( _method );
+        _method = NULL;
+    }
+    if( _uri != NULL ) {
+        PL_strfree( _uri );
+        _uri = NULL;
+    }
+    if( nickName != NULL ) {
+        PL_strfree( nickName );
+        nickName = NULL;
+    }
+    if( _fileFd != NULL ) {
+        PR_Close( _fileFd );
+        _fileFd = NULL;
+    }
+    if( _headers != NULL ) {
+        delete _headers;
+        _headers = NULL;
+    }
+}
+
+/**
+ * sets the request method for Http protocol
+ * @param method GET /POST etc
+ *
+ */
+
+PRBool PSHttpRequest::setMethod(const char *method) {
+    if( _method != NULL ) {
+        free( _method );
+        _method = NULL;
+    }
+    _method = PL_strdup(method);
+    return PR_TRUE;
+}
+
+void PSHttpRequest::setExpectedResponseLength(int size) {
+    _expectedResponseLength = size;
+}
+
+void PSHttpRequest::setExpectStandardBody() {
+    _expectStandardBody = PR_TRUE;
+}
+
+void PSHttpRequest::setExpectDynamicBody() {
+    _expectDynamicBody = PR_TRUE;
+}
+
+PRBool PSHttpRequest::getExpectStandardBody() {
+    return _expectStandardBody;
+}
+
+PRBool PSHttpRequest::getExpectDynamicBody() {
+    return _expectDynamicBody;
+}
+
+int PSHttpRequest::getExpectedResponseLength() {
+    return _expectedResponseLength;
+}
+
+/**
+ * Returns the method to use
+ *
+ * @return GET /POST etc
+ */
+
+char * PSHttpRequest::getMethod() {
+    return _method;
+}
+
+/**
+ * Returns HTTP0 or HTTP11
+ */
+HttpProtocol HttpMessage::getProtocol() const {
+    return proto;
+}
+
+/**
+ * Adds an HTTP header to the request
+ *
+ * @param name header name
+ * @param value  header value
+ */
+PRBool PSHttpRequest::addHeader(const char *name, const char *value) {
+    char *dvalue = PL_strdup(value);
+    CacheEntry *entry = _headers->Put(name,dvalue);
+	if (entry == NULL ) {
+        if( dvalue != NULL ) {
+            PL_strfree( dvalue );
+            dvalue = NULL;
+        }
+		return PR_FALSE;
+	} else {
+		return PR_TRUE;
+	}
+}
+
+/**
+ * Gets the value for a header for this HTTP request object
+ *
+ * @param name Name of the header
+ * @return The value of the header in the request object
+ */
+
+const char * PSHttpRequest::getHeader(const char *name) {
+    CacheEntry *entry = _headers->Get(name);
+	return entry ? (char *)entry->GetData() : NULL;
+}
+
+/**
+ * Sets the body of a POST message
+ *
+ * @param size Content length
+ * @param body Content of the message; it is not copied
+ * @return PR_TRUE if the Content-length header can be set
+ */
+PRBool PSHttpRequest::setBody(int size, const char* body) {
+    char byteStr[12];
+
+    sprintf(byteStr, "%d", size);
+    if (!addHeader("Content-length", byteStr)) {
+        return PR_FALSE;
+	}
+
+    _bodyLength = size;
+    _body = (char *)body;
+
+    return PR_TRUE;
+}
+
+PRBool PSHttpRequest::addRandomBody(int size) {
+    char byteStr[12];
+
+    sprintf(byteStr, "%d", size);
+    if (!addHeader("Content-length", byteStr)) {
+        return PR_FALSE;
+	}
+
+    _bodyLength = size;
+
+    return PR_TRUE;
+}
+
+PRBool PSHttpRequest::useLocalFileAsBody(const char* fileName) {
+    PRBool res  = PR_FALSE;
+    PRFileInfo finfo;
+	if (PR_GetFileInfo(fileName, &finfo) == PR_SUCCESS) {
+		res = PR_TRUE;
+		char byteStr[25];
+		sprintf(byteStr, "%d", finfo.size);
+		if (!addHeader("Content-length", byteStr)) {
+			return PR_FALSE;
+		}
+		_bodyLength = finfo.size;
+		_fileFd = PR_Open(fileName, PR_RDONLY, 0);
+		if (!_fileFd) {
+			return PR_FALSE;
+		}
+    }
+
+    return PR_TRUE;
+}
+
+/**
+ * This function sends the HTTP request to the server. 
+ * @param sock - the connection onto which the request is to be sent
+ */
+
+PRBool PSHttpRequest::send( PRFileDesc *sock ) {
+    const char *hostname;
+//--	static const char *DEBUG_METHOD_NAME = "send";
+//-- 	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    PRBool rv = PR_FALSE;
+	if (!sock) {
+		return rv;
+	}
+
+    char *data = NULL;
+
+    if (_proto == HTTP11) {
+        hostname = getHeader("Host");
+
+        if (hostname == NULL) {
+            // long port = _server->getPort();
+
+            char address[100];
+            PR_snprintf(address, 100, "%s:%d", _server->getAddr(),
+              _server->getPort());
+            addHeader("Host", address);
+        }
+    }
+
+	// create the HTTP string "GET /presence/stop HTTP/1.0"
+    char *path = strstr( _uri, "//" );
+    if ( path ) {
+        path = strchr( path + 2, '/' );
+    }
+    if ( !path ) {
+        path = _uri;
+    }
+	data = PR_smprintf( "%s %s %s\r\n", _method, path,
+                        HttpProtocolToString(_proto) );
+
+    // Send HTTP headers
+	char **keys;
+	char *headerValue = NULL;
+	int nKeys = _headers->GetKeys( &keys );
+	for ( int i = 0 ; i < nKeys; i++ ) {
+		CacheEntry *entry = _headers->Get( keys[i] );
+		if (entry) {
+			headerValue =  (char *)entry->GetData();
+			//adds the headers name: value
+			data = PR_sprintf_append(data,"%s: %s\r\n",keys[i],headerValue);
+            if( headerValue != NULL ) {
+                PL_strfree( headerValue );
+                headerValue = NULL;
+            }
+		}
+        entry = _headers->Remove(keys[i]);
+        if( entry != NULL ) {
+            delete entry;
+            entry = NULL;
+        }
+        if( keys[i] != NULL ) {
+            delete [] ( keys[i] );
+            keys[i] = NULL;
+        }
+    }
+    if( keys != NULL ) {
+        delete [] keys;
+        keys = NULL;
+    }
+
+    // Send terminator
+	data = PR_sprintf_append(data,"\r\n");
+
+	int len = PL_strlen(data);
+	//send the data ..
+	int bytes = PR_Send(sock, data, len, 0, timeout);
+    if( data != NULL ) {
+        PR_smprintf_free( data );
+        data = NULL;
+    }
+	if ( bytes != len ) {
+//-- 	    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpRequest::send: ",
+                           "Error sending request -- PR_Send returned(%d) Msg=%s\n",
+                           PR_GetError(),
+                           "XXX" );
+        return PR_FALSE;
+    }
+
+    if ( _fileFd ) {
+        // Send body from file
+		PRInt32 bytesSent = PR_TransmitFile(sock, _fileFd, 0, 0, 
+											PR_TRANSMITFILE_KEEP_OPEN, 
+											timeout);
+		if ( bytesSent < 0 ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpRequest::send: ",
+                               "Error sending request\n" );
+			return PR_FALSE;
+		}
+    } else if (_bodyLength > 0) {
+        // Send internally stored body
+        char *allocated = NULL;
+        if ( !_body ) {
+            // Send a generated pattern
+            _body = allocated = new char[_bodyLength];
+            for ( int index = 0; index < _bodyLength; index++ ) {
+				_body[index] = (unsigned char)(index %256);
+            }
+        }
+        int sentBytes = 0;
+        char *toSend = _body;
+        for ( int i = _bodyLength; i > 0; i -= sentBytes ) {
+            sentBytes = PR_Send( sock, toSend, i, 0, timeout );
+            if ( sentBytes < 0 ) {
+//--                 logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                              DEBUG_METHOD_NAME,
+                      RA::Debug( LL_PER_PDU,
+                                 "PSHttpRequest::send: ",
+                                 "Error sending request in PR_Send\n" );
+                return PR_FALSE;
+            }
+            toSend += sentBytes;
+        }
+        if ( allocated ) {
+            if( _body != NULL ) {
+                delete [] _body;
+                _body = NULL;
+            }
+        }
+    }
+
+    return PR_TRUE;
+}
+
+/**
+ * Sets the nickname for the client cert to be send to the server
+ * @param certName Nickname of the cert in the cert db
+ */
+void PSHttpRequest::setCertNickName(const char *certName) {
+	nickName = PL_strdup(certName);
+}
+
+/**
+ * Gets the nickname for the client cert
+ * @return certName Nickname of the cert in the cert db
+ */
+char * PSHttpRequest::getCertNickName() {
+	return nickName;
+}
+
+void PSHttpRequest::setHangupOk() {
+    _hangupOk = PR_TRUE;
+}
+
+PRBool PSHttpRequest::isHangupOk() {
+    return(_hangupOk);
+}
+
+
+/**
+ * returns PR_TRUE if ssl is enabled for this request
+ */
+PRBool NetRequest::isSSL() const {
+  return SSLOn;
+}
+
+/**
+ * enable/disable SSL for the request
+ */
+void NetRequest::setSSL(PRBool SSLstate) {
+  SSLOn=SSLstate;
+}
+
+/** 
+* Constructor for NetRequest class. This is a superclass of httprequest class
+* @param server The server to which the request is to be send
+*/
+NetRequest :: NetRequest(const PSHttpServer* server) {
+    _server = server;
+    timeout = Engine::globaltimeout;
+    SSLOn=PR_FALSE;
+    if (server)
+        SSLOn=server->isSSL();
+    handshake = PR_FALSE;
+    cipherCount = 0;
+    cipherSet = NULL;
+
+}
+
+/** 
+* Returns the current configured timeout
+*/
+PRIntervalTime NetRequest :: getTimeout() const {
+    return timeout;
+}
diff --git a/pki/base/tps/src/httpClient/response.cpp b/pki/base/tps/src/httpClient/response.cpp
new file mode 100644
index 000000000..89b900492
--- /dev/null
+++ b/pki/base/tps/src/httpClient/response.cpp
@@ -0,0 +1,1115 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+/**
+ * HTTP response handler
+ */
+
+#include <ctype.h>
+#include <string.h>
+#include <math.h>
+
+#include "nspr.h"
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/engine.h"
+//-- #include "httpClient/httpc/DebugLogger.h"
+#include "httpClient/httpc/PSPRUtil.h"
+#include "main/Memory.h"
+
+//-- static const char *DEBUG_MODULE = "httpclient";
+//-- static const char *DEBUG_CLASS_NAME = "PSHttpResponse";
+void printBuf(int , char* );
+
+/**
+ * Constructor. This class is used by  the HttpResponse class for reading and
+ * processing data from the socket
+ * @param socket The NSPR socket from which the response is expected
+ * @param size The size of the internal buffer to hold data
+ * @param timeout Timeout in seconds on receiving a response
+ */
+
+RecvBuf::RecvBuf( const PRFileDesc *socket, int size, int timeout ) {
+    _socket = socket;
+    _allocSize = size;
+    _buf = (char *)PR_Malloc(size);
+    _curPos = 0;
+    _curSize = 0;
+    _chunkedMode = PR_FALSE;
+    _currentChunkSize = _currentChunkBytesRead = 0;
+    _timeout = PR_TicksPerSecond() * timeout;
+    _content = NULL;
+}
+
+/**
+ * Destructor
+ */
+RecvBuf::~RecvBuf() {
+    if( _buf != NULL ) {
+        PR_Free( _buf );
+        _buf = NULL;
+    }
+}
+
+/**
+ * Reads the specified number of bytes from the socket and place it into the buffer
+ *
+ * @param socket The NSPR socket from which the response is expected
+ * @param size The size of the buffer
+ * @return PR_TRUE on success, otherwise PR_FALSE
+ */
+PRBool RecvBuf::_getBytes(int size) {
+//--     DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+    PRErrorCode pec;
+    _curPos = 0;
+
+    int num =1;
+    int i =0;
+    PRBool endChunk= PR_FALSE;
+    RA::Debug( LL_PER_PDU,
+               "RecvBuf::_getBytes: ",
+               "Start RecvBuf::_getBytes" );
+    // actual reading from the socket happens here
+    do {
+        num = PR_Recv( (PRFileDesc*)_socket, 
+                       &_buf[_curSize], 
+                       _allocSize-_curSize, 
+                       0, 
+                       _timeout );
+        RA::Debug( LL_PER_PDU,
+                   "RecvBuf::_getBytes: ",
+                   "num of bytes read from the socket=%d",
+                   num );
+        /*
+         * in chunked mode, ending chunk contains a 0 to begin
+         * loop through to see if it contains just 0 (skip carriage returns
+         * endChunk indicates possible end chunk.
+         */
+        if ((_chunkedMode == PR_TRUE) && (num < 10)) {
+            endChunk = PR_FALSE;
+
+            for (i=0; i< num; i++) {
+                if (endChunk == PR_TRUE) {
+                    if ((_buf[_curSize+i] == 13) || (_buf[_curSize+i] == 10))
+                        continue;
+                    else {
+                        endChunk = PR_FALSE;
+                        break; // not an endChunk
+                    }
+                } else { // endChunk==PR_FALSE
+                    if (_buf[_curSize+i] == '0') {
+                        RA::Debug( LL_PER_PDU,
+                                   "RecvBuf::_getBytes: ",
+                                   "may be chunked mode end chunk" );
+                        endChunk = PR_TRUE;
+                    } else if ((_buf[_curSize+i] == 13) || (_buf[_curSize+i] == 10))
+                        continue;
+                    else {
+                        endChunk = PR_FALSE;
+                        break; // not an endChunk
+                    }
+                }
+            } // for
+        }
+
+        if (num >0)
+            _curSize = _curSize+num;
+
+        if (_chunkedMode == PR_FALSE) {
+            if (getAllContent()) {
+                RA::Debug( LL_PER_PDU,
+                           "RecvBuf::_getBytes: ",
+                           "Already got all the content, no need to call PR_Recv again." );
+                break;
+            }
+        }
+
+        if (endChunk == PR_TRUE)
+            break;
+    } while (num > 0);
+
+    if (num <0) {
+        pec = PR_GetError();
+        RA::Debug( LL_PER_PDU,
+                   "RecvBuf::_getBytes: ",
+                   "error in pr_recv, err=%d",
+                   pec );
+    }
+
+    if ( _curSize <= 0 ) {
+        return PR_FALSE;
+    }
+	
+	_buf[_curSize] = '\0';
+//--     logger->Log( LOGLEVEL_FINEST, DEBUG_CLASS_NAME,
+//--                  "getBytes",
+
+    _content = (char *) PR_Malloc(_curSize+1);
+    if (_content == NULL) {
+	    return PR_FALSE;
+    }
+    memcpy((char*) _content, (const char *)_buf, _curSize+1);
+    _contentSize = _curSize +1;
+
+    RA::Debug(LL_PER_PDU, "RecvBuf::_getBytes",
+	      "buffer received with size %d follows:", _contentSize);
+    printBuf(_contentSize, _content);
+
+    return PR_TRUE;
+}
+
+int RecvBuf::getAllContent() {
+    //int result[10];
+    //int j=0;
+    //int k=0;
+    int number = 0;
+    for (int i=0; i<_curSize; i++) {
+        if (_buf[i] == '\r') {
+            if (i < (_curSize-3)) {
+                if (_buf[i+1] == '\n' && _buf[i+2] == '\r' 
+                  && _buf[i+3] == '\n') {
+                    // find content length
+// strcasestr may not be supported by Solaris
+//                    char *clen = strcasestr(_buf, "Content-length:");
+                    char *clen = strstr(_buf, "Content-Length:");
+                    if (clen != NULL) {
+                        clen = &clen[16];
+                        number = atoi(clen);
+/*
+                        while (1) {
+                            if ((number=Util::ascii2numeric(clen[j++])) >= 0) {
+                                result[k++] = number;
+                            } else {
+                                break;
+                            }
+                        }
+
+                        number = 0;
+                        for (int l=0; l<k; l++)
+                            number = (int)(number + result[l]*(float)pow((float)10, (float)k-l-1));
+*/
+                        RA::Debug( LL_PER_PDU,
+                                   "RecvBuf::getAllContent: ",
+                                   "content length number=%d",
+                                   number );
+                    }
+                    int remainingBytes = _curSize - (i+4);
+                    RA::Debug( LL_PER_PDU,
+                               "RecvBuf::getAllContent: ",
+                               "remainingbytes=%d",
+                               remainingBytes );
+                    if (remainingBytes == number) 
+                        return 1;
+                }
+            }
+        }
+    }
+
+    return 0;
+}
+
+void printBuf(int len, char* buf) {
+    RA::Debug(LL_PER_PDU, "response:printBuf",
+              "Buffer print begins");
+    RA::Debug(LL_PER_PDU, "response::printBuf",
+              "%s", buf);
+    RA::Debug(LL_PER_PDU, "response:printBuf",
+              "Buffer print end");
+    /*
+    int times = len/256;
+    if (len%256)
+        times++;
+    RA::Debug("response:printBuf",
+              "%d times", times);
+    RA::Debug("response:printBuf",
+              "attempting to print the whole buffer:");
+
+    int i;
+
+    for (i = 0; i< times; i++) {
+        char *temp;
+        temp = PL_strdup((char *)buf+i*256);
+        RA::Debug("response:printBuf",
+                  "%s", temp);
+    }
+    */
+}
+
+/**
+ * gets the next char from the buffer. If all the data in the buffer is read,
+ * read a chunk to the buffer
+ * @returns - the next char from the data
+ */
+char RecvBuf::_getChar() {
+    if (_curPos >= _curSize) {
+        if (!_getBytes(_allocSize)) {
+			/* bugscape #55624: Solaris RA exited 
+			   with a signal ABRT if we raised exception
+			   without handling it */
+			return -1; 
+			/* throw RecvBuf::EndOfFile(); */
+		}
+	}
+	
+    return _buf[_curPos++];
+}
+
+
+/**
+ * gets the next char from the buffer. If all the data in the buffer is read , 
+ * read a chunk to the buffer
+ * @returns - the next char from the data
+ */
+char RecvBuf::getChar() {
+    if (!_chunkedMode)
+        return _getChar();
+
+    else
+	{
+        if (_currentChunkSize == 0)
+		{
+            // read the chunk header
+            char ch, chunkStr[20];
+            int index = 0;
+          
+            while (!isspace(ch = _getChar()) )
+                chunkStr[index++] = ch;
+            chunkStr[index] = '\0';
+
+            sscanf((char *)chunkStr, "%x", (unsigned int *)(&_currentChunkSize));
+
+            if (ch != '\n')
+			{
+                char ch2 = _getChar();
+                if (ch != '\r' || ch2 != '\n')
+				{
+                    printf( "did not find CRLF after chunk");
+                }
+            }
+       
+            if (_currentChunkSize == 0)
+                return -1;
+
+            _currentChunkBytesRead = 1;
+            return _buf[_curPos++];
+        }
+        else
+			if (_currentChunkBytesRead < _currentChunkSize)
+			{
+				// read a byte from the chunk
+				_currentChunkBytesRead++;
+				return _getChar();
+			}
+			else
+			{
+				// read the chunk trailer
+				char ch1 = _getChar();
+				char ch2 = _getChar();
+				if (ch1 != '\r' || ch2 != '\n')
+				{
+					printf( "did not find CRLF after chunk");
+				};
+				_currentChunkSize = _currentChunkBytesRead = 0;
+				return getChar();
+			};
+    };
+
+}
+
+char *RecvBuf::get_content() {
+    return _content;
+}
+
+int RecvBuf::get_contentSize() {
+    return _contentSize;
+}
+
+/**
+ * Decrements the pointer to the internal buffer so that the next read would
+ * retrieve the last data again
+ */
+void RecvBuf::putBack() {
+    if (_curPos > 0) {
+        _curPos--;
+        if (_chunkedMode) {
+            _currentChunkBytesRead--;
+		}
+    }
+}
+
+/**
+ * Sets the chunked mode for reading data
+ * Not used now..
+ */
+void RecvBuf::setChunkedMode() {
+    _chunkedMode = PR_TRUE;
+    _currentChunkSize = _currentChunkBytesRead = 0;
+}
+
+/**
+ * Gets the timeout in seconds for reading
+ *
+ * @return The timeout in seconds for reading
+ */
+int RecvBuf::getTimeout() {
+    return _timeout / PR_TicksPerSecond();
+}
+
+
+Response::Response(const PRFileDesc *sock, NetRequest *request) {
+    _socket = sock;
+    _request = request;
+}
+
+/**
+ * Constructor
+ */
+
+PSHttpResponse::PSHttpResponse( const PRFileDesc *sock,
+                                PSHttpRequest *request,
+                                int timeout , PRBool expectChunked):
+    Response(sock, request) {
+    _request = request;
+    _proto = HTTPNA;
+    _protocol = NULL;
+	 retcode =0 ;
+    _statusNum = NULL;
+    _statusString = NULL;
+    _keepAlive = -1;
+    _connectionClosed = 0;
+    _bodyLength = -1;
+    _content = NULL;
+
+	_headers = new StringKeyCache("response",10*60);
+    _expectChunked = expectChunked;
+    _chunkedResponse = PR_FALSE;
+    _timeout = timeout;
+}
+
+PSHttpResponse::~PSHttpResponse() {
+    if( _protocol != NULL ) {
+        PL_strfree( _protocol );
+        _protocol = NULL;
+    }
+    if( _statusString != NULL ) {
+        PL_strfree( _statusString );
+        _statusString = NULL;
+    }
+    if( _statusNum != NULL ) {
+        PL_strfree( _statusNum );
+        _statusNum = NULL;
+    }
+	if (_headers) {
+		Iterator* iterator = _headers->GetKeyIterator();
+		while ( iterator->HasMore() ) {
+			const char* name = (const char*)iterator->Next();
+			CacheEntry* entry = _headers->Remove( name );
+			if ( entry ) {
+				char* value = (char*)entry->GetData();
+                if( value != NULL ) {
+                    PL_strfree( value );
+                    value = NULL;
+                }
+                if( entry != NULL ) {
+                    delete entry;
+                    entry = NULL;
+                }
+			}
+		}
+        if( iterator != NULL ) {
+            delete iterator;
+            iterator = NULL;
+        }
+        if( _headers != NULL ) {
+            delete _headers;
+            _headers = NULL;
+        }
+	}
+    _socket = 0;
+}
+
+long PSHttpResponse::getStatus() {
+    return _statusNum ? atoi(_statusNum) : 0;
+}
+
+int PSHttpResponse::getReturnCode() {
+	return retcode;
+}
+
+char * PSHttpResponse::getStatusString() {
+    return _statusString?_statusString:(char*)"";
+}
+
+HttpProtocol PSHttpResponse::getProtocol() {
+    // first check the response protocol
+    if (_proto == HTTPNA) {
+        if (_protocol) {
+            int major, minor;
+
+            sscanf(_protocol, "HTTP/%d.%d", &major, &minor);
+
+            switch(major) {
+			case 1:
+				switch(minor) {
+				case 0:
+					_proto = HTTP10;
+					break;
+				case 1:
+					_proto = HTTP11;
+					break;
+				}
+				break;
+            }
+        } else {
+            _proto = HTTP09;
+        }
+    }
+
+    if (_proto == HTTP11) {
+        // A 1.1 compliant server response shows the protocol as HTTP/1.1 even
+        // for a HTTP/1.0 request,  but it promises to only use HTTP/1.0 syntax.
+        if (_request->getProtocol() == HTTP10) {
+            _proto = HTTP10;
+		}
+    }
+
+    return _proto;
+};
+
+char * PSHttpResponse::getHeader(const char *name) {
+    CacheEntry *entry = _headers->Get(name);
+	return entry ? (char *)entry->GetData() : NULL;
+}
+
+int PSHttpResponse::getHeaders(char ***keys) {
+	
+	return _headers->GetKeys( keys );
+
+}
+
+long PSHttpResponse::getBodyLength() {
+    return _bodyLength;
+}
+
+char * PSHttpResponse::getContent() {
+    return _content;
+}
+
+void PSHttpResponse::freeContent() {
+    if( _content != NULL ) {
+        PR_Free( _content );
+        _content = NULL;
+    }
+}
+
+int PSHttpResponse::getContentSize() {
+
+    return _contentSize;
+}
+
+char *PSHttpResponse::toString() {
+    char *resp = (char *)"";
+    char **keys;
+    char *headerBuf = NULL;
+    int nHeaders = getHeaders( &keys );
+    if ( nHeaders > 0 ) {
+        char **values = new char*[nHeaders];
+        int len = 0;
+        int *keyLengths = new int[nHeaders];
+        int *valueLengths = new int[nHeaders];
+        int i;
+        for( i = 0; i < nHeaders; i++ ) {
+            keyLengths[i] = strlen( keys[i] );
+            len += keyLengths[i] + 1;
+            values[i] = getHeader(keys[i]);
+            valueLengths[i] = strlen( values[i] );
+            len += valueLengths[i] + 1;
+        }
+        headerBuf = new char[len + nHeaders * 2];
+        char *p = headerBuf;
+        for( i = 0; i < nHeaders; i++ ) {
+            strcpy( p, keys[i] );
+            p += keyLengths[i];
+            *p++ = ':';
+            strcpy( p, values[i] );
+            p += valueLengths[i];
+            *p++ = ',';
+        }
+        *p = 0;
+        for( i = 0; i < nHeaders; i++ ) {
+            if( keys[i] != NULL ) {
+                delete [] keys[i];
+                keys[i] = NULL;
+            }
+        }
+        if( keys != NULL ) {
+            delete [] keys;
+            keys = NULL;
+        }
+        if( values != NULL ) {
+            delete [] values;
+            values = NULL;
+        }
+        if( keyLengths != NULL ) {
+            delete [] keyLengths;
+            keyLengths = NULL;
+        }
+        if( valueLengths != NULL ) {
+            delete [] valueLengths;
+            valueLengths = NULL;
+        }
+    }
+
+    char *s = NULL;
+    if ( headerBuf ) {
+        s = PR_smprintf( "PSHttpResponse [%s\nbody bytes:%d]",
+                         headerBuf, _bodyLength );
+    } else {
+        s = PR_smprintf( "PSHttpResponse [body bytes:%d]", _bodyLength );
+    }
+    resp = new char[strlen(s) + 1];
+    strcpy( resp, s );
+    if( s != NULL ) {
+        PR_smprintf_free( s );
+        s = NULL;
+    }
+    return resp;
+}
+
+PRBool PSHttpResponse::checkKeepAlive() {
+    HttpProtocol proto;
+    const char *connectionHeader;
+//--	static const char *DEBUG_METHOD_NAME = "checkKeepAlive";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    if (_keepAlive < 0) {
+        proto = getProtocol();
+        if (proto == HTTP11) {
+            // default is connection: keep-alive
+            _keepAlive = 1;
+        } else {
+            // default is connection: close
+            //            _keepAlive = 0;
+            //CMS needs keepalive with HTTP10 (so no chunked encoding)
+            _keepAlive=1;
+        }
+
+        connectionHeader = _request->getHeader("connection");
+        if (connectionHeader) {
+            if (!PL_strcasecmp(connectionHeader, "keep-alive")) {
+                _keepAlive = 1;
+            } else if (!PL_strcasecmp(connectionHeader, "close")) {
+                _keepAlive = 0;
+            } else {
+//-- 			    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 							 DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpResponse::checkKeepAlive: ",
+					           "Unknown connection header" );
+			}
+        }
+    }
+
+    return (_keepAlive == 0?PR_FALSE:PR_TRUE);
+}
+
+PRBool PSHttpResponse::checkConnection() {
+    // return true if the connection is OPEN
+    return (_connectionClosed == 0?PR_TRUE:PR_FALSE);
+}
+
+
+int PSHttpResponse::_verifyStandardBody(RecvBuf &buf,
+										int expectedBytes,
+										PRBool check) {
+    int bytesRead = 0; 
+    int curPos = 0;
+    char ch;
+//--	static const char *DEBUG_METHOD_NAME = "_verifyStandardBody";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    while(expectedBytes > 0 ) {
+        ch = buf.getChar();
+        if (ch < 0 ) {
+			break;
+		}
+        // if check is true, we think we know what the content looks like
+        if ( check ) {
+            if (ch != (char) curPos%256) {
+//-- 			    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 							DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                          "PSHttpResponse::_verifyStandardBody: ",
+				          "Response data corrupt at byte %d (%d, %d)",
+                          curPos,
+                          ch,
+                          ( curPos % 256 ) );
+                check = PR_FALSE;
+                break;
+            }
+            curPos++;
+        }
+
+        bytesRead++;
+
+        if (expectedBytes > 0) {
+            expectedBytes--;
+		}
+    }
+
+    return bytesRead;
+}
+
+
+PRBool PSHttpResponse::_handleBody( RecvBuf &buf ) {
+    char *clHeader;      // content length header
+    char *teHeader;      // transfer-encoding header
+    int expected_cl=-1;  // expected content length
+//--	static const char *DEBUG_METHOD_NAME = "_handleBody";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+
+    teHeader = getHeader("transfer-encoding");
+    if (teHeader && !PL_strcasecmp(teHeader, "chunked")) {
+        _chunkedResponse = PR_TRUE;
+        buf.setChunkedMode();
+    } else {
+        _chunkedResponse = PR_FALSE;
+        clHeader = getHeader("Content-length");
+        if (clHeader) {
+             expected_cl =  atoi(clHeader);
+        }
+    }
+
+    if (_request->getExpectStandardBody()) {
+        _bodyLength = _verifyStandardBody(buf, expected_cl, PR_TRUE);
+
+    } else {
+		_bodyLength = _verifyStandardBody(buf, expected_cl, PR_FALSE);
+	}
+
+    if (expected_cl >= 0) {
+        if (_bodyLength != expected_cl) {
+//-- 		    logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_handleBody: ",
+                       "Content length was incorrect (%d/%d bytes)", 
+                       _bodyLength,
+                       expected_cl );
+        }
+    }
+
+    return PR_TRUE;
+}
+
+/**
+ * Reads until the first space character
+ *
+ * @param buf Receive buffer to read from
+ * @param headerBuf Array to read header into
+ * @param len Size of headerBuf
+ * @return Number of characters read, or -1 if too many
+ */
+static int readHeader( RecvBuf& buf, char* headerBuf, int len ) {
+	int index = 0;
+
+	do {
+		char ch = buf.getChar();
+
+		if ( ch != -1 && !isspace(ch) ) { 
+			headerBuf[index++] = ch;
+			if ( index >= (len-1) ) {
+				return -1;
+			}			
+		} else {
+			headerBuf[index] = '\0';
+			break;	
+		}
+	} while( true );
+    //    RA::Debug( LL_PER_PDU,
+    //               "readHeader: ",
+    //               "headerBuf = %s",
+    //               headerBuf );
+
+	return index;
+}
+
+
+PRBool PSHttpResponse::processResponse() {
+    RecvBuf buf( _socket, 8192, _timeout );
+
+    if (_expectChunked) {
+        buf.setChunkedMode();
+    }
+
+//--	static const char *DEBUG_METHOD_NAME = "processResponse";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+    RA::Debug( LL_PER_PDU,
+               "PSHttpResponse::processResponse: ",
+               "Entered processResponse()" );
+
+    try {
+        char tmp[2048];
+		int tmpLen = sizeof(tmp);
+
+        // Get protocol string
+		int nRead = readHeader( buf, tmp, tmpLen );
+
+		if ( nRead < 0 ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Returned more than expected bytes %d "
+                           "in protocol header",
+                           sizeof( tmp ) );
+			return PR_FALSE;	
+		}
+
+        _protocol = PL_strdup(tmp);
+//-- 	     logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//-- 						DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::processResponse: ",
+                       "Protocol header: %s",
+                       _protocol );
+
+        // Get status num
+		nRead = readHeader( buf, tmp, tmpLen );
+		if ( nRead < 0 ) {
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Returned more than expected bytes %d "
+                           "in status header",
+                           tmpLen );
+			return PR_FALSE;	
+		}
+
+        _statusNum = PL_strdup( tmp );
+
+//-- 		logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Status header: %s",
+                           _statusNum );
+		retcode = atoi( tmp );
+
+        // Get status string
+        int index = 0;
+        do {
+            char ch = buf.getChar();
+            if ( ch != -1 && ch != '\r' ) {
+                tmp[index++] = ch;
+                if ( index >= (tmpLen-2) ) {
+                    tmp[index] = 0;
+//--                     logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                                  DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpResponse::processResponse: ",
+                               "Returned more than expected bytes %d "
+                               "in protocol header:\n%s",
+                               tmpLen,
+                               tmp );
+                    return PR_FALSE;
+                }			
+            } else {
+                break;
+            }
+        } while (true);
+        tmp[index] = '\0';
+        _statusString = PL_strdup( tmp );
+
+        // Skip CRLF
+        (void)buf.getChar();
+
+        // loop over response headers
+        index = 0;
+#ifdef CHECK
+        PRBool doneParsing = PR_FALSE;
+        PRBool atEOL = PR_FALSE;
+        PRBool inName = PR_TRUE;
+        char name[2048];
+		int nameLen = sizeof(name);
+
+        while ( !doneParsing ) {
+            char value[2048];
+            int valueLen = sizeof(value);
+            char ch = buf.getChar();
+
+            switch( ch ) {
+			case ':':
+				if ( inName ) {
+					name[index] = '\0';
+					index = 0;
+					inName = PR_FALSE;
+
+					nRead = readHeader( buf, value, valueLen );
+					if ( nRead < 0 ) {
+//-- 						logger->Log( LOGLEVEL_SEVERE,
+//-- 									 DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;	
+					} else {
+						value[index++] = ch;
+						if ( index >= (int)(sizeof(value) - 1 ) ) {
+//-- 							logger->Log( LOGLEVEL_SEVERE,
+//-- 										 DEBUG_CLASS_NAME,
+//-- 										 DEBUG_METHOD_NAME,
+                            RA::Debug( LL_PER_PDU,
+                                       "PSHttpResponse::processResponse: ",
+                                       "Name %s in header does not "
+                                       "have a value",
+                                       name );
+                            //							return PR_FALSE;			
+						}
+					}
+					break;
+				case '\r':
+					if ( inName && !atEOL ) {
+						name[index] = '\0';
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;
+					}
+					break;
+                case '\n':
+					if ( atEOL ) {
+						doneParsing = PR_TRUE;
+						break;
+					}
+					if ( inName ) {
+						name[index] = '\0';
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;
+					}
+					value[index] = '\0';
+					index = 0;
+					inName = PR_TRUE;
+					_headers->Put(name, PL_strdup(value));
+					atEOL = PR_TRUE;
+					break;
+                default:
+                    atEOL = PR_FALSE;
+                    if (inName) {
+                         name[index++] = ch;
+                    } else {
+                         value[index++] = ch;
+					}
+					if ( inName && (index >= (nameLen-2)) ) {
+						name[index] = '\0';
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header exceeds the expected "
+                                   "%d max characters",
+                                   name,
+                                   nameLen );
+                        //						return PR_FALSE;			
+					} else if ( !inName && (index >= (valueLen-1)) ) {
+//-- 						logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 									 DEBUG_METHOD_NAME,
+                        RA::Debug( LL_PER_PDU,
+                                   "PSHttpResponse::processResponse: ",
+                                   "Name %s in header does not "
+                                   "have a value",
+                                   name );
+                        //						return PR_FALSE;			
+					}	
+                    break;
+				}
+			}
+
+        } //while
+#endif //CHECK
+    } catch ( RecvBuf::EndOfFile & ) {
+        if ( !_request->isHangupOk() ) {
+
+            int errCode = PR_GetError();
+            if ( PR_IO_TIMEOUT_ERROR == errCode ) {
+//--                 logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                              DEBUG_METHOD_NAME,
+                    RA::Debug( LL_PER_PDU,
+                               "PSHttpResponse::processResponse: ",
+                               "Timed out reading response (%d seconds)",
+                               buf.getTimeout() );
+            } else {
+//--                 logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//--                              DEBUG_METHOD_NAME,
+                   RA::Debug( LL_PER_PDU,
+                              "PSHttpResponse::processResponse: ",
+                              "Received unexpected end of file from server\n%s",
+                              "XXX" );
+            }
+        }
+        return PR_FALSE;
+    }
+
+    // Read the body (HEAD requests don't have bodies)
+    // jpierre 1xx, 204 and 304 don't have bodies either
+    if ( PL_strcmp(_request->getMethod(), "HEAD") &&
+		 (!((retcode>=100) && (retcode<200))) &&
+		 (retcode!=204) &&
+		 (retcode!=304) ) {
+        if ( _handleBody(buf) == PR_FALSE ) {
+            return PR_FALSE;
+		}
+    }
+
+    if ( checkConnection() && !checkKeepAlive() ) {
+        // if connection is still open, and we didn't expect a keepalive,
+        // read another byte to see if the connection has closed.
+        try {
+            char ch;
+            ch = buf.getChar();
+            buf.putBack();
+            // conflict!
+//-- 			logger->Log( LOGLEVEL_SEVERE, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::processResponse: ",
+                           "Connection kept alive when it shouldn't" );
+        } catch (RecvBuf::EndOfFile &) {
+            _connectionClosed = 1;
+        }
+    }
+
+    _checkResponseSanity();
+    _content = (char *)buf.get_content();
+    _contentSize = buf.get_contentSize();
+    RA::Debug( LL_PER_PDU,
+               "PSHttpResponse::processResponse: ",
+               "processed Buffer contentSize=%d",
+               getContentSize() );
+	if (_content != NULL) {
+    	RA::Debug( LL_PER_PDU,
+               "PSHttpResponse::processResponse: ",
+               "processed Buffer content=%s",
+               _content );
+	}
+    // char * yo = getContent();
+
+    return PR_TRUE;
+}
+
+void PSHttpResponse::_checkResponseSanity() {
+    char *clHeader = getHeader("Content-length");
+    char *teHeader = getHeader("Transfer-encoding");
+//--	static const char *DEBUG_METHOD_NAME = "checkResponseSanity";
+//--	DebugLogger *logger = DebugLogger::GetDebugLogger( DEBUG_MODULE );
+        RA::Debug( LL_PER_PDU,
+                   "PSHttpResponse::_checkResponseSanity: ",
+                   "in _checkResponseSanity" );
+
+    ///////////////////////////////////////////////////
+    // Check items relevant to HTTP/1.0 and HTTP/1.1 //
+    ///////////////////////////////////////////////////
+
+	// check for both content-length and chunked
+	if ( clHeader && teHeader ) {
+//-- 		logger->Log( LOGLEVEL_FINER, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_checkResponseSanity: ",
+                       "Response contains both content-length and "
+                       "transfer-encoding" );
+	}
+
+	// check for basic headers
+	if ( !getHeader("Date") ) {
+//-- 		logger->Log( LOGLEVEL_WARNING, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_checkResponseSanity: ",
+                       "Response does not contain a date header" );
+	}
+	if ( !getHeader("Server") ) {
+//-- 		logger->Log( LOGLEVEL_WARNING, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+            RA::Debug( LL_PER_PDU,
+                       "PSHttpResponse::_checkResponseSanity: ",
+                       "Response does not contain a server header" );
+	}
+
+	int expectedLength;
+	if ((expectedLength = _request->getExpectedResponseLength()) > 0) {
+		if (expectedLength != _bodyLength) {
+//-- 			logger->Log( LOGLEVEL_INFO, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::_checkResponseSanity: ",
+                           "Response body length does not match expected "
+                           "response length (%d/%d)", 
+                           _bodyLength,
+                           expectedLength );
+		}
+	}
+
+    ///////////////////////////////////////
+    // Check items relevant to HTTP/1.0  //
+    ///////////////////////////////////////
+    if ( getProtocol() == HTTP10 ) {
+        if ( _chunkedResponse ) {
+//-- 			logger->Log( LOGLEVEL_INFO, DEBUG_CLASS_NAME,
+//-- 						 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::_checkResponseSanity: ",
+                           "Server sent a chunked HTTP/1.0 response" );
+		}
+    }
+
+    ///////////////////////////////////////
+    // Check items relevant to HTTP/1.1  //
+    ///////////////////////////////////////
+    if ( getProtocol() == HTTP11 ) {
+        if ( (!clHeader && !_chunkedResponse) &&
+			 (!((retcode>=100) && (retcode<200))) &&
+			 (retcode!=204) &&
+			 (retcode!=304) ) {
+//-- 			logger->Log( LOGLEVEL_INFO, DEBUG_CLASS_NAME,
+//-- 					 DEBUG_METHOD_NAME,
+                RA::Debug( LL_PER_PDU,
+                           "PSHttpResponse::_checkResponseSanity: ",
+                           "Server responded with a HTTP/1.1 response without "
+                           "content-length or chunked encoding" );
+		}
+    }
+}
diff --git a/pki/base/tps/src/include/apdu/APDU.h b/pki/base/tps/src/include/apdu/APDU.h
new file mode 100644
index 000000000..e0f778a19
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/APDU.h
@@ -0,0 +1,116 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef APDU_H
+#define APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Base.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+enum APDU_Type {
+        APDU_UNDEFINED = 0,
+        APDU_CREATE_OBJECT = 1,
+        APDU_EXTERNAL_AUTHENTICATE = 2,
+        APDU_INITIALIZE_UPDATE = 3,
+        APDU_LIFECYCLE = 4,
+        APDU_READ_BUFFER = 5,
+        APDU_SET_PIN = 6,
+        APDU_UNBLOCK_PIN = 7,
+        APDU_WRITE_OBJECT = 8,
+        APDU_GENERATE_KEY = 9,
+        APDU_PUT_KEY = 10,
+        APDU_SELECT = 11,
+        APDU_GET_VERSION = 12,
+        APDU_DELETE_FILE = 13,
+        APDU_INSTALL_APPLET = 14,
+        APDU_FORMAT_MUSCLE_APPLET = 15,
+        APDU_LOAD_FILE = 16,
+        APDU_INSTALL_LOAD = 17,
+        APDU_GET_STATUS = 18 ,
+        APDU_LIST_PINS = 19,
+        APDU_CREATE_PIN = 20,
+        APDU_GET_DATA = 21,
+        APDU_READ_OBJECT = 22,
+        APDU_LIST_OBJECTS = 23,
+	    APDU_IMPORT_KEY = 24,
+	    APDU_IMPORT_KEY_ENC = 25,
+	    APDU_SET_ISSUERINFO = 26,
+	    APDU_GET_ISSUERINFO = 27
+};
+
+class APDU
+{
+  public:
+	TPS_PUBLIC APDU();
+	TPS_PUBLIC APDU(const APDU &cpy);
+	TPS_PUBLIC virtual ~APDU();
+  public:
+	TPS_PUBLIC APDU& operator=(const APDU& cpy);
+  public:
+	TPS_PUBLIC virtual void SetCLA(BYTE cla);
+	TPS_PUBLIC virtual void SetINS(BYTE ins);
+	TPS_PUBLIC virtual void SetP1(BYTE p1);
+	TPS_PUBLIC virtual void SetP2(BYTE p2);
+	TPS_PUBLIC virtual void SetData(Buffer &data);
+	TPS_PUBLIC virtual void SetMAC(Buffer &mac);
+	TPS_PUBLIC virtual void GetEncoding(Buffer &data);
+	TPS_PUBLIC virtual void GetDataToMAC(Buffer &data);
+	TPS_PUBLIC virtual PRStatus SecureMessage(PK11SymKey *encSessionKey);
+	TPS_PUBLIC virtual APDU_Type GetType();
+	TPS_PUBLIC Buffer &GetData();
+	TPS_PUBLIC Buffer &GetMAC();
+	TPS_PUBLIC BYTE GetCLA();
+	TPS_PUBLIC BYTE GetINS();
+	TPS_PUBLIC BYTE GetP1();
+	TPS_PUBLIC BYTE GetP2();
+  protected:
+	BYTE m_cla;
+	BYTE m_ins;
+	BYTE m_p1;
+	BYTE m_p2;
+	Buffer m_data;
+	Buffer m_plainText;
+	Buffer m_mac;
+};
+
+#endif /* APDU_H */
diff --git a/pki/base/tps/src/include/apdu/APDU_Response.h b/pki/base/tps/src/include/apdu/APDU_Response.h
new file mode 100644
index 000000000..0d5c62b9d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/APDU_Response.h
@@ -0,0 +1,66 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef APDU_RESPONSE_H
+#define APDU_RESPONSE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class APDU_Response
+{
+  public:
+	APDU_Response();
+	TPS_PUBLIC APDU_Response(Buffer &data);
+	~APDU_Response();
+        APDU_Response(const APDU_Response &cpy);
+  public:
+        APDU_Response& operator=(const APDU_Response& cpy);
+  public:
+	BYTE GetSW1();
+	BYTE GetSW2();
+	TPS_PUBLIC Buffer &GetData();
+  private:
+	Buffer m_data;
+};
+
+#endif /* APDU_Response_H */
diff --git a/pki/base/tps/src/include/apdu/Create_Object_APDU.h b/pki/base/tps/src/include/apdu/Create_Object_APDU.h
new file mode 100644
index 000000000..7433e7ceb
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Create_Object_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CREATE_OBJECT_APDU_H
+#define CREATE_OBJECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Create_Object_APDU : public APDU
+{
+  public:
+  TPS_PUBLIC Create_Object_APDU(BYTE *object_id, BYTE *permissions, int len);
+	TPS_PUBLIC ~Create_Object_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* CREATE_OBJECT_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Create_Pin_APDU.h b/pki/base/tps/src/include/apdu/Create_Pin_APDU.h
new file mode 100644
index 000000000..7f666467d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Create_Pin_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CREATE_PIN_APDU_H
+#define CREATE_PIN_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Create_Pin_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Create_Pin_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Create_Pin_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* CREATE_PIN_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Delete_File_APDU.h b/pki/base/tps/src/include/apdu/Delete_File_APDU.h
new file mode 100644
index 000000000..9e2eeeeb2
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Delete_File_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef DELETE_FILE_APDU_H
+#define DELETE_FILE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Delete_File_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Delete_File_APDU(Buffer &AID);
+	TPS_PUBLIC ~Delete_File_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* DELETE_FILE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/External_Authenticate_APDU.h b/pki/base/tps/src/include/apdu/External_Authenticate_APDU.h
new file mode 100644
index 000000000..ff9a6bee7
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/External_Authenticate_APDU.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef EXTERNAL_AUTHENTICATE_APDU_H
+#define EXTERNAL_AUTHENTICATE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "channel/Secure_Channel.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class External_Authenticate_APDU : public APDU
+{
+  public:
+	// TPS_PUBLIC External_Authenticate_APDU(Buffer &data);
+	TPS_PUBLIC External_Authenticate_APDU(Buffer &data, SecurityLevel sl);
+	TPS_PUBLIC ~External_Authenticate_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	TPS_PUBLIC Buffer &GetHostCryptogram();
+};
+
+#endif /* EXTERNAL_AUTHENTICATE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Format_Muscle_Applet_APDU.h b/pki/base/tps/src/include/apdu/Format_Muscle_Applet_APDU.h
new file mode 100644
index 000000000..b7fbbbea1
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Format_Muscle_Applet_APDU.h
@@ -0,0 +1,65 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef FORMAT_MUSCLE_APPLET_APDU_H
+#define FORMAT_MUSCLE_APPLET_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Format_Muscle_Applet_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Format_Muscle_Applet_APDU(unsigned short memSize, 
+			Buffer &PIN0, BYTE pin0Tries, 
+			Buffer &unblockPIN0, BYTE unblock0Tries, 
+			Buffer &PIN1, BYTE pin1Tries, 
+			Buffer &unblockPIN1, BYTE unblock1Tries, 
+			unsigned short objCreationPermissions, 
+			unsigned short keyCreationPermissions, 
+			unsigned short pinCreationPermissions);
+	TPS_PUBLIC ~Format_Muscle_Applet_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* FORMAT_MUSCLE_APPLET_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Generate_Key_APDU.h b/pki/base/tps/src/include/apdu/Generate_Key_APDU.h
new file mode 100644
index 000000000..d245b8336
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Generate_Key_APDU.h
@@ -0,0 +1,60 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GENERATE_KEY_APDU_H
+#define GENERATE_KEY_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Generate_Key_APDU : public APDU
+{
+  public:
+	 TPS_PUBLIC Generate_Key_APDU (BYTE p1, BYTE p2, BYTE alg, 
+		int keysize, BYTE option,
+                BYTE type, Buffer &wrapped_challenge, Buffer &key_check);
+	TPS_PUBLIC ~Generate_Key_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* GENERATE_KEY_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_Data_APDU.h b/pki/base/tps/src/include/apdu/Get_Data_APDU.h
new file mode 100644
index 000000000..a4f78634d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_Data_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_DATA_APDU_H
+#define GET_DATA_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_Data_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_Data_APDU();
+	TPS_PUBLIC ~Get_Data_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_DATA_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_IssuerInfo_APDU.h b/pki/base/tps/src/include/apdu/Get_IssuerInfo_APDU.h
new file mode 100644
index 000000000..075acc6d9
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_IssuerInfo_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_ISSUERINFO_APDU_H
+#define GET_ISSUERINFO_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_IssuerInfo_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_IssuerInfo_APDU();
+	TPS_PUBLIC ~Get_IssuerInfo_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+    TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_ISSUERINFO_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_Status_APDU.h b/pki/base/tps/src/include/apdu/Get_Status_APDU.h
new file mode 100644
index 000000000..5d047bf16
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_Status_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_STATUS_APDU_H
+#define GET_STATUS_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_Status_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_Status_APDU();
+	TPS_PUBLIC ~Get_Status_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_STATUS_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Get_Version_APDU.h b/pki/base/tps/src/include/apdu/Get_Version_APDU.h
new file mode 100644
index 000000000..8b6ff3c33
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Get_Version_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef GET_VERSION_APDU_H
+#define GET_VERSION_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Get_Version_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Get_Version_APDU();
+	TPS_PUBLIC ~Get_Version_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* GET_VERSION_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Import_Key_APDU.h b/pki/base/tps/src/include/apdu/Import_Key_APDU.h
new file mode 100644
index 000000000..e00d97081
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Import_Key_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef IMPORT_KEY_APDU_H
+#define IMPORT_KEY_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Import_Key_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Import_Key_APDU(BYTE p1);
+	TPS_PUBLIC ~Import_Key_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* IMPORT_KEY_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Import_Key_Enc_APDU.h b/pki/base/tps/src/include/apdu/Import_Key_Enc_APDU.h
new file mode 100644
index 000000000..bcc974987
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Import_Key_Enc_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef IMPORT_KEY_ENC_APDU_H
+#define IMPORT_KEY_ENC_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Import_Key_Enc_APDU : public APDU
+{
+  public:
+        TPS_PUBLIC Import_Key_Enc_APDU(BYTE p1, BYTE p2, Buffer& data);
+	TPS_PUBLIC ~Import_Key_Enc_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* IMPORT_KEY_ENC_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Initialize_Update_APDU.h b/pki/base/tps/src/include/apdu/Initialize_Update_APDU.h
new file mode 100644
index 000000000..8e20d77ab
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Initialize_Update_APDU.h
@@ -0,0 +1,60 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef INITIALIZE_UPDATE_APDU_H
+#define INITIALIZE_UPDATE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Initialize_Update_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Initialize_Update_APDU(BYTE key_version, BYTE key_index, Buffer &data);
+	TPS_PUBLIC ~Initialize_Update_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+  public:
+	TPS_PUBLIC Buffer &GetHostChallenge();
+};
+
+#endif /* INITIALIZE_UPDATE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Install_Applet_APDU.h b/pki/base/tps/src/include/apdu/Install_Applet_APDU.h
new file mode 100644
index 000000000..08b799a64
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Install_Applet_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef INSTALL_APPLET_APDU_H
+#define INSTALL_APPLET_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Install_Applet_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Install_Applet_APDU(Buffer &packageAID, Buffer &appletAID, 
+			BYTE appPrivileges, unsigned int instanceSize, unsigned int appletMemorySize);
+	TPS_PUBLIC Install_Applet_APDU(Buffer &data);
+	TPS_PUBLIC ~Install_Applet_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* INSTALL_APPLET_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Install_Load_APDU.h b/pki/base/tps/src/include/apdu/Install_Load_APDU.h
new file mode 100644
index 000000000..7d0ff9761
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Install_Load_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef INSTALL_LOAD_APDU_H
+#define INSTALL_LOAD_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Install_Load_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Install_Load_APDU(Buffer& packageAID, Buffer& sdAID, unsigned int fileLen);
+	TPS_PUBLIC Install_Load_APDU(Buffer& data);
+	TPS_PUBLIC ~Install_Load_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* INSTALL_LOAD_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Lifecycle_APDU.h b/pki/base/tps/src/include/apdu/Lifecycle_APDU.h
new file mode 100644
index 000000000..a3adaf9c4
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Lifecycle_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LIFECYCLE_APDU_H
+#define LIFECYCLE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Lifecycle_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Lifecycle_APDU(BYTE lifecycle);
+	TPS_PUBLIC ~Lifecycle_APDU();
+ 	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* LIFECYCLE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/List_Objects_APDU.h b/pki/base/tps/src/include/apdu/List_Objects_APDU.h
new file mode 100644
index 000000000..7d5b45bff
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/List_Objects_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LIST_OBJECTS_APDU_H
+#define LIST_OBJECTS_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class List_Objects_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC List_Objects_APDU(BYTE ret_size);
+	TPS_PUBLIC ~List_Objects_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+        TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* LIST_OBJECTS_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/List_Pins_APDU.h b/pki/base/tps/src/include/apdu/List_Pins_APDU.h
new file mode 100644
index 000000000..04d1102c9
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/List_Pins_APDU.h
@@ -0,0 +1,60 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LIST_PINS_APDU_H
+#define LIST_PINS_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class List_Pins_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC List_Pins_APDU(BYTE ret_size);
+	TPS_PUBLIC ~List_Pins_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	BYTE m_ret_size;
+	TPS_PUBLIC void GetEncoding(Buffer &data);
+};
+
+#endif /* LIST_PINS_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Load_File_APDU.h b/pki/base/tps/src/include/apdu/Load_File_APDU.h
new file mode 100644
index 000000000..ae5f57445
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Load_File_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LOAD_FILE_APDU_H
+#define LOAD_FILE_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Load_File_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Load_File_APDU(BYTE refControl, BYTE blockNum, Buffer& data);
+	TPS_PUBLIC ~Load_File_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* LOAD_FILE_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Put_Key_APDU.h b/pki/base/tps/src/include/apdu/Put_Key_APDU.h
new file mode 100644
index 000000000..63aa54599
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Put_Key_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef PUT_KEY_APDU_H
+#define PUT_KEY_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Put_Key_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Put_Key_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Put_Key_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* PUT_KEY_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Read_Buffer_APDU.h b/pki/base/tps/src/include/apdu/Read_Buffer_APDU.h
new file mode 100644
index 000000000..3c94b564d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Read_Buffer_APDU.h
@@ -0,0 +1,61 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef READ_BUFFER_APDU_H
+#define READ_BUFFER_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Read_Buffer_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Read_Buffer_APDU(int len, int offset);
+	TPS_PUBLIC ~Read_Buffer_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+        TPS_PUBLIC int GetLen();
+        TPS_PUBLIC int GetOffset();
+
+};
+
+#endif /* READ_BUFFER_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Read_Object_APDU.h b/pki/base/tps/src/include/apdu/Read_Object_APDU.h
new file mode 100644
index 000000000..e2357acdd
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Read_Object_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef OBJECT_OBJECT_APDU_H
+#define OBJECT_OBJECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Read_Object_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Read_Object_APDU(BYTE *object_id, int offset, int len);
+	TPS_PUBLIC ~Read_Object_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* OBJECT_OBJECT_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Select_APDU.h b/pki/base/tps/src/include/apdu/Select_APDU.h
new file mode 100644
index 000000000..92c1c8ee8
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Select_APDU.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SELECT_APDU_H
+#define SELECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Select_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Select_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Select_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* SELECT_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Set_IssuerInfo_APDU.h b/pki/base/tps/src/include/apdu/Set_IssuerInfo_APDU.h
new file mode 100644
index 000000000..2507fdc97
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Set_IssuerInfo_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SET_ISSUERINFO_APDU_H
+#define SET_ISSUERINFO_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Set_IssuerInfo_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Set_IssuerInfo_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Set_IssuerInfo_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	TPS_PUBLIC Buffer &GetIssuerInfo();
+};
+
+#endif /* SET_ISSUERINFO_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Set_Pin_APDU.h b/pki/base/tps/src/include/apdu/Set_Pin_APDU.h
new file mode 100644
index 000000000..f649147a1
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Set_Pin_APDU.h
@@ -0,0 +1,59 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SET_PIN_APDU_H
+#define SET_PIN_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Set_Pin_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Set_Pin_APDU(BYTE p1, BYTE p2, Buffer &data);
+	TPS_PUBLIC ~Set_Pin_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+  public:
+	TPS_PUBLIC Buffer &GetNewPIN();
+};
+
+#endif /* SET_PIN_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Unblock_Pin_APDU.h b/pki/base/tps/src/include/apdu/Unblock_Pin_APDU.h
new file mode 100644
index 000000000..583e7ae7d
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Unblock_Pin_APDU.h
@@ -0,0 +1,54 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef UNBLOCK_PIN_APDU_H
+#define UNBLOCK_PIN_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Unblock_Pin_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Unblock_Pin_APDU();
+	TPS_PUBLIC ~Unblock_Pin_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* UNBLOCK_PIN_APDU_H */
diff --git a/pki/base/tps/src/include/apdu/Write_Object_APDU.h b/pki/base/tps/src/include/apdu/Write_Object_APDU.h
new file mode 100644
index 000000000..670cd6bbd
--- /dev/null
+++ b/pki/base/tps/src/include/apdu/Write_Object_APDU.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef WRITE_OBJECT_APDU_H
+#define WRITE_OBJECT_APDU_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "apdu/APDU.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Write_Object_APDU : public APDU
+{
+  public:
+	TPS_PUBLIC Write_Object_APDU(BYTE *object_id, int offset, Buffer &data);
+	TPS_PUBLIC ~Write_Object_APDU();
+	TPS_PUBLIC APDU_Type GetType();
+};
+
+#endif /* WRITE_OBJECT_APDU_H */
diff --git a/pki/base/tps/src/include/authentication/AuthParams.h b/pki/base/tps/src/include/authentication/AuthParams.h
new file mode 100644
index 000000000..e0d39a249
--- /dev/null
+++ b/pki/base/tps/src/include/authentication/AuthParams.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUTHPARAMS_H
+#define AUTHPARAMS_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class AuthParams : public NameValueSet
+{
+  public:
+	  TPS_PUBLIC AuthParams();
+	  virtual ~AuthParams();
+  public: 
+          TPS_PUBLIC void SetUID(char *uid);
+          TPS_PUBLIC char *GetUID();
+          TPS_PUBLIC void SetPassword(char *pwd);
+          TPS_PUBLIC char *GetPassword();
+          void SetSecuridValue(char *securidValue);
+          TPS_PUBLIC char *GetSecuridValue();
+          void SetSecuridPin(char *securidPin);
+          TPS_PUBLIC char *GetSecuridPin();
+};
+
+#endif /* AUTHPARAMS_H */
diff --git a/pki/base/tps/src/include/authentication/Authentication.h b/pki/base/tps/src/include/authentication/Authentication.h
new file mode 100644
index 000000000..ae2b0c6fb
--- /dev/null
+++ b/pki/base/tps/src/include/authentication/Authentication.h
@@ -0,0 +1,80 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUTHENTICATION_H
+#define AUTHENTICATION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/RA_Session.h"
+#include "authentication/AuthParams.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#define TPS_AUTH_OK                       0
+#define TPS_AUTH_ERROR_LDAP              -1
+#define TPS_AUTH_ERROR_USERNOTFOUND      -2
+#define TPS_AUTH_ERROR_PASSWORDINCORRECT -3
+
+
+class Authentication
+{
+  public:
+	  TPS_PUBLIC Authentication();
+	  TPS_PUBLIC virtual ~Authentication();
+  public:
+          virtual int Authenticate(AuthParams *params);  
+          virtual void Initialize(int index);
+  public: 
+          virtual const char *GetTitle(char *locale);
+          virtual const char *GetDescription(char *locale);
+          virtual int GetNumOfParamNames();
+          virtual char *GetParamID(int index);
+          virtual const char *GetParamName(int index, char *locale);
+          virtual char *GetParamType(int index);
+          virtual const char *GetParamDescription(int index, char *locale);
+          virtual char *GetParamOption(int index);
+          int GetNumOfRetries(); // retries if the user entered the wrong password/securid
+
+  protected:
+          int m_retries;
+};
+
+#endif /* AUTHENTICATION_H */
diff --git a/pki/base/tps/src/include/authentication/LDAP_Authentication.h b/pki/base/tps/src/include/authentication/LDAP_Authentication.h
new file mode 100644
index 000000000..2a8c0a7d5
--- /dev/null
+++ b/pki/base/tps/src/include/authentication/LDAP_Authentication.h
@@ -0,0 +1,85 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LDAP_AUTHENTICATION_H
+#define LDAP_AUTHENTICATION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/RA_Session.h"
+#include "authentication/Authentication.h"
+
+class LDAP_Authentication : public Authentication
+{
+  public:
+	  LDAP_Authentication();
+	  ~LDAP_Authentication();
+  public:
+          int Authenticate(AuthParams *params);
+          void Initialize(int index);
+  public:
+          bool IsSSL();
+          char *GetHostPort();
+
+  public:
+          void GetHostPort(char **p, char **q);
+          virtual const char *GetTitle(char *locale);
+          virtual const char *GetDescription(char *locale);
+          virtual int GetNumOfParamNames();
+          virtual char *GetParamID(int index);
+          virtual const char *GetParamName(int index, char *locale);
+          virtual char *GetParamType(int index);
+          virtual const char *GetParamDescription(int index, char *locale);
+          virtual char *GetParamOption(int index);
+
+  private:
+          int m_index;
+          bool m_isSSL;
+          char *m_hostport;
+          char *m_attributes;
+          char *m_ssl;
+          char *m_baseDN;
+          char *m_bindDN;
+          char *m_bindPwd;
+          int m_connectRetries; // for failover
+          ConnectionInfo *m_connInfo;
+};
+  extern "C" 
+  {
+     Authentication *GetAuthentication();
+  };
+
+#endif /* LDAP_AUTHENTICATION_H */
diff --git a/pki/base/tps/src/include/channel/Channel.h b/pki/base/tps/src/include/channel/Channel.h
new file mode 100644
index 000000000..a49af8bf1
--- /dev/null
+++ b/pki/base/tps/src/include/channel/Channel.h
@@ -0,0 +1,55 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CHANNEL_H
+#define CHANNEL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/RA_Session.h"
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+
+class Channel
+{
+  public:
+	  Channel();
+	  ~Channel();
+  public:
+          int Close();
+};
+
+#endif /* CHANNEL_H */
diff --git a/pki/base/tps/src/include/channel/Secure_Channel.h b/pki/base/tps/src/include/channel/Secure_Channel.h
new file mode 100644
index 000000000..bac072407
--- /dev/null
+++ b/pki/base/tps/src/include/channel/Secure_Channel.h
@@ -0,0 +1,158 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SECURE_CHANNEL_H
+#define SECURE_CHANNEL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/RA_Session.h"
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+#include "channel/Channel.h"
+
+enum SecurityLevel {
+    SECURE_MSG_ANY = 0,
+    SECURE_MSG_MAC = 1,
+    SECURE_MSG_NONE = 2, // not yet supported
+    SECURE_MSG_MAC_ENC = 3
+} ;
+
+enum TokenKeyType {
+     KEY_TYPE_ENCRYPTION = 0,
+     KEY_TYPE_SIGNING = 1,
+     KEY_TYPE_SIGNING_AND_ENCRYPTION = 2
+};
+
+class Secure_Channel : public Channel
+{
+  public:
+
+	  Secure_Channel(
+		RA_Session *session, 
+		PK11SymKey *session_key,
+		PK11SymKey *enc_session_key,
+		char *drm_des_key_s,
+		char *kek_des_key_s,
+		char *keycheck_s,
+                Buffer &key_diversification_data,
+                Buffer &key_info_data,
+                Buffer &card_challenge,
+                Buffer &card_cryptogram,
+                Buffer &host_challenge,
+                Buffer &host_cryptogram);
+
+	  ~Secure_Channel();
+  public:
+          Buffer &GetKeyDiversificationData();
+          Buffer &GetKeyInfoData();
+          Buffer &GetCardChallenge();
+          Buffer &GetCardCryptogram();
+          Buffer &GetHostChallenge();
+          Buffer &GetHostCryptogram();
+	  SecurityLevel GetSecurityLevel();
+	  void SetSecurityLevel(SecurityLevel level);
+	  char *getDrmWrappedDESKey();
+	  char *getKekWrappedDESKey();
+	  char *getKeycheck();
+
+  public:
+	  int ImportKeyEnc(BYTE priv_key_number, BYTE pub_key_number, Buffer* data);
+	  int ImportKey(BYTE key_number);
+	  int CreatePin(BYTE pin_number, BYTE max_retries, const char *pin);
+	  int ExternalAuthenticate();
+	  int SetIssuerInfo(Buffer *info);
+	  Buffer GetIssuerInfo();
+	  int ResetPin(BYTE pin_number, char *pin);
+          int IsPinPresent(BYTE pin_number);
+	  int SetLifecycleState(BYTE flag);
+	  int StartEnrollment(BYTE p1, BYTE p2, Buffer *wrapped_challenge, 
+		Buffer *key_check,
+		BYTE alg, int keysize, BYTE option);
+	  int ReadBuffer(BYTE *buf, int buf_len);
+	  int CreateObject(BYTE *object_id, BYTE* permissions, int len); 
+	  int WriteObject(BYTE *objid, BYTE *buf, int buf_len);
+	  Buffer *ReadObject(BYTE *objid, int offset, int len);
+          int PutKeys(RA_Session *session, BYTE key_version, 
+                  BYTE key_index, Buffer *key_data); 
+	  int LoadFile(RA_Session *session, BYTE refControl, BYTE blockNum,
+		        Buffer *data); 
+          int InstallApplet(RA_Session *session,
+	                Buffer &packageAID, Buffer &appletAID,
+	                BYTE appPrivileges, unsigned int instanceSize, unsigned int appletMemorySize);
+          int InstallLoad(RA_Session *session,
+	                Buffer& packageAID, Buffer& sdAID, unsigned int fileLen);
+	  int DeleteFileX(RA_Session *session, Buffer *aid);
+	  int Close();
+  public:
+          int CreateObject(BYTE *objid, BYTE *perms, Buffer *obj);
+          int CreateCertificate(const char *id, Buffer *cert);
+
+          Buffer CreatePKCS11CertAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid);
+          int CreatePKCS11CertAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid);
+          Buffer CreatePKCS11PriKeyAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+          int CreatePKCS11PriKeyAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid, 
+                Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+          Buffer CreatePKCS11PubKeyAttrsBuffer(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+          int CreatePKCS11PubKeyAttrs(TokenKeyType type, const char *id, const char *label, Buffer *keyid,
+                Buffer *exponent, Buffer *modulus, const char *opType, const char *tokenType, const char *keyTypePrefix);
+	  APDU_Response *SendTokenAPU(APDU *apdu);
+
+  public:
+          Buffer *ComputeAPDUMac(APDU *apdu);
+	  int ComputeAPDU(APDU *apdu);
+
+  private: 
+          PK11SymKey *m_session_key;
+          PK11SymKey *m_enc_session_key;
+	  char *m_drm_wrapped_des_key_s;
+	  char *m_kek_wrapped_des_key_s;
+	  char *m_keycheck_s;
+	  RA_Session *m_session;
+	  Buffer m_icv;
+	  Buffer m_cryptogram;
+          Buffer m_key_diversification_data;
+          Buffer m_key_info_data;
+          Buffer m_card_challenge;
+          Buffer m_card_cryptogram;
+          Buffer m_host_challenge;
+          Buffer m_host_cryptogram;
+	  SecurityLevel m_security_level;
+};
+
+#endif /* SECURE_CHANNEL_H */
diff --git a/pki/base/tps/src/include/cms/CertEnroll.h b/pki/base/tps/src/include/cms/CertEnroll.h
new file mode 100644
index 000000000..442e28e8c
--- /dev/null
+++ b/pki/base/tps/src/include/cms/CertEnroll.h
@@ -0,0 +1,75 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CERTENROLL_H
+#define CERTENROLL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Buffer.h"
+
+#include "httpClient/httpc/response.h"
+#include "keythi.h"
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+class CertEnroll
+{
+  public:
+
+  TOKENDB_PUBLIC CertEnroll();
+  TOKENDB_PUBLIC ~CertEnroll();
+
+  SECKEYPublicKey *ParsePublicKeyBlob(unsigned char * /*blob*/,
+			 Buffer * /*challenge*/);
+  Buffer *EnrollCertificate(SECKEYPublicKey * /*pk_parsed*/,
+		            const char *profileId,
+			    const char * /*uid*/,
+			    const char * /*token cuid*/, const char *connid,
+                            char *error_msg,
+			    	SECItem** encodedPublicKeyInfo = NULL);
+  ReturnStatus verifyProof(SECKEYPublicKey* /*pk*/, SECItem* /*siProof*/,
+			   unsigned short /*pkeyb_len*/, unsigned char* /*pkeyb*/,
+			   Buffer* /*challenge*/);
+  TOKENDB_PUBLIC Buffer *RenewCertificate(PRUint64 serialno, const char *connid, const char *profileId, char *error_msg);
+  TOKENDB_PUBLIC int RevokeCertificate(const char *reason, const char *serialno, const char *connid, char *&status);
+  TOKENDB_PUBLIC int UnrevokeCertificate(const char *serialno, const char *connid, char *&status);
+  PSHttpResponse * sendReqToCA(const char *servlet, const char *parameters, const char *connid);
+  Buffer * parseResponse(PSHttpResponse * /*resp*/);
+};
+#endif /* CERTENROLL_H */
diff --git a/pki/base/tps/src/include/cms/ConnectionInfo.h b/pki/base/tps/src/include/cms/ConnectionInfo.h
new file mode 100644
index 000000000..07e9c3a73
--- /dev/null
+++ b/pki/base/tps/src/include/cms/ConnectionInfo.h
@@ -0,0 +1,66 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CONNECTIONINFO_H
+#define CONNECTIONINFO_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Buffer.h"
+#include "main/NameValueSet.h"
+#include "pk11func.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#define HOST_PORT_MEMBERS 20
+
+class ConnectionInfo
+{
+  public:
+	  TPS_PUBLIC ConnectionInfo();
+	  TPS_PUBLIC ~ConnectionInfo();
+          TPS_PUBLIC void BuildFailoverList(const char *str);
+          TPS_PUBLIC int GetHostPortListLen();
+          TPS_PUBLIC char **GetHostPortList();
+
+  private:
+          int m_len;
+          char *m_hostPortList[HOST_PORT_MEMBERS];
+};
+
+#endif /* CONNECTIONINFO_H */
diff --git a/pki/base/tps/src/include/cms/HttpConnection.h b/pki/base/tps/src/include/cms/HttpConnection.h
new file mode 100644
index 000000000..da9d3a7fd
--- /dev/null
+++ b/pki/base/tps/src/include/cms/HttpConnection.h
@@ -0,0 +1,88 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef HTTPCONNECTION_H
+#define HTTPCONNECTION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/engine.h"
+#include "httpClient/httpc/http.h"
+#include "ConnectionInfo.h"
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class HttpConnection
+{
+  public:
+//	  HttpConnection();
+          TPS_PUBLIC HttpConnection(const char *id, ConnectionInfo *cinfo, int retries, int timeout,
+            bool isSSL, const char *clientnickname, bool keepAlive, NameValueSet *headers);
+	  TPS_PUBLIC virtual ~HttpConnection();
+
+  public:
+          TPS_PUBLIC int GetNumOfRetries(); // failover retries
+          TPS_PUBLIC int GetTimeout();
+          TPS_PUBLIC ConnectionInfo *GetFailoverList();
+          TPS_PUBLIC char *GetId();
+          TPS_PUBLIC bool IsSSL();
+          TPS_PUBLIC char *GetClientNickname();
+          TPS_PUBLIC bool IsKeepAlive();
+          TPS_PUBLIC PSHttpResponse *getResponse(int index, const char *servletID, const char *body);
+          TPS_PUBLIC PRLock *GetLock();
+          TPS_PUBLIC int GetCurrentIndex();
+          TPS_PUBLIC void SetCurrentIndex(int index);
+
+  protected:
+     int m_max_conn;
+     ConnectionInfo *m_failoverList;
+     int m_retries;
+     int m_timeout;
+     char *m_Id;
+     bool m_isSSL;
+     char *m_clientnickname;
+     bool m_keepAlive;
+     NameValueSet *m_headers;
+     PRLock *m_lock;
+     int m_curr;
+};
+
+#endif /* HTTPCONNECTION_H */
diff --git a/pki/base/tps/src/include/engine/RA.h b/pki/base/tps/src/include/engine/RA.h
new file mode 100644
index 000000000..ef904bf66
--- /dev/null
+++ b/pki/base/tps/src/include/engine/RA.h
@@ -0,0 +1,368 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_H
+#define RA_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "engine/audit.h"
+#include "ldap.h"
+#include "lber.h"
+#include "main/Base.h"
+#include "main/ConfigStore.h"
+#include "main/Buffer.h"
+#include "main/PublishEntry.h"
+#include "main/AuthenticationEntry.h"
+#include "main/LogFile.h"
+#include "authentication/Authentication.h"
+#include "apdu/APDU.h"
+#include "main/RA_Context.h"
+#include "channel/Secure_Channel.h"
+#include "cms/HttpConnection.h"
+#include "cms/ConnectionInfo.h"
+#include  "publisher/IPublisher.h"
+
+/*
+ *
+ * LL_PER_SERVER = 4        these messages will occur only once during the
+ *                          entire invocation of the server, e.g. at startup
+ *                          or shutdown time., reading the conf parameters.
+ *                          Perhaps other infrequent events relating to
+ *                          failing over of CA, TKS, too
+ *
+ * LL_PER_CONNECTION = 6    these messages happen once per connection - most
+ *                          of the log events will be at this level
+ *
+ * LL_PER_PDU = 8           these messages relate to PDU processing. If you
+ *                          have something that is done for every PDU, such
+ *                          as applying the MAC, it should be logged at this
+ *                          level
+ *
+ * LL_ALL_DATA_IN_PDU = 9   dump all the data in the PDU - a more chatty
+ *                          version of the above
+ */
+enum RA_Log_Level {
+	LL_PER_SERVER = 4,
+	LL_PER_CONNECTION = 6,
+	LL_PER_PDU = 8,
+	LL_ALL_DATA_IN_PDU = 9
+};
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/* For now, this value must correspond exactly to the successful exit */
+/* status of RA::Initialize( char *cfg_path, RA_Context *ctx ).       */
+#define RA_INITIALIZATION_SUCCESS 1
+
+typedef char NSSUTF8;
+
+class RA
+{
+  public:
+	  RA();
+	  ~RA();
+  public:
+          static bool IsAuditEventSelected(const char *auditEvent);
+          static bool IsValidEvent(const char *auditEvent);
+          static void getLastSignature();
+	  static int IsTokendbInitialized();
+	  static int IsTpsConfigured();
+	  TPS_PUBLIC static int Initialize(char *cfg_path, RA_Context *ctx);
+//	  TPS_PUBLIC static int InitializeInChild(RA_Context *ctx);
+	  TPS_PUBLIC static int InitializeInChild(RA_Context *ctx, int nSignedAuditInitCount);
+	  TPS_PUBLIC static int Shutdown();
+  public:
+
+ 	  static PK11SymKey *ComputeSessionKey(RA_Session *session,
+                                           Buffer &CUID,
+                                           Buffer &keyinfo,
+                                           Buffer &card_challenge,
+                                           Buffer &host_challenge,
+                                           Buffer **host_cryptogram,
+                                           Buffer &card_cryptogram,
+                                           PK11SymKey **encSymKey,
+                                           char** drm_kekSessionKey_s,
+                                           char** kek_kekSessionKey_s,
+                                           char **keycheck_s,
+                                           const char *connId);
+	  static void ServerSideKeyGen(RA_Session *session, const char* cuid,
+                                   const char *userid, char* kekSessionKey_s,
+		                           char **publickey_s,
+                                   char **wrappedPrivateKey_s,
+                                   char **ivParam_s, const char *connId,
+                                   bool archive, int keysize);
+	  static void RecoverKey(RA_Session *session, const char* cuid,
+                             const char *userid, char* kekSessionKey_s,
+                             char *cert_s, char **publickey_s,
+                             char **wrappedPrivateKey_s, const char *connId,  char **ivParam_s);
+
+	  static Buffer *ComputeHostCryptogram(Buffer &card_challenge, Buffer &host_challenge);
+  public:
+	  TPS_PUBLIC static ConfigStore *GetConfigStore();
+          TPS_PUBLIC static bool match_comma_list(const char* item, char *list);
+          TPS_PUBLIC static char* remove_from_comma_list(const char*item, char *list);
+  public:
+	  TPS_PUBLIC static void Audit(const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Error(const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void SelfTestLog(const char *func_name, const char *fmt, ...);
+          TPS_PUBLIC static void Debug(const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void DebugBuffer(const char *func_name, const char *prefix, Buffer *buf);
+	  TPS_PUBLIC static void Audit(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Error(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void SelfTestLog(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  TPS_PUBLIC static void Debug(RA_Log_Level level, const char *func_name, const char *fmt, ...);
+	  static void DebugBuffer(RA_Log_Level level, const char *func_name, const char *prefix, Buffer *buf);
+          TPS_PUBLIC static void FlushAuditLogBuffer();
+          TPS_PUBLIC static void SignAuditLog(NSSUTF8 *msg);
+          TPS_PUBLIC static char *GetAuditSigningMessage(const NSSUTF8 *msg);
+          TPS_PUBLIC static void SetFlushInterval(int interval);
+          TPS_PUBLIC static void SetBufferSize(int size);
+          static void RunFlushThread(void *arg);
+          TPS_PUBLIC static int setup_audit_log(bool enable_signing, bool signing_changed);
+          TPS_PUBLIC static void enable_audit_logging(bool enable);
+  private:
+	  static void AuditThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+	  static void ErrorThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+	  static void SelfTestLogThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+	  static void DebugThis(RA_Log_Level level, const char *func_name, const char *fmt, va_list ap);
+          static void do_free(char *s);
+  public:
+          static int InitializeTokendb(char *cfg_path);
+          static int InitializeSignedAudit();
+          static PRLock *GetVerifyLock();
+          static PRLock *GetConfigLock();
+          TPS_PUBLIC static CERTCertificate **ra_get_certificates(LDAPMessage *e);
+          TPS_PUBLIC static LDAPMessage *ra_get_first_entry(LDAPMessage *e);
+          TPS_PUBLIC static LDAPMessage *ra_get_next_entry(LDAPMessage *e);
+          TPS_PUBLIC static struct berval **ra_get_attribute_values(LDAPMessage *e, const char *p);
+          TPS_PUBLIC static void ra_free_values(struct berval **values);
+          TPS_PUBLIC static char *ra_get_cert_attr_byname(LDAPMessage *e, const char *name);
+          TPS_PUBLIC static char *ra_get_token_id(LDAPMessage *e);
+      TPS_PUBLIC static char *ra_get_cert_tokenType(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_token_status(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_cn(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_status(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_type(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_serial(LDAPMessage *entry);
+      TPS_PUBLIC static char *ra_get_cert_issuer(LDAPMessage *entry);
+          TPS_PUBLIC static int ra_delete_certificate_entry(LDAPMessage *entry);
+          TPS_PUBLIC static int ra_tus_has_active_tokens(char *userid);
+          TPS_PUBLIC static char *ra_get_token_reason(LDAPMessage *msg);
+          TPS_PUBLIC static int ra_get_number_of_entries(LDAPMessage *ldapResult);
+          TPS_PUBLIC static int ra_find_tus_token_entries(char *filter,
+            int maxReturns, LDAPMessage **ldapResult, int num);
+          TPS_PUBLIC static int ra_find_tus_token_entries_no_vlv(char *filter,
+            LDAPMessage **ldapResult, int num);
+	  TPS_PUBLIC static int ra_is_tus_db_entry_disabled(char *cuid);
+	  TPS_PUBLIC static int ra_is_token_pin_resetable(char *cuid);
+	  TPS_PUBLIC static int ra_is_token_present(char *cuid);
+	  TPS_PUBLIC static int ra_allow_token_reenroll(char *cuid);
+	  TPS_PUBLIC static int ra_allow_token_renew(char *cuid);
+          TPS_PUBLIC static int ra_force_token_format(char *cuid);
+	  TPS_PUBLIC static int ra_is_update_pin_resetable_policy(char *cuid);
+	  TPS_PUBLIC static char *ra_get_token_policy(char *cuid);
+	  TPS_PUBLIC static char *ra_get_token_userid(char *cuid);
+	  TPS_PUBLIC static int ra_update_token_policy(char *cuid, char *policy);
+      TPS_PUBLIC static int ra_update_cert_status(char *cn, const char *status);
+      TPS_PUBLIC static int ra_find_tus_certificate_entries_by_order(
+        char *filter, int num, LDAPMessage **msg, int order);
+      TPS_PUBLIC static int ra_find_tus_certificate_entries_by_order_no_vlv(
+        char *filter, LDAPMessage **msg, int order);
+      TPS_PUBLIC static void ra_tus_print_integer(char *out, SECItem *data);
+      TPS_PUBLIC static int ra_update_token_status_reason_userid(char *userid,
+        char *cuid, const char *status, const char *reason, int modifyDateOfCreate);
+          static int tdb_add_token_entry(char *userid, char* cuid, const char *status, const char *token_type);
+	  static int tdb_update(const char *userid, char *cuid, char *applet_version, char *key_info, const char *state, const char *reason, const char * token_type);
+	  static int tdb_update_certificates(char *cuid, char **tokentypes, char *userid, CERTCertificate **certificates, char **ktypes, char **origins, int numOfCerts);
+	  static int tdb_activity(const char *ip, const char *cuid, const char *op, const char *result, const char *msg, const char *userid, const char *token_type);
+	  static int testTokendb();
+          static int InitializeAuthentication();
+          static AuthenticationEntry *GetAuth(const char *id);
+  public:
+          static HttpConnection *GetCAConn(const char *id);
+          static void ReturnCAConn(HttpConnection *conn);
+          static HttpConnection *GetTKSConn(const char *id);
+          static void ReturnTKSConn(HttpConnection *conn);
+
+          static HttpConnection *GetDRMConn(const char *id);
+          static void ReturnDRMConn(HttpConnection *conn);
+          static int GetCurrentIndex(HttpConnection *conn);
+          static LogFile* GetLogFile(const char *log_type);
+
+  public:
+
+          static void SetPodIndex(int index);
+          static int GetPodIndex();
+          TPS_PUBLIC static int GetAuthCurrentIndex();
+          static void SetAuthCurrentIndex(int index);
+          TPS_PUBLIC static PRLock *GetAuthLock();
+          TPS_PUBLIC static void IncrementAuthCurrentIndex(int len);
+          TPS_PUBLIC static void update_signed_audit_selected_events(char *new_selected);
+          TPS_PUBLIC static void update_signed_audit_enable(const char *enable);
+          TPS_PUBLIC static void update_signed_audit_log_signing(const char *enable);
+     
+	  static void SetGlobalSecurityLevel(SecurityLevel sl);
+	  static SecurityLevel GetGlobalSecurityLevel();
+  public: /* default values */
+	  static const char *CFG_DEF_CARDMGR_INSTANCE_AID;
+	  static const char *CFG_DEF_NETKEY_INSTANCE_AID;
+	  static const char *CFG_DEF_NETKEY_FILE_AID;
+	  static const char *CFG_DEF_NETKEY_OLD_INSTANCE_AID;
+	  static const char *CFG_DEF_NETKEY_OLD_FILE_AID;
+	  static const char *CFG_DEF_APPLET_SO_PIN;
+  public:
+	  static const char *CFG_APPLET_DELETE_NETKEY_OLD;
+	  static const char *CFG_APPLET_CARDMGR_INSTANCE_AID;
+	  static const char *CFG_APPLET_NETKEY_INSTANCE_AID;
+	  static const char *CFG_APPLET_NETKEY_FILE_AID;
+	  static const char *CFG_APPLET_NETKEY_OLD_INSTANCE_AID;
+	  static const char *CFG_APPLET_NETKEY_OLD_FILE_AID;
+	  static const char *CFG_APPLET_SO_PIN;
+	  static const char *CFG_DEBUG_ENABLE;
+	  static const char *CFG_DEBUG_FILENAME;
+          static const char *CFG_DEBUG_LEVEL;
+	  static const char *CFG_AUDIT_ENABLE;
+	  static const char *CFG_AUDIT_FILENAME;
+	  static const char *CFG_SIGNED_AUDIT_FILENAME;
+          static const char *CFG_AUDIT_LEVEL;
+          static const char *CFG_AUDIT_SIGNED;
+          static const char *CFG_AUDIT_SIGNING_CERT_NICK;
+          static const char *CFG_AUDIT_SELECTED_EVENTS;
+          static const char *CFG_AUDIT_SELECTABLE_EVENTS;
+          static const char *CFG_AUDIT_NONSELECTABLE_EVENTS;
+          static const char *CFG_ERROR_LEVEL;
+	  static const char *CFG_ERROR_ENABLE;
+	  static const char *CFG_ERROR_FILENAME;
+	  static const char *CFG_SELFTEST_LEVEL;
+	  static const char *CFG_SELFTEST_ENABLE;
+	  static const char *CFG_SELFTEST_FILENAME;
+	  static const char *CFG_CHANNEL_SEC_LEVEL;
+	  static const char *CFG_CHANNEL_ENCRYPTION;
+          static const char *CFG_AUDIT_BUFFER_SIZE;
+          static const char *CFG_AUDIT_FLUSH_INTERVAL;
+          static const char *CFG_AUDIT_FILE_TYPE;
+          static const char *CFG_DEBUG_FILE_TYPE;
+          static const char *CFG_ERROR_FILE_TYPE;
+          static const char *CFG_SELFTEST_FILE_TYPE;
+          static const char *CFG_AUDIT_PREFIX;
+          static const char *CFG_DEBUG_PREFIX;
+          static const char *CFG_ERROR_PREFIX;
+          static const char *CFG_SELFTEST_PREFIX;
+
+
+      static const char *CFG_AUTHS_ENABLE;
+      static const char *CFG_AUTHS_CURRENTIMPL;
+      static const char *CFG_AUTHS_PLUGINS_NUM;
+      static const char *CFG_AUTHS_PLUGIN_NAME;
+
+      static const char *CFG_IPUBLISHER_LIB;
+      static const char *CFG_IPUBLISHER_FACTORY;
+
+  public:
+	  static const char *TKS_RESPONSE_STATUS;
+	  static const char *TKS_RESPONSE_SessionKey;
+	  static const char *TKS_RESPONSE_EncSessionKey;
+	  static const char *TKS_RESPONSE_KEK_DesKey;
+	  static const char *TKS_RESPONSE_DRM_Trans_DesKey;
+	  static const char *TKS_RESPONSE_HostCryptogram;
+
+  public:
+          static int m_used_tks_conn;
+          static int m_used_ca_conn;
+
+          static int m_used_drm_conn;
+          static HttpConnection* m_drmConnection[];
+          static int m_drmConns_len;
+          static int m_pod_curr;
+          static int m_auth_curr;
+          static bool m_pod_enable;
+          static PRLock *m_verify_lock;
+          static PRLock *m_pod_lock;
+          static PRLock *m_auth_lock;
+          static PRLock *m_error_log_lock;
+          static PRLock *m_selftest_log_lock;
+          static PRMonitor *m_audit_log_monitor;
+          static PRLock *m_debug_log_lock;
+          static PRLock *m_config_lock;
+          static int m_audit_log_level;
+          static int m_debug_log_level;
+          static int m_error_log_level;
+          static int m_selftest_log_level;
+          TPS_PUBLIC static bool m_audit_signed;
+          TPS_PUBLIC static bool m_audit_enabled;
+          static SECKEYPrivateKey *m_audit_signing_key;
+          static char *m_last_audit_signature;
+          static SECOidTag m_audit_signAlgTag;
+          TPS_PUBLIC static char *m_signedAuditSelectedEvents;
+          TPS_PUBLIC static char *m_signedAuditSelectableEvents;
+          TPS_PUBLIC static char *m_signedAuditNonSelectableEvents;
+          static char *m_audit_log_buffer;
+          static PRThread *m_flush_thread;
+          static size_t m_bytes_unflushed;
+          static size_t m_buffer_size;
+          static int m_flush_interval;
+
+      static HttpConnection* m_caConnection[];
+      static HttpConnection* m_tksConnection[];
+      static int m_caConns_len;
+      static int m_tksConns_len;
+      static int m_auth_len;
+      static AuthenticationEntry *m_auth_list[];
+	  static SecurityLevel m_global_security_level;
+      static void SetCurrentIndex(HttpConnection *&conn, int index);
+
+          static PublisherEntry *publisher_list;
+          static int m_num_publishers;
+          static RA_Context *m_ctx;
+
+
+          static PublisherEntry *getPublisherById(const char *publisher_id);
+          static int InitializePublishers();
+          static int InitializeHttpConnections(const char *id, int *len, HttpConnection **conn, RA_Context *ctx);
+          static void CleanupPublishers();
+        static int Failover(HttpConnection *&conn, int len);   
+
+      TPS_PUBLIC static SECCertificateUsage getCertificateUsage(const char *certusage);
+      TPS_PUBLIC static bool verifySystemCertByNickname(const char *nickname, const char *certUsage);
+      TPS_PUBLIC static bool verifySystemCerts();
+   
+};
+
+#endif /* RA_H */
diff --git a/pki/base/tps/src/include/engine/audit.h b/pki/base/tps/src/include/engine/audit.h
new file mode 100644
index 000000000..f8b50de37
--- /dev/null
+++ b/pki/base/tps/src/include/engine/audit.h
@@ -0,0 +1,90 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2009 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUDIT_H
+#define AUDIT_H
+
+#define AUDIT_SIG_MSG_FORMAT "[%s] %x [AuditEvent=%s][SubjectID=%s][Outcome=%s] signature of audit buffer just flushed: sig: %s"
+#define AUDIT_MSG_FORMAT "[SubjectID=%s][Outcome=%s] %s"
+
+// for EV_ROLE_ASSUME
+#define AUDIT_MSG_ROLE "[SubjectID=%s][Role=%s][Outcome=%s] %s" 
+
+// for EV_CONFIG, EV_CONFIG_ROLE, EV_CONFIG_TOKEN, EV_CONFIG_PROFILE, EV_CONFIG_AUDIT
+/*
+ ParamNameValPairs must be a name;;value pair
+    (where name and value are separated by the delimiter ;;)
+    separated by + (if more than one name;;value pair) of config params changed
+ Object which identifies the object being modified has the same format name;;value eg. tokenid;;12345
+*/
+#define AUDIT_MSG_CONFIG "[SubjectID=%s][Role=%s][Outcome=%s][Object=%s][ParamNameValPairs=%s] %s" 
+
+// for EV_APPLET_UPGRADE; note: "op" is operation such as "format," "enrollment"
+#define AUDIT_MSG_APPLET_UPGRADE "[SubjectID=%s][CUID=%s][MSN=%s][Outcome=%s][op=%s][KeyVersion=%s][OldAppletVersion=%s][NewAppletVersion=%s] %s"
+
+// for EV_KEY_CHANGEOVER; note: "op" is operation such as "format," "enrollment," "pinReset," "renewal"
+#define AUDIT_MSG_KEY_CHANGEOVER "[SubjectID=%s][CUID=%s][MSN=%s][Outcome=%s][op=%s][AppletVersion=%s][OldKeyVersion=%s][NewKeyVersion=%s] %s" 
+
+// for EV_AUTH_SUCCESS and EV_AUTH_FAIL
+#define AUDIT_MSG_AUTH "[SubjectID=%s][AuthID=%s][Outcome=%s] %s"
+
+// for EV_AUTHZ_SUCCESS and EV_AUTHZ_FAIL
+#define AUDIT_MSG_AUTHZ "[SubjectID=%s][op=%s][Outcome=%s] %s"
+
+// for op's EV_FORMAT, EV_ENROLLMENT, EV_PIN_RESET, EV_RENEWAL
+#define AUDIT_MSG_PROC "[SubjectID=%s][CUID=%s][MSN=%s][Outcome=%s][op=%s][AppletVersion=%s][KeyVersion=%s] %s" 
+
+// for op's EV_ENROLLMENT and EV_RENEWAL.  
+#define AUDIT_MSG_PROC_CERT_REQ "[SubjectID=%s][CUID=%s][MSN=%s][Outcome=%s][op=%s][AppletVersion=%s][KeyVersion=%s][Serial=%s][CA_ID=%s] %s" 
+
+// op is either "revoke" or "unrevoke"
+#define AUDIT_MSG_CERT_STATUS_CHANGE "[SubjectID=%s][Outcome=%s][op=%s][Serial=%s][CA_ID=%s] %s" 
+
+/*
+ * Audit events definitions
+ */
+#define EV_AUDIT_LOG_STARTUP "AUDIT_LOG_STARTUP"
+#define EV_AUDIT_LOG_SHUTDOWN "AUDIT_LOG_SHUTDOWN"
+#define EV_CIMC_CERT_VERIFICATION "CIMC_CERT_VERIFICATION"
+#define EV_ROLE_ASSUME "ROLE_ASSUME"
+#define EV_ENROLLMENT "ENROLLMENT"
+#define EV_PIN_RESET "PIN_RESET"
+#define EV_FORMAT "FORMAT"
+#define EV_AUTHZ_FAIL "AUTHZ_FAIL"
+#define EV_AUTHZ_SUCCESS "AUTHZ_SUCCESS"
+
+// config operations from the TUS interface
+#define EV_CONFIG "CONFIG" // for config operations not specifically defined below
+#define EV_CONFIG_ROLE "CONFIG_ROLE" 
+#define EV_CONFIG_TOKEN "CONFIG_TOKEN"
+#define EV_CONFIG_PROFILE "CONFIG_PROFILE"
+#define EV_CONFIG_AUDIT "CONFIG_AUDIT"
+
+#define EV_APPLET_UPGRADE "APPLET_UPGRADE"
+#define EV_KEY_CHANGEOVER "KEY_CHANGEOVER"
+
+#define EV_RENEWAL "RENEWAL"
+
+// authentication for both user login for token ops and role user login (this is different from EV_AUTHZ which is for role authorization)
+#define EV_AUTH_SUCCESS "AUTH_SUCCESS"
+#define EV_AUTH_FAIL "AUTH_FAIL"
+
+#endif //AUDIT_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/AccessLogger.h b/pki/base/tps/src/include/httpClient/httpc/AccessLogger.h
new file mode 100644
index 000000000..2b600d7e6
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/AccessLogger.h
@@ -0,0 +1,105 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __ACCESS_LOGGER_H__
+#define __ACCESS_LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/Logger.h"
+
+/**
+ * A singleton class for writing to an access log
+ */
+class EXPORT_DECL AccessLogger : public Logger {
+private:
+	AccessLogger();
+	virtual ~AccessLogger();
+
+public:
+/**
+ * Gets a logger object with parameters obtained from the configuration manager
+ */
+static AccessLogger *GetAccessLogger();
+
+/**
+ * Writes an access log entry
+ *
+ * @param hostName The IP address or host name of the requestor
+ * @param userName The authenticated user name; NULL or "" if not authenticated
+ * @param requestName The name of the requested function
+ * @param status The status returned to the client
+ * @param responseLength The number of bytes returned to the client
+ * @return 0 on success
+ */
+int Log( const char *hostName,
+		 const char *userName,
+		 const char *requestName,
+		 int status,
+		 int responseLength );
+
+/**
+ * Initializes the object with parameters from the Config Manager
+ *
+ * @param configName The name of the configuration entry to use
+ * @return 0 on success
+ */
+	int Initialize( const char *configName );
+
+/**
+ * Flush any unwritten buffers
+ */
+void Flush();
+
+protected:
+/**
+ * Gets a formatted timestamp
+ *
+ * @param now The current time
+ * @param buffer Buffer to put time in
+ * @return A formatted timestamp
+ */
+char *GetTimeStamp( struct tm *now, char *buffer );
+
+private:
+	char *m_buffer;
+	int m_bufferIndex;
+	int m_bufferTime;
+	int m_bufferSize;
+	time_t m_lastWrite;
+    char m_gmtOffset[16];
+};
+
+#endif // __ACCESS_LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Auth.h b/pki/base/tps/src/include/httpClient/httpc/Auth.h
new file mode 100644
index 000000000..72a5f77ee
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Auth.h
@@ -0,0 +1,155 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_AUTH_H__
+#define __PS_AUTH_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "ldap.h"
+
+class PSConfig;
+class Pool;
+class PoolNode;
+
+/**
+ * Utility classes for authentication and authorization
+ *
+ * @author  rweltman@netscape.com
+ * @version 1.0
+ */
+
+/**
+ * Maintains a pool of LDAP connections; not yet implemented as a pool
+ */
+class LDAPConnectionPool {
+public:
+	LDAPConnectionPool( const char *host, int port, int poolSize );
+	virtual ~LDAPConnectionPool() {}
+    int Initialize();
+    PoolNode *GetConnection();
+    PoolNode *GetAuthenticatedConnection( const char *binddn,
+                                          const char *bindpwd );
+    void ReleaseConnection( PoolNode *node );
+protected:
+private:
+    const char* m_host;
+    int m_port;
+    int m_size;
+    Pool *m_pool;
+    bool m_initialized;
+};
+
+/**
+ * Produces an authenticator for an auth domain and authenticates
+ */
+class EXPORT_DECL Authenticator {
+public:
+	virtual int Authenticate( const char *username,
+                              const char *password,
+                              char *&actualID ) = 0;
+	static Authenticator *GetAuthenticator( const char *domain );
+};
+
+class EXPORT_DECL LDAPAuthenticator:public Authenticator {
+public:
+	LDAPAuthenticator();
+	virtual ~LDAPAuthenticator();
+	virtual int Authenticate( const char *username,
+                              const char *password,
+                              char *&dn );
+
+protected:
+    static int GetHashSize();
+	char *CheckCache( const char *username,
+                      const char *password );
+	void UpdateCache( const char *username,
+                      const char *dn,
+                      const char *password );
+    char *CreateHash( const char *password,
+                      char *hash,
+                      int maxChars );
+    /**
+     * Returns the DN corresponding to a username, if any
+     *
+     * @param username The user name to look up
+     * @param status The status of an LDAP search, if any
+     * @return The corresponding DN, or NULL if no DN found
+     */
+    char *GetUserDN( const char *username, int& status );
+
+private:
+    LDAPConnectionPool *m_pool;
+    const char* m_host;
+    int m_port;
+    const char* m_binddn;
+    const char* m_bindpassword;
+    const char* m_basedn;
+    const char* m_searchfilter;
+    const char* m_searchscope;
+    int   m_nsearchscope;
+    char* m_attrs[2];
+    StringKeyCache *m_cache;
+};
+
+class EXPORT_DECL LDAPAuthorizer {
+public:
+	LDAPAuthorizer();
+	virtual ~LDAPAuthorizer();
+	static LDAPAuthorizer *GetAuthorizer();
+	virtual int Authorize( const char *dn,
+                           const char *pwd,
+                           const char *methodName );
+
+protected:
+	int GetLdapConnection( LDAP** ld );
+	int CheckCache( const char *username,
+                    const char *methodName );
+	void UpdateCache( const char *username,
+                      const char *methodName );
+
+private:
+    LDAPConnectionPool *m_pool;
+    const char* m_binddn;
+    const char* m_bindpassword;
+    const char* m_basedn;
+    const char* m_searchfilter;
+    const char* m_searchscope;
+    int   m_nsearchscope;
+    char* m_attrs[2];
+    StringKeyCache *m_cache;
+};
+
+#endif // __PS_HELPER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/ByteBuffer.h b/pki/base/tps/src/include/httpClient/httpc/ByteBuffer.h
new file mode 100644
index 000000000..cd5568c35
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ByteBuffer.h
@@ -0,0 +1,194 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __BYTE_BUFFER_H
+#define __BYTE_BUFFER_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ByteBuffer.h	1.000 06/12/2002
+ * 
+ * A byte buffer class
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+#define max(a,b)    (((a) > (b)) ? (a) : (b))
+#define min(a,b)    (((a) < (b)) ? (a) : (b))
+
+typedef unsigned char Byte;
+
+class EXPORT_DECL ByteBuffer {
+public:
+	/**
+	 * Constructor
+	 */
+	ByteBuffer();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~ByteBuffer();
+
+public:
+	/**
+	 * Reads a single byte from the buffer
+	 * 
+	 * @param	b	byte returned
+	 * @return	0 on success
+	 */
+	int GetByte(Byte* b);
+
+	/**
+	 * Reads a number of bytes as specified by size from the buffer
+	 * 
+	 * @param	size	bytes to read
+	 * @param	buf		bytes read
+	 * @return	0 on success
+	 */
+	int GetBytes(int size, Byte* buf);
+
+	/**
+	 * Reads a short value from the buffer
+	 * 
+	 * @param	s	a short value
+	 * @return	0 on success
+	 */
+	int GetShort(unsigned short* s);
+
+	/**
+	 * Reads a integer value from the buffer
+	 * 
+	 * @param	i	a integer value
+	 * @return	0 on success
+	 */
+	int GetInt(unsigned int* i);
+
+	/**
+	 * Reads a string of given length from the buffer
+	 * 
+	 * @param	len		length of the string
+	 * @param	str		string value
+	 * @return	0 on success
+	 */
+	int GetString(int len, char* str);
+
+	/**
+	 * Writes a single byte to the buffer
+	 * 
+	 * @param	b	byte to set
+	 * @return	0 on success
+	 */
+	int SetByte(Byte b);
+
+	/**
+	 * Writes a number of bytes as specified by size to the buffer
+	 * 
+	 * @param	size	number of bytes
+	 * @param	buf		bytes to write
+	 * @return	0 on success
+	 */
+	int SetBytes(int size, Byte* buf);
+
+	/**
+	 * Writes a short value to the buffer
+	 * 
+	 * @param	s	a short value
+	 * @return	0 on success
+	 */
+	int SetShort(unsigned short s);
+
+	/**
+	 * Writes an integer value to the buffer
+	 * 
+	 * @param	i	an integer value
+	 * @return	0 on success
+	 */
+	int SetInt(unsigned int i);
+
+	/**
+	 * Writes a string to the buffer
+	 * 
+	 * @param	str		a string to write
+	 * @return	0 on success
+	 */
+	int SetString(char* str);
+
+	/**
+	 * Gets the current position in the buffer
+	 * 
+	 * @param	pos		position in the buffer
+	 * @return	0 on success
+	 */
+	int GetPosition(unsigned long* pos);
+
+	/**
+	 * Sets the pointer to the position specified by pos in the buffer
+	 * 
+	 * @param	pos		position to be set in the buffer
+	 * @return	0 on success
+	 */
+	int SetPosition(unsigned long pos);
+
+	/**
+	 * Gets total number of bytes in the buffer
+	 * 
+	 * @param	total		total number of bytes
+	 * @return	0 on success
+	 */
+	int GetTotalBytes(unsigned long* total);
+
+    /**
+     * Dumps the buffer to the debug log
+     *
+     * @param logLevel Lowest debug level for which the log should be dumped
+     */
+	void Dump(int logLevel);
+
+private:
+	int SetTotalBytes(unsigned long size, unsigned long allocUnit);
+	int ValidateBuffer(unsigned long increment);
+
+private:
+	Byte* m_buffer;
+    Byte* m_bufferEnd;
+    Byte* m_bufPtr;
+    Byte* m_maxPtr;
+};
+
+#endif // __BYTE_BUFFER_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/CERTUtil.h b/pki/base/tps/src/include/httpClient/httpc/CERTUtil.h
new file mode 100644
index 000000000..1f26efbb8
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/CERTUtil.h
@@ -0,0 +1,65 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _CERT_UTIL_H
+#define _CERT_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * NSS CERT utility functions
+ */
+class EXPORT_DECL CERTUtil {
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	CERTUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~CERTUtil() {}
+
+public:
+	static CERTCertificate* FindCertificate(const char* nickname);
+	static SECItem* FindExtension(CERTCertificate* cert, const SECItem* oid);
+	static int GetAsInteger(SECItem* item);
+	static char* GetAsString(SECItem* item);
+	static bool IsCertExpired(CERTCertificate* cert);
+};
+
+#endif // _CERT_UTIL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/Cache.h b/pki/base/tps/src/include/httpClient/httpc/Cache.h
new file mode 100644
index 000000000..bc68f04df
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Cache.h
@@ -0,0 +1,226 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _CACHE_H_
+#define _CACHE_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/Iterator.h"
+
+/**
+ * Simple cache implementation
+ */
+
+/**
+ * Contains a cache entry and housekeeping info
+ */
+class CacheEntry {
+public:
+    /**
+     * Constructor
+     *
+     * @param key  Pointer to the key being cached
+     * @param data Pointer to the data being cached
+     */
+    CacheEntry( const char *key, void *data );
+	/**
+	 * Destructor
+	 */
+	virtual ~CacheEntry();
+
+    /**
+     * Returns a pointer to the cached key
+     *
+     * @return A pointer to the cached key
+     */
+    const char *GetKey();
+
+    /**
+     * Returns a pointer to the cached data
+     *
+     * @return A pointer to the cached data
+     */
+    void *GetData();
+    /**
+     * Returns the time when the entry was created
+     *
+     * @return The time when the entry was created
+     */
+	long GetStartTime();
+
+private:
+	char *m_key;
+    void *m_data;
+    time_t m_startTime;
+};
+
+/**
+ * Contains a generic cache; this is currently an abstract base class
+ */
+class Cache {
+protected:
+    /**
+     * Default constructor
+     */
+	Cache();
+
+public:
+    /**
+     * Constructor
+     *
+     * @param name of the cache
+     * @param ttl Time to live of each cache entry
+     * @param implicitLock true if the Cached is to do locking internally
+     * when required; false if the caller will take responsibility
+     */
+	Cache( const char *name, int ttl, bool implictLock = false );
+
+    /**
+     * Destructor
+     */
+	virtual ~Cache();
+
+    /**
+     * Returns the number of entries in the cache
+     *
+     * @return The number of entries in the cache
+     */
+    virtual int GetCount();
+
+    /**
+     * Acquires a read lock on the cache. Multiple threads may simultaneously
+     * have a read lock, but attempts to acquire a read lock will block
+     * if another thread already has a write lock. It is illegal to request
+     * a read lock if the thread already has one.
+     */
+    void ReadLock();
+
+    /**
+     * Acquires a write lock on the cache. Only one thread may have a write
+     * lock at any given time; attempts to acquire a write lock will block
+     * if another thread already has one. It is illegal to request
+     * a write lock if the thread already has one.
+     */
+    void WriteLock();
+
+    /**
+     * Releases a read or write lock that the thread has on the cache
+     */
+    void Unlock();
+
+protected:
+    /**
+     * Initializes the object - to be called from the constructor
+     *
+     * @param name of the cache
+     * @param ttl Time to live of each cache entry
+     * @param implicitLock true if the Cached is to do locking internally
+     * when required; false if the caller will take responsibility
+     */
+	void Initialize( const char *name, int ttl, bool implictLock );
+
+protected:
+	const char *m_name;
+	int m_ttl;
+	PLHashTable* m_cache;
+	PRRWLock* m_cacheLock;
+    bool m_implicitLock;
+};
+
+/**
+ * Contains a cache where the keys are strings
+ */
+class StringKeyCache : public Cache {
+public:
+    /**
+     * Constructor
+     *
+     * @param name of the cache
+     * @param ttl Time to live of each cache entry
+     * @param implicitLock true if the Cached is to do locking internally
+     * when required; false if the caller will take responsibility
+     */
+	StringKeyCache( const char *name, int ttl, bool implictLock = false );
+
+    /**
+     * Destructor
+     */
+	virtual ~StringKeyCache();
+
+    /**
+     * Returns a cache entry
+     *
+     * @param key The name of the cache entry
+     * @return The corresponding cache entry, or NULL if not found
+     */
+	CacheEntry *Get( const char *key );
+
+    /**
+     * Adds a cache entry
+     *
+     * @param key The name of the cache entry; an internal copy is made
+     * @param value The value of the cache entry
+     * @return The corresponding cache entry, or NULL if it couldn't be added
+     */
+	CacheEntry *Put( const char *key, void *value );
+
+    /**
+     * Removes a cache entry; does not free the entry object
+     *
+     * @param key The name of the cache entry
+     * @return The corresponding cache entry, or NULL if not found
+     */
+	CacheEntry *Remove( const char *key );
+
+    /**
+     * Allocates and returns a list of keys in the cache
+     *
+     * @param keys Returns an array of names; each name and also the
+     * array itself are to be freed by the caller with delete
+     * @return The number of keys found
+     */
+    int GetKeys( char ***keys );
+
+    /**
+     * Returns an iterator over keys in the cache
+     *
+     * @return An iterator over keys in the cache
+     */
+    Iterator *GetKeyIterator();
+
+};
+
+#endif // _CACHE_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/Connection.h b/pki/base/tps/src/include/httpClient/httpc/Connection.h
new file mode 100644
index 000000000..5619d0dff
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Connection.h
@@ -0,0 +1,117 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __CONNECTION_H
+#define __CONNECTION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Connection.h	1.000 06/12/2002
+ * 
+ * Base class for all connection types. A user should extend this class 
+ * and provide its protocol specific implementation
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL Connection {
+	friend class ServerConnection;
+public:
+	/**
+	 * Constructor
+	 */
+	Connection();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~Connection();
+
+public:
+	/**
+	 * Initiates a connection to a specified host.
+	 *
+	 * @param	host	server host name
+	 * @param	port	server port
+	 * @return			0 on success, negative error code otherwise
+	 */
+	int Connect(const char* host, int port);
+
+	/**
+	 * Reads specified number of bytes from the connection. The connection 
+	 * is locked for the period it is being read.
+	 *
+	 * @param	buf		buffer to read into
+	 * @param	size	number of bytes to read
+	 * @param	timeout	timeout before the read terminates
+	 * @return			number of bytes actually read
+	 */
+	int Read(void* buf, int size, long timeout);
+
+	/**
+	 * Writes specified number of bytes to the connection.  The connection 
+	 * is locked for the period it is being written.
+	 *
+	 * @param	buf		buffer to write from
+	 * @param	size	number of bytes to write
+	 * @param	timeout	timeout before the write terminates
+	 * @return			number of bytes actually written
+	 */
+	int Write(void* buf, int size, long timeout);
+
+	/**
+	 * Gets the status of the connection
+	 *
+	 * @return true if closed, false otherwise
+	 */
+	bool IsClosed();
+
+	/**
+	 * Closes the connection
+	 */
+	void Close();
+
+protected:
+	Socket* m_socket;
+
+private:
+	PRLock* m_lock;
+	bool m_closed;
+};
+
+#endif // __CONNECTION_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ConnectionListener.h b/pki/base/tps/src/include/httpClient/httpc/ConnectionListener.h
new file mode 100644
index 000000000..0b55900b3
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ConnectionListener.h
@@ -0,0 +1,58 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __CONNECTION_LISTENER_H
+#define __CONNECTION_LISTENER_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ConnectionListener.h	1.000 06/12/2002
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ConnectionListener {
+public:
+	virtual int OnConnectionReceived(Connection*) = 0;
+	virtual int OnDataAvailable(Connection*) = 0;
+	virtual int OnConnectionClosed(Connection*) = 0;
+	virtual int OnConnectionError(Connection*, int, const char*) = 0;
+};
+
+#endif // __CONNECTION_LISTENER_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/DebugLogger.h b/pki/base/tps/src/include/httpClient/httpc/DebugLogger.h
new file mode 100644
index 000000000..37c7971c0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/DebugLogger.h
@@ -0,0 +1,185 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __DEBUG_LOGGER_H__
+#define __DEBUG_LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+struct PLHashTable;
+
+/**
+ * The DebugLogger class writes debug log entries conditionally. A single
+ * instance can be shared among modules or different modules can have
+ * their own instances. In either case, the log level can be changed
+ * globally across all instances with a single function call. All instances
+ * write through a singleton to ensure coordination in writing to a single
+ * file.
+ */
+class EXPORT_DECL DebugLogger {
+public:
+private:
+	DebugLogger( const char *moduleName );
+	virtual ~DebugLogger();
+
+public:
+/**
+ * Gets a logger object for a particular module. Provide a module name
+ * if there will be more than one logger object in use, with each module
+ * having its own instance. Pass NULL if a single logger object will be
+ * shared throughout the application.
+ *
+ * @param moduleName Name of a module
+ * @return A logger instance
+ */
+static DebugLogger *GetDebugLogger( const char *moduleName = NULL );
+
+/**
+ * Sets global default values for loggers; the values are assigned to
+ * DebugLogger objects created after this call returns
+ *
+ * @param configParams A table of key-value pairs to assign configuration
+ * parameters
+ */
+static void SetDefaults( PLHashTable *configParams );
+
+/**
+ * Sets the log level for this object
+ *
+ * @param logLevel Log level setting for the module
+ */
+void SetLogLevel( int logLevel );
+
+/**
+ * Gets the log level for this object
+ *
+ * @return logLevel Log level setting for the object
+ */
+int GetLogLevel();
+
+/**
+ * Sets the log level for a particular module or all modules
+ * in all debug logger objects
+ *
+ * @param logLevel Log level setting for the module
+ * @param moduleName Name of the module (does not need to be known before
+ * this call); if NULL, the level is applied to all modules
+ */
+static void SetGlobalLogLevel( int logLevel,
+                               const char *moduleName = NULL );
+
+/**
+ * Gets the log level for a particular module
+ *
+ * @param moduleName Name of the module
+ * @return logLevel Log level setting for the module
+ */
+static int GetLogLevel( const char *moduleName );
+
+/**
+ * Writes a debug log entry if logLevel is equal to or higher than the
+ * logLevel setting of the object
+ *
+ * @param logLevel One of the log levels defined above
+ * @param className The name of the class recording the log entry
+ * @param methodName The name of the method that is calling this log method
+ * @param fmt A sprintf format string for the remaining arguments
+ * @param ... A varargs list of things to log
+ * @return 0 on success
+ */
+int Log( int logLevel,
+         const char *className,
+         const char *methodName,
+         const char *fmt, ... );
+
+/**
+ * Writes a trace entry if the logLevel setting of the object is FINER or FINEST
+ *
+ * @param className The name of the class recording the log entry
+ * @param methodName The name of the method that is calling this log method
+ * @param args An optional descriptive string
+ * @return 0 on success
+ */
+int Entering( const char *className,
+              const char *methodName,
+              const char *args = NULL );
+
+/**
+ * Writes a trace entry if the logLevel setting of the object is FINER or FINEST
+ *
+ * @param className The name of the class recording the log entry
+ * @param methodName The name of the method that is calling this log method
+ * @param args An optional descriptive string
+ * @return 0 on success
+ */
+int Exiting( const char *className,
+             const char *methodName,
+             const char *args = NULL );
+/**
+ * Shut down, flushing any buffers and releasing resources
+ */
+void Close();
+
+/**
+ * Shut down, flushing any buffers and releasing resources
+ */
+static void CloseAll();
+
+protected:
+/**
+ * Sets the log level for a particular module
+ *
+ * @param logLevel Log level setting for the module
+ * @param moduleName Name of the module (does not need to be known before
+ * this call)
+ */
+static void SetOneLogLevel( int logLevel,
+                            const char *moduleName );
+
+private:
+/**
+ * Initializes the object with parameters from the Config Manager
+ *
+ * @param configName The name of the configuration entry to use
+ * @return 0 on success
+ */
+static int Initialize( const char *configName );
+
+private:
+    int m_level;
+    char *m_module;
+};
+
+#endif // __DEBUG_LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Defines.h b/pki/base/tps/src/include/httpClient/httpc/Defines.h
new file mode 100644
index 000000000..90af8e3d0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Defines.h
@@ -0,0 +1,219 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __DEFINES_H__
+#define __DEFINES_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Defines.h	1.000 04/30/2002
+ * 
+ * This file contains global constants for the Presence Server
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+
+// ??? SSR till we have server logging functionality
+#ifdef _DEBUG
+#define PS_LOG_LEVEL PS_LOG_LEVEL_DEBUG
+#else
+#define PS_LOG_LEVEL PS_LOG_LEVEL_WARN
+#endif
+
+#define PS_SERVER_CONFIG_FILE		"psserver.conf"
+
+// Configuration file for WASP SOAP server
+#define SOAP_CONFIG_FILE            "config.xml"
+
+#define CLIENT_DESCRIPTION          "Netscape Presence Server"
+#define SERVER_VERSION              "1.0"
+
+// Key to SoapAction field in WASP call context
+#define HEADER_FIELD_SOAPACTION     "SOAP_ACTION"
+// Key to status field in WASP call context
+#define HEADER_STATUS               "HEADER_STATUS"
+
+// Keys to client parameters passed through the call context
+
+#define SERVER_URL                  "SERVER_URL"
+#define CERTIFICATE_DIRECTORY       "CERTIFICATE_DIRECTORY"
+#define CERTIFICATE_NICKNAME        "CERTIFICATE_NICKNAME"
+#define DO_SERVER_CERT_VALIDATION   "DO_SERVER_CERT_VALIDATION"
+#define CERTIFICATE_PASSWORD        "CERTIFICATE_PASSWORD"
+
+#define STRING_ON_LINE	 "ONLINE"
+#define STRING_OFF_LINE	 "OFFLINE"
+
+#define BATCH_RESULT_SIZE				1000
+#define MAX_ATTR_SIZE					   5
+
+#define NAME_BUFFER_LENGTH				256
+#define ATTR_BUFFER_LENGTH				256
+
+// Static strings for the attributes we support
+#define BUDDY_ATTRIBUTE_ON_LINE_STATUS	"onlinestatus"
+#define BUDDY_ATTRIBUTE_IDLE_TIME		"idletime"
+#define BUDDY_ATTRIBUTE_ON_LINE_SINCE	"onlinesince"
+#define BUDDY_ATTRIBUTE_AWAY_MESSAGE	"awaymessage"
+#define BUDDY_ATTRIBUTE_PROFILE			"profile"
+#define BUDDY_ATTRIBUTE_CONNECTION_TYPE	"connectiontype"
+#define BUDDY_ATTRIBUTE_CAPABILITIES	"capabilities"
+
+#define PS_LOG_LEVEL_DEBUG			0
+#define PS_LOG_LEVEL_WARN			1
+#define PS_LOG_LEVEL_ERROR			2
+
+
+// Presence Server config parameters in the bootstrap configuration file
+// psserver.conf
+#define INSTANCE_ID		"instanceid"
+#define HOST_ID			"hostid"
+#define DOMAIN_NAME		"domainname"
+#define SERVER_HOST		"serverhost"
+#define SERVER_PORT		"serverport"
+#define BINDDN			"binddn"
+#define BINDPASSWORD	"bindpassword"
+
+// dn, cn constants
+#define PS_ATTRIBUTE_DN				"dn"
+#define PS_ATTRIBUTE_CN				"cn"
+
+// nsPlugin class required attributes
+#define PLUGIN_DN			"dn"
+#define PLUGIN_CN			"cn"
+#define PLUGIN_ID			"nspluginid"
+#define PLUGIN_PATH			"nspluginpath"
+#define PLUGIN_INIT_FUNC	"nsplugininitfunc"
+#define PLUGIN_ENABLED		"nspluginenabled"
+#define PLUGIN_VERSION		"nspluginversion"
+#define PLUGIN_DESC			"nsplugindescription"
+
+// Operations when updating server
+#define PS_OPERATION_ADD		1
+#define PS_OPERATION_DELETE		2
+#define PS_OPERATION_REPLACE	4
+
+// Names of LDAP attributes for the LDAP data source
+#define LDAP_SOURCE_DN						"dn"
+#define LDAP_SOURCE_CN						"cn"
+#define LDAP_SOURCE_GROUP_NAME				"nspsgroupname"
+#define LDAP_SOURCE_SERVER_ADDRESS			"nsserveraddress"
+#define LDAP_SOURCE_SERVER_PORT				"nsserverport"
+#define LDAP_SOURCE_BIND_DN					"nsbinddn"
+#define LDAP_SOURCE_BIND_PASSWORD			"nsbindpassword"
+#define LDAP_SOURCE_BASE_DN					"nsbasedn"
+#define LDAP_SOURCE_SEARCH_FILTER			"nssearchfilter"
+#define LDAP_SOURCE_SEARCH_SCOPE			"nssearchscope"
+#define LDAP_SOURCE_IM_ID					"nsimattributetype"
+#define LDAP_SOURCE_SEARCHABLE_ATTRIBUTES	"nssearchableattributes"
+#define LDAP_SOURCE_ENABLE_SSL				"nsenablessl"
+
+
+// Configuration attribute name for max results to return
+#define SEARCH_MAX_RESULTS    "nsmaxresults"
+
+// Max results to return if SEARCH_MAX_RESULTS is not defined
+#define DEFAULT_MAX_RESULTS   1000
+
+// Names of configuration clusters
+#define CONFIG_BASE                         "ConfigBase"
+#define CONFIG_AUTHORIZE                    "ConfigAuthorize"
+#define CONFIG_ACCESS_LOG                   "ConfigAccessLog"
+#define CONFIG_ERROR_LOG                    "ConfigErrorLog"
+#define CONFIG_DEBUG_LOG                    "ConfigDebugLog"
+#define CONFIG_SERVER_LOCAL					"ConfigServerLocal"
+
+// Configuration attributes for loggers
+#define LOG_ACCESS_DIR                      "nslogdir"
+#define LOG_ERROR_DIR                       "nslogdir"
+#define LOG_DEBUG_DIR                       "nslogdir"
+#define LOG_ACCESS_BUFFER_SIZE              "nslogbuffersize"
+#define LOG_ACCESS_BUFFER_TIME              "nslogbuffertime"
+#define LOG_ACCESS_ROTATION_TIME            "nslogrotationtime"
+#define LOG_ACCESS_ROTATION_SIZE            "nslogrotationsize"
+#define LOG_ACCESS_MAX_LOGS                 "nslogmaxlogs"
+#define LOG_ERROR_ROTATION_TIME             "nslogrotationtime"
+#define LOG_ERROR_ROTATION_SIZE             "nslogrotationsize"
+#define LOG_ERROR_MAX_LOGS                  "nslogmaxlogs"
+#define LOG_DEBUG_LEVEL                     "nsloglevel"
+#define LOG_DEBUG_FORMAT                    "nslogformat"
+
+// Static constants for logging
+#define LOG_ACCESS_FILENAME                 "access"
+#define LOG_ERROR_FILENAME                  "error"
+#define LOG_DEBUG_FILENAME                  "debug"
+
+// Log level definitions
+
+typedef enum {
+	LOGLEVEL_OFF = 0,
+	LOGLEVEL_SEVERE = 1,
+	LOGLEVEL_WARNING = 2,
+	LOGLEVEL_INFO = 3,
+	LOGLEVEL_CONFIG = 4,
+	LOGLEVEL_FINE = 5,
+	LOGLEVEL_FINER = 6,
+	LOGLEVEL_FINEST = 7,
+	LOGLEVEL_ALL = 100
+} LogLevel;
+
+// Config params
+#define CONFIG_DEFAULT_BUFFER_LEN	2048
+#define BASE_CONFIG_DN              "cn=Netscape Presence Server,cn=Server Group,cn=%s,ou=%s,o=NetscapeRoot"
+
+// COOL Service params
+#define COOL_SERVICE_SERVER_HOST			"CoolServerHost"
+#define COOL_SERVICE_SERVER_PORT			"CoolServerPort"
+#define COOL_SERVICE_LOGIN_NAME				"CoolLoginName"
+#define COOL_SERVICE_LOGIN_PSWD				"CoolLoginPswd"
+
+#define COOL_DEFAULT_SERVER_HOST			"coolkey.fedora.redhat.com"
+#define COOL_DEFAULT_SERVER_PORT			"5190"
+
+// Key to service ID in global config
+#define SERVICE_TYPE                        "service_type"
+
+#define MODULE_IM_SERVICE					"ModuleIMService"
+#define MODULE_DATA_SOURCE					"ModuleDataSource"
+
+#define PROVIDER_BATCH_SIZE_ATTR			"nsbatchsize"
+#define PROVIDER_UPDATE_INTERVAL_ATTR		"nsupdateinterval"
+
+#define THREAD_POOL_TASK_NAME				"ThreadPoolTask"
+
+#endif // __DEFINES_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/ErrorLogger.h b/pki/base/tps/src/include/httpClient/httpc/ErrorLogger.h
new file mode 100644
index 000000000..df2617b06
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ErrorLogger.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __ERROR_LOGGER_H__
+#define __ERROR_LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/Logger.h"
+
+/**
+ * A singleton class for writing to an error log
+ */
+class EXPORT_DECL ErrorLogger : public Logger {
+private:
+	ErrorLogger();
+	virtual ~ErrorLogger();
+
+public:
+    /**
+     * Gets a logger object with parameters obtained from the
+     * configuration manager
+     */
+    static ErrorLogger *GetErrorLogger();
+
+    /**
+     * Writes an error log entry
+     *
+     * @param level SEVERE, WARNING, or INFO
+     * @param errorCode An error code
+     * @param fmt A message to be written to the log
+     * @return 0 on success
+     */
+    int Log( int level,
+             int errorCode,
+             const char *fmt,
+             ... );
+
+    /**
+     * Initializes the object with parameters from the Config Manager
+     *
+     * @param configName The name of the configuration entry to use
+     * @return 0 on success
+     */
+    int Initialize( const char *configName );
+
+protected:
+    /**
+     * Writes the fixed argument part of an error log entry
+     *
+     * @param fp File pointer to write to
+     * @param level SEVERE, WARNING, or INFO
+     * @param errorCode An error code
+     * @return 0 on success
+     */
+    int LogProlog( FILE *fp,
+                   int level,
+                   int errorCode );
+};
+
+#endif // __ERROR_LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Iterator.h b/pki/base/tps/src/include/httpClient/httpc/Iterator.h
new file mode 100644
index 000000000..9b15a93e2
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Iterator.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _ITERATOR_H_
+#define _ITERATOR_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Base class for iterators
+ */
+
+class EXPORT_DECL Iterator {
+public:
+    /**
+     * Returns true if there is at least one more element
+     *
+     * @return true if there is at least one more element
+     */
+    virtual bool HasMore() = 0;
+
+   /**
+     * Returns the next element, if any
+     *
+     * @return The next element, if any, or NULL
+     */
+    virtual void *Next() = 0;
+};
+
+#endif // _ITERATOR_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/LogRotationTask.h b/pki/base/tps/src/include/httpClient/httpc/LogRotationTask.h
new file mode 100644
index 000000000..eed098b6b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/LogRotationTask.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __LOG_ROTATION_TASK_H__
+#define __LOG_ROTATION_TASK_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/ScheduledTask.h"
+
+/**
+ * Log rotation task in Presence Server
+ */
+
+class EXPORT_DECL LogRotationTask: public ScheduledTask {
+public:
+    /**
+     * Constructor - creates an initialized task for log rotation
+     *
+     * @param name Name of task
+     * @param fileName Name of file to rotate
+     * @param startTime Time when the file is to be rotated
+     * @param maxLogs Max logs to keep
+     * @param interval Time between rotations
+     * @param fp File pointer for log file
+     * @param lock Lock for writing to log file
+     */
+    LogRotationTask( const char *name,
+                     const char *fileName,
+                     time_t startTime,
+                     int maxLogs,
+                     int interval,
+                     FILE **fp,
+                     PRLock *lock );
+    /**
+     * Destructor
+     */
+    virtual ~LogRotationTask();
+    /**
+     * Returns a copy of the task
+     *
+     * @return A copy of the task
+     */
+    virtual ScheduledTask *Clone();
+    /**
+     * Executes the task
+     *
+     * @return 0 on successfully starting the task
+     */
+    virtual int Start();
+
+protected:
+    /**
+     * Composes a file name from a base name and a time value
+     *
+     * @param filename The base file name (may be a path)
+     * @param ltime The time value
+     * @param outbuf Returns the composed file name
+     * @return 0 on success
+     */
+    int CreateFilename( const char *filename,
+                        time_t ltime,
+                        char *outbuf );
+    /**
+     * Extracts the folder and base name components of a file path
+     *
+     * @param fileName The full file path to examine
+     * @param dirName A buffer in which to place the folder found
+     * @param baseName A buffer in which to place the base name found
+     */
+    static void GetPathComponents( const char *fileName,
+                                   char *dirName,
+                                   char *baseName );
+
+    /**
+     * Counts the number of files with the same initial path as fileName
+     * (the same folder and the same base pattern)
+     *
+     * @param fileName The file name to compare (including a folder)
+     * @return The number of matching files
+     */
+    static int CountFiles( const char *fileName );
+
+    /**
+     * Purges (deletes) files with the same initial path as fileName
+     * (the same folder and the same base pattern)
+     *
+     * @param fileName The file name to compare (including a folder)
+     * @param maxLogs The number of files to purge to
+     * @return The number of files purged
+     */
+    static int PurgeLogs( const char *fileName, int maxLogs );
+
+    char *m_fileName;
+    int m_maxLogs;
+    FILE **m_fp;
+	PRLock *m_lock;
+};
+
+#endif // __LOG_ROTATION_TASK_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Logger.h b/pki/base/tps/src/include/httpClient/httpc/Logger.h
new file mode 100644
index 000000000..b41d5dfbf
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Logger.h
@@ -0,0 +1,117 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __LOGGER_H__
+#define __LOGGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <time.h>
+
+struct PRLock;
+class LogRotationTask;
+
+/**
+ * A base class for writing to a log
+ */
+class EXPORT_DECL Logger {
+
+protected:
+    /**
+     * Constructor
+     */
+	Logger();
+
+    /**
+     * Destructor
+     */
+	virtual ~Logger();
+
+    /**
+     * Parses a time string in HH:MM format into a time_t for the next
+     * occurrence of the time
+     *
+     * @param timeString A time string in HH:MM format
+     * @return A time_t for the next occurrence of the time, or -1 if the
+     * string is not in a valid format
+     */
+    time_t ParseTime( const char *timeString );
+
+    /**
+     * Creates a time-of-day rotation task
+     *
+     * @param taskName Name of task
+     * @param filename Name of log file
+     * @param rotationTime Time of day to rotate at
+     * @return Rotation task on success
+     */
+    LogRotationTask *CreateRotationTask( const char *taskName,
+                                         const char *filename,
+                                         const char *rotationTime );
+
+public:
+
+    /**
+     * Shut down, flushing any buffers and releasing resources
+     */
+    void Close();
+    /**
+     * Gets the local time of day
+     *
+     * @param now The current local time of day
+     */
+    static void GetLocalTime( struct tm *now );
+
+protected:
+	int m_rotationSize;
+	time_t m_rotationTime;
+	int m_maxLogs;
+	char *m_dir;
+	FILE *m_fp;
+    /**
+     * Lock for writing to the file
+     */
+    PRLock *m_fileLock;
+    /**
+     * Task that rotates a log file
+     */
+    LogRotationTask *m_rotator;
+    /**
+     * True if object has been successfully initialized
+     */
+    bool m_initialized;
+};
+
+#endif // __LOGGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/NSPRerrs.h b/pki/base/tps/src/include/httpClient/httpc/NSPRerrs.h
new file mode 100644
index 000000000..2e131fd7a
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/NSPRerrs.h
@@ -0,0 +1,160 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/* Originally obtained from:
+ * 
+ *     CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+ *     cvs export -r NSS_3_11_3_RTM -N mozilla/security/nss/cmd/lib/NSPRerrs.h
+ */
+
+/* General NSPR 2.0 errors */
+/* Caller must #include "prerror.h" */
+
+ER2( PR_OUT_OF_MEMORY_ERROR, 	"Memory allocation attempt failed." )
+ER2( PR_BAD_DESCRIPTOR_ERROR, 	"Invalid file descriptor." )
+ER2( PR_WOULD_BLOCK_ERROR, 	"The operation would have blocked." )
+ER2( PR_ACCESS_FAULT_ERROR, 	"Invalid memory address argument." )
+ER2( PR_INVALID_METHOD_ERROR, 	"Invalid function for file type." )
+ER2( PR_ILLEGAL_ACCESS_ERROR, 	"Invalid memory address argument." )
+ER2( PR_UNKNOWN_ERROR, 		"Some unknown error has occurred." )
+ER2( PR_PENDING_INTERRUPT_ERROR,"Operation interrupted by another thread." )
+ER2( PR_NOT_IMPLEMENTED_ERROR, 	"function not implemented." )
+ER2( PR_IO_ERROR, 		"I/O function error." )
+ER2( PR_IO_TIMEOUT_ERROR, 	"I/O operation timed out." )
+ER2( PR_IO_PENDING_ERROR, 	"I/O operation on busy file descriptor." )
+ER2( PR_DIRECTORY_OPEN_ERROR, 	"The directory could not be opened." )
+ER2( PR_INVALID_ARGUMENT_ERROR, "Invalid function argument." )
+ER2( PR_ADDRESS_NOT_AVAILABLE_ERROR, "Network address not available (in use?)." )
+ER2( PR_ADDRESS_NOT_SUPPORTED_ERROR, "Network address type not supported." )
+ER2( PR_IS_CONNECTED_ERROR, 	"Already connected." )
+ER2( PR_BAD_ADDRESS_ERROR, 	"Network address is invalid." )
+ER2( PR_ADDRESS_IN_USE_ERROR, 	"Local Network address is in use." )
+ER2( PR_CONNECT_REFUSED_ERROR, 	"Connection refused by peer." )
+ER2( PR_NETWORK_UNREACHABLE_ERROR, "Network address is presently unreachable." )
+ER2( PR_CONNECT_TIMEOUT_ERROR, 	"Connection attempt timed out." )
+ER2( PR_NOT_CONNECTED_ERROR, 	"Network file descriptor is not connected." )
+ER2( PR_LOAD_LIBRARY_ERROR, 	"Failure to load dynamic library." )
+ER2( PR_UNLOAD_LIBRARY_ERROR, 	"Failure to unload dynamic library." )
+ER2( PR_FIND_SYMBOL_ERROR, 	
+"Symbol not found in any of the loaded dynamic libraries." )
+ER2( PR_INSUFFICIENT_RESOURCES_ERROR, "Insufficient system resources." )
+ER2( PR_DIRECTORY_LOOKUP_ERROR, 	
+"A directory lookup on a network address has failed." )
+ER2( PR_TPD_RANGE_ERROR, 		
+"Attempt to access a TPD key that is out of range." )
+ER2( PR_PROC_DESC_TABLE_FULL_ERROR, "Process open FD table is full." )
+ER2( PR_SYS_DESC_TABLE_FULL_ERROR, "System open FD table is full." )
+ER2( PR_NOT_SOCKET_ERROR, 	
+"Network operation attempted on non-network file descriptor." )
+ER2( PR_NOT_TCP_SOCKET_ERROR, 	
+"TCP-specific function attempted on a non-TCP file descriptor." )
+ER2( PR_SOCKET_ADDRESS_IS_BOUND_ERROR, "TCP file descriptor is already bound." )
+ER2( PR_NO_ACCESS_RIGHTS_ERROR, "Access Denied." )
+ER2( PR_OPERATION_NOT_SUPPORTED_ERROR, 
+"The requested operation is not supported by the platform." )
+ER2( PR_PROTOCOL_NOT_SUPPORTED_ERROR, 
+"The host operating system does not support the protocol requested." )
+ER2( PR_REMOTE_FILE_ERROR, 	"Access to the remote file has been severed." )
+ER2( PR_BUFFER_OVERFLOW_ERROR, 	
+"The value requested is too large to be stored in the data buffer provided." )
+ER2( PR_CONNECT_RESET_ERROR, 	"TCP connection reset by peer." )
+ER2( PR_RANGE_ERROR, 		"Unused." )
+ER2( PR_DEADLOCK_ERROR, 	"The operation would have deadlocked." )
+ER2( PR_FILE_IS_LOCKED_ERROR, 	"The file is already locked." )
+ER2( PR_FILE_TOO_BIG_ERROR, 	
+"Write would result in file larger than the system allows." )
+ER2( PR_NO_DEVICE_SPACE_ERROR, 	"The device for storing the file is full." )
+ER2( PR_PIPE_ERROR, 		"Unused." )
+ER2( PR_NO_SEEK_DEVICE_ERROR, 	"Unused." )
+ER2( PR_IS_DIRECTORY_ERROR, 	
+"Cannot perform a normal file operation on a directory." )
+ER2( PR_LOOP_ERROR, 		"Symbolic link loop." )
+ER2( PR_NAME_TOO_LONG_ERROR, 	"File name is too long." )
+ER2( PR_FILE_NOT_FOUND_ERROR, 	"File not found." )
+ER2( PR_NOT_DIRECTORY_ERROR, 	
+"Cannot perform directory operation on a normal file." )
+ER2( PR_READ_ONLY_FILESYSTEM_ERROR, 
+"Cannot write to a read-only file system." )
+ER2( PR_DIRECTORY_NOT_EMPTY_ERROR, 
+"Cannot delete a directory that is not empty." )
+ER2( PR_FILESYSTEM_MOUNTED_ERROR, 
+"Cannot delete or rename a file object while the file system is busy." )
+ER2( PR_NOT_SAME_DEVICE_ERROR, 	
+"Cannot rename a file to a file system on another device." )
+ER2( PR_DIRECTORY_CORRUPTED_ERROR, 
+"The directory object in the file system is corrupted." )
+ER2( PR_FILE_EXISTS_ERROR, 	
+"Cannot create or rename a filename that already exists." )
+ER2( PR_MAX_DIRECTORY_ENTRIES_ERROR, 
+"Directory is full.  No additional filenames may be added." )
+ER2( PR_INVALID_DEVICE_STATE_ERROR, 
+"The required device was in an invalid state." )
+ER2( PR_DEVICE_IS_LOCKED_ERROR, "The device is locked." )
+ER2( PR_NO_MORE_FILES_ERROR, 	"No more entries in the directory." )
+ER2( PR_END_OF_FILE_ERROR, 	"Encountered end of file." )
+ER2( PR_FILE_SEEK_ERROR, 	"Seek error." )
+ER2( PR_FILE_IS_BUSY_ERROR, 	"The file is busy." )
+ER2( PR_IN_PROGRESS_ERROR,
+"Operation is still in progress (probably a non-blocking connect)." )
+ER2( PR_ALREADY_INITIATED_ERROR,
+"Operation has already been initiated (probably a non-blocking connect)." )
+
+#ifdef PR_GROUP_EMPTY_ERROR
+ER2( PR_GROUP_EMPTY_ERROR, 	"The wait group is empty." )
+#endif
+
+#ifdef PR_INVALID_STATE_ERROR
+ER2( PR_INVALID_STATE_ERROR, 	"Object state improper for request." )
+#endif
+
+#ifdef PR_NETWORK_DOWN_ERROR
+ER2( PR_NETWORK_DOWN_ERROR,	"Network is down." )
+#endif
+
+#ifdef PR_SOCKET_SHUTDOWN_ERROR
+ER2( PR_SOCKET_SHUTDOWN_ERROR,	"The socket was previously shut down." )
+#endif
+
+#ifdef PR_CONNECT_ABORTED_ERROR
+ER2( PR_CONNECT_ABORTED_ERROR,	"TCP Connection aborted." )
+#endif
+
+#ifdef PR_HOST_UNREACHABLE_ERROR
+ER2( PR_HOST_UNREACHABLE_ERROR,	"Host is unreachable." )
+#endif
+
+/* always last */
+ER2( PR_MAX_ERROR, 		"Placeholder for the end of the list" )
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddy.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddy.h
new file mode 100644
index 000000000..4d84b8727
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddy.h
@@ -0,0 +1,89 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_H__
+#define __PS_BUDDY_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddy.h	1.000 05/15/2002
+ * 
+ * Interface to store buddy online status attributes
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/15/2002
+ */
+class EXPORT_DECL PSBuddy {
+public:
+	PSBuddy() { };
+	virtual ~PSBuddy() { };
+	/**
+	 * Gets the buddy name 
+	 *
+	 * @return name of the buddy
+	 */
+	virtual const char* GetName() = 0;
+
+	/**
+	 * Gets online status of the buddy
+	 *
+	 * @return true if online, false otherwise
+	 */
+	virtual bool IsOnline() = 0;
+
+	/**
+	 * Gets the value of the specified online status attribute
+	 *
+	 * @param	attribute type
+	 * @param	attribute value upon success
+	 * @return 0 on Success, error code otherwise
+	 */
+	virtual int GetStatus(const char*, char**) = 0;
+
+	/**
+	 * Returns a copy of the buddy
+	 *
+	 * @return A copy of the buddy
+	 */
+	virtual PSBuddy* Clone() = 0;
+};
+
+#endif // __PS_BUDDY_H__
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyCache.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyCache.h
new file mode 100644
index 000000000..3c880074b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyCache.h
@@ -0,0 +1,123 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_CACHE_H__
+#define __PS_BUDDY_CACHE_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyCache.h	1.000 04/30/2002
+ * 
+ * Cache of PSBuddy objects containing online status
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class PSBuddyCache
+{
+public:
+
+	/**
+	 * Constructor - initializes the internal cache
+	 */
+	PSBuddyCache();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~PSBuddyCache();
+
+	/**
+	 * Adds a buddy to the cache. The old entry, if exists, is deleted
+	 * from the cache
+	 *
+	 * @param	name	name of the new buddy
+	 * @param	buddy	object containing onlinestatus attributes
+	 * @return	0 on success
+	 */
+	int AddBuddy(const char* name, PSBuddy* buddy);
+
+	/**
+	 * Removes a buddy from the cache
+	 *
+	 * @param	name	name of the buddy to be removed
+	 * @return	0 on success
+	 */
+	int RemoveBuddy(const char* name);
+
+	/**
+	 * Gets the buddy object
+	 *
+	 * @param	name	name of the new buddy
+	 * @return	object containing onlinestatus attributes, NULL if not found
+	 */
+	PSBuddy* GetBuddy(const char* name);
+
+	/**
+	 * Gets count of buddies in the cache
+	 *
+	 * @return	count of buddies
+	 */
+	int GetBuddyCount();
+
+	/**
+	 * Gets all the screen names  
+	 *
+	 * @param	names	On return, contains array of screen names
+	 * @return	number of screen names
+	 */
+	int GetAllBuddies(char*** names);
+
+	/**
+	 * Acquires a read lock on the cache. Multiple threads may simultaneously
+	 * have a read lock, but attempts to acquire a read lock will block
+	 * if another thread already has a write lock. It is illegal to request
+	 * a read lock if the thread already has one.
+	 */
+	void ReadLock();
+
+	/**
+	 * Releases a read lock that the thread has on the cache
+	 */
+	void Unlock();
+
+private:
+	StringKeyCache* m_buddies;
+};
+
+#endif // __PS_BUDDY_CACHE_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyList.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyList.h
new file mode 100644
index 000000000..49155a8a5
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyList.h
@@ -0,0 +1,373 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_LIST_H__
+#define __PS_BUDDY_LIST_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyList.h	1.000 05/21/2002
+ * 
+ * This class maintains users information which are set for 
+ * online status tracking. The online status of users are updated 
+ * through a PSBuddyListener interface implemented by this class. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSBuddyList : 
+    public PSBuddyListener
+{
+private:
+
+	/**
+	 * Constructor
+	 */
+	PSBuddyList();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~PSBuddyList();
+
+public:
+
+	/**
+	 * Gets an instance of the class
+	 */
+	static PSBuddyList* GetBuddyList();
+
+	public:
+
+	/**
+	 * Save the users maintain by an instance of presence server 
+	 * to a local file in the BLT format
+	 *
+	 * @return 0 on succcess, negative error code otherwise
+	 */
+	int SaveBuddyList();
+
+	/**
+	 * Loads the users into an instance of presence server 
+	 * from a local file
+	 *
+	 * @return 0 on succcess, negative error code otherwise
+	 */
+	int LoadBuddyList();
+
+	/**
+	 * Sets a service provider. We currently support only one service
+	 * provider in a presence server instance.
+	 *
+	 * @return 0 on succcess, negative error code otherwise
+	 */
+	int RegisterService(PSBuddyService* service);
+
+	/** 
+	 * Gets the online status of a user along with the 
+	 * requested additional attributes
+	 * 
+	 * @param     group       group name to which the user belongs 
+	 * @param     name        the screen name of the user to query status for 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, filled with user attributes 
+	 * @return                0 on success, a negative error code on failure 
+	 */ 
+	int GetUserStatus( const char* group, 
+					   const char* name, 
+					   int nAttributes, 
+					   char** attributes, 
+					   PSUser** user );
+
+	/** 
+	 * Gets the online status of multiple users along with the requested
+	 * additional attributes
+	 * 
+	 * @param     group       group name to which the user belongs 
+	 * @param     nUsers      the number of screen names to status query for
+	 * @param     names       the screen names of the users to query status for 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, filled with user attributes 
+	 * @return                0 on success, a negative error code on failure 
+	 */ 
+	int GetMultipleUserStatus( const char* group,
+							   int nUsers,
+							   char** names,
+							   int nAttributes,
+							   char** attributes,
+							   PSUser*** users );
+
+	/** 
+	 * Gets the screen names and attributes of users that match 
+	 * certain search criteria
+	 * 
+	 * @param     group       group name to query from 
+	 * @param     filter      an LDAP-like search expression on 
+	 *						  presence status attributes 
+	 * @param     nAttrbiutes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, an array of users with 
+	 *						  requested attributes 
+	 * @return                number of users returned, or a negative error code 
+	 */ 
+	int GetUsersByFilter( const char* group, 
+						  const char* filter, 
+						  int nAttributes, 
+						  char** attributes, 
+						  PSUser*** users );
+
+	/** 
+	 * Gets the screen names and attributes of users that match certain search
+	 * criteria and sorts the results (currently only by entryId)
+	 * 
+	 * @param     group       group name to query from 
+	 * @param     filter      an LDAP-like search expression on presence status
+	 *                        attributes 
+	 * @param     sortKey     name of attribute to sort on
+	 * @param     sortKeyType 1 for numeric, 2 for string
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the names of the attributes of the user to return 
+	 * @param     user        upon return, an array of users with requested
+	 *                        attributes 
+	 * @return                number of users returned, or a negative error code 
+	 */ 
+	int GetSortedUsersByFilter(	const char* group, 
+								const char* filter, 
+								const char *sortKey, 
+								int sortKeyType, 
+								int nAttributes, 
+								char** attributes, 
+								PSUser*** users	);
+
+	/** 
+	 * Gets the number of users who are online or offline in a group
+	 * 
+	 * @param group Name of group to query; NULL or empty for all groups
+	 * @param bOnline true to return the count of online users, false for offline
+	 * @return Number of users, or a negative error code on failure 
+	 *
+	 * Error Code(s):
+	 * PS_UNKOWN_GROUP 
+	 */ 
+	int GetBuddyCount( const char* group, int bOnline );
+
+	/** 
+	 * Add a new group 
+	 * 
+	 * @param     group       name of the new group 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  attributes the group will support 
+	 * @return                0 on success, a negative error code on failure 
+	 */ 
+	int AddGroup( const char* group, int nAttributes, char** attributes	); 
+
+	/** 
+	 * Adds a user to be tracked. 
+	 * 
+	 * @param     group       name of the group to add the user in 
+	 * @param     name        screen name of the user to track 
+	 * @param     nAttributes number of attributes 
+	 * @param     attributes  the attributes of the users to be stored 
+	 * @return                on success, 0 or an error code 
+	 */
+	int AddUser( const char* group, 
+				 const char* name, 
+				 int nAttributes, 
+				 PSAttribute** attributes );
+
+	/** 
+	 * Adds a number of users to track. 
+	 * 
+	 * @param     group       name of the group to which the users belong 
+	 * @param     nUsers      number of users 
+	 * @param     users       names and attributes of users to track 
+	 * @return                number of users added on success, 
+							  or a negative error code on failure 
+	 */ 
+	int AddUsers( const char* group, 
+				  int nUsers, 
+				  PSUser** users );
+
+	/** 
+	 * Removes a user to be tracked. 
+	 * 
+	 * @param     group       name of the group to which the user belongs 
+	 * @param     name        screen name of the user to be removed 
+	 * @return                0 on success, or a negative error code on failure 
+	 */ 
+	int RemoveUser(	const char* group, const char* name	);
+
+	/** 
+	 * Removes a number of users to be tracked. 
+	 * 
+	 * @param     group       name of the group to which the users belong 
+	 * @param     nUsers      number of users 
+	 * @param     names       screen name of the users to be removed 
+	 * @return                number of users removed on success, 
+	 *						or a negative error code on failure 
+	 */ 
+	int RemoveUsers( const char* group, int nUsers, char** names );
+
+	/** 
+	 * Removes a group. 
+	 * 
+	 * @param     group       name of the group to be removed 
+	 * @return                number of users removed on success, 
+	 *						or a negative error code on failure 
+	 * 
+	 * Error Code(s):
+	 * PS_UNKNOWN_GROUP 
+	 */ 
+	int RemoveGroup(const char* group); 
+
+	/** 
+	 * Gets the list of groups. 
+	 * 
+	 * @param     groups      upon return, array containing group names 
+	 * @return                number of groups or 0 if no group present 
+	 * 
+	 * Error Code(s):
+	 * PS_NO_GROUPS
+	 */ 
+	int GetAllGroups(char*** groups);
+
+	/** 
+	 * Gets the users in a group(s). 
+	 * 
+	 * @param     group       name of the group to query 
+	 * @param     users       upon return, array of User objects 
+	 * @return                number of users returned, 
+	 *						 or a negative error code on failure 
+	 */ 
+	int GetAllUsers( const char* group, PSUser*** users	); 
+
+	/** 
+	 * Gets the attributes supported by a group(s)
+	 * 
+	 * @param     group			name of the group
+	 * @param	  attributes	upon return, array of attributes
+	 * @return					number of users removed on success, 
+	 *							or a negative error code on failure 
+	 */ 
+	int GetSearchableAttributes( const char* group, char*** attributes );
+
+	// PSBuddyListener interface
+	/**
+	 * Callback to notify buddy changes
+	 *
+	 * @param	service	the reporting buddy service
+	 * @param	buddy	buddy object containing online status attributes
+	 * @return			0 on success
+	 */
+	int OnBuddyChanged(PSBuddyService* service, PSBuddy* buddy);
+
+	/**
+	 * Callback to refresh the list of screen names to the buddy queue 
+	 *
+	 * @param	the reporting buddy service
+	 * @return 0 on success
+	 */
+	int OnRefreshList(PSBuddyService* service);
+
+	/** 
+	 * Removes a user from a group based on its entry Id
+	 * 
+	 * @param	group		name of the group
+	 * @param	entryId		user's entry id
+	 * @return	0
+	 */ 
+	int RemoveUserByEntryId(const char* group, char* entryId);
+
+protected:
+
+	/** 
+	 * Gets the max number of search results to return
+	 * 
+	 * @return The max number of search results to return
+	 */ 
+	int GetMaxSearchResults();
+
+private:
+
+	/**
+	 * Parses the LDAP like filter and create a map object containing
+	 * filter in the form of name-value pair
+	 *
+	 * @param	filter	LDAP like filter
+	 * @param	map		array containing break up of filter into name-value pair
+	 * @return 0 on success
+	 */
+	int ParseFilter(const char* filter, PSAttribute*** map);
+
+	/**
+	 * Checks whether a given string is NULL or ""
+	 *
+	 * @param	value	a string to be tested for NULL or ""
+	 * @return  true if NULL, false otherwise
+	 */
+	bool IsNull(const char* value);
+
+	/**
+	 * Prints buddy information
+	 *
+	 * @param	buddy	a buddy object containing online status attributes
+	 * @return 0 on success
+	 */
+	int DumpBuddy(PSBuddy* buddy);
+
+	/**
+	 * Sorts a list of users based on a "entryId"
+	 *
+	 * @param	users	array of users to be sorted
+	 * @param	nUsers	number of users in the array
+	 * @return 0 on success
+	 */
+	int SortUsersByEntryId(PSUser** users, int nUsers);
+
+private:    
+	PSBuddyCache*	m_buddies;
+	PSGroupCache*	m_groups;
+	PSBuddyService*	m_service;
+
+	/* flag indicating if buddy list is loaded from the disk */
+	bool m_loadedList;	
+};
+
+#endif // __PS_BUDDY_LIST_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyListener.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyListener.h
new file mode 100644
index 000000000..87e701373
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyListener.h
@@ -0,0 +1,78 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_LISTENER_H__
+#define __PS_BUDDY_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyListener.h	1.000 05/15/2002
+ * 
+ * A listener interface for getting notifications from a buddy service. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/15/2002
+ */
+class PSBuddyListener :
+	public PSListener
+{
+public:
+
+/**
+ * Notifies the listener of the buddy status changes
+ *
+ * @param	the reporting buddy service
+ * @param	buddy object containing online status attributes
+ * @return 0 on success
+ */
+virtual int OnBuddyChanged(PSBuddyService*, PSBuddy*) = 0;
+
+/**
+ * Notifies the listener of the service to refresh the list 
+ * of screen names to the buddy queue 
+ *
+ * @param	the reporting buddy service
+ * @return 0 on success
+ */
+virtual int OnRefreshList(PSBuddyService*) = 0; 
+
+};
+
+#endif // __PS_BUDDY_LISTENER_H__
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSBuddyService.h b/pki/base/tps/src/include/httpClient/httpc/PSBuddyService.h
new file mode 100644
index 000000000..2556420e9
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSBuddyService.h
@@ -0,0 +1,121 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_BUDDY_SERVICE_H__
+#define __PS_BUDDY_SERVICE_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSBuddyService.h	1.000 05/16/2002
+ * 
+ * A pure virtual class defining Buddy Service interface 
+ * to be implemented by the various IM presence service providers. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/16/2002
+ */
+class EXPORT_DECL PSBuddyService {
+public:
+
+/**
+ * Registers a listener with this class. The listener 
+ * is notified of any changes to the buddies being tracked.
+ *
+ * @param	a buddy service listener
+ * @return 0 on success
+ */
+virtual int RegisterListener(PSListener*) = 0;
+
+/**
+ * An entry point to start the service. This function is responsible
+ * for authentication with the backend service.
+ *
+ * @param	config parameters for the service to start
+ * @return 0 on success
+ */
+virtual int SignOn(PSConfig*) = 0;
+
+/**
+ * Shutdown of the service.
+ *
+ * @return 0 on success
+ */
+virtual int SignOff() = 0;
+
+/**
+ * Sets a user name for online status tracking.
+ *
+ * @param	user name to be tracked
+ * @return 0 on success
+ */
+virtual int WatchBuddy(const char*) = 0;	
+
+/**
+ * Sets a number of users for online status tracking
+ *
+ * @param	number of users to be tracked
+ * @param	array of user names
+ * @return 0 on success
+ */
+virtual int WatchBuddies(int, char**) = 0;
+
+/**
+ * Unsets a user name from online status tracking.
+ *
+ * @param	user name to be tracked
+ * @return 0 on success
+ */
+virtual int UnwatchBuddy(const char*) = 0;
+
+/**
+ * Unsets a number of users from online status tracking
+ *
+ * @param	number of users to be tracked
+ * @param	array of user names
+ * @return 0 on success
+ */
+virtual int UnwatchBuddies(int, char**) = 0;
+
+/**
+ * Gets the service config entry
+ *
+ * @return config object
+ */
+virtual PSConfig* GetServiceConfig() = 0;
+
+};
+
+#endif // __PS_BUDDY_SERVICE_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSCertExtension.h b/pki/base/tps/src/include/httpClient/httpc/PSCertExtension.h
new file mode 100644
index 000000000..f528a54b4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSCertExtension.h
@@ -0,0 +1,153 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_CERT_EXTENSION_H
+#define _PS_CERT_EXTENSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Presence Server cert extension. This extension contains customer 
+ * specific information as per the contract apart from host and port 
+ * used by BIG service provider to send user updates.
+ */
+
+class EXPORT_DECL PSCertExtension {
+public:
+	/**
+	 * Constructor - 
+	 */
+	PSCertExtension();
+
+	/**
+	 * Destructor
+	 */
+	~PSCertExtension();
+
+public:
+	/**
+	 * Loads the extension data from the specified cert. This function 
+	 * will also verify the validity these fields :
+	 *		HOST_NAME		-	should not be NULL or ""
+	 *		PORT_NUMBER		-	> 0 and <= 65535
+	 *		MAX_USERS		-	>= 0
+	 *
+	 * @param	nickname	cert nickname which contains the extension
+	 * return	0 on success, 
+	 *			-1 if nickname is missing from the argument
+	 *			-2 if unable to find the cert
+	 *			-3 if the presence extension is mising
+	 *			-4 if the required values (hostname, port, maxusers) are invalid
+	 *			-5 if the cert is expired
+	 */
+	int Load(const char* nickname);
+
+	/**
+	 * Gets the service version number from the cert ext
+	 *
+	 * return	version number as specified in the cert
+	 */
+	int GetVersion();
+
+	/**
+	 * Gets the street address from the cert
+	 *
+	 * return	street address as specified in the cert ext
+	 */
+	const char* GetStreetAddress();
+
+	/**
+	 * Gets the telephone number from the cert
+	 *
+	 * return	telephone number as specified in the cert ext
+	 */
+	const char* GetTelephoneNumber();
+
+	/**
+	 * Gets the RFC822 name from the cert
+	 *
+	 * return	RFC822 name as specified in the cert ext
+	 */
+	const char* GetRFC822Name();
+
+	/**
+	 * Gets the IM id from the cert
+	 *
+	 * return	IM id as specified in the cert ext
+	 */
+	const char* GetID();
+
+	/**
+	 * Gets the hostname from the cert ext
+	 *
+	 * return	hostname as specified in the cert ext
+	 */
+	const char* GetHostName();
+
+	/**
+	 * Gets the port number from the cert ext
+	 *
+	 * return	port number as specified in the cert ext
+	 */
+	int GetPortNumber();
+
+	/**
+	 * Gets the max users allowed from the cert ext
+	 *
+	 * return	max users as specified in the cert ext
+	 */
+	int GetMaxUsers();
+
+	/**
+	 * Gets the service level from the cert ext
+	 *
+	 * return	service level as specified in the cert ext
+	 */
+	int GetServiceLevel();
+
+private:
+	int	m_version;
+	char* m_streetAddress;
+	char* m_telephoneNumber;
+	char* m_rfc822Name;
+	char* m_id;
+	char* m_hostName;
+	int	m_portNumber;
+	int	m_maxUsers;
+	int	m_serviceLevel;
+};
+
+#endif // _PS_CERT_EXTENSION_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSCommonLib.h b/pki/base/tps/src/include/httpClient/httpc/PSCommonLib.h
new file mode 100644
index 000000000..09903b38f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSCommonLib.h
@@ -0,0 +1,52 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_COMMON_LIB_H_
+#define _PS_COMMON_LIB_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#undef EXPORT_DECL
+#ifdef _MSC_VER
+#ifdef COMMON_LIB_DLL
+#define EXPORT_DECL __declspec( dllexport )
+#else
+#define EXPORT_DECL __declspec (dllimport )
+#endif // COMMON_LIB_DLL
+#else
+#define EXPORT_DECL
+#endif // _MSC_VER
+
+#endif // _PS_COMMON_LIB_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSConfig.h b/pki/base/tps/src/include/httpClient/httpc/PSConfig.h
new file mode 100644
index 000000000..897def3c9
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSConfig.h
@@ -0,0 +1,67 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_CONFIG_H__
+#define __PS_CONFIG_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSConfig.h	1.000 04/30/2002
+ * 
+ * This class provides structure to store and fetch string type data.
+ * Typical usage of this class would be storing server config data.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSConfig {
+public:
+	PSConfig();
+	PSConfig( const char *name );
+	virtual ~PSConfig();
+
+public:
+	void SetAttribute( const char* key, char* value );
+	char* GetAttribute( const char* key );
+	void SetName( const char *name );
+	const char *GetName();
+
+private:
+	PLHashTable* m_entryData;
+	const char *m_name;
+};
+
+#endif // __PS_CONFIG_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSConfigManager.h b/pki/base/tps/src/include/httpClient/httpc/PSConfigManager.h
new file mode 100644
index 000000000..d2f5d3335
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSConfigManager.h
@@ -0,0 +1,66 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_CONFIG_MANAGER_H__
+#define __PS_CONFIG_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSConfigManager.h	1.000 04/30/2002
+ * 
+ * This class is a singleton that provides access to configuration parameters
+ * for the Presence Server.
+ *
+ * @author  rweltman@netscape.com
+ * @version 1.0
+ */
+class EXPORT_DECL PSConfigManager {
+private:
+	PSConfigManager();
+	virtual ~PSConfigManager();
+
+public:
+	static PSConfigManager *GetConfigManager();
+
+public:
+	void SetConfigEntry( PSConfig *entry );
+	PSConfig *GetConfigEntry( const char *name );
+
+private:
+	PLHashTable* m_configEntries;
+};
+
+#endif // __PS_CONFIG_MANAGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSConfigReader.h b/pki/base/tps/src/include/httpClient/httpc/PSConfigReader.h
new file mode 100644
index 000000000..a507a26dc
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSConfigReader.h
@@ -0,0 +1,71 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_CONFIG_READER_H__
+#define __PS_CONFIG_READER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSConfigReader.h	1.000 04/30/2002
+ * 
+ * This class provides access to the server configuration entries. The 
+ * implementation of the config store is hidden from the user. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSConfigReader
+{
+private:
+	PSConfigReader();
+	virtual ~PSConfigReader();
+
+public:
+	static PSConfigReader* GetConfigReader();
+
+public:
+	int GetSubEntries(const char* root, char*** entries);
+	int GetEntryConfig(const char* entry, PSConfig** params);
+
+private:
+	int Init();
+
+private:
+	LDAP* m_LD;
+	char* m_bindPassword;
+};
+
+#endif // __PS_CONFIG_READER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSCrypt.h b/pki/base/tps/src/include/httpClient/httpc/PSCrypt.h
new file mode 100644
index 000000000..bfd05788d
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSCrypt.h
@@ -0,0 +1,79 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PSCRYPT_H__
+#define __PSCRYPT_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ *  Encrypt/Decrypt
+ */
+
+class EXPORT_DECL PSCrypt {
+private:
+    /**
+     * Constructor 
+     */
+    PSCrypt( );
+    /**
+     * Destructor 
+     */
+    virtual ~PSCrypt();
+
+public:
+    /**
+     * Retuns the decrypted string
+     * Assumption: The input string is base64 encoded
+     * Assumption: Caller has to free the returned string using free
+     * @param base64 encoded string to be decrypted
+     * @param decrypted upon return, string in ascii
+	 * @return 0 on success, -1 on failure
+     */
+    static int Decrypt (const char* encrypted, char** decrypted);
+
+    /**
+     * Retuns the encrypted string in base64
+     *
+	 * Assumption: Caller has to free the returned string using free
+     * @param  text to encrypt
+     * @param  encrypted upon return, text in base64
+	 * @return 0 on success, -1 on failure
+     */
+    static int Encrypt(const char* text, char** encrypted);
+};
+
+#endif /* __PSCRYPT_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSDataSourceListener.h b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceListener.h
new file mode 100644
index 000000000..36842904d
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceListener.h
@@ -0,0 +1,106 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_DATA_SOURCE_LISTENER_H__
+#define __PS_DATA_SOURCE_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/PSUser.h"
+
+/**
+ * PSDataSourceListener.h	1.000 04/30/2002
+ * 
+ * A listener class for data source type plugins. The plugins 
+ * notify the data source service manager through the functions 
+ * provided by this interface.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSDataSourceListener :
+	public PSListener
+{
+public:
+
+/**
+ * Notifies the listener of any errors encountered by
+ * the data sources
+ *
+ * @param	sourceId	reporting source ID
+ * @param	errCode		error code
+ * @param	errString	error message
+ * @return 0 on success
+ */
+virtual int OnSourceError( const char* sourceId, 
+						   int errCode, 
+						   const char* errString) = 0;
+
+/**
+ * Notifies the listener of any new group
+ *
+ * @param	group	name of the group
+ * @param	nAttrs	number of attributes
+ * @param	attrs	array of attributes supported by the group
+ * @return 0 on success
+ */
+virtual int OnNewGroup( const char* group, int nAttrs, char** attrs ) = 0;
+
+/**
+ * Notifies the listener of any new users
+ *
+ * @param	group	name of the group
+ * @param	nUsers	number of users
+ * @param	users	array containing user objects
+ * @return 0 on success
+ */
+virtual int OnNewUsers( const char* group, int nUsers, PSUser** users ) = 0;
+
+/**
+ * Notifies the listener of any changes to the user being
+ * watched
+ *
+ * @param	op		operation to be performed ( add/replace/remove)
+ * @param	group	name of the group
+ * @param	user	the user object containing modified attributes
+ * @return 0 on success
+ */
+virtual int OnUserChanged(int op, const char* group, PSUser* user) = 0;
+
+};
+
+#endif	// __PS_DATA_SOURCE_LISTENER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSDataSourceManager.h b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceManager.h
new file mode 100644
index 000000000..1b0662b69
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSDataSourceManager.h
@@ -0,0 +1,152 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_DATA_SOURCE_MANAGER_H__
+#define __PS_DATA_SOURCE_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSDataSourceManager.h	1.000 05/21/2002
+ * 
+ * This class manages presence server data sources plugins. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSDataSourceManager :
+	public PSDataSourceListener
+{
+private:
+
+	/**
+	 * Constructor - creates a data source manager object
+	 */
+	PSDataSourceManager();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~PSDataSourceManager();
+
+public:
+
+	/**
+	 * Gets an instance of this class.
+	 */
+	static PSDataSourceManager* GetDataSourceManager();
+
+public:
+
+	/**
+	 * Registers a listener with this class. Only one listener is 
+	 * allowed to be registered. If an attempt is made to register
+	 * more than one listener, then an error condition is raised.
+	 *
+	 * @param	listener	a server listener
+	 * @return	0 on success, negative error upon failure
+	 */
+	int RegisterListener(PSServerListener* listener);
+
+	/**
+	 * Loads all data source type plugins.
+	 *
+	 * @return	0 for success, negative error code otherwise
+	 */
+	int LoadDataSources();
+
+	/**
+	 * Unloads all data source type plugins.
+	 *
+	 * @return	0 for success, negative error code otherwise
+	 */
+	int UnloadDataSources();
+
+// PSDataSourceListener interface
+public:
+
+	/**
+	 * Callback function to notify the manager upon data source error.
+	 *
+	 * @param	sourceid	id of the source calling 
+	 * @param	errorcode	error code
+	 * @param	errorstring	error string
+	 * @return				0 on success
+	 * 
+	 */
+	int OnSourceError(const char* sourceid, int errorcode, const char* errorstring);
+
+	/**
+	 * Callback function to notify the manager upon new group.
+	 *
+	 * @param     group		name of the new group 
+	 * @param     nAttrs	number of attributes 
+	 * @param     attrs		attributes the group will support 
+	 * @return              0 on success
+	 * 
+	 */
+	int OnNewGroup(const char* group, int nAttrs, char** attrs);
+
+	/**
+	 * Callback function to notify the manager of new users
+	 *
+	 * @param	group	name of the group
+	 * @param	nUsers	number of users
+	 * @param	users	array containing user objects
+	 * @return 0 on success, a negative error code on failure 
+	 */
+	int OnNewUsers(const char* group, int nUsers, PSUser** users); 
+
+	/**
+	 * Callback function to notify the manager of changes to a user.
+	 * The valid operations are :
+	 *		PS_OPERATION_ADD
+	 *		PS_OPERATION_REPLACE
+	 *		PS_OPERATION_DELETE
+	 *
+	 * @param	op		operation to be performed
+	 * @param	group	name of the group
+	 * @param	user	the user object containing modified attributes
+	 * @return 0 on success, a negative error code on failure 
+	 */
+	int OnUserChanged(int op, const char* group, PSUser* user);
+
+private:
+	char* m_dataSourceDN;
+	PSServerListener* m_serverListener;
+	bool m_dataSourcesLoaded;
+};
+
+#endif // __PS_DATA_SOURCE_MANAGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSGroup.h b/pki/base/tps/src/include/httpClient/httpc/PSGroup.h
new file mode 100644
index 000000000..8427c39c3
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSGroup.h
@@ -0,0 +1,97 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_GROUP_H__
+#define __PS_GROUP_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+class PSUser;
+
+/**
+ * PSGroup.h	1.000 04/30/2002
+ * 
+ * This class stores information about the users belonging to a group. 
+ * All the users must belong to at least one group in the server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class PSGroup
+{
+public:
+	PSGroup(const char* name, int nAttributes, char** attributes);
+	virtual ~PSGroup();
+
+public:
+	char* GetName();
+	int GetAttributeCount();
+	char** GetAttributes();
+	int GetAttributes(int offset, char** & attributes);
+
+	int AddUser(PSUser* user);
+	int RemoveUser(const char* name);
+	PSUser* GetUser(const char* name);
+	bool UserExists(const char* name);
+
+	int GetUserCount();
+	int GetAllUsers(int offset, PSUser** & users, int maxcount);
+	int GetAllUsers(int offset, char** & names, int maxcount);
+
+	int UpdateStatus(const char* name, bool changeToOnline);
+	int GetOnlineUsers(char*** names);
+	int GetOfflineUsers(char*** names);
+	int GetOnlineCount();
+	int GetOfflineCount();
+
+	void ReadLock();
+	void Unlock();
+
+private:
+	char* m_name;
+	int m_count;
+	char** m_attributes;
+
+	PRRWLock* m_psOnlineLock;
+	PRRWLock* m_psOfflineLock;
+	StringList* m_psOnlineUsers;
+	StringList* m_psOfflineUsers;
+
+	StringKeyCache* m_users;
+};
+
+#endif // __PS_GROUP_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSGroupCache.h b/pki/base/tps/src/include/httpClient/httpc/PSGroupCache.h
new file mode 100644
index 000000000..6807e50e4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSGroupCache.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_GROUP_CACHE_H__
+#define __PS_GROUP_CACHE_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSGroupCache.h	1.000 04/30/2002
+ * 
+ * This class provides caching of various groups maintained in the 
+ * server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class PSGroupCache
+{
+public:
+	PSGroupCache();
+	virtual ~PSGroupCache();
+
+	int AddGroup(const char* name, PSGroup* group);
+	int RemoveGroup(const char* name);
+	PSGroup* GetGroup(const char* name);
+	bool GroupExists(const char* name);
+	int GetAllGroups(char*** names);
+
+	int GetAttributeCount(int nGroups, char** groups);
+	int GetUserCount(int nGroups, char** groups);
+	int GetOnlineCount(int nGroups, char** groups);
+	int GetOfflineCount(int nGroups, char** groups);
+	
+	void ReadLock();
+	void Unlock();
+
+private:
+	StringKeyCache* m_groups;	
+};
+
+#endif // __PS_GROUP_CACHE_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSHelper.h b/pki/base/tps/src/include/httpClient/httpc/PSHelper.h
new file mode 100644
index 000000000..7b9240b1b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSHelper.h
@@ -0,0 +1,70 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_HELPER_H__
+#define __PS_HELPER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSHelper.h	1.000 04/30/2002
+ * 
+ * A utility class used for logging, utility functions
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+// ??? SSR temporary logging solution
+class EXPORT_DECL PSLogger
+{
+public:
+	PSLogger(int level);
+	virtual ~PSLogger();
+
+public:
+	void Log(int level, char* fmt, ...);
+private:
+	int m_Level;
+};
+
+extern "C" {
+    EXPORT_DECL PSLogger* getServerLogger();
+    EXPORT_DECL void toLower(char* str);
+	EXPORT_DECL void normalize(char* str);
+}
+
+#endif // __PS_HELPER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSListener.h b/pki/base/tps/src/include/httpClient/httpc/PSListener.h
new file mode 100644
index 000000000..1d85a9912
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSListener.h
@@ -0,0 +1,55 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_LISTENER_H__
+#define __PS_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSListener.h	1.000 05/22/2002
+ * 
+ * A Generic base class for all listeners.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/22/2002
+ */
+class EXPORT_DECL PSListener
+{
+};
+
+#endif	// __PS_LISTENER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSPRUtil.h b/pki/base/tps/src/include/httpClient/httpc/PSPRUtil.h
new file mode 100644
index 000000000..f3b104cc0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSPRUtil.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_PRUTIL_H
+#define _PS_PRUTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * NSPR related Utility functions
+ */
+
+// define a stuct to store the mesasge
+struct tuple_str {
+    PRErrorCode  errNum;
+    const char * errString;
+};
+
+typedef struct tuple_str tuple_str;
+
+#define ER2(a,b)   {a, b},
+#define ER3(a,b,c) {a, c},
+
+
+class EXPORT_DECL PSPRUtil {
+
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	PSPRUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~PSPRUtil() {}
+
+public:
+	/**
+ 	 * Returns a string corresponding to an NSPR or NSS error code
+ 	 *
+ 	 * @param errNum Error number from PR_GetError()
+ 	 * @retuns An immutable string, the empty string if the code is not known
+	 */
+	 static const char * GetErrorString (PRErrorCode errCode);
+
+	
+	/**
+ 	 * Returns an error string for the latest NSPR or NSS error
+	 *
+	 * @return An error string, or the empty string if there is no current
+	 * NSPR or NSS error
+	 */
+	static const char * GetErrorString();
+
+
+};
+
+#endif // _PS_PRUTIL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSPlugin.h b/pki/base/tps/src/include/httpClient/httpc/PSPlugin.h
new file mode 100644
index 000000000..f6655591e
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSPlugin.h
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_PLUGIN_H__
+#define __PS_PLUGIN_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSPlugin.h	1.000 04/30/2002
+ * 
+ * Pure virtual class defining the functions to be implemented by 
+ * different types of plugins in the server. The listener object passed
+ * the Init function is used to notify the server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSPlugin {
+public:
+
+/**
+ * Initialize the plugin.
+ *
+ * @param	a listener for this plugin
+ * @return 0 on success
+ */
+virtual int Init(PSListener*) = 0;
+
+/**
+ * Start the plugin.
+ *
+ * @param	config params for the plugin
+ * @return 0 on success
+ */
+virtual int Start(PSConfig*) = 0;
+
+/**
+ * Stops the plugin.
+ *
+ * @return 0 on success
+ */
+virtual int Stop() = 0;
+
+};
+
+#endif	// __PSPLUGIN_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSPluginManager.h b/pki/base/tps/src/include/httpClient/httpc/PSPluginManager.h
new file mode 100644
index 000000000..7ea12829a
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSPluginManager.h
@@ -0,0 +1,102 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_PLUGIN_MANAGER_H__
+#define __PS_PLUGIN_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSPluginManager.h	1.000 05/21/2002
+ * 
+ * This class manages loading and unloading of all server plugin modules. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSPluginManager
+{
+private:
+
+/**
+ * Constructor - creates an instance of Plugin manager object
+ */
+PSPluginManager();
+
+/**
+ * Destructor
+ */
+virtual ~PSPluginManager();
+
+public:
+
+/**
+ * Gets an instance of the class
+ */
+static PSPluginManager* GetPluginManager();
+
+public:
+
+/**
+ * Loads a group of plugins based on the type (dn) specified. If the loading 
+ * is successful the specified listener is registered with the plugin and 
+ * the plugin is started.
+ *
+ * @param dn		root DN of the plugins
+ * @param listener	listener associated with the specified type of plugins
+ * @return 0 on success, negative error code otherwise
+ */
+int LoadPlugin(const char* dn, PSListener* listener);
+
+/**
+ * Unloads a group of plugins based on the type ( dn ) specified. 
+ * This function just issues a Stop on all the loaded plugins. 
+ * It doesn't attempt to release any allocated data structures.
+ *
+ * @param dn	root DN of the plugins
+ * @return		0 for success or error code for failure
+ */
+int UnloadPlugin(const char* dn);
+
+private:
+	StringKeyCache* m_serverPlugins;
+};
+
+#endif // __PS_PLUGIN_MANAGER_H__
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServer.h b/pki/base/tps/src/include/httpClient/httpc/PSServer.h
new file mode 100644
index 000000000..86d2ca326
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServer.h
@@ -0,0 +1,95 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_H__
+#define __PS_SERVER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include <time.h>
+#include <ctype.h>
+
+#include "nspr.h"
+#include "plhash.h"
+#include "plstr.h"
+
+#include "ldap.h"
+
+#define PRESENCESERVER_DLL
+#include "httpClient/httpc/PSServerLib.h"
+#include "httpClient/httpc/PresenceServer.h"
+
+#include "httpClient/httpc/Defines.h"
+#include "httpClient/httpc/PSError.h"
+#include "httpClient/httpc/PSHelper.h"
+#include "httpClient/httpc/PSConfig.h"
+#include "httpClient/httpc/PSConfigReader.h"
+#include "httpClient/httpc/PSConfigManager.h"
+#include "httpClient/httpc/Cache.h"
+#include "httpClient/httpc/StringList.h"
+#include "httpClient/httpc/StringUtil.h"
+#include "httpClient/httpc/ScheduledTask.h"
+#include "httpClient/httpc/PSCrypt.h"
+
+#include "httpClient/httpc/PSListener.h"
+#include "httpClient/httpc/PSBuddy.h"
+#include "httpClient/httpc/PSBuddyService.h"
+#include "httpClient/httpc/PSBuddyListener.h"
+#include "httpClient/httpc/PSServerListener.h"
+#include "httpClient/httpc/PSServiceListener.h"
+#include "httpClient/httpc/PSPluginManager.h"
+#include "httpClient/httpc/PSServiceManager.h"
+#include "httpClient/httpc/PSPlugin.h"
+#include "httpClient/httpc/PSUser.h"
+#include "httpClient/httpc/PSDataSourceListener.h"
+#include "httpClient/httpc/PSDataSourceManager.h"
+#include "httpClient/httpc/PSGroup.h"
+#include "httpClient/httpc/PSGroupCache.h"
+#include "httpClient/httpc/PSBuddyCache.h"
+#include "httpClient/httpc/PSBuddyList.h"
+#include "httpClient/httpc/PresenceManager.h"
+#include "httpClient/httpc/PSServerManager.h"
+
+#include "httpClient/httpc/ErrorLogger.h"
+#include "httpClient/httpc/DebugLogger.h"
+#include "httpClient/httpc/ScheduledTask.h"
+#include "httpClient/httpc/LogRotationTask.h"
+#include "httpClient/httpc/TaskList.h"
+#include "httpClient/httpc/Scheduler.h"
+
+#endif // __PS_SERVER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServerLib.h b/pki/base/tps/src/include/httpClient/httpc/PSServerLib.h
new file mode 100644
index 000000000..079134230
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServerLib.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_LIB_H__
+#define __PS_SERVER_LIB_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServerLib.h	1.000 05/27/2002
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 05/27/2002
+ */
+
+#ifdef _MSC_VER
+	#ifdef PRESENCESERVER_DLL
+		#define EXPORT_DECL __declspec( dllexport )
+	#else
+		#define EXPORT_DECL __declspec (dllimport )
+	#endif // PRESENCESERVER_DLL
+#else
+	#define EXPORT_DECL
+#endif // _MSC_VER
+
+#endif // __PS_SERVER_LIB_H__
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServerListener.h b/pki/base/tps/src/include/httpClient/httpc/PSServerListener.h
new file mode 100644
index 000000000..152fbf58f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServerListener.h
@@ -0,0 +1,85 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_LISTENER_H__
+#define __PS_SERVER_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServerListener.h	1.000 04/30/2002
+ * 
+ * A listener class to report back into the server.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSServerListener :
+	public PSListener
+{
+public:
+
+/**
+ * Callback to report startup of a service.
+ *
+ * @param	reporting module ID
+ * @return 0 on success
+ */
+virtual int OnStartup(const char*) = 0;
+
+/**
+ * Callback to report shutdown of a service.
+ *
+ * @param	reporting module ID
+ * @return 0 on success
+ */
+virtual int OnShutdown(const char*) = 0;
+
+/**
+ * Callback to report any errors encountered during service execution.
+ *
+ * @param	reporting module ID
+ * @param	error code
+ * @param	error message
+ * @return 0 on success
+ */
+virtual int OnCriticalError(const char*, int, const char*) = 0;
+
+};
+
+#endif	// __PS_SERVER_LISTENER_H__
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServerManager.h b/pki/base/tps/src/include/httpClient/httpc/PSServerManager.h
new file mode 100644
index 000000000..6597ad605
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServerManager.h
@@ -0,0 +1,145 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVER_MANAGER_H__
+#define __PS_SERVER_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServerManager.h	1.000 05/21/2002
+ * 
+ * This class manages the server execution. It is responsible for loading
+ * of configurations, starting of services and proper shutdown of services. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/21/2002
+ */
+class PSServerManager :
+	public PSServerListener
+{
+private:
+
+/**
+ * Constructor - creates an instance of server manager object
+ */
+PSServerManager();
+
+/**
+ * Destructor
+ */
+virtual ~PSServerManager();
+
+public:
+
+/**
+ * Gets an instance of this class.
+ */
+static PSServerManager* GetServerManager();
+
+public:
+
+/**
+ * Loads general configuration into the ConfigManager
+ *
+ * @return 0 on success, negative error code otherwise
+ */
+int InitServices();
+
+/**
+ * Starts services after server startup. The presence services are 
+ * started before anything else and if it fails then no attempt is 
+ * made to start other services. 
+ * 
+ * @return		0 on success, negative error code otherwise
+ */
+int StartServices();
+
+/**
+ * Stops services before server shutdown.
+ * 
+ * @return		0 on success, negative error code otherwise
+ */
+int StopServices();
+
+private:
+
+/**
+ * Loads one configuration entry
+ *
+ * @param configdn		The DN of the LDAP entry containing the config
+ * @param configName	The name of the config entry
+ * @param descr			A description of the config entry
+ * @return				0 on success
+ */
+int LoadOneConfig(const char* configdn, const char* configName, const char* descr);
+
+// PSServerListener interface
+public:
+
+/**
+ * Callback to notify server upon a service startup
+ *
+ * @param moduleid	the notifying service id
+ * @return			0 on success
+ */
+int OnStartup(const char* moduleid);
+
+/**
+ * Callback to notify server upon a service shutdown
+ *
+ * @param moduleid	the notifying service id
+ * @return			0 on success
+ */
+int OnShutdown(const char* moduleid);
+
+/**
+ * Callback to notify server upon a critical errors. The server immediately
+ * shuts down upon receipt of any such notification.
+ *
+ * @param moduleid		the notifying service id
+ * @param errorcode		negative error code
+ * @param errorstring	negative error code
+ * @return				0 on success
+ */
+int OnCriticalError(const char* moduleid, int errorcode, const char* errorstring);
+
+private:
+	bool m_loadServiceDone;
+};
+
+#endif // __PS_SERVER_MANAGER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServiceListener.h b/pki/base/tps/src/include/httpClient/httpc/PSServiceListener.h
new file mode 100644
index 000000000..358f0c295
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServiceListener.h
@@ -0,0 +1,87 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVICE_LISTENER_H__
+#define __PS_SERVICE_LISTENER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServiceListener.h	1.000 05/16/2002
+ * 
+ * A listener interface for all the IM services to report back into 
+ * service manager.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/16/2002
+ */
+class EXPORT_DECL PSServiceListener :
+	public PSListener
+{
+public:
+
+/**
+ * Callback to report start of a buddy service.
+ *
+ * @param	reporting module
+ * @return 0 on success
+ */
+virtual int OnServiceStart(PSBuddyService*) = 0;
+
+/**
+ * Callback to report buddy service errors.
+ *
+ * @param	reporting module
+ * @param	error code
+ * @param	error message
+ * @return 0 on success
+ */
+virtual int OnServiceError(PSBuddyService*, int, const char*) = 0;
+
+
+/**
+ * Callback to report shutdown of a buddy service.
+ *
+ * @param	reporting module
+ * @return 0 on success
+ */
+virtual int OnServiceStop(PSBuddyService*) = 0;
+
+};
+
+#endif // __PS_SERVICE_LISTENER_H__
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSServiceManager.h b/pki/base/tps/src/include/httpClient/httpc/PSServiceManager.h
new file mode 100644
index 000000000..1fd755c14
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSServiceManager.h
@@ -0,0 +1,145 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PS_SERVICE_MANAGER_H__
+#define __PS_SERVICE_MANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * PSServiceManager.h	1.000 05/16/2002
+ * 
+ * A Singleton class to manage presence services. Currently we support 
+ * only one service to be loaded.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 05/16/2002
+ */
+class PSServiceManager :
+	public PSServiceListener
+{
+private:
+
+/**
+ * Constructor - creates a service manager object
+ */
+PSServiceManager();
+
+/**
+ * Destructor
+ */
+virtual ~PSServiceManager();
+
+public:
+
+/**
+ * Gets an instance of this class.
+ */
+static PSServiceManager* GetServiceManager();
+
+public:
+
+/**
+ * Registers a listener with this class. Only one listener is 
+ * allowed to be registered. If an attempt is made to register
+ * more than one listener, then an error condition is raised.
+ *
+ * @param	listener	a server listener
+ * @return	0 on success, negative error upon failure
+ */
+int RegisterListener(PSServerListener* listener);
+
+/**
+ * Loads all providers type plugins. 
+ *
+ * @return	0 for success, negative error code otherwise
+ */
+int LoadServices();
+
+/**
+ * Unloads all providers type plugins. 
+ *
+ * @return	0 for success, negative error code otherwise
+ */
+int UnloadServices();
+
+/**
+ * Gets the service currently loaded. Only one service can 
+ * be configured at a time.
+ *
+ * @return	an im service 
+ */
+PSBuddyService* GetService();
+
+// PSServiceListener interface
+public:
+
+/**
+ * Callback function to notify the manager of a service being started.
+ *
+ * @param	service		a buddy service
+ */
+int OnServiceStart(PSBuddyService* service);
+
+/**
+ * Callback function to notify the manager of a service error.
+ *
+ * @param	service		a buddy service
+ * @param	errorcode	a negative error code
+ * @param	errorstring	an error message
+ */
+int OnServiceError(PSBuddyService* service, int errorcode, const char* errorstring);
+
+/**
+ * Callback function to notify the manager of a service being stopped.
+ *
+ * @param	service		a buddy service
+ */
+int OnServiceStop(PSBuddyService* service);
+
+private:
+	char* m_serviceDN;
+	PSServerListener* m_serverListener;
+	PSBuddyService* m_service;
+
+	bool m_servicesLoaded;
+};
+
+#endif // __PS_SERVICE_MANAGER_H__
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSUser.h b/pki/base/tps/src/include/httpClient/httpc/PSUser.h
new file mode 100644
index 000000000..a66c4e32f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSUser.h
@@ -0,0 +1,164 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PSUSER_H__
+#define __PSUSER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "PresenceServer.h"
+
+/**
+ * PSUser.h	1.000 04/30/2002
+ * 
+ * This class represents one attribute of a user.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSAttribute
+{
+public:
+
+/**
+ * Construts a new PSAttribute object.
+ *
+ * @param	name	name of the attribute
+ * @param	value	value of the attribute
+ */
+PSAttribute(const char* name, const char* value);
+
+/**
+ * Destructor
+ */
+virtual ~PSAttribute();
+
+/**
+ * Gets the name of the attribute.
+ *
+ * @return	name of the attribute
+ */
+char* GetName();
+
+/**
+ * Gets the value of the specified attribute.
+ *
+ * @return	value of the attribute
+ */
+char* GetValue();
+
+private:
+	char* m_name;
+	char* m_value;
+};
+
+/**
+ * PSUser.h	1.000 04/30/2002
+ * 
+ * This class represents information about a single user. 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PSUser
+{
+public:
+
+/**
+ * Construts a new PSUser object with just one attribute.
+ *
+ * @param	name		name of the user
+ * @param	attribute	a user attribute
+ */
+PSUser(const char* name, PSAttribute* attribute);
+
+/**
+ * Construts a new PSUser object with number of attributes.
+ *
+ * @param	name		name of the user
+ * @param	nAttributes	number of attributes
+ * @param	attribute	array containing user attributes
+ */
+PSUser(const char* name, int nAttributes, PSAttribute** attributes);
+
+/**
+ * Destructor
+ */
+virtual ~PSUser();
+
+/**
+ * Gets the name of the user.
+ *
+ * @return	user name
+ */
+char* GetName();
+
+/**
+ * Get the count of user attributes.
+ *
+ * @return	count of user attributes
+ */
+int GetCount();
+
+/**
+ * Gets a list of attribute objects for the user.
+ *
+ * @return	array of attribute objects
+ */
+PSAttribute** GetAttributes();
+
+/**
+ * Gets the user attribute based on the specified attribute name.
+ *
+ * @return	user attribute object on success, NULL otherwise
+ */
+PSAttribute* Lookup(char* key);
+
+/**
+ * Creates a new copy of the current user object.
+ *
+ * @return	new user object
+ */
+void Clone(PSUser** user);
+
+private:
+	char* m_name;
+	int m_attrCount;
+	PSAttribute** m_attributes;
+};
+
+#endif
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PSWaspLib.h b/pki/base/tps/src/include/httpClient/httpc/PSWaspLib.h
new file mode 100644
index 000000000..8fdea6bcc
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PSWaspLib.h
@@ -0,0 +1,55 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _PS_WASP_LIB_H_
+#define _PS_WASP_LIB_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef _MSC_VER
+#undef EXPORT_DECL
+#ifdef WASP_LIB_DLL
+#define EXPORT_DECL __declspec( dllexport )
+#else
+#define EXPORT_DECL __declspec (dllimport )
+#endif // EXPORT_LIB_DLL
+#else
+#define EXPORT_DECL
+#endif // _MSC_VER
+
+// Key to hostname in WASP CallContext
+#define CONTEXT_HOSTNAME_TOKEN "Hostname"
+
+#endif // _PS_WASP_LIB_H_
diff --git a/pki/base/tps/src/include/httpClient/httpc/Pool.h b/pki/base/tps/src/include/httpClient/httpc/Pool.h
new file mode 100644
index 000000000..074b36b3b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Pool.h
@@ -0,0 +1,149 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __POOL_H__
+#define __POOL_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#define AUTOTOOLS_CONFIG_H
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Utility classes for object pools
+ *
+ * @author  rweltman@netscape.com
+ * @version 1.0
+ */
+
+class PoolNode;
+class Pool;
+
+typedef int (*PoolEnumerator)(PoolNode *node);
+
+/**
+ * A node in a pool
+ */
+class EXPORT_DECL PoolNode {
+    friend class Pool;
+public:
+    /**
+     * Constructor
+     *
+     * @param data The real data of the node
+     */
+    PoolNode( void *data );
+    /**
+     * Destructor
+     */
+    virtual ~PoolNode();
+    /**
+     * Returns the real data of the node
+     *
+     * @return The real data of the node
+     */
+    void *GetData();
+    /**
+     * Returns the next entry in the list
+     *
+     * @return The next entry in the list
+     */
+    PoolNode *GetNext();
+    /**
+     * Returns the previous entry in the list
+     *
+     * @return The previous entry in the list
+     */
+    PoolNode *GetPrev();
+private:
+    void *m_data;
+    PoolNode *m_next;
+    PoolNode *m_prev;
+};
+
+/**
+ * A generic object pool
+ */
+class EXPORT_DECL Pool {
+public:
+    /**
+     * Constructor - creates a pool with an internal list of nodes
+     *
+     * @param name Name of pool
+     * @param poolSize Max number of nodes kept
+     * @param enumerator Optional enumerator to be called on destruction
+     */
+    Pool( const char *name, int poolSize, PoolEnumerator enumerator = NULL );
+    /**
+     * Destructor - Empties the pool
+     */
+    virtual ~Pool();
+    /**
+     * Appends an entry to the end of the internal list
+     *
+     * @param node An entry to add
+     * @return The added entry
+     */
+    PoolNode *Append( PoolNode *node );
+    /**
+     * Retrieves the head of the internal list and removes it
+     *
+     * @return The head of the internal list
+     */
+    PoolNode *RemoveHead();
+    /**
+     * Returns true if the pool is empty
+     *
+     * @return true if the pool is empty
+     */
+    bool IsEmpty();
+
+    /**
+     * Returns the number of entries in the pool
+     *
+     * @return The number of entries in the pool
+     */
+    int GetCount();
+
+protected:
+private:
+    PoolNode *m_list;
+    char *m_name;
+    int m_maxNodes;
+    int m_count;
+    PoolEnumerator m_enumerator;
+	PRRWLock *m_lock;
+	PRLock *m_conditionLock;
+    PRCondVar *m_condition;
+};
+
+#endif // __POOL_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PresenceManager.h b/pki/base/tps/src/include/httpClient/httpc/PresenceManager.h
new file mode 100644
index 000000000..f7f4f753f
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PresenceManager.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PRESENCEMANAGER_H__
+#define __PRESENCEMANAGER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#define AUTOTOOLS_CONFIG_H
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/PSUser.h"
+
+/**
+ * PresenceManager.h	1.000 04/30/2002
+ * 
+ * Wrapper class around the core buddylist management API. 
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+class EXPORT_DECL PresenceManager {
+public:
+    PresenceManager();
+    virtual ~PresenceManager();
+
+	int GetUserStatus(const char* group, const char* name, int nAttributes, char** attributes, PSUser** user);
+	int GetMultipleUserStatus(const char* group,
+							  int nUsers,
+							  char** names,
+							  int nAttributes,
+							  char** attributes,
+							  PSUser*** users);
+	int GetUsersByFilter(const char* group, const char* filter, int nAttributes, char** attributes, PSUser*** users);
+	int GetSortedUsersByFilter(const char* group, const char* filter,
+							   const char *sortKey, int sortKeyType,
+							   int nAttributes, char** attributes, PSUser*** users);
+    /** 
+     * Gets the number of users who are online or offline in a group
+     * 
+     * @param group Name of group to query; NULL or empty for all groups
+     * @param bOnline true to return the count of online users, false for
+     * offline
+     * @return Number of users, or a negative error code on failure 
+     *
+     * Error Code(s):
+     * PS_UNKOWN_GROUP 
+     */ 
+    int GetUserCount( const char* group, int bOnline );
+	int AddGroup(const char* group, int nAttributes, char** attributes); 
+	int AddUser(const char* group, const char* name, int nAttributes, PSAttribute** attributes);
+	int AddUsers(const char* group, int nUsers, PSUser** users);
+	int RemoveUser(const char* group, const char* name);
+	int RemoveUsers(const char* group, int nUsers, char** names);
+	int RemoveGroup(const char* group); 
+	int GetAllGroups(char*** groups);
+	int GetAllUsers(const char* group, PSUser*** users); 
+	int GetSearchableAttributes(const char* group, char*** attributes);
+
+private:    
+};
+
+#endif // __PRESENCEMANAGER_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/PresenceServer.h b/pki/base/tps/src/include/httpClient/httpc/PresenceServer.h
new file mode 100644
index 000000000..1a9b259e9
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PresenceServer.h
@@ -0,0 +1,60 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PRESENCE_SERVER_H__
+#define __PRESENCE_SERVER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/PSServerLib.h"
+
+/**
+ * PresenceServer.h	1.000 04/30/2002
+ * 
+ * Starts and stops presence services
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+
+extern "C" {
+EXPORT_DECL int  presence_main( int argc, char* argv[] );
+EXPORT_DECL void presence_exit();
+}
+
+#endif	// __PRESENCE_SERVER_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/PresenceServerImpl.h b/pki/base/tps/src/include/httpClient/httpc/PresenceServerImpl.h
new file mode 100644
index 000000000..8c07b9140
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/PresenceServerImpl.h
@@ -0,0 +1,111 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __PRESENCE_SERVER_IMPL_H__
+#define __PRESENCE_SERVER_IMPL_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+class PSUser;
+
+/**
+ * PresenceServerImpl.h	1.000 04/30/2002
+ * 
+ * Interface for WASP implementation of presence service
+ *
+ * @author  Rob Weltman
+ * @author  Surendra Rajam
+ * @version 1.000, 04/30/2002
+ */
+
+class EXPORT_DECL PresenceServerImpl:public PresenceServiceImpl {
+public:
+    PresenceServerImpl() {}
+    virtual ~PresenceServerImpl() {}
+    virtual int getAllGroups (ArrayOfstring *& groups);
+    virtual int getAllUsers (WASP_String * group, ArrayOfstring *& users);
+    virtual int removeGroup (WASP_String * group);
+    virtual int getUsersByFilter (WASP_String * group, WASP_String * filter, int nAttributes, ArrayOfstring * attributes, ArrayOfPresenceUser *& users);
+    virtual int getMultipleUserStatus (WASP_String * group,
+									   int nUsers,
+									   ArrayOfstring * names,
+									   int nAttributes,
+									   ArrayOfstring * attributes,
+									   ArrayOfPresenceUser *& users);
+    virtual int removeUser (WASP_String * group, WASP_String * name);
+    virtual int getUserStatus (WASP_String * group, WASP_String * name, int nAttributes, ArrayOfstring * attributes, PresenceUser *& user);
+    /** 
+     * Gets the number of users who are online or offline in a group
+     * 
+     * @param group Name of group to query; NULL or empty for all groups
+     * @param bOnline true to return the count of online users, false for offline
+     * @return Number of users, or a negative error code on failure 
+     *
+     * Error Code(s):
+     * PS_UNKOWN_GROUP 
+     */ 
+    virtual int getUserCount( WASP_String* group, int bOnline );
+    virtual int addUsers (WASP_String * group, int nUsers, ArrayOfPresenceUser * users);
+    virtual int addGroup (WASP_String * group, int nAttributes, ArrayOfstring * attributes);
+    virtual int getSearchableAttributes (WASP_String * group, ArrayOfstring *& attributes);
+    virtual int addUser (WASP_String * group, WASP_String * name, int nAttributes, ArrayOfUserAttribute * attributes);
+    virtual int getSortedUsersByFilter (WASP_String * group,
+										WASP_String * filter,
+										WASP_String * sortKey,
+										int sortKeyType,
+										int nAttributes,
+										ArrayOfstring * attributes,
+										ArrayOfPresenceUser *& users);
+    virtual int removeUsers (WASP_String * group, int nUsers, ArrayOfstring * names);
+protected:
+    void doLog(const char *func, int status);
+    static int parseUsers(int nUsers, PSUser** tusers,
+                          ArrayOfPresenceUser*& users);
+    /**
+     * Decodes an array of Unicode strings from a WASP string array object;
+     * the result should be freed by deleting the individual strings as well as
+     * the array itself; nStrings is set to 0 if wStrings is NULL
+     *
+     * @param attributes WASP string array object to convert
+     * @param nAttributes Number of strings to process
+     * @return Array of strings
+     */
+    char **DecodeStringArrayObject( ArrayOfstring* wStrings,
+                                    int& nStrings );
+};
+
+#endif // __PRESENCE_SERVER_IMPL_H__
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SECerrs.h b/pki/base/tps/src/include/httpClient/httpc/SECerrs.h
new file mode 100644
index 000000000..d7495ff28
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SECerrs.h
@@ -0,0 +1,522 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/* Originally obtained from:
+ * 
+ *     CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+ *     cvs export -r NSS_3_11_3_RTM -N mozilla/security/nss/cmd/lib/SECerrs.h
+ */
+
+/* General security error codes  */
+/* Caller must #include "secerr.h" */
+
+ER3(SEC_ERROR_IO,				SEC_ERROR_BASE + 0,
+"An I/O error occurred during security authorization.")
+
+ER3(SEC_ERROR_LIBRARY_FAILURE,			SEC_ERROR_BASE + 1,
+"security library failure.")
+
+ER3(SEC_ERROR_BAD_DATA,				SEC_ERROR_BASE + 2,
+"security library: received bad data.")
+
+ER3(SEC_ERROR_OUTPUT_LEN,			SEC_ERROR_BASE + 3,
+"security library: output length error.")
+
+ER3(SEC_ERROR_INPUT_LEN,			SEC_ERROR_BASE + 4,
+"security library has experienced an input length error.")
+
+ER3(SEC_ERROR_INVALID_ARGS,			SEC_ERROR_BASE + 5,
+"security library: invalid arguments.")
+
+ER3(SEC_ERROR_INVALID_ALGORITHM,		SEC_ERROR_BASE + 6,
+"security library: invalid algorithm.")
+
+ER3(SEC_ERROR_INVALID_AVA,			SEC_ERROR_BASE + 7,
+"security library: invalid AVA.")
+
+ER3(SEC_ERROR_INVALID_TIME,			SEC_ERROR_BASE + 8,
+"Improperly formatted time string.")
+
+ER3(SEC_ERROR_BAD_DER,				SEC_ERROR_BASE + 9,
+"security library: improperly formatted DER-encoded message.")
+
+ER3(SEC_ERROR_BAD_SIGNATURE,			SEC_ERROR_BASE + 10,
+"Peer's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_EXPIRED_CERTIFICATE,		SEC_ERROR_BASE + 11,
+"Peer's Certificate has expired.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE,		SEC_ERROR_BASE + 12,
+"Peer's Certificate has been revoked.")
+
+ER3(SEC_ERROR_UNKNOWN_ISSUER,			SEC_ERROR_BASE + 13,
+"Peer's Certificate issuer is not recognized.")
+
+ER3(SEC_ERROR_BAD_KEY,				SEC_ERROR_BASE + 14,
+"Peer's public key is invalid.")
+
+ER3(SEC_ERROR_BAD_PASSWORD,			SEC_ERROR_BASE + 15,
+"The security password entered is incorrect.")
+
+ER3(SEC_ERROR_RETRY_PASSWORD,			SEC_ERROR_BASE + 16,
+"New password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_NO_NODELOCK,			SEC_ERROR_BASE + 17,
+"security library: no nodelock.")
+
+ER3(SEC_ERROR_BAD_DATABASE,			SEC_ERROR_BASE + 18,
+"security library: bad database.")
+
+ER3(SEC_ERROR_NO_MEMORY,			SEC_ERROR_BASE + 19,
+"security library: memory allocation failure.")
+
+ER3(SEC_ERROR_UNTRUSTED_ISSUER,			SEC_ERROR_BASE + 20,
+"Peer's certificate issuer has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_UNTRUSTED_CERT,			SEC_ERROR_BASE + 21,
+"Peer's certificate has been marked as not trusted by the user.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT,			(SEC_ERROR_BASE + 22),
+"Certificate already exists in your database.")
+
+ER3(SEC_ERROR_DUPLICATE_CERT_NAME,		(SEC_ERROR_BASE + 23),
+"Downloaded certificate's name duplicates one already in your database.")
+
+ER3(SEC_ERROR_ADDING_CERT,			(SEC_ERROR_BASE + 24),
+"Error adding certificate to database.")
+
+ER3(SEC_ERROR_FILING_KEY,			(SEC_ERROR_BASE + 25),
+"Error refiling the key for this certificate.")
+
+ER3(SEC_ERROR_NO_KEY,				(SEC_ERROR_BASE + 26),
+"The private key for this certificate cannot be found in key database")
+
+ER3(SEC_ERROR_CERT_VALID,			(SEC_ERROR_BASE + 27),
+"This certificate is valid.")
+
+ER3(SEC_ERROR_CERT_NOT_VALID,			(SEC_ERROR_BASE + 28),
+"This certificate is not valid.")
+
+ER3(SEC_ERROR_CERT_NO_RESPONSE,			(SEC_ERROR_BASE + 29),
+"Cert Library: No Response")
+
+ER3(SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE,	(SEC_ERROR_BASE + 30),
+"The certificate issuer's certificate has expired.  Check your system date and time.")
+
+ER3(SEC_ERROR_CRL_EXPIRED,			(SEC_ERROR_BASE + 31),
+"The CRL for the certificate's issuer has expired.  Update it or check your system data and time.")
+
+ER3(SEC_ERROR_CRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 32),
+"The CRL for the certificate's issuer has an invalid signature.")
+
+ER3(SEC_ERROR_CRL_INVALID,			(SEC_ERROR_BASE + 33),
+"New CRL has an invalid format.")
+
+ER3(SEC_ERROR_EXTENSION_VALUE_INVALID,		(SEC_ERROR_BASE + 34),
+"Certificate extension value is invalid.")
+
+ER3(SEC_ERROR_EXTENSION_NOT_FOUND,		(SEC_ERROR_BASE + 35),
+"Certificate extension not found.")
+
+ER3(SEC_ERROR_CA_CERT_INVALID,			(SEC_ERROR_BASE + 36),
+"Issuer certificate is invalid.")
+   
+ER3(SEC_ERROR_PATH_LEN_CONSTRAINT_INVALID,	(SEC_ERROR_BASE + 37),
+"Certificate path length constraint is invalid.")
+
+ER3(SEC_ERROR_CERT_USAGES_INVALID,		(SEC_ERROR_BASE + 38),
+"Certificate usages field is invalid.")
+
+ER3(SEC_INTERNAL_ONLY,				(SEC_ERROR_BASE + 39),
+"**Internal ONLY module**")
+
+ER3(SEC_ERROR_INVALID_KEY,			(SEC_ERROR_BASE + 40),
+"The key does not support the requested operation.")
+
+ER3(SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION,	(SEC_ERROR_BASE + 41),
+"Certificate contains unknown critical extension.")
+
+ER3(SEC_ERROR_OLD_CRL,				(SEC_ERROR_BASE + 42),
+"New CRL is not later than the current one.")
+
+ER3(SEC_ERROR_NO_EMAIL_CERT,			(SEC_ERROR_BASE + 43),
+"Not encrypted or signed: you do not yet have an email certificate.")
+
+ER3(SEC_ERROR_NO_RECIPIENT_CERTS_QUERY,		(SEC_ERROR_BASE + 44),
+"Not encrypted: you do not have certificates for each of the recipients.")
+
+ER3(SEC_ERROR_NOT_A_RECIPIENT,			(SEC_ERROR_BASE + 45),
+"Cannot decrypt: you are not a recipient, or matching certificate and \
+private key not found.")
+
+ER3(SEC_ERROR_PKCS7_KEYALG_MISMATCH,		(SEC_ERROR_BASE + 46),
+"Cannot decrypt: key encryption algorithm does not match your certificate.")
+
+ER3(SEC_ERROR_PKCS7_BAD_SIGNATURE,		(SEC_ERROR_BASE + 47),
+"Signature verification failed: no signer found, too many signers found, \
+or improper or corrupted data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_KEYALG,		(SEC_ERROR_BASE + 48),
+"Unsupported or unknown key algorithm.")
+
+ER3(SEC_ERROR_DECRYPTION_DISALLOWED,		(SEC_ERROR_BASE + 49),
+"Cannot decrypt: encrypted using a disallowed algorithm or key size.")
+
+
+/* Fortezza Alerts */
+ER3(XP_SEC_FORTEZZA_BAD_CARD,			(SEC_ERROR_BASE + 50),
+"Fortezza card has not been properly initialized.  \
+Please remove it and return it to your issuer.")
+
+ER3(XP_SEC_FORTEZZA_NO_CARD,			(SEC_ERROR_BASE + 51),
+"No Fortezza cards Found")
+
+ER3(XP_SEC_FORTEZZA_NONE_SELECTED,		(SEC_ERROR_BASE + 52),
+"No Fortezza card selected")
+
+ER3(XP_SEC_FORTEZZA_MORE_INFO,			(SEC_ERROR_BASE + 53),
+"Please select a personality to get more info on")
+
+ER3(XP_SEC_FORTEZZA_PERSON_NOT_FOUND,		(SEC_ERROR_BASE + 54),
+"Personality not found")
+
+ER3(XP_SEC_FORTEZZA_NO_MORE_INFO,		(SEC_ERROR_BASE + 55),
+"No more information on that Personality")
+
+ER3(XP_SEC_FORTEZZA_BAD_PIN,			(SEC_ERROR_BASE + 56),
+"Invalid Pin")
+
+ER3(XP_SEC_FORTEZZA_PERSON_ERROR,		(SEC_ERROR_BASE + 57),
+"Couldn't initialize Fortezza personalities.")
+/* end fortezza alerts. */
+
+ER3(SEC_ERROR_NO_KRL,				(SEC_ERROR_BASE + 58),
+"No KRL for this site's certificate has been found.")
+
+ER3(SEC_ERROR_KRL_EXPIRED,			(SEC_ERROR_BASE + 59),
+"The KRL for this site's certificate has expired.")
+
+ER3(SEC_ERROR_KRL_BAD_SIGNATURE,		(SEC_ERROR_BASE + 60),
+"The KRL for this site's certificate has an invalid signature.")
+
+ER3(SEC_ERROR_REVOKED_KEY,			(SEC_ERROR_BASE + 61),
+"The key for this site's certificate has been revoked.")
+
+ER3(SEC_ERROR_KRL_INVALID,			(SEC_ERROR_BASE + 62),
+"New KRL has an invalid format.")
+
+ER3(SEC_ERROR_NEED_RANDOM,			(SEC_ERROR_BASE + 63),
+"security library: need random data.")
+
+ER3(SEC_ERROR_NO_MODULE,			(SEC_ERROR_BASE + 64),
+"security library: no security module can perform the requested operation.")
+
+ER3(SEC_ERROR_NO_TOKEN,				(SEC_ERROR_BASE + 65),
+"The security card or token does not exist, needs to be initialized, or has been removed.")
+
+ER3(SEC_ERROR_READ_ONLY,			(SEC_ERROR_BASE + 66),
+"security library: read-only database.")
+
+ER3(SEC_ERROR_NO_SLOT_SELECTED,			(SEC_ERROR_BASE + 67),
+"No slot or token was selected.")
+
+ER3(SEC_ERROR_CERT_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 68),
+"A certificate with the same nickname already exists.")
+
+ER3(SEC_ERROR_KEY_NICKNAME_COLLISION,		(SEC_ERROR_BASE + 69),
+"A key with the same nickname already exists.")
+
+ER3(SEC_ERROR_SAFE_NOT_CREATED,			(SEC_ERROR_BASE + 70),
+"error while creating safe object")
+
+ER3(SEC_ERROR_BAGGAGE_NOT_CREATED,		(SEC_ERROR_BASE + 71),
+"error while creating baggage object")
+
+ER3(XP_JAVA_REMOVE_PRINCIPAL_ERROR,		(SEC_ERROR_BASE + 72),
+"Couldn't remove the principal")
+
+ER3(XP_JAVA_DELETE_PRIVILEGE_ERROR,		(SEC_ERROR_BASE + 73),
+"Couldn't delete the privilege")
+
+ER3(XP_JAVA_CERT_NOT_EXISTS_ERROR,		(SEC_ERROR_BASE + 74),
+"This principal doesn't have a certificate")
+
+ER3(SEC_ERROR_BAD_EXPORT_ALGORITHM,		(SEC_ERROR_BASE + 75),
+"Required algorithm is not allowed.")
+
+ER3(SEC_ERROR_EXPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 76),
+"Error attempting to export certificates.")
+
+ER3(SEC_ERROR_IMPORTING_CERTIFICATES,		(SEC_ERROR_BASE + 77),
+"Error attempting to import certificates.")
+
+ER3(SEC_ERROR_PKCS12_DECODING_PFX,		(SEC_ERROR_BASE + 78),
+"Unable to import.  Decoding error.  File not valid.")
+
+ER3(SEC_ERROR_PKCS12_INVALID_MAC,		(SEC_ERROR_BASE + 79),
+"Unable to import.  Invalid MAC.  Incorrect password or corrupt file.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_MAC_ALGORITHM,	(SEC_ERROR_BASE + 80),
+"Unable to import.  MAC algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_TRANSPORT_MODE,(SEC_ERROR_BASE + 81),
+"Unable to import.  Only password integrity and privacy modes supported.")
+
+ER3(SEC_ERROR_PKCS12_CORRUPT_PFX_STRUCTURE,	(SEC_ERROR_BASE + 82),
+"Unable to import.  File structure is corrupt.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_PBE_ALGORITHM, (SEC_ERROR_BASE + 83),
+"Unable to import.  Encryption algorithm not supported.")
+
+ER3(SEC_ERROR_PKCS12_UNSUPPORTED_VERSION,	(SEC_ERROR_BASE + 84),
+"Unable to import.  File version not supported.")
+
+ER3(SEC_ERROR_PKCS12_PRIVACY_PASSWORD_INCORRECT,(SEC_ERROR_BASE + 85),
+"Unable to import.  Incorrect privacy password.")
+
+ER3(SEC_ERROR_PKCS12_CERT_COLLISION,		(SEC_ERROR_BASE + 86),
+"Unable to import.  Same nickname already exists in database.")
+
+ER3(SEC_ERROR_USER_CANCELLED,			(SEC_ERROR_BASE + 87),
+"The user pressed cancel.")
+
+ER3(SEC_ERROR_PKCS12_DUPLICATE_DATA,		(SEC_ERROR_BASE + 88),
+"Not imported, already in database.")
+
+ER3(SEC_ERROR_MESSAGE_SEND_ABORTED,		(SEC_ERROR_BASE + 89),
+"Message not sent.")
+
+ER3(SEC_ERROR_INADEQUATE_KEY_USAGE,		(SEC_ERROR_BASE + 90),
+"Certificate key usage inadequate for attempted operation.")
+
+ER3(SEC_ERROR_INADEQUATE_CERT_TYPE,		(SEC_ERROR_BASE + 91),
+"Certificate type not approved for application.")
+
+ER3(SEC_ERROR_CERT_ADDR_MISMATCH,		(SEC_ERROR_BASE + 92),
+"Address in signing certificate does not match address in message headers.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_IMPORT_KEY,	(SEC_ERROR_BASE + 93),
+"Unable to import.  Error attempting to import private key.")
+
+ER3(SEC_ERROR_PKCS12_IMPORTING_CERT_CHAIN,	(SEC_ERROR_BASE + 94),
+"Unable to import.  Error attempting to import certificate chain.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_LOCATE_OBJECT_BY_NAME, (SEC_ERROR_BASE + 95),
+"Unable to export.  Unable to locate certificate or key by nickname.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_EXPORT_KEY,	(SEC_ERROR_BASE + 96),
+"Unable to export.  Private Key could not be located and exported.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_WRITE, 		(SEC_ERROR_BASE + 97),
+"Unable to export.  Unable to write the export file.")
+
+ER3(SEC_ERROR_PKCS12_UNABLE_TO_READ,		(SEC_ERROR_BASE + 98),
+"Unable to import.  Unable to read the import file.")
+
+ER3(SEC_ERROR_PKCS12_KEY_DATABASE_NOT_INITIALIZED, (SEC_ERROR_BASE + 99),
+"Unable to export.  Key database corrupt or deleted.")
+
+ER3(SEC_ERROR_KEYGEN_FAIL,			(SEC_ERROR_BASE + 100),
+"Unable to generate public/private key pair.")
+
+ER3(SEC_ERROR_INVALID_PASSWORD,			(SEC_ERROR_BASE + 101),
+"Password entered is invalid.  Please pick a different one.")
+
+ER3(SEC_ERROR_RETRY_OLD_PASSWORD,		(SEC_ERROR_BASE + 102),
+"Old password entered incorrectly.  Please try again.")
+
+ER3(SEC_ERROR_BAD_NICKNAME,			(SEC_ERROR_BASE + 103),
+"Certificate nickname already in use.")
+
+ER3(SEC_ERROR_NOT_FORTEZZA_ISSUER,       	(SEC_ERROR_BASE + 104),
+"Peer FORTEZZA chain has a non-FORTEZZA Certificate.")
+
+ER3(SEC_ERROR_CANNOT_MOVE_SENSITIVE_KEY, 	(SEC_ERROR_BASE + 105),
+"A sensitive key cannot be moved to the slot where it is needed.")
+
+ER3(SEC_ERROR_JS_INVALID_MODULE_NAME, 		(SEC_ERROR_BASE + 106),
+"Invalid module name.")
+
+ER3(SEC_ERROR_JS_INVALID_DLL, 			(SEC_ERROR_BASE + 107),
+"Invalid module path/filename")
+
+ER3(SEC_ERROR_JS_ADD_MOD_FAILURE, 		(SEC_ERROR_BASE + 108),
+"Unable to add module")
+
+ER3(SEC_ERROR_JS_DEL_MOD_FAILURE, 		(SEC_ERROR_BASE + 109),
+"Unable to delete module")
+
+ER3(SEC_ERROR_OLD_KRL,	     			(SEC_ERROR_BASE + 110),
+"New KRL is not later than the current one.")
+ 
+ER3(SEC_ERROR_CKL_CONFLICT,	     		(SEC_ERROR_BASE + 111),
+"New CKL has different issuer than current CKL.  Delete current CKL.")
+
+ER3(SEC_ERROR_CERT_NOT_IN_NAME_SPACE, 		(SEC_ERROR_BASE + 112),
+"The Certifying Authority for this certificate is not permitted to issue a \
+certificate with this name.")
+
+ER3(SEC_ERROR_KRL_NOT_YET_VALID,		(SEC_ERROR_BASE + 113),
+"The key revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_CRL_NOT_YET_VALID,		(SEC_ERROR_BASE + 114),
+"The certificate revocation list for this certificate is not yet valid.")
+
+ER3(SEC_ERROR_UNKNOWN_CERT,			(SEC_ERROR_BASE + 115),
+"The requested certificate could not be found.")
+
+ER3(SEC_ERROR_UNKNOWN_SIGNER,			(SEC_ERROR_BASE + 116),
+"The signer's certificate could not be found.")
+
+ER3(SEC_ERROR_CERT_BAD_ACCESS_LOCATION,		(SEC_ERROR_BASE + 117),
+"The location for the certificate status server has invalid format.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_TYPE,	(SEC_ERROR_BASE + 118),
+"The OCSP response cannot be fully decoded; it is of an unknown type.")
+
+ER3(SEC_ERROR_OCSP_BAD_HTTP_RESPONSE,		(SEC_ERROR_BASE + 119),
+"The OCSP server returned unexpected/invalid HTTP data.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_REQUEST,		(SEC_ERROR_BASE + 120),
+"The OCSP server found the request to be corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_SERVER_ERROR,		(SEC_ERROR_BASE + 121),
+"The OCSP server experienced an internal error.")
+
+ER3(SEC_ERROR_OCSP_TRY_SERVER_LATER,		(SEC_ERROR_BASE + 122),
+"The OCSP server suggests trying again later.")
+
+ER3(SEC_ERROR_OCSP_REQUEST_NEEDS_SIG,		(SEC_ERROR_BASE + 123),
+"The OCSP server requires a signature on this request.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_REQUEST,	(SEC_ERROR_BASE + 124),
+"The OCSP server has refused this request as unauthorized.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_RESPONSE_STATUS,	(SEC_ERROR_BASE + 125),
+"The OCSP server returned an unrecognizable status.")
+
+ER3(SEC_ERROR_OCSP_UNKNOWN_CERT,		(SEC_ERROR_BASE + 126),
+"The OCSP server has no status for the certificate.")
+
+ER3(SEC_ERROR_OCSP_NOT_ENABLED,			(SEC_ERROR_BASE + 127),
+"You must enable OCSP before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_NO_DEFAULT_RESPONDER,	(SEC_ERROR_BASE + 128),
+"You must set the OCSP default responder before performing this operation.")
+
+ER3(SEC_ERROR_OCSP_MALFORMED_RESPONSE,		(SEC_ERROR_BASE + 129),
+"The response from the OCSP server was corrupted or improperly formed.")
+
+ER3(SEC_ERROR_OCSP_UNAUTHORIZED_RESPONSE,	(SEC_ERROR_BASE + 130),
+"The signer of the OCSP response is not authorized to give status for \
+this certificate.")
+
+ER3(SEC_ERROR_OCSP_FUTURE_RESPONSE,		(SEC_ERROR_BASE + 131),
+"The OCSP response is not yet valid (contains a date in the future).")
+
+ER3(SEC_ERROR_OCSP_OLD_RESPONSE,		(SEC_ERROR_BASE + 132),
+"The OCSP response contains out-of-date information.")
+
+ER3(SEC_ERROR_DIGEST_NOT_FOUND,			(SEC_ERROR_BASE + 133),
+"The CMS or PKCS #7 Digest was not found in signed message.")
+
+ER3(SEC_ERROR_UNSUPPORTED_MESSAGE_TYPE,		(SEC_ERROR_BASE + 134),
+"The CMS or PKCS #7 Message type is unsupported.")
+
+ER3(SEC_ERROR_MODULE_STUCK,			(SEC_ERROR_BASE + 135),
+"PKCS #11 module could not be removed because it is still in use.")
+
+ER3(SEC_ERROR_BAD_TEMPLATE,			(SEC_ERROR_BASE + 136),
+"Could not decode ASN.1 data. Specified template was invalid.")
+
+ER3(SEC_ERROR_CRL_NOT_FOUND,			(SEC_ERROR_BASE + 137),
+"No matching CRL was found.")
+
+ER3(SEC_ERROR_REUSED_ISSUER_AND_SERIAL,        (SEC_ERROR_BASE + 138),
+"You are attempting to import a cert with the same issuer/serial as \
+an existing cert, but that is not the same cert.")
+
+ER3(SEC_ERROR_BUSY,				(SEC_ERROR_BASE + 139),
+"NSS could not shutdown. Objects are still in use.")
+
+ER3(SEC_ERROR_EXTRA_INPUT,			(SEC_ERROR_BASE + 140),
+"DER-encoded message contained extra unused data.")
+
+ER3(SEC_ERROR_UNSUPPORTED_ELLIPTIC_CURVE,	(SEC_ERROR_BASE + 141),
+"Unsupported elliptic curve.")
+
+ER3(SEC_ERROR_UNSUPPORTED_EC_POINT_FORM,	(SEC_ERROR_BASE + 142),
+"Unsupported elliptic curve point form.")
+
+ER3(SEC_ERROR_UNRECOGNIZED_OID,			(SEC_ERROR_BASE + 143),
+"Unrecognized Object IDentifier.")
+
+ER3(SEC_ERROR_OCSP_INVALID_SIGNING_CERT,	(SEC_ERROR_BASE + 144),
+"Invalid OCSP signing certificate in OCSP response.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_CRL,          (SEC_ERROR_BASE + 145),
+"Certificate is revoked in issuer's certificate revocation list.")
+
+ER3(SEC_ERROR_REVOKED_CERTIFICATE_OCSP,         (SEC_ERROR_BASE + 146),
+"Issuer's OCSP responder reports certificate is revoked.")
+
+ER3(SEC_ERROR_CRL_INVALID_VERSION,              (SEC_ERROR_BASE + 147),
+"Issuer's Certificate Revocation List has an unknown version number.")
+
+ER3(SEC_ERROR_CRL_V1_CRITICAL_EXTENSION,        (SEC_ERROR_BASE + 148),
+"Issuer's V1 Certificate Revocation List has a critical extension.")
+
+ER3(SEC_ERROR_CRL_UNKNOWN_CRITICAL_EXTENSION,   (SEC_ERROR_BASE + 149),
+"Issuer's V2 Certificate Revocation List has an unknown critical extension.")
+
+ER3(SEC_ERROR_UNKNOWN_OBJECT_TYPE,	        (SEC_ERROR_BASE + 150),
+"Unknown object type specified.")
+
+ER3(SEC_ERROR_INCOMPATIBLE_PKCS11,	        (SEC_ERROR_BASE + 151),
+"PKCS #11 driver violates the spec in an incompatible way.")
+
+ER3(SEC_ERROR_NO_EVENT,	        		(SEC_ERROR_BASE + 152),
+"No new slot event is available at this time.")
+
+ER3(SEC_ERROR_CRL_ALREADY_EXISTS,      		(SEC_ERROR_BASE + 153),
+"CRL already exists.")
+
+ER3(SEC_ERROR_NOT_INITIALIZED,      		(SEC_ERROR_BASE + 154),
+"NSS is not initialized.")
+
+ER3(SEC_ERROR_TOKEN_NOT_LOGGED_IN,  		(SEC_ERROR_BASE + 155),
+"The operation failed because the PKCS#11 token is not logged in.")
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SSLServerSocket.h b/pki/base/tps/src/include/httpClient/httpc/SSLServerSocket.h
new file mode 100644
index 000000000..a059d7279
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SSLServerSocket.h
@@ -0,0 +1,93 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SSL_SERVER_SOCKET_H
+#define __SSL_SERVER_SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SSLServerSocket.h	1.000 06/12/2002
+ * 
+ * A Secure server socket implementation based on NSPR / NSS
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL SSLServerSocket : public ServerSocket {
+public:
+	/**
+	 * Constructor 
+	 */
+	SSLServerSocket( const char* host, 
+					 int port, 
+					 const char* nickname,
+					 int requestcert );
+
+	/**
+	 * Destructor 
+	 */
+	virtual ~SSLServerSocket();
+
+public:
+	/**
+	 * Initializes cert and private key before calling base class
+	 * Accept function.
+	 */
+	Socket* Accept();
+
+private:
+	/**
+	 * Overrides base class function to create SSL sockets
+	 *
+	 * @return	a newly accepted SSL socket
+	 */
+	Socket* InternalAccept(PRFileDesc* fd);
+
+private:
+	char* m_nickName;
+	int m_requestCert;
+	CERTCertificate* m_serverCert;
+	SECKEYPrivateKey* m_serverPrivKey;
+	SSLKEAType m_certKEA;
+};
+
+#endif // __SSL_SERVER_SOCKET_H
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SSLSocket.h b/pki/base/tps/src/include/httpClient/httpc/SSLSocket.h
new file mode 100644
index 000000000..14d647c60
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SSLSocket.h
@@ -0,0 +1,132 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SSL_SOCKET_H
+#define __SSL_SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SSLSocket.h	1.000 06/12/2002
+ * 
+ * A Secure socket implementation based on NSPR / NSS 
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL SSLSocket : public Socket {
+	friend class SSLServerSocket;
+public:
+	/**
+	 * Constructor
+	 */
+	SSLSocket();
+
+	/**
+	 * Destructor
+	 */
+	virtual ~SSLSocket();
+
+private:
+	/**
+	 * Sets up this socket to behave as a SSL server
+	 *
+	 * @param	cert		server certificate object
+	 * @param	privKey		private key structure
+	 * @param	password	password to access DB
+	 * @param	requestCert	whether to request cert from the client
+	 * @return				0 on success, negative error code otherwise
+	 *
+	 */
+	int SetupSSLServer(	CERTCertificate* serverCert, 
+						SECKEYPrivateKey* privKey,
+						SSLKEAType certKEA,
+						int requestCert );
+private:
+	// server callbacks
+	/**
+	 * Specifies a certificate authentication callback function called 
+	 * to authenticate an incoming certificate
+	 *
+	 * @param	arg			pointer supplied by the application 
+	 *						(in the call to SSL_AuthCertificateHook) 
+	 *						that can be used to pass state information
+	 * @param	socket		pointer to the file descriptor for the SSL socket
+	 * @param	checksig	PR_TRUE means signatures are to be checked and 
+	 *						the certificate chain is to be validated
+	 * @param	isServer	PR_TRUE means the callback function should 
+	 *						evaluate the certificate as a server does, 
+	 *						treating the remote end is a client
+	 * @return				SECSuccess on success, SECFailure otherwise
+	 *
+	 */
+	static SECStatus AuthCertificate( void* arg, 
+									  PRFileDesc* socket,
+									  PRBool checksig, 
+									  PRBool isServer );
+
+	/**
+	 * Sets up a callback function to deal with a situation where the 
+	 * SSL_AuthCertificate callback function has failed. This callback 
+	 * function allows the application to override the decision made by 
+	 * the certificate authorization callback and authorize the certificate 
+	 * for use in the SSL connection. 
+	 *
+	 * @param	arg			The arg parameter passed to SSL_BadCertHook
+	 * @param	socket		pointer to the file descriptor for the SSL socket
+	 * @return				SECSuccess on success, SECFailure otherwise
+	 */
+	static SECStatus BadCertHandler( void* arg, 
+								     PRFileDesc* socket );
+
+	/**
+	 * Sets up a callback function used by SSL to inform either a client 
+	 * application or a server application when the handshake is completed
+	 *
+	 * @param	arg			The arg parameter passed to SSL_HandshakeCallback
+	 * @param	socket		pointer to the file descriptor for the SSL socket
+	 * @return				SECSuccess on success, SECFailure otherwise
+	 */
+	static SECStatus HandshakeCallback( PRFileDesc* socket, 
+									    void* arg );
+
+private:
+	bool m_initializedAsServer;
+};
+
+#endif // __SSL_SOCKET_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SSLerrs.h b/pki/base/tps/src/include/httpClient/httpc/SSLerrs.h
new file mode 100644
index 000000000..818da3e87
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SSLerrs.h
@@ -0,0 +1,392 @@
+/** BEGIN COPYRIGHT BLOCK
+ * Version: MPL 1.1/GPL 2.0/LGPL 2.1
+ *
+ * The contents of this file are subject to the Mozilla Public License Version
+ * 1.1 (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ * http://www.mozilla.org/MPL/
+ *
+ * Software distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
+ * for the specific language governing rights and limitations under the
+ * License.
+ *
+ * The Original Code is the Netscape security libraries.
+ *
+ * The Initial Developer of the Original Code is
+ * Netscape Communications Corporation.
+ * Portions created by the Initial Developer are Copyright (C) 1994-2000
+ * the Initial Developer. All Rights Reserved.
+ *
+ * Contributor(s):
+ *
+ * Alternatively, the contents of this file may be used under the terms of
+ * either the GNU General Public License Version 2 or later (the "GPL"), or
+ * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
+ * in which case the provisions of the GPL or the LGPL are applicable instead
+ * of those above. If you wish to allow use of your version of this file only
+ * under the terms of either the GPL or the LGPL, and not to allow others to
+ * use your version of this file under the terms of the MPL, indicate your
+ * decision by deleting the provisions above and replace them with the notice
+ * and other provisions required by the GPL or the LGPL. If you do not delete
+ * the provisions above, a recipient may use your version of this file under
+ * the terms of any one of the MPL, the GPL or the LGPL.
+ *
+ * END COPYRIGHT BLOCK **/
+
+/* Originally obtained from:
+ * 
+ *     CVSROOT=:pserver:anonymous@cvs-mirror.mozilla.org:/cvsroot
+ *     cvs export -r NSS_3_11_3_RTM -N mozilla/security/nss/cmd/lib/SSLerrs.h
+ */
+
+/* SSL-specific security error codes  */
+/* caller must include "sslerr.h" */
+
+ER3(SSL_ERROR_EXPORT_ONLY_SERVER,			SSL_ERROR_BASE + 0,
+"Unable to communicate securely.  Peer does not support high-grade encryption.")
+
+ER3(SSL_ERROR_US_ONLY_SERVER,				SSL_ERROR_BASE + 1,
+"Unable to communicate securely.  Peer requires high-grade encryption which is not supported.")
+
+ER3(SSL_ERROR_NO_CYPHER_OVERLAP,			SSL_ERROR_BASE + 2,
+"Cannot communicate securely with peer: no common encryption algorithm(s).")
+
+ER3(SSL_ERROR_NO_CERTIFICATE,				SSL_ERROR_BASE + 3,
+"Unable to find the certificate or key necessary for authentication.")
+
+ER3(SSL_ERROR_BAD_CERTIFICATE,				SSL_ERROR_BASE + 4,
+"Unable to communicate securely with peer: peers's certificate was rejected.")
+
+/* unused						(SSL_ERROR_BASE + 5),*/
+
+ER3(SSL_ERROR_BAD_CLIENT,				SSL_ERROR_BASE + 6,
+"The server has encountered bad data from the client.")
+
+ER3(SSL_ERROR_BAD_SERVER,				SSL_ERROR_BASE + 7,
+"The client has encountered bad data from the server.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERTIFICATE_TYPE,		SSL_ERROR_BASE + 8,
+"Unsupported certificate type.")
+
+ER3(SSL_ERROR_UNSUPPORTED_VERSION,			SSL_ERROR_BASE + 9,
+"Peer using unsupported version of security protocol.")
+
+/* unused						(SSL_ERROR_BASE + 10),*/
+
+ER3(SSL_ERROR_WRONG_CERTIFICATE,			SSL_ERROR_BASE + 11,
+"Client authentication failed: private key in key database does not match public key in certificate database.")
+
+ER3(SSL_ERROR_BAD_CERT_DOMAIN,				SSL_ERROR_BASE + 12,
+"Unable to communicate securely with peer: requested domain name does not match the server's certificate.")
+
+/* SSL_ERROR_POST_WARNING				(SSL_ERROR_BASE + 13),
+   defined in sslerr.h
+*/
+
+ER3(SSL_ERROR_SSL2_DISABLED,				(SSL_ERROR_BASE + 14),
+"Peer only supports SSL version 2, which is locally disabled.")
+
+
+ER3(SSL_ERROR_BAD_MAC_READ,				(SSL_ERROR_BASE + 15),
+"SSL received a record with an incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_MAC_ALERT,				(SSL_ERROR_BASE + 16),
+"SSL peer reports incorrect Message Authentication Code.")
+
+ER3(SSL_ERROR_BAD_CERT_ALERT,				(SSL_ERROR_BASE + 17),
+"SSL peer cannot verify your certificate.")
+
+ER3(SSL_ERROR_REVOKED_CERT_ALERT,			(SSL_ERROR_BASE + 18),
+"SSL peer rejected your certificate as revoked.")
+
+ER3(SSL_ERROR_EXPIRED_CERT_ALERT,			(SSL_ERROR_BASE + 19),
+"SSL peer rejected your certificate as expired.")
+
+ER3(SSL_ERROR_SSL_DISABLED,				(SSL_ERROR_BASE + 20),
+"Cannot connect: SSL is disabled.")
+
+ER3(SSL_ERROR_FORTEZZA_PQG,				(SSL_ERROR_BASE + 21),
+"Cannot connect: SSL peer is in another FORTEZZA domain.")
+
+
+ER3(SSL_ERROR_UNKNOWN_CIPHER_SUITE          , (SSL_ERROR_BASE + 22),
+"An unknown SSL cipher suite has been requested.")
+
+ER3(SSL_ERROR_NO_CIPHERS_SUPPORTED          , (SSL_ERROR_BASE + 23),
+"No cipher suites are present and enabled in this program.")
+
+ER3(SSL_ERROR_BAD_BLOCK_PADDING             , (SSL_ERROR_BASE + 24),
+"SSL received a record with bad block padding.")
+
+ER3(SSL_ERROR_RX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 25),
+"SSL received a record that exceeded the maximum permissible length.")
+
+ER3(SSL_ERROR_TX_RECORD_TOO_LONG            , (SSL_ERROR_BASE + 26),
+"SSL attempted to send a record that exceeded the maximum permissible length.")
+
+/*
+ * Received a malformed (too long or short or invalid content) SSL handshake.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_REQUEST    , (SSL_ERROR_BASE + 27),
+"SSL received a malformed Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_HELLO     , (SSL_ERROR_BASE + 28),
+"SSL received a malformed Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_HELLO     , (SSL_ERROR_BASE + 29),
+"SSL received a malformed Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERTIFICATE      , (SSL_ERROR_BASE + 30),
+"SSL received a malformed Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_SERVER_KEY_EXCH  , (SSL_ERROR_BASE + 31),
+"SSL received a malformed Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_REQUEST     , (SSL_ERROR_BASE + 32),
+"SSL received a malformed Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HELLO_DONE       , (SSL_ERROR_BASE + 33),
+"SSL received a malformed Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CERT_VERIFY      , (SSL_ERROR_BASE + 34),
+"SSL received a malformed Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_CLIENT_KEY_EXCH  , (SSL_ERROR_BASE + 35),
+"SSL received a malformed Client Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_MALFORMED_FINISHED         , (SSL_ERROR_BASE + 36),
+"SSL received a malformed Finished handshake message.")
+
+/*
+ * Received a malformed (too long or short) SSL record.
+ */
+ER3(SSL_ERROR_RX_MALFORMED_CHANGE_CIPHER    , (SSL_ERROR_BASE + 37),
+"SSL received a malformed Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_ALERT            , (SSL_ERROR_BASE + 38),
+"SSL received a malformed Alert record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_HANDSHAKE        , (SSL_ERROR_BASE + 39),
+"SSL received a malformed Handshake record.")
+
+ER3(SSL_ERROR_RX_MALFORMED_APPLICATION_DATA , (SSL_ERROR_BASE + 40),
+"SSL received a malformed Application Data record.")
+
+/*
+ * Received an SSL handshake that was inappropriate for the state we're in.
+ * E.g. Server received message from server, or wrong state in state machine.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_REQUEST   , (SSL_ERROR_BASE + 41),
+"SSL received an unexpected Hello Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_HELLO    , (SSL_ERROR_BASE + 42),
+"SSL received an unexpected Client Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_HELLO    , (SSL_ERROR_BASE + 43),
+"SSL received an unexpected Server Hello handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERTIFICATE     , (SSL_ERROR_BASE + 44),
+"SSL received an unexpected Certificate handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_SERVER_KEY_EXCH , (SSL_ERROR_BASE + 45),
+"SSL received an unexpected Server Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_REQUEST    , (SSL_ERROR_BASE + 46),
+"SSL received an unexpected Certificate Request handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HELLO_DONE      , (SSL_ERROR_BASE + 47),
+"SSL received an unexpected Server Hello Done handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CERT_VERIFY     , (SSL_ERROR_BASE + 48),
+"SSL received an unexpected Certificate Verify handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_CLIENT_KEY_EXCH , (SSL_ERROR_BASE + 49),
+"SSL received an unexpected Cllient Key Exchange handshake message.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_FINISHED        , (SSL_ERROR_BASE + 50),
+"SSL received an unexpected Finished handshake message.")
+
+/*
+ * Received an SSL record that was inappropriate for the state we're in.
+ */
+ER3(SSL_ERROR_RX_UNEXPECTED_CHANGE_CIPHER   , (SSL_ERROR_BASE + 51),
+"SSL received an unexpected Change Cipher Spec record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_ALERT           , (SSL_ERROR_BASE + 52),
+"SSL received an unexpected Alert record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_HANDSHAKE       , (SSL_ERROR_BASE + 53),
+"SSL received an unexpected Handshake record.")
+
+ER3(SSL_ERROR_RX_UNEXPECTED_APPLICATION_DATA, (SSL_ERROR_BASE + 54),
+"SSL received an unexpected Application Data record.")
+
+/*
+ * Received record/message with unknown discriminant.
+ */
+ER3(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE        , (SSL_ERROR_BASE + 55),
+"SSL received a record with an unknown content type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_HANDSHAKE          , (SSL_ERROR_BASE + 56),
+"SSL received a handshake message with an unknown message type.")
+
+ER3(SSL_ERROR_RX_UNKNOWN_ALERT              , (SSL_ERROR_BASE + 57),
+"SSL received an alert record with an unknown alert description.")
+
+/*
+ * Received an alert reporting what we did wrong.  (more alerts above)
+ */
+ER3(SSL_ERROR_CLOSE_NOTIFY_ALERT            , (SSL_ERROR_BASE + 58),
+"SSL peer has closed this connection.")
+
+ER3(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT    , (SSL_ERROR_BASE + 59),
+"SSL peer was not expecting a handshake message it received.")
+
+ER3(SSL_ERROR_DECOMPRESSION_FAILURE_ALERT   , (SSL_ERROR_BASE + 60),
+"SSL peer was unable to succesfully decompress an SSL record it received.")
+
+ER3(SSL_ERROR_HANDSHAKE_FAILURE_ALERT       , (SSL_ERROR_BASE + 61),
+"SSL peer was unable to negotiate an acceptable set of security parameters.")
+
+ER3(SSL_ERROR_ILLEGAL_PARAMETER_ALERT       , (SSL_ERROR_BASE + 62),
+"SSL peer rejected a handshake message for unacceptable content.")
+
+ER3(SSL_ERROR_UNSUPPORTED_CERT_ALERT        , (SSL_ERROR_BASE + 63),
+"SSL peer does not support certificates of the type it received.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNKNOWN_ALERT     , (SSL_ERROR_BASE + 64),
+"SSL peer had some unspecified issue with the certificate it received.")
+
+
+ER3(SSL_ERROR_GENERATE_RANDOM_FAILURE       , (SSL_ERROR_BASE + 65),
+"SSL experienced a failure of its random number generator.")
+
+ER3(SSL_ERROR_SIGN_HASHES_FAILURE           , (SSL_ERROR_BASE + 66),
+"Unable to digitally sign data required to verify your certificate.")
+
+ER3(SSL_ERROR_EXTRACT_PUBLIC_KEY_FAILURE    , (SSL_ERROR_BASE + 67),
+"SSL was unable to extract the public key from the peer's certificate.")
+
+ER3(SSL_ERROR_SERVER_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 68),
+"Unspecified failure while processing SSL Server Key Exchange handshake.")
+
+ER3(SSL_ERROR_CLIENT_KEY_EXCHANGE_FAILURE   , (SSL_ERROR_BASE + 69),
+"Unspecified failure while processing SSL Client Key Exchange handshake.")
+
+ER3(SSL_ERROR_ENCRYPTION_FAILURE            , (SSL_ERROR_BASE + 70),
+"Bulk data encryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILURE            , (SSL_ERROR_BASE + 71),
+"Bulk data decryption algorithm failed in selected cipher suite.")
+
+ER3(SSL_ERROR_SOCKET_WRITE_FAILURE          , (SSL_ERROR_BASE + 72),
+"Attempt to write encrypted data to underlying socket failed.")
+
+ER3(SSL_ERROR_MD5_DIGEST_FAILURE            , (SSL_ERROR_BASE + 73),
+"MD5 digest function failed.")
+
+ER3(SSL_ERROR_SHA_DIGEST_FAILURE            , (SSL_ERROR_BASE + 74),
+"SHA-1 digest function failed.")
+
+ER3(SSL_ERROR_MAC_COMPUTATION_FAILURE       , (SSL_ERROR_BASE + 75),
+"MAC computation failed.")
+
+ER3(SSL_ERROR_SYM_KEY_CONTEXT_FAILURE       , (SSL_ERROR_BASE + 76),
+"Failure to create Symmetric Key context.")
+
+ER3(SSL_ERROR_SYM_KEY_UNWRAP_FAILURE        , (SSL_ERROR_BASE + 77),
+"Failure to unwrap the Symmetric key in Client Key Exchange message.")
+
+ER3(SSL_ERROR_PUB_KEY_SIZE_LIMIT_EXCEEDED   , (SSL_ERROR_BASE + 78),
+"SSL Server attempted to use domestic-grade public key with export cipher suite.")
+
+ER3(SSL_ERROR_IV_PARAM_FAILURE              , (SSL_ERROR_BASE + 79),
+"PKCS11 code failed to translate an IV into a param.")
+
+ER3(SSL_ERROR_INIT_CIPHER_SUITE_FAILURE     , (SSL_ERROR_BASE + 80),
+"Failed to initialize the selected cipher suite.")
+
+ER3(SSL_ERROR_SESSION_KEY_GEN_FAILURE       , (SSL_ERROR_BASE + 81),
+"Client failed to generate session keys for SSL session.")
+
+ER3(SSL_ERROR_NO_SERVER_KEY_FOR_ALG         , (SSL_ERROR_BASE + 82),
+"Server has no key for the attempted key exchange algorithm.")
+
+ER3(SSL_ERROR_TOKEN_INSERTION_REMOVAL       , (SSL_ERROR_BASE + 83),
+"PKCS#11 token was inserted or removed while operation was in progress.")
+
+ER3(SSL_ERROR_TOKEN_SLOT_NOT_FOUND          , (SSL_ERROR_BASE + 84),
+"No PKCS#11 token could be found to do a required operation.")
+
+ER3(SSL_ERROR_NO_COMPRESSION_OVERLAP        , (SSL_ERROR_BASE + 85),
+"Cannot communicate securely with peer: no common compression algorithm(s).")
+
+ER3(SSL_ERROR_HANDSHAKE_NOT_COMPLETED       , (SSL_ERROR_BASE + 86),
+"Cannot initiate another SSL handshake until current handshake is complete.")
+
+ER3(SSL_ERROR_BAD_HANDSHAKE_HASH_VALUE      , (SSL_ERROR_BASE + 87),
+"Received incorrect handshakes hash values from peer.")
+
+ER3(SSL_ERROR_CERT_KEA_MISMATCH             , (SSL_ERROR_BASE + 88),
+"The certificate provided cannot be used with the selected key exchange algorithm.")
+
+ER3(SSL_ERROR_NO_TRUSTED_SSL_CLIENT_CA	, (SSL_ERROR_BASE + 89),
+"No certificate authority is trusted for SSL client authentication.")
+
+ER3(SSL_ERROR_SESSION_NOT_FOUND		, (SSL_ERROR_BASE + 90),
+"Client's SSL session ID not found in server's session cache.")
+
+ER3(SSL_ERROR_DECRYPTION_FAILED_ALERT     , (SSL_ERROR_BASE + 91),
+"Peer was unable to decrypt an SSL record it received.")
+
+ER3(SSL_ERROR_RECORD_OVERFLOW_ALERT       , (SSL_ERROR_BASE + 92),
+"Peer received an SSL record that was longer than is permitted.")
+
+ER3(SSL_ERROR_UNKNOWN_CA_ALERT            , (SSL_ERROR_BASE + 93),
+"Peer does not recognize and trust the CA that issued your certificate.")
+
+ER3(SSL_ERROR_ACCESS_DENIED_ALERT         , (SSL_ERROR_BASE + 94),
+"Peer received a valid certificate, but access was denied.")
+
+ER3(SSL_ERROR_DECODE_ERROR_ALERT          , (SSL_ERROR_BASE + 95),
+"Peer could not decode an SSL handshake message.")
+
+ER3(SSL_ERROR_DECRYPT_ERROR_ALERT         , (SSL_ERROR_BASE + 96),
+"Peer reports failure of signature verification or key exchange.")
+
+ER3(SSL_ERROR_EXPORT_RESTRICTION_ALERT    , (SSL_ERROR_BASE + 97),
+"Peer reports negotiation not in compliance with export regulations.")
+
+ER3(SSL_ERROR_PROTOCOL_VERSION_ALERT      , (SSL_ERROR_BASE + 98),
+"Peer reports incompatible or unsupported protocol version.")
+
+ER3(SSL_ERROR_INSUFFICIENT_SECURITY_ALERT , (SSL_ERROR_BASE + 99),
+"Server requires ciphers more secure than those supported by client.")
+
+ER3(SSL_ERROR_INTERNAL_ERROR_ALERT        , (SSL_ERROR_BASE + 100),
+"Peer reports it experienced an internal error.")
+
+ER3(SSL_ERROR_USER_CANCELED_ALERT         , (SSL_ERROR_BASE + 101),
+"Peer user canceled handshake.")
+
+ER3(SSL_ERROR_NO_RENEGOTIATION_ALERT      , (SSL_ERROR_BASE + 102),
+"Peer does not permit renegotiation of SSL security parameters.")
+
+ER3(SSL_ERROR_SERVER_CACHE_NOT_CONFIGURED , (SSL_ERROR_BASE + 103),
+"SSL server cache not configured and not disabled for this socket.")
+
+ER3(SSL_ERROR_UNSUPPORTED_EXTENSION_ALERT    , (SSL_ERROR_BASE + 104),
+"SSL peer does not support requested TLS hello extension.")
+
+ER3(SSL_ERROR_CERTIFICATE_UNOBTAINABLE_ALERT , (SSL_ERROR_BASE + 105),
+"SSL peer could not obtain your certificate from the supplied URL.")
+
+ER3(SSL_ERROR_UNRECOGNIZED_NAME_ALERT        , (SSL_ERROR_BASE + 106),
+"SSL peer has no certificate for the requested DNS name.")
+
+ER3(SSL_ERROR_BAD_CERT_STATUS_RESPONSE_ALERT , (SSL_ERROR_BASE + 107),
+"SSL peer was unable to get an OCSP response for its certificate.")
+
+ER3(SSL_ERROR_BAD_CERT_HASH_VALUE_ALERT      , (SSL_ERROR_BASE + 108),
+"SSL peer reported bad certificate hash value.")
diff --git a/pki/base/tps/src/include/httpClient/httpc/ScheduledTask.h b/pki/base/tps/src/include/httpClient/httpc/ScheduledTask.h
new file mode 100644
index 000000000..cbb99ab61
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ScheduledTask.h
@@ -0,0 +1,86 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SCHEDULED_TASK_H__
+#define __SCHEDULED_TASK_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <time.h>
+
+class TaskList;
+
+/**
+ * Base class for scheduled tasks in Presence Server
+ */
+
+class EXPORT_DECL ScheduledTask {
+    friend class TaskList;
+public:
+    /**
+     * Constructor - creates an empty task
+     */
+    ScheduledTask();
+    /**
+     * Constructor - creates an empty task
+     *
+     * @param name Name of task
+     */
+    ScheduledTask( const char *name );
+    /**
+     * Destructor
+     */
+    virtual ~ScheduledTask();
+    /**
+     * Returns a copy of the task
+     *
+     * @return A copy of the task
+     */
+    virtual ScheduledTask *Clone();
+    /**
+     * Executes the task
+     *
+     * @return 0 on successfully starting the task
+     */
+    virtual int Start();
+protected:
+    char *m_name;
+    ScheduledTask *m_next;
+    ScheduledTask *m_prev;
+    time_t m_time;
+    int m_interval;
+};
+
+#endif // __SCHEDULED_TASK_H__
diff --git a/pki/base/tps/src/include/httpClient/httpc/Scheduler.h b/pki/base/tps/src/include/httpClient/httpc/Scheduler.h
new file mode 100644
index 000000000..a0e77ffb4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Scheduler.h
@@ -0,0 +1,103 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SCHEDULER_H__
+#define __SCHEDULER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+class ScheduledTask;
+class TaskList;
+
+/**
+ * Base class for scheduled tasks in Presence Server
+ */
+
+class EXPORT_DECL Scheduler {
+private:
+    /**
+     * Constructor - creates a scheduler object
+     */
+    Scheduler();
+    /**
+     * Destructor
+     */
+    ~Scheduler();
+public:
+    /**
+     * Returns the single scheduler object
+     *
+     * @return The single scheduler object
+     */
+    static Scheduler *GetScheduler();
+    /**
+     * Starts executing a sleep and check task list loop
+     *
+     * @return 0 on success
+     */
+    int Run();
+    /**
+     * Shuts down the scheduler
+     */
+    static void Shutdown();
+    /**
+     * Launches a thread that executes Run()
+     *
+     * @param interval Interval in seconds between checking for task execution
+     * time
+     * @return 0 on success
+     */
+    int Start( int interval );
+    /**
+     * Adds a task to the list
+     *
+     * @param task A task to be executed
+     */
+    void AddTask( ScheduledTask *task );
+    /**
+     * Removes a task from the list
+     *
+     * @param taskName Name of a task to be removed
+     */
+    void RemoveTask( const char *taskName );
+private:
+    TaskList *m_taskList;
+    int m_interval;
+    bool m_done;
+    bool m_running;
+};
+
+#endif /* __SCHEDULER_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SecurityHeaders.h b/pki/base/tps/src/include/httpClient/httpc/SecurityHeaders.h
new file mode 100644
index 000000000..a54ecb1a2
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SecurityHeaders.h
@@ -0,0 +1,48 @@
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SECURITY_HEADERS_H__
+#define __SECURITY_HEADERS_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+// SOAP header elements defined by WS-SECURITY and used to transfer
+// username and password
+#define HEADER_FIELD_USERNAME "Username"
+#define HEADER_FIELD_PASSWORD "Password"
+#define HEADER_FIELD_SECURITY "Security"
+#define HEADER_FIELD_NS "http://schemas.xmlsoap.org/ws/2002/04/secext"
+#define HEADER_FIELD_TOKEN "UsernameToken"
+
+#endif /* __SECURITY_HEADERS_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ServerConnection.h b/pki/base/tps/src/include/httpClient/httpc/ServerConnection.h
new file mode 100644
index 000000000..bc33aa216
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ServerConnection.h
@@ -0,0 +1,179 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SERVER_CONNECTION_H
+#define __SERVER_CONNECTION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ServerConnection.h	1.000 06/12/2002
+ * 
+ * This class handles server side connections. The accept happens on 
+ * a separate thread and newly accepted connection are polled for 
+ * read ready state. Once data is available on one or more connections
+ * the listeners are notified about it.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ServerConnection {
+	friend class PollThread;
+	friend class AcceptThread;
+public:
+	/**
+	 *	Constructor
+	 */
+	ServerConnection();
+
+	/**
+	 *	Destructor
+	 */
+	virtual ~ServerConnection();
+
+public:
+	/**
+	 * Registers a listener interface to notify on the connections
+	 * 
+	 * @param	listener	listener object
+	 * @return				0 on success, negative error code otherwise
+	 */
+	int RegisterListener(ConnectionListener* listener);
+
+	/**
+	 * Listens for connections on a specified socket
+	 *
+	 * @param	host	host name / ip
+	 * @param	port	listen port
+	 * @return			0 on success, negative error code otherwise
+	 */
+
+	int Start(char* host, int port);
+
+	/**
+	 * Listens for connections on a specified socket for SSL connections
+	 *
+	 * @param	host		host name / ip
+	 * @param	port		listen port
+	 * @param	nickename	name of the server cert
+	 * @param	password	password for DB
+	 * @param	requestCert	request client certficate for authentication
+	 * @return			0 on success, negative error code otherwise
+	 */
+	int Start( char* host, 
+			   int port, 
+			   const char* nickname, 
+			   int requestcert);
+
+	/**
+	 * Closes the server connection
+	 *
+	 * @return	0 on success, negative error code otherwise
+	 */
+    int Shutdown();
+
+	/**
+	 * Releases the connection to the read pool. 
+	 *
+	 * @param	conn	a connection object
+	 */
+	void PollRead(Connection* conn);
+
+	/**
+	 * Releases the connection to the write pool. 
+	 *
+	 * @param	conn	a connection object
+	 */
+	void Release(Connection* conn);
+
+	/**
+	 * Gets a connection from the write pool. This connection should be 
+	 * returned to the pool after writing.
+	 *
+	 * @return 0 on success, negative error code otherwise
+	 */
+	Connection* GetConnection();
+
+	/**
+	 * Returns the number of connections 
+	 *
+	 * @return	number of connections
+	 */
+	int GetCount();
+
+	static void Poll(void* arg);
+	static void Accept(void* arg);
+
+protected:
+	/**
+	 * Protocol specific implementations should implement this
+	 * function and return their own connection object
+	 * 
+	 * @return	a newly created connection
+	 */
+	virtual Connection* AcceptedConnection();
+
+	const char* GetPeerHost(Connection* conn);
+	int GetPeerPort(Connection* conn);
+
+private:
+	int InternalStart();
+	void SetServerFlag(Connection* conn);
+	PRFileDesc* GetFD( Connection* conn );
+	void SetSocket(Connection* conn, Socket* socket);
+	int UpdateWritePool(Connection* conn);
+
+private:
+	ServerSocket* m_server;
+	ConnectionListener*	m_connectionListener;
+
+	Pool* m_readPool;
+	Pool* m_writePool;
+
+	PRLock* m_readLock;
+	PRLock* m_writeLock;
+
+	PRBool m_threadInitialized;
+	PRLock*	m_threadLock;
+	PRCondVar* m_threadCondv;
+
+	int	m_totalConnections;
+	bool m_serverRunning;
+};
+
+#endif // __SERVER_CONNECTION_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ServerHeaderProcessor.h b/pki/base/tps/src/include/httpClient/httpc/ServerHeaderProcessor.h
new file mode 100644
index 000000000..213d3b13b
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ServerHeaderProcessor.h
@@ -0,0 +1,72 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __WASP_SERVER_HEADER_PROCESSOR_H
+#define __WASP_SERVER_HEADER_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <waspc/config/config.h>
+#include <waspc/util/exceptions.h>
+#include <waspc/xmlprotocol/header/HeaderProcessor.h>
+
+class ServerHeaderProcessorItemConfiguration;
+
+/**
+ * Creates WS-Security header with a session token
+ */
+class EXPORT_DECL ServerHeaderProcessor : public WASP_HeaderProcessor {
+protected:
+    virtual ~ServerHeaderProcessor();
+public:
+    ServerHeaderProcessor();
+
+    //inherited methods from WASP_Configurable
+    virtual void load (WASP_Configuration *, EXCENV_DECL);
+    virtual void init (EXCENV_DECL);
+    virtual void destroy ();
+
+    //inherited from WASP_HeaderProcessor    
+    virtual void processInput(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual void processOutput(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual void processInputFault(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual void processOutputFault(WASP_XMLProtocolMessage *message, EXCENV_DECL);
+    virtual WASP_String **getUnderstandHeaders(int &count, EXCENV_DECL);
+
+protected:
+    WASP_String **mppsUnderstandHeaderNamesAndNs;
+    int miUnderstandHeaderCount;
+};
+
+#endif //__WASP_SERVER_HEADER_PROCESSOR_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/ServerSocket.h b/pki/base/tps/src/include/httpClient/httpc/ServerSocket.h
new file mode 100644
index 000000000..3cec2444a
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ServerSocket.h
@@ -0,0 +1,113 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SERVER_SOCKET_H
+#define __SERVER_SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ServerSocket.h	1.000 06/12/2002
+ * 
+ * A NSPR implementation of ServerSocket 
+ * 
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ServerSocket {
+public:
+
+	/**
+	 * Constructor - Creates a new TCP socket
+	 *
+	 * @param	host	host name / ip
+	 * @param	port	a listen port
+	 */
+	ServerSocket(const char* host, int port);
+
+	/**
+	 * Constructor - Creates a new TCP socket
+	 *
+	 * @param	port	a listen port
+	 */
+	ServerSocket(int port);
+
+	/**
+	 * Desstructor
+	 */
+	virtual ~ServerSocket();
+
+public:
+	
+	/**
+	 * Binds the socket to the specified port and starts listening for
+	 * connections. The first connection is accepted from the queue of 
+	 * pending connections and creates a new socket for the newly accepted 
+	 * connection. The accept is blocked with no time out in its own thread. 
+	 *
+	 * @return	a new socket for the newly accepted connection
+	 */
+	virtual Socket* Accept();
+
+	/**
+	 * Closes the server socket
+	 */
+    virtual void Shutdown();
+
+protected:
+	/**
+	 * Internal method to call accept. Sub classes should override this
+	 * to provide their own implementation for returned sockets.
+	 *
+	 * @return	a newly accepted socket
+	 */
+	virtual Socket* InternalAccept(PRFileDesc* fd);
+
+protected:
+	bool m_initialized;
+
+private:
+	PRFileDesc* m_fd;
+	PRNetAddr m_addr;
+	char* m_host;
+	int m_port;
+	int m_backlog;
+};
+
+#endif // __SERVER_SOCKET_H
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/Socket.h b/pki/base/tps/src/include/httpClient/httpc/Socket.h
new file mode 100644
index 000000000..c2ef4afd4
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/Socket.h
@@ -0,0 +1,157 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __SOCKET_H
+#define __SOCKET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Socket.h	1.000 06/12/2002
+ * 
+ * A NSPR implementation of socket
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL Socket {
+	friend class ServerSocket;
+	friend class ServerConnection;
+public:
+	
+	/**
+	 * Constructor 
+	 */
+	Socket();
+
+	/**
+	 * Constructor - creates a socket connecting to the host and port
+	 *
+	 * @param	host	hostname to connect to
+	 * @param	port	port of the machine
+	 */
+	Socket(const char* host, int port);
+
+	/**
+	 * Destructor
+	 */
+	virtual ~Socket();
+
+public:
+
+	/**
+	 * Reads specified number of bytes from the socket. This is a blocking
+	 * socket read with timeout.
+	 *
+	 * @param	buf		buffer to read into
+	 * @param	size	number of bytes to read
+	 * @param	timeout	timeout before the read terminates
+	 * @return			number of bytes actually read
+	 */
+	int Read(void* buf, int size, long timeout);
+
+	/**
+	 * Writes specified number of bytes to the socket. This is a blocking
+	 * socket write with timeout.
+	 *
+	 * @param	buf		buffer to write from
+	 * @param	size	number of bytes to write
+	 * @param	timeout	timeout before the write terminates
+	 * @return			number of bytes actually written
+	 */
+	int Write(void* buf, int size, long timeout);
+
+	/**
+	 * Gets ip address for a specified socket
+	 *
+	 * @return	ip address
+	 */
+	const char* GetLocalIp();
+
+	/**
+	 * Gets port for a specified socket
+	 *
+	 * @return	port
+	 */
+	int GetLocalPort();
+
+	/**
+	 * Gets ip address of a connected peer
+	 *
+	 * @return	ip address
+	 */
+	const char* GetPeerIp();
+
+	/**
+	 * Gets port of a connected peer
+	 *
+	 * @return	ip address
+	 */
+	int GetPeerPort();
+
+	/**
+	 * Shuts down part of a full-duplex connection on a specified socket
+	 *
+	 * @param	how		the kind of disallowed operations on the socket
+	 *					the possible values are :
+	 *					PR_SHUTDOWN_RCV
+	 *					PR_SHUTDOWN_SEND
+	 *					PR_SHUTDOWN_BOTH
+	 */
+	void Shutdown(PRShutdownHow how);
+
+protected:
+	int Init(PRFileDesc* fd);
+
+private:
+	void CancelIO(PRInt32 err);
+
+protected:
+	PRFileDesc* m_fd;
+
+private:
+	char* m_localIp;
+	char* m_peerIp;
+	int m_localPort;
+	int m_peerPort;
+	bool m_initialized;
+	PRLock* m_readLock;
+	PRLock* m_writeLock;
+};
+
+#endif // __SOCKET_H
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SocketINC.h b/pki/base/tps/src/include/httpClient/httpc/SocketINC.h
new file mode 100644
index 000000000..43b36c9a0
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SocketINC.h
@@ -0,0 +1,163 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _SOCKET_INC_H_
+#define _SOCKET_INC_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SocketINC.h	1.000 06/12/2002
+ * 
+ * Public header file for Socket / Connection module
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+/**************************************************
+ * Imported header files 
+ **************************************************/
+#include <time.h>
+#include <string.h>
+
+#include "nspr.h"
+#include "plhash.h"
+#include "plstr.h"
+#include "private/pprio.h"
+
+#include "pk11func.h"
+#include "secitem.h"
+#include "ssl.h"
+#include "certt.h"
+#include "nss.h"
+#include "secrng.h"
+#include "secder.h"
+#include "key.h"
+#include "sslproto.h"
+
+#include "httpClient/httpc/Defines.h"	// ??? SSR should be spilt into respective modules
+#include "httpClient/httpc/Pool.h"
+#include "httpClient/httpc/DebugLogger.h"
+#include "httpClient/httpc/ErrorLogger.h"
+#include "httpClient/httpc/CERTUtil.h"
+#include "httpClient/httpc/PSPRUtil.h"
+
+/**************************************************
+ * Socket / Connection module header files 
+ **************************************************/
+#include "httpClient/httpc/Socket.h"
+#include "httpClient/httpc/ServerSocket.h"
+#include "httpClient/httpc/SSLSocket.h"
+#include "httpClient/httpc/SSLServerSocket.h"
+#include "httpClient/httpc/Connection.h"
+#include "httpClient/httpc/ConnectionListener.h"
+#include "httpClient/httpc/ServerConnection.h"
+
+
+/*************************************************
+ * Error codes used by this module
+ *************************************************/
+// Socket errors
+typedef enum {
+	SOCKET_ERROR_CREATE_SOCKET			= -2001,
+	SOCKET_ERROR_SET_OPTION				= -2002,
+	SOCKET_ERROR_BIND					= -2003,
+	SOCKET_ERROR_LISTEN					= -2004,
+	SOCKET_ERROR_CONNECTION_CLOSED		= -2005,
+	SOCKET_ERROR_READ					= -2006,
+	SOCKET_ERROR_WRITE					= -2007,
+	SOCKET_ERROR_ACCEPT_THREAD			= -2008,
+	SOCKET_ERROR_ALREADY_REGISTERED		= -2009,
+	SOCKET_ERROR_ALREADY_LISTENING		= -2010,
+	SOCKET_ERROR_POLL_THREAD			= -2011,
+	SOCKET_ERROR_NO_LISTENER			= -2012,
+	SOCKET_ERROR_POLL					= -2013,
+	SOCKET_ERROR_POLL_TIMED_OUT			= -2014,
+	SOCKET_ERROR_ALREADY_CONNECTED		= -2015,
+	SOCKET_ERROR_INITIALIZATION_FAILED	= -2016
+} SocketError;
+
+typedef enum {
+	SSL_ERROR_SERVER_CERT				= -2016,
+	SSL_ERROR_SERVER_PRIVATE_KEY		= -2017,
+	SSL_ERROR_IMPORT_FD					= -2018,
+	SSL_ERROR_OPTION_SECURITY			= -2019,
+	SSL_ERROR_OPTION_SERVER_HANDSHAKE	= -2020,
+	SSL_ERROR_OPTION_REQUEST_CERTIFCATE	= -2021,
+	SSL_ERROR_OPTION_REQUIRE_CERTIFCATE	= -2022,
+	SSL_ERROR_CALLBACK_AUTH_CERTIFICATE	= -2023,
+	SSL_ERROR_CALLBACK_BAD_CERT_HANDLER	= -2024,
+	SSL_ERROR_CALLBACK_HAND_SHAKE		= -2025,
+	SSL_ERROR_CALLBACK_PASSWORD_ARG		= -2026,
+	SSL_ERROR_CONFIG_SECURE_SERVER		= -2027,
+	SSL_ERROR_RESET_HAND_SHAKE			= -2028,
+	SSL_ERROR_OPTION_ENABLE_FDX			= -2029
+} SslError;
+
+/**************************************************
+ * Defines used by this module
+ **************************************************/
+#define SOCKET_DEFAULT_HOST_NAME			"localhost"
+#define SOCKET_DEFAULT_READ_TIME_OUT		1000UL			// 1 sec
+#define SOCKET_DEFAULT_WRITE_TIME_OUT		0xffffffffUL	// infinte
+#define	SOCKET_DEFAULT_READ_BUFFER_SIZE		4096			// 4k
+#define	SOCKET_DEFAULT_WRITE_BUFFER_SIZE	4096			// 4k
+#define SOCKET_DEFAULT_POLL_TIMEOUT			1000UL			// 1 sec
+#define SOCKET_DEFAULT_BACKLOG				50				// pending conns
+#define SOCKET_DEFAULT_POOL_SIZE			100				// conn pool size
+
+typedef enum {
+	SOCKET_ERROR_SEVERE	 = 1,
+	SOCKET_ERROR_WARNING = 2,
+	SOCKET_ERROR_INFO	 = 3
+} SocketErrorLevel;
+
+
+typedef enum {
+	REQUEST_CERT_NONE = 0,
+	REQUIRE_CERT_NONE = 1,
+	REQUEST_CERT_ONCE = 2,
+	REQUIRE_CERT_ONCE = 3,
+	REQUEST_CERT_ALL  = 4,
+	REQUIRE_CERT_ALL  = 5
+} RequireCert;
+
+#endif // _SOCKET_INC_H_
+
+
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/SocketLib.h b/pki/base/tps/src/include/httpClient/httpc/SocketLib.h
new file mode 100644
index 000000000..5a00b2ecb
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/SocketLib.h
@@ -0,0 +1,62 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _SOCKET_LIB_H_
+#define _SOCKET_LIB_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * SocketLib.h	1.000 06/12/2002
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+#undef EXPORT_DECL
+#ifdef _MSC_VER
+#ifdef PS_SOCKET_LIB_INTERNAL
+	#define EXPORT_DECL __declspec( dllexport )
+#else
+	#define EXPORT_DECL __declspec (dllimport )
+#endif // PS_SOCKET_LIB_INTERNAL
+#else
+	#define EXPORT_DECL
+#endif // _MSC_VER
+
+#endif // _CONNECTION_LIB_H_
+
+
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/StringList.h b/pki/base/tps/src/include/httpClient/httpc/StringList.h
new file mode 100644
index 000000000..80cd61dd6
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/StringList.h
@@ -0,0 +1,151 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _STRING_LIST_H
+#define _STRING_LIST_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Simple String list class using the STL List template
+ */
+
+#include <list>
+#ifdef HPUX
+#include <iostream.h>
+#else
+#include <iostream>
+#endif
+
+#include "httpClient/httpc/Iterator.h"
+
+#ifndef HPUX
+using namespace std;
+#endif
+
+typedef EXPORT_DECL list<const char *> LISTSTR;
+
+class EXPORT_DECL StringList {
+public:
+	/**
+	 * Constructor
+	 */
+	StringList();
+
+	/**
+	 * Destructor
+	 */
+	~StringList();
+
+	/**
+	 * Appends a string to the end of the list
+	 *
+	 * @param value The string value to append
+	 */
+	void Add( const char *value );
+
+    /**
+     * Gets the string at a particular index in the list
+     *
+     * @param index Index of the string to retrieve
+     * @return The string at the specified index, or NULL if outside
+     * the range of the list
+     */
+    const char *GetAt( int index );
+
+	/**
+	 * Returns the index of a string in the list
+	 *
+	 * @param matchString The string to match
+	 * @param startIndex The index to start searching from
+	 * @return The index of the string, or -1 if not found
+	 */
+	int Find( const char *matchString,
+						  int startIndex );
+
+	/**
+	 * Returns the number of strings in the list
+	 *
+	 * @return The number of strings in the list
+	 */
+	int GetCount();
+
+	/**
+	 * Inserts a string before the specified position
+	 *
+	 * @param index Position to insert the string
+	 * @param value The string to insert
+	 * @return The index of the string, or -1 if the requested index
+	 * is beyond the end of the list
+	 */
+	int Insert( int index, const char *value );
+
+	/**
+	 * Removes a string at the specified position
+	 *
+	 * @param index Position to remove the string
+	 * @return 0 on sucess, or -1 if the requested index
+	 * is beyond the end of the list
+	 */
+	int Remove( int index );
+
+	/**
+	 * Removes all strings
+	 */
+	void RemoveAll();
+
+    /**
+     * Returns an iterator over strings in the list
+     *
+     * @return An iterator over strings in the list
+     */
+    Iterator *GetIterator();
+
+	EXPORT_DECL friend ostream& operator<< ( ostream& os, StringList& list );
+
+protected:
+	/**
+	 * Gets the iterator for an indexed element
+	 *
+	 * @param index Position to get
+	 * @return Iterator for the position (could be end())
+	 */
+	LISTSTR::iterator GetIteratorAt( int index );
+
+private:
+	LISTSTR m_list;
+};
+
+#endif // _STRING_LIST_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/StringUtil.h b/pki/base/tps/src/include/httpClient/httpc/StringUtil.h
new file mode 100644
index 000000000..5c8955d37
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/StringUtil.h
@@ -0,0 +1,74 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _STRING_UTIL_H
+#define _STRING_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * String utility functions
+ */
+
+class EXPORT_DECL StringUtil {
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	StringUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~StringUtil() {}
+
+public:
+	/**
+	 * Normalizes a screen name
+	 *
+	 * @param raw The raw screen name
+	 * @param normalized The normalized screen name (lower case, no spaces)
+	 */
+	static void NormalizeScreenName( const char *raw, char *normalized );
+
+	/**
+	 * Converts the string to lower case
+	 *
+	 * @param	raw		string to be converted
+	 */
+	static void ToLower(char* raw);
+};
+
+#endif // _STRING_UTIL_H
diff --git a/pki/base/tps/src/include/httpClient/httpc/TaskList.h b/pki/base/tps/src/include/httpClient/httpc/TaskList.h
new file mode 100644
index 000000000..779d27ead
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/TaskList.h
@@ -0,0 +1,114 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __TASK_LIST_H__
+#define __TASK_LIST_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * Base class for scheduled tasks in Presence Server
+ */
+
+class EXPORT_DECL TaskList {
+public:
+    /**
+     * Constructor - creates an empty task list
+     *
+     * @param name Name of task list
+     */
+    TaskList( const char *name );
+    /**
+     * Destructor - Empties the task list, deleting each entry
+     */
+    virtual ~TaskList();
+    /**
+     * Returns true if the task list is empty
+     *
+     * @return true if the task list is empty
+     */
+    bool IsEmpty();
+    /**
+     * Adds a task to the list; the list is sorted by execution time
+     *
+     * @param node An entry to add
+     * @return The added entry
+     */
+    ScheduledTask *Add( ScheduledTask *node );
+    /**
+     * Removes a node from the list but does not delete it
+     *
+     * @param taskName The name of the node to remove
+     * @return The node with the name taskName, or NULL if not found
+     */
+    ScheduledTask *Remove( const char *taskName );
+    /**
+     * Executes each task for which the time is right in a separate thread;
+     * if the task is repeating, a new entry is created for it, otherwise
+     * it is removed from the list
+     *
+     * @return The number of tasks executed
+     */
+    int ExecuteCurrent();
+    /**
+     * Dumps the task list to the debug log
+     *
+     * @param logLevel Lowest debug level for which the log should be dumped
+     */
+    void Dump( int logLevel );
+private:
+    /**
+     * Removes a node from the list but does not delete it; does not lock
+     *
+     * @param node The node to remove
+     * @return The node
+     */
+    ScheduledTask *InternalRemove( ScheduledTask *node );
+    /**
+     * Adds a task to the list; the list is sorted by execution time
+     *
+     * @param node An entry to add
+     * @return The added entry
+     */
+    ScheduledTask *InternalAdd( ScheduledTask *node );
+
+    char *m_name;
+    ScheduledTask *m_next;
+    int m_interval;
+	PRLock *m_lock;
+};
+
+#endif /* __TASK_LIST_H__ */
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/ThreadPool.h b/pki/base/tps/src/include/httpClient/httpc/ThreadPool.h
new file mode 100644
index 000000000..389d42606
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/ThreadPool.h
@@ -0,0 +1,159 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef __THREAD_POOL_H
+#define __THREAD_POOL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * ThreadPool.h	1.000 06/12/2002
+ * 
+ * A worker thread pool.
+ *
+ * @author  Surendra Rajam
+ * @version 1.000, 06/12/2002
+ */
+
+class EXPORT_DECL ThreadPool {
+	friend class WorkerThread;
+public:
+	/**
+	 * Constructor - creates the pool with default values
+	 *
+	 * @param	name	name of the threadpool
+	 */
+	ThreadPool(const char* name);
+
+	/**
+	 * Constructor
+	 *
+	 * @param	name	name of the threadpool
+	 * @param	min		minimum threads in the pool
+	 * @param	max		maximum threads that can be created
+	 * @param	timeout	timeout for each thread
+	 */
+	ThreadPool(const char* name, int min, int max, int timeout);
+	
+	/**
+	 * Destructor
+	 */
+	virtual ~ThreadPool();
+
+public:
+
+	/**
+	 * Initializes the thread pool with minimum threads
+	 */
+	void Init();
+
+	/**
+	 * Shutdown the thread pool
+	 */
+	void Shutdown();
+
+	/**
+	 * Adds a task for future execution
+	 *
+	 * @param	task	a task to execute
+	 */
+	void AddTask(ScheduledTask* task);	
+
+	/**
+	 * Executes the task immediately 
+	 *
+	 * @param	task	a task to execute
+	 */
+	void ExecuteTask(ScheduledTask* task);	
+
+	/**
+	 * Gets the number of active threads in the pool
+	 *
+	 * @return	number of active threads
+	 */
+	int GetThreads();
+
+	/**
+	 * Gets the number of pending tasks in the list
+	 *
+	 * @return	number of pending tasks
+	 */
+	int GetPendingTasks();
+
+	/**
+	 * Function to start a NSPR thread
+	 */
+	static void StartWorkerThread(void* arg);
+
+private:
+	/**
+	 * Initializes constructor params
+	 */
+	void ConstructorInit(const char* name, int min, int max, int timeout);
+
+	/**
+	 * Creates a new thread
+	 */
+	void CreateNewThread();
+
+	/**
+	 * Notify one of the threads waiting on a condition
+	 */
+	void Notify();
+
+private:
+	char* m_name;
+	TaskList* m_taskList;
+
+	int m_minThreads;
+	int m_maxThreads;
+	int m_timeout;
+
+	int m_threads;
+	int m_activeThreads;
+
+	PRBool m_threadWait;
+	PRLock* m_threadLock;
+	PRCondVar* m_threadCondVar;
+
+	PRBool m_newThreadInitialized;
+	PRLock* m_newThreadLock;
+	PRCondVar* m_newThreadCondVar;
+
+	bool m_keepRunning;
+};
+
+#endif // __THREAD_POOL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/URLUtil.h b/pki/base/tps/src/include/httpClient/httpc/URLUtil.h
new file mode 100644
index 000000000..379986999
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/URLUtil.h
@@ -0,0 +1,92 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _URL_UTIL_H
+#define _URL_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/**
+ * URL utility functions
+ */
+
+typedef enum {
+	URL_TYPE_HTTP		= 1,
+	URL_TYPE_HTTPS		= 2,
+	URL_TYPE_LDAP		= 3,
+	URL_TYPE_LDAPS		= 4,
+	URL_TYPE_UNKNOWN	= 5
+} UrlType;
+
+class EXPORT_DECL URLUtil {
+private:
+	/**
+	 * Constructor - can't be instantiated
+	 */
+	URLUtil() {}
+
+	/**
+	 * Destructor
+	 */
+	~URLUtil() {}
+
+public:
+	/**
+	 * Parses the URL 
+	 *
+	 * @param url	url to parse
+	 * @param type	protocol header type
+	 * @param host	hostname from the url
+	 * @param port	port number from the url
+	 * @param path	uri from the url
+	 * @return		0 on success, negative error code otherwise
+	 */
+	static int ParseURL( const char* url, 
+						 int* type,
+						 char** host, 
+						 int* port, 
+						 char** path );
+
+private:
+	static int ParseURLType(const char* url, int* type, int* hlen);
+	static int ParseAtPort(const char* url, int* port, char** path);
+	static int ParseAtPath(const char* url, char** path);
+	static int GetPort(const char* url, int* port);
+	static bool IsAsciiSpace(char c);
+	static bool IsAsciiDigit(char c);
+};
+
+#endif // _URL_UTIL_H
+
diff --git a/pki/base/tps/src/include/httpClient/httpc/engine.h b/pki/base/tps/src/include/httpClient/httpc/engine.h
new file mode 100644
index 000000000..73881ed81
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/engine.h
@@ -0,0 +1,76 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _HTTP_ENGINE_
+#define _HTTP_ENGINE_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/request.h"
+
+class __EXPORT Engine {
+    public:
+        Engine() {};
+        ~Engine() {};
+
+        PRFileDesc *_doConnect(PRNetAddr *addr, PRBool SSLOn = PR_FALSE,
+							   const PRInt32* cipherSuite = NULL, 
+                               PRInt32 count = 0, const char* nickname = NULL,
+							   PRBool handshake = PR_FALSE,
+                               /*const SecurityProtocols& secprots = SecurityProtocols() ,*/
+							   const char *serverName ="localhost",
+                               PRIntervalTime iv = PR_SecondsToInterval(30));
+        static PRIntervalTime globaltimeout;
+};
+
+
+class __EXPORT HttpEngine: public Engine {
+    public:
+        HttpEngine() {};
+        ~HttpEngine() {};
+
+        PSHttpResponse *makeRequest( PSHttpRequest &request,
+			 const PSHttpServer& server,
+			 int timeout = 30, PRBool expectChunked = PR_FALSE);
+};
+
+PRBool __EXPORT InitSecurity(char* dbpath, char* certname, char* certpassword,
+							 char * prefix ,int verify=1);
+PRBool __EXPORT EnableCipher(const char* ciphername);
+void  __EXPORT EnableAllSSL3Ciphers();
+__EXPORT const char * nscperror_lookup(int error);
+
+#endif
diff --git a/pki/base/tps/src/include/httpClient/httpc/http.h b/pki/base/tps/src/include/httpClient/httpc/http.h
new file mode 100644
index 000000000..0dccfddbd
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/http.h
@@ -0,0 +1,120 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _HTTP_SERVER_
+#define _HTTP_SERVER_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdlib.h>
+#include <prnetdb.h>
+#include <prio.h>
+#include <time.h>
+#include <plhash.h>
+#include <nspr.h>
+#include <plstr.h>
+
+#include "httpClient/httpc/PSCommonLib.h"
+#include "httpClient/httpc/Cache.h"
+#include "httpClient/httpc/Defines.h"
+//#include "httpClient/httpc/DebugLogger.h"
+//#include "httpClient/httpc/ErrorLogger.h"
+
+#ifdef WIN32
+#define __EXPORT __declspec(dllexport)
+#else
+#define __EXPORT
+#endif
+
+class PSHttpRequest;
+
+class __EXPORT PSHttpServer
+{
+public:
+    PSHttpServer(const char *addr, PRUint16 af);
+    ~PSHttpServer();
+
+    long getIp() const;
+    long getPort() const;
+    const char *getAddr() const;
+    void getAddr(PRNetAddr *addr) const;
+    void setSSL(PRBool SSLstate);
+    PRBool isSSL() const;
+
+    // put a file on the server of size bytes
+    PRBool putFile(const char *uri, int size) const;
+    PRBool putFile(const char* uri, const char* localFile) const;
+
+private:
+    char *_addr;
+    PRNetAddr _netAddr;
+    PRBool SSLOn;
+    PRBool _putFile(PSHttpRequest& rq) const;
+};
+
+typedef __EXPORT enum HttpProtocol_e { HTTPNA    = 0x0, 
+                                       HTTP09    = 0x1, 
+                                       HTTP10    = 0x2, 
+                                       HTTP11    = 0x4, 
+                                       HTTPBOGUS = 0x8 } HttpProtocol;
+
+#define NUM_PROTOS 5 // needed for arrays of tests
+
+__EXPORT const char *HttpProtocolToString(HttpProtocol);
+
+class __EXPORT HttpMessage
+{
+    public:
+        HttpMessage(long len = 0, const char* buf = NULL);
+        ~HttpMessage();
+
+        PRBool          operator == (const HttpMessage& rhs);
+
+        void addData(long len, const void* buf);
+
+        // set data on the message
+        void            setProtocol(HttpProtocol prot);
+
+        // get data about the message
+        HttpProtocol    getProtocol() const;
+
+
+    protected:
+        char*               firstline; // first line - may be the request-line or server status
+        HttpProtocol        proto;
+        long                cl;
+};
+
+
+#endif
diff --git a/pki/base/tps/src/include/httpClient/httpc/request.h b/pki/base/tps/src/include/httpClient/httpc/request.h
new file mode 100644
index 000000000..0399732ef
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/request.h
@@ -0,0 +1,115 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef _REQUEST_H_
+#define _REQUEST_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/http.h"
+
+// abstract request class
+class __EXPORT NetRequest
+{
+    public:
+        NetRequest(const PSHttpServer* server);
+        PRBool         isSSL() const;
+        void           setSSL(PRBool SSLstate);
+        void           getAddr(PRNetAddr *addr);
+        const char*    getAddr();
+        const char*    getHost();
+        const          PSHttpServer * getServer();
+        void           setServer(PSHttpServer* _server);
+        PRIntervalTime getTimeout() const;
+        const PRInt32* cipherSet;
+        PRInt32        cipherCount;
+        PRBool         handshake;
+//        SecurityProtocols secprots;
+
+    protected:
+        PRBool SSLOn;
+        const PSHttpServer * _server;
+        PRIntervalTime timeout;
+        
+};
+
+// Netscape-style request
+class __EXPORT PSHttpRequest: public HttpMessage, public NetRequest
+{
+public:
+    PSHttpRequest(const PSHttpServer* server, const char *uri, HttpProtocol proto, PRIntervalTime to);
+    virtual ~PSHttpRequest();
+
+    // connection related stuff
+
+    // set data on the request
+    PRBool         setMethod(const char *method);
+    PRBool         addHeader(const char *name, const char *value);
+    PRBool         addRandomBody(int size);
+    PRBool         useLocalFileAsBody(const char* fileName);
+    PRBool         setBody(int size, const char* body);
+    void           setExpectedResponseLength(int size);
+    void           setExpectStandardBody();
+    void           setExpectDynamicBody();
+    void           setHangupOk();
+    PRBool         isHangupOk();
+
+    // get data about the request
+    char           *getMethod();
+    //HttpProtocol   getProtocol();
+	const char	   *getHeader(const char *name);
+    int            getExpectedResponseLength();
+    PRBool         getExpectStandardBody();
+    PRBool         getExpectDynamicBody();
+
+    PRBool send(PRFileDesc *sock);
+	void setCertNickName(const char *);
+	char *getCertNickName();
+
+private:
+    char            *_method;
+    char            *_uri;
+    HttpProtocol     _proto;
+    int              _bodyLength;
+	char            *_body;
+    char			*nickName;
+	StringKeyCache	 *_headers;
+    int              _expectedResponseLength;
+    PRBool           _expectStandardBody;
+    PRBool           _expectDynamicBody;
+    PRBool           _hangupOk;
+    PRFileDesc*      _fileFd;
+};
+
+#endif
diff --git a/pki/base/tps/src/include/httpClient/httpc/response.h b/pki/base/tps/src/include/httpClient/httpc/response.h
new file mode 100644
index 000000000..5c45d574c
--- /dev/null
+++ b/pki/base/tps/src/include/httpClient/httpc/response.h
@@ -0,0 +1,148 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*-
+ */
+/** BEGIN COPYRIGHT BLOCK
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * END COPYRIGHT BLOCK **/
+
+#ifndef _RESPONSE_H_
+#define _RESPONSE_H_
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/request.h"
+
+class __EXPORT RecvBuf
+{
+public:
+    RecvBuf(const PRFileDesc *socket, int size, int timeout = 30);
+    virtual ~RecvBuf();
+
+    char getChar();
+    void putBack();
+
+    void setChunkedMode();
+    int getAllContent();
+    int getTimeout();
+
+    char *get_content();
+    int get_contentSize();
+
+    class EndOfFile {};
+    class EndOfChunking {};
+
+private:
+    char _getChar();
+    PRBool _getBytes(int size);
+
+    const PRFileDesc *_socket;
+    int _allocSize;
+    char *_buf;
+    int _curPos;
+    int _curSize;
+
+    PRBool _chunkedMode;
+    int _currentChunkSize;
+    int _currentChunkBytesRead;
+    PRIntervalTime _timeout;
+    char *_content;
+    int _contentSize;
+};
+
+
+class __EXPORT Response
+{
+    public:
+        Response(const PRFileDesc *sock, NetRequest *request);
+
+    protected:
+        const PRFileDesc   *_socket;
+        NetRequest		 *_request;
+};
+
+
+class __EXPORT PSHttpResponse: public Response
+{
+    public:
+        PSHttpResponse( const PRFileDesc *sock,
+                        PSHttpRequest *request );
+        PSHttpResponse( const PRFileDesc *sock,
+                        PSHttpRequest *request,
+                        int timeout, PRBool expectChunked );
+        virtual ~PSHttpResponse();
+        virtual PRBool        processResponse();
+
+		int			  getReturnCode();
+        long          getStatus();
+        char         *getStatusString();
+        HttpProtocol  getProtocol();
+        char         *getHeader(const char *name);
+        int			  getHeaders(char ***keys);
+
+        PRBool        checkKeepAlive(); // return true if we *expect* keepalive based on request
+        PRBool        checkConnection();  // return true if connection is open
+
+        long          getBodyLength();
+        char          *getContent();
+	void          freeContent();
+	int getContentSize();
+        char          *toString();
+
+    protected:
+        PSHttpRequest   *_request;
+        int           _verifyStandardBody(RecvBuf &, int, PRBool);
+        PRBool        _handleBody(RecvBuf &buf);
+        void          _checkResponseSanity();
+
+        HttpProtocol  _proto;
+        char         *_protocol;
+        int retcode;
+        char         *_statusNum;
+        char         *_statusString;
+
+        int           _keepAlive;
+        int           _connectionClosed;
+
+        long          _bodyLength;
+
+	PRBool        _expectChunked;
+        PRBool        _chunkedResponse;
+
+        StringKeyCache  *_headers;
+
+        int           _timeout;
+        char          *_content;
+        int	 _contentSize;
+};
+
+
+#endif
diff --git a/pki/base/tps/src/include/main/AttributeSpec.h b/pki/base/tps/src/include/main/AttributeSpec.h
new file mode 100644
index 000000000..3aa0655b5
--- /dev/null
+++ b/pki/base/tps/src/include/main/AttributeSpec.h
@@ -0,0 +1,68 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ATTRIBUTESPEC_H
+#define RA_ATTRIBUTESPEC_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class AttributeSpec
+{
+  public:
+	  AttributeSpec();
+	  ~AttributeSpec();
+  public:
+	  static AttributeSpec *Parse(Buffer *b, int offset);
+	  void SetAttributeID(unsigned long v);
+	  unsigned long GetAttributeID();
+	  void SetType(BYTE v);
+	  BYTE GetType();
+	  void SetData(Buffer data);
+	  Buffer GetData();  // this gets entire AttributeSpec
+	  Buffer GetValue(); // this gets AttributeValue
+   public:
+	  unsigned long m_id;
+	  BYTE m_type;
+	  Buffer m_data; // this contains AttributeValue
+};
+
+#endif /* RA_ATTRIBUTESPEC_H */
diff --git a/pki/base/tps/src/include/main/AuthenticationEntry.h b/pki/base/tps/src/include/main/AuthenticationEntry.h
new file mode 100644
index 000000000..e4ec0715c
--- /dev/null
+++ b/pki/base/tps/src/include/main/AuthenticationEntry.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AUTHENTICATIONENTRY_H
+#define AUTHENTICATIONENTRY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "authentication/Authentication.h"
+
+class AuthenticationEntry
+{
+  public:
+	  AuthenticationEntry();
+	  virtual ~AuthenticationEntry();
+  public: 
+          void SetLibrary(PRLibrary* lib);
+          PRLibrary *GetLibrary();
+          void SetId(const char *id);
+          char *GetId();
+          void SetAuthentication(Authentication *auth);
+          Authentication *GetAuthentication();
+          void SetType(const char *type);
+          char *GetType();
+
+  private:
+          PRLibrary *m_lib;
+          char *m_Id;
+          char *m_type;
+          Authentication *m_authentication;
+};
+
+#endif /* AUTHENTICATIONENTRY_H */
diff --git a/pki/base/tps/src/include/main/Base.h b/pki/base/tps/src/include/main/Base.h
new file mode 100644
index 000000000..3c5260178
--- /dev/null
+++ b/pki/base/tps/src/include/main/Base.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef BASE_H
+#define BASE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "nspr.h"
+
+typedef unsigned char BYTE;
+
+enum nsNKeyMsgEnum {
+  VRFY_FAILURE,
+  VRFY_SUCCESS,
+  ENCODE_DER_PUBKEY_FAILURE,
+  B64ENCODE_FAILURE,
+  VFY_BEGIN_FAILURE,
+  VFY_UPDATE_FAILURE,
+  HTTP_REQ_EXE_FAILURE,
+  HTTP_ERROR_RCVD,
+  BASE64_DECODE_FAILURE,
+  REQ_TO_CA_SUCCESS,
+  MSG_INVALID
+};
+
+struct ReturnStatus {
+  PRStatus status;
+  nsNKeyMsgEnum statusNum;
+};
+
+#endif /* BASE_H */
diff --git a/pki/base/tps/src/include/main/Buffer.h b/pki/base/tps/src/include/main/Buffer.h
new file mode 100644
index 000000000..4fa7af6df
--- /dev/null
+++ b/pki/base/tps/src/include/main/Buffer.h
@@ -0,0 +1,196 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef BUFFER_H
+#define BUFFER_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "main/Base.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * This class represents a byte array.
+ */
+class Buffer {
+
+  private:
+    BYTE *buf;
+    unsigned int len;
+    unsigned int res;
+
+  public:
+    /**
+     * Creates an empty Buffer.
+     */
+    TPS_PUBLIC Buffer() : buf(0), len(0), res(0) { }
+
+    /**
+     * Creates a Buffer of length 'len', with each byte initialized to 'b'.
+     */
+    TPS_PUBLIC Buffer(unsigned int len, BYTE b);
+
+    /**
+     * Creates a Buffer of length 'len', initialized to zeroes.
+     */
+    TPS_PUBLIC explicit Buffer(unsigned int len);
+
+    /**
+     * Creates a Buffer of length 'len', initialized from 'buf'. 'buf' must
+     * contain at least 'len' bytes.
+     */
+    TPS_PUBLIC Buffer(const BYTE* buf, unsigned int len);
+
+    /**
+     * Copy constructor.
+     */
+    TPS_PUBLIC Buffer(const Buffer& cpy);
+
+    /**
+     * Destructor.
+     */
+    TPS_PUBLIC ~Buffer();
+
+    /**
+     * Assignment operator.
+     */
+    TPS_PUBLIC Buffer& operator=(const Buffer& cpy);
+
+    /**
+     * Returns true if the two buffers are the same length and contain
+     * the same byte at each offset.
+     */
+    TPS_PUBLIC bool operator==(const Buffer& cmp) const;
+
+    /**
+     * Returns ! operator==(cmp).
+     */
+    TPS_PUBLIC bool operator!=(const Buffer& cmp) const { return ! (*this == cmp); }
+
+    /**
+     * Concatenation operator.
+     */
+    TPS_PUBLIC Buffer operator+(const Buffer&addend) const;
+
+    /**
+     * Append operators.
+     */
+    TPS_PUBLIC Buffer& operator+=(const Buffer&addend);
+    TPS_PUBLIC Buffer& operator+=(BYTE b);
+
+    /**
+     * Returns a pointer into the Buffer. This also enables the subscript
+     * operator, so you can say, for example, 'buf[4] = b' or 'b = buf[4]'.
+     */
+    TPS_PUBLIC operator BYTE*() { return buf; }
+    TPS_PUBLIC operator const BYTE*() const { return buf; }
+
+    /**
+     * The length of buffer. The actual amount of space allocated may be
+     * higher--see capacity().
+     */
+    TPS_PUBLIC unsigned int size() const { return len; }
+
+    /**
+     * The amount of memory allocated for the buffer. This is the maximum
+     * size the buffer can grow before it needs to allocate more memory.
+     */
+    TPS_PUBLIC unsigned int capacity() const { return res; }
+
+    /**
+     * Sets all bytes in the buffer to 0.
+     */
+    TPS_PUBLIC void zeroize();
+
+    /**
+     * Changes the length of the Buffer. If 'newLen' is shorter than the
+     * current length, the Buffer is truncated. If 'newLen' is longer, the
+     * new bytes are initialized to 0. If 'newLen' is the same as size(),
+     * this is a no-op.
+     */
+    TPS_PUBLIC void resize(unsigned int newLen);
+
+    /**
+     * Ensures that capacity() is at least 'reserve'. Allocates more memory
+     * if necessary. If 'reserve' is <= capacity(), this is a no-op.
+     * Does not affect size().
+     */
+    TPS_PUBLIC void reserve(unsigned int reserve);
+
+    /**
+     * Returns a new Buffer that is a substring of this Buffer, starting
+     * from offset 'start' and continuing for 'len' bytes. This Buffer
+     * must have size() >= (start + len).
+     */
+    TPS_PUBLIC Buffer substr(unsigned int start, unsigned int len) const;
+
+    /**
+     * Replaces bytes i through i+n in this Buffer using the values in 'cpy'.
+     * This Buffer is resized if necessary. The 'cpy' argument can be a
+     * Buffer.
+     */
+    TPS_PUBLIC void replace(unsigned int i, const BYTE* cpy, unsigned int n);
+
+    /**
+     * returns a hex version of the buffer
+     */
+    TPS_PUBLIC char *toHex();
+
+    /**
+     * Dumps this Buffer to the given file as formatted hex: 16 bytes per
+     * line, separated by spaces.
+     */
+    TPS_PUBLIC void dump(FILE* file) const;
+
+    /**
+     * returns a null-terminated string of the buf.
+     * should be called only by callers that are certain that buf
+     * is entirely representable by printable characters and wants
+     * a string instead.
+     */
+    TPS_PUBLIC char *string();
+
+    /**
+     * dump()s this Buffer to stdout.
+     */
+    TPS_PUBLIC void dump() const;
+
+};
+
+#endif
diff --git a/pki/base/tps/src/include/main/ConfigStore.h b/pki/base/tps/src/include/main/ConfigStore.h
new file mode 100644
index 000000000..d34e0ce7b
--- /dev/null
+++ b/pki/base/tps/src/include/main/ConfigStore.h
@@ -0,0 +1,126 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef CONFIG_STORE_H
+#define CONFIG_STORE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "plhash.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+class ConfigStoreRoot;
+
+class ConfigStore
+{
+  public:
+	  ConfigStore(ConfigStoreRoot* root, const char *subStoreName);
+      //ConfigStore::ConfigStore(const ConfigStore &X);
+
+	  ~ConfigStore();
+	  static ConfigStore *Parse(const char *s, const char *separator);
+	  static ConfigStore *CreateFromConfigFile(const char *cfg_path);
+
+	  int                 IsNameDefined(const char *name);
+          void                SetFilePath(const char* cfg_file_path);
+	  void                Add(const char *name, const char *value);
+          void                Remove(const char *name);
+	  const char *        GetConfig(const char *name);
+	  int                 Size();
+	  const char *        GetNameAt(int pos);
+	  ConfigStore         GetSubStore(const char*name);
+	  ConfigStore         *GetPatternSubStore(const char* pattern);
+
+	// Retrieve config parameters
+      Buffer *         GetConfigAsBuffer(const char *key);
+      Buffer *         GetConfigAsBuffer(const char *key, const char *def);
+	  int              GetConfigAsInt(const char *key);
+	  TPS_PUBLIC int GetConfigAsInt(const char *key, int def); 
+	  unsigned int     GetConfigAsUnsignedInt(const char *key);
+	  TPS_PUBLIC unsigned int GetConfigAsUnsignedInt(const char *key,
+                                                       unsigned int def); 
+      bool              GetConfigAsBool(const char *key);
+      TPS_PUBLIC bool GetConfigAsBool(const char *key, bool def); 
+      TOKENDB_PUBLIC const char *GetConfigAsString(const char *key, const char *def);  
+      TPS_PUBLIC int Commit(const bool backup, char* error_msg, int len);
+      TPS_PUBLIC const char *GetConfigAsString(const char *key);
+      TPS_PUBLIC const char *GetOrderedList();
+	  /**
+	   * operator[] is used to look up config strings in the ConfigStore.
+	   * For example:
+	   * <PRE>
+	   *   const char *param = cfg["filename"];           // equivalent
+	   *   const char *param = cfg.GetConfig("filename"); // equivalent
+	   * </PRE>
+	   */
+      const char *      operator[](const char*key);
+
+  private: 
+	  char      *m_substore_name;
+	  ConfigStoreRoot *m_root;
+          char      *m_cfg_file_path;
+          PRLock *m_lock;
+};
+
+class ConfigStoreRoot
+{
+	  friend class ConfigStore;
+    public:
+	  ConfigStoreRoot();
+	  ~ConfigStoreRoot();
+	  void addref();
+	  void release();
+	
+	private:
+	  PLHashTable* getSet();
+	  PLHashTable *m_set;
+	  int          m_set_refcount;
+
+};
+
+
+
+#endif /* CONFIG_STORE_H */
diff --git a/pki/base/tps/src/include/main/LogFile.h b/pki/base/tps/src/include/main/LogFile.h
new file mode 100644
index 000000000..663929eb2
--- /dev/null
+++ b/pki/base/tps/src/include/main/LogFile.h
@@ -0,0 +1,89 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef LOGFILE_H
+#define LOGFILE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "main/RA_Context.h"
+#include "main/Util.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class LogFile {
+  protected:
+    PRFileDesc *m_fd;
+    char* m_fname;
+    volatile bool m_signed_log; 
+    volatile size_t m_bytes_written;
+    volatile bool m_signed;  
+    PRMonitor *m_monitor;
+    RA_Context *m_ctx;
+
+  public:
+    TPS_PUBLIC LogFile();  
+    TPS_PUBLIC virtual ~LogFile() {} 
+
+    /* startup and shutdown */
+    virtual int startup(RA_Context* ctx, const char* prefix, const char *fname, bool sign_audit);
+    virtual void shutdown();
+    virtual void child_init() {}
+
+    /* open/close the file */
+    int open();
+    int close();
+    bool isOpen();
+
+    /* read and write */
+    virtual int write(const char * msg);
+    int printf(const char* fmt, ...);
+    int write(char *msg, size_t n);
+    int vfprintf(const char* fmt, va_list ap);
+    int ReadLine(char *buf, int buf_len, int *removed_return);
+
+    /* accessor and setters */
+    void setSigned(bool val);
+    bool getSigned();
+    int get_bytes_written(); 
+    void set_bytes_written(int val);
+    RA_Context * get_context();
+    void set_context(RA_Context *ctx);
+};
+
+#endif
diff --git a/pki/base/tps/src/include/main/Login.h b/pki/base/tps/src/include/main/Login.h
new file mode 100644
index 000000000..81a22870e
--- /dev/null
+++ b/pki/base/tps/src/include/main/Login.h
@@ -0,0 +1,55 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef LOGIN_H
+#define LOGIN_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+
+class Login
+{
+  public:
+	  Login(char *uid, char *pwd);
+	  ~Login();
+  public:
+	  char *GetUID();
+	  char *GetPassword();
+  private:
+	  char *m_uid;
+	  char *m_pwd;
+};
+
+#endif /* LOGIN_H */
diff --git a/pki/base/tps/src/include/main/Memory.h b/pki/base/tps/src/include/main/Memory.h
new file mode 100644
index 000000000..ca9608466
--- /dev/null
+++ b/pki/base/tps/src/include/main/Memory.h
@@ -0,0 +1,130 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_MEMORY_H
+#define RA_MEMORY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/MemoryMgr.h"
+
+#ifdef MEM_PROFILING
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+extern void MEM_init(char *audit_file, char *dump_file);
+extern void MEM_shutdown();
+extern void MEM_dump_unfree();
+extern char *MEM_strdup(const char *, const char *, const char *, const char *, int);
+extern void *MEM_malloc(int, const char *, const char *, const char *, int);
+extern void MEM_free(void *i, const char *, const char *, const char *, int);
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#ifdef malloc
+#undef malloc
+#endif
+
+#ifdef free
+#undef free
+#endif
+
+#ifdef strdup
+#undef strdup
+#endif
+
+#ifdef PL_strdup
+#undef PL_strdup
+#endif
+
+#ifdef PL_strfree
+#undef PL_strfree
+#endif
+
+
+#define strdup(s)          MEM_strdup(s,"strcpy",__FUNCTION__,__FILE__,__LINE__)
+#define malloc(size)       MEM_malloc(size,"malloc",__FUNCTION__,__FILE__,__LINE__)
+#define free(p)            MEM_free(p,"free",__FUNCTION__,__FILE__,__LINE__)
+#define PR_MALLOC(size)    MEM_malloc(size,"PL_MALLOC",__FUNCTION__,__FILE__,__LINE__)
+#define PR_Malloc(size)    MEM_malloc(size,"PR_Malloc",__FUNCTION__,__FILE__,__LINE__)
+#define PR_Free(p)         MEM_free(p,"free",__FUNCTION__,__FILE__,__LINE__)
+
+#define PL_strdup(s)       MEM_strdup(s,"PL_strdup",__FUNCTION__,__FILE__,__LINE__)
+#define PL_strfree(p)      MEM_free(p,"PL_strfree",__FUNCTION__,__FILE__,__LINE__)
+
+#if 0
+extern void *operator new(size_t size, const char *func, const char *file, int line);
+extern void *operator new[](size_t size, const char *func, const char *file, int line);
+#endif
+extern void operator delete(void* p);
+extern void operator delete[](void* p);
+
+inline void *operator new(size_t size, const char *func, const char *file, int line)
+{
+	  return MEM_malloc(size, "new", func, file, line);
+}
+
+inline void *operator new[](size_t size, const char *func, const char *file, int line)  
+{
+	  return MEM_malloc(size, "new[]", func, file, line);
+}
+
+#if 0
+inline void operator delete(void *p)
+{
+	  MEM_free(p,"delete","", "", 0);
+}
+
+inline void operator delete[](void *p)
+{
+           MEM_free(p,"delete[]","", "", 0);
+}
+#endif
+
+
+#ifdef new
+#undef new
+#endif
+
+#define new                new(__FUNCTION__,__FILE__,__LINE__)
+
+#endif
+
+#endif /* RA_MEMORY_H */
diff --git a/pki/base/tps/src/include/main/MemoryMgr.h b/pki/base/tps/src/include/main/MemoryMgr.h
new file mode 100644
index 000000000..7e2f71dc1
--- /dev/null
+++ b/pki/base/tps/src/include/main/MemoryMgr.h
@@ -0,0 +1,46 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_MEMORY_MGR_H
+#define RA_MEMORY_MGR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+/* Uncomment the following to enable memory profiling */
+
+/* #define MEM_PROFILING  */
+#define MEM_AUDIT_FILE "/tmp/mem-audit.log" 
+#define MEM_DUMP_FILE  "/tmp/mem-dump.log"
+
+#endif /* RA_MEMORY_MGR_H */
diff --git a/pki/base/tps/src/include/main/NameValueSet.h b/pki/base/tps/src/include/main/NameValueSet.h
new file mode 100644
index 000000000..6c9055a59
--- /dev/null
+++ b/pki/base/tps/src/include/main/NameValueSet.h
@@ -0,0 +1,72 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef NAME_VALUE_SET_H
+#define NAME_VALUE_SET_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "plhash.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class NameValueSet
+{
+  public:
+	  TPS_PUBLIC NameValueSet();
+	  TPS_PUBLIC ~NameValueSet();
+  public:
+	  TPS_PUBLIC static NameValueSet *Parse(const char *s, const char *separator);
+	  TPS_PUBLIC int IsNameDefined(const char *name);
+	  TPS_PUBLIC void Remove(const char *name);
+	  TPS_PUBLIC void Add(const char *name, const char *value);
+	  TPS_PUBLIC char *GetValue(const char *name);
+	  TPS_PUBLIC int Size();
+	  TPS_PUBLIC char *GetNameAt(int pos);
+	  TPS_PUBLIC int GetValueAsInt(const char *key);
+	  TPS_PUBLIC int GetValueAsInt(const char *key, int def); 
+          TPS_PUBLIC int GetValueAsBool(const char *key);
+          TPS_PUBLIC int GetValueAsBool(const char *key, int def); 
+          TPS_PUBLIC char *GetValueAsString(const char *key, char *def);  
+          TPS_PUBLIC char *GetValueAsString(const char *key);
+
+  private: 
+	  PLHashTable *m_set;
+};
+
+#endif /* NAME_VALUE_SET_H */
diff --git a/pki/base/tps/src/include/main/ObjectSpec.h b/pki/base/tps/src/include/main/ObjectSpec.h
new file mode 100644
index 000000000..3b0bee72c
--- /dev/null
+++ b/pki/base/tps/src/include/main/ObjectSpec.h
@@ -0,0 +1,79 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_OBJECTSPEC_H
+#define RA_OBJECTSPEC_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/AttributeSpec.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class ObjectSpec
+{
+  public:
+	  ObjectSpec();
+	  ~ObjectSpec();
+  public:
+	  static ObjectSpec *ParseFromTokenData(unsigned long objid, Buffer *b);
+	  static ObjectSpec *Parse(Buffer *b, int offset, int *nread);
+	  static void ParseAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+	  static void ParseCertificateAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+	  static void ParseKeyAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+	  static void ParseCertificateBlob(char *objectID, ObjectSpec *ObjectSpec, Buffer *b);
+
+	  void SetObjectID(unsigned long v);
+	  unsigned long GetObjectID();
+	  void SetFixedAttributes(unsigned long v);
+	  unsigned long GetFixedAttributes();
+	  int GetAttributeSpecCount();
+	  AttributeSpec *GetAttributeSpec(int p);
+	  void AddAttributeSpec(AttributeSpec *p);
+          void RemoveAttributeSpec(int p);
+	  Buffer GetData();
+  public:
+	  unsigned long m_objectID;
+	  unsigned long m_fixedAttributes;
+#define MAX_ATTRIBUTE_SPEC 30
+	  AttributeSpec *m_attributeSpec[MAX_ATTRIBUTE_SPEC];
+};
+
+#endif /* RA_OBJECTSPEC_H */
diff --git a/pki/base/tps/src/include/main/PKCS11Obj.h b/pki/base/tps/src/include/main/PKCS11Obj.h
new file mode 100644
index 000000000..ef3fca964
--- /dev/null
+++ b/pki/base/tps/src/include/main/PKCS11Obj.h
@@ -0,0 +1,80 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PKCS11OBJ_H
+#define RA_PKCS11OBJ_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/ObjectSpec.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class PKCS11Obj
+{
+  public:
+	  PKCS11Obj();
+	  ~PKCS11Obj();
+  public:
+	  static PKCS11Obj *Parse(Buffer *b, int offset);
+	  void SetFormatVersion(unsigned short v);
+	  unsigned short GetFormatVersion();
+	  void SetObjectVersion(unsigned short v);
+	  unsigned short GetObjectVersion();
+	  void SetCUID(Buffer CUID);
+	  Buffer GetCUID();
+	  void SetTokenName(Buffer tokenName);
+	  Buffer GetTokenName();
+	  Buffer GetData();
+	  Buffer GetCompressedData();
+	int GetObjectSpecCount();
+	ObjectSpec *GetObjectSpec(int p);
+	void AddObjectSpec(ObjectSpec *p);
+	void RemoveObjectSpec(int p);
+  public:
+	unsigned short m_formatVersion;
+	unsigned short m_objectVersion;
+	Buffer m_CUID;
+	Buffer m_tokenName;
+#define MAX_OBJECT_SPEC 20
+	ObjectSpec *m_objSpec[MAX_OBJECT_SPEC];
+};
+
+#endif /* RA_PKCS11OBj_H */
diff --git a/pki/base/tps/src/include/main/PublishEntry.h b/pki/base/tps/src/include/main/PublishEntry.h
new file mode 100644
index 000000000..05d5939a4
--- /dev/null
+++ b/pki/base/tps/src/include/main/PublishEntry.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PUBLISH_ENTRY_H
+#define RA_PUBLISH_ENTRY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "publisher/IPublisher.h"
+#define MAX_PUBLISHERS 10
+
+struct PublisherEntry
+{
+
+    char *id;
+    IPublisher *publisher;
+    PRLibrary *publisher_lib;
+    char      *factory;
+
+    struct  PublisherEntry *next;
+};
+
+typedef struct PublisherEntry  PublisherEntry;
+
+#endif /* RA_PUBLISH_ENTRY_H */
+
diff --git a/pki/base/tps/src/include/main/RA_Context.h b/pki/base/tps/src/include/main/RA_Context.h
new file mode 100644
index 000000000..e313f45fd
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_Context.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_CONTEXT_H
+#define RA_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Context
+{
+  public:
+	  TPS_PUBLIC RA_Context();
+	  TPS_PUBLIC virtual ~RA_Context();
+  public:
+          virtual void LogError(const char *func, int line, const char *fmt,...);
+          virtual void LogInfo(const char *func, int line, const char *fmt,...);
+          virtual void InitializationError(const char *func, int line);
+};
+
+#endif /* RA_CONTEXT_H */
diff --git a/pki/base/tps/src/include/main/RA_Msg.h b/pki/base/tps/src/include/main/RA_Msg.h
new file mode 100644
index 000000000..d94063b00
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_Msg.h
@@ -0,0 +1,79 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_MSG_H
+#define RA_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+
+enum RA_Op_Type {
+	OP_ENROLL = 1,
+	OP_UNBLOCK = 2,
+	OP_RESET_PIN = 3,
+	OP_RENEW = 4,
+	OP_FORMAT = 5
+};
+
+enum RA_Msg_Type {
+	MSG_UNDEFINED = -1,
+	MSG_BEGIN_OP = 2,
+	MSG_LOGIN_REQUEST = 3,
+	MSG_LOGIN_RESPONSE = 4,
+	MSG_SECUREID_REQUEST = 5,
+	MSG_SECUREID_RESPONSE = 6,
+	MSG_ASQ_REQUEST = 7,
+	MSG_ASQ_RESPONSE = 8,
+	MSG_NEW_PIN_REQUEST = 11,
+	MSG_NEW_PIN_RESPONSE = 12,
+	MSG_TOKEN_PDU_REQUEST = 9,
+	MSG_TOKEN_PDU_RESPONSE = 10,
+	MSG_END_OP = 13,
+	MSG_STATUS_UPDATE_REQUEST = 14,
+	MSG_STATUS_UPDATE_RESPONSE = 15,
+	MSG_EXTENDED_LOGIN_REQUEST = 16,
+	MSG_EXTENDED_LOGIN_RESPONSE = 17
+};
+
+class RA_Msg
+{
+  public:
+	  RA_Msg();
+	  virtual ~RA_Msg();
+  public:
+	  virtual RA_Msg_Type GetType();
+};
+
+#endif /* RA_MSG_H */
diff --git a/pki/base/tps/src/include/main/RA_Session.h b/pki/base/tps/src/include/main/RA_Session.h
new file mode 100644
index 000000000..520a94b6a
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_Session.h
@@ -0,0 +1,61 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_SESSION_H
+#define RA_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_pblock.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Session
+{
+  public:
+	  TPS_PUBLIC RA_Session();
+	  TPS_PUBLIC virtual ~RA_Session();
+  public:
+	  virtual RA_pblock *create_pblock( char *data );
+	  virtual RA_Msg *ReadMsg();
+	  virtual char *GetRemoteIP();
+	  virtual void WriteMsg(RA_Msg *msg);
+};
+
+#endif /* RA_SESSION_H */
diff --git a/pki/base/tps/src/include/main/RA_pblock.h b/pki/base/tps/src/include/main/RA_pblock.h
new file mode 100644
index 000000000..685dc321b
--- /dev/null
+++ b/pki/base/tps/src/include/main/RA_pblock.h
@@ -0,0 +1,74 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PBLOCK_H
+#define RA_PBLOCK_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Buffer.h"
+
+#define MAX_NVS 50
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+struct Buffer_nv {
+    char *name;
+    char *value_s;
+    Buffer *value;
+};
+
+class RA_pblock
+{
+    public:
+        TPS_PUBLIC RA_pblock( int tm_nargs, Buffer_nv** tm_nvs );
+        TPS_PUBLIC ~RA_pblock();
+    public:
+        Buffer_nv **GetNVs();
+        TPS_PUBLIC Buffer *find_val( const char * name );
+        TPS_PUBLIC char* find_val_s( const char * name );
+        void free_pblock();
+        TPS_PUBLIC char *get_name( int i );
+        TPS_PUBLIC int get_num_of_names();
+    public:
+        // an array of pointers to name/value pairs
+        Buffer_nv *m_nvs[MAX_NVS];
+        int m_nargs;
+};
+
+#endif /* RA_PBLOCK_H */
diff --git a/pki/base/tps/src/include/main/RollingLogFile.h b/pki/base/tps/src/include/main/RollingLogFile.h
new file mode 100644
index 000000000..63239b94b
--- /dev/null
+++ b/pki/base/tps/src/include/main/RollingLogFile.h
@@ -0,0 +1,93 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef ROLLINGLOGFILE_H
+#define ROLLINGLOGFILE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "main/LogFile.h"
+
+class RollingLogFile: public LogFile {
+  private:
+    size_t m_max_file_size;
+    volatile int m_rollover_interval;
+    volatile int m_expiration_time;
+    int m_expiration_sleep_time;
+    volatile bool m_rotation_needed;
+    PRThread* m_rollover_thread;
+    PRThread* m_expiration_thread;
+
+  public: 
+    static const char *CFG_MAX_FILE_SIZE;
+    static const char *CFG_ROLLOVER_INTERVAL;
+    static const char *CFG_EXPIRATION_INTERVAL;
+    static const int MAX_SLEEP;
+
+  public:
+    TPS_PUBLIC RollingLogFile();
+    TPS_PUBLIC ~RollingLogFile() {} 
+
+    int startup(RA_Context *ctx, const char* prefix, const char *fname, bool sign_audit);
+    void shutdown();
+    void child_init();
+    int write(char *msg);
+    void rotate();
+
+    /* accessors and mutators */
+    void set_rollover_interval(int interval);
+    int get_rollover_interval();
+    void set_expiration_time(int interval);
+    int get_expiration_time();
+    void set_rotation_needed(bool val);
+    bool get_rotation_needed();
+
+  private:
+    static void start_rollover_thread(void *args);
+    void run_rollover_thread();
+
+    static void start_expiration_thread(void *args); 
+    void run_expiration_thread();
+    void expire();
+
+};
+
+#endif
diff --git a/pki/base/tps/src/include/main/SecureId.h b/pki/base/tps/src/include/main/SecureId.h
new file mode 100644
index 000000000..fd7e6a158
--- /dev/null
+++ b/pki/base/tps/src/include/main/SecureId.h
@@ -0,0 +1,55 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef SECUREID_H
+#define SECUREID_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+
+class SecureId
+{
+  public:
+	  SecureId(char *value, char *pin);
+	  ~SecureId();
+  public:
+	  char *GetValue();
+	  char *GetPIN(); /* optional pin */
+  private: 
+	  char *m_value; 
+          char *m_pin;
+};
+
+#endif /* RA_MSG_H */
diff --git a/pki/base/tps/src/include/main/Util.h b/pki/base/tps/src/include/main/Util.h
new file mode 100644
index 000000000..c4d670483
--- /dev/null
+++ b/pki/base/tps/src/include/main/Util.h
@@ -0,0 +1,99 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_UTIL_H
+#define RA_UTIL_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "pk11func.h"
+#include "main/Buffer.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class Util
+{
+  public:
+	  TPS_PUBLIC Util();
+	  TPS_PUBLIC ~Util();
+  public:
+          TPS_PUBLIC static int ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return);
+          TPS_PUBLIC static int ascii2numeric(char ch);
+	  TPS_PUBLIC static char *Buffer2String (Buffer &data);
+	  TPS_PUBLIC static Buffer *Str2Buf (const char *s);
+	  TPS_PUBLIC static char *URLEncode (Buffer &data);
+	  TPS_PUBLIC static char *URLEncodeInHex (Buffer &data);
+	  TPS_PUBLIC static char *URLEncode (const char *data);
+	  TPS_PUBLIC static char *URLEncode1 (const char *data);
+	  TPS_PUBLIC static Buffer *URLDecode(const char *data);
+	  TPS_PUBLIC static char *SpecialURLEncode (Buffer &data);
+	  TPS_PUBLIC static Buffer *SpecialURLDecode(const char *data);
+          TPS_PUBLIC static PRStatus GetRandomChallenge(Buffer &random);
+          TPS_PUBLIC static PRStatus CreateKeySetData(
+                             Buffer &key_set_version,
+                             Buffer &old_kek_key, 
+			     Buffer &new_auth_key, 
+			     Buffer &new_mac_key, 
+			     Buffer &new_kek_key, 
+			     Buffer &output);
+          TPS_PUBLIC static PRStatus ComputeCryptogram(PK11SymKey *key,
+			  const Buffer &card_challenge, 
+			  const Buffer &host_challenge,
+			  Buffer &output);
+	  TPS_PUBLIC static PRStatus ComputeMAC(PK11SymKey *key, 
+			  Buffer &input, const Buffer &icv, 
+			  Buffer &output);
+	  TPS_PUBLIC static PRStatus ComputeKeyCheck(
+			  const Buffer& newKey, Buffer& output);
+          TPS_PUBLIC static PK11SymKey *DeriveKey(const Buffer& permKey,
+		        const Buffer& hostChallenge,
+	              	const Buffer& cardChallenge);
+	  TPS_PUBLIC static PRStatus EncryptData(PK11SymKey *encSessionKey,
+			  Buffer &input, Buffer &output);
+	  TPS_PUBLIC static PRStatus EncryptData(Buffer &kek_key, 
+			  Buffer &input, Buffer &output);
+          TPS_PUBLIC static PK11SymKey *DiversifyKey(PK11SymKey *master, 
+                          Buffer &data, PK11SlotInfo *slot);
+	  TPS_PUBLIC static PRStatus DecryptData(Buffer &kek_key, 
+			  Buffer &input, Buffer &output);
+	  TPS_PUBLIC static PRStatus DecryptData(PK11SymKey* enc_key, 
+			  Buffer &input, Buffer &output);
+          TPS_PUBLIC static BYTE*    bool2byte(bool p);
+};
+
+#endif /* RA_UTIL_H */
diff --git a/pki/base/tps/src/include/modules/tps/AP_Context.h b/pki/base/tps/src/include/modules/tps/AP_Context.h
new file mode 100644
index 000000000..4faca55ac
--- /dev/null
+++ b/pki/base/tps/src/include/modules/tps/AP_Context.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AP_CONTEXT_H
+#define AP_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Context.h"
+
+class AP_Context : public RA_Context
+{
+    public:
+        AP_Context( server_rec *sv );
+        virtual ~AP_Context();
+    public:
+        virtual void LogError( const char *func, int line,
+                               const char *fmt, ... );
+        virtual void LogInfo( const char *func, int line,
+                              const char *fmt, ... );
+        virtual void InitializationError( const char *func, int line );
+    private:
+        server_rec *m_sv;
+};
+
+#endif /* AP_CONTEXT_H */
diff --git a/pki/base/tps/src/include/modules/tps/AP_Session.h b/pki/base/tps/src/include/modules/tps/AP_Session.h
new file mode 100644
index 000000000..832166a1b
--- /dev/null
+++ b/pki/base/tps/src/include/modules/tps/AP_Session.h
@@ -0,0 +1,56 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef AP_SESSION_H
+#define AP_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Session.h"
+
+class AP_Session : public RA_Session
+{
+    public:
+        AP_Session( request_rec *rq );
+        virtual ~AP_Session();
+    public:
+        virtual char *GetRemoteIP();
+        virtual RA_pblock *create_pblock( char *data );
+        virtual RA_Msg *ReadMsg();
+        virtual void WriteMsg( RA_Msg *msg );
+    private:
+        request_rec *m_rq;
+};
+
+#endif /* AP_SESSION_H */
diff --git a/pki/base/tps/src/include/msg/RA_ASQ_Request_Msg.h b/pki/base/tps/src/include/msg/RA_ASQ_Request_Msg.h
new file mode 100644
index 000000000..15f8bd7a4
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_ASQ_Request_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ASQ_REQUEST_MSG_H
+#define RA_ASQ_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_ASQ_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_ASQ_Request_Msg(char *question);
+	  TPS_PUBLIC ~RA_ASQ_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetQuestion();
+  private:
+	  char *m_question;
+};
+
+#endif /* RA_ASQ_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_ASQ_Response_Msg.h b/pki/base/tps/src/include/msg/RA_ASQ_Response_Msg.h
new file mode 100644
index 000000000..3614e443f
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_ASQ_Response_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ASQ_RESPONSE_MSG_H
+#define RA_ASQ_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_ASQ_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_ASQ_Response_Msg(char *answer);
+	  TPS_PUBLIC ~RA_ASQ_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetAnswer();
+  private:
+	  char *m_answer;
+};
+
+#endif /* RA_ASQ_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Begin_Op_Msg.h b/pki/base/tps/src/include/msg/RA_Begin_Op_Msg.h
new file mode 100644
index 000000000..48a61a659
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Begin_Op_Msg.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_BEGIN_OP_MSG_H
+#define RA_BEGIN_OP_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Begin_Op_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Begin_Op_Msg(RA_Op_Type op, NameValueSet *exts);
+	  TPS_PUBLIC ~RA_Begin_Op_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC RA_Op_Type GetOpType();
+	  TPS_PUBLIC NameValueSet *GetExtensions();
+  private:
+	  RA_Op_Type m_op;
+	  NameValueSet *m_exts;
+};
+
+#endif /* RA_BEGIN_OP_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_End_Op_Msg.h b/pki/base/tps/src/include/msg/RA_End_Op_Msg.h
new file mode 100644
index 000000000..fe396f05b
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_End_Op_Msg.h
@@ -0,0 +1,84 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_END_OP_MSG_H
+#define RA_END_OP_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+
+#define    NKEY_ERROR_NO_ERROR 0
+#define    NKEY_ERROR_SNAC 1
+#define    NKEY_ERROR_SEC_INIT_UPDATE 2
+#define    NKEY_ERROR_CREATE_CARDMGR 3
+#define    NKEY_ERROR_MAC_RESET_PIN_PDU 4
+#define    NKEY_ERROR_MAC_CERT_PDU 5
+#define    NKEY_ERROR_MAC_LIFESTYLE_PDU 6
+#define    NKEY_ERROR_MAC_ENROLL_PDU 7
+#define    NKEY_ERROR_READ_OBJECT_PDU 8
+#define    NKEY_ERROR_BAD_STATUS 9
+#define    NKEY_ERROR_CA_RESPONSE 10
+#define    NKEY_ERROR_READ_BUFFER_OVERFLOW 11
+#define    NKEY_ERROR_TOKEN_RESET_PIN_FAILED 12
+#define    NKEY_ERROR_CONNECTION 13
+
+#define    RESULT_GOOD       0
+#define    RESULT_ERROR 1
+
+class RA_End_Op_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_End_Op_Msg(RA_Op_Type op, int result, int msg);
+	  TPS_PUBLIC ~RA_End_Op_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC RA_Op_Type GetOpType();
+	  TPS_PUBLIC int GetResult();
+	  TPS_PUBLIC int GetMsg();
+  private:
+	  RA_Op_Type m_op;
+	  int m_result;
+	  int m_msg;
+};
+
+#endif /* RA_BEGIN_OP_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Extended_Login_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Extended_Login_Request_Msg.h
new file mode 100644
index 000000000..fdfceedcf
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Extended_Login_Request_Msg.h
@@ -0,0 +1,73 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_EXTENDED_LOGIN_REQUEST_MSG_H
+#define RA_EXTENDED_LOGIN_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Extended_Login_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Extended_Login_Request_Msg(int invalid_pw, 
+            int blocked, char **parameters, int len, 
+            char *title, char *description);
+	  TPS_PUBLIC ~RA_Extended_Login_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int IsInvalidPassword();
+	  TPS_PUBLIC int IsBlocked();
+	  TPS_PUBLIC int GetLen();
+	  TPS_PUBLIC char *GetParam(int i);
+	  TPS_PUBLIC char *GetTitle();
+	  TPS_PUBLIC char *GetDescription();
+  private:
+          char *m_title;
+          char *m_description;
+	  int m_invalid_pw;
+	  int m_blocked;
+	  char **m_parameters;
+          int m_len;
+};
+
+#endif /* RA_EXTENDED_LOGIN_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Extended_Login_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Extended_Login_Response_Msg.h
new file mode 100644
index 000000000..37da9feb3
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Extended_Login_Response_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_EXTENDED_LOGIN_RESPONSE_MSG_H
+#define RA_EXTENDED_LOGIN_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "authentication/AuthParams.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Extended_Login_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Extended_Login_Response_Msg(AuthParams *param);
+	  TPS_PUBLIC ~RA_Extended_Login_Response_Msg();
+  public:
+          TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC AuthParams *GetAuthParams();
+  private:
+	  AuthParams *m_params;
+};
+
+#endif /* RA_EXTENDED_LOGIN_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Login_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Login_Request_Msg.h
new file mode 100644
index 000000000..01a7a5acd
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Login_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_LOGIN_REQUEST_MSG_H
+#define RA_LOGIN_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Login_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Login_Request_Msg(int invalid_pw, int blocked);
+	  TPS_PUBLIC ~RA_Login_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int IsInvalidPassword();
+	  TPS_PUBLIC int IsBlocked();
+  private:
+	  int m_invalid_pw;
+	  int m_blocked;
+};
+
+#endif /* RA_LOGIN_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Login_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Login_Response_Msg.h
new file mode 100644
index 000000000..dcc9e3530
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Login_Response_Msg.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_LOGIN_RESPONSE_MSG_H
+#define RA_LOGIN_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Login_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Login_Response_Msg(char *uid, char *password);
+	  TPS_PUBLIC ~RA_Login_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetUID();
+	  TPS_PUBLIC char *GetPassword();
+  private:
+	  char *m_uid;
+	  char *m_password;
+};
+
+#endif /* RA_LOGIN_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_New_Pin_Request_Msg.h b/pki/base/tps/src/include/msg/RA_New_Pin_Request_Msg.h
new file mode 100644
index 000000000..8ebf16259
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_New_Pin_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_NEW_PIN_REQUEST_MSG_H
+#define RA_NEW_PIN_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_New_Pin_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_New_Pin_Request_Msg(int min_len, int max_len);
+	  TPS_PUBLIC ~RA_New_Pin_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int GetMinLen();
+	  TPS_PUBLIC int GetMaxLen();
+  private:
+	  int m_min_len;
+	  int m_max_len;
+};
+
+#endif /* RA_NEW_PIN_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_New_Pin_Response_Msg.h b/pki/base/tps/src/include/msg/RA_New_Pin_Response_Msg.h
new file mode 100644
index 000000000..f062adcf0
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_New_Pin_Response_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_NEW_PIN_RESPONSE_MSG_H
+#define RA_NEW_PIN_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_New_Pin_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_New_Pin_Response_Msg(char *new_pin);
+	  TPS_PUBLIC ~RA_New_Pin_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetNewPIN();
+  private:
+	  char *m_new_pin;
+};
+
+#endif /* RA_NEW_PIN_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_SecureId_Request_Msg.h b/pki/base/tps/src/include/msg/RA_SecureId_Request_Msg.h
new file mode 100644
index 000000000..132e04c22
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_SecureId_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_SECUREID_REQUEST_MSG_H
+#define RA_SECUREID_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_SecureId_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_SecureId_Request_Msg(int pin_required, int next_value);
+	  TPS_PUBLIC ~RA_SecureId_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC int IsPinRequired();
+	  TPS_PUBLIC int IsNextValue();
+  private:
+	  int m_pin_required;
+	  int m_next_value;
+};
+
+#endif /* RA_SECUREID_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_SecureId_Response_Msg.h b/pki/base/tps/src/include/msg/RA_SecureId_Response_Msg.h
new file mode 100644
index 000000000..279e07475
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_SecureId_Response_Msg.h
@@ -0,0 +1,64 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_SECUREID_RESPONSE_MSG_H
+#define RA_SECUREID_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_SecureId_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_SecureId_Response_Msg(char *value, char *pin);
+	  TPS_PUBLIC ~RA_SecureId_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+  public:
+	  TPS_PUBLIC char *GetValue();
+	  TPS_PUBLIC char *GetPIN();
+  private:
+	  char *m_value;
+	  char *m_pin;
+};
+
+#endif /* RA_SECUREID_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Status_Update_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Status_Update_Request_Msg.h
new file mode 100644
index 000000000..bdc037c97
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Status_Update_Request_Msg.h
@@ -0,0 +1,65 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_STATUS_UPDATE_REQUEST_MSG_H
+#define RA_STATUS_UPDATE_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Status_Update_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Status_Update_Request_Msg(int status, const char *info);
+	  TPS_PUBLIC ~RA_Status_Update_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC int GetStatus();
+	  TPS_PUBLIC char *GetInfo();
+  private:
+	  int m_status;
+	  char *m_info;
+};
+
+#endif /* RA_STATUS_UPDATE_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Status_Update_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Status_Update_Response_Msg.h
new file mode 100644
index 000000000..c5a13eaa4
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Status_Update_Response_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_STATUS_UPDATE_RESPONSE_MSG_H
+#define RA_STATUS_UPDATE_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Status_Update_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Status_Update_Response_Msg(int status);
+	  TPS_PUBLIC ~RA_Status_Update_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC int GetStatus();
+  private:
+	  int m_status;
+};
+
+#endif /* RA_STATUS_UPDATE_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Token_PDU_Request_Msg.h b/pki/base/tps/src/include/msg/RA_Token_PDU_Request_Msg.h
new file mode 100644
index 000000000..bcbdfc7fc
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Token_PDU_Request_Msg.h
@@ -0,0 +1,63 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_TOKEN_PDU_REQUEST_MSG_H
+#define RA_TOKEN_PDU_REQUEST_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Base.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Token_PDU_Request_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Token_PDU_Request_Msg(APDU *apdu);
+	  TPS_PUBLIC ~RA_Token_PDU_Request_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC APDU *GetAPDU();
+  private:
+	  APDU *m_apdu;
+};
+
+#endif /* RA_TOKEN_PDU_REQUEST_MSG_H */
diff --git a/pki/base/tps/src/include/msg/RA_Token_PDU_Response_Msg.h b/pki/base/tps/src/include/msg/RA_Token_PDU_Response_Msg.h
new file mode 100644
index 000000000..e7c2d538f
--- /dev/null
+++ b/pki/base/tps/src/include/msg/RA_Token_PDU_Response_Msg.h
@@ -0,0 +1,62 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_TOKEN_PDU_RESPONSE_MSG_H
+#define RA_TOKEN_PDU_RESPONSE_MSG_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+#include "main/RA_Msg.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Token_PDU_Response_Msg : public RA_Msg
+{
+  public:
+	  TPS_PUBLIC RA_Token_PDU_Response_Msg(APDU_Response *response);
+	  TPS_PUBLIC ~RA_Token_PDU_Response_Msg();
+  public:
+	  TPS_PUBLIC RA_Msg_Type GetType();
+	  TPS_PUBLIC APDU_Response *GetResponse();
+  private:
+	  APDU_Response *m_response;
+};
+
+#endif /* RA_TOKEN_PDU_RESPONSE_MSG_H */
diff --git a/pki/base/tps/src/include/processor/RA_Enroll_Processor.h b/pki/base/tps/src/include/processor/RA_Enroll_Processor.h
new file mode 100644
index 000000000..b64638142
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Enroll_Processor.h
@@ -0,0 +1,300 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_ENROLL_PROCESSOR_H
+#define RA_ENROLL_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Session.h"
+#include "main/PKCS11Obj.h"
+#include "processor/RA_Processor.h"
+#include "cms/HttpConnection.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Enroll_Processor : public RA_Processor
+{
+	public:
+		TPS_PUBLIC RA_Enroll_Processor();
+		TPS_PUBLIC ~RA_Enroll_Processor();
+	public:
+		int ParsePublicKeyBlob(unsigned char *blob,
+				unsigned char *challenge,
+				SECKEYPublicKey *pk);
+		RA_Status DoEnrollment(AuthParams *login, RA_Session *session,
+				CERTCertificate **certificates,
+				char **origins,
+				char **ktypes,
+				int pkcs11obj,
+				PKCS11Obj * pkcs_objx,
+				NameValueSet *extensions,
+				int index, int keyTypeNum,
+				int start_progress,
+				int end_progress,
+				Secure_Channel *channel, Buffer *wrapped_challenge,
+				const char *tokenType,
+				const char *keyType,
+				Buffer *key_check,
+				Buffer *plaintext_challenge,
+				const char *cuid,
+				const char *msn,
+				const char *khex,
+				TokenKeyType key_type,
+				const char *profileId,
+				const char *userid,
+				const char *cert_id,
+				const char *publisher_id,
+				const char *cert_attr_id,
+				const char *pri_attr_id,
+				const char *pub_attr_id,
+				BYTE se_p1, BYTE se_p2, int keysize, const char *connid, const char *keyTypePrefix,char * applet_version);
+
+        bool DoRenewal(const char *connid,
+                const char *profileId,
+                CERTCertificate *i_cert,
+                CERTCertificate **o_cert, 
+                char *error_msg);
+
+        bool GenerateCertificate(AuthParams *login,
+                int keyTypeNum, 
+                const char *keyTypeValue, 
+                int i, 
+                RA_Session *session,
+                char **origins, 
+                char **ktypes, 
+                char *tokenType, 
+                PKCS11Obj *pkcs11objx, 
+                int pkcs11obj_enable, 
+                NameValueSet *extensions,
+                Secure_Channel *channel, 
+                Buffer *wrapped_challenge,
+                Buffer *key_check, 
+                Buffer *plaintext_challenge,
+                char *cuid, 
+                char *msn, 
+                const char *final_applet_version,
+                char *khex, 
+                const char *userid, 
+                RA_Status &o_status, 
+                CERTCertificate **certificates);
+
+		bool GenerateCertsAfterRecoveryPolicy(AuthParams *login,
+				RA_Session *session, 
+				char **&origins,
+				char **&ktypes,
+				char *&tokenType, 
+				PKCS11Obj *pkcs11objx, 
+				int pkcs11obj_enable, 
+				NameValueSet *extensions,
+				Secure_Channel *channel, 
+				Buffer *wrapped_challenge,
+				Buffer *key_check, 
+				Buffer *plaintext_challenge, 
+				char *cuid, 
+				char *msn, 
+				const char *final_applet_version,
+				char *khex, 
+				const char *userid,
+				RA_Status &o_status, 
+				CERTCertificate **&certificates,
+                int &o_certNums, char **&tokenTypes);
+
+		bool GenerateCertificates(AuthParams *login,
+				RA_Session *session, 
+				char **&origins,
+				char **&ktypes,
+				char *tokenType, 
+				PKCS11Obj *pkcs11objx, 
+				int pkcs11obj_enable, 
+				NameValueSet *extensions,
+				Secure_Channel *channel, 
+				Buffer *wrapped_challenge,
+				Buffer *key_check, 
+				Buffer *plaintext_challenge, 
+				char *cuid, 
+				char *msn, 
+				const char *final_applet_version,
+				char *khex, 
+				const char *userid,
+				RA_Status &o_status, 
+				CERTCertificate **&certificates,
+                int &o_certNums, char **&tokenTypes);
+
+		int DoPublish(
+				const char *cuid,
+				SECItem *encodedPublicKeyInfo,
+				Buffer *cert,
+				const char *publisher_id,
+				char *applet_version);
+
+		bool ProcessRecovery(AuthParams *login,
+				char *reason, 
+				RA_Session *session, 
+				char **&origins,   
+				char **&ktypes,   
+				char *tokenType, 
+				PKCS11Obj *pkcs11objx, 
+				int pkcs11obj_enable, 
+				NameValueSet *extensions,
+				Secure_Channel *channel, 
+				Buffer *wrapped_challenge,
+				Buffer *key_check, 
+				Buffer *plaintext_challenge, 
+				char *cuid,
+				char *msn, 
+				const char *final_applet_version, 
+				char *khex,
+				const char *userid, 
+				RA_Status &o_status, 
+				CERTCertificate **&certificates,
+                char *lostTokenCUID,
+                int &o_certNums, char **&tokenTypes, char *origTokenType);
+
+                bool ProcessRenewal(AuthParams *login,
+                        RA_Session *session, 
+                        char **&ktypes,   
+                        char **&origins, 
+                        char *tokenType, 
+                        PKCS11Obj *pkcs11objx, 
+                        int pkcs11obj_enable, 
+                        Secure_Channel *channel, 
+                        const char *cuid,
+                        char *msn, 
+                        const char *final_applet_version, 
+                        const char *userid, 
+                        RA_Status &o_status, 
+                        CERTCertificate **&certificates,
+                       int &o_certNums, char **&tokenTypes);
+
+		bool GetCardManagerAppletInfo(
+				RA_Session*, 
+				Buffer *, 
+				RA_Status&, 
+				char*&, 
+				char*&, 
+				Buffer& );
+
+		bool GetAppletInfo( 
+				RA_Session *a_session,   /* in */ 
+				Buffer *a_aid ,  /* in */ 
+				BYTE &o_major_version, 
+				BYTE &o_minor_version, 
+				BYTE &o_app_major_version, 
+				BYTE &o_app_minor_version);
+
+		bool FormatAppletVersionInfo(
+				RA_Session *a_session,
+				const char *a_tokenType,
+				char *a_cuid,
+				BYTE a_app_major_version,
+				BYTE a_app_minor_version,
+				RA_Status &status,              // out
+				char * &o_appletVersion       // out
+				);
+
+		bool RequestUserId(
+				RA_Session * a_session,
+				NameValueSet *extensions,
+				const char * a_configname,
+				const char * a_tokenType,
+				char *a_cuid,
+				AuthParams *& o_login,  // out 
+				const char *&o_userid,   // out 
+				RA_Status &o_status //out 
+				);
+
+
+		bool AuthenticateUser(
+				RA_Session * a_session,
+				const char * a_configname,
+				char *a_cuid,
+				NameValueSet *a_extensions,
+				const char *a_tokenType,
+				AuthParams *& a_login, 
+				const char *&o_userid,
+				RA_Status &o_status
+				);
+
+		bool AuthenticateUserLDAP(
+				RA_Session *a_session,
+				NameValueSet *extensions,
+				char *a_cuid,
+				AuthenticationEntry *a_auth,
+				AuthParams *& o_login,
+				RA_Status &o_status,
+                                const char *token_type);
+
+		bool CheckAndUpgradeApplet(
+				RA_Session *a_session,
+				NameValueSet *a_extensions,
+				char *a_cuid,
+				const char *a_tokenType,
+				char *&o_current_applet_on_token,
+				BYTE &o_major_version,
+				BYTE &o_minor_version,
+				Buffer *a_aid,
+                                const char *msn,
+                                const char *userid,
+				RA_Status &o_status,
+                                char **key_version );
+
+		bool CheckAndUpgradeSymKeys(
+				RA_Session *session,
+				NameValueSet* extensions,
+				char *cuid,
+				const char *tokenType,
+				char *msn,
+                                const char* applet_version, 
+                                const char* userid,
+                                const char* key_version,
+				Buffer *a_cardmanagerAID,  /* in */
+				Buffer *a_appletAID,       /* in */
+				Secure_Channel *&channel,  /* out */
+				RA_Status &status          /* out */
+				);
+
+		TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+
+	private:
+		int GetNextFreeCertIdNumber(PKCS11Obj *pkcs11objx);
+                bool isCertRenewable(CERTCertificate *cert, int graceBefore, int graceAfter);
+                int UnrevokeRecoveredCert(const LDAPMessage *e, char *&statusString);
+};
+
+#endif /* RA_ENROLL_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Format_Processor.h b/pki/base/tps/src/include/processor/RA_Format_Processor.h
new file mode 100644
index 000000000..836c89080
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Format_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_FORMAT_PROCESSOR_H
+#define RA_FORMAT_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Format_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Format_Processor();
+	  TPS_PUBLIC ~RA_Format_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_UPGRADE_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Pin_Reset_Processor.h b/pki/base/tps/src/include/processor/RA_Pin_Reset_Processor.h
new file mode 100644
index 000000000..a3d511865
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Pin_Reset_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PIN_RESET_PROCESSOR_H
+#define RA_PIN_RESET_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Pin_Reset_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Pin_Reset_Processor();
+	  TPS_PUBLIC ~RA_Pin_Reset_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_PIN_RESET_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Processor.h b/pki/base/tps/src/include/processor/RA_Processor.h
new file mode 100644
index 000000000..74e869a52
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Processor.h
@@ -0,0 +1,214 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_PROCESSOR_H
+#define RA_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/RA_Session.h"
+#include "authentication/AuthParams.h"
+#include "apdu/APDU.h"
+#include "apdu/APDU_Response.h"
+#include "channel/Secure_Channel.h"
+
+enum RA_Status {
+    STATUS_NO_ERROR=0,
+    STATUS_ERROR_SNAC=1,
+    STATUS_ERROR_SEC_INIT_UPDATE=2,
+    STATUS_ERROR_CREATE_CARDMGR=3,
+    STATUS_ERROR_MAC_RESET_PIN_PDU=4,
+    STATUS_ERROR_MAC_CERT_PDU=5,
+    STATUS_ERROR_MAC_LIFESTYLE_PDU=6,
+    STATUS_ERROR_MAC_ENROLL_PDU=7,
+    STATUS_ERROR_READ_OBJECT_PDU=8,
+    STATUS_ERROR_BAD_STATUS=9,
+    STATUS_ERROR_CA_RESPONSE=10,
+    STATUS_ERROR_READ_BUFFER_OVERFLOW=11,
+    STATUS_ERROR_TOKEN_RESET_PIN_FAILED=12,
+    STATUS_ERROR_CONNECTION=13,
+    STATUS_ERROR_LOGIN=14,
+    STATUS_ERROR_DB=15,
+    STATUS_ERROR_TOKEN_DISABLED=16,
+    STATUS_ERROR_SECURE_CHANNEL=17,
+    STATUS_ERROR_MISCONFIGURATION=18,
+    STATUS_ERROR_UPGRADE_APPLET=19,
+    STATUS_ERROR_KEY_CHANGE_OVER=20,
+    STATUS_ERROR_EXTERNAL_AUTH=21,
+    STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND=22,
+    STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND=23,
+    STATUS_ERROR_PUBLISH=24,
+    STATUS_ERROR_LDAP_CONN=25,
+    STATUS_ERROR_DISABLED_TOKEN=26,
+    STATUS_ERROR_NOT_PIN_RESETABLE=27,
+    STATUS_ERROR_CONN_LOST=28,
+    STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY=29,
+    STATUS_ERROR_NO_SUCH_TOKEN_STATE=30,
+    STATUS_ERROR_NO_SUCH_LOST_REASON=31,
+    STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE=32,
+    STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND=33,
+    STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN=34,
+    STATUS_ERROR_CONTACT_ADMIN=35,
+    STATUS_ERROR_RECOVERY_IS_PROCESSED=36,
+    STATUS_ERROR_RECOVERY_FAILED=37,
+    STATUS_ERROR_NO_OPERATION_ON_LOST_TOKEN=38,
+    STATUS_ERROR_KEY_ARCHIVE_OFF=39,
+    STATUS_ERROR_NO_TKS_CONNID=40,
+    STATUS_ERROR_UPDATE_TOKENDB_FAILED=41,
+    STATUS_ERROR_REVOKE_CERTIFICATES_FAILED=42,
+    STATUS_ERROR_NOT_TOKEN_OWNER=43,
+    STATUS_ERROR_RENEWAL_IS_PROCESSED=44,
+    STATUS_ERROR_RENEWAL_FAILED=45
+};
+
+class RA_Processor
+{
+	public:
+		RA_Processor();
+		virtual ~RA_Processor();
+		virtual RA_Status Process(RA_Session *session, NameValueSet *extensions);
+		char *MapPattern(NameValueSet *nv, char *pattern);
+
+		int InitializeUpdate(RA_Session *session,
+				BYTE key_version, BYTE key_index,
+				Buffer &key_diversification_data,
+				Buffer &key_info_data,
+				Buffer &card_challenge,
+				Buffer &card_cryptogram,
+				Buffer &host_challenge, const char *connId);
+
+		int CreatePin(RA_Session *session, BYTE pin_number, BYTE max_retries, char *pin);
+
+		int IsPinPresent(RA_Session *session,BYTE pin_number);
+
+		AuthParams *RequestLogin(RA_Session *session, int invalid_pw, int blocked);
+		AuthParams *RequestExtendedLogin(RA_Session *session, int invalid_pw, int blocked, char **parameters, int len, char *title, char *description);
+
+		void StatusUpdate(RA_Session *session, NameValueSet *extensions, int status, const char *info);
+		void StatusUpdate(RA_Session *session, int status, const char *info);
+
+		Buffer *GetAppletVersion(RA_Session *session);
+
+		Secure_Channel *SetupSecureChannel(RA_Session *session, BYTE key_version, BYTE key_index, const char *connId);
+		Secure_Channel *SetupSecureChannel(RA_Session *session,
+				BYTE key_version, BYTE key_index, SecurityLevel security_level, const char *connId);
+
+		SecureId *RequestSecureId(RA_Session *session);
+
+		char *RequestNewPin(RA_Session *session, unsigned int min_len, unsigned int max_len);
+
+		char *RequestASQ(RA_Session *session, char *question);
+
+		int EncryptData(Buffer &cuid, Buffer &versionID, Buffer &in, Buffer &out, const char *connid);
+                
+		int ComputeRandomData(Buffer &data_out, int dataSize,  const char *connid);
+
+		int CreateKeySetData(
+			Buffer &cuid, 
+			Buffer &versionID, 
+			Buffer &NewMasterVer, 
+			Buffer &out, 
+			const char *connid);
+
+		bool GetTokenType(
+			const char *prefix, 
+			int major_version, int minor_version, 
+			const char *cuid, const char *msn, 
+			NameValueSet *extensions,
+			RA_Status &o_status,
+			const char *&o_tokenType);
+
+		Buffer *ListObjects(RA_Session *session, BYTE seq);
+
+		Buffer *GetStatus(RA_Session *session, BYTE p1, BYTE p2);
+
+		Buffer *GetData(RA_Session *session);
+
+		int SelectApplet(RA_Session *session, BYTE p1, BYTE p2, Buffer *aid);
+
+		int UpgradeApplet(
+				RA_Session *session, 
+                char *prefix,
+                char *tokenType,
+				BYTE major_version, BYTE minor_version, 
+				const char *new_version, 
+				const char *applet_dir, 
+				SecurityLevel security_level, 
+				const char *connid, 
+				NameValueSet *extensions,
+				int start_progress, int end_progress,
+                                char **key_version);
+
+		int UpgradeKey(RA_Session *session, BYTE major_version, BYTE minor_version, int new_version);
+
+		int SelectCardManager(RA_Session *session, char *prefix, char *tokenType);
+
+		int FormatMuscleApplet(
+				RA_Session *session,
+				unsigned short memSize,
+				Buffer &PIN0, BYTE pin0Tries,
+				Buffer &unblockPIN0, BYTE unblock0Tries,
+				Buffer &PIN1, BYTE pin1Tries,
+				Buffer &unblockPIN1, BYTE unblock1Tries,
+				unsigned short objCreationPermissions,
+				unsigned short keyCreationPermissions,
+				unsigned short pinCreationPermissions);
+
+		Secure_Channel *GenerateSecureChannel(
+				RA_Session *session, const char *connid,
+				Buffer &card_diversification_data,
+				Buffer &card_key_data,
+				Buffer &card_challenge,
+				Buffer &card_cryptogram,
+				Buffer &host_challenge);
+                AuthenticationEntry *GetAuthenticationEntry(
+                                const char * a_prefix,
+                                const char * a_configname,
+                                const char * a_tokenType);
+
+	protected:
+                RA_Status Format(RA_Session *session, NameValueSet *extensions, bool skipAuth);
+                bool RevokeCertificates(RA_Session *session, char *cuid, char *audit_msg,
+                		char *final_applet_version,
+				char *keyVersion,
+                                char *tokenType, char *userid, RA_Status &status );
+		int IsTokenDisabledByTus(Secure_Channel *channel);
+
+                int totalAvailableMemory;
+                int totalFreeMemory;
+};
+
+#endif /* RA_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Renew_Processor.h b/pki/base/tps/src/include/processor/RA_Renew_Processor.h
new file mode 100644
index 000000000..bb8710a74
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Renew_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_RENEW_PROCESSOR_H
+#define RA_RENEW_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Renew_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Renew_Processor();
+	  TPS_PUBLIC ~RA_Renew_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_RENEW_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/processor/RA_Unblock_Processor.h b/pki/base/tps/src/include/processor/RA_Unblock_Processor.h
new file mode 100644
index 000000000..ae28ea593
--- /dev/null
+++ b/pki/base/tps/src/include/processor/RA_Unblock_Processor.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_UNBLOCK_PROCESSOR_H
+#define RA_UNBLOCK_PROCESSOR_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "processor/RA_Processor.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+class RA_Unblock_Processor : public RA_Processor
+{
+  public:
+	  TPS_PUBLIC RA_Unblock_Processor();
+	  TPS_PUBLIC ~RA_Unblock_Processor();
+  public:
+	  TPS_PUBLIC RA_Status Process(RA_Session *session, NameValueSet *extensions);
+};
+
+#endif /* RA_UNBLOCK_PROCESSOR_H */
diff --git a/pki/base/tps/src/include/publisher/IConnector.h b/pki/base/tps/src/include/publisher/IConnector.h
new file mode 100644
index 000000000..9a5caa70e
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/IConnector.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __ICONNECTOR_H__
+#define __ICONNECTOR_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (I_CONNECTOR_H)
+#define I_CONNECTOR_H 
+
+#include "IPublish_Data.h"
+class IConnector
+{
+public:
+
+    virtual ~IConnector() {};
+    virtual int init() = 0;
+    virtual void shutdown() = 0;
+    virtual int send_msg(IPublish_Data *data) =0;
+
+};
+
+#endif
+
+#endif /* __ICONNECTOR_H__ */
+
diff --git a/pki/base/tps/src/include/publisher/IPublish_Data.h b/pki/base/tps/src/include/publisher/IPublish_Data.h
new file mode 100644
index 000000000..50b7e3247
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/IPublish_Data.h
@@ -0,0 +1,56 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __IPUBLISH_DATA_H__
+#define __IPUBLISH_DATA_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (IPUBLISH_DATA_H)
+#define IPUBLISH_DATA_H 
+
+
+
+class IPublish_Data 
+{
+public:
+
+   virtual void Reset() = 0;
+
+};
+
+#endif
+
+#endif /* __IPUBLISH_DATA_H__ */
+
diff --git a/pki/base/tps/src/include/publisher/IPublisher.h b/pki/base/tps/src/include/publisher/IPublisher.h
new file mode 100644
index 000000000..56a1b7357
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/IPublisher.h
@@ -0,0 +1,74 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __IPUBLISHER_H__
+#define __IPUBLISHER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (IPUBLISHER_H)
+
+#define IPUBLISHER_H 
+
+#include "IConnector.h"
+
+class IPublisher
+{
+
+public:
+
+  virtual ~IPublisher() {
+      if( m_connector != NULL ) {
+          delete m_connector;
+          m_connector = NULL;
+      }
+  };
+  virtual int init(void) = 0;
+
+  virtual int publish(unsigned char *cuid, int cuid_len,long key_type,unsigned char * public_key,int public_key_len,
+                     unsigned long cert_activate_date,unsigned long  cert_expire_date,unsigned long applet_version,unsigned long applet_version_date)= 0;
+
+  IConnector *getConnector() { return m_connector;}
+
+protected:
+
+   IConnector * m_connector;
+
+
+};
+
+#endif
+
+#endif /* __IPUBLISHER_H__ */
+
diff --git a/pki/base/tps/src/include/publisher/NetkeyPublisher.h b/pki/base/tps/src/include/publisher/NetkeyPublisher.h
new file mode 100644
index 000000000..05cf4d191
--- /dev/null
+++ b/pki/base/tps/src/include/publisher/NetkeyPublisher.h
@@ -0,0 +1,74 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef __NETKEY_PUBLISHER_H__
+#define __NETKEY_PUBLISHER_H__
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#if !defined (NETKEY_PUBLISHER_H)
+#define NETKEY_PUBLISHER_H
+
+#include "IPublisher.h"
+class IPublisher;
+class NetkeyPublisher : public IPublisher
+{
+
+public:
+
+
+  NetkeyPublisher();
+  ~NetkeyPublisher();
+
+  int init(void) ;
+
+  int publish(unsigned char *cuid, int cuid_len,long key_type,unsigned char * public_key,int public_key_len,
+                      unsigned long cert_activate_date,unsigned long  cert_expire_date,unsigned long applet_version,unsigned long applet_version_date);
+
+
+  static  pthread_mutex_t mutex;
+
+
+};
+
+extern "C"
+{
+    IPublisher *GetIPublisher();
+
+};
+
+#endif
+
+#endif /* __NETKEY_PUBLISHER_H__ */
+
diff --git a/pki/base/tps/src/include/selftests/SelfTest.h b/pki/base/tps/src/include/selftests/SelfTest.h
new file mode 100644
index 000000000..c52f62f23
--- /dev/null
+++ b/pki/base/tps/src/include/selftests/SelfTest.h
@@ -0,0 +1,74 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef SELFTEST_H
+#define SELFTEST_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "main/ConfigStore.h"
+
+
+class SelfTest
+{
+  public:
+    SelfTest();  
+    ~SelfTest();
+    static void Initialize (ConfigStore *cfg);
+    static int runStartUpSelfTests (const char *nickname); /* per cert */
+    static int runStartUpSelfTests (); /* general */
+    static int runOnDemandSelfTests ();
+    static int isOnDemandEnabled ();
+    static int isOnDemandCritical ();
+
+    static const int  nTests;
+    static const char *TEST_NAMES[];
+
+  protected:
+    static const char *CFG_SELFTEST_STARTUP;
+    static const char *CFG_SELFTEST_ONDEMAND;
+
+  private: 
+    static int isInitialized;
+    static int StartupSystemCertsVerificationRun;
+};
+
+#endif
diff --git a/pki/base/tps/src/include/selftests/TPSPresence.h b/pki/base/tps/src/include/selftests/TPSPresence.h
new file mode 100644
index 000000000..114f4ae57
--- /dev/null
+++ b/pki/base/tps/src/include/selftests/TPSPresence.h
@@ -0,0 +1,78 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef TPSPRESENCE_H
+#define TPSPRESENCE_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "main/ConfigStore.h"
+#include "selftests/SelfTest.h"
+
+class TPSPresence : public SelfTest
+{
+
+  public:
+    TPSPresence();  
+    ~TPSPresence();
+    static void Initialize (ConfigStore *cfg);
+    static int  runSelfTest ();
+    static int  runSelfTest (const char *nick_name);
+    static int  runSelfTest (const char *nick_name, CERTCertificate **cert);
+    static bool isStartupEnabled ();
+    static bool isOnDemandEnabled ();
+    static bool isStartupCritical ();
+    static bool isOnDemandCritical ();
+    static const char *TEST_NAME;
+
+  private: 
+    static bool startupEnabled;
+    static bool onDemandEnabled;
+    static bool startupCritical;
+    static bool onDemandCritical;
+    static int  initialized;
+    static char *nickname;
+    static const char *UNINITIALIZED_NICKNAME;
+    static const char *NICKNAME_NAME;
+    static const char *CRITICAL_TEST_NAME;
+};
+
+#endif
diff --git a/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h b/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h
new file mode 100644
index 000000000..40a4d3fd4
--- /dev/null
+++ b/pki/base/tps/src/include/selftests/TPSSystemCertsVerification.h
@@ -0,0 +1,76 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef TPSSYSTEMCERTSVERIFICATION_H
+#define TPSSYSTEMCERTSVERIFICATION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+// #include "main/Util.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "main/ConfigStore.h"
+#include "selftests/SelfTest.h"
+
+class TPSSystemCertsVerification : public SelfTest
+{
+
+  public:
+    TPSSystemCertsVerification();  
+    ~TPSSystemCertsVerification();
+    static void Initialize (ConfigStore *cfg);
+    static int  runSelfTest ();
+    static bool isStartupEnabled ();
+    static bool isOnDemandEnabled ();
+    static bool isStartupCritical ();
+    static bool isOnDemandCritical ();
+    static const char *TEST_NAME;
+
+  private: 
+    static bool startupEnabled;
+    static bool onDemandEnabled;
+    static bool startupCritical;
+    static bool onDemandCritical;
+    static int  initialized;
+    static const char *CRITICAL_TEST_NAME;
+    static const char *UNINITIALIZED_NICKNAME;
+    static const char *SUBSYSTEM_NICKNAME;
+};
+
+#endif
diff --git a/pki/base/tps/src/include/selftests/TPSValidity.h b/pki/base/tps/src/include/selftests/TPSValidity.h
new file mode 100644
index 000000000..548052a83
--- /dev/null
+++ b/pki/base/tps/src/include/selftests/TPSValidity.h
@@ -0,0 +1,79 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifndef TPSVALIDITY_H
+#define TPSVALIDITY_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+// #include "main/Util.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "main/ConfigStore.h"
+#include "selftests/SelfTest.h"
+
+class TPSValidity : public SelfTest
+{
+
+  public:
+    TPSValidity();  
+    ~TPSValidity();
+    static void Initialize (ConfigStore *cfg);
+    static int  runSelfTest ();
+    static int  runSelfTest (const char *nick_name);
+    static int  runSelfTest (const char *nick_name, CERTCertificate *cert);
+    static bool isStartupEnabled ();
+    static bool isOnDemandEnabled ();
+    static bool isStartupCritical ();
+    static bool isOnDemandCritical ();
+    static const char *TEST_NAME;
+
+  private: 
+    static bool startupEnabled;
+    static bool onDemandEnabled;
+    static bool startupCritical;
+    static bool onDemandCritical;
+    static int  initialized;
+    static char *nickname;
+    static const char *UNINITIALIZED_NICKNAME;
+    static const char *NICKNAME_NAME;
+    static const char *CRITICAL_TEST_NAME;
+};
+
+#endif
diff --git a/pki/base/tps/src/include/service/NK_Context.h b/pki/base/tps/src/include/service/NK_Context.h
new file mode 100644
index 000000000..e5ed59992
--- /dev/null
+++ b/pki/base/tps/src/include/service/NK_Context.h
@@ -0,0 +1,57 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef NK_CONTEXT_H
+#define NK_CONTEXT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Context.h"
+
+class NK_Context : public RA_Context
+{
+  public:
+	  NK_Context(pblock *pb, Session *sn, Request *rq);
+	  virtual ~NK_Context();
+  public:
+          virtual void LogError(const char *func, int line, const char *fmt,...);
+          virtual void LogInfo(const char *func, int line, const char *fmt,...);
+          virtual void InitializationError(const char *func, int line);
+  private:
+	  pblock *m_pb;
+	  Session *m_sn;
+	  Request *m_rq;
+};
+
+#endif /* NK_CONTEXT_H */
diff --git a/pki/base/tps/src/include/service/NK_Session.h b/pki/base/tps/src/include/service/NK_Session.h
new file mode 100644
index 000000000..55cd19439
--- /dev/null
+++ b/pki/base/tps/src/include/service/NK_Session.h
@@ -0,0 +1,58 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef NK_SESSION_H
+#define NK_SESSION_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "main/RA_Session.h"
+
+class NK_Session : public RA_Session
+{
+  public:
+	  NK_Session(pblock *pb, Session *sn, Request *rq);
+	  virtual ~NK_Session();
+  public:
+	  virtual char *GetRemoteIP();
+      virtual RA_pblock *create_pblock( char *data );
+	  virtual RA_Msg *ReadMsg();
+	  virtual void WriteMsg(RA_Msg *msg);
+  private:
+	  pblock *m_pb;
+	  Session *m_sn;
+	  Request *m_rq;
+};
+
+#endif /* NK_SESSION_H */
diff --git a/pki/base/tps/src/include/tus/tus_db.h b/pki/base/tps/src/include/tus/tus_db.h
new file mode 100644
index 000000000..be5c434be
--- /dev/null
+++ b/pki/base/tps/src/include/tus/tus_db.h
@@ -0,0 +1,273 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef TUS_DB_H
+#define TUS_DB_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include "ldap.h"
+#include "lber.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+
+#define I_TOKEN_ID          0
+#define TOKEN_ID            "cn"
+#define I_TOKEN_USER        1
+#define TOKEN_USER          "tokenUserID"
+#define I_TOKEN_STATUS      2
+#define TOKEN_STATUS        "tokenStatus"
+#define I_TOKEN_APPLET      3
+#define TOKEN_APPLET        "tokenAppletID"
+#define I_TOKEN_KEY_INFO    4
+#define TOKEN_KEY_INFO      "keyInfo"
+#define I_TOKEN_MODS        5
+#define TOKEN_MODS          "modified"
+#define I_TOKEN_C_DATE      6
+#define TOKEN_C_DATE        "dateOfCreate"
+#define I_TOKEN_M_DATE      7
+#define TOKEN_M_DATE        "dateOfModify"
+#define I_TOKEN_RESETS      8
+#define TOKEN_RESETS        "numberOfResets"
+#define I_TOKEN_ENROLLMENTS 9
+#define TOKEN_ENROLLMENTS   "numberOfEnrollments"
+#define I_TOKEN_RENEWALS    10
+#define TOKEN_RENEWALS      "numberOfRenewals"
+#define I_TOKEN_RECOVERIES  11
+#define TOKEN_RECOVERIES    "numberOfRecoveries"
+#define I_TOKEN_POLICY  12
+#define TOKEN_POLICY    "tokenPolicy"
+
+#define I_TOKEN_CUID         13
+#define TOKEN_CUID           "tokenID"
+#define I_TOKEN_OP           14
+#define TOKEN_OP             "tokenOp"
+#define I_TOKEN_MSG          15
+#define TOKEN_MSG            "tokenMsg"
+#define I_TOKEN_RESULT          16
+#define TOKEN_RESULT            "tokenResult"
+#define I_TOKEN_IP          17
+#define TOKEN_IP            "tokenIP"
+#define I_TOKEN_CERT         18
+#define TOKEN_CERT           "userCertificate"
+#define I_TOKEN_SUBJECT      19
+#define TOKEN_SUBJECT         "tokenSubject"
+#define I_TOKEN_ISSUER       20 
+#define TOKEN_ISSUER         "tokenIssuer"
+#define I_TOKEN_ORIGIN       21 
+#define TOKEN_ORIGIN         "tokenOrigin"
+#define I_TOKEN_SERIAL       22 
+#define TOKEN_SERIAL         "tokenSerial"
+#define I_TOKEN_TYPE       23 
+#define TOKEN_TYPE         "tokenType"
+#define I_TOKEN_KEY_TYPE       24 
+#define TOKEN_KEY_TYPE         "tokenKeyType"
+#define I_TOKEN_REASON       13 
+#define TOKEN_REASON         "tokenReason"
+#define I_TOKEN_NOT_BEFORE       26 
+#define TOKEN_NOT_BEFORE         "tokenNotBefore"
+#define I_TOKEN_NOT_AFTER       27 
+#define TOKEN_NOT_AFTER         "tokenNotAfter"
+ 
+#define I_STATE_UNINITIALIZED 0
+#define STATE_UNINITIALIZED   "uninitialized"
+#define I_STATE_ACTIVE      1
+#define STATE_ACTIVE        "active"
+#define I_STATE_DISABLED    2
+#define STATE_DISABLED      "disabled"
+#define I_STATE_LOST        3
+#define STATE_LOST          "lost"
+
+#define C_TIME              "createTimeStamp"
+#define M_TIME              "modifyTimeStamp"
+#define USER_ID             "uid"
+#define USER_PASSWORD       "userPassword"
+#define USER_SN             "sn"
+#define USER_CN             "cn"
+#define USER_GIVENNAME      "givenName"
+#define USER_CERT           "userCertificate"
+#define PROFILE_ID          "profileID"
+#define GROUP_MEMBER        "member"
+#define SUBGROUP_ID         "cn"
+
+/* roles */
+#define OPERATOR            "Officers"
+#define AGENT               "Agents"
+#define ADMINISTRATOR       "Administrators"
+#define MAX_RETRIES         2
+
+#define ALL_PROFILES        "All Profiles"
+#define NO_PROFILES         "NO_PROFILES"
+#define NO_TOKEN_TYPE       "no_token_type"
+
+TPS_PUBLIC void set_tus_db_port(int number);
+TPS_PUBLIC void set_tus_db_host(char *name);
+TPS_PUBLIC void set_tus_db_baseDN(char *dn);
+TPS_PUBLIC void set_tus_db_bindDN(char *dn);
+TPS_PUBLIC void set_tus_db_bindPass(char *p);
+
+TPS_PUBLIC int is_tus_db_initialized();
+TPS_PUBLIC int get_tus_db_config(char *name);
+TPS_PUBLIC int tus_db_init(char **errorMsg);
+TPS_PUBLIC int allow_token_reenroll(char *cn);
+TPS_PUBLIC int allow_token_renew(char *cn);
+TPS_PUBLIC int force_token_format(char *cn);
+TPS_PUBLIC int is_token_pin_resetable(char *cn);
+TPS_PUBLIC int is_update_pin_resetable_policy(char *cn);
+TPS_PUBLIC int is_token_present(char *cn);
+TPS_PUBLIC int update_token_policy (char *cn, char *policy);
+TPS_PUBLIC char *get_token_policy (char *cn);
+TPS_PUBLIC char *get_token_userid(char *cn);
+TPS_PUBLIC void tus_db_end();
+TPS_PUBLIC void tus_db_cleanup();
+TPS_PUBLIC void tus_print_as_hex(char *out, SECItem *data);
+TPS_PUBLIC void tus_print_integer(char *out, SECItem *data);
+TPS_PUBLIC int is_tus_db_entry_disabled(char *cn);
+TPS_PUBLIC int add_default_tus_db_entry (const char *uid, const char *agentid, char *cn, const char *status, char *applet_version, char *key_info, const char *token_type );
+TPS_PUBLIC int delete_tus_db_entry (char *userid, char *cn);
+TPS_PUBLIC int delete_tus_general_db_entry (char *dn);
+TPS_PUBLIC int find_tus_db_entry (char *cn, int max, LDAPMessage **result);
+TPS_PUBLIC int find_tus_db_entries (const char *filter, int max, LDAPMessage **result);
+TPS_PUBLIC int find_tus_db_entries_pcontrol_1 (const char *filter, int max, int time_limit, int size_limit, LDAPMessage **result);
+TPS_PUBLIC int find_tus_token_entries (char *filter, int max, LDAPMessage **result, int order);
+TPS_PUBLIC int find_tus_token_entries_no_vlv (char *filter, LDAPMessage **result, int order);
+TPS_PUBLIC int tus_has_active_tokens(char *userid);
+TPS_PUBLIC char *get_token_reason(LDAPMessage *e);
+
+TPS_PUBLIC int update_tus_db_entry (const char *agentid,
+                        char *cn, const char *uid, char *keyInfo,
+                        const char *status,
+                        char *applet_version, const char *reason);
+TPS_PUBLIC int update_tus_db_entry_with_mods (const char *agentid, const char *cn, LDAPMod **mods);
+TPS_PUBLIC int check_and_modify_tus_db_entry (char *userid, char *cn, char *check, LDAPMod **mods);
+TPS_PUBLIC int modify_tus_db_entry (char *userid, char *cn, LDAPMod **mods);
+TPS_PUBLIC int add_activity (const char *ip, const char *id, const char *op, const char *result, const char *msg, const char *userid, const char *token_type);
+TPS_PUBLIC int find_tus_certificate_entries_by_order_no_vlv (char *filter,
+  LDAPMessage **result, int order);
+TPS_PUBLIC int find_tus_certificate_entries_by_order (char *filter, int max,
+  LDAPMessage **result, int order);
+TPS_PUBLIC int add_certificate (char *tokenid, char *origin, char *tokenType, char *userid, CERTCertificate *certificate, char *ktype, const char *status);
+TPS_PUBLIC int add_tus_db_entry (char *cn, LDAPMod **mods);
+TPS_PUBLIC int add_new_tus_db_entry (const char *userid, char *cn, const char *uid, int flag, const char *status, char *applet_version, char *key_info, const char *token_type);
+TPS_PUBLIC int find_tus_activity_entries (char *filter, int max, LDAPMessage **result);
+TPS_PUBLIC int find_tus_activity_entries_pcontrol_1 (char *filter, int max, int time_limit, int size_limit, LDAPMessage **result);
+TPS_PUBLIC int find_tus_activity_entries_no_vlv (char *filter, LDAPMessage **result, int order);
+TPS_PUBLIC int get_number_of_entries (LDAPMessage *result);
+TPS_PUBLIC int free_results (LDAPMessage *results);
+
+TPS_PUBLIC LDAPMessage *get_first_entry (LDAPMessage *result);
+TPS_PUBLIC LDAPMessage *get_next_entry (LDAPMessage *entry);
+TPS_PUBLIC CERTCertificate **get_certificates(LDAPMessage *entry);
+
+TPS_PUBLIC char **get_token_states();
+TPS_PUBLIC char **get_token_attributes();
+TPS_PUBLIC char **get_activity_attributes();
+TPS_PUBLIC char **get_user_attributes();
+TPS_PUBLIC char **get_view_user_attributes();
+TPS_PUBLIC struct berval **get_attribute_values(LDAPMessage *entry, const char *attribute);
+TPS_PUBLIC void free_values(struct berval **values, int ldapValues);
+TPS_PUBLIC struct berval **get_token_users(LDAPMessage *entry);
+TPS_PUBLIC char *get_token_id(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_tokenType(LDAPMessage *entry);
+TPS_PUBLIC char *get_token_status(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_cn(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_status(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_type(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_serial(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_issuer(LDAPMessage *entry);
+TPS_PUBLIC char *get_cert_attr_byname(LDAPMessage *entry, const char *name);
+TPS_PUBLIC char *get_applet_id(LDAPMessage *entry);
+TPS_PUBLIC char *get_key_info(LDAPMessage *entry);
+TPS_PUBLIC char *get_creation_date(LDAPMessage *entry);
+TPS_PUBLIC char *get_modification_date(LDAPMessage *entry);
+TPS_PUBLIC char *get_policy_name();
+TPS_PUBLIC char *get_reason_name();
+int find_tus_certificate_entries (char *filter, int max, LDAPMessage **result);
+TPS_PUBLIC char **get_certificate_attributes();
+
+TPS_PUBLIC int get_number_of_modifications(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_resets(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_enrollments(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_renewals(LDAPMessage *entry);
+TPS_PUBLIC int get_number_of_recoveries(LDAPMessage *entry);
+
+TPS_PUBLIC char *get_token_users_name();
+TPS_PUBLIC char *get_token_id_name();
+TPS_PUBLIC char *get_token_status_name();
+TPS_PUBLIC char *get_applet_id_name();
+TPS_PUBLIC char *get_key_info_name();
+TPS_PUBLIC char *get_creation_date_name();
+TPS_PUBLIC char *get_modification_date_name();
+TPS_PUBLIC char *get_number_of_modifications_name();
+TPS_PUBLIC char *get_number_of_resets_name();
+TPS_PUBLIC char *get_number_of_enrollments_name();
+TPS_PUBLIC char *get_number_of_renewals_name();
+TPS_PUBLIC char *get_number_of_recoveries_name();
+TPS_PUBLIC char *get_dn(LDAPMessage *entry);
+
+TPS_PUBLIC LDAPMod **allocate_modifications(int size);
+TPS_PUBLIC void free_modifications(LDAPMod **mods, int ldapValues);
+TPS_PUBLIC char **allocate_values(int size, int extra);
+TPS_PUBLIC char **create_modification_date_change();
+TPS_PUBLIC int base64_decode(char *src, unsigned char *dst);
+TPS_PUBLIC char *tus_authenticate(char *cert);
+TPS_PUBLIC int tus_authorize(const char *group, const char *userid);
+TPS_PUBLIC int update_cert_status(char *cn, const char *status);
+TPS_PUBLIC int update_token_status_reason(char *userid, char *cuid, 
+  const char *tokenStatus, const char *reason);
+TPS_PUBLIC int update_token_status_reason_userid(const char *userid, char *cuid,
+  const char *tokenStatus, const char *reason, int modifyDateOfCreate);
+
+TPS_PUBLIC int add_user_db_entry(const char *agentid, char *userid, char *userPassword, char *sn, char *givenName, char *cn, char * userCert);
+TPS_PUBLIC int find_tus_user_entries_no_vlv(char *filter, LDAPMessage **result, int order);
+TPS_PUBLIC int update_user_db_entry(const char *agentid, char *uid, char *lastName, char *givenName, char *userCN, char *userCert);
+TPS_PUBLIC int add_profile_to_user(const char *agentid, char *userid, const char *profile);
+TPS_PUBLIC int delete_profile_from_user(const char *agentid, char *userid, const char *profile);
+TPS_PUBLIC int add_user_to_role_db_entry(const char *agentid, char *userid, const char *role);
+TPS_PUBLIC int delete_user_from_role_db_entry(const char *agentid, char *userid, const char *role);
+TPS_PUBLIC int find_tus_user_role_entries( const char*uid, LDAPMessage **result);
+TPS_PUBLIC char *get_authorized_profiles(const char *userid, int is_admin);
+TPS_PUBLIC int delete_user_db_entry(const char *agentid, char *uid);
+TPS_PUBLIC int delete_all_profiles_from_user(const char *agentid, char *userid);
+#endif /* TUS_DB_H */
diff --git a/pki/base/tps/src/main/AttributeSpec.cpp b/pki/base/tps/src/main/AttributeSpec.cpp
new file mode 100644
index 000000000..23c2cd978
--- /dev/null
+++ b/pki/base/tps/src/main/AttributeSpec.cpp
@@ -0,0 +1,115 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/AttributeSpec.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+AttributeSpec::AttributeSpec ()
+{
+}
+
+AttributeSpec::~AttributeSpec ()
+{
+}
+
+AttributeSpec *AttributeSpec::Parse(Buffer *b, int offset)
+{
+	AttributeSpec *o = new AttributeSpec();
+	unsigned long id = (((unsigned char *)*b)[offset+0] << 24) + 
+		(((unsigned char *)*b)[offset+1] << 16) + 
+		(((unsigned char *)*b)[offset+2] << 8) + 
+		(((unsigned char *)*b)[offset+3]);
+	o->SetAttributeID(id);
+	// The following line generates the following known benign warning
+	// message on Windows platforms:
+	//
+	//    AttributeSpec.cpp(40) : warning C4244: 'argument' : conversion
+	//    from 'unsigned long' to 'unsigned char', possible loss of data
+	//
+	o->SetType((unsigned long)(((unsigned char *)*b)[offset+4]));
+	// DatatypeString contains two bytes for AttributeLen of AttributeData
+	Buffer data;
+	if (o->GetType() == (BYTE) 0)
+            data = b->substr(offset+5+2, b->size() - 5-2);
+	else
+            data = b->substr(offset+5, b->size() - 5);
+
+	o->SetData(data);
+        return o;
+}
+
+void AttributeSpec::SetAttributeID(unsigned long v)
+{
+	m_id = v;
+}
+
+unsigned long AttributeSpec::GetAttributeID()
+{
+	return m_id;
+}
+
+void AttributeSpec::SetType(BYTE v)
+{
+	m_type = v;
+}
+
+BYTE AttributeSpec::GetType()
+{
+	return m_type;
+}
+
+// sets AttributeData (for string type, contains AttributeLen+AttributeValue)
+void AttributeSpec::SetData(Buffer data)
+{
+	m_data = data;
+}
+
+// gets AttributeData
+Buffer AttributeSpec::GetValue()
+{
+  return m_data;
+}
+
+// gets AttributeSpec
+Buffer AttributeSpec::GetData()
+{
+	Buffer data = Buffer();
+	data += Buffer(1, (BYTE)(m_id >> 24) & 0xff);
+	data += Buffer(1, (BYTE)(m_id >> 16) & 0xff);
+	data += Buffer(1, (BYTE)(m_id >>  8) & 0xff);
+	data += Buffer(1, (BYTE)m_id & 0xff);
+	data += Buffer(1, m_type);
+	if (m_type == 0) { /* String */
+		data += Buffer(1, (m_data.size() >> 8) & 0xff);
+		data += Buffer(1, m_data.size() & 0xff);
+	}
+	data += m_data;
+	return data;
+}
+
diff --git a/pki/base/tps/src/main/AuthParams.cpp b/pki/base/tps/src/main/AuthParams.cpp
new file mode 100644
index 000000000..3a124252e
--- /dev/null
+++ b/pki/base/tps/src/main/AuthParams.cpp
@@ -0,0 +1,72 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "authentication/AuthParams.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC AuthParams::AuthParams () {
+}
+
+/**
+ * Destructs processor.
+ */
+AuthParams::~AuthParams () {
+}
+
+TPS_PUBLIC void AuthParams::SetUID(char *uid) {
+    Add("UID", uid);
+}
+
+TPS_PUBLIC char *AuthParams::GetUID() {
+    return GetValue("UID");
+}
+
+TPS_PUBLIC void AuthParams::SetPassword(char *pwd) {
+    Add("PASSWORD", pwd);
+}
+
+TPS_PUBLIC char *AuthParams::GetPassword() {
+    return GetValue("PASSWORD");
+}
+
+void AuthParams::SetSecuridValue(char *securidValue) {
+    Add("SECURID_VALUE", securidValue);
+}
+
+TPS_PUBLIC char *AuthParams::GetSecuridValue() {
+    return GetValue("SECURID_VALUE");
+}
+
+void AuthParams::SetSecuridPin(char *securidPin) {
+    Add("SECURID_PIN", securidPin);
+}
+
+TPS_PUBLIC char *AuthParams::GetSecuridPin() {
+    return GetValue("SECURID_PIN");
+}
+
diff --git a/pki/base/tps/src/main/Authentication.cpp b/pki/base/tps/src/main/Authentication.cpp
new file mode 100644
index 000000000..34ab76f0a
--- /dev/null
+++ b/pki/base/tps/src/main/Authentication.cpp
@@ -0,0 +1,105 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "main/RA_Session.h"
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/Util.h"
+#include "main/Memory.h"
+#include "authentication/Authentication.h"
+#include "authentication/AuthParams.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a base authentication
+ */
+TPS_PUBLIC Authentication::Authentication ()
+{
+}
+
+/**
+ * Destructs processor.
+ */
+TPS_PUBLIC Authentication::~Authentication ()
+{
+}
+
+void Authentication::Initialize(int index)
+{
+}
+
+int Authentication::Authenticate(AuthParams *params)
+{
+    return -1;
+}
+
+int Authentication::GetNumOfRetries() {
+    return m_retries;
+}
+
+const char *Authentication::GetTitle(char *locale)
+{
+    return NULL;
+}
+                                                                                
+const char *Authentication::GetDescription(char *locale)
+{
+    return NULL;
+}
+
+int Authentication::GetNumOfParamNames()
+{
+    return 0;
+}
+
+char *Authentication::GetParamID(int index)
+{
+    return NULL;
+}
+
+const char *Authentication::GetParamName(int index, char *locale)
+{
+    return NULL;
+}
+
+char *Authentication::GetParamType(int index)
+{
+    return NULL;
+}
+
+const char *Authentication::GetParamDescription(int index, char *locale)
+{
+    return NULL;
+}
+
+char *Authentication::GetParamOption(int index)
+{
+    return NULL;
+}
+
diff --git a/pki/base/tps/src/main/AuthenticationEntry.cpp b/pki/base/tps/src/main/AuthenticationEntry.cpp
new file mode 100644
index 000000000..eb7f75419
--- /dev/null
+++ b/pki/base/tps/src/main/AuthenticationEntry.cpp
@@ -0,0 +1,91 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "plstr.h"
+#include "main/AuthenticationEntry.h"
+
+/**
+ * Constructs a base authentication
+ */
+AuthenticationEntry::AuthenticationEntry ()
+{
+    m_lib = NULL;
+    m_Id = NULL;
+    m_type = NULL; 
+    m_authentication = NULL;
+}
+
+/**
+ * Destructs processor.
+ */
+AuthenticationEntry::~AuthenticationEntry ()
+{
+    if (m_lib != NULL) {
+        PR_UnloadLibrary(m_lib);
+        m_lib = NULL; 
+    }
+
+    if( m_Id != NULL ) {
+        PL_strfree( m_Id ); 
+        m_Id = NULL; 
+    }
+
+    if( m_type != NULL ) {
+        PL_strfree( m_type ); 
+        m_type = NULL; 
+    }
+
+    m_authentication = NULL;
+}
+
+void AuthenticationEntry::SetLibrary(PRLibrary* lib) {
+    m_lib = lib;
+}
+
+PRLibrary *AuthenticationEntry::GetLibrary() {
+    return m_lib;
+}
+
+void AuthenticationEntry::SetId(const char *id) {
+    m_Id = PL_strdup(id);
+}
+
+char *AuthenticationEntry::GetId() {
+    return m_Id;
+}
+
+void AuthenticationEntry::SetAuthentication(Authentication *auth) {
+    m_authentication = auth;
+}
+
+Authentication *AuthenticationEntry::GetAuthentication() {
+    return m_authentication;
+}
+
+void AuthenticationEntry::SetType(const char *type) {
+    m_type = PL_strdup(type);
+}
+
+char *AuthenticationEntry::GetType() {
+    return m_type;
+}
diff --git a/pki/base/tps/src/main/Buffer.cpp b/pki/base/tps/src/main/Buffer.cpp
new file mode 100644
index 000000000..2a547feea
--- /dev/null
+++ b/pki/base/tps/src/main/Buffer.cpp
@@ -0,0 +1,243 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <memory.h>
+#include <assert.h>
+#include <stdio.h>
+
+#include "main/Buffer.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC Buffer::Buffer(const BYTE *buf_, unsigned int len_) : len(len_), res(len_)
+{
+    buf = new BYTE[len];
+    memcpy(buf, buf_, len);
+}
+
+TPS_PUBLIC Buffer::Buffer(const Buffer& cpy)
+{
+    buf = 0;
+    *this = cpy;
+}
+
+TPS_PUBLIC Buffer::Buffer(unsigned int len_) : len(len_), res(len_)
+{
+    buf = new BYTE[res];
+    memset(buf, 0, len_);
+}
+
+TPS_PUBLIC Buffer::Buffer(unsigned int len_, BYTE b) : len(len_), res(len_)
+{
+    if (len_ == 0) {
+      buf = NULL;
+    } else {
+      buf = new BYTE[res];
+      memset(buf, b, len);
+    }
+}
+
+TPS_PUBLIC Buffer::~Buffer()
+{
+    if( buf != NULL ) {
+        delete [] buf;
+        buf = NULL;
+    }
+}
+
+TPS_PUBLIC bool
+Buffer::operator==(const Buffer& cmp) const
+{
+    if( len != cmp.len ) return false;
+    for( unsigned int i=0; i < len; ++i ) {
+        if( buf[i] != cmp.buf[i] ) {
+            return false;
+        }
+    }
+    return true;
+}
+
+TPS_PUBLIC Buffer&
+Buffer::operator=(const Buffer& cpy)
+{
+    if( this == &cpy ) return *this;
+    len = cpy.len;
+    if( buf != NULL ) {
+        delete [] buf;
+        buf = NULL;
+    }
+    if (cpy.len == 0) {
+      buf = NULL;
+    } else {
+      buf = new BYTE[len];
+      memcpy(buf, cpy.buf, len);
+    }
+    res = len;
+
+    return *this;
+}
+
+TPS_PUBLIC void
+Buffer::zeroize()
+{
+    if( len > 0 ) {
+        memset( buf, 0, len );
+    }
+}
+
+TPS_PUBLIC Buffer
+Buffer::operator+(const Buffer& addend) const
+{
+    Buffer result(len + addend.len);
+    memcpy(result.buf, buf, len);
+    memcpy(result.buf+len, addend.buf, addend.len);
+    return result;
+}
+
+TPS_PUBLIC Buffer&
+Buffer::operator+=(const Buffer& addend)
+{
+    unsigned int oldLen = len;
+    resize(len + addend.len);
+    memcpy(buf+oldLen, addend.buf, addend.len);
+    return *this;
+}
+
+TPS_PUBLIC Buffer&
+Buffer::operator+=(BYTE b)
+{
+    resize(len+1);
+    buf[len-1] = b;
+    return *this;
+}
+
+TPS_PUBLIC void
+Buffer::reserve(unsigned int n)
+{
+    if( n > res ) {
+        BYTE *newBuf = new BYTE[n];
+        memcpy(newBuf, buf, len);
+        if( buf != NULL ) {
+            delete [] buf;
+            buf = NULL;
+        }
+        buf = newBuf;
+        res = n;
+    }
+}
+
+TPS_PUBLIC void
+Buffer::resize(unsigned int newLen)
+{
+    if( newLen == len ) {
+        return;
+    } else if( newLen < len ) {
+        len = newLen;
+    } else if( newLen <= res ) {
+        assert( newLen > len );
+        memset(buf+len, 0, newLen-len);
+        len = newLen;
+    } else {
+        assert( newLen > len && newLen > res );
+        BYTE *newBuf = new BYTE[newLen];
+        memcpy(newBuf, buf, len);
+        memset(newBuf+len, 0, newLen-len);
+        if( buf != NULL ) {
+            delete [] buf;
+            buf = NULL;
+        }
+        buf = newBuf;
+        len = newLen;
+        res = newLen;
+    }
+}
+
+TPS_PUBLIC Buffer
+Buffer::substr(unsigned int i, unsigned int n) const
+{
+    assert( i < len  && (i+n) <= len );
+    return Buffer( buf+i, n );
+}
+
+TPS_PUBLIC void
+Buffer::replace(unsigned int i, const BYTE* cpy, unsigned int n)
+{
+    if (len > i+n) {
+    resize( len);
+    }else {
+    resize( i+n );
+    }
+    memcpy(buf+i, cpy, n);
+}
+
+TPS_PUBLIC void
+Buffer::dump() const
+{
+    unsigned int i;
+
+    for( i=0; i < len; ++i ) {
+        printf("%02x ", buf[i]);
+        if( i % 16 == 15 )  printf("\n");
+    }
+    printf("\n");
+}
+
+/*
+ * if caller knows it's a string, pad with ending 0 and return.
+ * note:
+ *   It is the caller's responsibility to make sure it's a string.
+ *   Memory needs to be released by the caller.
+ */
+TPS_PUBLIC char *
+Buffer::string()
+{
+    unsigned int i;
+    char *s = (char *) PR_Malloc(len+1);
+    for (i = 0; i < len; i++) {
+      s[i] = buf[i];
+    }
+    s[i] = '\0';
+    return s;
+}
+
+TPS_PUBLIC char *
+Buffer::toHex()
+{
+    unsigned int i;
+
+    char *hx =  (char *)PR_Malloc(1024);
+    if (hx == NULL)
+	    return NULL;
+    for( i=0; i < len; ++i ) {
+      PR_snprintf(hx+(i*2),1024-(i*2),"%02x", (unsigned char)buf[i]);
+    }
+
+    return hx;
+}
+
+static const char hextbl[] = {
+    '0', '1', '2', '3', '4', '5', '6', '7',
+    '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
+};
diff --git a/pki/base/tps/src/main/ConfigStore.cpp b/pki/base/tps/src/main/ConfigStore.cpp
new file mode 100644
index 000000000..e526b4039
--- /dev/null
+++ b/pki/base/tps/src/main/ConfigStore.cpp
@@ -0,0 +1,893 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include <regex.h>
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "main/ConfigStore.h"
+#include "main/Memory.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PR_CALLBACK void*
+_AllocTable(void* pool, PRSize size)
+{
+    return PR_MALLOC(size);
+}
+
+static PR_CALLBACK void
+_FreeTable(void* pool, void* item)
+{
+    PR_DELETE(item);
+}
+
+static PR_CALLBACK PLHashEntry*
+_AllocEntry(void* pool, const void* key)
+{
+    return PR_NEW(PLHashEntry);
+}
+
+static PR_CALLBACK void
+_FreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
+{
+    if( he == NULL ) {
+        return;
+    }
+
+    if (flag == HT_FREE_VALUE) {
+        if( he->value != NULL ) {
+            PL_strfree( (char*) he->value );
+            he->value = NULL;
+        }
+    } else if (flag == HT_FREE_ENTRY) {
+        if( he->key != NULL ) {
+            PL_strfree( (char*) he->key );
+            he->key = NULL;
+        }
+        if( he->value != NULL ) {
+            PL_strfree( (char*) he->value );
+            he->value = NULL;
+        }
+        PR_DELETE(he);
+    }
+}
+
+static PLHashAllocOps _AllocOps = {
+    _AllocTable,
+    _FreeTable,
+    _AllocEntry,
+    _FreeEntry
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+///// ConfigStoreRoot
+
+ConfigStoreRoot::ConfigStoreRoot()
+{ 
+	m_set = PL_NewHashTable(3, PL_HashString, 
+			PL_CompareStrings, PL_CompareValues, 
+			&_AllocOps, NULL);
+
+	m_set_refcount = 0;
+}
+
+// If the ConfigStoreRoot goes out of scope, we can't destroy
+// the Hashtable because others maybe depending on the values
+// inside. 
+ConfigStoreRoot::~ConfigStoreRoot ()
+{
+    if( m_set != NULL ) { 
+		if (m_set_refcount==0) {
+        	PL_HashTableDestroy( m_set );
+        	m_set = NULL;
+		}
+    }
+}
+
+void ConfigStoreRoot::addref()
+{
+	m_set_refcount++;
+}
+
+void ConfigStoreRoot::release()
+{
+	m_set_refcount--;
+}
+
+PLHashTable *ConfigStoreRoot::getSet()
+{
+	return m_set;
+}
+
+
+// ConfigureStore
+
+ConfigStore::ConfigStore(ConfigStoreRoot* root, const char *subStoreName)
+{ 
+	m_substore_name = PL_strdup(subStoreName);
+	m_root = root;
+	root->addref();
+        m_lock = PR_NewLock();
+}
+
+ConfigStore::~ConfigStore ()
+{ 
+	if (m_substore_name != NULL) {
+		PR_Free(m_substore_name);
+	}
+        if (m_cfg_file_path != NULL) {
+        	PR_Free(m_cfg_file_path);
+        }
+	m_root->release();
+        delete m_root;
+    
+        if (m_lock != NULL ) 
+            PR_DestroyLock(m_lock);
+}
+
+
+
+/*
+ConfigStore::ConfigStore(const ConfigStore &X)
+{
+	m_substore_name = X.m_substore_name;
+	m_root = X.m_root;
+	m_root.addref();
+}
+
+*/
+
+
+
+ConfigStore ConfigStore::GetSubStore(const char *substore)
+{
+	char *newname=NULL;
+	const char *name = m_substore_name;
+	if (strlen(name)==0) {	  // this is the root
+		newname = PL_strdup(substore);
+	} else {
+		newname = PR_smprintf("%s.%s",name,substore);
+	}
+	return ConfigStore(m_root,newname);
+}
+
+/**
+ * Reads configuration file and puts name value
+ * pair into the global hashtable.
+ */
+static int ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return)
+{
+       char *cur = buf;
+       int sum = 0;
+       PRInt32 rc;
+
+       *removed_return = 0;
+       while (1) {
+         rc = PR_Read(f, cur, 1);
+         if (rc == -1 || rc == 0)
+             break;
+         if (*cur == '\r') {
+             continue;
+         }
+         if (*cur == '\n') {
+             *cur = '\0';
+             *removed_return = 1;
+             break;
+         }
+         sum++;
+         cur++;
+       }
+       return sum;
+}
+
+#define MAX_CFG_LINE_LEN 4096
+
+ConfigStore *ConfigStore::CreateFromConfigFile(const char *cfg_path)
+{
+        PRFileDesc *f = NULL;
+        int removed_return;
+        char line[MAX_CFG_LINE_LEN];
+	ConfigStoreRoot *root = NULL;
+	ConfigStore *cfg = NULL;
+
+        f = PR_Open(cfg_path, PR_RDWR, 00400|00200);
+        if (f == NULL)
+                goto loser;
+
+		root = new ConfigStoreRoot();
+		cfg = new ConfigStore(root,"");
+
+        while (1) {
+                int n = ReadLine(f, line, MAX_CFG_LINE_LEN, &removed_return);
+                if (n > 0) {
+                        if (line[0] == '#')  // handle comment line
+                                continue;
+                        int c = 0;
+                        while ((c < n) && (line[c] != '=')) {
+                                c++;
+                        }
+                        if (c < n) {
+                                line[c] = '\0';
+                        } else {
+                                continue; /* no '=', skip this line */
+                        }
+                        cfg->Add(line, &line[c+1]);
+                } else if (n == 0 && removed_return == 1) {
+                        continue; /* skip empty line */
+                } else {
+                        break;
+                }
+        }
+        if( f != NULL ) {
+            PR_Close( f );
+            f = NULL;
+        }
+        cfg->SetFilePath(cfg_path);
+
+loser:
+        return cfg;
+}
+
+/**
+ * Parses string of format "n1=v1&n2=v2..."
+ * into a ConfigStore.
+ */
+ConfigStore *ConfigStore::Parse(const char *s, const char *separator)
+{
+	char *pair;
+	char *line = NULL;
+	int i;
+        int len;
+	char *lasts = NULL;
+
+	if (s == NULL)
+		return NULL;
+	ConfigStoreRoot *root = new ConfigStoreRoot();
+	ConfigStore *set= new ConfigStore(root,"");
+
+	line = PL_strdup(s);
+	pair = PL_strtok_r(line, separator, &lasts);
+	while (pair != NULL) {
+                len = strlen(pair);
+	        i = 0;
+		while (1) {
+                        if (i >= len) {
+				goto skip;
+                        }
+			if (pair[i] == '\0') {
+				goto skip;
+			}
+			if (pair[i] == '=') {
+				pair[i] = '\0';
+				break;
+			}
+			i++;
+		}
+                set->Add(&pair[0], &pair[i+1]);
+skip:
+		pair = PL_strtok_r(NULL, separator, &lasts);
+	}
+    if( line != NULL ) {
+        PL_strfree( line );
+        line = NULL;
+    }
+	return set;
+} 
+
+typedef struct {
+	int index;
+	char *key;
+} Criteria;
+
+typedef struct {
+    PRCList list;
+    char *key;
+} OrderedEntry_t;
+
+typedef struct {
+    regex_t *regex;
+    ConfigStore *store;
+} PatternEntry_t;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PRIntn CountLoop(PLHashEntry *he, PRIntn index, void *arg)
+{
+        Criteria *criteria = (Criteria *)arg;
+	criteria->index++;
+        return HT_ENUMERATE_NEXT;
+}
+
+static PRIntn Loop(PLHashEntry *he, PRIntn index, void *arg)
+{
+    Criteria *criteria = (Criteria *)arg;
+    if (criteria != NULL && index == criteria->index) {
+	    criteria->key = (char *)he->key;
+            return HT_ENUMERATE_STOP;
+    } else {
+            return HT_ENUMERATE_NEXT;
+    }
+}
+
+/**
+ * Called from PL_HashTableEnumerateEntries
+ * A pointer to a PRCList (circular linked list) is passed in. 
+ * Once enumeration is complete, the PRCList will contain a lexically
+ * ordered list of a copy of the keys in the hash.  
+ * The caller needs to free the copies
+ */ 
+static PRIntn OrderLoop(PLHashEntry *he, PRIntn index, void *arg)
+{
+    PRCList *qp = (PRCList *)arg;
+    OrderedEntry_t *entry;
+
+    if (he != NULL) {
+        entry = (OrderedEntry_t *) PR_Malloc(sizeof(OrderedEntry_t));
+        entry->key = PL_strdup((char *) he->key);
+        if (index ==0) {
+            PR_APPEND_LINK((PRCList *)entry, qp);
+            return HT_ENUMERATE_NEXT;
+        }
+        PRCList *head = PR_LIST_HEAD(qp);
+        PRCList *next;
+        while (head != qp) {
+            OrderedEntry_t *current = (OrderedEntry_t *) head;
+            if (strcmp((char *) he->key, (char *) current->key) <=0) 
+                break;
+            next = PR_NEXT_LINK(head);
+            head = next;
+        }
+        PR_INSERT_BEFORE((PRCList*) entry, head);
+        return HT_ENUMERATE_NEXT;
+    } else {
+        return HT_ENUMERATE_STOP;
+    }
+}
+
+/**
+ * Called from PL_HashTableEnumerateEntries
+ * A pointer to a PatternEntry is passed in.  A PatternEntry consists of 
+ * a pointer a regex_t and a pointer to a new config store. 
+ * Once enumeration is complete, the new config store will contain 
+ * all the parameters (key and values) whose keys match the regex.
+ */ 
+static PRIntn PatternLoop(PLHashEntry *he, PRIntn index, void *arg)
+{
+    PatternEntry_t *entry = (PatternEntry_t *) arg;
+
+    if (entry == NULL) {
+        return HT_ENUMERATE_STOP;
+    }
+
+    regex_t *r = entry->regex;
+    ConfigStore *store = entry->store;
+
+    if ((r == NULL) || (store == NULL)) {
+        return HT_ENUMERATE_STOP;
+    }
+
+    size_t no_sub = r->re_nsub+1; 
+    regmatch_t *result = NULL;
+
+    result = (regmatch_t *) PR_Malloc(sizeof(regmatch_t) * no_sub);
+ 
+    if ((he != NULL) && (he->key != NULL) && (he->value != NULL)) {
+        if (regexec(r, (char *) he->key, no_sub, result, 0)==0) {
+            // Found a match 
+            store->Add((const char*) he->key, (const char *) he->value);
+        }
+    }  else {
+        return HT_ENUMERATE_STOP;
+    }
+    
+    if (result != NULL) PR_Free(result);
+    return HT_ENUMERATE_NEXT;
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+int ConfigStore::Size()
+{
+        Criteria criteria;
+	criteria.index = 0;
+	criteria.key = NULL;
+
+        PR_Lock(m_lock);
+	PL_HashTableEnumerateEntries(m_root->getSet(), &CountLoop, &criteria);
+        PR_Unlock(m_lock);
+
+	return criteria.index;
+}
+
+const char *ConfigStore::GetNameAt(int pos)
+{
+        Criteria criteria;
+	criteria.index = pos;
+	criteria.key = NULL;
+
+        PR_Lock(m_lock);
+	PL_HashTableEnumerateEntries(m_root->getSet(), &Loop, &criteria);
+        PR_Unlock(m_lock);
+
+	return criteria.key;
+}
+
+/**
+ * Checks if a key is defined. 
+ */
+int ConfigStore::IsNameDefined(const char *name)
+{ 
+	if (m_root->getSet()!= NULL) {
+	  if (GetConfig(name) != NULL) 
+		return 1;
+	}
+	return 0; 
+}
+
+void ConfigStore::SetFilePath(const char* cfg_file_path) 
+{
+    m_cfg_file_path = PL_strdup(cfg_file_path);
+}
+
+void ConfigStore::Add(const char *name, const char *value)
+{
+	if (IsNameDefined(name)) {
+          PR_Lock(m_lock);
+	  PL_HashTableRemove(m_root->getSet(), name);
+	  PL_HashTableAdd(m_root->getSet(), PL_strdup(name), PL_strdup(value));
+          PR_Unlock(m_lock);
+	} else {
+          PR_Lock(m_lock);
+	  PL_HashTableAdd(m_root->getSet(), PL_strdup(name), PL_strdup(value));
+          PR_Unlock(m_lock);
+	}
+}
+
+void ConfigStore::Remove(const char *name)
+{
+	if (IsNameDefined(name)) {
+          PR_Lock(m_lock);
+	  PL_HashTableRemove(m_root->getSet(), name);
+          PR_Unlock(m_lock);
+	} 
+}
+
+const char *ConfigStore::GetConfig(const char *name)
+{ 
+	char buf[256];
+        char *ret;
+	if (m_root->getSet() ==NULL) {
+		return NULL;
+	}
+	if (PL_strlen(m_substore_name) == 0) {
+		PL_strncpy(buf,name,256);
+	} else {
+		PR_snprintf(buf,256,"%s.%s",m_substore_name,name);
+	}
+
+        PR_Lock(m_lock);
+        ret = (char *)PL_HashTableLookupConst(m_root->getSet(), buf);
+        PR_Unlock(m_lock);
+
+	return ret;
+}
+
+/**
+ * Retrieves configuration value as integer.
+ */
+int ConfigStore::GetConfigAsInt(const char *name)
+{
+        char *value = NULL;
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+          return 0;
+        return atoi(value);
+}
+
+/**
+ * Retrieves configuration value as integer. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC int ConfigStore::GetConfigAsInt(const char *name, int def)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+          return def;
+        return atoi(value);
+}
+
+
+/**
+ * Retrieves configuration value as unsigned integer.
+ */
+unsigned int ConfigStore::GetConfigAsUnsignedInt(const char *name)
+{
+        char *value = NULL;
+		int i = 0;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL) {
+          return 0;
+        }
+
+        i = atoi(value);
+        if (i < 0) {
+          return 0;
+        }
+        return i;
+}
+
+/**
+ * Retrieves configuration value as unsigned integer. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC unsigned int ConfigStore::GetConfigAsUnsignedInt(const char *name, unsigned int def)
+{
+        char *value = NULL;
+		int i = 0;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL) {
+          return def;
+        }
+
+        i = atoi(value);
+        if (i < 0) {
+          return def;
+        }
+        return i;
+}
+
+
+/**
+ * Retrieves configuration value as boolean.
+ */
+bool ConfigStore::GetConfigAsBool(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+          return false;
+        if (PL_CompareStrings("true", value) != 0)
+          return true;
+        else
+          return false;
+}
+
+/**
+ * Retrieves configuration value as boolean. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC bool ConfigStore::GetConfigAsBool(const char *name, bool def)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+                return def;
+
+        if (PL_CompareStrings("true", value) != 0)
+          return true;
+	else if (PL_CompareStrings("false", value) != 0)
+	  return false;
+	else
+	  return def;
+}
+
+/**
+ * Retrieves configuration value as string. If key is
+ * not defined, default value is returned.
+ */
+TOKENDB_PUBLIC const char *ConfigStore::GetConfigAsString(const char *name, const char *def)
+{
+        char *value = NULL;
+
+        value = (char *)GetConfig(name);
+        if (value == NULL)
+                return def;
+        return value;
+}
+
+/**
+ * Retrieves configuration value as string.
+ */
+TPS_PUBLIC const char *ConfigStore::GetConfigAsString(const char *name)
+{
+        return (char *)GetConfig(name);
+}
+
+
+/**
+ * Allow operator[] overloading for retrieval of config strings
+ */
+const char* ConfigStore::operator[](const char*name)
+{
+	return GetConfigAsString(name);
+}
+
+
+Buffer *ConfigStore::GetConfigAsBuffer(const char *key)
+{
+        return GetConfigAsBuffer(key, NULL);
+}
+
+Buffer *ConfigStore::GetConfigAsBuffer(const char *key, const char *def)
+{
+        const char *value = NULL;
+
+        value = (char *)GetConfig(key);
+        if (value == NULL) {
+                if (def == NULL) {
+                        return NULL;
+                } else {
+                  return Util::Str2Buf(def);
+                }
+        } else {
+                return Util::Str2Buf(value);
+        }
+}
+
+/**
+ * returns a string containing all the parameters in the ConfigStore hash set in the 
+ * format key1=value1&&key2=value2&& ...
+ * The list will be lexically ordered by parameter key values.
+ * The string needs to be freed by the caller.
+ **/
+TPS_PUBLIC const char* ConfigStore::GetOrderedList()
+{
+    char *outstr = NULL;
+    char *new_string = NULL;
+    PRCList order_list;
+    PR_INIT_CLIST(&order_list);
+
+    PR_Lock(m_lock);
+    PL_HashTableEnumerateEntries(m_root->getSet(), &OrderLoop, &order_list);
+    PR_Unlock(m_lock);
+
+    PRCList *current = PR_LIST_HEAD(&order_list);
+    PRCList *next;
+
+    outstr = (char*) PR_Malloc(128);
+    int allocated = 128;
+    int needed = 0;
+    PR_snprintf(outstr, 128, "");
+
+    while (current != &order_list) {
+        OrderedEntry_t *entry = (OrderedEntry_t *) current;
+        const char *value = GetConfigAsString(entry->key, "");
+
+        if ((entry != NULL) && (entry->key != NULL)) {
+            needed = PL_strlen(outstr) + PL_strlen(entry->key) + PL_strlen(value) + 4;
+            if (allocated <= needed) {
+                while (allocated <= needed) {
+                    allocated = allocated * 2;
+                }
+                new_string = (char *)PR_Malloc(allocated);
+                PR_snprintf(new_string, allocated, "%s", outstr);
+                PR_Free(outstr);
+                outstr = new_string;
+            } 
+                
+            PL_strcat(outstr, entry->key);
+            PL_strcat(outstr, "=");
+            PL_strcat(outstr, value);
+
+            // free the memory for the Ordered Entry
+            PL_strfree(entry->key);
+        }
+
+        next = PR_NEXT_LINK(current);
+        PR_REMOVE_AND_INIT_LINK(current);
+        if (current != NULL) {
+            PR_Free(current);
+        }
+        current = next;
+
+        if (current != &order_list) PL_strcat(outstr, "&&");
+    }
+    return outstr;
+}
+
+/**
+ * Commits changes to the config file
+ */
+TPS_PUBLIC int ConfigStore::Commit(const bool backup, char *error_msg, int len)
+{
+    char name_tmp[256], cdate[256], name_bak[256], bak_dir[256];
+    char basename[256], dirname[256];
+    PRFileDesc *ftmp  = NULL;
+    PRExplodedTime time;
+    PRTime now;
+    PRStatus status;
+
+    if (m_cfg_file_path == NULL) {
+        PR_snprintf(error_msg, len, "ConfigStore::Commit(): m_cfg_file_path is NULL!");
+        return 1;
+    }
+
+    if (strrchr(m_cfg_file_path, '/') != NULL) {
+        PR_snprintf((char *) basename, 256, "%s", strrchr(m_cfg_file_path, '/') +1);
+        PR_snprintf((char *) dirname, PL_strlen(m_cfg_file_path) - PL_strlen(basename), "%s", m_cfg_file_path);
+        PL_strcat(dirname, '\0');
+    } else {
+        PR_snprintf((char *) basename, 256, "%s", m_cfg_file_path);
+        PR_snprintf((char *) dirname, 256, ".");
+    }
+    PR_snprintf(bak_dir, 256, "%s/bak", dirname); 
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+        time.tm_year, (time.tm_month + 1), time.tm_mday,
+        time.tm_hour, time.tm_min, time.tm_sec);
+    PR_snprintf(name_tmp, 256, "%s.%s.tmp", m_cfg_file_path,cdate);
+    PR_snprintf(name_bak, 256, "%s/%s.%s", bak_dir, basename, cdate);
+
+    ftmp = PR_Open(name_tmp, PR_WRONLY| PR_CREATE_FILE, 00400|00200);
+    if (ftmp == NULL) {
+        // unable to create temporary config file 
+        PR_snprintf(error_msg, len, "ConfigStore::Commit(): unable to create temporary config file");
+        return 1;
+    }
+
+    PRCList order_list;
+    PR_INIT_CLIST(&order_list);
+
+    PR_Lock(m_lock);
+    PL_HashTableEnumerateEntries(m_root->getSet(), &OrderLoop, &order_list);
+    PR_Unlock(m_lock);
+
+    PRCList *current = PR_LIST_HEAD(&order_list);
+    PRCList *next;
+
+    while (current != &order_list) {
+        OrderedEntry_t *entry = (OrderedEntry_t *) current;
+        PR_Write(ftmp, entry->key, PL_strlen(entry->key));
+        PR_Write(ftmp, "=", 1);
+        const char *value = GetConfigAsString(entry->key, "");
+        PR_Write(ftmp, value, PL_strlen(value));
+        PR_Write(ftmp, "\n", 1);
+
+        // free the memory for the Ordered Entry
+        if (entry->key != NULL)  PL_strfree(entry->key);
+
+        next = PR_NEXT_LINK(current);
+        PR_REMOVE_AND_INIT_LINK(current);
+        if (current != NULL) {
+            PR_Free(current);
+        }
+        current = next;
+    }
+
+    PR_Close(ftmp);
+
+    if (backup) { 
+        // create the backup directory if it does not exist
+        if (PR_Access(bak_dir, PR_ACCESS_EXISTS) != PR_SUCCESS) {
+            PR_MkDir(bak_dir, 00770);
+        } 
+        status = PR_Rename(m_cfg_file_path, name_bak);
+        if (status != PR_SUCCESS) {
+            // failed to back up CS.cfg
+        }
+    } 
+    if (PR_Access(m_cfg_file_path, PR_ACCESS_EXISTS) == PR_SUCCESS) {
+        // backup is false, or backup failed
+        status = PR_Delete(m_cfg_file_path);
+        if (status != PR_SUCCESS) {
+            // failed to delete old CS.cfg file
+            PR_snprintf(error_msg, len, "ConfigStore::Commit(): unable to delete old CS.cfg file");
+            return 1;
+        }
+    }
+
+    status = PR_Rename(name_tmp, m_cfg_file_path);
+    if (status != PR_SUCCESS) {
+        // failed to move tmp to CS.cfg 
+        // major badness - we now have only tmp file, no CS.cfg
+        PR_snprintf(error_msg, len, "ConfigStore::Commit(): failed to move tmp file to CS.cfg");
+        return 1;
+    }
+
+    return 0;
+}
+
+/**
+ * Takes in a string containing a regular expression.
+ * Returns a new ConfigStore which contains only those parameters whose
+ * keys match the pattern.
+ * The new Configstore must of course be freed by the caller.
+ **/
+ConfigStore *ConfigStore::GetPatternSubStore(const char *pattern)
+{
+
+    ConfigStoreRoot *root = NULL;
+    ConfigStore *ret = NULL;
+    PatternEntry_t entry;
+    regex_t *regex = NULL;
+    int err_no=0; /* For regerror() */
+
+    regex = (regex_t *) malloc(sizeof(regex_t));
+    memset(regex, 0, sizeof(regex_t));
+
+    if((err_no=regcomp(regex, pattern, 0))!=0) /* Compile the regex */
+    {
+      // Error in computing the regex
+      size_t length; 
+      char *buffer;
+      length = regerror (err_no, regex, NULL, 0);
+      buffer = (char *) PR_Malloc(length);
+      regerror (err_no, regex, buffer, length);
+      // PR_fprintf(m_dump_f, "%s\n", buffer); /* Print the error */
+      PR_Free(buffer);
+      regfree(regex);
+      return NULL;
+    }
+
+    entry.regex = regex;
+    root = new ConfigStoreRoot();
+    ret = new ConfigStore(root, "");
+    entry.store = ret;
+
+    PR_Lock(m_lock);
+    PL_HashTableEnumerateEntries(m_root->getSet(), &PatternLoop, &entry);
+    PR_Unlock(m_lock);
+
+    /* cleanup */
+    //regfree(entry.regex);
+    //entry.store = NULL;
+
+    ret->SetFilePath("");
+    return ret;
+}
+
diff --git a/pki/base/tps/src/main/LogFile.cpp b/pki/base/tps/src/main/LogFile.cpp
new file mode 100644
index 000000000..e2dec7026
--- /dev/null
+++ b/pki/base/tps/src/main/LogFile.cpp
@@ -0,0 +1,290 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#ifdef __cplusplus
+}   
+#endif
+
+#include "main/ConfigStore.h"
+#include "engine/RA.h"
+#include "main/LogFile.h"
+#include "main/RA_Context.h"
+#include "main/Util.h"
+
+//default constructor
+LogFile::LogFile():
+    m_fd(NULL), 
+    m_fname(NULL), 
+    m_signed_log(false),
+    m_bytes_written(0),
+    m_signed(false), 
+    m_monitor(NULL),
+    m_ctx(NULL) { }
+
+int LogFile::startup(RA_Context *ctx, const char* prefix, const char *fname, bool signed_audit) 
+{
+    if (ctx == NULL) {
+        return PR_FAILURE;
+    }
+
+    if (fname == NULL) {
+        ctx->LogError("LogFile::startup",
+                      __LINE__,
+                      "startup error, fname is  NULL");
+        return PR_FAILURE;
+    }
+
+    m_ctx = ctx;
+    m_signed_log = signed_audit;
+    m_fname = PL_strdup(fname);
+    m_bytes_written =0;
+    m_signed = false;
+    m_fd = (PRFileDesc*) NULL;
+    m_monitor = PR_NewMonitor();
+
+    m_ctx->LogInfo( "LogFile::startup",
+                     __LINE__,
+                     "thread = 0x%lx: Logfile %s startup complete",
+                     PR_GetCurrentThread(), m_fname);
+    return PR_SUCCESS;
+}
+
+bool LogFile::isOpen()
+{
+    if (m_fd != NULL) return true;
+    return false;
+}
+
+void LogFile::shutdown() 
+{
+    m_ctx->LogInfo( "LogFile::shutdown",
+                      __LINE__,
+                      "thread = 0x%lx: Logfile %s shutting down",
+                      PR_GetCurrentThread(), m_fname);
+
+    PR_EnterMonitor(m_monitor);
+    if (m_fd != NULL) {
+        close();
+        m_fd = (PRFileDesc *) NULL;
+    }
+
+    if (m_fname != NULL) {
+        PR_Free(m_fname);
+        m_fname = NULL;
+    }
+
+    PR_ExitMonitor(m_monitor);
+    
+    if (m_monitor != NULL) {
+       PR_DestroyMonitor(m_monitor);
+       m_monitor = (PRMonitor *) NULL;
+    }
+}
+
+int LogFile::open()
+{
+    PRFileInfo info;
+    PR_EnterMonitor(m_monitor);
+    if (m_fd == NULL) {
+        m_fd = PR_Open(m_fname,  PR_RDWR | PR_CREATE_FILE | PR_APPEND, 440|200);
+        if (m_fd == NULL) {
+            m_ctx->LogError( "LogFile::open",
+                      __LINE__,
+                      "Unable to open log file %s",
+                      m_fname);
+
+            goto loser;
+        }
+        PRStatus status = PR_GetOpenFileInfo(m_fd, &info);
+        if (status != PR_SUCCESS) { 
+            m_ctx->LogError( "LogFile::open",
+                      __LINE__,
+                      "Unable to get file information for log file %s",
+                      m_fname);
+            goto loser;
+        }
+
+        set_bytes_written(info.size);
+    }
+    PR_ExitMonitor(m_monitor);
+    return PR_SUCCESS;
+
+    loser: 
+        if (m_fd != NULL) {
+            PR_Close(m_fd);
+            m_fd = (PRFileDesc *)NULL;
+        }
+        set_bytes_written(0);
+        PR_ExitMonitor(m_monitor);
+        return PR_FAILURE;
+}
+
+int LogFile::close() 
+{
+   PRStatus status;
+   PR_EnterMonitor(m_monitor);
+   status = PR_Close(m_fd);
+   if (status != PR_SUCCESS) {
+        m_ctx->LogError( "LogFile::close",
+                      __LINE__,
+                      "Failed to close log file %s",
+                      m_fname);
+   }
+   PR_ExitMonitor(m_monitor);
+   return status;
+}
+
+int LogFile::ReadLine(char *buf, int buf_len, int *removed_return)
+{
+    return Util::ReadLine(m_fd, buf,buf_len, removed_return);
+}
+
+int LogFile::printf(const char* fmt, ...)
+{
+    PRInt32 status;
+    char msg[4096];
+    va_list ap;
+    va_start(ap, fmt);
+    PR_vsnprintf((char *) msg, 4096, fmt, ap);
+    status = this->write(msg);
+    va_end(ap);
+    return status;
+}
+
+int LogFile::write(char *msg_in, size_t n)
+{
+    char msg[4096];
+    PRInt32 status;
+
+    if (n > 4096) {
+        m_ctx->LogError("LogFile::write", 
+            __LINE__,
+            "Trying to write more than 4096 bytes in one write to log file %s. Truncating ...",
+            m_fname);
+        n=4096;
+    }
+
+    PR_snprintf(msg, n, "%s", msg_in);
+    status = this->write(msg);
+    return status;
+}
+
+int LogFile::vfprintf(const char* fmt, va_list ap)
+{
+    char msg[4096];
+    PRInt32 status;
+
+    PR_vsnprintf((char *) msg, 4096, fmt, ap);
+    status = this->write(msg);
+    return status;
+}
+
+int LogFile::write(const char * msg)
+{
+    PRErrorCode error;
+    PRInt32 status;
+    int len;
+
+    if (msg == NULL) {
+        return PR_SUCCESS;
+    }
+
+    PR_EnterMonitor(m_monitor);
+    len = PL_strlen(msg);
+    if (m_fd != NULL) {
+        status = PR_Write(m_fd, msg, len);
+        if (status != len) {
+            m_ctx->LogError( "LogFile::write",
+                          __LINE__,
+                          "Too few or too many bytes written to log file  %s",
+                          m_fname);
+            goto loser;
+        } else if (status < 0) {
+            // write failed
+            error = PR_GetError();
+            m_ctx->LogError( "LogFile::write",
+                          __LINE__,
+                          "Write to log file %s failed: code %d",
+                          m_fname, error);
+            goto loser;
+        } else {
+            set_bytes_written(get_bytes_written() + len);
+        }
+    }
+    PR_ExitMonitor(m_monitor);
+    return PR_SUCCESS; 
+    loser: 
+        PR_ExitMonitor(m_monitor);
+        return PR_FAILURE;
+}   
+
+void LogFile::setSigned(bool val) {
+    m_signed = val;
+}
+
+bool LogFile::getSigned() {
+   return m_signed;
+}
+
+int LogFile::get_bytes_written() {
+    return m_bytes_written;
+}
+
+void LogFile::set_bytes_written(int val) {
+    if (val >=0) { 
+        m_bytes_written = val;
+    } else {
+        m_ctx->LogError("LogFile::set_bytes_written", 
+                        __LINE__, 
+                        "Attempt to set m_bytes_written to a negative value. Ignoring");
+    }
+}
+
+RA_Context * LogFile::get_context() {
+    return m_ctx;
+}
+
+void LogFile::set_context(RA_Context *ctx) {
+    m_ctx = ctx;
+}
+
+
diff --git a/pki/base/tps/src/main/Login.cpp b/pki/base/tps/src/main/Login.cpp
new file mode 100644
index 000000000..116ac7769
--- /dev/null
+++ b/pki/base/tps/src/main/Login.cpp
@@ -0,0 +1,72 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "main/Base.h"
+#include "main/Login.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a login object.
+ */
+Login::Login (char *uid, char *pwd)
+{
+    if (uid == NULL) {
+	    m_uid = NULL;
+    } else {
+	    m_uid = PL_strdup(uid);
+    }
+    if (pwd == NULL) {
+	    m_pwd = NULL;
+    } else {
+	    m_pwd = PL_strdup(pwd);
+    }
+}
+
+/**
+ * Destructs login object.
+ */
+Login::~Login ()
+{
+    if( m_uid != NULL ) {
+        PL_strfree( m_uid );
+        m_uid = NULL;
+    }
+    if( m_pwd != NULL ) {
+        PL_strfree( m_pwd );
+        m_pwd = NULL;
+    }
+}
+
+/**
+ * Retrieves user id.
+ */
+char *Login::GetUID()
+{
+	return m_uid;
+}
+
+/**
+ * Retrieves password.
+ */
+char *Login::GetPassword()
+{
+	return m_pwd;
+}
diff --git a/pki/base/tps/src/main/Memory.cpp b/pki/base/tps/src/main/Memory.cpp
new file mode 100644
index 000000000..1ee5027d0
--- /dev/null
+++ b/pki/base/tps/src/main/Memory.cpp
@@ -0,0 +1,268 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "plhash.h"
+#include "pk11func.h"
+
+#include "main/MemoryMgr.h"
+
+#ifdef MEM_PROFILING
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+typedef struct _ref_block
+{
+	int id;
+	void *ptr;
+	const char *file;
+	const char *func;
+	const char *type;
+	int line;
+	int size;
+	int used;
+	PRTime time;
+} ref_block;
+
+#define MAX_BLOCKS 8096
+static ref_block m_rb[MAX_BLOCKS];
+
+static PRLock *m_free_block_lock = NULL;
+static PRLock *m_dump_lock = NULL;
+static PRLock *m_audit_lock = NULL;
+
+ref_block *get_free_block()
+{
+	int i;
+	PR_Lock(m_free_block_lock);
+	for (i = 0; i < MAX_BLOCKS; i++) {
+		if (m_rb[i].used == 0) {
+			// lock
+			m_rb[i].used = 1;
+	                m_rb[i].time = PR_Now();
+	                PR_Unlock(m_free_block_lock);
+			return &m_rb[i];
+		}
+	}
+        PR_Unlock(m_free_block_lock);
+	return NULL;
+}
+
+ref_block *find_block(void *ptr)
+{
+	int i;
+	for (i = 0; i < MAX_BLOCKS; i++) {
+		if (m_rb[i].used == 1 && m_rb[i].ptr == ptr) {
+			return &m_rb[i];
+		}
+	}
+	return NULL;
+}
+
+void free_block(ref_block *rb)
+{
+	rb->used = 0;
+}
+
+static PRFileDesc *m_audit_f = NULL;
+static PRFileDesc *m_dump_f = NULL;
+
+void MEM_init(char *audit_file, char *dump_file)
+{
+       m_audit_f = PR_Open(audit_file, PR_RDWR|PR_CREATE_FILE|PR_APPEND, 
+		       00200|00400);
+       m_dump_f = PR_Open(dump_file,  PR_RDWR|PR_CREATE_FILE|PR_APPEND,
+		       00200|00400);
+
+       int i;
+       for (i = 0; i < MAX_BLOCKS; i++) {
+		m_rb[i].id = i;
+		m_rb[i].used = 0;
+       }
+       m_free_block_lock = PR_NewLock();
+       m_dump_lock = PR_NewLock();
+       m_audit_lock = PR_NewLock();
+}
+
+void MEM_shutdown()
+{
+       PR_DestroyLock(m_free_block_lock);
+       PR_DestroyLock(m_dump_lock);
+       PR_DestroyLock(m_audit_lock);
+       if (m_dump_f != NULL) {
+           PR_Close(m_dump_f);
+       }
+       if (m_audit_f != NULL) {
+           PR_Close(m_audit_f);
+       }
+}
+
+static void MEM_audit_block(ref_block *ref, const char *type, const char *func, const char *file, int line, PRFileDesc *f)
+{
+       PRTime now;
+       const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+       char datetime[1024];
+       PRExplodedTime time;
+       char datetime1[1024];
+       PRExplodedTime time1;
+
+       now = PR_Now();
+       PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+       PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+
+       PR_ExplodeTime(ref->time, PR_LocalTimeParameters, &time1);
+       PR_FormatTimeUSEnglish(datetime1, 1024, time_fmt, &time1);
+
+       PR_Lock(m_audit_lock);
+       PR_fprintf(f, "[%s] ID='%d' Size='%d' Type='%s' Func='%s' File='%s' Line='%d' Time='%s'\n", 
+  	datetime, ref->id, ref->size, type, func, file, line, datetime1);
+       PR_Sync(f);
+       PR_Unlock(m_audit_lock);
+}
+
+void MEM_dump_unfree()
+{
+       int i;
+       PRTime now;
+       const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+       char datetime[1024];
+       PRExplodedTime time;
+       char datetime1[1024];
+       PRExplodedTime time1;
+       int sum_count = 0;
+       int sum_mem = 0;
+
+       now = PR_Now();
+       PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+       PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+
+       PR_Lock(m_dump_lock);
+       PR_fprintf(m_dump_f, "--------------------------------------------\n");
+       PR_fprintf(m_dump_f, "Memory Report - '%s'\n", datetime);
+       PR_fprintf(m_dump_f, "1) Unfree Blocks:\n");
+       PR_fprintf(m_dump_f, "\n");
+       for (i = 0; i < MAX_BLOCKS; i++) {
+	       if (!m_rb[i].used)
+		       continue;
+               PR_ExplodeTime(m_rb[i].time, PR_LocalTimeParameters, &time1);
+               PR_FormatTimeUSEnglish(datetime1, 1024, time_fmt, &time1);
+       	       PR_fprintf(m_dump_f, "   ID='%d' Size='%d' Type='%s' Func='%s' File='%s' Line='%d' Time='%s'\n", m_rb[i].id, m_rb[i].size, m_rb[i].type, m_rb[i].func, m_rb[i].file, m_rb[i].line, datetime1);
+	       sum_mem += m_rb[i].size;
+	       sum_count += 1;
+       }
+       PR_fprintf(m_dump_f, "\n");
+       PR_fprintf(m_dump_f, "2) Total Unfree Memory Size:\n");
+       PR_fprintf(m_dump_f, "   %d bytes\n", sum_mem);
+       PR_fprintf(m_dump_f, "\n");
+       PR_fprintf(m_dump_f, "3) Total Unfree Memory Blocks:\n");
+       PR_fprintf(m_dump_f, "   %d\n", sum_count);
+       PR_fprintf(m_dump_f, "\n");
+       PR_fprintf(m_dump_f, "--------------------------------------------\n");
+       PR_Sync(m_dump_f);
+       PR_Unlock(m_dump_lock);
+}
+
+char *MEM_strdup(const char *s, const char *type, const char *func, const char *file, int line)
+{
+	ref_block *rb = get_free_block();
+	if (rb == NULL)
+		return NULL;
+
+	char *buf = strdup(s);
+
+	rb->ptr = buf;
+	rb->func = func;
+	rb->file = file;
+	rb->line = line;
+	rb->type = type;
+	rb->size = strlen(s) + 1;
+        MEM_audit_block(rb, rb->type, rb->func, rb->file, rb->line, m_audit_f);
+
+	return buf;
+}
+
+void *MEM_malloc(int size, const char *type, const char *func, const char *file, int line)
+{
+	ref_block *rb = get_free_block();
+	if (rb == NULL)
+		return NULL;
+	void *buf = malloc(size);
+
+	rb->ptr = buf;
+	rb->func = func;
+	rb->file = file;
+	rb->line = line;
+	rb->type = type;
+	rb->size = size;
+        MEM_audit_block(rb, rb->type, rb->func, rb->file, rb->line, m_audit_f);
+
+	return buf;
+}
+
+void MEM_free(void *p, const char *type, const char *func, const char *file, int line)
+{
+	if (p == NULL)
+		return;
+	ref_block *rb = find_block(p);
+	if (rb == NULL)
+		return;
+        MEM_audit_block(rb, type, func, file, line, m_audit_f);
+        free(p);
+        free_block(rb);
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+#if 0
+void *operator new(size_t size, const char *func, const char *file, int line)  
+{
+	      return MEM_malloc(size, func, file, line);
+}
+
+void *operator new[](size_t size, const char *func, const char *file, int line)  
+{
+	      return MEM_malloc(size, func, file, line);
+}
+
+#endif
+void operator delete(void *p)
+{
+	      MEM_free(p,"delete","", "", 0);
+}
+
+void operator delete[](void *p)
+{
+	      MEM_free(p,"delete[]","", "", 0);
+}
+
+#endif /* MEM_PROFILING */
+
diff --git a/pki/base/tps/src/main/NameValueSet.cpp b/pki/base/tps/src/main/NameValueSet.cpp
new file mode 100644
index 000000000..bd95a8e4a
--- /dev/null
+++ b/pki/base/tps/src/main/NameValueSet.cpp
@@ -0,0 +1,322 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "main/NameValueSet.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PR_CALLBACK void*
+_AllocTable(void* pool, PRSize size)
+{
+    return PR_MALLOC(size);
+}
+
+static PR_CALLBACK void
+_FreeTable(void* pool, void* item)
+{
+    PR_DELETE(item);
+}
+
+static PR_CALLBACK PLHashEntry*
+_AllocEntry(void* pool, const void* key)
+{
+    return PR_NEW(PLHashEntry);
+}
+
+static PR_CALLBACK void
+_FreeEntry(void* pool, PLHashEntry* he, PRUintn flag)
+{
+    if( he == NULL ) {
+        return;
+    }
+
+    if (flag == HT_FREE_VALUE) {
+        if( he->value != NULL ) {
+            PL_strfree( ( char* ) he->value );
+            he->value = NULL;
+        }
+    } else if (flag == HT_FREE_ENTRY) {
+        if( he->key != NULL ) {
+            PL_strfree( ( char* ) he->key );
+            he->key = NULL;
+        }
+        if( he->value != NULL ) {
+            PL_strfree( ( char* ) he->value );
+            he->value = NULL;
+        }
+        PR_DELETE(he);
+    }
+}
+
+static PLHashAllocOps _AllocOps = {
+    _AllocTable,
+    _FreeTable,
+    _AllocEntry,
+    _FreeEntry
+};
+
+#ifdef __cplusplus
+}
+#endif
+
+TPS_PUBLIC NameValueSet::NameValueSet()
+{ 
+	m_set = PL_NewHashTable(3, PL_HashString, 
+			PL_CompareStrings, PL_CompareValues, 
+			&_AllocOps, NULL);
+}
+
+TPS_PUBLIC NameValueSet::~NameValueSet ()
+{ 
+    if( m_set != NULL ) { 
+        PL_HashTableDestroy( m_set );
+        m_set = NULL;
+    }
+
+    return;
+}
+
+/**
+ * Parsers string of format "n1=v1&n2=v2..."
+ * into a NameValueSet.
+ */
+TPS_PUBLIC NameValueSet *NameValueSet::Parse(const char *s, const char *separator)
+{
+	NameValueSet *set = NULL;
+	char *pair;
+	char *line = NULL;
+	int i;
+        int len;
+	char *lasts = NULL;
+
+	if (s == NULL)
+		return NULL;
+	set = new NameValueSet();
+	line = PL_strdup(s);
+	pair = PL_strtok_r(line, separator, &lasts);
+	while (pair != NULL) {
+                len = strlen(pair);
+	        i = 0;
+		while (1) {
+                        if (i >= len) {
+				goto skip;
+                        }
+			if (pair[i] == '\0') {
+				goto skip;
+			}
+			if (pair[i] == '=') {
+				pair[i] = '\0';
+				break;
+			}
+			i++;
+		}
+                set->Add(&pair[0], &pair[i+1]);
+skip:
+		pair = PL_strtok_r(NULL, separator, &lasts);
+	}
+    if( line != NULL ) {
+        PL_strfree( line );
+        line = NULL;
+    }
+	return set;
+} 
+
+typedef struct {
+	int index;
+	char *key;
+} Criteria;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+static PRIntn CountLoop(PLHashEntry *he, PRIntn index, void *arg)
+{
+        Criteria *criteria = (Criteria *)arg;
+	criteria->index++;
+        return HT_ENUMERATE_NEXT;
+}
+
+static PRIntn Loop(PLHashEntry *he, PRIntn index, void *arg)
+{
+    Criteria *criteria = (Criteria *)arg;
+    if (criteria != NULL && index == criteria->index) {
+	    criteria->key = (char *)he->key;
+            return HT_ENUMERATE_STOP;
+    } else {
+            return HT_ENUMERATE_NEXT;
+    }
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+TPS_PUBLIC int NameValueSet::Size()
+{
+        Criteria criteria;
+	criteria.index = 0;
+	criteria.key = NULL;
+	PL_HashTableEnumerateEntries(m_set, &CountLoop, &criteria);
+	return criteria.index;
+}
+
+TPS_PUBLIC char *NameValueSet::GetNameAt(int pos)
+{
+        Criteria criteria;
+	criteria.index = pos;
+	criteria.key = NULL;
+	PL_HashTableEnumerateEntries(m_set, &Loop, &criteria);
+	return criteria.key;
+}
+
+/**
+ * Checks if a key is defined. 
+ */
+TPS_PUBLIC int NameValueSet::IsNameDefined(const char *name)
+{ 
+	if (GetValue(name) == NULL) 
+		return 0; 
+	else 
+		return 1;
+}
+
+TPS_PUBLIC void NameValueSet::Add(const char *name, const char *value)
+{
+	if (IsNameDefined(name)) {
+	  PL_HashTableAdd(m_set, PL_strdup(name), PL_strdup(value));
+	} else {
+	  PL_HashTableAdd(m_set, PL_strdup(name), PL_strdup(value));
+	}
+}
+
+TPS_PUBLIC void NameValueSet::Remove(const char *name)
+{
+	if (IsNameDefined(name)) {
+	  PL_HashTableRemove(m_set, name);
+    }
+}
+
+TPS_PUBLIC char *NameValueSet::GetValue(const char *name)
+{ 
+	return (char *)PL_HashTableLookupConst(m_set, name);
+}
+
+/**
+ * Retrieves configuration value as integer.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsInt(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+          return 0;
+        return atoi(value);
+}
+
+/**
+ * Retrieves configuration value as integer. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsInt(const char *name, int def)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+          return def;
+        return atoi(value);
+}
+
+
+/**
+ * Retrieves configuration value as boolean.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsBool(const char *name)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+          return 0;
+        if (PL_CompareStrings("true", value) != 0)
+          return 1;
+        else
+          return 0;
+}
+
+/**
+ * Retrieves configuration value as boolean. If name is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC int NameValueSet::GetValueAsBool(const char *name, int def)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+                return def;
+        if (PL_CompareStrings("true", value) != 0)
+          return 1;
+        else
+          return 0;
+}
+
+/**
+ * Retrieves configuration value as string. If key is
+ * not defined, default value is returned.
+ */
+TPS_PUBLIC char *NameValueSet::GetValueAsString(const char *name, char *def)
+{
+        char *value = NULL;
+
+        value = (char *)GetValue(name);
+        if (value == NULL)
+                return def;
+        return value;
+}
+
+/**
+ * Retrieves configuration value as string.
+ */
+TPS_PUBLIC char *NameValueSet::GetValueAsString(const char *name)
+{
+        return (char *)GetValue(name);
+}
+
diff --git a/pki/base/tps/src/main/ObjectSpec.cpp b/pki/base/tps/src/main/ObjectSpec.cpp
new file mode 100644
index 000000000..2896a85f0
--- /dev/null
+++ b/pki/base/tps/src/main/ObjectSpec.cpp
@@ -0,0 +1,515 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "main/Buffer.h"
+#include "main/ObjectSpec.h"
+#include "engine/RA.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+ObjectSpec::ObjectSpec ()
+{
+        for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+              m_attributeSpec[i] = NULL;
+        }
+	m_fixedAttributes = 0;
+}
+
+ObjectSpec::~ObjectSpec ()
+{
+    for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+	      if (m_attributeSpec[i] != NULL) {
+	          delete m_attributeSpec[i];  
+	          m_attributeSpec[i] = NULL;
+	      }
+	}
+}
+
+#define DATATYPE_STRING       0
+#define DATATYPE_INTEGER      1
+#define DATATYPE_BOOL_FALSE   2
+#define DATATYPE_BOOL_TRUE    3
+
+/**
+ * Parse 'c' object.
+ */
+void ObjectSpec::ParseAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	int curpos = 7;
+	unsigned long fixedAttrs = 0;
+	unsigned int xclass = 0;
+	unsigned int id = 0;
+
+	/* skip first 7 bytes */
+
+	while (curpos < ((int)(b->size()))) {
+		unsigned long attribute_id = 
+			(((BYTE*)*b)[curpos] << 24) +
+			(((BYTE*)*b)[curpos+1] << 16) +
+			(((BYTE*)*b)[curpos+2] << 8) +
+			((BYTE*)*b)[curpos+3];
+		unsigned short attribute_size = 
+			(((BYTE*)*b)[curpos+4] << 8) +
+			((BYTE*)*b)[curpos+5];
+		BYTE type = 0;
+		Buffer data;
+		int found = 0;
+		/* modify fixed attributes */
+
+		switch (attribute_id) {
+		case CKA_TOKEN:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000080;
+			}
+			break;
+		case CKA_PRIVATE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000100;
+			} else {
+			}
+			break;
+		case CKA_MODIFIABLE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000200;
+			}
+			break;
+		case CKA_DERIVE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000400;
+			}
+			break;
+		case CKA_LOCAL:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00000800;
+			}
+			break;
+		case CKA_ENCRYPT:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00001000;
+			}
+			break;
+		case CKA_DECRYPT:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00002000;
+			}
+			break;
+		case CKA_WRAP:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00004000;
+			}
+			break;
+		case CKA_UNWRAP:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00008000;
+			}
+			break;
+		case CKA_SIGN:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00010000;
+			}
+			break;
+		case CKA_SIGN_RECOVER:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00020000;
+			}
+			break;
+		case CKA_VERIFY:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00040000;
+			}
+			break;
+		case CKA_VERIFY_RECOVER:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00080000;
+			}
+			break;
+		case CKA_SENSITIVE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00100000;
+			}
+			break;
+		case CKA_ALWAYS_SENSITIVE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00200000;
+			}
+			break;
+		case CKA_EXTRACTABLE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00400000;
+			}
+			break;
+		case CKA_NEVER_EXTRACTABLE:
+			if (((BYTE*)*b)[curpos+6]) {
+				fixedAttrs |= 0x00800000;
+			}
+			break;
+		case CKA_SUBJECT:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_LABEL:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			found = 1;
+			break;
+		case CKA_MODULUS:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_ID:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_KEY_TYPE:
+			type = DATATYPE_INTEGER;
+			data = b->substr(curpos+6, 4);
+			/* build by PKCS11 */
+			break;
+		case CKA_CLASS:
+			type = DATATYPE_INTEGER;
+			data = b->substr(curpos+6, 4);
+			xclass = ((BYTE*)data)[0];
+			/* build by PKCS11 */
+			break;
+		case CKA_PUBLIC_EXPONENT:
+			type = DATATYPE_STRING;
+			data = b->substr(curpos+6, attribute_size);
+			/* build by PKCS11 */
+			break;
+		case CKA_CERTIFICATE_TYPE:
+			type = DATATYPE_INTEGER;
+			data = b->substr(curpos+6, 4);
+			/* build by PKCS11 */
+			break;
+		default:
+			RA::Debug("ObjectSpec::ParseKeyBlob", 
+				"skipped attribute_id = %lx", 
+			attribute_id);
+			break;
+		}
+
+
+		if (found) {
+			/* add attribute spec */
+			AttributeSpec *attrSpec = new AttributeSpec();
+			attrSpec->SetAttributeID(attribute_id);
+			attrSpec->SetType(type);
+
+			switch (type) {
+			case DATATYPE_STRING:
+				attrSpec->SetData(data);
+				break;
+			case DATATYPE_INTEGER:
+				attrSpec->SetData(data);
+				break;
+			case DATATYPE_BOOL_FALSE:
+				break;
+			case DATATYPE_BOOL_TRUE:
+				break;
+			default:
+				break;
+			}
+
+			ObjectSpec->AddAttributeSpec(attrSpec);
+		}
+
+
+		curpos += 4 + 2 + attribute_size;
+	}
+
+        //Here the objectID fixed attribute gets massaged. Here's how:
+        // The objectID becomes the cert container id, ex: 01
+        // Each key pair associated with the cert must have the same ID.
+        // This is done by math using the following formula:
+        // Given a cert id of "2", the keyAttrIds of the keys are originally
+        // configured as k4 and k5. Note that one is twice the cert id, and
+        // the other is twice the cert id plus 1. In order to map the key ids
+        // down to the cert's id, the code below changes both "4" and "5" back
+        // to "2".
+
+	int val = (objectID[1] - '0');
+	switch (objectID[0]) {
+        case 'c':		
+		id = val;
+#if 0
+		fixedAttrs |= 
+				0x00000080 /* CKA_TOKEN */
+			;
+#endif
+		break;
+        case 'k':		
+		if (val % 2) {
+			id = (val-1)/2;
+		} else {
+			id = (val/2);
+		}
+#if 0
+		if (xclass == CKO_PUBLIC_KEY) {
+			fixedAttrs |= 
+				0x00000800 /* CKA_LOCAL */ |
+				0x00000080 /* CKA_TOKEN */ 
+				;
+		} 
+		if (xclass == CKO_PRIVATE_KEY) {
+			fixedAttrs |= 
+				0x00000800 /* CKA_LOCAL */ |
+				0x00000080 /* CKA_TOKEN */ 
+				;
+		} 
+#endif
+		break;
+	}
+
+	ObjectSpec->SetFixedAttributes(fixedAttrs | (xclass << 4) | id);
+}
+
+/**
+ * Parse 'c' object.
+ */
+void ObjectSpec::ParseCertificateAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	ParseAttributes(objectID, ObjectSpec, b);
+}
+
+/**
+ * Parse 'k' object.
+ */
+void ObjectSpec::ParseKeyAttributes(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	ParseAttributes(objectID, ObjectSpec, b);
+}
+
+/**
+ * Parse 'C' object.
+ */
+void ObjectSpec::ParseCertificateBlob(char *objectID, ObjectSpec *ObjectSpec, Buffer *b)
+{
+	unsigned long fixedAttrs = 0;
+	unsigned int xclass = 0;
+	unsigned int id = 0;
+
+	AttributeSpec *value = new AttributeSpec();
+	value->SetAttributeID(CKA_VALUE);
+	value->SetType(DATATYPE_STRING);
+	value->SetData(*b);
+	ObjectSpec->AddAttributeSpec(value);
+
+	fixedAttrs = 0x00000080; /* CKA_TOKEN */
+	xclass = CKO_CERTIFICATE;
+	id = objectID[1] - '0';
+
+	ObjectSpec->SetFixedAttributes(fixedAttrs| (xclass << 4) | id);
+}
+
+/**
+ * Convert object from token into object spec.
+ *
+ * Reference:
+ * http://netkey/design/applet_readable_object_spec-0.1.txt
+ * http://netkey/design/pkcs11obj.txt
+ */
+ObjectSpec *ObjectSpec::ParseFromTokenData(unsigned long objid, Buffer *b)
+{
+        char objectID[4];
+
+        ObjectSpec *o = new ObjectSpec();
+	o->SetObjectID(objid);
+
+	objectID[0] = (char)((objid >> 24) & 0xff); 
+	objectID[1] = (char)((objid >> 16) & 0xff); 
+	objectID[2] = (char)((objid >> 8) & 0xff); 
+	objectID[3] = (char)((objid) & 0xff); 
+
+	switch (objectID[0]) {
+		case 'c': /* certificate attributes */
+			ParseCertificateAttributes(objectID, o, b);
+			break;
+		case 'k': /* public key or private key attributes */
+			ParseKeyAttributes(objectID, o, b);
+			break;
+		case 'C': /* certificate in DER */
+			ParseCertificateBlob(objectID, o, b);
+			break;
+		default: 
+			RA::Debug("ObjectSpec::ParseKeyBlob", 
+				"unknown objectID = %c", objectID[0]);
+			/* error */
+			break;
+	}
+
+	return o;
+}
+
+ObjectSpec *ObjectSpec::Parse(Buffer *b, int offset, int *nread)
+{
+	int sum = 0;
+
+
+        if((b->size() - offset) < 10)
+            return NULL;
+        
+        ObjectSpec *o = new ObjectSpec();
+	unsigned long id = 
+		(((unsigned char *)*b)[offset + 0] << 24) + 
+		(((unsigned char *)*b)[offset + 1] << 16) + 
+		(((unsigned char *)*b)[offset + 2] << 8) + 
+		(((unsigned char *)*b)[offset + 3]);
+
+	o->SetObjectID(id);
+	unsigned long attribute = 
+		(((unsigned char *)*b)[offset + 4] << 24) + 
+		(((unsigned char *)*b)[offset + 5] << 16) + 
+		(((unsigned char *)*b)[offset + 6] << 8) + 
+		(((unsigned char *)*b)[offset + 7]);
+	o->SetFixedAttributes(attribute);
+	unsigned short count = (((unsigned char *)*b)[offset + 8] << 8) + 
+		((unsigned char *)*b)[offset + 9];
+	sum += 10;
+	int curpos = offset + 10;
+	for (int i = 0; i < count; i++) {
+		int len = 0;
+		switch (((unsigned char *)*b)[curpos+4]) {
+                case DATATYPE_STRING:
+			len = 4 + 1 + 2 + (((unsigned char *)*b)[curpos+5]<<8) + ((unsigned char *)*b)[curpos+6];
+			break;
+                case DATATYPE_INTEGER:
+			len = 4 + 1 + 4;
+			break;
+                case DATATYPE_BOOL_FALSE:
+			len = 4 + 1;
+			break;
+                case DATATYPE_BOOL_TRUE:
+			len = 4 + 1;
+			break;
+		}
+		Buffer attr = b->substr(curpos, len);
+		AttributeSpec *attrSpec = AttributeSpec::Parse(&attr, 0);
+		o->AddAttributeSpec(attrSpec);
+		curpos += len;
+		sum += len;
+	}
+	*nread = sum;
+        return o;
+}
+
+void ObjectSpec::SetObjectID(unsigned long v)
+{
+	m_objectID = v;
+}
+
+unsigned long ObjectSpec::GetObjectID()
+{
+	return m_objectID;
+}
+
+void ObjectSpec::SetFixedAttributes(unsigned long v)
+{
+	m_fixedAttributes = v;
+}
+
+unsigned long ObjectSpec::GetFixedAttributes()
+{
+	return m_fixedAttributes;
+}
+
+
+int ObjectSpec::GetAttributeSpecCount()
+{
+        for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+                if (m_attributeSpec[i] == NULL) {
+                        return i;
+                }
+        }
+        return 0;
+}
+
+AttributeSpec *ObjectSpec::GetAttributeSpec(int p)
+{
+        if (p < MAX_ATTRIBUTE_SPEC) {
+                if (m_attributeSpec[p] != NULL) {
+                        return m_attributeSpec[p];
+                }
+        }
+        return NULL;
+}
+
+void ObjectSpec::AddAttributeSpec(AttributeSpec *p)
+{
+        for (int i = 0; i < MAX_ATTRIBUTE_SPEC; i++) {
+                if (m_attributeSpec[i] == NULL) {
+                        m_attributeSpec[i] = p;
+                        return;
+                }
+        }
+}
+
+void ObjectSpec::RemoveAttributeSpec(int p)
+{
+        if (p < MAX_ATTRIBUTE_SPEC) {
+                if (m_attributeSpec[p] != NULL) {
+                        delete m_attributeSpec[p];
+                        m_attributeSpec[p] = NULL;
+                }
+                // fill hole
+                int empty = p;
+                for (int x = p+1; x < MAX_ATTRIBUTE_SPEC; x++) {
+                        if (m_attributeSpec[x] != NULL) {
+                                m_attributeSpec[empty] = m_attributeSpec[x];
+                                m_attributeSpec[x] = NULL;
+                                empty++;
+                        }
+                }
+        }
+
+}
+
+Buffer ObjectSpec::GetData()
+{
+	Buffer data = Buffer();
+
+	data += Buffer(1, (BYTE)(m_objectID >> 24) & 0xff);
+	data += Buffer(1, (BYTE)(m_objectID >> 16) & 0xff);
+	data += Buffer(1, (BYTE)(m_objectID >> 8) & 0xff);
+	data += Buffer(1, (BYTE)(m_objectID & 0xff));
+	data += Buffer(1, (BYTE)(m_fixedAttributes >> 24) & 0xff);
+	data += Buffer(1, (BYTE)(m_fixedAttributes >> 16) & 0xff);
+	data += Buffer(1, (BYTE)(m_fixedAttributes >> 8) & 0xff);
+	data += Buffer(1, (BYTE)(m_fixedAttributes & 0xff));
+
+	unsigned short attributeCount = GetAttributeSpecCount();
+	data += Buffer(1, (attributeCount >> 8) & 0xff);
+	data += Buffer(1, attributeCount & 0xff);
+	for (int i = 0; i < attributeCount; i++) {
+		AttributeSpec *spec = GetAttributeSpec(i);
+		data += spec->GetData();
+	}
+
+	return data;
+}
diff --git a/pki/base/tps/src/main/PKCS11Obj.cpp b/pki/base/tps/src/main/PKCS11Obj.cpp
new file mode 100644
index 000000000..061dc7a91
--- /dev/null
+++ b/pki/base/tps/src/main/PKCS11Obj.cpp
@@ -0,0 +1,491 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "pk11func.h"
+#include "zlib.h"
+#include "engine/RA.h"
+#include "main/Buffer.h"
+#include "main/PKCS11Obj.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+PKCS11Obj::PKCS11Obj ()
+{
+	for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+			m_objSpec[i] = NULL;
+	}
+}
+
+PKCS11Obj::~PKCS11Obj ()
+{
+	for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+		if (m_objSpec[i] != NULL) {
+			delete m_objSpec[i];
+			m_objSpec[i] = NULL;
+		}
+	}
+}
+
+PKCS11Obj *PKCS11Obj::Parse(Buffer *b, int offset)
+{
+	PKCS11Obj *o = new PKCS11Obj();
+
+	unsigned short formatVersion = (((BYTE *)*b)[offset + 0] << 8) + 
+		(((BYTE *)*b)[offset + 1]);
+	o->SetFormatVersion(formatVersion);
+	unsigned short objectVersion = (((BYTE *)*b)[offset + 2] << 8) + 
+
+		(((BYTE *)*b)[offset + 3]);
+	o->SetObjectVersion(objectVersion);
+	o->SetCUID(b->substr(offset + 4, 10));
+
+	unsigned short compressionType = 
+		(((BYTE *)*b)[offset + 14] << 8) + (((BYTE *)*b)[offset + 15]);
+	unsigned short compressedDataSize = 
+		(((BYTE *)*b)[offset + 16] << 8) + (((BYTE *)*b)[offset + 17]);
+#if 0
+	unsigned short compressedDataOffset = 
+		(unsigned short)(((unsigned char *)*b)[offset + 18] << 8) + (((unsigned char *)*b)[offset + 19]);
+#endif
+
+	Buffer data;
+       	if (compressionType == 0) { /* no compression */
+           data = b->substr(offset + 20, compressedDataSize);
+       	} else if (compressionType == 1) { /* zlib */
+           Buffer compressedData = b->substr(offset + 20, compressedDataSize);
+
+#define MAX_UNCOMPRESS_SIZE 20000
+	   unsigned char buf[MAX_UNCOMPRESS_SIZE];
+           int rc = 0;
+           uLong len = MAX_UNCOMPRESS_SIZE;
+           rc = uncompress((Bytef*)buf, (uLongf*)&len, 
+			   (Bytef*)((BYTE*)compressedData), 
+			   (uLong)compressedData.size());
+           RA::Debug("PKCS11Obj::Parse","uncompress ret=%d",rc);
+	   data = Buffer(buf,(unsigned int) len);
+       	} else {
+		/* error */
+       	}
+
+
+	unsigned short objOffset = (((BYTE *)data)[0] << 8) + 
+		((BYTE *)data)[1];
+	unsigned short objCount = (((BYTE *)data)[2] << 8) + 
+		((BYTE *)data)[3];
+	Buffer tokenName = data.substr(5, ((BYTE *)data)[4]);
+	o->SetTokenName(tokenName);
+
+        RA::Debug("PKCS11Obj::Parse", "objcount = %d", objCount);
+
+	int curpos = (int)objOffset;
+	int nread = 0;
+	for (int i = 0; i < objCount; i++) {
+                RA::Debug("PKCS11Obj::Parse", "working on object %d", i);                
+		ObjectSpec *objSpec = ObjectSpec::Parse(&data, curpos, &nread);
+                if(!objSpec)
+                    continue;
+		o->AddObjectSpec(objSpec);
+
+		unsigned long oid = objSpec->GetObjectID();
+		char b[2];
+
+		b[0] = (char)((oid >> 24) & 0xff);
+		b[1] = (char)((oid >> 16) & 0xff);
+
+                RA::Debug("PKCS11Obj::Parse", "About to parse = %c%c", b[0],b[1]);
+
+		// add corresponding 'C' object for 'c'
+	        if (b[0] == 'c') { 
+			for (int j = 0; j < objSpec->GetAttributeSpecCount();
+						j++) {
+				AttributeSpec *as = objSpec->GetAttributeSpec(j);
+				if (as->GetAttributeID() == CKA_VALUE) {
+				  if (as->GetType() == (BYTE) 0) {
+                                        Buffer cert = as->GetValue();
+
+					unsigned long certid = 
+						('C' << 24) + (b[1] << 16);
+					ObjectSpec *certSpec = 
+						ObjectSpec::ParseFromTokenData(
+						certid, &cert);
+					o->AddObjectSpec(certSpec);
+
+					objSpec->RemoveAttributeSpec(j);
+					break;
+				  }
+				}
+			}
+
+		}	
+
+		Buffer objSpecData = objSpec->GetData();
+		curpos += nread;
+	}
+
+	return o;
+}
+
+
+void PKCS11Obj::SetFormatVersion(unsigned short v)
+{
+	m_formatVersion = v;
+}
+
+void PKCS11Obj::SetObjectVersion(unsigned short v)
+{
+	m_objectVersion = v;
+}
+
+unsigned short PKCS11Obj::GetFormatVersion()
+{
+	return m_formatVersion;
+}
+
+unsigned short PKCS11Obj::GetObjectVersion()
+{
+	return m_objectVersion;
+}
+
+void PKCS11Obj::SetCUID(Buffer CUID)
+{
+	m_CUID = CUID;
+}
+
+Buffer PKCS11Obj::GetCUID()
+{
+	return m_CUID;
+}
+
+void PKCS11Obj::SetTokenName(Buffer tokenName)
+{
+	m_tokenName = tokenName;
+}
+
+Buffer PKCS11Obj::GetTokenName()
+{
+	return m_tokenName;
+}
+
+int PKCS11Obj::GetObjectSpecCount()
+{
+	for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+		if (m_objSpec[i] == NULL) {
+			return i;
+		}
+	}
+        return 0;
+}
+
+ObjectSpec *PKCS11Obj::GetObjectSpec(int p)
+{
+	if (p < MAX_OBJECT_SPEC) {
+		if (m_objSpec[p] != NULL) {
+			return m_objSpec[p];
+		}
+	}
+        return NULL;
+}
+
+void PKCS11Obj::AddObjectSpec(ObjectSpec *p)
+{
+        for (int i = 0; i < MAX_OBJECT_SPEC; i++) {
+		if (m_objSpec[i] == NULL) {
+			m_objSpec[i] = p;
+			return;
+		} else {
+			// check duplicated
+		        if (p->GetObjectID() == m_objSpec[i]->GetObjectID()) {
+				delete m_objSpec[i];
+				m_objSpec[i] = p;
+				return;
+			}	
+		}
+	}
+}
+
+void PKCS11Obj::RemoveObjectSpec(int p)
+{
+	if (p < MAX_OBJECT_SPEC) {
+		if (m_objSpec[p] != NULL) {
+			delete m_objSpec[p];
+			m_objSpec[p] = NULL;
+		}
+		// fill hole
+		int empty = p;
+	        for (int x = p+1; x < MAX_OBJECT_SPEC; x++) {
+			if (m_objSpec[x] != NULL) {
+				m_objSpec[empty] = m_objSpec[x];
+				m_objSpec[x] = NULL;
+				empty++;
+			}
+		}	
+	}
+}
+
+Buffer PKCS11Obj::GetData()
+{
+	Buffer data = Buffer();
+
+	unsigned short objectOffset = m_tokenName.size() + 2 + 3;
+	data += Buffer(1, (objectOffset >> 8) & 0xff);
+	data += Buffer(1, objectOffset & 0xff);
+	unsigned short objectCount = GetObjectSpecCount();
+	unsigned short objectCountX = objectCount;
+	if (objectCountX == 0) {
+		objectCountX = 0;
+	} else {
+		objectCountX = objectCountX - (objectCountX / 4);
+	}
+	data += Buffer(1, (objectCountX >> 8) & 0xff);
+	data += Buffer(1, objectCountX & 0xff);
+	data += Buffer(1, m_tokenName.size() & 0xff);
+	data += m_tokenName;
+	for (int i = 0; i < objectCount; i++) {
+	    ObjectSpec *spec = GetObjectSpec(i);
+	    unsigned long objectID = spec->GetObjectID();
+	    char c = (char)((objectID >> 24) & 0xff);
+	    unsigned long fixedAttrs = spec->GetFixedAttributes();
+	    unsigned int xclass = (fixedAttrs & 0x70) >> 4;
+            char cont_id = (char) ((objectID >> 16) & 0xff);
+	    unsigned int id = (fixedAttrs & 0x0f);
+	    /* locate all certificate objects */
+	    if (c == 'c' && xclass == CKO_CERTIFICATE) {
+
+                //We need to use the container id, there may be more than one cert
+                //with the same CKA_ID byte
+
+                id = (unsigned int) (cont_id - '0');
+
+		/* locate the certificate object */
+	        for (int u = 0; u < objectCount; u++) {
+	    		ObjectSpec *u_spec = GetObjectSpec(u);
+	    		unsigned long u_objectID = u_spec->GetObjectID();
+	    		char u_c = (char)((u_objectID >> 24) & 0xff);
+	    		unsigned long u_fixedAttrs = 
+				u_spec->GetFixedAttributes();
+	    		unsigned int u_xclass = (u_fixedAttrs & 0x70) >> 4;
+	    		unsigned int u_id = (u_fixedAttrs & 0x0f);
+	    		if (u_c == 'C' && u_xclass == CKO_CERTIFICATE && u_id == id) {
+	    			AttributeSpec * u_attr = 
+					u_spec->GetAttributeSpec(0);
+	    		AttributeSpec * n_attr = new AttributeSpec();
+                n_attr->SetAttributeID(u_attr->GetAttributeID());
+                n_attr->SetType(u_attr->GetType());
+                n_attr->SetData(u_attr->GetValue());
+				spec->AddAttributeSpec(n_attr);
+			}
+		}
+
+	    	data += spec->GetData();
+
+		/* locate public object */
+	        for (int x = 0; x < objectCount; x++) {
+	    		ObjectSpec *x_spec = GetObjectSpec(x);
+	    		unsigned long x_fixedAttrs = 
+				x_spec->GetFixedAttributes();
+	    		unsigned int x_xclass = (x_fixedAttrs & 0x70) >> 4;
+	    		unsigned int x_id = (x_fixedAttrs & 0x0f);
+	    		if (x_xclass == CKO_PUBLIC_KEY && x_id == id) {
+	    			data += x_spec->GetData();
+			}
+		}
+
+		/* locate private object */
+	        for (int y = 0; y < objectCount; y++) {
+	    		ObjectSpec *y_spec = GetObjectSpec(y);
+	    		unsigned long y_fixedAttrs = 
+				y_spec->GetFixedAttributes();
+	    		unsigned int y_xclass = (y_fixedAttrs & 0x70) >> 4;
+	    		unsigned int y_id = (y_fixedAttrs & 0x0f);
+	    		if (y_xclass == CKO_PRIVATE_KEY && y_id == id) {
+	    			data += y_spec->GetData();
+			}
+		}
+	    }
+	}
+
+	Buffer header = Buffer();
+	header += Buffer(1, (m_formatVersion >> 8) & 0xff);
+	header += Buffer(1, m_formatVersion & 0xff);
+	header += Buffer(1, (m_objectVersion >> 8) & 0xff);
+	header += Buffer(1, m_objectVersion & 0xff);
+	header += m_CUID;
+	// COMP_NONE = 0x00
+	// COMP_ZLIB = 0x01
+	unsigned short compressionType = 0x00;
+	header += Buffer(1, (compressionType >> 8) & 0xff);
+	header += Buffer(1, compressionType & 0xff);
+	unsigned short compressedDataSize = data.size();
+	header += Buffer(1, (compressedDataSize >> 8) & 0xff);
+	header += Buffer(1, compressedDataSize & 0xff);
+	unsigned short compressedDataOffset = 20;
+	header += Buffer(1, (compressedDataOffset >> 8) & 0xff);
+	header += Buffer(1, compressedDataOffset & 0xff);
+
+	return header + data;
+}
+
+Buffer PKCS11Obj::GetCompressedData()
+{
+	Buffer data = Buffer();
+        Buffer error = Buffer(0);
+
+	unsigned short objectOffset = m_tokenName.size() + 2 + 3;
+	data += Buffer(1, (objectOffset >> 8) & 0xff);
+	data += Buffer(1, objectOffset & 0xff);
+	unsigned short objectCount = GetObjectSpecCount();
+	unsigned short objectCountX = objectCount;
+	if (objectCountX == 0) {
+		objectCountX = 0;
+	} else {
+		objectCountX = objectCountX - (objectCountX / 4);
+	}
+	data += Buffer(1, (objectCountX >> 8) & 0xff);
+	data += Buffer(1, objectCountX & 0xff);
+	data += Buffer(1, m_tokenName.size() & 0xff);
+	data += m_tokenName;
+        RA::Debug("PKCS11Obj::GetCompressedData", "object count = %d", objectCount);
+	for (int i = 0; i < objectCount; i++) {
+	    ObjectSpec *spec = GetObjectSpec(i);
+	    unsigned long objectID = spec->GetObjectID();
+            RA::Debug("PKCS11Obj::GetCompressedData", "objid = %lu", objectID);
+	    char c = (char)((objectID >> 24) & 0xff);
+	    unsigned long fixedAttrs = spec->GetFixedAttributes();
+	    unsigned int xclass = (fixedAttrs & 0x70) >> 4;
+            char cont_id = (char) ((objectID >> 16) & 0xff);
+	    unsigned int id = (fixedAttrs & 0x0f);
+
+	    /* locate all certificate objects */
+	    if (c == 'c' && xclass == CKO_CERTIFICATE) {
+
+                //We need to use the container id, there may be more than one cert
+                //with the same CKA_ID byte
+
+                id = (unsigned int) (cont_id - '0');
+
+		/* locate the certificate object */
+	        for (int u = 0; u < objectCount; u++) {
+	    		ObjectSpec *u_spec = GetObjectSpec(u);
+	    		unsigned long u_objectID = u_spec->GetObjectID();
+	    		char u_c = (char)((u_objectID >> 24) & 0xff);
+	    		unsigned long u_fixedAttrs = 
+				u_spec->GetFixedAttributes();
+	    		unsigned int u_xclass = (u_fixedAttrs & 0x70) >> 4;
+	    		unsigned int u_id = (u_fixedAttrs & 0x0f);
+                        char cont_u_id = (char) ((u_objectID >>  16) & 0xff);
+	    		if (u_c == 'C' && u_xclass == CKO_CERTIFICATE && u_id == id) {
+                            RA::Debug("PKCS11Obj::GetCompressedData", "located Certificate id = %d cont_u_id = %c", u_id,cont_u_id);
+	    			AttributeSpec * u_attr = 
+					u_spec->GetAttributeSpec(0);
+	    		AttributeSpec * n_attr = new AttributeSpec();
+                n_attr->SetAttributeID(u_attr->GetAttributeID());
+                n_attr->SetType(u_attr->GetType());
+                n_attr->SetData(u_attr->GetValue());
+				spec->AddAttributeSpec(n_attr);
+			}
+		}
+
+		/* output certificate attribute object */
+	    	data += spec->GetData();
+
+		/* locate public object */
+	        for (int x = 0; x < objectCount; x++) {
+	    		ObjectSpec *x_spec = GetObjectSpec(x);
+	    		unsigned long x_fixedAttrs = 
+				x_spec->GetFixedAttributes();
+	    		unsigned int x_xclass = (x_fixedAttrs & 0x70) >> 4;
+	    		unsigned int x_id = (x_fixedAttrs & 0x0f);
+	    		if (x_xclass == CKO_PUBLIC_KEY && x_id == id) {
+                                RA::Debug("PKCS11Obj::GetCompressedData", "located Public Key = %d", x_id);
+	    			data += x_spec->GetData();
+			}
+
+		}
+
+		/* locate private object */
+	        for (int y = 0; y < objectCount; y++) {
+	    		ObjectSpec *y_spec = GetObjectSpec(y);
+	    		unsigned long y_fixedAttrs = 
+				y_spec->GetFixedAttributes();
+	    		unsigned int y_xclass = (y_fixedAttrs & 0x70) >> 4;
+	    		unsigned int y_id = (y_fixedAttrs & 0x0f);
+	    		if (y_xclass == CKO_PRIVATE_KEY && y_id == id) {
+                                RA::Debug("PKCS11Obj::GetCompressedData", "located Private Key = %d", y_id);
+	    			data += y_spec->GetData();
+			}
+		}
+	    }
+	}
+
+#define MAX_COMPRESS_SIZE 50000 
+	char buffer[MAX_COMPRESS_SIZE];
+	unsigned long len = MAX_COMPRESS_SIZE ;
+
+    int rc = 0;
+  
+    RA::Debug("PKCS11Obj", "before compress length = %d", len);
+
+    BYTE *src_buffer = (BYTE*)data;
+
+    RA::Debug("PKCS11Obj", "sizeof src_buffer = %d", sizeof(src_buffer));
+    RA::Debug("PKCS11Obj", "data size = %d", data.size());
+
+    rc = compress((Bytef*)buffer, (uLongf*)&len, (Bytef*)src_buffer,
+               (uLong)data.size());
+
+
+    if(rc != Z_OK) {
+        RA::Debug("PKCS11Obj", "failure compressing data, possibly buffer overrun! Error: %d ",rc);
+
+        return error;
+    }
+
+    RA::Debug("PKCS11Obj", "after compress length = %d", len);
+    RA::Debug("PKCS11Obj", "rc = %d", rc);
+
+	Buffer compressedData = Buffer((BYTE*)buffer, len);
+
+	Buffer header = Buffer();
+	header += Buffer(1, (m_formatVersion >> 8) & 0xff);
+	header += Buffer(1, m_formatVersion & 0xff);
+	header += Buffer(1, (m_objectVersion >> 8) & 0xff);
+	header += Buffer(1, m_objectVersion & 0xff);
+	header += m_CUID;
+	// COMP_NONE = 0x00
+	// COMP_ZLIB = 0x01
+	unsigned short compressionType = 0x01;
+	header += Buffer(1, (compressionType >> 8) & 0xff);
+	header += Buffer(1, compressionType & 0xff);
+	unsigned short compressedDataSize = compressedData.size();
+	header += Buffer(1, (compressedDataSize >> 8) & 0xff);
+	header += Buffer(1, compressedDataSize & 0xff);
+	unsigned short compressedDataOffset = 20;
+	header += Buffer(1, (compressedDataOffset >> 8) & 0xff);
+	header += Buffer(1, compressedDataOffset & 0xff);
+
+	return header + compressedData;
+}
+
diff --git a/pki/base/tps/src/main/RA_Context.cpp b/pki/base/tps/src/main/RA_Context.cpp
new file mode 100644
index 000000000..e3a66cdbb
--- /dev/null
+++ b/pki/base/tps/src/main/RA_Context.cpp
@@ -0,0 +1,56 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/RA_Msg.h"
+#include "main/RA_Context.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a session that represents the
+ * connection between RA and the netkey client.
+ */
+TPS_PUBLIC RA_Context::RA_Context ()
+{
+}
+
+/**
+ * Destructs the session.
+ */
+TPS_PUBLIC RA_Context::~RA_Context ()
+{
+}
+
+void RA_Context::LogError(const char *func, int line, const char *fmt,...)
+{
+}
+
+void RA_Context::LogInfo(const char *func, int line, const char *fmt,...)
+{
+}
+
+void RA_Context::InitializationError(const char *func, int line)
+{
+}
+
diff --git a/pki/base/tps/src/main/RA_Msg.cpp b/pki/base/tps/src/main/RA_Msg.cpp
new file mode 100644
index 000000000..d54db69fb
--- /dev/null
+++ b/pki/base/tps/src/main/RA_Msg.cpp
@@ -0,0 +1,45 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "main/RA_Msg.h"
+#include "main/Memory.h"
+
+/**
+ * Constructs a message that represents the
+ * message between RA and the netkey client.
+ */
+RA_Msg::RA_Msg ()
+{
+}
+
+/**
+ * Destructs the message.
+ */
+RA_Msg::~RA_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+RA_Msg_Type RA_Msg::GetType ()
+{
+	return MSG_UNDEFINED;
+}
diff --git a/pki/base/tps/src/main/RA_Session.cpp b/pki/base/tps/src/main/RA_Session.cpp
new file mode 100644
index 000000000..57f7e4efa
--- /dev/null
+++ b/pki/base/tps/src/main/RA_Session.cpp
@@ -0,0 +1,75 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a session that represents the
+ * connection between RA and the netkey client.
+ */
+TPS_PUBLIC RA_Session::RA_Session ()
+{
+}
+
+/**
+ * Destructs the session.
+ */
+TPS_PUBLIC RA_Session::~RA_Session ()
+{
+}
+
+char *RA_Session::GetRemoteIP()
+{
+	return NULL;
+}
+
+RA_pblock *RA_Session::create_pblock( char *data )
+{
+    // Since this method is virtual,
+    // report an error if no subclass method has been defined.
+    RA::Error( "RA_pblock::find_val",
+               "No subclass method has been defined for this virtual method!" );
+	return NULL;
+}
+
+/**
+ * Reads a message that is sent by 
+ * the client.
+ */
+RA_Msg *RA_Session::ReadMsg()
+{
+	return NULL;
+}
+
+/**
+ * Sends a message to the client.
+ */
+void RA_Session::WriteMsg(RA_Msg *msg)
+{
+}
diff --git a/pki/base/tps/src/main/RA_pblock.cpp b/pki/base/tps/src/main/RA_pblock.cpp
new file mode 100644
index 000000000..e59e4c7f1
--- /dev/null
+++ b/pki/base/tps/src/main/RA_pblock.cpp
@@ -0,0 +1,176 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "prmem.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+#include <string.h>
+#include "engine/RA.h"
+#include "main/Buffer.h"
+#include "main/Memory.h"
+#include "main/Util.h"
+#include "main/RA_pblock.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC RA_pblock::RA_pblock( int tm_nargs, Buffer_nv** tm_nvs )
+{
+    m_nargs = tm_nargs;
+
+    if( tm_nvs != NULL ) {
+        for( int i = 0; i < MAX_NVS; i++ ) {
+            m_nvs[i] = tm_nvs[i];
+        }
+    } else {
+        for( int i = 0; i < MAX_NVS; i++ ) {
+            m_nvs[i] = NULL;
+        }
+    }
+}
+
+TPS_PUBLIC RA_pblock::~RA_pblock()
+{
+    free_pblock();
+}
+
+Buffer_nv **RA_pblock::GetNVs()
+{
+    return m_nvs;
+}
+
+// returns url-decoded value
+TPS_PUBLIC Buffer *RA_pblock::find_val( const char * name )
+{
+    for( int i = 0; i < m_nargs; i++ ) {
+        if( i >= MAX_NVS ) {
+          continue;
+        }
+
+        if( ( m_nvs[i] == NULL )       ||
+            ( m_nvs[i]->name == NULL ) ||
+            ( m_nvs[i]->value == NULL ) ) {
+            continue;
+        }
+
+        if( PR_CompareStrings( m_nvs[i]->name, name ) == 1 ) {
+            return m_nvs[i]->value;
+        }
+    }
+
+    return NULL;
+}
+
+TPS_PUBLIC char *RA_pblock::get_name( int i )
+{
+    return m_nvs[i]->name; 
+}
+
+TPS_PUBLIC int RA_pblock::get_num_of_names()
+{
+    return m_nargs;
+}
+
+// returns non-urldecoded value
+TPS_PUBLIC char* RA_pblock::find_val_s( const char * name )
+{
+    RA::Debug( LL_PER_PDU, "RA_pblock::find_val_s",
+               "searching for name= %s", name );
+
+    int end = m_nargs;
+
+    if( MAX_NVS < m_nargs ) {
+        RA::Error( "RA_pblock::find_val_s",
+                   "MAX_NVS too small, needs increasing... "
+                   "m_nargs= %d, MAX_NVS=%d", m_nargs, MAX_NVS );
+        end = MAX_NVS;
+    }
+
+    for( int i = 0; i < end; i++ ) {
+        if( ( m_nvs[i] == NULL )       ||
+            ( m_nvs[i]->name == NULL ) ||
+            ( m_nvs[i]->value_s == NULL ) ) {
+            continue;
+        }
+
+        /* RA::Debug( LL_PER_PDU, "RA_pblock::find_val_s", */
+        /*            "found %s", m_nvs[i]->name );        */
+
+        if( PR_CompareStrings( m_nvs[i]->name, name ) == 1 ) {
+            return m_nvs[i]->value_s;
+        }
+    }
+
+    return NULL;
+}
+
+void RA_pblock::free_pblock()
+{
+    RA::Debug( LL_PER_PDU, "RA_pblock::free_pblock", "in free_pblock" );
+
+    int end = m_nargs;
+
+    if( MAX_NVS < m_nargs ) {
+        RA::Error( "RA_pblock::free_pblock",
+                   "MAX_NVS too small, needs increasing... "
+                   "m_nargs= %d, MAX_NVS=%d", m_nargs, MAX_NVS );
+        end = MAX_NVS;
+    }
+
+    for( int i = 0; i < end ; i++ ) {
+        if( m_nvs[i] == NULL ) {
+            continue;
+        }
+
+        if( m_nvs[i]->value ) {
+            delete( m_nvs[i]->value );
+            m_nvs[i]->value = NULL;
+        }
+
+        if( m_nvs[i]->value_s ) {
+            PL_strfree( m_nvs[i]->value_s );
+            m_nvs[i]->value_s = NULL;
+        }
+
+        if( m_nvs[i]->name != NULL ) {
+            PL_strfree( m_nvs[i]->name );
+            m_nvs[i]->name = NULL;
+        }
+
+        if( m_nvs[i] != NULL ) {
+            PR_Free( m_nvs[i] );
+            m_nvs[i] = NULL;
+        }
+    }
+
+    RA::Debug( LL_PER_PDU, "RA_pblock::free_pblock", "in free_pblock done" );
+}
+
diff --git a/pki/base/tps/src/main/RollingLogFile.cpp b/pki/base/tps/src/main/RollingLogFile.cpp
new file mode 100644
index 000000000..692a94334
--- /dev/null
+++ b/pki/base/tps/src/main/RollingLogFile.cpp
@@ -0,0 +1,493 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#ifdef __cplusplus
+}
+#endif
+
+#include "main/ConfigStore.h"
+#include "engine/RA.h"
+#include "main/RA_Context.h"
+#include "main/LogFile.h"
+#include "main/RollingLogFile.h"
+
+const char *RollingLogFile::CFG_MAX_FILE_SIZE=       "maxFileSize";
+const char *RollingLogFile::CFG_ROLLOVER_INTERVAL=   "rolloverInterval";
+const char *RollingLogFile::CFG_EXPIRATION_INTERVAL= "expirationTime";
+const int RollingLogFile::MAX_SLEEP = 21600; /* 6 hours */
+
+RollingLogFile::RollingLogFile() :
+    m_max_file_size(2000),
+    m_rollover_interval(0), 
+    m_expiration_time(0), 
+    m_expiration_sleep_time(0),
+    m_rotation_needed(false),
+    m_rollover_thread(NULL),
+    m_expiration_thread(NULL) { }
+
+int RollingLogFile::startup(RA_Context *ctx, const char* prefix, const char *fname, bool signed_audit) 
+{
+    char configname[256];
+
+    if (ctx == NULL) {
+        return PR_FAILURE;
+    }
+
+    if (fname == NULL) {
+        ctx->LogError("RollingLogFile::startup", 
+                      __LINE__, 
+                      "startup error, fname is  NULL");
+        return PR_FAILURE;
+    }
+
+    if (prefix == NULL) {
+        ctx->LogError("RollingLogFile::startup", 
+                      __LINE__, 
+                      "startup error for file %s: prefix is NULL", 
+                      fname);
+        return PR_FAILURE;
+    }
+
+    ConfigStore* store = RA::GetConfigStore();
+
+    if (store == NULL) {
+        ctx->LogError("RollingLogFile::startup", 
+                      __LINE__,
+                      "Error in obtaining config store to set up rolling log for %s",
+                      fname);
+        return PR_FAILURE;
+    }
+ 
+    PR_snprintf((char *)configname, 256, "%s.%s", prefix, CFG_MAX_FILE_SIZE);
+    m_max_file_size = store->GetConfigAsInt(configname, 2000); /* 2 MB */
+
+    PR_snprintf((char *)configname, 256, "%s.%s", prefix, CFG_ROLLOVER_INTERVAL);
+    m_rollover_interval = store->GetConfigAsInt(configname, 2592000);  /* 30 days */
+     
+    PR_snprintf((char *)configname, 256, "%s.%s", prefix, CFG_EXPIRATION_INTERVAL);
+    m_expiration_time = store->GetConfigAsInt(configname, 0); /* disabled, by default */
+
+    m_rollover_thread = (PRThread *) NULL;
+    m_expiration_thread = (PRThread*) NULL;
+    m_rotation_needed = false;
+    
+    LogFile::startup(ctx, prefix, fname, signed_audit);
+
+    m_ctx->LogInfo( "RollingLogFile::startup",
+                     __LINE__,
+                     "thread = 0x%lx: Rolling log file %s startup complete",
+                     PR_GetCurrentThread(), m_fname);
+    return PR_SUCCESS; 
+}
+
+void RollingLogFile::shutdown()
+{
+    m_ctx->LogInfo( "RollingLogFile::shutdown",
+                     __LINE__,
+                     "thread = 0x%lx: Rolling log file %s shutting down",
+                     PR_GetCurrentThread(), m_fname);
+
+    // interrupt and join threads
+
+    set_expiration_time(0);
+    if (m_expiration_thread != NULL) {
+        PR_Interrupt(m_expiration_thread);
+        PR_JoinThread(m_expiration_thread);
+        m_expiration_thread = (PRThread*) NULL;
+    }
+
+    set_rollover_interval(0);
+    if (m_rollover_thread != NULL) {
+        PR_Interrupt(m_rollover_thread);
+        PR_JoinThread(m_rollover_thread);
+        m_rollover_thread = (PRThread*) NULL;
+    }
+
+    LogFile::shutdown();
+}
+
+int RollingLogFile::write(char *msg) {
+    int status;
+    PR_EnterMonitor(m_monitor);
+
+    if (m_rotation_needed && m_signed && m_signed_log) {
+        rotate();
+        m_rotation_needed = false;
+    }
+
+    status = LogFile::write(msg);
+    if ((get_bytes_written() >= ((int) m_max_file_size*1024)) && (m_max_file_size >0)) {
+        if (! m_signed_log) {
+            rotate();
+            m_rotation_needed = false;
+        } else {
+            m_rotation_needed = true;
+        }
+    }
+    PR_ExitMonitor(m_monitor);
+    return status;
+}
+
+/* this is always called under a monitor */
+void RollingLogFile::rotate() {
+    PRTime now;
+    const char* time_fmt = "%Y%m%d-%H%M%S";
+    char datetime[1024];
+    char backup_fname[1024];
+    char *first_sig = (char *) NULL;
+    PRExplodedTime time;
+    int status;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+    PR_snprintf((char *) backup_fname, 1024, "%s.%s", m_fname, datetime);
+
+    /* close the old file */
+    status = LogFile::close();
+    if (status != PR_SUCCESS) {
+         m_ctx->LogError( "RollingLogFile::rotate",
+                          __LINE__,
+                          "Failed to close log file %s",
+                          m_fname);
+         goto loser;
+    } else {
+        m_fd = (PRFileDesc *) NULL;
+    }
+
+    status = PR_Rename(m_fname, backup_fname);
+    if (status != PR_SUCCESS) {
+        m_ctx->LogError( "RollingLogFile::rotate",
+                          __LINE__,
+                          "Failed to rename %s to %s",
+                          m_fname, backup_fname);
+
+        status = LogFile::open(); 
+        if (status != PR_SUCCESS) {
+            m_ctx->LogError("RollingLogFile::rotate", 
+                            __LINE__,
+                            "Failed to reopen log file %s",
+                            m_fname);
+        }
+        goto loser;
+    }
+
+    /* open the new file */
+    m_fd = PR_Open(m_fname,  PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 440|200);
+    set_bytes_written(0);
+    if (m_fd == NULL) {
+        m_ctx->LogError( "RollingLogFile::rotate",
+                          __LINE__,
+                          "Failed to reopen log file %s",
+                          m_fname);
+    } else {
+        if (m_signed_log) {
+            first_sig = RA::GetAuditSigningMessage("");
+            if (first_sig != NULL) {
+                status = LogFile::write(first_sig);
+                if (status != PR_SUCCESS) {
+                    m_ctx->LogError("RollingLogFile::rotate",
+                            __LINE__,
+                            "Failed to write signature to new (rotated) log file %s",
+                             m_fname);
+                } else {
+                    status = LogFile::write("\n");
+                    if (RA::m_last_audit_signature != NULL) {
+                        PR_Free( RA::m_last_audit_signature );
+                    }
+                    RA::m_last_audit_signature = PL_strdup(first_sig);
+                    m_signed = true;
+                }
+                PR_Free(first_sig);
+            } else {
+                m_ctx->LogError("RollingLogFile::rotate",
+                           __LINE__,
+                           "Failed to generate signature for new (rotated) log file %s",
+                            m_fname);
+            }
+        }
+    }
+
+
+    loser: 
+        m_rotation_needed = false;
+}
+
+void RollingLogFile::child_init()
+{
+    set_rollover_interval(m_rollover_interval);
+    set_expiration_time(m_expiration_time);
+}
+
+
+void RollingLogFile::set_rollover_interval(int interval)
+{
+    m_rollover_interval = interval;
+    if ((m_rollover_interval>0) && (m_rollover_thread == NULL)) {
+        m_rollover_thread = PR_CreateThread( PR_USER_THREAD, 
+                                 start_rollover_thread, 
+                                 (void *) this,
+                                 PR_PRIORITY_NORMAL,      /* Priority */
+                                 PR_LOCAL_THREAD,   /* Scope */
+                                 PR_JOINABLE_THREAD, /* State */
+                                 0   /* Stack Size */);
+
+    } else {
+        if (m_rollover_thread != NULL) PR_Interrupt(m_rollover_thread);
+    }
+}
+
+void RollingLogFile::start_rollover_thread(void *args) {
+    RollingLogFile *rf;
+    if (args != NULL) {
+        rf = (RollingLogFile *) args;
+        rf->run_rollover_thread();
+    }
+}
+ 
+void RollingLogFile::run_rollover_thread() {
+
+    m_ctx->LogInfo( "RollingLogFile::run_rollover_thread",
+                     __LINE__,
+                    "thread = 0x%lx: Rollover thread for %s starting", 
+                    PR_GetCurrentThread(), m_fname);
+
+    while (m_rollover_interval > 0) {
+        PR_Sleep(PR_SecondsToInterval(m_rollover_interval));
+
+        PR_EnterMonitor(m_monitor);
+        if (m_rollover_interval == 0) break;
+        if (get_bytes_written()>0) {
+            if (! m_signed_log) { 
+                rotate();
+            } else {
+                m_rotation_needed = true;
+            }
+        }
+        PR_ExitMonitor(m_monitor);
+    }
+
+    m_ctx->LogInfo( "RollingLogFile::run_rollover_thread",
+                    __LINE__,
+                    "thread = 0x%lx: Rollover thread for %s ending", 
+                    PR_GetCurrentThread(), m_fname);
+
+    PR_ExitMonitor(m_monitor);
+}
+
+void RollingLogFile::set_expiration_time(int interval)
+{
+    m_expiration_time = interval;
+    m_expiration_sleep_time = interval;
+
+    if ((interval>0) && (m_expiration_thread == NULL)) {
+        m_expiration_thread = PR_CreateThread( PR_USER_THREAD,
+                                 start_expiration_thread,
+                                 (void *) this,
+                                 PR_PRIORITY_NORMAL,      /* Priority */
+                                 PR_GLOBAL_THREAD,   /* Scope */
+                                 PR_JOINABLE_THREAD, /* State */
+                                 0   /* Stack Size */);
+
+    } else {
+        if (m_expiration_thread != NULL) PR_Interrupt(m_expiration_thread);
+    }
+}
+
+void RollingLogFile::start_expiration_thread(void *args) {
+    RollingLogFile *rf;
+    if (args != NULL) {
+        rf = (RollingLogFile *) args;
+        rf->run_expiration_thread();
+    }
+}
+
+/* wait for a bit and then call expire().
+   Note that PR_Sleep() requires a small interval 
+   (about 6 hrs to prevent overflow) */
+void RollingLogFile::run_expiration_thread() {
+    int interval;
+
+    m_ctx->LogInfo( "RollingLogFile::run_expiration_thread",
+                     __LINE__,
+                    "thread = 0x%lx: Expiration thread for %s starting", 
+                    PR_GetCurrentThread(), m_fname);
+
+    while (m_expiration_time > 0) {
+        expire();
+        while (m_expiration_sleep_time > 0) {
+            if (m_expiration_sleep_time > MAX_SLEEP) {
+                interval = MAX_SLEEP;
+            } else {
+                interval = m_expiration_sleep_time;
+            }
+
+            PR_Sleep(PR_SecondsToInterval(interval));
+            m_expiration_sleep_time = m_expiration_sleep_time - interval;
+
+            if (m_expiration_time == 0) break;
+        }
+
+        if (m_expiration_time == 0) break;
+    }
+
+    m_ctx->LogInfo( "RollingLogFile::run_expiration_thread",
+                     __LINE__,
+                    "thread = 0x%lx: Expiration thread for %s ending", 
+                    PR_GetCurrentThread(), m_fname);
+}
+
+/* remove log files that have not been modified in specified time */
+void RollingLogFile::expire() {
+    char basename[256];
+    char dirname[256];
+    char searchStr[256];
+    char full_search_name[256];
+    PRDir *dir;
+    PRDirEntry *entry;
+    PRFileInfo info;
+    PRTime expireTime;
+    PRTime now;
+    PRTime earliestModTime;
+    PRInt64 expiration_interval;
+    PRInt64 usec_per_sec;
+    PRInt64 tmp, tmp1;
+    PRStatus status;
+
+    if (m_expiration_time == 0) {
+        return;
+    }
+
+    if (strrchr(m_fname, '/') != NULL) {
+        PR_snprintf((char *) basename, 256, "%s", strrchr(m_fname, '/') +1);
+        PR_snprintf((char *) dirname, PL_strlen(m_fname) - PL_strlen(basename), "%s", m_fname);
+        PL_strcat(dirname, '\0');
+    } else {
+        PR_snprintf((char *) basename, 256, "%s", m_fname);
+        PR_snprintf((char *) dirname, 256, ".");
+    }
+
+    LL_I2L(tmp, m_expiration_time);
+    LL_I2L(usec_per_sec, PR_USEC_PER_SEC);
+    LL_MUL(expiration_interval, tmp, usec_per_sec);
+
+    now = PR_Now();
+    earliestModTime=now;
+    LL_SUB(expireTime, now, expiration_interval);
+
+    dir = PR_OpenDir(dirname);
+
+    if (dir == NULL) {
+         m_ctx->LogError( "RollingLogFile::expire",
+                          __LINE__,
+                          "Failed to open log file directory %s",
+                          dirname);
+        return;
+    }
+
+    PR_snprintf(searchStr, 256, "%s.", basename);
+
+    while ((entry=PR_ReadDir(dir, PR_SKIP_BOTH)) != NULL) {
+        /* look only for entries of form basename. */
+
+        if (PL_strstr(entry->name, searchStr) != NULL) {
+            PR_snprintf(full_search_name, 256, "%s/%s", dirname, entry->name);
+            status = PR_GetFileInfo(full_search_name, &info);
+
+            if (status != PR_SUCCESS) {
+                 m_ctx->LogError( "RollingLogFile::expire",
+                          __LINE__,
+                          "Failed to get file info for log file %s",
+                          full_search_name);
+                // log failure to get file info
+            } else {
+                if (LL_CMP(info.modifyTime,<, expireTime)) {
+                    status = PR_Delete(full_search_name);
+                    if (status != PR_SUCCESS) {
+                        m_ctx->LogError( "RollingLogFile::expire",
+                                   __LINE__,
+                                   "Failed to delete expired log file %s",
+                                   full_search_name);
+                    }  else {
+                        RA::Debug("RollingLogFile::expire", "Deleted expired file: %s",
+                            full_search_name);
+                    }
+                } else {
+                    if (LL_CMP(info.modifyTime,<,earliestModTime)) {
+                        earliestModTime = info.modifyTime;
+                    }
+                }
+            }
+        }
+    }
+
+    PR_CloseDir(dir);
+
+    /* set next wakeup interval */
+    /* A complicated 64-bit way of calculating :
+       m_expiration_sleep_time = (earliestModTime + m_expiration_time * 1000000 - PR_Now())/1000000;
+    */
+
+    LL_ADD(tmp, earliestModTime, expiration_interval);
+    LL_SUB(tmp1, tmp, now);
+    LL_DIV(tmp, tmp1, usec_per_sec);
+    LL_L2I(m_expiration_sleep_time, tmp);
+
+}
+
+int RollingLogFile::get_rollover_interval() {
+   return m_rollover_interval;
+}
+
+void RollingLogFile::set_rotation_needed(bool val) {
+    m_rotation_needed = val;
+}
+
+bool RollingLogFile::get_rotation_needed() {
+    return m_rotation_needed;
+}
+
+int RollingLogFile::get_expiration_time() {
+    return m_expiration_time;
+}
+
+
diff --git a/pki/base/tps/src/main/SecureId.cpp b/pki/base/tps/src/main/SecureId.cpp
new file mode 100644
index 000000000..46394100e
--- /dev/null
+++ b/pki/base/tps/src/main/SecureId.cpp
@@ -0,0 +1,71 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "main/SecureId.h"
+#include "main/Memory.h"
+
+/**
+ * Creates a Secure ID object.
+ */
+SecureId::SecureId (char *value, char *pin)
+{
+    if (value == NULL) {
+	    m_value = NULL;
+    } else {
+	    m_value = PL_strdup(value);
+    }
+    if (pin == NULL) {
+	    m_pin = NULL;
+    } else {
+	    m_pin = PL_strdup(pin);
+    }
+}
+
+/**
+ * Destructs a Secure ID object.
+ */
+SecureId::~SecureId ()
+{
+    if( m_value != NULL ) {
+        PL_strfree( m_value );
+        m_value = NULL;
+    }
+    if( m_pin != NULL ) {
+        PL_strfree( m_pin );
+        m_pin = NULL;
+    }
+}
+
+/**
+ * Retrieves the optional Secure ID value.
+ */
+char *SecureId::GetValue()
+{
+	return m_value;
+}
+
+/**
+ * Retrieves the Secure ID PIN.
+ */ 
+char *SecureId::GetPIN()
+{
+	return m_pin;
+}
diff --git a/pki/base/tps/src/main/Util.cpp b/pki/base/tps/src/main/Util.cpp
new file mode 100644
index 000000000..2849121e4
--- /dev/null
+++ b/pki/base/tps/src/main/Util.cpp
@@ -0,0 +1,1168 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prmem.h"
+#include "prio.h"
+#include "pk11func.h"
+#include "main/Util.h"
+#include "main/Buffer.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+TPS_PUBLIC Util::Util ()
+{
+}
+
+TPS_PUBLIC Util::~Util ()
+{
+}
+
+/*
+ * Reads a line from file
+ */
+TPS_PUBLIC int Util::ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return)
+{
+       char *cur = buf;
+       int sum = 0;
+       PRInt32 rc;
+
+       *removed_return = 0;
+       while (1) {
+         rc = PR_Read(f, cur, 1);
+         if (rc == -1 || rc == 0)
+             break;
+         if (*cur == '\r') {
+             continue;
+         }
+         if (*cur == '\n') {
+             *cur = '\0';
+             *removed_return = 1;
+             break;
+         }
+         sum++;
+         cur++;
+       }
+       return sum;
+}
+
+TPS_PUBLIC int Util::ascii2numeric (char c) 
+{
+    int num;
+    switch (c) {
+        case '0': case '1': case '2':case '3':case '4':case '5':
+        case '6': case '7': case '8': case '9':
+            num = c - '0';
+            break;
+        default:
+            num = -1;
+            break; 
+    } 
+    return num;
+}
+
+static BYTE ZERO[1] = { 0 };
+static BYTE ONE[1] = { 1 };
+
+TPS_PUBLIC BYTE* Util::bool2byte(bool b) {
+    if (b)
+        return ONE;
+    else
+        return ZERO;
+}
+
+static int isAlphaNumeric (char ch)
+{
+    return (((ch >='a') && (ch <= 'z')) ||   /* logical AND &&, OR || */ 
+  	    ((ch >='A') && (ch <= 'Z')) || 
+	    ((ch >='0') && (ch <= '9')) );
+}
+
+static char bin2hex (BYTE ch)
+{
+    ch = ch & 0x0f; 
+    ch += '0';
+    if (ch > '9')
+            ch += 7;
+    return (ch);
+}
+
+static BYTE hex2bin (BYTE ch)
+{
+      if (ch > '9')
+            ch = ch - 'A' + 10;
+      else
+            ch = ch - '0';
+      return (ch);
+}
+
+
+TPS_PUBLIC char *Util::SpecialURLEncode(Buffer &data) {
+        int i;
+        BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+        char *ret = NULL;
+	int sum = 0;
+
+        for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') {
+                        sum+=1;
+                } else if (isAlphaNumeric(buf[i])) {
+                        sum+=1;
+                } else {
+                        sum+=3;
+                }
+        }
+	ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	if (ret == NULL)
+		return NULL;
+        char *cur = ret;
+
+        for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') {
+                        *cur++ = '+';
+                } else if (isAlphaNumeric(buf[i])) {
+                        *cur++ = buf[i];
+                } else {
+                        *cur++ = '#';
+                        *cur++ = bin2hex(buf[i] >> 4);
+                        *cur++ = bin2hex(buf[i]);
+                }
+        }
+        *cur = '\0'; // null-terminated
+        return ret;
+}
+
+TPS_PUBLIC char *Util::URLEncode (Buffer &data)
+{
+	int i;
+	BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+	int sum = 0;
+
+	for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') { 
+			sum+=1;
+		} else if (isAlphaNumeric(buf[i])) { 
+			sum+=1;
+		} else { 
+			sum+=3;
+		}
+	}
+	char *ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	char *cur = ret;
+
+	for (i = 0; i < len; i ++) {
+                if (buf[i] == ' ') { 
+			*cur++ = '+'; 
+		} else if (isAlphaNumeric(buf[i])) { 
+			*cur++ = buf[i]; 
+		} else { 
+			*cur++ = '%'; 
+			*cur++ = bin2hex(buf[i] >> 4); 
+			*cur++ = bin2hex(buf[i]); 
+		}
+	}
+	*cur = '\0'; // null-terminated
+	return ret;
+}
+
+TPS_PUBLIC char *Util::URLEncodeInHex (Buffer &data)
+{
+	int i;
+	BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+	int sum = 0;
+
+	for (i = 0; i < len; i ++) {
+		sum+=3;
+	}
+
+	char *ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	char *cur = ret;
+
+	for (i = 0; i < len; i ++) {
+		*cur++ = '%'; 
+		*cur++ = bin2hex(buf[i] >> 4); 
+		*cur++ = bin2hex(buf[i]); 
+	}
+	*cur = '\0'; // null-terminated
+	return ret;
+}
+
+TPS_PUBLIC char * Util::URLEncode1(const char *str)
+{
+	int sum = 0;
+  if (str == NULL)
+    return NULL;
+
+    // URL-encode the base-64 encoded public key. This code copies
+    // From input buffer str[] to output buffer encoded_str[]
+    int i = 0;
+    int j = 0;
+    char c;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            sum+=3;
+        } else if (c == '=') {
+            sum+=3;
+        } else if (c == '\r') {
+            sum+=3;
+        } else if (c == '\n') {
+            sum+=3;
+        } else if (c == '+') {
+            sum+=3;
+        } else if (c == '&') {
+            sum+=3;
+        } else if (c == ' ') {
+            sum+=1;
+        } else {
+            sum+=1;
+        }
+        if (c == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+
+  char *encoded_str = (char *)PR_Malloc(sum); //allocate more than we may need
+  
+  if (encoded_str == NULL)
+	  return NULL;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'F';
+        } else if (c == '&') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = '6';
+        } else if (c == '=') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '3';
+            encoded_str[i] = 'D';
+        } else if (c == '\r') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'D';
+        } else if (c == '\n') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'A';
+        } else if (c == '+') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'B';
+        } else if (c == ' ') {
+            encoded_str[i] = '+';
+        } else {
+            encoded_str[i] = str[j];
+        }
+        if (encoded_str[i] == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+    encoded_str[i] = '\0';
+
+    // DONT print, some of the sensitive information get printed.
+    /*
+    RA::Debug(LL_PER_PDU, "CertEnroll::urlEncode",
+          "URL-encoded encoded_str =%s",encoded_str);
+    */
+
+    return encoded_str;
+}
+/**
+ * this urlEncode function takes a char string
+ */
+TPS_PUBLIC char * Util::URLEncode(const char *str)
+{
+	int sum = 0;
+  if (str == NULL)
+    return NULL;
+
+    // URL-encode the base-64 encoded public key. This code copies
+    // From input buffer str[] to output buffer encoded_str[]
+    int i = 0;
+    int j = 0;
+    char c;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            sum+=3;
+        } else if (c == '=') {
+            sum+=3;
+        } else if (c == '\r') {
+            sum+=3;
+        } else if (c == '\n') {
+            sum+=3;
+        } else if (c == '+') {
+            sum+=3;
+        } else if (c == ' ') {
+            sum+=1;
+        } else {
+            sum+=1;
+        }
+        if (c == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+
+  char *encoded_str = (char *)PR_Malloc(sum); //allocate more than we may need
+  
+  if (encoded_str == NULL)
+	  return NULL;
+
+    i = 0;
+    j = 0;
+    while (1) {
+        c = str[j];
+        if (c == '/') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'F';
+        } else if (c == '=') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '3';
+            encoded_str[i] = 'D';
+        } else if (c == '\r') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'D';
+        } else if (c == '\n') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '0';
+            encoded_str[i] = 'A';
+        } else if (c == '+') {
+            encoded_str[i++] = '%';
+            encoded_str[i++] = '2';
+            encoded_str[i] = 'B';
+        } else if (c == ' ') {
+            encoded_str[i] = '+';
+        } else {
+            encoded_str[i] = str[j];
+        }
+        if (encoded_str[i] == '\0') {
+            break;
+        }
+        i++;
+        j++;
+    }
+    encoded_str[i] = '\0';
+
+    // DONT print, some of the sensitive information get printed.
+    /*
+    RA::Debug(LL_PER_PDU, "CertEnroll::urlEncode",
+          "URL-encoded encoded_str =%s",encoded_str);
+    */
+
+    return encoded_str;
+}
+
+/* s Format: 01AFEE */
+TPS_PUBLIC Buffer *Util::Str2Buf (const char *s)
+{
+	int len = strlen(s) / 2;
+        BYTE *ret = (BYTE *)PR_Malloc(len);
+        if (ret == NULL)
+                return NULL;
+
+        for (int i = 0; i < len; i ++) {
+               ret[i] = hex2bin(s[i*2]) * 16 + hex2bin(s[i*2+1]);
+        }
+
+	Buffer *newbuf = new Buffer(ret, len);
+        if( ret != NULL ) {
+            PR_Free( ret );
+            ret = NULL;
+        }
+        return newbuf;
+}
+
+TPS_PUBLIC char *Util::Buffer2String (Buffer &data)
+{
+	int i;
+	BYTE *buf = (BYTE*)data;
+        int len = (int)data.size();
+	int sum = 0;
+
+	for (i = 0; i < len; i ++) {
+		sum+=2;
+	}
+	char *ret = (char *)PR_Malloc(sum + 1); // allocate more than we may need
+	if (ret == NULL)
+		return NULL;
+	char *cur = ret;
+
+	for (i = 0; i < len; i ++) {
+		*cur++ = bin2hex(buf[i] >> 4); 
+		*cur++ = bin2hex(buf[i]); 
+	}
+	*cur = '\0'; // null-terminated
+	return ret;
+}
+
+TPS_PUBLIC Buffer *Util::SpecialURLDecode(const char *data)
+{
+        int i;
+        Buffer buf;
+        Buffer *ret = NULL;
+        int len = strlen(data);
+        BYTE *tmp = NULL;
+        int sum = 0;
+
+        if (len == 0)
+            return NULL;
+        tmp = (BYTE *)malloc(len);
+	if (tmp == NULL)
+		return NULL;
+        for (i = 0; i < len; i++) {
+                if (data[i] == '+') {
+                        tmp[sum++] = ' ';
+                } else if (data[i] == '#') {
+                        tmp[sum++] = (hex2bin(data[i+1]) << 4) + hex2bin(data[i+2]);
+                        i+=2;
+                } else {
+                        tmp[sum++] = (BYTE)data[i];
+                }
+        }
+
+        ret = new Buffer(tmp, sum);
+        if( tmp != NULL ) {
+            free( tmp );
+            tmp = NULL;
+        }
+        return ret;
+}
+
+TPS_PUBLIC Buffer *Util::URLDecode(const char *data)
+{
+	int i;
+	Buffer buf;
+        Buffer *ret = NULL;
+	int len = strlen(data);
+	BYTE *tmp = NULL;
+	int sum = 0;
+
+        if (len == 0)
+            return NULL;
+        tmp = (BYTE *)PR_Malloc(len);
+	for (i = 0; i < len; i++) {
+		if (data[i] == '+') {
+			tmp[sum++] = ' ';
+		} else if (data[i] == '%') {
+			tmp[sum++] = (hex2bin(data[i+1]) << 4) + hex2bin(data[i+2]);
+			i+=2;
+		} else {
+			tmp[sum++] = (BYTE)data[i];
+		}
+	}	
+
+        ret = new Buffer(tmp, sum);
+        if( tmp != NULL ) {
+            PR_Free( tmp );
+            tmp = NULL;
+        }
+	return ret;
+}
+
+
+TPS_PUBLIC PRStatus Util::GetRandomChallenge(Buffer &random)
+{
+        PRStatus rv = PR_FAILURE;
+	SECStatus status;
+
+	status = PK11_GenerateRandom(random, random.size()); 
+	if (status != SECSuccess) {
+                goto loser;
+        }
+	rv = PR_SUCCESS;
+loser:
+        return rv;
+} /* GetRandomChallenge */
+
+#define DES2_WORKAROUND
+
+TPS_PUBLIC PK11SymKey *Util::DiversifyKey(PK11SymKey *masterKey, Buffer &data, PK11SlotInfo *slot)
+{
+    PK11SymKey *key = NULL;
+    PRStatus status = PR_FAILURE ;
+    PK11Context *context = NULL;
+#ifdef DES2_WORKAROUND
+    unsigned char keyData[24];
+#else
+    unsigned char keyData[16];
+#endif
+    SECItem keyItem = { siBuffer, keyData, sizeof keyData };
+    SECStatus s;
+    int i;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+
+    /* XXX 
+           - masterKey could be just a double-length 
+             DES Key (16 bytes).
+           - we may need to add the first 8 bytes to
+             the end to make the key 24 bytes long (DES3 Key)
+     */
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, 
+                    masterKey,
+                    &noParams);
+    if (!context) goto done;
+
+    /* Part 1 */
+    s = PK11_CipherOp(context, &keyData[0], &len, 8, &((BYTE*)data)[0], 8);
+    if (s != SECSuccess) goto done;
+
+    /* Part 2 */
+    s = PK11_CipherOp(context, &keyData[8], &len, 8, &((BYTE*)data)[8], 8);
+    if (s != SECSuccess) goto done;
+
+#ifdef DES2_WORKAROUND
+    /* Part 3 */
+    for(i = 0;i < 8;i++)
+    {
+        keyData[i+16] = keyData[i];
+    }
+#endif
+
+    key = PK11_ImportSymKeyWithFlags(
+                slot,
+                CKM_DES3_ECB, 
+                PK11_OriginGenerated,
+                CKA_ENCRYPT, 
+                &keyItem, CKF_SIGN | CKF_ENCRYPT, PR_FALSE, 0);
+
+    status = PR_SUCCESS;
+    
+done:
+
+    return key;
+}
+
+TPS_PUBLIC PRStatus Util::ComputeKeyCheck(const Buffer& newKey, Buffer& output)
+{
+    PK11SymKey *key = NULL;
+    PRStatus status = PR_FAILURE ;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    SECStatus s = SECFailure;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+#ifdef DES2_WORKAROUND
+    unsigned char keyData[24];
+#else
+    unsigned char keyData[16];
+#endif
+    SECItem keyItem = {siBuffer, keyData, sizeof(keyData) };
+    unsigned char value[8];
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(keyData, newKey, 16);
+#ifdef DES2_WORKAROUND
+    memcpy(keyData+16, newKey, 8);
+#endif
+
+    memset(value, 0, sizeof value);
+
+    key = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_ENCRYPT, &keyItem,
+                   CKF_ENCRYPT, PR_FALSE, 0);
+    if( ! key ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, key,
+                    &noParams);
+    if (!context) {
+        goto done;
+    }
+    s = PK11_CipherOp(context, &value[0], &len, 8, &value[0], 8);
+    if (s != SECSuccess) {
+        goto done;
+    }
+
+    output.resize(3);
+    output.replace(0, value, 3);
+
+    status = PR_SUCCESS;
+done:
+    memset(keyData, 0, sizeof keyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( key != NULL ) {
+        PK11_FreeSymKey( key );
+        key = NULL;
+    }
+
+    return status;
+}
+
+TPS_PUBLIC PRStatus Util::ComputeCryptogram(PK11SymKey *key, 
+	const Buffer &card_challenge, const Buffer &host_challenge,
+	Buffer &output)
+{
+	Buffer icv(8, (BYTE)0);
+	Buffer input = card_challenge + host_challenge;
+
+	return ComputeMAC(key, input, icv, output);
+} /* ComputeCryptogram */
+
+
+TPS_PUBLIC PRStatus Util::ComputeMAC(PK11SymKey *key, Buffer &x_input, 
+		const Buffer &icv, Buffer &output)
+{
+    PRStatus rv = PR_SUCCESS;
+    PK11Context *context = NULL;
+//    NetkeyICV temp;
+    unsigned char result[8];
+    int i;
+    SECStatus s;
+    int len;
+#ifdef USE_DESMAC
+    CK_ULONG macLen = sizeof result;
+    SECItem params = { siBuffer, (unsigned char *)&macLen, sizeof macLen };
+#endif
+    static SECItem noParams = { siBuffer, 0, 0 };
+    static unsigned char macPad[] = {
+        0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+    };
+    BYTE *input = (BYTE *) x_input;	
+    int inputLen = x_input.size();
+
+#ifdef USE_DESMAC
+    context = PK11_CreateContextBySymKey(CKM_DES3_MAC_GENERAL, CKA_SIGN,
+                                key, &params);
+    if (!context) { rv = PR_FAILURE; goto done; }
+
+    s = PK11_DigestBegin(context);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+    s = PK11_DigestOp(context, icv, 8);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+    while(inputLen >= 8)
+    {
+        s = PK11_DigestOp(context, input, 8);
+        if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+        input += 8;
+        inputLen -= 8;
+    }
+
+    for (i = 0;i < inputLen;i++)
+    {
+        result[i] = input[i];
+    }
+
+    input = macPad;
+    for(;i < 8;i++)
+    {
+        result[i] = *input++;
+    }
+
+    s = PK11_DigestOp(context, result, sizeof result);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+    s = PK11_DigestFinal(context, output, (unsigned int *)&len, sizeof output);
+    if (1 != SECSuccess) { rv = PR_FAILURE; goto done; }
+
+#else
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, key, &noParams);
+    if (!context) { rv = PR_FAILURE; goto done; }
+
+    memcpy(result, icv, sizeof result);
+
+    /* Process whole blocks */
+    while(inputLen >= 8)
+    {
+        for(i = 0;i < 8;i++)
+        {
+            result[i] ^= input[i];
+        }
+
+        s = PK11_CipherOp(context, result, &len, sizeof result, result, sizeof result);
+        if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+        if (len != sizeof result) /* assert? */
+        {
+            //PR_SetError(PR_UNKNOWN_ERROR, 0);
+            rv = PR_FAILURE;
+            goto done;
+        }
+
+        input += 8;
+        inputLen -= 8;
+    }
+
+    /*
+     * Fold in remaining data (if any)
+     * Set i to number of bytes processed
+     */
+    for(i = 0;i < inputLen;i++)
+    {
+        result[i] ^= input[i];
+    }
+
+    /*
+     * Fill remainder of last block. There
+     * will be at least one byte handled here.
+     */
+    input = macPad;
+    while(i < 8)
+    {
+        result[i] ^= *input++;
+        i++;
+    }
+
+    s = PK11_CipherOp(context, result, &len, sizeof result, result, sizeof result);
+    if (s != SECSuccess) { rv = PR_FAILURE; goto done; }
+    if (len != sizeof result)
+    {
+        //PR_SetError(PR_UNKNOWN_ERROR, 0);
+        rv = PR_FAILURE;
+        goto done;
+    }
+
+    output.replace(0, result, sizeof result);
+#endif
+
+done:
+    if( context != NULL )
+    {
+        PK11_Finalize( context );
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    memset(result, 0, sizeof result);
+
+    return rv;
+} /* ComputeMAC */
+
+TPS_PUBLIC PK11SymKey *Util::DeriveKey(const Buffer& permKey,
+                        const Buffer& hostChallenge,
+                        const Buffer& cardChallenge)
+{
+    PK11SymKey *key = NULL, *master = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    unsigned char derivationData[16];
+#ifdef DES2_WORKAROUND
+    unsigned char keyData[24];
+#else
+    unsigned char keyData[16];
+#endif
+    int i;
+    SECStatus s;
+    int len;
+    SECItem keyItem = { siBuffer, keyData, sizeof keyData };
+    static SECItem noParams = { siBuffer, 0, 0 };
+    BYTE masterKeyData[24];
+    SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData) };
+
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(masterKeyData, permKey, 16);
+    memcpy(masterKeyData+16, permKey, 8);
+
+    master = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_ENCRYPT, &masterKeyItem,
+                   CKF_ENCRYPT, PR_FALSE, 0);
+    if( ! master ) goto done;
+
+    for(i = 0;i < 4;i++)
+    {
+        derivationData[i] = cardChallenge[i+4];
+        derivationData[i+4] = hostChallenge[i];
+        derivationData[i+8] = cardChallenge[i];
+        derivationData[i+12] = hostChallenge[i+4];
+    }
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, master,
+                    &noParams);
+    if (!context) goto done;
+
+    /* Part 1 */
+    s = PK11_CipherOp(context, &keyData[0], &len, 8, &derivationData[0], 8);
+    if (s != SECSuccess) goto done;
+
+    /* Part 2 */
+    s = PK11_CipherOp(context, &keyData[8], &len, 8, &derivationData[8], 8);
+    if (s != SECSuccess) goto done;
+
+#ifdef DES2_WORKAROUND
+    /* Part 3 */
+    for(i = 0;i < 8;i++)
+    {
+        keyData[i+16] = keyData[i];
+    }
+#endif
+
+    key = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB, PK11_OriginGenerated,
+                   CKA_ENCRYPT, &keyItem, CKF_SIGN | CKF_ENCRYPT, PR_FALSE, 0);
+
+done:
+    memset(keyData, 0, sizeof keyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( master != NULL ) {
+        PK11_FreeSymKey( master );
+        master = NULL;
+    }
+
+    return key;
+}
+
+/**
+ *
+ * 01 
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (AUTH KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (MAC KEY) 
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47  
+ * 81 10 B4 BA A8 9A 8C D0 29 2B 45 21 0E    (KEK KEY)
+ * 1B C8 4B 1C 31 
+ * 03 8B AF 47 
+ *
+ */
+TPS_PUBLIC PRStatus Util::CreateKeySetData(Buffer &newMasterVer, Buffer &old_kek_key, Buffer &new_auth_key, Buffer &new_mac_key, Buffer &new_kek_key, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    Buffer result;
+
+    Buffer encrypted_auth_key(16);
+    Util::EncryptData(old_kek_key, new_auth_key, encrypted_auth_key);
+    Buffer kc_auth_key(3);
+    Util::ComputeKeyCheck(new_auth_key, kc_auth_key);
+    Buffer encrypted_mac_key(16);
+    Util::EncryptData(old_kek_key, new_mac_key, encrypted_mac_key);
+    Buffer kc_mac_key(3);
+    Util::ComputeKeyCheck(new_mac_key, kc_mac_key);
+    Buffer encrypted_kek_key(16);
+    Util::EncryptData(old_kek_key, new_auth_key, encrypted_kek_key);
+    Buffer kc_kek_key(3);
+    Util::ComputeKeyCheck(new_kek_key, kc_kek_key);
+
+    result = newMasterVer +
+          Buffer(1, (BYTE)0x81) +
+          Buffer(1, (BYTE)0x10) +
+          encrypted_auth_key +
+          Buffer(1, (BYTE)0x03) +
+          kc_auth_key +
+          Buffer(1, (BYTE)0x81) +
+          Buffer(1, (BYTE)0x10) +
+          encrypted_mac_key +
+          Buffer(1, (BYTE)0x03) +
+          kc_mac_key +
+          Buffer(1, (BYTE)0x81) +
+          Buffer(1, (BYTE)0x10) +
+          encrypted_kek_key +
+          Buffer(1, (BYTE)0x03) +
+          kc_kek_key;
+
+    output = result;
+
+    rv = PR_SUCCESS;
+    return rv;
+}
+
+
+/*
+ * for Secure Messaging in Secure Channel
+ */
+TPS_PUBLIC PRStatus Util::EncryptData(PK11SymKey *encSessionKey,
+			   Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+    SECStatus s = SECFailure;
+    //static SECItem noParams = { siBuffer, 0, 0 };
+    static unsigned char d[8] = { 0,0,0,0,0,0,0,0 };
+    static SECItem ivParams = { siBuffer, d, 8 };
+    PK11Context *context = NULL;
+    unsigned char result[8];
+    int len;
+    int i;
+
+    /* this is ECB mode
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, encSessionKey,
+                    &noParams);
+    */
+    // use CBC mode
+    context = PK11_CreateContextBySymKey(CKM_DES3_CBC, CKA_ENCRYPT, encSessionKey,
+                    &ivParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE*)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+//    RA::Debug("Util::EncryptData", "success");
+done:
+
+    //#define VRFY_ENC_SESSION_KEY
+    // fix this to use CBC mode later
+#ifdef VRFY_ENC_SESSION_KEY
+    Buffer enc_key_buffer = Buffer((BYTE *) PK11_GetKeyData(encSessionKey)->data, PK11_GetKeyData(encSessionKey)->len);
+        RA::DebugBuffer("Util::EncryptData", "Verifying Encrypted Data",
+		&output);
+        Buffer out1 = Buffer(16, (BYTE)0);
+	PRStatus status = Util::DecryptData(enc_key_buffer, output, out1);
+        RA::DebugBuffer("Util::EncryptData", "Decrypted Data",
+		&out1);
+#endif
+
+
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+
+    return rv;
+}
+
+
+TPS_PUBLIC PRStatus Util::EncryptData(Buffer &kek_key, Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    PK11SymKey *master = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    int i;
+    SECStatus s = SECFailure;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+#ifdef DES2_WORKAROUND
+    unsigned char masterKeyData[24];
+#else
+    unsigned char masterKeyData[16];
+#endif
+    SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData) };
+    unsigned char result[8];
+
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(masterKeyData, (BYTE*)kek_key, 16);
+#ifdef DES2_WORKAROUND
+    memcpy(masterKeyData+16, (BYTE*)kek_key, 8);
+#endif
+
+    master = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_ENCRYPT, &masterKeyItem,
+                   CKF_ENCRYPT, PR_FALSE, 0);
+    if( ! master ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_ENCRYPT, master,
+                    &noParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE*)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+
+done:
+
+    memset(masterKeyData, 0, sizeof masterKeyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( master != NULL ) {
+        PK11_FreeSymKey( master );
+        master = NULL;
+    }
+
+    return rv;
+}
+
+TPS_PUBLIC PRStatus Util::DecryptData(Buffer &kek_key, Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    PK11SymKey *master = NULL;
+    PK11SlotInfo *slot = PK11_GetInternalKeySlot();
+    PK11Context *context = NULL;
+    int i;
+    SECStatus s = SECFailure;
+    int len;
+    static SECItem noParams = { siBuffer, 0, 0 };
+#ifdef DES2_WORKAROUND
+    unsigned char masterKeyData[24];
+#else
+    unsigned char masterKeyData[16];
+#endif
+    SECItem masterKeyItem = {siBuffer, masterKeyData, sizeof(masterKeyData) };
+    unsigned char result[8];
+
+    // convert 16-byte to 24-byte triple-DES key
+    memcpy(masterKeyData, (BYTE*)kek_key, 16);
+#ifdef DES2_WORKAROUND
+    memcpy(masterKeyData+16, (BYTE*)kek_key, 8);
+#endif
+
+    master = PK11_ImportSymKeyWithFlags(slot, CKM_DES3_ECB,
+                   PK11_OriginGenerated, CKA_DECRYPT, &masterKeyItem,
+                   CKF_DECRYPT, PR_FALSE, 0);
+    if( ! master ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_ECB, CKA_DECRYPT, master,
+                    &noParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE *)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+
+done:
+
+    memset(masterKeyData, 0, sizeof masterKeyData);
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+    if( slot != NULL ) {
+        PK11_FreeSlot( slot );
+        slot = NULL;
+    }
+    if( master != NULL ) {
+        PK11_FreeSymKey( master );
+        master = NULL;
+    }
+
+    return rv;
+}
+
+// this one takes PK11SymKey instead
+TPS_PUBLIC PRStatus Util::DecryptData(PK11SymKey* enc_key, Buffer &input, Buffer &output)
+{
+    PRStatus rv = PR_FAILURE;
+
+    PK11Context *context = NULL;
+    int i;
+    SECStatus s = SECFailure;
+    int len;
+    //    static SECItem noParams = { siBuffer, 0, 0 };
+    static unsigned char d[8] = { 0,0,0,0,0,0,0,0 };
+    static SECItem ivParams = { siBuffer, d, 8 };
+    unsigned char result[8];
+
+    if( ! enc_key ) {
+        goto done;
+    }
+
+    context = PK11_CreateContextBySymKey(CKM_DES3_CBC, CKA_DECRYPT, enc_key,
+                    &ivParams);
+    if (!context) {
+        goto done;
+    }
+
+    for(i = 0;i < (int)input.size();i += 8) {
+        s = PK11_CipherOp(context, result, &len, 8,
+                (unsigned char *)(((BYTE *)input)+i), 8);
+
+        if (s != SECSuccess) {
+            goto done;
+        }
+	output.replace(i, result, 8);
+    }
+
+    rv = PR_SUCCESS;
+
+done:
+
+    if( context != NULL ) {
+        PK11_DestroyContext( context, PR_TRUE );
+        context = NULL;
+    }
+
+    return rv;
+}
+
diff --git a/pki/base/tps/src/modules/CMakeLists.txt b/pki/base/tps/src/modules/CMakeLists.txt
new file mode 100644
index 000000000..b72b73c0c
--- /dev/null
+++ b/pki/base/tps/src/modules/CMakeLists.txt
@@ -0,0 +1,2 @@
+add_subdirectory(tokendb)
+add_subdirectory(tps)
diff --git a/pki/base/tps/src/modules/tokendb/CMakeLists.txt b/pki/base/tps/src/modules/tokendb/CMakeLists.txt
new file mode 100644
index 000000000..7b6edae91
--- /dev/null
+++ b/pki/base/tps/src/modules/tokendb/CMakeLists.txt
@@ -0,0 +1,48 @@
+project(tokendb_module CXX)
+
+set(TOKENDB_PRIVATE_INCLUDE_DIRS
+    ${TOKENDB_PUBLIC_INCLUDE_DIRS}
+    ${CMAKE_BINARY_DIR}
+    ${NSPR_INCLUDE_DIRS}
+    ${NSS_INCLUDE_DIRS}
+    ${APR_INCLUDE_DIRS}
+    ${SVRCORE_INCLUDE_DIRS}
+    ${LDAP_INCLUDE_DIRS}
+)
+
+set(TOKENDB_MODULE
+    tokendb_module
+    CACHE INTERNAL "tokendb apache module"
+)
+
+set(TOKENDB_LINK_LIBRARIES
+    ${TOKENDB_SHARED_LIBRARY}
+    ${NSPR_LIBRARIES}
+    ${NSS_LIBRARIES}
+    ${APR_LIBRARIES}
+    ${SVRCORE_LIBRARIES}
+    ${LDAP_LIBRARIES}
+)
+
+set(tokendb_module_SRCS
+    mod_tokendb.cpp
+)
+
+include_directories(${TOKENDB_PRIVATE_INCLUDE_DIRS})
+
+add_library(${TOKENDB_MODULE} MODULE ${tokendb_module_SRCS})
+target_link_libraries(${TOKENDB_MODULE} ${TOKENDB_LINK_LIBRARIES})
+
+set_target_properties(${TOKENDB_MODULE}
+    PROPERTIES
+        OUTPUT_NAME
+            mod_tokendb
+        PREFIX ""
+)
+
+install(
+    TARGETS
+        ${TOKENDB_MODULE}
+    DESTINATION
+        ${LIB_INSTALL_DIR}/httpd/modules
+)
diff --git a/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
new file mode 100644
index 000000000..6b9c296a7
--- /dev/null
+++ b/pki/base/tps/src/modules/tokendb/mod_tokendb.cpp
@@ -0,0 +1,7737 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#ifdef XP_WIN32
+#define TOKENDB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TOKENDB_PUBLIC
+#endif /* !XP_WIN32 */
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Headers
+**  _________________________________________________________________
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef XP_WIN32
+#include <unistd.h>  /* sleep */
+#else /* XP_WIN32 */
+#include <windows.h>
+#endif /* XP_WIN32 */
+
+#include "nspr.h"
+#include "prio.h"
+#include "plstr.h"
+#include "prmem.h"
+#include "prtime.h"
+#include "prthread.h"
+#include "cert.h"
+#include "regex.h"
+#include "nss3/base64.h"
+
+#include "httpd/httpd.h"
+#include "httpd/http_config.h"
+#include "httpd/http_log.h"
+#include "httpd/http_protocol.h"
+#include "httpd/http_main.h"
+#include "httpd/http_request.h"
+
+#include "apr_strings.h"
+
+#include "cms/CertEnroll.h"
+#include "engine/RA.h"
+#include "tus/tus_db.h"
+#include "processor/RA_Processor.h"
+#include "selftests/SelfTest.h"
+
+extern TOKENDB_PUBLIC char *nss_var_lookup( apr_pool_t *p, server_rec *s,
+                                            conn_rec *c, request_rec *r,
+                                            char *var );
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Definitions
+**  _________________________________________________________________
+*/
+
+#define JS_START "<SCRIPT LANGUAGE=\"JavaScript\">\n<!--\n"
+#define JS_STOP  "//-->\n</SCRIPT>\n"
+#define CMS_TEMPLATE_TAG "<CMS_TEMPLATE>"
+
+#define MAX_INJECTION_SIZE 5120
+#define MAX_OVERLOAD       20
+#define LOW_INJECTION_SIZE 2048
+#define SHORT_LEN          256
+
+#define BASE64_HEADER "-----BEGIN CERTIFICATE-----\n"
+#define BASE64_FOOTER "-----END CERTIFICATE-----\n"
+
+#define TOKENDB_OPERATORS_IDENTIFIER       "TUS Officers"
+#define TOKENDB_AGENTS_IDENTIFIER         "TUS Agents"
+#define TOKENDB_ADMINISTRATORS_IDENTIFIER "TUS Administrators"
+
+#define OP_PREFIX "op.format"
+
+#define NUM_PROFILES_TO_DISPLAY 15
+#define NUM_ENTRIES_PER_PAGE 25
+#define MAX_LEN_PROFILES_TO_DISPLAY 1000
+
+#define error_out(msg1,msg2) \
+    PR_snprintf(injection, MAX_INJECTION_SIZE, \
+        "%s%s%s%s%s", JS_START, "var error = \"Error: ", \
+        msg1,"\";\n", JS_STOP ); \
+    buf = getData( errorTemplate, injection ); \
+    ap_log_error( ( const char * ) "tus", __LINE__, \
+        APLOG_ERR, 0, rq->server, \
+        ( const char * ) msg2 ); \
+    ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+#define ldap_error_out(msg1,msg2) \
+    PR_snprintf( injection, MAX_INJECTION_SIZE, \
+        "%s%s%s%s%s%s", JS_START, \
+        "var error = \"", msg1, \
+        ldap_err2string( status ), \
+        "\";\n", JS_STOP ); \
+    buf = getData( errorTemplate, injection ); \
+    ap_log_error( ( const char * ) "tus", __LINE__, \
+        APLOG_ERR, 0, rq->server, \
+        ( const char * ) msg2, \
+        ldap_err2string( status ) ); \
+    ( void ) ap_rwrite( ( const void * ) buf, PL_strlen( buf ), rq );
+
+#define post_ldap_error(msg) \
+    ap_log_error( ( const char * ) "tus", __LINE__, \
+        APLOG_ERR, 0, rq->server, \
+        (const char *) msg,  ldap_err2string( status ) );
+
+#define get_cfg_string(cname, vname) \
+    if( ( s = PL_strstr( buf, cname ) ) != NULL ) { \
+        s += PL_strlen( cname ); \
+        v = s; \
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && \
+               ( PRUint32 ) ( s - buf ) < size ) { \
+            s++; \
+        } \
+        n = s - v; \
+        s = PL_strndup( v, n ); \
+        if( s != NULL ) { \
+            if( vname != NULL ) { \
+                PL_strfree( vname ); \
+                vname = NULL; \
+            } \
+            vname = s; \
+        } else { \
+            do_free(buf); \
+            return 0; \
+        } \
+    }
+
+#define get_cfg_int(cname, vname) \
+    if( ( s = PL_strstr( buf, cname ) ) != NULL ) { \
+        s += PL_strlen( cname ); \
+        v = s; \
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && \
+               ( PRUint32 ) ( s - buf ) < size ) { \
+            s++; \
+        } \
+        n = s - v; \
+        s = PL_strndup( v, n ); \
+        if( s != NULL ) { \
+            char *endptr = NULL; \
+            errno = 0; \
+            vname = strtol(s, &endptr, 10);\
+            if ((errno == ERANGE && (vname == LONG_MAX || vname == LONG_MIN)) \
+              || (endptr == s)) { \
+                vname=0; \
+            } \
+            do_free(s); \
+        } else { \
+            do_free(buf); \
+            do_free(s); \
+            return 0; \
+        } \
+    }
+
+/**
+ * Provide reasonable defaults for some defines.
+ */
+enum MOD_TOKENDB_BOOL {
+    MOD_TOKENDB_FALSE = 0,
+    MOD_TOKENDB_TRUE = 1
+}; 
+
+#define MAX_TOKEN_UI_STATE  6
+
+enum token_ui_states  {
+    TOKEN_UNINITIALIZED = 0,
+    TOKEN_DAMAGED =1,
+    TOKEN_PERM_LOST=2,
+    TOKEN_TEMP_LOST=3,
+    TOKEN_FOUND =4,
+    TOKEN_TEMP_LOST_PERM_LOST =5,
+    TOKEN_TERMINATED = 6
+};
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Request Data
+**  _________________________________________________________________
+*/
+
+#ifdef DEBUG_Tokendb
+static PRFileDesc *debug_fd                  = NULL;
+#endif
+
+static char *templateDir                     = NULL;
+static char *errorTemplate                   = NULL;
+static char *indexTemplate                   = NULL;
+static char *indexAdminTemplate              = NULL;
+static char *indexOperatorTemplate           = NULL;
+static char *newTemplate                     = NULL;
+static char *searchTemplate                  = NULL;
+static char *searchResultTemplate            = NULL;
+static char *searchAdminTemplate             = NULL;
+static char *searchAdminResultTemplate       = NULL;
+static char *searchActivityTemplate          = NULL;
+static char *searchCertificateTemplate       = NULL;
+static char *searchCertificateResultTemplate = NULL;
+static char *searchActivityResultTemplate    = NULL;
+static char *searchActivityAdminTemplate     = NULL;
+static char *searchActivityAdminResultTemplate = NULL;
+static char *editTemplate                    = NULL;
+static char *editResultTemplate              = NULL;
+static char *showTemplate                    = NULL;
+static char *showCertTemplate                = NULL;
+static char *showAdminTemplate               = NULL;
+static char *deleteTemplate                  = NULL;
+static char *doTokenTemplate                 = NULL;
+static char *doTokenConfirmTemplate          = NULL;
+static char *revokeTemplate                  = NULL;
+static char *addResultTemplate               = NULL;
+static char *deleteResultTemplate            = NULL;
+static char *editUserTemplate                = NULL;
+static char *searchUserResultTemplate        = NULL;
+static char *searchUserTemplate              = NULL;
+static char *newUserTemplate                 = NULL;
+static char *userDeleteTemplate              = NULL;
+static char *auditAdminTemplate              = NULL;
+static char *selfTestTemplate                = NULL;
+static char *selfTestResultsTemplate         = NULL;
+static char *agentSelectConfigTemplate       = NULL;
+static char *selectConfigTemplate            = NULL;
+static char *agentViewConfigTemplate         = NULL;
+static char *editConfigTemplate              = NULL;
+static char *confirmConfigChangesTemplate    = NULL;
+static char *addConfigTemplate               = NULL;
+static char *confirmDeleteConfigTemplate     = NULL;
+static int maxSizeLimit                      = 0;
+static int defaultSizeLimit                  = 0;
+static int maxTimeLimit                      = 0;
+static int defaultTimeLimit                  = 0;
+static int pwLength                          = 0;
+
+static char *profileList                     = NULL;
+static char *transitionList                  = NULL;
+
+static int sendInPieces = 0;
+static RA_Processor m_processor;
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Command Data
+**  _________________________________________________________________
+*/
+
+static const char MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER[] =
+"TokendbConfigPathFile";
+
+static const char MOD_TOKENDB_CONFIGURATION_FILE_USAGE[] =
+"Tokendb Configuration Filename prefixed by a complete path, or\n"
+"a path that is relative to the Apache server root.";
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Server Configuration Creation Data
+**  _________________________________________________________________
+*/
+
+typedef struct {
+    char *Tokendb_Configuration_File;
+    MOD_TOKENDB_BOOL enabled;
+} mod_tokendb_server_configuration;
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Registration Data
+**  _________________________________________________________________
+*/
+
+#define MOD_TOKENDB_CONFIG_KEY tokendb_module
+
+static const char MOD_TOKENDB_CONFIG_KEY_NAME[] = "tokendb_module";
+
+extern module TOKENDB_PUBLIC MOD_TOKENDB_CONFIG_KEY;
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Helper Functions
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate Apache
+ */
+void tokendb_die( void )
+{
+    /*
+     * This is used for fatal errors and here
+     * it is common module practice to really
+     * exit from the complete program.
+     */
+    exit( 1 );
+}
+
+
+void tokendbDebug( const char* msg )
+{
+    RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               msg);
+#if 0
+    if( debug_fd ) {
+        PR_fprintf( debug_fd, msg );
+    }
+#endif
+}
+
+inline void do_free(char * buf)
+{
+    if (buf != NULL) {
+        PR_Free(buf);
+        buf = NULL;
+    }
+}
+
+inline void do_strfree(char *buf)
+{
+    if (buf != NULL) {
+        PL_strfree(buf);
+        buf = NULL;
+    }
+}
+
+inline bool valid_berval(struct berval** b)
+{
+    return (b != NULL) && (b[0] != NULL) && (b[0]->bv_val != NULL);
+}
+
+/**
+ * unencode
+ * summary: takes a URL encoded string and returns an unencoded string 
+ *        : must be freed by caller
+ */
+char *unencode(const char *src)
+{
+    char *dest = NULL;
+    char *dp = NULL;
+    dest = (char *) PR_Malloc(PL_strlen(src)* sizeof(char) + 1);
+    dp = dest;
+    for(; PL_strlen(src) > 0 ; src++, dp++)
+        if(*src == '+')
+            *dp = ' ';
+        else if(*src == '%') {
+            int code;
+            if (sscanf(src+1, "%2x", &code) != 1) code = '?';
+            *dp = code;
+            src +=2; 
+        }     
+        else
+         *dp = *src;
+    *dp = '\0';
+    return dest;
+}
+
+/**
+ * get_field
+ * summary: used to parse query strings in get and post requests
+ *        : returns the value of the parameter following fname, in query string s.
+ *         must be freed by caller.
+ * example: get_field("op=hello&name=foo&title=bar", "name=") returns foo
+ */
+char *get_field( char *s, const char* fname, int len)
+{
+    char *end = NULL;
+    char *tmp = NULL;
+    char *ret = NULL;
+    int  n;
+
+    if( ( s = PL_strstr( s, fname ) ) == NULL ) {
+        return NULL;
+    }
+
+    s += strlen(fname);
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+    
+    if (n == 0) {
+        return NULL;
+    } else if (n > len) {
+        /* string too long */
+        return NULL; 
+    } else {
+        tmp = (char *) PL_strndup(s,n);
+        ret = unencode(tmp);
+        do_free(tmp);
+        return ret;
+    }
+}
+
+/**
+ * get_post_field
+ * summary: get value from apr_table containing HTTP-Post values
+ * params: post - apr_table with post data
+ *       : fname = name of post-field
+ */
+char *get_post_field( apr_table_t *post, const char *fname, int len) 
+{
+   char *ret = NULL;
+   if (post) {
+      ret = unencode(apr_table_get(post, fname));
+      if ((ret != NULL) && ((int) PL_strlen(ret) > len)) {
+        PR_Free(ret);
+        return NULL;
+      } else {
+        return ret;
+      }
+   } else {
+      return NULL;
+  }
+}
+
+char *get_post_field_s( apr_table_t *post, const char *fname)
+{
+   char *ret = NULL;
+   if (post) {
+      ret = unencode(apr_table_get(post, fname));
+      return ret;
+   } else {
+      return NULL;
+   }
+}
+
+/**
+ * similar to get_post_field - but returns the original post data
+ * without unencoding - used for userCert 
+ */
+char *get_encoded_post_field(apr_table_t *post, const char *fname, int len)              
+{
+   char *ret = NULL;
+   if (post) {
+      ret = PL_strdup(apr_table_get(post, fname));
+      if ((ret != NULL) && ((int) PL_strlen(ret) > len)) {
+        PL_strfree(ret);
+        return NULL;
+      } else {
+        return ret;
+      }
+   } else {
+      return NULL;
+  }
+}
+
+/**
+ * match_profile
+ * summary: returns true if the profile passed in matches an existing profile
+ *          in the profileList read from CS.cfg. Called when confirming that 
+ *          a user entered "other profile" is a real profile
+ */
+bool match_profile(const char *profile)
+{
+   return RA::match_comma_list(profile, profileList);
+}
+
+int get_token_ui_state(char *state, char *reason)
+{
+    int ret = 0;
+    if (strcmp(state, STATE_UNINITIALIZED) == 0) {
+        ret = TOKEN_UNINITIALIZED;
+    } else if (strcasecmp(state, STATE_ACTIVE) == 0) {
+        ret = TOKEN_FOUND;
+    } else if (strcasecmp(state, STATE_LOST) == 0) {
+        if (strcasecmp(reason, "keyCompromise") == 0) {
+            /* perm lost or temp -> perm lost */
+            ret =  TOKEN_PERM_LOST;
+        } else if (strcasecmp(reason, "destroyed") == 0) {
+            ret = TOKEN_DAMAGED;
+        } else if (strcasecmp(reason, "onHold") == 0) {
+            ret = TOKEN_TEMP_LOST;
+        }  
+    } else if (strcasecmp(state, "terminated") == 0) {
+        ret = TOKEN_TERMINATED;
+    } else {
+        /* state is disabled or otherwise : what to do here? */
+        ret = TOKEN_PERM_LOST;
+    }
+    return ret;
+}
+
+bool transition_allowed(int oldState, int newState) 
+{
+    /* parse the allowed transitions string and look for old:new */
+    char search[128];
+
+    if (transitionList == NULL) return true;
+
+    PR_snprintf(search, 128, "%d:%d", oldState, newState);
+    return RA::match_comma_list(search, transitionList);
+}
+
+void add_allowed_token_transitions(int token_ui_state, char *injection) 
+{
+    bool first = true;
+    int i=1;
+    char state[128];
+
+    sprintf(state, "var allowed_transitions=\"");
+    PL_strcat(injection, state);
+    for (i=1; i<=MAX_TOKEN_UI_STATE; i++) {
+        if (transition_allowed(token_ui_state, i)) {
+            if (first) {
+               sprintf(state, "%d", i);
+               first = false;
+            } else {
+               sprintf(state, ",%d", i);
+            }
+            PL_strcat(injection, state);
+        }
+    }
+    PL_strcat(injection, "\";\n");
+}
+
+char *getTemplateFile( char *fileName, int *injectionTagOffset )
+{
+    char *buf = NULL;
+    char *s   = NULL;
+    PRFileDesc *fd = NULL;
+    char fullFileName[4096];
+    PRFileInfo info;
+    PRUint32   fileSize;
+    PRUint32   size;
+    PRInt32    k, n;
+
+    *injectionTagOffset = -1;
+
+    PR_snprintf( fullFileName, 4096, "%s/%s", templateDir, fileName );
+
+    if( PR_GetFileInfo( fullFileName, &info ) != PR_SUCCESS ) {
+        return buf;
+    }
+
+    fileSize = info.size;
+    size = fileSize + 1;
+
+    buf = ( char * ) PR_Malloc( size );
+    if( buf == NULL ) {
+        return buf;
+    }
+
+    fd = PR_Open( fullFileName, PR_RDONLY, 00400 );
+    if( fd == NULL ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    k = 0;
+    while( ( n = PR_Read( fd, &buf[k], fileSize-k ) ) > 0 ) {
+        k += n;
+        if( ( PRUint32 ) k >= fileSize ) {
+            break;
+        }
+    }
+
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+
+    if( n < 0 || ( ( PRUint32 ) k > fileSize ) ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    buf[k] = '\0';
+
+    if( ( s = PL_strstr( buf, CMS_TEMPLATE_TAG ) ) != NULL ) {
+        *injectionTagOffset = PL_strlen( buf ) - PL_strlen( s );
+    }
+
+    return buf;
+}
+
+
+char *getData( char *fileName, char *injection )
+{
+    char *buf = NULL;
+    char *s   = NULL;
+    PRFileDesc *fd = NULL;
+    char fullFileName[4096];
+    PRFileInfo info;
+    PRUint32   fileSize;
+    PRUint32   size, len;
+    PRUint32   injectionSize;
+    PRInt32    k, n;
+
+    PR_snprintf( fullFileName, 4096, "%s/%s", templateDir, fileName );
+
+    if( PR_GetFileInfo( fullFileName, &info ) != PR_SUCCESS ) {
+        return buf;
+    }
+
+    fileSize = info.size;
+    size = fileSize;
+    injectionSize = 0;
+
+    if( injection != NULL && PL_strlen( injection ) > 0 ) {
+        injectionSize = PL_strlen( injection );
+        size += injectionSize;
+    }
+
+    size++;
+
+    buf = ( char * ) PR_Malloc( size );
+    if( buf == NULL ) {
+        return buf;
+    }
+
+    fd = PR_Open( fullFileName, PR_RDONLY, 00400 );
+    if( fd == NULL ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    k = 0;
+    while( ( n = PR_Read( fd, &buf[k], fileSize-k ) ) > 0 ) {
+        k += n;
+        if( ( PRUint32 ) k >= fileSize ) {
+            break;
+        }
+    }
+
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+
+    if( n < 0 || ( ( PRUint32 ) k > fileSize ) ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return NULL;
+    }
+
+    buf[k] = '\0';
+    if( injectionSize > 0 ) {
+        if( ( s = PL_strstr( buf, CMS_TEMPLATE_TAG ) ) != NULL ) {
+            len = PL_strlen( s ) - PL_strlen( CMS_TEMPLATE_TAG );
+            memmove( s + injectionSize, 
+                     s + PL_strlen( CMS_TEMPLATE_TAG ),
+                     len + 1 );
+            memcpy( s, injection, injectionSize );
+        }
+    }
+
+    return buf;
+}
+
+/**
+ * returns string with special characters escaped.  Caller must free the contents 
+ */
+char *escapeSpecialChars(char* src)
+{
+    char *ret;
+    int i =0;
+
+    if (PL_strlen(src) == 0) {
+        return PL_strdup(src);
+    }
+    ret = (char *)PR_Malloc(PL_strlen(src) * 2 + 1);
+
+    while (*src != '\0') {
+        if (*src == '"') {
+            ret[i++] = '\\';
+            ret[i++] = '"';
+        } else {
+            ret[i++] = *src;
+        }
+        src++; 
+    }
+    ret[i]='\0';  
+    return ret;   
+}
+
+void getCertificateFilter( char *filter, char *query )
+{
+    char *uid  = NULL;
+    char *tid  = NULL;
+    char *end  = NULL;
+    char *cn  = NULL;
+    char *view = NULL;
+    int  len   = 0;
+    int  i     = 0;
+
+    tid  = PL_strstr( query, "tid=" );
+    uid  = PL_strstr( query, "uid=" );
+    cn  = PL_strstr( query, "cn=" );
+    view = PL_strstr( query, "op=view" );
+
+    if( view == NULL ) {
+      view = PL_strstr( query, "op=show" );
+    }
+
+    filter[0] = '\0';
+
+    if( tid == NULL && uid == NULL && cn == NULL ) {
+      PL_strcat( filter, "(tokenID=*)" );
+      return;
+    }
+
+    if( tid != NULL && uid != NULL &&  view != NULL ) {
+        PL_strcat( filter, "(&" );
+    }
+
+    if( tid != NULL ) {
+        PL_strcat( filter, "(tokenID=" );
+        end = PL_strchr( tid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - tid - 4;
+
+            if( i > 0 ) {
+                memcpy( filter+len, tid+4, i );
+            }
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, tid+4 );
+        }
+        if( view != NULL ) {
+            PL_strcat( filter, "*)" );
+        } else {
+            PL_strcat( filter, ")" );
+        }
+    }
+
+    if( uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(tokenUserID=" );
+        end = PL_strchr( uid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - uid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, uid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, uid+4 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if( cn != NULL ) {
+        PL_strcat( filter, "(cn=" );
+        end = PL_strchr( cn, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - cn - 3;
+            if( i > 0 ) {
+                memcpy( filter+len, cn+3, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, cn+3 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if(tid != NULL && uid != NULL && view != NULL) {
+        PL_strcat( filter, ")" );
+    }
+}
+
+
+void getActivityFilter( char *filter, char *query )
+{
+    char *uid  = NULL;
+    char *tid  = NULL;
+    char *end  = NULL;
+    char *view = NULL;
+    int  len   = 0;
+    int  i     = 0;
+
+    tid  = PL_strstr( query, "tid=" );
+    uid  = PL_strstr( query, "uid=" );
+    view = PL_strstr( query, "op=view" );
+    filter[0] = '\0';
+
+    if( tid == NULL && uid == NULL ) {
+      PL_strcat( filter, "(tokenID=*)" );
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(&" );
+    }
+
+    if( tid != NULL ) {
+        PL_strcat( filter, "(tokenID=" );
+        end = PL_strchr( tid, '&' );
+        len = PL_strlen( filter );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, tid+4, i );
+            }
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, tid+4 );
+        }
+
+        if( view != NULL ) {
+            PL_strcat( filter, "*)" );
+        } else {
+            PL_strcat( filter, ")" );
+        }
+    }
+
+    if( uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(tokenUserID=" );
+        end = PL_strchr( uid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - uid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, uid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, uid+4 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL) {
+        PL_strcat( filter, ")" );
+    }
+}
+
+/**
+ * get_user_filter
+ * summary: returns an ldap search filter used for displaying 
+ *          user data when searching users based on uid, firstName and lastName
+ * params: filter - ldap search filter.  Resu;t returned here.
+ *         query  - query string passed in
+ */
+void getUserFilter (char *filter, char *query) {
+    char *uid        = NULL;
+    char *firstName  = NULL;
+    char *lastName   = NULL;
+
+    uid  = get_field(query, "uid=", SHORT_LEN);
+    firstName = get_field(query, "firstName=", SHORT_LEN);
+    lastName = get_field(query, "lastName=", SHORT_LEN);
+  
+    filter[0] = '\0';
+
+    if ((uid == NULL) && (firstName == NULL) && (lastName ==NULL)) {
+        PL_strcat(filter, "(objectClass=Person");
+    } else {
+        PL_strcat(filter, "(&(objectClass=Person)");
+    }
+
+    if (uid != NULL) {
+        PL_strcat(filter, "(uid=");
+        PL_strcat(filter, uid);
+        PL_strcat(filter,")");
+    }
+
+    if (lastName != NULL) {
+        PL_strcat(filter, "(sn=");
+        PL_strcat(filter, lastName);
+        PL_strcat(filter,")");
+    }
+
+    if (firstName != NULL) {
+        PL_strcat(filter, "(givenName=");
+        PL_strcat(filter, firstName);
+        PL_strcat(filter,")");
+    }
+
+    PL_strcat(filter, ")");
+
+    do_free(uid);
+    do_free(firstName);
+    do_free(lastName);
+}
+
+/**
+ * add_profile_filter
+ * summary: returns an ldap search filter which is a concatenation 
+ *          of the authorized profile search filter and the regular search
+ *          filter.  To be freed by caller.
+ * params: filter - search filter
+ *         auth_filter: authorized profiles filter
+ */
+char *add_profile_filter( char *filter, char *auth_filter)
+{
+    char *ret;
+    int size;
+    char no_auth_filter[] = "(tokenType=\"\")";
+    if (filter == NULL) return NULL;
+    if ((auth_filter == NULL) || (PL_strstr( auth_filter, ALL_PROFILES))) {
+        ret = PL_strdup(filter);
+    } else if (PL_strstr( auth_filter, NO_PROFILES)) {
+        size = (PL_strlen(filter) + PL_strlen(no_auth_filter) + 4) * sizeof(char);
+        ret = (char *) PR_Malloc(size);
+        PR_snprintf(ret, size, "%s%s%s%s",
+            "(&", filter,no_auth_filter, ")");
+    } else {
+        size = (PL_strlen(filter) + PL_strlen(auth_filter) + 4) * sizeof(char);
+        ret = (char *) PR_Malloc(size);
+        PR_snprintf(ret, size, "%s%s%s%s", 
+            "(&", filter, auth_filter, ")");
+    }
+    return ret;
+}
+           
+
+void getFilter( char *filter, char *query )
+{
+    char *uid  = NULL;
+    char *tid  = NULL;
+    char *end  = NULL;
+    char *view = NULL;
+    int  len   = 0;
+    int  i     = 0;
+
+    tid  = PL_strstr( query, "tid=" );
+    uid  = PL_strstr( query, "uid=" );
+    view = PL_strstr( query, "op=view" );
+    filter[0] = '\0';
+
+    if( tid == NULL && uid == NULL ) {
+      PL_strcat( filter, "(cn=*)" );
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(&" );
+    }
+
+    if( tid != NULL ) {
+        PL_strcat( filter, "(cn=" );
+        end = PL_strchr( tid, '&' );
+        len = PL_strlen( filter );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, tid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, tid+4 );
+        }
+
+        if (view != NULL) {
+            PL_strcat( filter, "*)" );
+        } else {
+            PL_strcat( filter, ")" );
+        }
+    }
+
+    if( uid != NULL && view != NULL ) {
+        PL_strcat( filter, "(tokenUserID=" );
+        end = PL_strchr( uid, '&' );
+        len = PL_strlen( filter );
+        if( end != NULL ) {
+            i = end - uid - 4;
+            if( i > 0 ) {
+                memcpy( filter+len, uid+4, i );
+            }
+
+            filter[len+i] = '\0';
+        } else {
+            PL_strcat( filter, uid+4 );
+        }
+
+        PL_strcat( filter, "*)" );
+        /* PL_strcat( filter, ")" ); */
+    }
+
+    if( tid != NULL && uid != NULL && view != NULL ) {
+        PL_strcat( filter, ")" );
+    }
+}
+
+
+void getCN( char *cn, char *query )
+{
+    char *tid = NULL;
+    char *end = NULL;
+    int  i    = 0;
+
+    cn[0] = '\0';
+    tid  = PL_strstr( query, "tid=" );
+    if( tid != NULL ) {
+        end = PL_strchr( tid, '&' );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+
+            if( i > 0 ) {
+                memcpy( cn, tid+4, i );
+            }
+
+            cn[i] = '\0';
+        } else {
+            PL_strcat( cn, tid+4 );
+        }
+    }
+}
+
+
+void getTemplateName( char *cn, char *query )
+{
+    char *tid = NULL;
+    char *end = NULL;
+    int  i    = 0;
+
+    cn[0] = '\0';
+    tid  = PL_strstr( query, "template=" );
+
+    if( tid != NULL ) {
+        end = PL_strchr( tid, '&' );
+
+        if( end != NULL ) {
+            i = end - tid - 4;
+
+            if( i > 0 ) {
+                memcpy( cn, tid+4, i );
+            }
+
+            cn[i] = '\0';
+        } else {
+            PL_strcat( cn, tid+4 );
+        }
+    }
+}
+
+
+char *parse_modification_number( char *s )
+{
+    char *end = NULL;
+    int  n;
+
+    if( ( s = PL_strstr( s, "m=" ) ) == NULL ) {
+        return NULL;
+    }
+
+    s += 2;
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+    
+    return PL_strndup( s, n );
+}
+
+
+char **parse_modification_number_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    char tmp[32];
+    int  n, m;
+
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+        if( n > 0 ) {
+            memcpy( tmp, s, n );
+        }
+        tmp[n] = '\0';
+    } else {
+        n = PL_strlen( s );
+        PL_strcpy( tmp, s );
+    }
+
+    m = atoi( tmp );
+    m++;
+    PR_snprintf( tmp, 32, "%d", m );
+    n = PL_strlen( tmp );
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+
+    PL_strcpy( v[0], tmp );
+
+    return v;
+}
+
+
+char **parse_status_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    int  n;
+
+    end = PL_strchr( s, '&' );
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+    PL_strncpy( v[0], s, n );
+
+    return v;
+}
+
+
+char **parse_uid_change( char *s )
+{
+    char *end = NULL;
+    char *p   = NULL;
+    char *q   = NULL;
+    char **v  = NULL;
+    int   i, k, n, m;
+
+    end = PL_strchr( s, '&' );
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    k = n;
+    p = s;
+    m = 1;
+
+    while( k > 0 ) {
+        if( ( p = PL_strnchr( p, ',', k ) ) == NULL ) {
+            break;
+        }
+
+        p++;
+        k = n - ( p - s );
+        m++;
+    }
+        
+    if( ( v = allocate_values( m, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+
+    if( m > 1 ) {
+        k = n;
+        p = s;
+        i = 0;
+
+        while( k > 0 ) {
+            if( ( q = PL_strnchr( p, ',', k ) ) != NULL ) {
+                PL_strncpy( v[i], p, q-p );
+                q++;
+                p = q;
+                k = n - ( p - s );
+                i++;
+                v[i] = v[i-1] + PL_strlen( v[i-1] ) + 1;
+            } else {
+                PL_strncpy( v[i], p, k );
+                break;
+            }
+        }
+    } else {
+        PL_strncpy( v[0], s, n );
+    }
+    
+    return v;
+}
+
+
+char **parse_reason_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    int  n;
+
+    end = PL_strchr( s, '&' );
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+    PL_strncpy( v[0], s, n );
+
+    return v;
+}
+
+
+char **parse_policy_change( char *s )
+{
+    char *end = NULL;
+    char **v  = NULL;
+    int  n;
+
+    end = PL_strchr( s, '&' );
+
+    if( end != NULL ) {
+        n = end - s;
+    } else {
+        n = PL_strlen( s );
+    }
+
+    if( ( v = allocate_values( 1, n+1 ) ) == NULL ) {
+        return NULL;
+    }
+
+    PL_strncpy( v[0], s, n );
+
+    return v;
+}
+
+
+LDAPMod **getModifications( char *query )
+{
+    LDAPMod **mods = NULL;
+    char **v = NULL;
+    int  n   = 0;
+    int  k   = 0;
+    char *s;
+
+    s  = query;
+
+    while( ( s = PL_strchr( s, '&' ) ) != NULL ) {
+        s++;
+        n++;
+    }
+
+    if( n > 0 && PL_strstr( query, "&tid=" ) != NULL ) {
+        n--;
+    }
+
+    if( n > 0 ) {
+        n++;
+    } else {
+        return NULL;
+    }
+
+
+    mods = allocate_modifications( n );
+
+    if( mods == NULL ) {
+        return NULL;
+    }
+
+    if( ( v = create_modification_date_change() ) == NULL ) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return NULL;
+    }
+
+    mods[0]->mod_op = LDAP_MOD_REPLACE;
+    mods[0]->mod_type = get_modification_date_name();
+    mods[0]->mod_values = v;
+    k = 1;
+
+    if( k < n && ( ( s = PL_strstr( query, "m=" ) ) != NULL ) ) {
+        s += 2;
+        if( ( v = parse_modification_number_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_number_of_modifications_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "s=" ) ) != NULL ) ) {
+        s += 2;
+
+        if( ( v = parse_status_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_token_status_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "uid=" ) ) != NULL ) ) {
+        s += 4;
+        if( ( v = parse_uid_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_token_users_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "tokenPolicy=" ) ) != NULL ) ) {
+        s += 12;
+
+        if( ( v = parse_policy_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_policy_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    if( k < n && ( ( s = PL_strstr( query, "tokenReason=" ) ) != NULL ) ) {
+        s += 12;
+
+        if( ( v = parse_reason_change( s ) ) == NULL ) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return NULL;
+        }
+
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = get_reason_name();
+        mods[k]->mod_values = v;
+        k++;
+    }
+
+    return mods;
+}
+
+int get_tus_config( char *name )
+{
+    PRFileDesc *fd = NULL;
+    char *buf = NULL;
+    char *s   = NULL;
+    char *v   = NULL;
+    PRFileInfo info;
+    PRUint32   size;
+    int  k, n;
+
+    if( PR_GetFileInfo( name, &info ) != PR_SUCCESS ) {
+        return 0;
+    }
+
+    size = info.size;
+    size++;
+    buf = (char *)PR_Malloc( size );
+
+    if( buf == NULL ) {
+        return 0;
+    }
+
+    fd = PR_Open( name, PR_RDONLY, 00400 );
+    if( fd == NULL ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+
+    k = 0;
+    while( ( n = PR_Read( fd, &buf[k], size-k-1 ) ) > 0 ) {
+        k += n;
+        if( ( PRUint32 ) ( k+1 ) >= size ) {
+            break;
+        }
+    }
+
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+
+    if( n < 0 || ( ( PRUint32 ) ( k+1 ) > size ) ) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+
+    buf[k] = '\0';
+
+    if( ( s = PL_strstr( buf, "tokendb.templateDir=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.templateDir=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( templateDir != NULL ) {
+                PL_strfree( templateDir );
+                templateDir = NULL;
+            }
+            templateDir = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.errorTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.errorTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( errorTemplate != NULL ) {
+                PL_strfree( errorTemplate );
+                errorTemplate = NULL;
+            }
+            errorTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.indexTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.indexTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( indexTemplate != NULL ) {
+                PL_strfree( indexTemplate );
+                indexTemplate = NULL;
+            }
+            indexTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.indexAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.indexAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( indexAdminTemplate != NULL ) {
+                PL_strfree( indexAdminTemplate );
+                indexAdminTemplate = NULL;
+            }
+            indexAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.indexOperatorTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.indexOperatorTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( indexOperatorTemplate != NULL ) {
+                PL_strfree( indexOperatorTemplate );
+                indexOperatorTemplate = NULL;
+            }
+            indexOperatorTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.newTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.newTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 )( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( newTemplate != NULL ) {
+                PL_strfree( newTemplate );
+                newTemplate = NULL;
+            }
+            newTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    
+     if( ( s = PL_strstr( buf, "tokendb.searchUserResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchUserResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 )( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            do_free(searchUserResultTemplate);
+            searchUserResultTemplate = s;
+        } else {
+            do_free(buf);
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.newUserTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.newUserTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 )( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            do_free(newUserTemplate);
+            newUserTemplate = s;
+        } else {
+            do_free(buf);
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchTemplate != NULL ) {
+                PL_strfree( searchTemplate );
+                searchTemplate = NULL;
+            }
+            searchTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchCertificateTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchCertificateTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchCertificateTemplate != NULL ) {
+                PL_strfree( searchCertificateTemplate );
+                searchCertificateTemplate = NULL;
+            }
+            searchCertificateTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchAdminTemplate != NULL ) {
+                PL_strfree( searchAdminTemplate );
+                searchAdminTemplate = NULL;
+            }
+            searchAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+  
+     if( ( s = PL_strstr( buf, "tokendb.searchUserTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchUserTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchUserTemplate != NULL ) {
+                PL_strfree( searchUserTemplate );
+                searchUserTemplate = NULL;
+            }
+            searchUserTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchActivityTemplate=" ) ) != NULL) {
+        s += PL_strlen( "tokendb.searchActivityTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchActivityTemplate != NULL ) {
+                PL_strfree( searchActivityTemplate );
+                searchActivityTemplate = NULL;
+            }
+            searchActivityTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchActivityAdminTemplate=" ) ) != NULL) {
+        s += PL_strlen( "tokendb.searchActivityAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchActivityAdminTemplate != NULL ) {
+                PL_strfree( searchActivityAdminTemplate );
+                searchActivityAdminTemplate = NULL;
+            }
+            searchActivityAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchCertificateResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.searchCertificateResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchCertificateResultTemplate != NULL ) {
+                PL_strfree( searchCertificateResultTemplate );
+                searchCertificateResultTemplate = NULL;
+            }
+            searchCertificateResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchActivityResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.searchActivityResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchActivityResultTemplate != NULL ) {
+                PL_strfree( searchActivityResultTemplate );
+                searchActivityResultTemplate = NULL;
+            }
+            searchActivityResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchAdminResultTemplate=" ) ) !=
+        NULL ) {
+        s += PL_strlen( "tokendb.searchAdminResultTemplate=" );
+        v = s;
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchAdminResultTemplate != NULL ) {
+                PL_strfree( searchAdminResultTemplate );
+                searchAdminResultTemplate = NULL;
+            }
+            searchAdminResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchResultTemplate != NULL ) {
+                PL_strfree( searchResultTemplate );
+                searchResultTemplate = NULL;
+            }
+            searchResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.deleteTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.deleteTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( deleteTemplate != NULL ) {
+                PL_strfree( deleteTemplate );
+                deleteTemplate = NULL;
+            }
+            deleteTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.userDeleteTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.userDeleteTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( userDeleteTemplate != NULL ) {
+                PL_strfree( userDeleteTemplate );
+                userDeleteTemplate = NULL;
+            }
+            userDeleteTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.doTokenConfirmTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.doTokenConfirmTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( doTokenConfirmTemplate != NULL ) {
+                PL_strfree( doTokenConfirmTemplate );
+                revokeTemplate = NULL;
+            }
+            doTokenConfirmTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.doTokenTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.doTokenTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( doTokenTemplate != NULL ) {
+                PL_strfree( doTokenTemplate );
+                revokeTemplate = NULL;
+            }
+            doTokenTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.revokeTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.revokeTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( revokeTemplate != NULL ) {
+                PL_strfree( revokeTemplate );
+                revokeTemplate = NULL;
+            }
+            revokeTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.showAdminTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.showAdminTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( showAdminTemplate != NULL ) {
+                PL_strfree( showAdminTemplate );
+                showAdminTemplate = NULL;
+            }
+            showAdminTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.showCertTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.showCertTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if (s != NULL) {
+            if( showCertTemplate != NULL ) {
+                PL_strfree( showCertTemplate );
+                showCertTemplate = NULL;
+            }
+            showCertTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.showTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.showTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( showTemplate != NULL ) {
+                PL_strfree( showTemplate );
+                showTemplate = NULL;
+            }
+            showTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.searchActivityAdminResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.searchActivityAdminResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( searchActivityAdminResultTemplate != NULL ) {
+                PL_strfree( searchActivityAdminResultTemplate );
+                searchActivityAdminResultTemplate = NULL;
+            }
+            searchActivityAdminResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editUserTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.editUserTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editUserTemplate != NULL ) {
+                PL_strfree( editUserTemplate );
+                editUserTemplate = NULL;
+            }
+            editUserTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.editTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editTemplate != NULL ) {
+                PL_strfree( editTemplate );
+                editTemplate = NULL;
+            }
+            editTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.editResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.editResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( editResultTemplate != NULL ) {
+                PL_strfree( editResultTemplate );
+                editResultTemplate = NULL;
+            }
+            editResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.addResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.addResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( addResultTemplate != NULL ) {
+                PL_strfree( addResultTemplate );
+                addResultTemplate = NULL;
+            }
+            addResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.deleteResultTemplate=" ) ) != NULL ) {
+        s += PL_strlen( "tokendb.deleteResultTemplate=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( deleteResultTemplate != NULL ) {
+                PL_strfree( deleteResultTemplate );
+                deleteResultTemplate = NULL;
+            }
+            deleteResultTemplate = s;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( ( s = PL_strstr( buf, "tokendb.tokendb.sendInPieces=" ) ) != NULL ) {
+        s += 13;
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            sendInPieces = atoi( s );
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    /* keep this assignment to profileList for backwards compatibility.
+       It has been superseded by target.Profiles.list.
+       This should be removed in a future release */
+    if( ( s = PL_strstr( buf, "target.tokenType.list=" ) ) != NULL ) {
+        s += PL_strlen( "target.tokenType.list=" );
+        v = s;
+
+        while( *s != '\x0D' && *s != '\x0A' && *s != '\0' &&
+               ( PRUint32 ) ( s - buf ) < size ) {
+            s++;
+        }
+
+        n = s - v;
+
+        s = PL_strndup( v, n );
+        if( s != NULL ) {
+            if( profileList != NULL ) {
+                PL_strfree( profileList );
+                profileList = NULL;
+            }
+            profileList = s;
+        } else {
+            do_free(buf);
+            return 0;
+        }
+    }
+
+    get_cfg_string("tokendb.allowedTransitions=", transitionList);
+    get_cfg_string("tokendb.auditAdminTemplate=", auditAdminTemplate);
+    get_cfg_string("tokendb.selfTestTemplate=", selfTestTemplate);
+    get_cfg_string("tokendb.selfTestResultsTemplate=", selfTestResultsTemplate);
+    get_cfg_string("tokendb.selectConfigTemplate=", selectConfigTemplate);
+    get_cfg_string("tokendb.agentSelectConfigTemplate=", agentSelectConfigTemplate);
+    get_cfg_string("tokendb.editConfigTemplate=", editConfigTemplate);
+    get_cfg_string("tokendb.agentViewConfigTemplate=", agentViewConfigTemplate);
+    get_cfg_string("tokendb.confirmConfigChangesTemplate=", confirmConfigChangesTemplate);
+    get_cfg_string("tokendb.addConfigTemplate=", addConfigTemplate);
+    get_cfg_string("tokendb.confirmDeleteConfigTemplate=", confirmDeleteConfigTemplate);
+    get_cfg_string("target.Profiles.list=", profileList);
+    get_cfg_int("general.search.sizelimit.max=", maxSizeLimit);
+    get_cfg_int("general.search.sizelimit.default=", defaultSizeLimit);
+    get_cfg_int("general.search.timelimit.max=", maxTimeLimit);
+    get_cfg_int("general.search.timelimit.min=", defaultTimeLimit);
+    get_cfg_int("general.pwlength.min=", pwLength);
+
+    if( buf != NULL ) {
+        PR_Free( buf );
+        buf = NULL;
+    }
+
+    tus_db_end();
+
+    return 1;
+}
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Request Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate the Tokendb module
+ */
+static apr_status_t
+mod_tokendb_terminate( void *data )
+{
+    /* This routine is ONLY called when this server's */
+    /* pool has been cleared or destroyed.            */
+
+    /* Log Tokendb module debug information. */
+    RA::Debug( "mod_tokendb::mod_tokendb_terminate",
+               "The Tokendb module has been terminated!" );
+
+    tus_db_end();
+    tus_db_cleanup();
+
+    /* Since all members of mod_tokendb_server_configuration are allocated */
+    /* from a pool, there is no need to unset any of these members.        */
+
+    /* Shutdown all APR library routines.                     */
+    /* NOTE:  This automatically destroys all memory pools.   */
+    /*        Allow the TPS/NSS Modules to perform this task. */
+    /* apr_terminate(); */
+
+    /* Terminate the entire Apache server                     */
+    /* NOTE:  Allow the TPS/NSS Modules to perform this task. */
+
+    return OK;
+}
+
+
+/**
+ * Initialize the Tokendb module
+ */
+static int
+mod_tokendb_initialize( apr_pool_t *p,
+                        apr_pool_t *plog,
+                        apr_pool_t *ptemp,
+                        server_rec *sv )
+{
+    mod_tokendb_server_configuration *sc = NULL;
+    char *cfg_path_file = NULL;
+    char *error = NULL;
+    int status;
+
+    /* Retrieve the Tokendb module. */
+    sc = ( ( mod_tokendb_server_configuration * )
+           ap_get_module_config( sv->module_config,
+                                 &MOD_TOKENDB_CONFIG_KEY ) );
+
+    /* Check to see if the Tokendb module has been loaded. */
+    if( sc->enabled == MOD_TOKENDB_TRUE ) {
+        return OK;
+    }
+
+    /* Load the Tokendb module. */
+
+#ifdef DEBUG_Tokendb
+    debug_fd = PR_Open( "/tmp/tus-debug.log",
+                        PR_RDWR | PR_CREATE_FILE | PR_APPEND,
+                        00400 | 00200 );
+#endif
+
+    /* Retrieve the path to where the configuration files are located, and */
+    /* insure that the Tokendb module configuration file is located here.  */
+    if( sc->Tokendb_Configuration_File != NULL ) {
+        /* provide Tokendb Config File from     */
+        /* <apache_server_root>/conf/httpd.conf */
+        if( sc->Tokendb_Configuration_File[0] == '/' ) {
+            /* Complete path to Tokendb Config File is denoted */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s",
+                                          ( char * )
+                                          sc->Tokendb_Configuration_File );
+        } else {
+            /* Tokendb Config File is located relative */
+            /* to the Apache server root               */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s/%s",
+                                          ( char * ) ap_server_root,
+                                          ( char * )
+                                          sc->Tokendb_Configuration_File );
+        }
+   } else {
+        /* Log information regarding this failure. */
+        ap_log_error( "mod_tokendb_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tokendb module was installed incorrectly since the "
+                      "parameter named '%s' is missing from the Apache "
+                      "Configuration file!",
+                      ( char * ) MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER );
+
+        /* Display information on the screen regarding this failure. */
+        printf( "\nUnable to start Apache:\n"
+                "    The tokendb module is missing the required parameter named"
+                "    \n'%s' in the Apache Configuration file!\n",
+                ( char * ) MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER );
+
+        goto loser;
+   }
+
+    /* Initialize the Token DB. */
+    if( get_tus_config( cfg_path_file ) &&
+        get_tus_db_config( cfg_path_file ) ) {
+        RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Initializing TUS database");
+        if( ( status = tus_db_init( &error ) ) != LDAP_SUCCESS ) {
+            if( error != NULL ) {
+                RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Token DB initialization failed: '%s'",
+                           error );
+                PR_smprintf_free( error );
+                error = NULL;
+            } else {
+                RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Token DB initialization failed" );
+            }
+
+#if 0
+            goto loser;
+#endif
+        } else {
+                RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                           "Token DB initialization succeeded" );
+        }
+    } else {
+        RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+                   "Error reading tokendb config file: '%s'",
+                   cfg_path_file );
+    }
+
+    /* Initialize the "server" member of mod_tokendb_server_configuration. */
+    sc->enabled = MOD_TOKENDB_TRUE;
+
+    /* Register a server termination routine. */
+    apr_pool_cleanup_register( p,
+                               sv,
+                               mod_tokendb_terminate,
+                               apr_pool_cleanup_null );
+
+    /* Log Tokendb module debug information. */
+    RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+               "The Tokendb module has been successfully loaded!" );
+
+    return OK;
+
+loser:
+    /* Log Tokendb module debug information. */
+    RA::Debug( "mod_tokendb::mod_tokendb_initialize",
+               "Failed loading the Tokendb module!" );
+
+    /* Since all members of mod_tokendb_server_configuration are allocated */
+    /* from a pool, there is no need to unset any of these members.        */
+
+    /* Shutdown all APR library routines.                   */
+    /* NOTE:  This automatically destroys all memory pools. */
+    apr_terminate();
+
+    /* Terminate the entire Apache server */
+    tokendb_die();
+
+    return DECLINED;
+}
+
+
+char *stripBase64HeaderAndFooter( char *cert )
+{
+    char *base64_data = NULL;
+    char *data = NULL;
+    char *footer = NULL;
+
+    if( ( cert != NULL ) &&
+        ( strlen( cert ) > strlen( BASE64_HEADER ) ) ) {
+        /* Strip off the base64 header. */
+        data = ( char * ) ( cert + strlen( BASE64_HEADER ) );
+
+        /* Find base64 footer. */
+        footer = ( char * ) strstr( ( const char * ) data,
+                                    ( const char * ) BASE64_FOOTER );
+        if( footer != NULL ) {
+            /* Strip off the base64 footer. */
+            footer[0] = '\0';
+        }
+
+        /* Finally, store data in the base64_data storage area. */
+        base64_data = strdup( data );
+    }
+
+    return base64_data;
+}
+
+/**
+ * util_read
+ * summary: called from read_post. reads posted data
+ */
+static int util_read(request_rec *r, const char **rbuf)
+{
+    int rc = OK;
+
+    if ((rc = ap_setup_client_block(r, REQUEST_CHUNKED_ERROR))) {
+        return rc;
+    }
+
+    if (ap_should_client_block(r)) {
+        char argsbuffer[HUGE_STRING_LEN];
+        int rsize, len_read, rpos=0;
+        long length = r->remaining;
+        *rbuf = (const char*) apr_pcalloc(r->pool, length + 1);
+
+
+        while ((len_read =
+                ap_get_client_block(r, argsbuffer, sizeof(argsbuffer))) > 0) {
+            if ((rpos + len_read) > length) {
+                rsize = length - rpos;
+            }
+            else {
+                rsize = len_read;
+            }
+            memcpy((char*)*rbuf + rpos, argsbuffer, rsize);
+            rpos += rsize;
+        }
+
+    }
+
+    return rc;
+}
+
+/**
+ * read_post
+ * read data in a post request and store it in an apr_table
+ */
+static int read_post(request_rec *r, apr_table_t **tab)
+{
+    const char *data;
+    const char *key, *val;
+    int rc = OK;
+
+    if((rc = util_read(r, &data)) != OK) {
+        return rc;
+    }
+
+    if(*tab) {
+        apr_table_clear(*tab);
+    }
+    else {
+        *tab = apr_table_make(r->pool, 8);
+    }
+
+    while(*data && (val = ap_getword(r->pool, &data, '&'))) {
+        key = ap_getword(r->pool, &val, '=');
+
+        ap_unescape_url((char*)key);
+        ap_unescape_url((char*)val);
+
+        apr_table_merge(*tab, key, val);
+    }
+
+    return OK;
+}
+
+/**
+ * add_authorization_data
+ * writes variable that describe whether the user is an admin, agent or operator to the 
+ * injection data.  Used by templates to determine which tabs to display
+ */
+void add_authorization_data(const char *userid, int is_admin, int is_operator, int is_agent, char *injection)
+{
+    if (is_agent) {
+        PL_strcat(injection, "var agentAuth = \"true\";\n");
+    }
+    if (is_operator) {
+        PL_strcat(injection, "var operatorAuth = \"true\";\n");
+    }
+    if (is_admin) {
+        PL_strcat(injection, "var adminAuth = \"true\";\n");
+    }
+}
+
+/** 
+ * check_injection_size
+ * Used when the injection size can become large - as in the case where lists of tokens, certs or activities are being returned.
+ * If the free space in injection drops below a threshold, more space is allocated.  Fails if injection exceeds a certain size.
+ * This should not happen because the number of entries to return per page is limited.
+ *
+ * returns 0 on success,1 on failure
+ */
+int check_injection_size(char **injection, int *psize, char *fixed_injection)
+{
+   char *new_ptr = NULL;
+   if (((*psize) - PL_strlen(*injection)) <= LOW_INJECTION_SIZE) {
+       if ((*psize) > MAX_OVERLOAD * MAX_INJECTION_SIZE) {
+           tokendbDebug("Error: Injection exceeds maximum size.  Output will be truncated");
+           return 1;
+       }
+       if (*injection == fixed_injection) {
+            *injection = (char *) PR_Malloc(MAX_INJECTION_SIZE + (*psize));
+            if (*injection != NULL) {
+                PL_strcpy(*injection, fixed_injection);
+                (*psize) += MAX_INJECTION_SIZE;
+            } else {
+                tokendbDebug("Error: Unable to allocate memory for injection. Output will be truncated");
+                *injection = fixed_injection;
+                return 1;
+            }
+       } else {
+            new_ptr = (char *) PR_Realloc(*injection, (*psize) + MAX_INJECTION_SIZE);
+            if (new_ptr != NULL) {
+                //allocation successful
+                *injection = new_ptr;
+                (*psize) += MAX_INJECTION_SIZE;
+            } else {
+                tokendbDebug("Error: Failed to reallocate memory for injection.  Output will be truncated");
+                return 1;
+            }
+       }
+   }
+   return 0;
+}
+
+/*
+ * We need to compare current values in the database entry e with new values.
+ * If they are different, then we need to provide the audit message
+ */
+int audit_attribute_change(LDAPMessage *e, const char *fname, char *fvalue, char *msg)
+{ 
+    struct berval **attr_values = NULL;
+    char pString[512]="";
+
+    attr_values = get_attribute_values( e, fname );
+    if (attr_values != NULL) {
+        if (fvalue == NULL) {
+            // value has been deleted
+            PR_snprintf(pString, 512, "%s;;no_value", fname);
+        } else if (valid_berval(attr_values) && 
+                   (strcmp(fvalue, attr_values[0]->bv_val) != 0)) {
+            // value has been changed 
+            PR_snprintf(pString, 512, "%s;;%s", fname, fvalue);
+        }
+        free_values(attr_values, 1);
+        attr_values = NULL;
+    } else if (fvalue != NULL) {
+        // value has been added
+        PR_snprintf(pString, 512, "%s;;%s", fname, fvalue);
+    }
+
+    if (strlen(pString) > 0) {
+        if (strlen(msg) != 0) PL_strncat(msg, "+", 4096 - strlen(msg));
+        PL_strncat(msg, pString, 4096 - strlen(msg));
+    }
+    return 0;
+}
+
+/**
+ * replaces all instances of a substring oldstr with newstr
+ * must be freed by caller
+ **/
+char *replace(const char *s, const char *oldstr, const char *newstr)
+{
+    char *ret = NULL;
+    int i, count = 0;
+    size_t newlen = PL_strlen(newstr);
+    size_t oldlen = PL_strlen(oldstr);
+
+    for (i = 0; s[i] != '\0'; i++) {
+        if (PL_strstr(&s[i], oldstr) == &s[i]) {
+            count++;
+            i += oldlen - 1;
+        }
+    }
+
+    ret = (char *) PR_Malloc(PL_strlen(s)  + count * (newlen - oldlen) + 1);
+
+    i = 0;
+    while (*s) {
+        if (PL_strstr(s, oldstr) == s) {
+            PL_strncpy(&ret[i], newstr, newlen);
+            i += newlen;
+            s += oldlen;
+    } else
+        ret[i++] = *s++;
+    }
+    ret[i] = '\0';
+
+    return ret;
+}
+
+char *escapeString(const char *s)
+{
+    char *ret, *ret1, *ret2, *ret3;
+
+    ret1 = replace(s,    "\"", "&dbquote");
+    ret2 = replace(ret1, "\'", "&singlequote");
+    ret3 = replace(ret2, "<", "&lessthan");
+    ret = replace(ret3, ">", "&greaterthan");
+    do_free(ret1);
+    do_free(ret2);
+    do_free(ret3);
+    return ret;
+}
+
+char *unescapeString(const char *s)
+{
+    char *ret, *ret1, *ret2, *ret3;
+
+    ret1 = replace(s,   "&dbquote", "\"");
+    ret2 = replace(ret1,"&singlequote", "\'");
+    ret3 = replace(ret2, "&lessthan", "<");
+    ret = replace(ret3, "&greaterthan", ">");
+    do_free(ret1);
+    do_free(ret2);
+    do_free(ret3);
+    return ret;
+}
+
+
+/**
+ * determines if the parameter set named pname of type ptype 
+ * has been defined.  
+ **/
+bool config_param_exists(char *ptype, char* pname)
+{
+    char configname[256]="";
+    PR_snprintf( ( char * ) configname, 256, "target.%s.list", ptype );
+    const char* conf_list = RA::GetConfigStore()->GetConfigAsString( configname );
+    return RA::match_comma_list((const char*) pname, (char *) conf_list);
+}
+
+/** 
+ * takes in the type and name of the parameter set.
+ * returns the current state and timestamp of this parameter set.
+ *
+ * If a parameter set is being viewed in the UI for the first time, the state is returned
+ * as "Enabled" and the timestamp is set to the current timestamp.
+ **/
+void get_config_state_timestamp(char *type, char *name, char **pstate, char **ptimestamp)
+{
+    char configname[256] = "";
+    bool commit_needed = false;
+    const char *tmp_state = NULL;
+    const char *tmp_timestamp = NULL;
+    int status;
+    PRLock *config_lock = RA::GetConfigLock();
+
+    PR_Lock(config_lock);
+    PR_snprintf(configname, 256, "config.%s.%s.state", type, name);
+    
+    tmp_state = RA::GetConfigStore()->GetConfigAsString(configname);
+    if ((tmp_state == NULL) && (config_param_exists(type, name))) {
+        RA::GetConfigStore()->Add(configname, "Enabled");
+        commit_needed = true;
+        *pstate = (char *) PL_strdup("Enabled");
+    } else {
+       *pstate = (char *) PL_strdup(tmp_state);
+    }
+ 
+    PR_snprintf(configname, 256, "config.%s.%s.timestamp", type, name);
+    tmp_timestamp = RA::GetConfigStore()->GetConfigAsString(configname);
+    if ((tmp_timestamp == NULL) &&  (config_param_exists(type, name))) {
+        char new_ts[256];
+        PR_snprintf(new_ts, 256, "%lld", PR_Now());
+        RA::GetConfigStore()->Add(configname, new_ts);
+        commit_needed = true;
+        *ptimestamp = (char *) PL_strdup(new_ts);
+    } else {
+        *ptimestamp = (char *) PL_strdup(tmp_timestamp);
+    }
+    
+    PR_Unlock(config_lock);
+    if (commit_needed) {
+        char error_msg[512];
+        status = RA::GetConfigStore()->Commit(false, error_msg, 512);
+        if (status != 0) {        
+            tokendbDebug(error_msg);
+        }
+    }
+}
+
+/**
+ * takes in a parameter set type and name
+ * removes any variables defining the state and timestamp.  
+ * Called when a parameter set is deleted.
+ **/
+void remove_config_state_timestamp(char *type, char *name)
+{
+    char configname[256] = "";
+    PRLock *config_lock = RA::GetConfigLock();
+
+    PR_Lock(config_lock);
+    PR_snprintf(configname, 256, "config.%s.%s.state", type, name);
+    RA::GetConfigStore()->Remove(configname);
+
+    PR_snprintf(configname, 256, "config.%s.%s.timestamp", type, name);
+    RA::GetConfigStore()->Remove(configname);
+    PR_Unlock(config_lock);
+
+}
+
+/**
+ * takes in a parameter set type
+ * returns true if this parameter set type must be approved/ disabled by an agent
+ **/
+bool agent_must_approve(char *conf_type)
+{
+    const char* agent_list = RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list");
+    return RA::match_comma_list((const char*) conf_type, (char *) agent_list);
+}
+
+/**
+ * This is the main function used to set the state and timestamp for parameter sets 
+ * managed by the UI.  The function includes checks to enforce only allowed transitions.
+ * 
+ * Arguments are as follows:
+ *     type: parameter set type
+ *     name: parameter set name
+ *     old_ts: old timestamp of parameter set.  Used to check for concurrency conflicts.
+ *     new_state: state to transition to: one of "Enabled", "Disabled", "Pending_Approval" or "Writing"
+ *     who: role requesting the transition, one of "Agent" or "Admin"
+ *     new_config: true if this is a new parameter set, false otherwise
+ *     userid: userid of user requesting the transition, used for audit log message 
+ * 
+ * function will return 0 on success, non-zero otherwise
+ **/
+int set_config_state_timestamp(char *type, char* name, char *old_ts, const char *new_state, const char *who, bool new_config, char *userid)
+{
+    char ts_name[256] = "";
+    char state_name[256] = "";
+    char writer_name[256] = "";
+    char new_ts[256] ="";
+    char final_state[256] = "";
+    char me[256]="";
+    int ret =0;
+    PRTime now;
+    PRThread *ct = NULL;
+    PRLock *config_lock = RA::GetConfigLock();
+
+    PR_snprintf(ts_name, 256, "config.%s.%s.timestamp", type, name);
+    PR_snprintf(state_name, 256, "config.%s.%s.state", type, name);
+    PR_snprintf(writer_name, 256, "config.%s.%s.writer", type, name); 
+
+    ct = PR_GetCurrentThread();
+    PR_snprintf(me, 256, "%x", ct);
+
+    PR_Lock(config_lock); 
+    if (new_config) {
+        if (agent_must_approve(type)) {
+             RA::GetConfigStore()->Add(state_name, "Disabled");
+        } else {
+             RA::GetConfigStore()->Add(state_name, "Enabled");
+        }
+        now = PR_Now();
+        PR_snprintf(new_ts, 256, "%lld", now);
+        RA::GetConfigStore()->Add(ts_name, new_ts);
+    }
+
+    // used to make sure auditing is correct
+    PR_snprintf(final_state, 256, "%s", new_state);
+
+    const char *cur_state = RA::GetConfigStore()->GetConfigAsString(state_name);
+    const char *cur_writer = RA::GetConfigStore()->GetConfigAsString(writer_name, "");
+    const char *cur_ts = RA::GetConfigStore()->GetConfigAsString(ts_name);
+
+    if ((cur_state == NULL) || (cur_ts == NULL)) {
+        // this item has likely been deleted
+        ret=20;
+        goto release_and_exit;
+    }
+
+    if ((PL_strcmp(cur_ts, old_ts) != 0) && (!new_config)) {
+        // version out of date
+        ret=1;
+        goto release_and_exit;
+    } 
+
+    if (PL_strcmp(cur_state, new_state) == 0) {
+        ret=0; 
+        goto release_and_exit;
+    }
+
+    if (PL_strcmp(who, "Admin")==0) {
+        if (PL_strcmp(new_state, "Disabled")==0) {
+            if ((PL_strcmp(cur_state, "Writing") == 0) && (PL_strcmp(me, cur_writer) == 0)) {
+                // "Writing" to "Disabled", with me as writer, admin finishes writes after "Save"
+                now = PR_Now();
+                PR_snprintf(new_ts, 256, "%lld", now); 
+                RA::GetConfigStore()->Add(ts_name, new_ts);
+                if (agent_must_approve(type)) {
+                    RA::GetConfigStore()->Add(state_name, new_state);
+                } else {
+                    PR_snprintf(final_state, 256, "Enabled");
+                    RA::GetConfigStore()->Add(state_name, "Enabled");
+                }
+                ret=0;
+                goto release_and_exit;
+            } else {
+                ret=2;
+                goto release_and_exit;
+            }
+        } else if (PL_strcmp(new_state, "Enabled")==0) {
+            if ((!agent_must_approve(type)) && (PL_strcmp(cur_state, "Writing") == 0) 
+              && (PL_strcmp(me, cur_writer) == 0)) {
+                now = PR_Now();
+                PR_snprintf(new_ts, 256, "%lld", now);
+                RA::GetConfigStore()->Add(ts_name, new_ts);
+                ret = 0;
+                goto release_and_exit;
+            }
+
+            //  no valid transitions for admin (if agent approval required)
+            ret=3;
+            goto release_and_exit;
+        } else if (PL_strcmp(new_state, "Pending_Approval")==0) {
+            if (PL_strcmp(cur_state, "Disabled") == 0) {
+                // Disabled -> Pending (admin submits for approval with no changes) 
+                RA::GetConfigStore()->Add(state_name, new_state);
+                ret=0;
+                goto release_and_exit;
+            } else if ((PL_strcmp(cur_state, "Writing") == 0) && (PL_strcmp(me, cur_writer) == 0)) {
+                // Writing -> Pending. (admin finishes writes after "Submit for Approval")
+                now = PR_Now();
+                PR_snprintf(new_ts, 256, "%lld", now);    
+                RA::GetConfigStore()->Add(ts_name, new_ts);
+                RA::GetConfigStore()->Add(state_name, new_state);
+                ret=0;
+                goto release_and_exit;
+            } else {
+                ret=4;
+                goto release_and_exit;
+            }
+        } else if (PL_strcmp(new_state, "Writing")==0) {
+            if (PL_strcmp(cur_state, "Disabled") == 0) {
+                // Disabled -> Writing (admin start to write changes - need to save writer)
+                RA::GetConfigStore()->Add(writer_name, me);
+                RA::GetConfigStore()->Add(state_name, new_state);
+                ret=0;
+                goto release_and_exit;
+            } if ((!agent_must_approve(type)) && (PL_strcmp(cur_state, "Enabled") == 0)) {
+                // Enabled -> Writing (admin start to write changes for case where agent need not approve - need to save writer)
+                RA::GetConfigStore()->Add(writer_name, me);
+                RA::GetConfigStore()->Add(state_name, new_state);
+                ret=0;
+                goto release_and_exit;
+            } else {
+                ret=5;
+                goto release_and_exit;
+            }
+        }
+    }
+
+    if (PL_strcmp(who, "Agent")==0) {
+        if (PL_strcmp(new_state, "Disabled")==0) {
+            if ((PL_strcmp(cur_state, "Enabled") == 0) || (PL_strcmp(cur_state, "Pending_Approval") == 0)) {
+                // "Enabled or Pending" to "Disabled", agent disables or rejects
+                RA::GetConfigStore()->Add(state_name, new_state);
+                ret=0;
+                goto release_and_exit;
+            } else {
+                ret=6;
+                goto release_and_exit;
+            }
+        } else if (PL_strcmp(new_state, "Enabled")==0) {
+            if ((PL_strcmp(cur_state, "Disabled") == 0) || (PL_strcmp(cur_state, "Pending_Approval") == 0)) {
+                // "Disabled or Pending" to "Enabled", agent approves
+                RA::GetConfigStore()->Add(state_name, new_state);
+                ret=0;
+                goto release_and_exit;
+            } else {
+                ret=7;
+                goto release_and_exit;
+            }
+        } else if (PL_strcmp(new_state, "Pending_Approval")==0) {
+            //  no valid transitions for agent
+            ret=8;
+            goto release_and_exit;
+        } else if (PL_strcmp(new_state, "Writing")==0) {
+            //  no valid transitions for agent
+            ret=9;
+            goto release_and_exit;
+        }
+    }
+
+release_and_exit:
+    PR_Unlock(config_lock);
+
+    //audit changes
+    char pString[256]="";
+    char msg[256] = "";
+
+    if (PL_strcmp(new_ts, "") != 0) {
+        PR_snprintf(pString, 256, "%s;;%s+%s;;%s", state_name, final_state, ts_name, new_ts);
+        PR_snprintf(msg, 256, "config item state and timestamp changed");
+    } else {
+        PR_snprintf(pString, 256, "%s;;%s", state_name, final_state);
+        PR_snprintf(msg, 256, "config item state changed");
+    }
+    if (ret == 0) { 
+        RA::Audit(EV_CONFIG_AUDIT, AUDIT_MSG_CONFIG, userid, who, "Success", type, pString, msg);
+    } else {
+        PR_snprintf(msg, 256, "config item state or timestamp change failed, return value is %d", ret);
+        RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, who, "Failure", type, pString, msg);
+    }
+    return ret;
+}
+
+/** 
+ * takes in the type and name of the parameter set
+ * looks up the regular expression pattern for this parameter set in CS.cfg and substitutes
+ * $name with the name of the parameter set.
+ * returns this "fixed" pattern as a string (that must be freed by caller)
+ **/
+char *get_fixed_pattern(char *ptype, char *pname)
+{
+    char configname[256]="";
+    char tmpc[256]="";
+    char *p = NULL;
+    char *fixed_pattern = NULL;
+
+     PR_snprintf( ( char * ) configname, 256, "target.%s.pattern", ptype );
+    const char* pattern = RA::GetConfigStore()->GetConfigAsString( configname );
+
+    if (pattern == NULL) {
+        tokendbDebug("get_pattern_substore: pattern is NULL");
+        return NULL;
+    }
+
+    if ((p = PL_strstr(pattern, "$name"))) {
+        PL_strncpy(tmpc, pattern, p-pattern);
+        tmpc[p-pattern] = '\0';
+        sprintf(tmpc+(p-pattern), "%s%s", pname, p+PL_strlen("$name"));
+        fixed_pattern = (char *) PL_strdup(tmpc);
+        p = NULL;
+    } else {
+        fixed_pattern=PL_strdup(pattern);
+    }
+
+    tokendbDebug(fixed_pattern);
+
+    return fixed_pattern;
+} 
+
+/**
+ * get ConfigStore with entries that match the relevant pattern
+ * must be freed by caller 
+ **/
+ConfigStore *get_pattern_substore(char *ptype, char *pname)
+{ 
+    char *fixed_pattern = NULL;
+    ConfigStore *store = NULL;
+
+    fixed_pattern=get_fixed_pattern(ptype, pname);
+    if (fixed_pattern == NULL) {
+        return NULL;
+    }
+    store = RA::GetConfigStore()->GetPatternSubStore(fixed_pattern);
+
+    do_strfree(fixed_pattern); 
+    return store;
+}
+
+/***
+ * parse the parameter string of form foo=bar&&foo2=baz&& ...
+ * and perform (and audit) the changes
+ **/
+void parse_and_apply_changes(char* userid, char* ptype, char* pname, const char *operation, char *params) {
+    char *pair;
+    char *line = NULL;
+    int i;
+    int len;
+    char *lasts = NULL;
+    int op=0;
+    char audit_str[4096] = "";
+    char *fixed_pattern = NULL;
+    regex_t *regex=NULL;
+    int err_no;
+
+    if (PL_strstr(operation, "ADD")) {
+        op=1;
+    } else if (PL_strstr(operation, "DELETE")) {
+        op=2;
+    } else if (PL_strstr(operation, "MODIFY")) {
+        op=3;
+    }
+
+    tokendbDebug(operation);
+
+    // get the correct pattern and regex
+    fixed_pattern = get_fixed_pattern(ptype, pname);
+    if (fixed_pattern == NULL) {
+       tokendbDebug("parse_and_apply_changes: pattern is NULL. Aborting changes ..");
+       return;
+    }
+
+    regex = (regex_t *) malloc(sizeof(regex_t));
+    memset(regex, 0, sizeof(regex_t));
+
+    if((err_no=regcomp(regex, fixed_pattern, 0))!=0) /* Comple the regex */
+    {
+      // Error in computing the regex
+      size_t length;
+      char *buffer;
+      length = regerror (err_no, regex, NULL, 0);
+      buffer = (char *) PR_Malloc(length);
+      regerror (err_no, regex, buffer, length);
+      tokendbDebug("parse_and_apply_changes: error computing the regex, aborting changes");
+      tokendbDebug(buffer);
+      PR_Free(buffer);
+      regfree(regex);
+      return;
+    }
+    size_t no_sub = regex->re_nsub+1;
+    regmatch_t *result = NULL;
+    
+    line = PL_strdup(params);
+    pair = PL_strtok_r(line, "&&", &lasts);
+    while (pair != NULL) {
+        len = strlen(pair);
+        i = 0;
+        while (1) {
+            if (i >= len) {
+                goto skip1;
+            }
+            if (pair[i] == '\0') {
+                goto skip1;
+            }
+            if (pair[i] == '=') {
+                pair[i] = '\0';
+                break;
+            }
+            i++;
+        }
+
+        result = NULL;
+        result = (regmatch_t *) PR_Malloc(sizeof(regmatch_t) * no_sub);
+        if (regexec(regex, (char *) &pair[0], no_sub, result, 0)!=0) {
+            tokendbDebug("parse_and_apply_changes: parameter does not match pattern. Dropping edit ..");
+            tokendbDebug(&pair[0]);
+            if (result != NULL) { 
+                PR_Free(result);
+                result=NULL;
+            }
+            goto skip1;
+        }
+        if (result != NULL) {
+            PR_Free(result);
+            result=NULL;
+        }
+
+        if (op == 1) { //ADD 
+            RA::GetConfigStore()->Add(&pair[0], &pair[i+1]);
+            PR_snprintf(audit_str, 4096, "%s;;%s", &pair[0], &pair[i+1]);
+            RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", audit_str, "config parameter added");
+        } else if (op == 2) { //DELETE
+            RA::GetConfigStore()->Remove(&pair[0]);
+            PR_snprintf(audit_str, 4096, "%s;;%s", &pair[0], &pair[i+1]);
+            RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", audit_str, "config parameter deleted");
+        } else if (op == 3) { //MODIFY
+            RA::GetConfigStore()->Add(&pair[0], &pair[i+1]);
+            PR_snprintf(audit_str, 4096, "%s;;%s", &pair[0], &pair[i+1]);
+            RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", audit_str, "config parameter modified");
+        }
+    skip1:
+        pair = PL_strtok_r(NULL, "&&", &lasts);
+    }
+    do_strfree(line);
+    do_strfree(fixed_pattern);
+}
+
+static int get_time_limit(char *query)
+{
+  char *val = NULL;
+  int ret;
+
+  val  = get_field(query, "timeLimit=", SHORT_LEN);
+  if (val == NULL) {
+      return maxTimeLimit;
+  } 
+
+  ret = atoi(val);
+  if ((ret == 0) || (ret > maxTimeLimit)) {
+      return maxTimeLimit;
+  } 
+  return ret;
+}
+
+static int get_size_limit(char *query)
+{
+  char *val = NULL;
+  int ret;
+
+  val  = get_field(query, "sizeLimit=", SHORT_LEN);
+  if (val == NULL) {
+      return maxSizeLimit;
+  }
+
+  ret = atoi(val);
+  if ((ret == 0) || (ret > maxSizeLimit)) {
+      return maxSizeLimit;
+  }
+  return ret;
+}
+
+/**
+ * generate a simple password of at least specified length
+ * containing upper case, lower case and special characters
+ */
+#define PW_MAX_LEN 1024
+
+static char *generatePassword(int length) 
+{
+  char choices[80] = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*_-+=':;.,";
+  bool pw_ok = false;
+  int i=0;
+  int upper=0, lower=0, number=0, special=0;
+  char pw[PW_MAX_LEN] = "";
+
+  srand(time(0));
+
+  while (!pw_ok) {
+      int x; 
+      x = 0 + int(79.0 * rand()/(RAND_MAX+1.0));
+      pw[i] = choices[x];
+      if (isupper(choices[x])) upper ++;
+      if (islower(choices[x])) lower ++;
+      if (isdigit(choices[x])) number ++;
+      if (! isalpha(choices[x])) special ++;
+
+      if ((i >= length) && (upper >=2) && (lower >=2) && (special >=2) && (number >=2)) 
+          pw_ok = true;
+      i++;
+      if (i == PW_MAX_LEN) {
+          i=0;
+          upper = 0; 
+          lower = 0;
+          special =0;
+          number =0;
+          PR_snprintf(pw, PW_MAX_LEN, ""); 
+      }
+  }
+
+  return PL_strdup(pw);
+} 
+  
+
+/**
+ * mod_tokendb_handler handles the protocol between the tokendb and the RA
+ */
+static int
+mod_tokendb_handler( request_rec *rq )
+{
+    int sendPieces = 0;
+    int rc = 0;
+    LDAPMessage *result = NULL;
+    LDAPMessage *e      = NULL;
+    LDAPMod     **mods  = NULL;
+    char *injection     = NULL;
+    char *mNum          = NULL;
+    char *buf           = NULL;
+    char *uri           = NULL;
+    char *query         = NULL;
+    char *cert          = NULL;
+    char *base64_cert   = NULL;
+    char *userid        = NULL;
+    char *error         = NULL;
+    char *tid           = NULL;
+    char *question      = NULL;
+    const char *tokentype = NULL;
+
+
+    /* user fields */
+    char *uid           = NULL;
+    char *firstName     = NULL;
+    char *lastName      = NULL;
+    char *opOperator    = NULL;
+    char *opAdmin       = NULL;
+    char *opAgent       = NULL;
+    char *userCert      = NULL;
+
+    /* keep track of which menu we are in - operator or agent */
+    char *topLevel      = NULL; 
+
+    char **attrs        = NULL;
+    char **vals         = NULL;
+    struct berval **bvals = NULL;
+    int maxReturns;
+    int q;
+    int i, n, len, nEntries, entryNum;
+    int status = LDAP_SUCCESS;
+    int size, tagOffset, statusNum;
+    char fixed_injection[MAX_INJECTION_SIZE];
+    char pString[512] = "";
+    char oString[512] = "";
+    char pLongString[4096] = "";
+    char configname[512] ="";
+    char filter[512] = "";
+    char msg[512] = "";
+    char template1[512] = "";
+    char question_no[100] ="";
+    char cuid[256] = "";
+    char cuidUserId[100]="";
+    char tokenStatus[100]="";
+    char tokenReason[100]="";
+    int token_ui_state= 0;
+    bool show_token_ui_state = false;
+    char serial[100]="";
+    char userCN[256]="";
+    char tokenType[512]="";
+    apr_table_t *post = NULL; /* used for POST data */
+  
+    char *statusString = NULL;
+    char *s1, *s2;
+    char *end;
+    struct berval **attr_values = NULL;
+    char *auth_filter = NULL;
+
+    /* authorization */
+    int is_admin = 0;
+    int is_agent = 0;
+    int is_operator = 0;
+
+    int end_val =0;
+    int start_val = 0;
+
+    /* current operation for audit */
+    char *op = NULL;
+
+    RA::Debug( "mod_tokendb_handler::mod_tokendb_handler",
+               "mod_tokendb_handler::mod_tokendb_handler" );
+
+    RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               "uri '%s'", rq->uri);
+                                                                                
+    /* XXX: We need to change "tus" to "tokendb" */
+    if (strcmp(rq->handler, "tus") != 0) {
+      RA::Debug( "mod_tokendb::mod_tokendb_handler", "DECLINED uri '%s'", rq->uri);
+         return DECLINED;
+    }
+
+    RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               "uri '%s' DONE", rq->uri);
+
+    tokendbDebug( "tokendb request arrived...serving tokendb\n" );
+
+    injection = fixed_injection;
+
+    ap_set_content_type( rq, "text/html" );
+
+    if( !is_tus_db_initialized() ) {
+      tokendbDebug( "token DB was not initialized \n" );
+
+        if( ( status = tus_db_init( &error ) ) != LDAP_SUCCESS ) {
+            if( error != NULL ) {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"", error,
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                PR_smprintf_free( error );
+                error = NULL;
+            } else {
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"", "NULL",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+            }
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+
+            return DONE;
+        }
+    } else {
+        tokendbDebug( "token DB was initialized\n" );
+    }
+
+    tokendbDebug( "authentication\n" );
+
+    cert = nss_var_lookup( rq->pool,
+                           rq->server,
+                           rq->connection,
+                           rq,
+                           ( char * ) "SSL_CLIENT_CERT" );
+    if( cert == NULL ) {
+          error_out("Authentication Failure", "Failed to authenticate request");
+          RA::Audit(EV_AUTH_FAIL, AUDIT_MSG_AUTH, "null", "null", "Failure", "authentication failure, no cert");
+          do_free(buf);
+          return DONE;
+    }
+    
+    tokendbDebug( cert );
+    tokendbDebug( "\n" );
+
+    base64_cert = stripBase64HeaderAndFooter( cert );
+
+    tokendbDebug( base64_cert );
+    tokendbDebug( "\n" );
+
+    userid = tus_authenticate( base64_cert );
+
+    if( userid == NULL ) {
+          error_out("Authentication Failure", "Failed to authenticate request");
+
+          SECStatus rv;
+          SECItem certDER;
+          CERTCertificate *c = NULL;
+
+          rv = ATOB_ConvertAsciiToItem(&certDER, base64_cert);
+          if (rv) {
+              RA::Debug("mod_tokendb_handler::mod_tokendb_handler", "Error converting certificate data to binary");
+          } else {
+              c = CERT_DecodeCertFromPackage((char *)certDER.data, certDER.len);
+          }
+
+          RA::Audit(EV_AUTH_FAIL, AUDIT_MSG_AUTH, 
+            (c!= NULL) && (c->subjectName != NULL) ? c->subjectName : "null", 
+            "null", "Failure", "authentication failure");
+          do_free(buf);
+
+          if (c != NULL) {
+              CERT_DestroyCertificate(c);
+          }
+
+          return DONE;
+    }
+    do_free(base64_cert);
+
+    // useful to indicate cn of user cert
+    RA::Audit(EV_AUTH_SUCCESS, AUDIT_MSG_AUTH, userid, userid, "Success", "authentication success");
+
+    /* authorization */
+    is_admin = tus_authorize(TOKENDB_ADMINISTRATORS_IDENTIFIER, userid);
+    if (is_admin) { 
+        RA::Audit(EV_ROLE_ASSUME, AUDIT_MSG_ROLE, userid, "Tokendb Admin", "Success", "assume privileged role");
+    }
+
+    is_agent = tus_authorize(TOKENDB_AGENTS_IDENTIFIER, userid);
+    if (is_agent) { 
+        RA::Audit(EV_ROLE_ASSUME, AUDIT_MSG_ROLE, userid, "Tokendb Agent", "Success", "assume privileged role");
+    }
+ 
+    is_operator = tus_authorize(TOKENDB_OPERATORS_IDENTIFIER, userid);
+    if (is_operator) { 
+        RA::Audit(EV_ROLE_ASSUME, AUDIT_MSG_ROLE, userid, "Tokendb Operator", "Success", "assume privileged role");
+    } 
+
+    if( rq->uri != NULL ) {
+        uri = PL_strdup( rq->uri );
+    }
+ 
+    if (rq->method_number == M_POST) {
+        status = read_post(rq, &post);
+        if(post && !apr_is_empty_table(post)) {
+            query = PL_strdup( apr_table_get(post, "query"));
+        }
+    } else {
+    /* GET request */
+        if( rq->args != NULL ) {
+            query = PL_strdup( rq->args );
+        }
+    }
+
+    RA::Debug( "mod_tokendb_handler::mod_tokendb_handler",
+               "uri='%s' params='%s'",
+               uri, ( query==NULL?"":query ) );
+
+    if( query == NULL ) {
+        char *itemplate = NULL;
+        tokendbDebug( "authorization for index case\n" );
+        if (is_agent) {
+            itemplate = indexTemplate;
+        } else if (is_operator) {
+            itemplate = indexOperatorTemplate;
+        } else if (is_admin) {
+            itemplate = indexAdminTemplate;
+        } else {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "index", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "index", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid, "\";\n",
+                     "var agent_target_list = \"", 
+                     RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
+                     "var target_list = \"", 
+                      RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n" );
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( itemplate, injection );
+        itemplate = NULL;
+    } else if( ( PL_strstr( query, "op=index_operator" ) ) ) {
+        tokendbDebug( "authorization for op=index_operator\n" );
+        if (!is_operator) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "index_operator", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "index_operator", "Success", "Tokendb user authorization");
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid,
+                     "\";\n" );
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( indexOperatorTemplate, injection );
+    } else if( ( PL_strstr( query, "op=index_admin" ) ) ) {
+        tokendbDebug( "authorization\n" );
+        if (!is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "index_admin", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "index_admin", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid, "\";\n", 
+                     "var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n" );
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( indexAdminTemplate, injection );
+    } else if( ( PL_strstr( query, "op=do_token" ) ) ) {
+        tokendbDebug( "authorization for do_token\n" );
+
+        if( !is_agent ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "do_token", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "do_token", "Success", "Tokendb user authorization");
+
+        /* XXX - chrisho */
+        /* op=do_token */
+        /* question=1|2|... */
+        /* tid=cuid */
+
+        tokendbDebug( "print query\n" );
+        tokendbDebug( query );
+        tokendbDebug( "\n" );
+
+        tid = PL_strstr( query, "tid=" );
+        if( tid != NULL ) {
+            end = PL_strchr( tid, '&' );
+            if( end != NULL ) { 
+                i = end - tid - 4;
+                if( i > 0 ) {
+                    memcpy( cuid, tid+4, i );
+                }                
+                cuid[i] = '\0';
+            } else {
+                PL_strcpy( cuid, tid+4 );
+            }
+        }
+
+        tokendbDebug( "cuid:" );
+        tokendbDebug( cuid );
+        tokendbDebug( "\n" );
+        question = PL_strstr( query, "question=" );
+        q = question[9] - '0';
+
+        PR_snprintf( question_no, 256, "%d", q );
+
+        tokendbDebug( "question_no:" );
+        tokendbDebug( question_no );
+
+        rc = find_tus_db_entry( cuid, 1, &result );
+        if( rc == 0 ) {
+            e = get_first_entry( result );    
+            if( e != NULL ) {
+                attr_values = get_attribute_values( e, "tokenUserID" );
+                tokendbDebug( "cuidUserId:" );
+                if (valid_berval(attr_values)) {
+                    PL_strcpy( cuidUserId, attr_values[0]->bv_val );
+                    tokendbDebug( cuidUserId );
+                    free_values(attr_values, 1);
+                    attr_values = NULL;
+                } else
+                    tokendbDebug("null");
+                 
+                attr_values = get_attribute_values( e, "tokenType" );
+                tokendbDebug( "tokenType:" );
+                if (valid_berval(attr_values)) {
+                    PL_strcpy( tokenType, attr_values[0]->bv_val );
+                    tokendbDebug( tokenType );
+                    free_values(attr_values, 1);
+                    attr_values = NULL;
+                } else
+                    tokendbDebug("null");
+ 
+                attr_values = get_attribute_values( e, "tokenStatus" );
+                tokendbDebug( "tokenStatus:" );
+                if (valid_berval(attr_values)) {
+                    PL_strcpy( tokenStatus, attr_values[0]->bv_val );
+                    tokendbDebug( tokenStatus );
+                    free_values(attr_values, 1);
+                    attr_values = NULL;
+                } else
+                    tokendbDebug("null");
+
+                attr_values = get_attribute_values( e, "tokenReason" );
+                tokendbDebug( "tokenReason:" );
+                if (valid_berval(attr_values)) {
+                    PL_strcpy( tokenReason, attr_values[0]->bv_val );
+                    tokendbDebug( tokenReason );
+                    free_values(attr_values, 1);
+                    attr_values = NULL;
+                } else
+                    tokendbDebug("null");
+            }
+        }
+
+        if( result != NULL ) {
+            ldap_msgfree( result );
+        }
+
+        token_ui_state = get_token_ui_state(tokenStatus, tokenReason);
+
+        /* Is this token physically damaged */
+        if(( q == 1 ) && (transition_allowed(token_ui_state, 1))) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked token physically damaged", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId, tokenType);
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) {
+                    char *attr_status = get_cert_status( e );
+
+                    if( strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "destroyed.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "destroyed.revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname,
+                                                            "0" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType ); 
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        statusNum = certEnroll->RevokeCertificate(revokeReason,
+                                    serial, connid, statusString );
+
+                        if (statusNum != 0) { // revocation errors
+                            if( strcmp( revokeReason, "6" ) == 0 ) {
+                                PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, 
+                                  "Failure", "revoked_on_hold", serial, connid, statusString); 
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, 
+                                  "Failure", "revoke", serial, connid, statusString); 
+                            }
+                        } else {
+                            // update certificate status
+                            if( strcmp( revokeReason, "6" ) == 0 ) {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "revoked_on_hold" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, 
+                                  "Success", "revoked_on_hold", serial, connid, ""); 
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "revoked" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid, 
+                                  "Success", "revoke", serial, connid, ""); 
+                            }
+                        }
+
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                        do_free(statusString);
+                    }
+
+                    if( attr_status != NULL ) {
+                        PL_strfree( attr_status );
+                        attr_status = NULL;
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                }
+
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+
+            }
+
+            /* change the tokenStatus to lost (reason: destroyed). */
+            rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "destroyed" );
+            if( rc == -1 ) {
+                tokendbDebug( "token is physically damaged. rc = -1\n" );
+
+                PR_snprintf(oString, 512, "token_id;;%s", cuid);
+                PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed");
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked physically damaged, rc=-1");
+
+                PR_snprintf((char *)msg, 256, "Failed to update token status as physically damaged");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            } else if( rc > 0 ) {
+                tokendbDebug( "token is physically damaged. rc > 0\n" );
+
+                PR_snprintf(oString, 512, "token_id;;%s", cuid);
+                PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed");
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked physically damaged, rc>0");
+
+                PR_snprintf((char *)msg, 256, "Failed to update token status as physically damaged");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s", 
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+
+            PR_snprintf(oString, 512, "token_id;;%s", cuid);
+            PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;destroyed");
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked physically damaged");
+
+            PR_snprintf((char *)msg, 256, "Token marked as physically damaged");
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+                     msg, cuidUserId, tokenType);
+
+        /* Is this token permanently lost? */
+        } else if(((q == 2) && (transition_allowed(token_ui_state, 2))) || 
+                  ((q == 6) && (transition_allowed(token_ui_state, 6)))) {
+            if (q == 2) {
+              PR_snprintf((char *)msg, 256,
+                "'%s' marked token permanently lost", userid);             
+            } else {
+              PR_snprintf((char *)msg, 256,
+                "'%s' marked token terminated", userid);             
+            }
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId, tokenType);
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+
+                    if( strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname,
+                                                              "1" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType ); 
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        statusNum = certEnroll->
+                                    RevokeCertificate( revokeReason,
+                                                       serial,
+                                                       connid,
+                                                       statusString );
+                        if (statusNum != 0) { // revocation errors
+                            if( strcmp( revokeReason, "6" ) == 0 ) {
+                                PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Failure", "revoked_on_hold", serial, connid, statusString);
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Failure", "revoke", serial, connid, statusString);
+                            }
+                        } else {
+                            // update certificate status
+                            if( strcmp( revokeReason, "6" ) == 0 ) {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "revoked_on_hold" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Success", "revoked_on_hold", serial, connid, "");                 
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "revoked" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Success", "revoke", serial, connid, "");        
+                            }
+                        }
+
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                        do_free(statusString);
+                    }
+
+                    if( attr_status != NULL ) {
+                        PL_strfree( attr_status );
+                        attr_status = NULL;
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                }
+
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+            }
+
+            /* revoke all the certs on the token. make http connection to CA */
+         
+            /* change the tokenStatus to lost (reason: keyCompromise) */
+            tokendbDebug( "Revoke all the certs on this token "
+                          "(reason: keyCompromise)\n" );
+
+            PR_snprintf(oString, 512, "token_id;;%s", cuid);
+
+            if (q == 6) { /* terminated */
+              PR_snprintf(pString, 512, "tokenStatus;;terminated+tokenReason;;keyCompromise");
+              rc = update_token_status_reason( cuidUserId, cuid,
+                                             "terminated", "keyCompromise" );
+            } else {
+              PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;keyCompromise");
+              rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "keyCompromise" );
+            }
+            if( rc == -1 ) {
+                if (q == 6) { /* terminated*/
+                    RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked terminated, rc=-1");
+                    PR_snprintf((char *)msg, 256, "Failure in updating token status to terminated");
+                } else {
+                    RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked permanently lost, rc=-1");
+                    PR_snprintf((char *)msg, 256, "Failure in updating token status to permanently lost");
+                }
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            } else if( rc > 0 ) {
+                if (q == 6) { /* terminated*/
+                    RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked terminated, rc=>0");
+                    PR_snprintf((char *)msg, 256, "Failure in updating token status to terminated");
+                } else {
+                    RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked permanently lost, rc>0");
+                    PR_snprintf((char *)msg, 256, "Failure in updating token status to permanently lost");
+                }
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s",
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+            if (q == 6) { /* terminated*/
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked terminated");
+                PR_snprintf((char *)msg, 256, "Token marked terminated");
+            } else {
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked permanently lost");
+                PR_snprintf((char *)msg, 256, "Token marked permanently lost");
+            }
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+                 msg, cuidUserId, tokenType);
+
+        /* Is this token temporarily lost? */
+        } else if(( q == 3 ) && (transition_allowed(token_ui_state, 3))) {
+            bool revocation_errors = false;
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked token temporarily lost", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId, tokenType);
+
+            /* all certs on the token are revoked (onHold) */
+            tokendbDebug( "Revoke all the certs on this token "
+                          "(reason: onHold)\n" );
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+                    if( strcmp( attr_status, "revoked" ) == 0 || 
+                        strcmp( attr_status, "revoked_on_hold" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL; 
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "onHold.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery.onHold."
+                                 "revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname,
+                                                              "0" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType );
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        statusNum = certEnroll->
+                                    RevokeCertificate( revokeReason,
+                                                       serial,
+                                                       connid,
+                                                       statusString );
+
+                        if (statusNum != 0) { // revocation errors
+                            if( strcmp( revokeReason, "6" ) == 0 ) {
+                                PR_snprintf((char *)msg, 256, "Errors in marking certificate on_hold '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Failure", "revoked_on_hold", serial, connid, statusString);
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Errors in revoking certificate '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Failure", "revoke", serial, connid, statusString);
+                            }
+                            revocation_errors = true;
+                        } else {
+                            // update certificate status
+                            if( strcmp( revokeReason, "6" ) == 0 ) {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked_on_hold", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "revoked_on_hold" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Success", "revoked_on_hold", serial, connid, "");
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "revoked" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Success", "revoke", serial, connid, "");
+                            }
+                        }
+
+                        do_free(statusString);
+                    }
+
+                    if( attr_status != NULL ) {
+                        PL_strfree( attr_status );
+                        attr_status = NULL;
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                }
+
+                if (result != NULL) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+
+            }
+
+            PR_snprintf(oString, 512, "token_id;;%s", cuid);
+            PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;onHold");
+            if (revocation_errors) {
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost failed, failed to revoke certificates");
+                
+                PR_snprintf((char *)msg, 256, "Failed to revoke certificates");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                error_out("Errors in revoking certificates.", "Errors in revoking certificates.");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+                return DONE;
+            }
+
+            rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "onHold" );
+            if( rc == -1 ) {
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost, rc=-1");
+
+                PR_snprintf((char *)msg, 256, "Failed to update token status as temporarily lost");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s", JS_START,
+                             "var error = \"Failed to create LDAPMod: ",
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "Failed to create LDAPMod" );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            } else if( rc > 0 ) {
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "token marked temporarily lost, rc>0");
+
+                PR_snprintf((char *)msg, 256, "Failed to update token status as temporarily lost");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                PR_snprintf( injection, MAX_INJECTION_SIZE,
+                             "%s%s%s%s%s", JS_START,
+                             "var error = \"LDAP mod error: ",
+                             ldap_err2string( rc ),
+                             "\";\n", JS_STOP );
+
+                buf = getData( errorTemplate, injection );
+
+                ap_log_error( ( const char * ) "tus", __LINE__,
+                              APLOG_ERR, 0, rq->server,
+                              ( const char * ) "LDAP error: %s",
+                              ldap_err2string( rc ) );
+
+                ( void ) ap_rwrite( ( const void * ) buf,
+                                    PL_strlen( buf ), rq );
+
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "token marked temporarily lost");
+            PR_snprintf((char *)msg, 256, "Token marked temporarily lost");
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+                 msg, cuidUserId, tokenType);
+
+        /* Is this temporarily lost token found? */
+        } else if(( q == 4 ) && ( transition_allowed(token_ui_state, 4) )) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked lost token found", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId, tokenType);
+
+            tokendbDebug( "The temporarily lost token is found.\n" );
+            
+            // to find out the tokenType on this lost token
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            /* all certs on the token are unrevoked (offHold) */
+            /* get the certificates on this lost token        */
+            tokendbDebug( "Offhold all the certificates on "
+                          "the temp lost token." );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry( result );
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+                    if( strcmp( attr_status, "active" ) == 0 || 
+                        strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "onHold.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType );
+
+                         char *connid = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname ) );
+                         
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                         int statusNum = certEnroll->
+                                          UnrevokeCertificate( serial,
+                                                               connid,
+                                                               statusString );
+
+                        if (statusNum == 0) {
+                            PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as active", attr_cn);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                            update_cert_status( attr_cn, "active" );
+
+                            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                              "Success", "unrevoke", serial, connid, "");
+                        } else {
+                            PR_snprintf((char *)msg, 256, "Errors in unrevoking Certificate '%s': %s", attr_cn, statusString);
+                            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                              "Failure", "unrevoke", serial, connid, statusString);
+                        }
+                        
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+
+                        do_free(statusString);
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                } // end of for loop
+             
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+            }
+
+            update_token_status_reason( cuidUserId, cuid, "active", NULL );
+            PR_snprintf(oString, 512, "token_id;;%s", cuid);
+            PR_snprintf(pString, 512, "tokenStatus;;active+tokenReason;;null");
+
+            if( rc == -1 ) {
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "lost token marked found, rc=-1");
+                PR_snprintf((char *)msg, 256, "Failed to update lost token status as found");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                error_out("Failed to create LDAPMod: ", "Failed to create LDAPMod");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            } else if( rc > 0 ) {
+                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pString, "lost token marked found, rc>0");
+                PR_snprintf((char *)msg, 256, "Failed to update lost token status as found");
+                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure",
+                     msg, cuidUserId, tokenType);
+
+                ldap_error_out("LDAP mod error: ", "LDAP error: %s");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "lost token marked found");
+            PR_snprintf((char *)msg, 256, "Lost token marked found");
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+                 msg, cuidUserId, tokenType);
+
+        /* Does this temporarily lost token become permanently lost? */
+        } else if ( (q == 5) && (transition_allowed(token_ui_state, 5)) ) {
+
+            PR_snprintf((char *)msg, 256,
+              "'%s' marked lost token permanently lost", userid);
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated",
+                     msg, cuidUserId, tokenType);
+
+            tokendbDebug( "Change the revocation reason from onHold "
+                          "to keyCompromise\n" );
+
+            // to find out the tokenType on this lost token
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            /* revoke all the certs on this token (reason: keyCompromise) */
+            tokendbDebug( "Revoke all the certs on this token "
+                          "(reason: keyCompromise)\n" );
+
+            /* get the certificates on this lost token */
+            PR_snprintf( ( char * ) filter, 256,
+                         "(&(tokenID=%s)(tokenUserID=%s))",
+                         cuid, cuidUserId );
+
+            rc = find_tus_certificate_entries_by_order_no_vlv( filter,
+                                                               &result, 1 );
+            if( rc == 0 ) {
+                CertEnroll *certEnroll = new CertEnroll();
+                for( e = get_first_entry(result);
+                     e != NULL;
+                     e = get_next_entry( e ) ) { 
+                    char *attr_status = get_cert_status( e );
+                    if( strcmp( attr_status, "revoked" ) == 0 ) {
+                        if( attr_status != NULL ) {
+                            PL_strfree( attr_status );
+                            attr_status = NULL;
+                        }
+                        continue;
+                    }
+
+                    char *attr_serial= get_cert_serial( e );
+                    char *attr_tokenType = get_cert_tokenType( e );
+                    char *attr_keyType = get_cert_type( e );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert",
+                                 attr_tokenType, attr_keyType );
+
+                    bool revokeCert = RA::GetConfigStore()->
+                                      GetConfigAsBool( configname, true );
+
+                    PR_snprintf( ( char * ) configname, 256,
+                                 "op.enroll.%s.keyGen.%s.recovery."
+                                 "keyCompromise.revokeCert.reason",
+                                 attr_tokenType, attr_keyType );
+
+                    char *revokeReason = ( char * )
+                                         ( RA::GetConfigStore()->
+                                           GetConfigAsString( configname,
+                                                              "1" ) );
+
+                    if( revokeCert ) {
+                        char *attr_cn = get_cert_cn( e );
+
+                        PR_snprintf( ( char * ) configname, 256,
+                                     "op.enroll.%s.keyGen.%s.ca.conn",
+                                     attr_tokenType, attr_keyType );
+
+                        char *connid = ( char * )
+                                       ( RA::GetConfigStore()->
+                                         GetConfigAsString( configname ) );
+
+                        PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+                        int statusNum = 0;
+                        if(( strcmp( attr_status, "revoked_on_hold" ) == 0 ) && (strcmp(revokeReason, "6" ) != 0)) {
+                            statusNum = certEnroll->
+                                        UnrevokeCertificate( serial,
+                                                             connid,
+                                                             statusString );
+                            if (statusNum == 0) {
+                                PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as active", attr_cn);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "initiated", msg, cuidUserId, attr_tokenType);
+                                update_cert_status( attr_cn, "active" );
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Success", "unrevoke", serial, connid, "");
+
+                                do_free(statusString);
+                                statusNum = certEnroll->
+                                        RevokeCertificate( revokeReason,
+                                                           serial,
+                                                           connid,
+                                                           statusString );
+                                if (statusNum == 0) {
+                                    PR_snprintf((char *)msg, 256, "Certificate '%s' is marked as revoked", attr_cn);
+                                    RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success", msg, cuidUserId, attr_tokenType);
+                                    update_cert_status( attr_cn, "revoked" );
+
+                                    RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                      "Success", "revoke", serial, connid, "");
+                                } else {
+                                    PR_snprintf((char *)msg, 256, "Errors in revoking Certificate '%s' : %s", attr_cn, statusString);
+                                    RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                    RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                      "Failure", "revoke", serial, connid, statusString);
+                                }
+                            } else {
+                                PR_snprintf((char *)msg, 256, "Errors in unrevoking Certificate '%s' : %s", attr_cn, statusString);
+                                RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "failure", msg, cuidUserId, attr_tokenType);
+
+                                RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                  "Failure", "unrevoke", serial, connid, statusString);
+                            }
+
+                            do_free(statusString);
+                        }
+
+                        if( attr_cn != NULL ) {
+                            PL_strfree( attr_cn );
+                            attr_cn = NULL;
+                        }
+                    }
+
+                    if( attr_serial != NULL ) {
+                        PL_strfree( attr_serial );
+                        attr_serial = NULL;
+                    }
+
+                    if( attr_tokenType != NULL ) {
+                        PL_strfree( attr_tokenType );
+                        attr_tokenType = NULL;
+                    }
+
+                    if( attr_keyType != NULL ) {
+                        PL_strfree( attr_keyType );
+                        attr_keyType = NULL;
+                    }
+                } // end of the for loop
+
+                if( result != NULL ) {
+                    ldap_msgfree( result );
+                }
+
+                if( certEnroll != NULL ) {
+                    delete certEnroll;
+                    certEnroll = NULL;
+                }
+            }
+
+            rc = update_token_status_reason( cuidUserId, cuid,
+                                             "lost", "keyCompromise" );
+
+            PR_snprintf(oString, 512, "token_id;;%s", cuid);
+            PR_snprintf(pString, 512, "tokenStatus;;lost+tokenReason;;keyCompromise");
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pString, "lost token marked permanently lost");
+
+            PR_snprintf((char *)msg, 256, "Lost token marked permanently lost");
+            RA::tdb_activity(rq->connection->remote_ip, cuid, "do_token", "success",
+                     msg, cuidUserId, tokenType);
+        } else {
+            // invalid operation or transition
+            error_out("Transition or operation not allowed", "Transition or operation not allowed");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        
+        tokendbDebug( "do_token: rc = 0\n" );
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%d%s%s%s%s%s%s%s", JS_START,
+                     "var rc = \"", rc, "\";\n",
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n" );
+
+        add_allowed_token_transitions(token_ui_state, injection);
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( doTokenTemplate, injection );
+    } else if( ( PL_strstr( query, "op=revoke" ) ) ) {
+        tokendbDebug("authorization\n");
+
+        if( ! is_agent ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "revoke", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "revoke", "Success", "Tokendb user authorization");
+
+        /* XXX - chrisho */
+        /* op=revoke */
+        /* tid=cuid */
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                    "var uriBase = \"", uri, "\";\n",
+                    "var userid = \"", userid,
+                    "\";\n" );
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( revokeTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search_activity_admin" ) ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "search_activity_admin", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        } 
+
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_activity_admin", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n" );
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( searchActivityAdminTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search_activity" ) ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if ((! is_agent) && (! is_operator)) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "search_activity", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        } 
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_activity", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n" );
+
+        topLevel = get_field(query, "top=", SHORT_LEN);
+        if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
+            PL_strcat(injection, "var topLevel = \"operator\";\n");
+        }
+        do_free(topLevel);
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( searchActivityTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search_admin" ) ) || 
+               ( PL_strstr( query, "op=search_users"  ) )) { 
+        tokendbDebug( "authorization\n" );
+
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "search_admin,search_users", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_admin,search_users", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n" );
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        if ( PL_strstr( query, "op=search_admin" ) ) {
+            buf = getData( searchAdminTemplate, injection );
+        } else if ( PL_strstr( query, "op=search_users" ) ) {
+            buf = getData( searchUserTemplate, injection );
+        }
+    } else if ( PL_strstr( query, "op=search_certificate" ) )  {
+        tokendbDebug( "authorization\n" );
+        if ((! is_agent) && (! is_operator)) { 
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "search_certificate", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search_certificate", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n");
+
+        topLevel = get_field(query, "top=", SHORT_LEN);
+        if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
+            PL_strcat(injection, "var topLevel = \"operator\";\n");
+        }
+        do_free(topLevel);
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( searchCertificateTemplate, injection );
+    } else if( ( PL_strstr( query, "op=search" ) ) ) {
+        tokendbDebug( "authorization for op=search\n" );
+        if ((! is_agent) && (! is_operator)) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "search", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "search", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n");
+        
+        topLevel = get_field(query, "top=", SHORT_LEN);
+        if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
+            PL_strcat(injection, "var topLevel = \"operator\";\n");
+        }
+        do_free(topLevel);
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( searchTemplate, injection );
+    } else if( ( PL_strstr( query, "op=new" ) ) ) {
+        tokendbDebug( "authorization\n" );
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "new", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "new", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n", 
+                     "var userid = \"", userid,
+                     "\";\n" );
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( newTemplate,injection );
+    } else if ( ( PL_strstr( query, "op=add_user" ) ) ) {
+        tokendbDebug( "authorization for add_user\n" );
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "add_user", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "add_user", "Success", "Tokendb user authorization");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid,
+                     "\";\n");
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( newUserTemplate,injection );
+
+    } else if ( ( PL_strstr( query, "op=confirm_delete_config" ) ) ) {
+        tokendbDebug( "authorization for confirm_delete_config\n" );
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "confirm_delete_config", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "confirm_delete_config", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *ptimestamp = NULL;
+        char *pvalues = NULL;
+        char *large_injection = NULL;
+        char *pstate = NULL;
+        char *disp_conf_type = NULL;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        pstate = get_post_field(post, "pstate", SHORT_LEN);
+        ptimestamp = get_post_field(post, "ptimestamp", SHORT_LEN);
+        pvalues = get_post_field_s(post, "pvalues");
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype ); 
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        large_injection = (char *) PR_Malloc(PL_strlen(pvalues) + MAX_INJECTION_SIZE);
+        PR_snprintf( large_injection, PL_strlen(pvalues) + MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var conf_type = \"", ptype, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_name = \"", pname, "\";\n",
+                     "var conf_state = \"", pstate,  "\";\n",
+                     "var conf_tstamp = \"", ptimestamp,  "\";\n",
+                     "var agent_must_approve = \"", agent_must_approve(ptype)? "true": "false", "\";\n",
+                     "var conf_values= \"", pvalues, "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); 
+        PL_strcat(large_injection, JS_STOP);
+
+        buf = getData( confirmDeleteConfigTemplate, large_injection );
+
+        do_free(ptype);
+        do_free(pname);
+        do_free(ptimestamp);
+        do_free(pvalues);
+        do_free(pstate);
+        do_free(large_injection);
+    } else if( ( PL_strstr( query, "op=delete_config_parameter" ) ) ) {
+        tokendbDebug( "authorization for op=delete_config_parameter\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "delete_config_parameter", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "delete_config_parameter", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *ptimestamp = NULL;
+
+        char *key_values = NULL;
+        char *new_value = NULL;
+        char *conf_list = NULL;
+        ConfigStore *store = NULL;
+        int return_done = 0;
+        int status=0;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        ptimestamp = get_post_field(post, "ptimestamp", SHORT_LEN);
+        
+        if ((ptype == NULL) || (pname == NULL) || (PL_strlen(pname)==0) || (PL_strlen(ptype)==0)) {
+            error_out("Invalid Invocation: Parameter type or name is NULL or empty", "Parameter type or name is NULL or empty");
+            return_done = 1;
+            goto delete_config_parameter_cleanup;
+        }
+
+        if (!config_param_exists(ptype, pname)) {
+            error_out("Parameter does not exist", "Parameter does not exist");
+            return_done = 1;
+            goto delete_config_parameter_cleanup;
+        }
+
+        status =  set_config_state_timestamp(ptype, pname, ptimestamp, "Writing", "Admin", false, userid);
+        if (status != 0) {
+            error_out("The data you are viewing has changed.  Please reload the data and try your edits again.", "Data Out of Date");
+            return_done=1;
+            goto delete_config_parameter_cleanup;
+        }
+
+        store = get_pattern_substore(ptype, pname);
+
+        key_values = (char *) store->GetOrderedList();
+        if (PL_strlen(key_values) > 0)  parse_and_apply_changes(userid, ptype, pname, "DELETE", key_values);
+
+        // remove from the list for that config type
+        PR_snprintf( ( char * ) configname, 256, "target.%s.list", ptype );
+        conf_list = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+        new_value = RA::remove_from_comma_list((const char*) pname, (char *)conf_list);
+        RA::GetConfigStore()->Add(configname, new_value);
+
+        // remove state and timestamp variables
+        remove_config_state_timestamp(ptype, pname);
+
+        tokendbDebug("Committing delete ..");
+        char error_msg[512];
+        status = RA::GetConfigStore()->Commit(true, error_msg, 512);
+        if (status != 0) { 
+            tokendbDebug(error_msg);
+        }
+
+        PR_snprintf(oString, 512, "%s", pname);
+        PR_snprintf(pLongString, 4096, "%s;;%s", configname, new_value);
+        RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, pLongString, "config item deleted");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var flash = \"Configuration changes have been saved.\";\n",
+                     "var agent_target_list = \"",
+                      RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
+                     "var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( indexTemplate, injection );
+    delete_config_parameter_cleanup:
+        do_free(ptype);
+        do_free(pname);
+        do_free(key_values);
+        do_free(new_value);
+        do_free(ptimestamp);
+
+        if (store != NULL) {
+            delete store;
+            store = NULL;
+        }
+        if (return_done == 1) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+    } else if( ( PL_strstr( query, "op=add_config_parameter" ) ) ) {
+        tokendbDebug( "authorization for op=add_config_parameter\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "add_config_parameter", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "add_config_parameter", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+
+        ConfigStore *store = NULL;
+        char *pattern = NULL;
+        char *disp_conf_type = NULL;
+        int return_done =0;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        
+        if ((ptype == NULL) || (pname == NULL) || (PL_strlen(pname)==0) || (PL_strlen(ptype)==0)) {
+            error_out("Invalid Invocation: Parameter type or name is NULL or empty", "Parameter type or name is NULL or empty");
+            return_done = 1;
+            goto add_config_parameter_cleanup;
+        }
+
+        if (config_param_exists(ptype, pname)) {
+            error_out("Parameter already exists.  Use edit instead.", "Parameter already exists");
+            return_done = 1;
+            goto add_config_parameter_cleanup;
+        }
+
+        /* extra check (just in case) */
+        store = get_pattern_substore(ptype, pname);
+
+        if ((store != NULL) && (store->Size() != 0)) {
+            error_out("Config entries already exist for this parameter.  This is an error. Manually delete them first.", "Setup Error");
+            return_done = 1;
+            goto add_config_parameter_cleanup;
+        }
+ 
+        PR_snprintf( ( char * ) configname, 256, "target.%s.pattern", ptype );
+        pattern = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n", 
+                     "var conf_type = \"", ptype, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_name = \"", pname, "\";\n",
+                     "var conf_pattern = \"", pattern, "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection); //needed?
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( addConfigTemplate, injection );
+    add_config_parameter_cleanup:
+        do_free(ptype);
+        do_free(pname);
+
+        if (store != NULL) {
+            delete store;
+            store = NULL;
+        }
+        if (return_done == 1) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+    } else if( ( PL_strstr( query, "op=agent_change_config_state" ) ) ) {
+        tokendbDebug( "authorization for op=agent_change_config_state\n" );
+        if (! is_agent) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "agent_change_config_state", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "agent_change_config_state", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *ptimestamp = NULL;
+        char *choice = NULL;
+
+        char pstate[128]="";
+        int return_done =0;
+        int set_status = 0;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        ptimestamp = get_post_field(post, "ptimestamp", SHORT_LEN);
+        choice = get_post_field(post, "choice", SHORT_LEN);
+
+        if ((ptype == NULL) || (pname == NULL) || (ptimestamp == NULL) || (choice == NULL)) {
+            error_out("Invalid Invocation: A required parameter is NULL", "Invalid Invocation: A required parameter is NULL");
+            return_done=1;
+            goto agent_change_config_state_cleanup;
+        }
+
+        // check if agent has permission to see this config parameter
+        if (!agent_must_approve(ptype)) {
+            error_out("Invalid Invocation: Agent is not permitted to change the state of this configuration item", 
+                "Invalid Invocation: Agent is not permitted to change the state of this configuration item");
+            return_done=1;
+            goto agent_change_config_state_cleanup;
+        }
+
+        if ((PL_strcmp(choice, "Disable") == 0) || (PL_strcmp(choice, "Reject") == 0)) {
+            PR_snprintf(pstate, 128, "Disabled");
+        } else {
+            PR_snprintf(pstate, 128, "Enabled");
+        }
+ 
+        set_status = set_config_state_timestamp(ptype, pname, ptimestamp, pstate, "Agent", false, userid);
+
+        if (set_status != 0) {
+            error_out("The data you are viewing has been changed by an administrator and is out of date.  Please reload the data and try again.", 
+                "Data Out of Date");
+            return_done=1;
+            goto agent_change_config_state_cleanup;
+        }
+
+        char error_msg[512];
+        status = RA::GetConfigStore()->Commit(false, error_msg, 512);
+        if (status != 0) { 
+            tokendbDebug(error_msg);
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var flash = \"Configuration changes have been saved.\";\n",  
+                     "var agent_target_list = \"",
+                     RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
+                     "var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection); 
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( indexTemplate, injection );
+    agent_change_config_state_cleanup:
+        do_free(ptype);
+        do_free(pname);
+        do_strfree(ptimestamp);
+        do_strfree(choice);
+ 
+        if (return_done == 1) {
+             do_free(buf);
+             do_strfree(uri);
+             do_strfree(query);
+             return DONE;
+        }
+
+    } else if( ( PL_strstr( query, "op=agent_view_config" ) ) ) {
+        tokendbDebug( "authorization for op=agent_view_config\n" );
+        if (! is_agent) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "agent_view_config", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "agent_view_config", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *pstate = NULL;
+        char *ptimestamp = NULL;
+        char *disp_conf_type = NULL;
+        int return_done = 0;
+
+        char *key_values = NULL;
+        char *large_injection = NULL;
+        char *escaped = NULL;
+        ConfigStore *store = NULL;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        
+        if ((ptype == NULL) || (pname == NULL)) {
+            error_out("Invalid Invocation: Parameter type or name is NULL", "Invalid Invocation: Parameter type or name is NULL");
+            return_done =1;
+            goto agent_view_config_cleanup;
+        }
+
+        // check if agent has permission to see this config parameter
+        if (! agent_must_approve(ptype)) {
+            error_out("Invalid Invocation: Agent is not permitted to view this configuration item", 
+                "Invalid Invocation: Agent is not permitted to view this configuration item");
+            return_done =1;
+            goto agent_view_config_cleanup;
+        }
+
+        get_config_state_timestamp(ptype, pname, &pstate, &ptimestamp);
+
+        store = get_pattern_substore(ptype, pname);
+
+        if (store == NULL) {
+            error_out("Setup Error: Pattern Substore is NULL", "Pattern Substore is NULL");
+            return_done =1;
+            goto agent_view_config_cleanup;
+        }
+
+        key_values = (char *) store->GetOrderedList();
+        escaped = escapeSpecialChars(key_values);
+        tokendbDebug( "got ordered list");
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype );
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        large_injection = (char *) PR_Malloc(PL_strlen(key_values) + MAX_INJECTION_SIZE);
+        PR_snprintf( large_injection, PL_strlen(key_values) + MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n", 
+                     "var conf_type = \"", ptype, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_name = \"", pname, "\";\n",
+                     "var conf_state = \"", pstate,  "\";\n",
+                     "var conf_tstamp = \"", ptimestamp,  "\";\n",
+                     "var conf_values= \"", escaped, "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
+        PL_strcat(large_injection, JS_STOP);
+
+        buf = getData( agentViewConfigTemplate, large_injection );
+    agent_view_config_cleanup:
+        do_free(ptype);
+        do_free(pname);
+        do_free(pstate);
+        do_free(ptimestamp);
+        do_free(key_values);
+        do_free(large_injection);
+        do_strfree(escaped);
+
+        if (store != NULL) {
+            delete store;
+            store = NULL;
+        }
+
+        if (return_done != 0 ) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+    } else if( ( PL_strstr( query, "op=edit_config_parameter" ) ) ) {
+        tokendbDebug( "authorization for op=edit_config_parameter\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "edit_config_parameter", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "edit_config_parameter", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+
+        char *pstate = NULL;
+        char *ptimestamp = NULL;
+        char *key_values = NULL;
+        char *escaped = NULL;
+        ConfigStore *store = NULL;
+        char *large_injection = NULL;
+        char *pattern = NULL;
+        char *disp_conf_type = NULL;
+        int return_done = 0;
+        
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        
+        if ((ptype == NULL) || (pname == NULL)) {
+            error_out("Invalid Invocation: Parameter type or name is NULL", "Invalid Invocation: Parameter type or name is NULL");
+            return_done =1;
+            goto edit_config_parameter_cleanup;
+        }
+
+        get_config_state_timestamp(ptype, pname, &pstate, &ptimestamp);
+        tokendbDebug(pstate);
+        tokendbDebug(ptimestamp);
+
+        store = get_pattern_substore(ptype, pname);
+
+        if (store == NULL) {
+            error_out("Setup Error", "Pattern Substore is NULL");
+            return_done =1;
+            goto edit_config_parameter_cleanup;
+        }
+
+        key_values = (char *) store->GetOrderedList();
+        //escaped = escapeSpecialChars(key_values); 
+        escaped = escapeString(key_values); 
+        tokendbDebug( "got ordered list");
+     
+        PR_snprintf( ( char * ) configname, 256, "target.%s.pattern", ptype );
+        pattern = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype ); 
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+ 
+        large_injection = (char *) PR_Malloc(PL_strlen(key_values) + MAX_INJECTION_SIZE);
+        PR_snprintf( large_injection, PL_strlen(key_values) + MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n", 
+                     "var conf_type = \"", ptype, "\";\n",
+                      "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_name = \"", pname, "\";\n",
+                     "var conf_state = \"", pstate,  "\";\n",
+                     "var conf_tstamp = \"", ptimestamp,  "\";\n",
+                     "var agent_must_approve = \"", agent_must_approve(ptype)? "true": "false", "\";\n",
+                     "var conf_pattern = \"", pattern, "\";\n",
+                     "var conf_values= \"", escaped, "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
+        PL_strcat(large_injection, JS_STOP);
+
+        buf = getData( editConfigTemplate, large_injection );
+    edit_config_parameter_cleanup:
+        do_free(ptype);
+        do_free(pname);
+        do_strfree(ptimestamp);
+        do_strfree(pstate);
+        do_free(large_injection);
+        do_free(key_values);
+        do_strfree(escaped);
+       
+        if (store != NULL) {
+            delete store;
+            store = NULL;
+        } 
+        if (return_done == 1) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+    } else if( ( PL_strstr( query, "op=return_to_edit_config_parameter" ) ) ) {
+        tokendbDebug( "authorization for op=return_to_edit_config_parameter\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "return_to_edit_config_parameter", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "return_to_edit_config_parameter", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *pstate = NULL;
+        char *ptimestamp = NULL;
+        char *pvalues = NULL;
+
+        char *large_injection = NULL;
+        char *pattern = NULL;
+        char *disp_conf_type = NULL;
+        int return_done = 0;
+        
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        pstate = get_post_field(post, "pstate", SHORT_LEN);
+        ptimestamp = get_post_field(post, "ptimestamp", SHORT_LEN);
+        pvalues = get_post_field_s(post, "pvalues");
+
+        if ((ptype == NULL) || (pname == NULL) || (pstate == NULL) || (ptimestamp == NULL) || (pvalues == NULL)) {
+            error_out("Invalid Invocation: A required parameter is missing", "Invalid Invocation: A required parameter is missing");
+            return_done =1;
+            goto return_to_edit_config_parameter_cleanup;
+        }
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.pattern", ptype );
+        pattern = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype ); 
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+ 
+        large_injection = (char *) PR_Malloc(PL_strlen(pvalues) + MAX_INJECTION_SIZE);
+        PR_snprintf( large_injection, PL_strlen(pvalues) + MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n", 
+                     "var conf_type = \"", ptype, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_name = \"", pname, "\";\n",
+                     "var conf_state = \"", pstate,  "\";\n",
+                     "var conf_tstamp = \"", ptimestamp,  "\";\n",
+                     "var agent_must_approve = \"", agent_must_approve(ptype)? "true": "false", "\";\n",
+                     "var conf_pattern = \"", pattern, "\";\n",
+                     "var conf_values= \"", pvalues, "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
+        PL_strcat(large_injection, JS_STOP);
+
+        buf = getData( editConfigTemplate, large_injection );
+    return_to_edit_config_parameter_cleanup:
+        do_free(ptype);
+        do_free(pname);
+        do_free(ptimestamp);
+        do_free(pstate);
+        do_free(pvalues);
+        do_free(large_injection);
+       
+        if (return_done == 1) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+    } else if( ( PL_strstr( query, "op=confirm_config_changes" ) ) ) {
+        tokendbDebug( "authorization for op=confirm_config_changes\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "confirm_config_changes", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "confirm_config_changes", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *pvalues = NULL;
+        char *ptimestamp = NULL;
+        char *choice = NULL;
+
+        char *cur_ts = NULL;
+        char *cur_state = NULL;
+        char *changed_str = NULL;
+        char *added_str = NULL;
+        char *deleted_str = NULL;
+        char *escaped_deleted_str = NULL;
+        char *escaped_added_str = NULL;
+        char *escaped_changed_str = NULL;
+        char *escaped_pvalues = NULL;
+        char *disp_conf_type = NULL;
+        int return_done=0;
+        char flash[512]="";
+
+        char *pair = NULL;
+        char *line = NULL;
+        int i;
+        int len;
+        char *lasts = NULL;
+        char *value = NULL;
+        ConfigStore *store = NULL;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        ptimestamp = get_post_field(post, "ptimestamp", SHORT_LEN);
+        escaped_pvalues = get_post_field_s(post, "pvalues");
+        choice = get_post_field(post, "choice", SHORT_LEN);
+
+        if ((ptype == NULL) || (pname == NULL) || (escaped_pvalues == NULL) || (ptimestamp == NULL)) {
+            error_out("Invalid Invocation: A required parameter is NULL", "A required parameter is NULL");
+            return_done=1;
+            goto confirm_config_changes_cleanup;
+        }
+
+        tokendbDebug(ptype);        
+        tokendbDebug(pname);        
+       
+        if (PL_strlen(escaped_pvalues) == 0) {
+            error_out("Empty Data not allowed. Use Delete Parameter instead", "Empty Data");
+            return_done=1;
+            goto confirm_config_changes_cleanup;
+        }
+
+        get_config_state_timestamp(ptype, pname, &cur_state, &cur_ts);
+        if (PL_strcmp(cur_ts, ptimestamp) != 0) {
+            error_out("The data you are viewing has changed.  Please reload the data and try your edits again.", "Data Out of Date");
+            return_done=1;
+            goto confirm_config_changes_cleanup;
+        } 
+
+
+        store = get_pattern_substore(ptype, pname);
+        if (store == NULL) {
+            error_out("Setup Error", "Pattern Substore is NULL");
+            return_done=1;
+            goto confirm_config_changes_cleanup;
+        }
+
+        // parse the pvalues string of form foo=bar&&foo2=baz&& ...
+        pvalues = unescapeString(escaped_pvalues);
+        changed_str = (char*) PR_Malloc(PL_strlen(pvalues));
+        added_str = (char*) PR_Malloc(PL_strlen(pvalues));
+
+        PR_snprintf(changed_str, PL_strlen(pvalues),"");
+        PR_snprintf(added_str, PL_strlen(pvalues), "");
+
+        line = PL_strdup(pvalues);
+        pair = PL_strtok_r(line, "&&", &lasts);
+        while (pair != NULL) {
+            len = strlen(pair);
+            i = 0;
+            while (1) {
+                if (i >= len) {
+                    goto skip;
+                }
+                if (pair[i] == '\0') {
+                    goto skip;
+                }
+                if (pair[i] == '=') {
+                    pair[i] = '\0';
+                    break;
+                }
+                i++;
+            }
+            if ((value= (char *) store->GetConfigAsString(&pair[0]))) {  // key exists
+                if (PL_strcmp(value, &pair[i+1]) != 0) {
+                    // value has changed
+                    PR_snprintf(changed_str, PL_strlen(pvalues), "%s%s%s=%s", changed_str, 
+                        (PL_strlen(changed_str) != 0) ? "&&" : "", 
+                        &pair[0], &pair[i+1]);
+                }
+                store->Remove(&pair[0]);
+            } else {  // new key
+                PR_snprintf(added_str, PL_strlen(pvalues), "%s%s%s=%s", added_str, 
+                    (PL_strlen(added_str) != 0) ? "&&" : "", 
+                    &pair[0], &pair[i+1]);
+            }
+        skip:
+            pair = PL_strtok_r(NULL, "&&", &lasts);
+        }
+
+        // remaining entries have been deleted
+        deleted_str = (char *) store->GetOrderedList();
+
+        //escape special characters
+        escaped_deleted_str = escapeString(deleted_str);
+        escaped_added_str = escapeString(added_str);
+        escaped_changed_str = escapeString(changed_str);
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", ptype ); 
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        if ((PL_strlen(escaped_added_str) + PL_strlen(escaped_changed_str) + PL_strlen(escaped_deleted_str))!=0) {
+            int injection_size = PL_strlen(escaped_deleted_str) + PL_strlen(escaped_pvalues) + PL_strlen(escaped_added_str) + 
+                PL_strlen(escaped_changed_str) + MAX_INJECTION_SIZE;
+            char * large_injection = (char *) PR_Malloc(injection_size);
+
+            PR_snprintf( large_injection, injection_size,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n", 
+                     "var conf_type = \"", ptype, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_name = \"", pname, "\";\n",
+                     "var conf_tstamp = \"", ptimestamp,  "\";\n",
+                     "var conf_state = \"", cur_state, "\";\n",
+                     "var conf_values = \"", escaped_pvalues, "\";\n",
+                     "var added_str= \"", escaped_added_str, "\";\n",
+                     "var changed_str= \"", escaped_changed_str, "\";\n",
+                     "var conf_approval_requested = \"", (PL_strcmp(choice, "Save") == 0) ? "FALSE" : "TRUE", "\";\n",
+                     "var deleted_str= \"", escaped_deleted_str, "\";\n");
+
+            add_authorization_data(userid, is_admin, is_operator, is_agent, large_injection); //needed?
+            PL_strcat(large_injection, JS_STOP);
+
+            buf = getData( confirmConfigChangesTemplate, large_injection );
+
+            do_free(large_injection);
+           
+        } else {
+            // no changes need to be saved
+
+            if (PL_strcmp(choice, "Save") != 0) {
+                int status =  set_config_state_timestamp(ptype, pname, ptimestamp, "Pending_Approval", "Admin", false, userid);
+                if (status != 0) {
+                    error_out("The data you are viewing has changed.  Please reload the data and try your edits again.", "Data Out of Date");
+                    return_done=1;
+                    goto confirm_config_changes_cleanup;
+                }
+                char error_msg[512]; 
+                status = RA::GetConfigStore()->Commit(false, error_msg, 512);
+                if (status != 0) { 
+                    tokendbDebug(error_msg);
+                }
+
+                PR_snprintf(flash, 512, "Configuration Parameters have been submitted for Agent Approval");
+            } else {
+                PR_snprintf(flash, 512, "The data displayed is up-to-date.  No changes need to be saved.");
+            }
+
+            PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var flash = \"", flash , "\";\n",
+                     "var agent_target_list = \"",
+                      RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
+                     "var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
+
+            add_authorization_data(userid, is_admin, is_operator, is_agent, injection); 
+            PL_strcat(injection, JS_STOP);
+            buf = getData( indexTemplate, injection );
+        }
+
+    confirm_config_changes_cleanup:
+        do_strfree(cur_state);
+        do_strfree(cur_ts);
+        do_free(changed_str);
+        do_free(added_str);
+        do_free(deleted_str);
+        do_strfree(escaped_deleted_str);
+        do_strfree(escaped_added_str);
+        do_strfree(escaped_changed_str);
+        do_strfree(escaped_pvalues);
+        do_free(ptype);
+        do_free(pname);
+        do_free(pvalues);
+        do_free(ptimestamp);
+        do_free(choice);
+        do_strfree(line);
+
+        if (store != NULL) {
+            delete store;
+            store = NULL;
+        } 
+        if (return_done != 0) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+    
+    } else if( ( PL_strstr( query, "op=save_config_changes" ) ) ) {
+        tokendbDebug( "authorization for op=save_config_changes\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "save_config_changes", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "save_config_parameter", "Success", "Tokendb user authorization");
+
+        char *ptype = NULL;
+        char *pname = NULL;
+        char *ptimestamp = NULL;
+        char *escaped_added_str = NULL;
+        char *escaped_deleted_str = NULL;
+        char *escaped_changed_str = NULL;
+        char *new_config = NULL;
+        char *approval_requested = NULL;
+        char *pstate = NULL;
+        char flash[256] = "";
+        int return_done = 0;
+        bool new_config_bool = false;
+
+        ptype = get_post_field(post, "ptype", SHORT_LEN);
+        pname = get_post_field(post, "pname", SHORT_LEN);
+        ptimestamp = get_post_field(post, "ptimestamp", SHORT_LEN);
+        escaped_added_str = get_post_field_s(post, "added_params");
+        escaped_deleted_str =  get_post_field_s(post, "deleted_params");
+        escaped_changed_str = get_post_field_s(post, "changed_params");
+        new_config = get_post_field(post, "new_config", SHORT_LEN);
+        approval_requested = get_post_field(post, "approval_requested", SHORT_LEN);
+        new_config_bool = (PL_strcmp(new_config, "true") == 0) ? true : false;
+       
+        tokendbDebug(ptype);
+        tokendbDebug(pname);
+        tokendbDebug(new_config);
+        tokendbDebug(ptimestamp);
+        tokendbDebug(approval_requested);
+
+        char *added_str = unescapeString(escaped_added_str);
+        char *deleted_str = unescapeString(escaped_deleted_str);
+        char *changed_str = unescapeString(escaped_changed_str);
+
+        tokendbDebug(added_str);
+        tokendbDebug(deleted_str);
+        tokendbDebug(changed_str);
+
+        if ((ptype == NULL) || (pname == NULL)) {
+            error_out("Invalid Invocation: Parameter type, name or values is NULL", "Parameter type, name or values is NULL");
+            return_done = 1;
+            goto save_config_changes_cleanup;
+        }
+
+        if (set_config_state_timestamp(ptype, pname, ptimestamp, "Writing", "Admin", new_config_bool, userid) != 0) {
+            error_out("The data you are viewing has changed.  Please reload the data and try your edits again.", "Data Out of Date");
+            return_done=1;
+            goto save_config_changes_cleanup;
+        }
+
+        if (new_config) {
+             do_free(ptimestamp);
+             get_config_state_timestamp(ptype, pname, &pstate, &ptimestamp);
+        }
+
+        if (PL_strlen(added_str)   != 0) parse_and_apply_changes(userid, ptype, pname, "ADD", added_str);
+        if (PL_strlen(deleted_str) != 0) parse_and_apply_changes(userid, ptype, pname, "DELETE", deleted_str);
+        if (PL_strlen(changed_str) != 0) parse_and_apply_changes(userid, ptype, pname, "MODIFY", changed_str);
+
+        if (PL_strcmp(new_config, "true") ==0) {
+            // add to the list for that config type
+            PR_snprintf( ( char * ) configname, 256, "target.%s.list", ptype );
+            const char *conf_list = RA::GetConfigStore()->GetConfigAsString( configname );
+            char value[4096] = "";
+            PR_snprintf(value, 4096, "%s%s%s", conf_list, (PL_strlen(conf_list) > 0) ? "," : "", pname);
+            RA::GetConfigStore()->Add(configname, value);
+
+            PR_snprintf(oString, 512, "%s", pname);
+            PR_snprintf(pLongString, 4096, "%s;;%s", configname, value);
+            RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, pLongString, "config item added");
+        }
+
+        if (PL_strcmp(approval_requested, "TRUE") == 0) {
+            int status =  set_config_state_timestamp(ptype, pname, ptimestamp, "Pending_Approval", "Admin", false, userid);
+            if (status != 0) {
+                error_out("The data you are viewing has changed.  Please reload the data and try your edits again.", "Data Out of Date");
+                return_done=1;
+                goto save_config_changes_cleanup;
+            }
+            PR_snprintf(flash, 256, "Configuration Parameters have been saved and submitted for approval");
+        } else {
+            int status =  set_config_state_timestamp(ptype, pname, ptimestamp, "Disabled", "Admin", false, userid);
+            if (status != 0) {
+                error_out("The data you are viewing has changed.  Please reload the data and try your edits again.", "Data Out of Date");
+                return_done=1;
+                goto save_config_changes_cleanup;
+            }
+            PR_snprintf(flash, 256, "Configuration Parameters have been saved");
+        }
+
+        if ((PL_strlen(added_str) != 0) || (PL_strlen(deleted_str) != 0) ||  (PL_strlen(changed_str) != 0)) {
+            char error_msg[512];
+            status = RA::GetConfigStore()->Commit(true, error_msg, 512);
+            if (status != 0) { 
+                tokendbDebug(error_msg);
+            }
+
+            RA::Audit(EV_CONFIG, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", "", "config changes committed to filesystem");
+        } else {
+            // commit state changes
+            char error_msg[512];
+            status = RA::GetConfigStore()->Commit(false, error_msg, 512);
+            if (status != 0) {        
+                tokendbDebug(error_msg);
+            }
+        }
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var flash = \"" , flash, "\";\n",  
+                     "var agent_target_list = \"",
+                     RA::GetConfigStore()->GetConfigAsString("target.agent_approve.list", ""), "\";\n",
+                     "var target_list = \"", RA::GetConfigStore()->GetConfigAsString("target.configure.list", ""), "\";\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection); 
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( indexTemplate, injection );
+    save_config_changes_cleanup:
+        do_free(ptype);
+        do_free(pname);
+        do_free(added_str);
+        do_free(deleted_str);
+        do_free(changed_str);
+        do_free(escaped_added_str);
+        do_free(escaped_deleted_str);
+        do_free(escaped_changed_str);
+        do_free(new_config);
+        do_free(ptimestamp);
+        do_free(pstate);
+        do_free(approval_requested);
+        if (return_done == 1) {
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+    } else if( ( PL_strstr( query, "op=view_admin" ) )       ||
+               ( PL_strstr( query, "op=view_certificate" ) ) ||
+               ( PL_strstr( query, "op=view_activity_admin" ) ) ||
+               ( PL_strstr( query, "op=view_activity" ) )    ||
+               ( PL_strstr( query, "op=view_users" ) )       ||
+               ( PL_strstr( query, "op=view" ) )             ||
+               ( PL_strstr( query, "op=edit_admin" ) )       ||
+               ( PL_strstr( query, "op=edit_user" ) )        ||
+               ( PL_strstr( query, "op=edit" ) )             ||
+               ( PL_strstr( query, "op=show_certificate" ) ) ||
+               ( PL_strstr( query, "op=show" ) )             ||
+               ( PL_strstr( query, "op=do_confirm_token" ) ) ||
+               ( PL_strstr( query, "op=user_delete_confirm"))||
+               ( PL_strstr( query, "op=confirm" ) ) ) {
+
+        op  = get_field(query, "op=", SHORT_LEN);
+
+        if( ( PL_strstr( query, "op=confirm" ) )    ||
+            ( PL_strstr( query, "op=view_admin" ) ) ||
+            ( PL_strstr( query, "op=view_activity_admin" ) ) ||
+            ( PL_strstr( query, "op=show_admin" ) ) ||
+            ( PL_strstr( query, "op=view_users") )  ||
+            ( PL_strstr( query, "op=edit_user") )   ||
+            ( PL_strstr( query, "op=user_delete_confirm") ) ||
+            ( PL_strstr( query, "op=edit_admin" ) ) ) {
+            tokendbDebug( "authorization for admin ops\n" );
+
+            if( ! is_admin ) {
+                RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, op, "Failure", "Tokendb user authorization");
+                error_out("Authorization Failure", "Failed to authorize request");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+            RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, op, "Success", "Tokendb user authorization");
+        } else if ((PL_strstr(query, "op=edit")) || 
+                   (PL_strstr(query, "do_confirm_token"))) {
+            tokendbDebug( "authorization for op=edit and op=do_confirm_token\n" );
+
+            if (! is_agent ) {
+                RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, op, "Failure", "Tokendb user authorization");
+                error_out("Authorization Failure", "Failed to authorize request");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+            RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, op, "Success", "Tokendb user authorization");
+        } else if (PL_strstr(query, "op=view_activity")) {
+            tokendbDebug( "authorization for view_activity\n" );
+
+            /* check removed -- all roles permitted 
+            if ( (! is_agent) && (! is_operator) && (! is_admin)) {
+                error_out("Authorization Failure", "Failed to authorize request");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DECLINED;
+            } */
+        } else {
+            tokendbDebug( "authorization\n" );
+
+            if ((! is_agent) && (!is_operator)) { 
+                RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, op, "Failure", "Tokendb user authorization");
+                error_out("Authorization Failure", "Failed to authorize request");
+                do_free(buf);
+                do_strfree(uri);
+                do_strfree(query);
+
+                return DONE;
+            }
+            RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, op, "Success", "Tokendb user authorization");
+        }
+
+        do_free(op);
+
+        if ((PL_strstr( query, "op=view_activity_admin")) || 
+            (PL_strstr( query, "op=view_activity" ) )) {
+            getActivityFilter( filter, query );
+        } else if( PL_strstr( query, "op=view_certificate" ) ) {
+            getCertificateFilter( filter, query );
+        } else if( PL_strstr( query, "op=show_certificate" ) ) {
+            getCertificateFilter( filter, query );
+        } else if ((PL_strstr( query, "op=view_users" ) ) ||
+                   (PL_strstr( query, "op=user_delete_confirm")) ||
+                   (PL_strstr( query, "op=edit_user" ) )) {
+            getUserFilter( filter, query );
+        } else {
+            getFilter( filter, query );
+        }
+
+        auth_filter = get_authorized_profiles(userid, is_admin);
+
+        tokendbDebug("auth_filter");
+        tokendbDebug(auth_filter);
+
+        char *complete_filter = add_profile_filter(filter, auth_filter);
+        do_free(auth_filter);
+
+        int time_limit = get_time_limit(query);
+        int size_limit = get_size_limit(query);
+
+        tokendbDebug( "looking for filter:" );
+        tokendbDebug( complete_filter );
+        tokendbDebug( filter );
+        tokendbDebug( "\n" );
+
+        /*  retrieve maxCount */
+        s1 = PL_strstr( query, "maxCount=" );
+        if( s1 == NULL ) {
+            maxReturns = 100;
+        } else {
+            s2 = PL_strchr( ( const char * ) s1, '&' );
+            if( s2 == NULL ) {
+                maxReturns = atoi( s1+9 );
+            } else {
+                *s2 = '\0'; 
+                maxReturns = atoi( s1+9 );
+                *s2 = '&'; 
+            }
+        }
+
+        if (( PL_strstr( query, "op=view_activity_admin_all" )) ||
+            ( PL_strstr( query, "op=view_activity_all") )) {
+            // TODO: error check to confirm that search filter is non-empty
+            status = find_tus_activity_entries_no_vlv( complete_filter, &result, 1 ); 
+        } else if (( PL_strstr( query, "op=view_activity_admin" )) ||
+            ( PL_strstr( query, "op=view_activity" ) )) {
+            if (PL_strcmp(complete_filter, "(&(tokenID=*)(tokenUserID=*))") == 0) {
+                tokendbDebug("activity vlv search");
+                status = find_tus_activity_entries(complete_filter, maxReturns, &result);
+            } else {
+                status = find_tus_activity_entries_pcontrol_1( complete_filter, maxReturns, time_limit, size_limit, &result);
+            }
+        } else if(( PL_strstr( query, "op=view_certificate_all" ) ) ||
+            ( PL_strstr( query, "op=show_certificate") )) {
+
+            // TODO: error check to confirm that search filter is non-empty
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP filter: %s", complete_filter);
+
+            status = find_tus_certificate_entries_by_order_no_vlv( complete_filter,
+                                                                   &result,
+                                                                   0 );
+        } else if( PL_strstr( query, "op=view_certificate" )) {
+            ap_log_error( ( const char * ) "tus", __LINE__,
+                          APLOG_ERR, 0, rq->server,
+                          ( const char * ) "LDAP filter: %s", complete_filter);
+
+            status = find_tus_certificate_entries_by_order( complete_filter,
+                                                            maxReturns,
+                                                            &result,
+                                                            0 );
+        } else if( PL_strstr( query, "op=show_admin" ) ||
+                   PL_strstr( query, "op=show" )       ||
+                   PL_strstr( query, "op=edit_admin" ) ||
+                   PL_strstr( query, "op=confirm" )    ||
+                   PL_strstr( query, "op=do_confirm_token" ) ) {
+            status = find_tus_token_entries_no_vlv( complete_filter, &result, 0 );
+        } else if ((PL_strstr (query, "op=view_users" ))  ||
+                   (PL_strstr (query, "op=user_delete_confirm")) ||
+                   (PL_strstr (query, "op=edit_user" )))  {
+            status = find_tus_user_entries_no_vlv( filter, &result, 0); 
+        } else {
+            if (PL_strcmp(complete_filter, "(&(cn=*)(tokenUserID=*))") == 0) {
+                tokendbDebug("token vlv search");
+                status = find_tus_db_entries(complete_filter, maxReturns, &result);
+            } else {
+                status = find_tus_db_entries_pcontrol_1( complete_filter, maxReturns, time_limit, size_limit, &result );
+            }
+        }
+
+        if( status != LDAP_SUCCESS ) {
+            ldap_error_out("LDAP search error: ", "LDAP search error: %s");
+            do_free(complete_filter);
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+
+        do_free(complete_filter);
+        nEntries = get_number_of_entries( result );
+        entryNum = 0;
+        size = 0;
+
+        PL_strcpy( injection, JS_START );
+        PL_strcat( injection, "var userid = \"" );
+        PL_strcat( injection, userid );
+        PL_strcat( injection, "\";\n" );
+        PL_strcat( injection, "var uriBase = \"" );
+        PL_strcat( injection, uri );
+        PL_strcat( injection, "\";\n" );
+
+        if( nEntries > 1 ) {
+            if( sendInPieces && PL_strstr( query, "op=view_activity_admin" ) ) {
+                buf = getTemplateFile( searchActivityAdminResultTemplate,
+                                       &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            } else if( sendInPieces && PL_strstr( query, "op=view_activity" ) ) {
+                buf = getTemplateFile( searchActivityResultTemplate,
+                                       &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            } else if( sendInPieces &&
+                       PL_strstr( query, "op=view_certificate" ) ) {
+                buf = getTemplateFile( searchCertificateResultTemplate,
+                                       &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            } else if (sendInPieces && PL_strstr( query, "op=view_users" )) {
+                buf = getTemplateFile( searchUserResultTemplate, &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            } else if( sendInPieces && PL_strstr( query, "op=view" ) ) {
+                buf = getTemplateFile( searchResultTemplate, &tagOffset );
+                if( buf != NULL && tagOffset >= 0 ) {
+                    ( void ) ap_rwrite( ( const void * ) buf, tagOffset, rq );
+                    sendPieces = 1;
+                }
+            }
+
+            PL_strcat( injection, "var total = \"" );
+
+            len = PL_strlen( injection );
+
+            PR_snprintf( &injection[len], ( MAX_INJECTION_SIZE-len ),
+                         "%d", nEntries );
+
+            PL_strcat( injection, "\";\n" );
+        } else {
+            if( ( vals = get_token_states() ) != NULL ) {
+                PL_strcat( injection, "var tokenStates = \"" );
+                for( i = 0; vals[i] != NULL; i++ ) {
+                    if( i > 0 ) {
+                        PL_strcat( injection, "," );
+                    }
+
+                    PL_strcat( injection, vals[i] );
+                }
+
+                if( i > 0 ) {
+                    PL_strcat( injection, "\";\n" );
+                } else {
+                    PL_strcat( injection, "null;\n" );
+                }
+            }
+        }
+
+        PL_strcat( injection, "var results = new Array();\n" );
+        PL_strcat( injection, "var item = 0;\n" );
+
+        if( PL_strstr( query, "op=do_confirm_token" ) ) {
+                question = PL_strstr( query, "question=" );
+
+                q = question[9] - '0';
+
+                PR_snprintf( question_no, 256, "%d", q );
+
+                PL_strcat( injection, "var question = \"" );
+                PL_strcat( injection, question_no );
+                PL_strcat( injection, "\";\n" );
+        }
+
+        if (PL_strstr( query, "op=do_confirm_token" ) ||
+            PL_strstr( query, "op=show" )) {
+                show_token_ui_state = true;
+        }
+           
+        /* get attributes to be displayed to the user */
+        if (( PL_strstr( query, "op=view_activity_admin" ) ) ||
+            ( PL_strstr( query, "op=view_activity" ) )) {
+            attrs = get_activity_attributes();
+        } else if( PL_strstr( query, "op=view_certificate" ) ) {
+            attrs = get_certificate_attributes();
+        } else if( PL_strstr( query, "op=show_certificate" ) ) {
+            attrs = get_certificate_attributes();
+        } else if ((PL_strstr( query, "op=user_delete_confirm")) ||
+                   (PL_strstr( query, "op=edit_user") ) )   {
+            attrs = get_user_attributes();
+        } else if (PL_strstr( query, "op=view_users") ) {
+            attrs = get_view_user_attributes();
+        } else {
+            attrs = get_token_attributes();
+        }
+
+        /* start_val used in paging of profiles on the edit_user page */
+        if (PL_strstr( query, "op=edit_user") ) {
+            char *start_val_str = get_field(query, "start_val=", SHORT_LEN);
+            if (start_val_str != NULL) { 
+                start_val = atoi(start_val_str);
+                do_free(start_val_str);
+            } else {
+                start_val = 0;
+            }
+            end_val = start_val + NUM_PROFILES_TO_DISPLAY;
+        }
+
+        /* flash used to display edit result upon redirection back to the edit_user page */
+        if (PL_strstr(query, "op=edit_user") ) {
+           char *flash = get_field(query, "flash=", SHORT_LEN);
+           if (flash != NULL) {
+              PL_strcat(injection, "var flash = \"");
+              PL_strcat(injection, flash);
+              PL_strcat(injection, "\";\n");
+              do_free(flash);
+           }
+           PR_snprintf(msg, 256, "var num_profiles_to_display = %d ;\n", NUM_PROFILES_TO_DISPLAY);
+           PL_strcat(injection, msg);
+        }
+
+        int injection_size = MAX_INJECTION_SIZE;
+        /* start_entry_val is used for pagination of entries on all other pages */
+        int start_entry_val;
+        int end_entry_val;
+        int first_pass = 1;
+        int one_time = 1;
+        char *start_entry_val_str = get_field(query, "start_entry_val=", SHORT_LEN);
+        if (start_entry_val_str != NULL) {
+            start_entry_val = atoi(start_entry_val_str);
+            do_free(start_entry_val_str);
+        } else {
+            start_entry_val = 1;
+        }
+        end_entry_val = start_entry_val + NUM_ENTRIES_PER_PAGE;
+
+        if( (maxReturns > 0) && (maxReturns < nEntries)) {
+            PR_snprintf(msg, 256, "var limited = %d ;\n", maxReturns);
+            PL_strcat( injection, msg);
+        }
+
+        for( e = get_first_entry( result );
+             ( maxReturns > 0 ) && ( e != NULL );
+             e = get_next_entry( e ) ) {
+            maxReturns--;
+            entryNum++;
+
+            if ((entryNum < start_entry_val) || (entryNum >= end_entry_val)) {
+                if (one_time == 1) {
+                    PL_strcat(injection, "var my_query = \"");
+                    PL_strcat(injection, query);
+                    PL_strcat(injection, "\";\n");
+                    one_time =0;
+                }
+                // skip values not within the page range
+                if (entryNum == end_entry_val) {
+                    PL_strcat( injection, "var has_more_entries = 1;\n"); 
+                    break;
+                } 
+                continue;
+            }
+
+            PL_strcat( injection, "var o = new Object();\n" );
+
+            for( n = 0; attrs[n] != NULL; n++ ) {
+                /* Get the values of the attribute. */
+                if( ( bvals = get_attribute_values( e, attrs[n] ) ) != NULL ) {
+                    int v_start =0;
+                    int v_end = MAX_INJECTION_SIZE;
+                    PL_strcat( injection, "o." );
+                    PL_strcat( injection, attrs[n] );
+                    PL_strcat( injection, " = " );
+
+                    if (PL_strstr(attrs[n], PROFILE_ID)) {
+                        v_start = start_val;
+                        v_end = end_val;
+                    } 
+
+                    for( i = v_start; (bvals[i] != NULL) && (i < v_end); i++ ) {
+                        if( i > start_val ) {
+                            PL_strcat( injection, "#" );
+                        } else {
+                            PL_strcat( injection, "\"" );
+                        }
+
+                        // make sure to escape any special characters
+                        if (bvals[i]->bv_val != NULL) {
+                            char *escaped = escapeSpecialChars(bvals[i]->bv_val);
+                            PL_strcat( injection, escaped );
+                            if (escaped != NULL) {
+                                PL_strfree(escaped);
+                            }
+                        }
+                    }
+
+                    if( i > v_start ) {
+                        PL_strcat( injection, "\";\n" );
+                    } else {
+                        PL_strcat( injection, "null;\n" );
+                    }
+
+                    if ((PL_strcmp(attrs[n], TOKEN_STATUS)==0) && show_token_ui_state && valid_berval(bvals)) {
+                        PL_strncpy( tokenStatus, bvals[0]->bv_val, 100 );
+                    }
+
+                    if ((PL_strcmp(attrs[n], TOKEN_REASON)==0) && show_token_ui_state && valid_berval(bvals)) {
+                        PL_strncpy( tokenReason, bvals[0]->bv_val, 100 );
+                    }
+
+                    if (PL_strstr(attrs[n], PROFILE_ID))  {
+                        if (bvals[i] != NULL) { 
+                            PL_strcat( injection, "var has_more_profile_vals = \"true\";\n");
+                        } else {
+                            PL_strcat( injection, "var has_more_profile_vals = \"false\";\n");
+                        }
+                        PR_snprintf(msg, 256, "var start_val = %d ;\n var end_val = %d ;\n", 
+                            start_val, i);
+                        PL_strcat( injection, msg);
+                    }
+
+                    /* Free the attribute values from memory when done. */
+                    if( bvals != NULL ) {
+                        free_values( bvals, 1 );
+                        bvals = NULL;
+                    }
+                }
+            }
+
+            PL_strcat( injection, "results[item++] = o;\n" );
+
+            if (check_injection_size(&injection, &injection_size, fixed_injection) != 0) {
+                // failed to allocate more space to injection, truncating output
+                break;
+            }
+
+            if( first_pass == 1 && nEntries > 1 && sendPieces == 0 ) {
+                first_pass=0;
+
+		PR_snprintf(msg, 256, "var start_entry_val = %d ; \nvar num_entries_per_page= %d ; \n", 
+                            start_entry_val, NUM_ENTRIES_PER_PAGE);
+                PL_strcat( injection, msg);
+            }
+
+            if( sendPieces ) {
+                ( void ) ap_rwrite( ( const void * ) injection,
+                                    PL_strlen( injection ), rq );
+                injection[0] = '\0';
+            }
+
+        }
+
+        if( result != NULL ) {
+            free_results( result );
+            result = NULL;
+        }
+
+        /* populate the user roles */
+        if ((PL_strstr( query, "op=edit_user")) ||
+            (PL_strstr( query, "op=user_delete_confirm"))) {
+
+            uid  = get_field(query, "uid=", SHORT_LEN);
+            bool officer = false;
+            bool agent = false;
+            bool admin = false;
+            status = find_tus_user_role_entries( uid, &result );
+            for (e = get_first_entry( result );
+                 e != NULL;
+                 e = get_next_entry( e ) ) {
+                char *dn = NULL;
+                dn = get_dn(e);
+                if (PL_strstr(dn, "Officers"))
+                    officer=true; 
+                if (PL_strstr(dn, "Agents"))
+                    agent = true; 
+                if (PL_strstr(dn, "Administrators")) 
+                    admin = true;
+                if (dn != NULL) {
+                    PL_strfree(dn);
+                    dn=NULL;
+                } 
+            }
+            if (officer) {
+                 PL_strcat( injection, "var operator = \"CHECKED\"\n");
+            } else {
+                 PL_strcat( injection, "var operator = \"\"\n");
+            }
+            if (agent) {
+                 PL_strcat( injection, "var agent = \"CHECKED\"\n");
+            } else {
+                 PL_strcat( injection, "var agent = \"\"\n");
+            }
+            if (admin) {
+                 PL_strcat( injection, "var admin = \"CHECKED\"\n");
+            } else {
+                 PL_strcat( injection, "var admin = \"\"\n");
+            }
+
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+            do_free(uid);
+        }
+
+        /* populate the profile checkbox */
+        /* for sanity, we limit the number of entries displayed as well as the max number of characters transferred */
+        if (PL_strstr( query, "op=edit_user")) {
+            if (profileList != NULL) {
+                int n_profiles = 0;
+                int l_profiles = 0;
+                bool more_profiles = false;
+
+                char *pList = PL_strdup(profileList);
+                char *sresult = NULL;
+                
+                PL_strcat( injection, "var profile_list = new Array(");
+                sresult = strtok(pList, ",");
+                n_profiles++;
+                while (sresult != NULL) {
+                    n_profiles++;
+                    l_profiles  += PL_strlen(sresult);
+                    if ((n_profiles > NUM_PROFILES_TO_DISPLAY) || (l_profiles > MAX_LEN_PROFILES_TO_DISPLAY)) {
+                        PL_strcat(injection, "\"Other Profiles\",");
+                        more_profiles = true;
+                        break;
+                    }
+
+                    PL_strcat(injection, "\"");
+                    PL_strcat(injection, sresult);
+                    PL_strcat(injection, "\",");
+                    sresult = strtok(NULL, ",");
+                }
+                do_free(pList);
+                PL_strcat(injection, "\"All Profiles\")\n");
+                if (more_profiles) {
+                    PL_strcat(injection, "var more_profiles=\"true\";\n");
+                } else {
+                    PL_strcat(injection, "var more_profiles=\"false\";\n");
+                }
+            }
+        }
+        topLevel = get_field(query, "top=", SHORT_LEN);
+        if ((topLevel != NULL) && (PL_strstr(topLevel, "operator"))) {
+            PL_strcat(injection, "var topLevel = \"operator\";\n");
+        }
+        do_free(topLevel);
+
+        /* populate the authorized token transitions */
+        if (show_token_ui_state) {
+            token_ui_state = get_token_ui_state(tokenStatus, tokenReason);
+            add_allowed_token_transitions(token_ui_state, injection);
+        }
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat( injection, JS_STOP );
+
+        if( sendPieces ) {
+            ( void ) ap_rwrite( ( const void * ) injection,
+                                PL_strlen( injection ), rq );
+
+            mNum = buf + tagOffset + PL_strlen( CMS_TEMPLATE_TAG );
+
+            ( void ) ap_rwrite( ( const void * ) mNum,
+                                PL_strlen( mNum ), rq );
+
+            mNum = NULL;
+
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+        } else {
+            if( PL_strstr( query, "op=view_activity_admin" ) ) {
+                buf = getData( searchActivityAdminResultTemplate, injection ); 
+            } else if( PL_strstr( query, "op=view_activity" ) ) {
+                buf = getData( searchActivityResultTemplate, injection );
+            } else if( PL_strstr( query, "op=view_certificate" ) ) {
+                buf = getData( searchCertificateResultTemplate, injection );
+            } else if( PL_strstr( query, "op=show_admin" ) ) {
+                buf = getData( showAdminTemplate, injection );
+            } else if( PL_strstr( query, "op=view_admin" ) ) {
+                buf = getData( searchAdminResultTemplate, injection );
+            } else if (PL_strstr( query, "op=view_users") ) {
+                buf = getData( searchUserResultTemplate, injection);
+            } else if( PL_strstr( query, "op=view" ) ) {
+                buf = getData( searchResultTemplate, injection );
+            } else if (PL_strstr( query, "op=edit_user") ) {
+                buf = getData( editUserTemplate, injection);
+            } else if( PL_strstr( query, "op=edit" ) ) {
+                buf = getData( editTemplate, injection );
+            } else if( PL_strstr( query, "op=show_certificate" ) ) {
+                buf = getData( showCertTemplate, injection );
+            } else if( PL_strstr( query, "op=do_confirm_token" ) ) {
+                buf = getData( doTokenConfirmTemplate, injection );
+            } else if( PL_strstr( query, "op=show" ) ) {
+                buf = getData( showTemplate, injection );
+            } else if( PL_strstr( query, "op=confirm" ) ) {
+                buf = getData( deleteTemplate, injection );
+            } else if ( PL_strstr( query, "op=user_delete_confirm" ) ) {
+                buf = getData( userDeleteTemplate, injection );
+            }
+
+        }
+
+        if( injection != fixed_injection ) {
+            if( injection != NULL ) {
+                PR_Free( injection );
+                injection = NULL;
+            }
+
+            injection = fixed_injection;
+        }
+    } else if ( PL_strstr( query, "op=add_profile_user" )) {
+        tokendbDebug("authorization for op=add_profile_user");
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "add_profile_user", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "add_profile_user", "Success", "Tokendb user authorization");
+        uid = get_post_field(post, "uid", SHORT_LEN);
+        char *profile = get_post_field(post, "profile_0", SHORT_LEN);
+        char *other_profile = get_post_field(post, "other_profile", SHORT_LEN);
+        if ((profile != NULL) && (uid != NULL)) {
+            if (PL_strstr(profile, "Other Profiles")) {
+                if ((other_profile != NULL) && (match_profile(other_profile))) {
+                    do_free(profile);
+                    profile = PL_strdup(other_profile);
+                } else {
+                    error_out("Invalid Profile to be added", "Invalid Profile to be added");
+                    do_free(profile);
+                    do_free(other_profile);
+                    do_free(uid);
+                    do_free(buf);
+                    do_strfree(uri);
+                    do_strfree(query);
+
+                    return OK;
+               }
+            }
+            if (PL_strstr(profile, ALL_PROFILES)) {
+                status = delete_all_profiles_from_user(userid, uid);
+            }
+
+            PR_snprintf(oString, 512, "userid;;%s", uid);
+            PR_snprintf(pString, 512, "profile;;%s", profile);
+
+            status = add_profile_to_user(userid, uid, profile);
+            if ((status != LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "Failure", oString, pString, "failure adding profile to user"); 
+                    PR_snprintf(msg, 512, "LDAP Error in adding profile %s to user %s",
+                        profile, uid);
+                    post_ldap_error(msg);
+            }
+            RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "profile added to user"); 
+        }
+        do_free(other_profile);
+        do_free(buf);
+        do_strfree(uri);
+        do_strfree(query);
+
+        PR_snprintf((char *)msg, 512,
+            "'%s' has added profile %s to user %s", userid, profile, uid);
+        RA::tdb_activity(rq->connection->remote_ip, "", "add_profile", "success", msg, uid, NO_TOKEN_TYPE);
+
+        PR_snprintf(oString, 512, "userid;;%s", uid);
+        PR_snprintf(pString, 512, "profile;;%s", profile);
+
+        PR_snprintf(injection, MAX_INJECTION_SIZE,
+                    "/tus/tus?op=edit_user&uid=%s&flash=Profile+%s+has+been+added+to+the+user+record",
+                    uid, profile);
+        do_free(profile);
+        do_free(uid);
+        rq->method = apr_pstrdup(rq->pool, "GET");
+        rq->method_number = M_GET;
+
+        ap_internal_redirect_handler(injection, rq);
+        return OK;
+    } else if ( PL_strstr( query, "op=save_user" )) {
+        tokendbDebug( "authorization for op=save_user\n" );
+
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "save_user", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "save_user", "Success", "Tokendb user authorization");
+        // first save user details
+        uid = get_post_field(post, "uid", SHORT_LEN);
+        firstName = get_post_field(post, "firstName", SHORT_LEN);
+        lastName = get_post_field(post, "lastName", SHORT_LEN);
+        userCert = get_encoded_post_field(post, "userCert", HUGE_STRING_LEN);
+        opOperator = get_post_field(post, "opOperator", SHORT_LEN);
+        opAgent = get_post_field(post, "opAgent", SHORT_LEN);
+        opAdmin = get_post_field(post, "opAdmin", SHORT_LEN);
+
+        // construct audit log message
+        PR_snprintf(oString, 512, "userid;;%s", uid);
+        PR_snprintf(pLongString, 4096, "");
+        PR_snprintf(filter, 512, "uid=%s", uid);
+        status = find_tus_user_entries_no_vlv( filter, &result, 0); 
+        e = get_first_entry( result );
+        if( e != NULL ) {
+            audit_attribute_change(e, "givenName", firstName, pLongString);
+            audit_attribute_change(e, "sn", lastName,  pLongString);
+        } 
+
+        if( result != NULL ) {
+            free_results( result );
+            result = NULL;
+        }
+
+        // now check cert 
+        char *test_user = tus_authenticate(userCert);
+        if ((test_user != NULL) && (strcmp(test_user, uid) == 0)) {
+            // cert did not change
+        } else {
+            if (strlen(pLongString) > 0)  PL_strcat(pLongString, "+");
+            PR_snprintf(pLongString, 4096, "%suserCertificate;;%s", pLongString, userCert);
+        }
+
+        PR_snprintf((char *)userCN, 256,
+            "%s %s", firstName, lastName);
+
+        status = update_user_db_entry(userid, uid, lastName, firstName, userCN, userCert);
+
+        do_free(firstName);
+        do_free(lastName);
+        do_free(userCert);
+
+        if( status != LDAP_SUCCESS ) {
+            RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pLongString, "user record failed to be updated"); 
+            ldap_error_out("LDAP modify error: ", "LDAP error: %s");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            do_free(uid);
+            do_free(opOperator);
+            do_free(opAgent);
+            do_free(opAdmin);
+
+            return DONE;
+        }
+        if (strlen(pLongString) > 0)
+            RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pLongString, "user record updated"); 
+
+        bool has_role  = tus_authorize(TOKENDB_OPERATORS_IDENTIFIER, uid); 
+        PR_snprintf(pString, 512, "role;;operator");
+        if ((opOperator != NULL) && (PL_strstr(opOperator, OPERATOR))) {
+            if (!has_role) {
+                status = add_user_to_role_db_entry(userid, uid, OPERATOR);
+                if ((status!= LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "Error adding user to role");
+                    PR_snprintf(msg, 512, "Error adding user %s to role %s", uid, OPERATOR);
+                    post_ldap_error(msg);
+                } else {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "user added to role");
+                }
+            }
+        } else if (has_role) {
+            status = delete_user_from_role_db_entry(userid, uid, OPERATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "Error deleting user from role");
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, OPERATOR);
+                post_ldap_error(msg);
+            } else {
+                RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "user deleted from role");
+            }
+        }
+
+        has_role  = tus_authorize(TOKENDB_AGENTS_IDENTIFIER, uid); 
+        PR_snprintf(pString, 512, "role;;agent");
+        if ((opAgent != NULL) && (PL_strstr(opAgent, AGENT))) {
+            if (!has_role) {
+                status = add_user_to_role_db_entry(userid, uid, AGENT);
+                if ((status!= LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "Error adding user to role");
+                    PR_snprintf(msg, 512, "Error adding user %s to role %s", uid, AGENT);
+                    post_ldap_error(msg);
+                } else {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "user added to role");
+                }
+            } 
+        } else if (has_role) {
+            status = delete_user_from_role_db_entry(userid, uid, AGENT);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "Error deleting user from role");
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, AGENT);
+                post_ldap_error(msg);
+            } else {
+                RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "user deleted from role");
+            }
+        }
+
+        has_role  = tus_authorize(TOKENDB_ADMINISTRATORS_IDENTIFIER, uid); 
+        PR_snprintf(pString, 512, "role;;administrator");
+        if ((opAdmin != NULL) && (PL_strstr(opAdmin, ADMINISTRATOR))) {
+            if (!has_role) {
+                status = add_user_to_role_db_entry(userid, uid, ADMINISTRATOR);
+                if ((status!= LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "Error adding user to role");
+                    PR_snprintf(msg, 512, "Error adding user %s to role %s", uid, ADMINISTRATOR);
+                    post_ldap_error(msg);
+                } else {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "user added to role");
+                }
+            }
+        } else if (has_role) {
+            status = delete_user_from_role_db_entry(userid, uid, ADMINISTRATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "Error deleting user from role");
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, ADMINISTRATOR);
+                post_ldap_error(msg);
+            } else {
+                RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "user deleted from role");
+            }
+        }
+  
+        do_free(opOperator);
+        do_free(opAgent);
+        do_free(opAdmin);
+
+        // save profile details
+        char *nProfileStr = get_post_field(post, "nProfiles", SHORT_LEN);
+        int nProfiles = atoi (nProfileStr);
+        do_free(nProfileStr);
+
+        for (int i=0; i< nProfiles; i++) {
+            char p_name[256];
+            char p_delete[256];
+            PR_snprintf(p_name, 256, "profile_%d", i);
+            PR_snprintf(p_delete, 256, "delete_%d", i);
+            char *profile = get_post_field(post, p_name, SHORT_LEN);
+            char *p_del = get_post_field(post, p_delete, SHORT_LEN);
+
+            if ((profile != NULL) && (p_del != NULL) && (PL_strstr(p_del, "delete"))) {
+                PR_snprintf(pString, 512, "profile_id;;%s", profile);
+                status = delete_profile_from_user(userid, uid, profile);
+                if ((status != LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString, "error deleting profile from user");
+                    PR_snprintf(msg, 512, "LDAP Error in deleting profile %s from user %s",
+                        profile, uid);
+                    post_ldap_error(msg);
+                } else {
+                    RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, pString, "profile deleted from user");
+                }
+            }
+            do_free(profile);
+            do_free(p_del);
+        }
+
+        do_free(buf);
+        do_strfree(uri);
+        do_strfree(query);
+
+        PR_snprintf((char *)msg, 512,
+            "'%s' has modified user %s", userid, uid);
+        RA::tdb_activity(rq->connection->remote_ip, "", "modify_user", "success", msg, uid, NO_TOKEN_TYPE);
+
+        PR_snprintf(injection, MAX_INJECTION_SIZE,
+                    "/tus/tus?op=edit_user&uid=%s&flash=User+record+%s+has+been+updated", 
+                    uid, uid);
+        do_free(uid);
+        rq->method = apr_pstrdup(rq->pool, "GET");
+        rq->method_number = M_GET;
+
+        ap_internal_redirect_handler(injection, rq);
+        return OK;
+    } else if( PL_strstr( query, "op=save" ) ) {
+        tokendbDebug( "authorization\n" );
+
+        if( ! is_agent ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "save", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "save", "Success", "Tokendb user authorization");
+
+        getCN( filter, query );
+        mNum = parse_modification_number( query );
+        mods = getModifications( query );
+
+        if( mNum != NULL ) {
+            status = check_and_modify_tus_db_entry( userid, filter,
+                                                    mNum, mods );
+
+            PL_strfree( mNum );
+
+            mNum = NULL;
+        } else {
+            status = modify_tus_db_entry( userid, filter, mods );
+        }
+    
+        int cc;
+        PR_snprintf(oString, 512, "token_id;;%s", filter);
+        PR_snprintf(pLongString, 4096, "");
+        int first_item = 1;
+        for (cc = 0; mods[cc] != NULL; cc++) {
+           if (! first_item) PL_strcat(pLongString, "+");
+           if (mods[cc]->mod_type != NULL) { 
+               PL_strcat(pLongString, mods[cc]->mod_type);
+               PL_strcat(pLongString, ";;");
+               PL_strcat(pLongString, *mods[cc]->mod_values);
+               first_item =0;
+           } 
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+        if( status != LDAP_SUCCESS ) {
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Failure", oString, pLongString, "failed to modify token record");
+             ldap_error_out("LDAP modify error: ", "LDAP error: %s");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+        RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Agent", "Success", oString, pLongString, "token record modified");
+        PR_snprintf((char *)msg, 256, "Token record modified by %s", userid);
+        RA::tdb_activity(rq->connection->remote_ip, cuid, "save", "success",
+            msg, cuidUserId, tokenType);
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"", filter, "\";\n");
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( editResultTemplate, injection );
+
+    } else if ( PL_strstr( query, "op=do_delete_user" ) ) {
+        tokendbDebug( "authorization for do_delete_user\n" );
+
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "do_delete_user", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "do_delete_user", "Success", "Tokendb user authorization");
+
+        uid = get_post_field(post, "uid", SHORT_LEN);
+        opOperator = get_post_field(post, "opOperator", SHORT_LEN);
+        opAdmin = get_post_field(post, "opAdmin", SHORT_LEN);
+        opAgent = get_post_field(post, "opAgent", SHORT_LEN);
+
+        if (uid == NULL) {
+            error_out("Error in delete user. userid is null", "Error in delete user. userid is null");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            do_free(opOperator);
+            do_free(opAdmin);
+            do_free(opAgent);
+            
+            return DONE;
+        }
+
+        if (opOperator != NULL) {
+            status = delete_user_from_role_db_entry(userid, uid, OPERATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, OPERATOR);
+                post_ldap_error(msg);
+            }
+        }
+
+        if (opAgent != NULL) {
+            status = delete_user_from_role_db_entry(userid, uid, AGENT);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, AGENT);
+                post_ldap_error(msg);
+            }
+        }
+
+        if (opAdmin != NULL) {
+            status = delete_user_from_role_db_entry(userid, uid, ADMINISTRATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, ADMINISTRATOR);
+                post_ldap_error(msg);
+            }
+        }
+
+        do_free(opOperator);
+        do_free(opAdmin);
+        do_free(opAgent);
+            
+        status = delete_user_db_entry(userid, uid);
+
+        if ((status != LDAP_SUCCESS) && (status != LDAP_NO_SUCH_OBJECT)) {
+            PR_snprintf(oString, 512, "uid;;%s", uid);
+            PR_snprintf(pString, 512, "status;;%d", status);
+            RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "failure", oString, pString,  "error in deleting user"); 
+
+            PR_snprintf(msg, 512, "Error deleting user %s", uid);
+            ldap_error_out(msg, msg);
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            do_free(uid);
+           
+            return DONE;
+        }
+
+        PR_snprintf((char *)msg, 256,
+            "'%s' has deleted user %s", userid, uid);
+        RA::tdb_activity(rq->connection->remote_ip, "", "delete_user", "success", msg, uid, NO_TOKEN_TYPE);
+        PR_snprintf(oString, 512, "uid;;%s", uid);
+        RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, "", "tokendb user deleted"); 
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"",     uid, "\";\n",
+                     "var deleteType = \"user\";\n");
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        do_free(uid);
+        
+        buf = getData( deleteResultTemplate, injection );
+    } else if ( PL_strstr( query, "op=addUser" ) ) {
+        tokendbDebug( "authorization for addUser\n" );
+
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "addUser", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "addUser", "Success", "Tokendb user authorization");
+
+        uid = get_post_field(post, "userid", SHORT_LEN);
+        firstName = get_post_field(post, "firstName", SHORT_LEN);
+        lastName = get_post_field(post, "lastName", SHORT_LEN);
+        opOperator = get_post_field(post, "opOperator", SHORT_LEN);
+        opAdmin = get_post_field(post, "opAdmin", SHORT_LEN);
+        opAgent = get_post_field(post, "opAgent", SHORT_LEN);
+        userCert = get_encoded_post_field(post, "cert", HUGE_STRING_LEN); 
+
+        if ((PL_strlen(uid) == 0) || (PL_strlen(firstName) == 0) || (PL_strlen(lastName) == 0)) {
+            error_out("Bad input to op=addUser", "Bad input to op=addUser");
+            do_free(uid);
+            do_free(firstName);
+            do_free(lastName);
+            do_free(opOperator);
+            do_free(opAdmin);
+            do_free(opAgent);
+            do_free(userCert);
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return OK;
+        }
+        PR_snprintf((char *)userCN, 256, 
+            "%s %s", firstName, lastName);
+
+        PR_snprintf(oString, 512, "uid;;%s", uid);
+
+        /* to meet STIG requirements, every user in ldap must have a password, even if that password is never used */
+        char *pwd = generatePassword(pwLength);
+        status = add_user_db_entry(userid, uid, pwd, lastName, firstName, userCN, userCert);
+        do_free(pwd);
+
+        if (status != LDAP_SUCCESS) {
+            RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "Failure", oString, "", "failure in adding tokendb user"); 
+            PR_snprintf((char *)msg, 512, "LDAP Error in adding new user %s", uid);   
+            ldap_error_out(msg, msg);
+            do_free(uid);
+            do_free(firstName);
+            do_free(lastName);
+            do_free(opOperator);
+            do_free(opAdmin);
+            do_free(opAgent);
+            do_free(userCert);
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return OK;
+        }
+
+        PR_snprintf((char *)msg, 512,
+            "'%s' has created new user %s", userid, uid);
+        RA::tdb_activity(rq->connection->remote_ip, "", "add_user", "success", msg, uid, NO_TOKEN_TYPE);
+
+        RA::Audit(EV_CONFIG_ROLE, AUDIT_MSG_CONFIG, userid, "Admin", "success", oString, "", "tokendb user added"); 
+
+        if ((opOperator != NULL) && (PL_strstr(opOperator, OPERATOR))) {
+            status = add_user_to_role_db_entry(userid, uid, OPERATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                PR_snprintf(msg, 512, "Error adding user %s to role %s", uid, OPERATOR);
+                post_ldap_error(msg);
+            }
+        } else {
+            status = delete_user_from_role_db_entry(userid, uid, OPERATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, OPERATOR);
+                post_ldap_error(msg);
+            }
+        }
+
+        if ((opAgent != NULL) && (PL_strstr(opAgent, AGENT))) {
+            status = add_user_to_role_db_entry(userid, uid, AGENT);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                PR_snprintf(msg, 512, "Error adding user %s to role %s", uid, AGENT);
+                post_ldap_error(msg);
+            }
+        } else {
+            status = delete_user_from_role_db_entry(userid, uid, AGENT);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, AGENT);
+                post_ldap_error(msg);
+            }
+        }
+        if ((opAdmin != NULL) && (PL_strstr(opAdmin, ADMINISTRATOR))) {
+            status = add_user_to_role_db_entry(userid, uid, ADMINISTRATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_TYPE_OR_VALUE_EXISTS)) {
+                PR_snprintf(msg, 512, "Error adding user %s to role %s", uid, ADMINISTRATOR);
+                post_ldap_error(msg);
+            }
+        } else {
+            status = delete_user_from_role_db_entry(userid, uid, ADMINISTRATOR);
+            if ((status!= LDAP_SUCCESS) && (status != LDAP_NO_SUCH_ATTRIBUTE)) {
+                PR_snprintf(msg, 512, "Error deleting user %s from role %s", uid, ADMINISTRATOR);
+                post_ldap_error(msg);
+            }
+
+        }
+
+        do_free(firstName);
+        do_free(lastName);
+        do_free(opOperator);
+        do_free(opAdmin);
+        do_free(opAgent);
+        do_free(userCert);
+       
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"",     uid, "\";\n", 
+                     "var addType = \"user\";\n");
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        do_free(uid);
+        
+        buf = getData( addResultTemplate, injection );
+
+    } else if( PL_strstr( query, "op=add" ) ) {
+        tokendbDebug( "authorization for op=add\n" );
+        RA_Status token_type_status;
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "add", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "add", "Success", "Tokendb user authorization");
+
+        getCN( filter, query );
+
+        if (m_processor.GetTokenType(OP_PREFIX, 0, 0, filter, (const char*) NULL, (NameValueSet*) NULL,
+                token_type_status, tokentype)) {
+            PL_strcpy(tokenType, tokentype); 
+        } else {
+            PL_strcpy(tokenType, NO_TOKEN_TYPE);
+        }
+            
+        if( strcmp( filter, "" ) == 0 ) {
+            error_out("No Token ID Found", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+        status = add_default_tus_db_entry( NULL, userid,
+                                           filter, "uninitialized",
+                                           NULL, NULL, tokenType );
+
+        PR_snprintf(oString, 512, "token_id;;%s", filter);
+        if( status != LDAP_SUCCESS ) {
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Failure", oString, "", "failed to add token record");
+            ldap_error_out("LDAP add error: ", "LDAP error: %s");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+        RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, "", "token record added");
+
+        PR_snprintf((char *)msg, 256,
+            "'%s' has created new token", userid);
+        RA::tdb_activity(rq->connection->remote_ip, filter, "add", "token", msg, "success", tokenType);
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"",    filter, "\";\n", 
+                     "var addType = \"token\";\n");
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+
+        buf = getData( addResultTemplate, injection );
+    } else if( PL_strstr( query, "op=delete" ) ) {
+        RA_Status token_type_status;
+        tokendbDebug( "authorization for op=delete\n" );
+
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "delete", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "delete", "Success", "Tokendb user authorization");
+
+        getCN( filter, query );
+
+        if (m_processor.GetTokenType(OP_PREFIX, 0, 0, filter, (const char*) NULL, (NameValueSet*) NULL,
+                token_type_status, tokentype)) {
+            PL_strcpy(tokenType, tokentype);
+        } else {
+            PL_strcpy(tokenType, NO_TOKEN_TYPE);
+        }
+
+
+        PR_snprintf((char *)msg, 256,
+            "'%s' has deleted token", userid);
+        RA::tdb_activity(rq->connection->remote_ip, filter, "delete", "token", msg, "", tokenType);
+
+        PR_snprintf(oString, 512, "token_id;;%s", filter);
+        status = delete_tus_db_entry( userid, filter );
+
+        if( status != LDAP_SUCCESS ) {
+            RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Failure", oString, "",  "failure in deleting token record");
+            ldap_error_out("LDAP delete error: ", "LDAP error: %s");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+
+        RA::Audit(EV_CONFIG_TOKEN, AUDIT_MSG_CONFIG, userid, "Admin", "Success", oString, "",  "token record deleted");
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var tid = \"", filter, "\";\n", 
+                     "var deleteType = \"token\";\n");
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( deleteResultTemplate, injection );
+    } else if( PL_strstr( query, "op=load" ) ) {
+        tokendbDebug( "authorization for op=load\n" );
+
+        if( (! is_agent ) && (! is_operator) ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "load", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "load", "Success", "Tokendb user authorization");
+
+        getTemplateName( template1, query );
+
+        buf = getData( template1, injection );
+    } else if ( PL_strstr( query, "op=audit_admin") ) {
+        tokendbDebug( "authorization for op=audit_admin\n" );
+
+        if (!is_admin )  {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "audit_admin", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "audit_admin", "Success", "Tokendb user authorization");
+
+        PR_snprintf (injection, MAX_INJECTION_SIZE,
+             "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%d%s%s%d%s%s%s%s%s%s%s%s%s%s", JS_START,
+             "var uriBase = \"", uri, "\";\n",
+             "var userid = \"", userid, "\";\n",
+             "var signedAuditEnable = \"", RA::m_audit_enabled ? "true": "false", "\";\n",
+             "var logSigningEnable = \"", RA::m_audit_signed ? "true" : "false", "\";\n",
+             "var signedAuditLogInterval = \"", RA::m_flush_interval, "\";\n",
+             "var signedAuditLogBufferSize = \"", RA::m_buffer_size, "\";\n",
+             "var signedAuditSelectedEvents = \"", RA::m_signedAuditSelectedEvents, "\";\n",
+             "var signedAuditSelectableEvents = \"", RA::m_signedAuditSelectableEvents, "\";\n",
+             "var signedAuditNonSelectableEvents = \"", RA::m_signedAuditNonSelectableEvents, "\";\n");
+
+         RA::Debug( "mod_tokendb::mod_tokendb_handler",
+               "signedAudit: %s %s %d %d %s %s %s", 
+               RA::m_audit_enabled ? "true": "false",
+               RA::m_audit_signed ? "true": "false",
+               RA::m_flush_interval,
+               RA::m_buffer_size,
+               RA::m_signedAuditSelectedEvents,
+               RA::m_signedAuditSelectableEvents, 
+               RA::m_signedAuditNonSelectableEvents);
+         
+        char *flash = get_field(query, "flash=", SHORT_LEN);
+        if (flash != NULL) {
+            PL_strcat(injection, "var flash = \"");
+            PL_strcat(injection, flash);
+            PL_strcat(injection, "\";\n");
+            do_free(flash);
+        }
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+        buf = getData(auditAdminTemplate, injection);
+    } else if (PL_strstr( query, "op=update_audit_admin") ) {
+        tokendbDebug( "authorization for op=audit_admin\n" );
+
+        if (!is_admin )  {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "update_audit_admin", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "update_audit_admin", "Success", "Tokendb user authorization");
+ 
+        int need_update=0;
+
+        bool o_signing = RA::m_audit_signed;
+        bool n_signing = o_signing;
+        char *logSigning = get_post_field(post, "logSigningEnable", SHORT_LEN);
+        if (logSigning != NULL) {
+            n_signing = (PL_strcmp(logSigning, "true") == 0)? true: false;
+        } 
+        do_free(logSigning);
+
+        bool o_enable = RA::m_audit_enabled;
+        bool n_enable = o_enable;
+        char *auditEnable = get_post_field(post, "auditEnable", SHORT_LEN);
+        if (auditEnable != NULL) {
+            n_enable = (PL_strcmp(auditEnable, "true") == 0)? true: false;
+        }
+        do_free(auditEnable);
+
+        if ((o_signing == n_signing) && (o_enable == n_enable)) {
+            // nothing changed, continue
+        } else {
+            if (o_signing != n_signing) {
+                PR_snprintf(pString, 512, "logging.audit.logSigning;;%s", (n_signing)? "true":"false");
+                if (o_enable != n_enable) {
+                    PL_strcat(pString, "+logging.audit.enable;;");
+                    PL_strcat(pString, (n_enable)? "true" : "false");
+                }
+            } else {
+                PR_snprintf(pString, 512, "logging.audit.enable;;%s", (n_enable)? "true":"false");
+            }
+
+            RA::Audit(EV_CONFIG_AUDIT, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", pString, "attempting to modify audit log configuration");
+
+            if (n_enable) { // be sure to log audit log startup messages,if any
+                RA::enable_audit_logging(n_enable);
+            }
+
+            RA::setup_audit_log(n_signing, n_signing != o_signing);
+
+            if (n_enable && !o_enable) {
+                RA::Audit(EV_AUDIT_LOG_STARTUP, AUDIT_MSG_FORMAT, "System", "Success",
+                    "audit function startup");
+            } else if (!n_enable && o_enable) {
+                RA::Audit(EV_AUDIT_LOG_SHUTDOWN, AUDIT_MSG_FORMAT, "System", "Success",
+                    "audit function shutdown");
+            }
+            RA::FlushAuditLogBuffer();
+
+            // sleep to ensure all logs written
+            PR_Sleep(PR_SecondsToInterval(1));
+
+            if (!n_enable) { // turn off logging after all logs written
+                RA::enable_audit_logging(n_enable);
+            }
+            need_update = 1;
+
+            RA::Audit(EV_CONFIG_AUDIT, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", pString, "audit log config modified");
+            PR_snprintf((char *)msg, 512, "'%s' has modified audit log config: %s", userid, pString);
+               RA::tdb_activity(rq->connection->remote_ip, "", "modify_audit_signing", "success", msg, userid, NO_TOKEN_TYPE);
+        }
+
+        char *logSigningInterval_str = get_post_field(post, "logSigningInterval", SHORT_LEN);
+        int logSigningInterval = atoi(logSigningInterval_str);
+        do_free(logSigningInterval_str);
+
+        if ((logSigningInterval>=0) &&(logSigningInterval != RA::m_flush_interval)) {
+            RA::SetFlushInterval(logSigningInterval);
+            PR_snprintf((char *)msg, 512, "'%s' has modified the  audit log signing interval to %d seconds", userid, logSigningInterval);
+            RA::tdb_activity(rq->connection->remote_ip, "", "modify_audit_signing", "success", msg, userid, NO_TOKEN_TYPE);
+
+            PR_snprintf(pString, 512, "logging.audit.flush.interval;;%d", logSigningInterval);
+            RA::Audit(EV_CONFIG_AUDIT, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", pString, "audit log configuration modified");
+        }
+
+        char *logSigningBufferSize_str = get_post_field(post, "logSigningBufferSize", SHORT_LEN);
+        int logSigningBufferSize = atoi(logSigningBufferSize_str);
+        do_free(logSigningBufferSize_str);
+
+        if ((logSigningBufferSize >= 512) && (logSigningBufferSize != (int) RA::m_buffer_size)) {
+            RA::SetBufferSize(logSigningBufferSize);
+            PR_snprintf((char *)msg, 512, "'%s' has modified the  audit log signing buffer size to %d bytes", userid, logSigningBufferSize);
+            RA::tdb_activity(rq->connection->remote_ip, "", "modify_audit_signing", "success", msg, userid, NO_TOKEN_TYPE);
+
+            PR_snprintf(pString, 512, "logging.audit.buffer.size;;%d", logSigningBufferSize);
+            RA::Audit(EV_CONFIG_AUDIT, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", pString, "audit log configuration modified");
+        }
+
+        char *nEvents_str = get_post_field(post, "nEvents", SHORT_LEN);
+        int nEvents = atoi(nEvents_str);
+        do_free(nEvents_str);
+
+        char new_selected[MAX_INJECTION_SIZE];
+
+        int first_match = 1;
+        for (int i=0; i< nEvents; i++) {
+            char e_name[256];
+            PR_snprintf(e_name, 256, "event_%d", i);
+            char *event = get_post_field(post, e_name, SHORT_LEN);
+            if ((event != NULL) && RA::IsValidEvent(event)) {
+                if (first_match != 1) {
+                    PL_strcat(new_selected, ",");
+                }
+                first_match = 0;
+                PL_strcat(new_selected, event);
+            }
+            do_free(event);
+        }
+
+        if (PL_strcmp(new_selected, RA::m_signedAuditSelectedEvents) != 0) {
+            need_update = 1;
+            RA::update_signed_audit_selected_events(new_selected);
+
+            PR_snprintf((char *)msg, 512,
+            "'%s' has modified audit signing configuration", userid);
+            RA::tdb_activity(rq->connection->remote_ip, "", "modify_audit_signing", "success", msg, userid, NO_TOKEN_TYPE);
+
+            PR_snprintf(pLongString, 4096, "logging.audit.selected.events;;%s", new_selected);
+            RA::Audit(EV_CONFIG_AUDIT, AUDIT_MSG_CONFIG, userid, "Admin", "Success", "", pLongString, "audit log configuration modified");
+
+        }
+
+        if (need_update == 1) {
+           tokendbDebug("Updating signed audit events in CS.cfg");
+           char error_msg[512]; 
+           status = RA::GetConfigStore()->Commit(true, error_msg, 512);
+           if (status != 0) {        
+                tokendbDebug(error_msg);
+           }
+        } 
+
+        PR_snprintf(injection, MAX_INJECTION_SIZE,
+                    "/tus/tus?op=audit_admin&flash=Signed+Audit+configuration+has+been+updated");
+        do_free(buf);
+        do_strfree(uri);
+        do_strfree(query);
+
+        rq->method = apr_pstrdup(rq->pool, "GET");
+        rq->method_number = M_GET;
+
+        ap_internal_redirect_handler(injection, rq);
+        return OK;
+    } else if ( PL_strstr( query, "op=self_test") ) {
+        tokendbDebug( "authorization for op=self_test\n" );
+
+        if (!is_admin )  {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "self_test", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_free(uri);
+            do_free(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "self_test", "Success", "Tokendb user authorization");
+
+        PR_snprintf (injection, MAX_INJECTION_SIZE,
+             "%s%s%s%s%s%s%s%s%d%s%s%d%s", JS_START,
+             "var uriBase = \"", uri, "\";\n",
+             "var userid = \"", userid, "\";\n",
+             "var enabled = ", SelfTest::isOnDemandEnabled(), ";\n",
+             "var critical = ", SelfTest::isOnDemandCritical(), ";\n");
+
+        if (SelfTest::nTests > 0)
+            PL_strcat(injection, "var test_list = [");
+        for (int i = 0; i < SelfTest::nTests; i++) {
+            RA::Debug( "mod_tokendb::mod_tokendb_handler", "test name: %s", SelfTest::TEST_NAMES[i]);
+            if (i > 0)
+                PL_strcat(injection, ", ");
+            PL_strcat(injection, "\"");
+            PL_strcat(injection, SelfTest::TEST_NAMES[i]);
+            PL_strcat(injection, "\"");
+        }
+        if (SelfTest::nTests > 0)
+            PL_strcat(injection, "];\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+        buf = getData(selfTestTemplate, injection);
+    } else if ( PL_strstr( query, "op=run_self_test" ) ) {
+        tokendbDebug( "authorization for run_self_test\n" );
+
+        if( ! is_admin ) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "run_self_test", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_free(uri);
+            do_free(query);
+
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "run_self_test", "Success", "Tokendb user authorization");
+
+        rc = SelfTest::runOnDemandSelfTests();
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%d%s%s%d%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var enabled = ", SelfTest::isOnDemandEnabled(), ";\n",
+                     "var result = \"", rc, "\";\n");
+
+        if (SelfTest::nTests > 0)
+            PL_strcat(injection, "var test_list = [");
+        for (int i = 0; i < SelfTest::nTests; i++) {
+            RA::Debug( "mod_tokendb::mod_tokendb_handler", "test name: %s", SelfTest::TEST_NAMES[i]);
+            if (i > 0)
+                PL_strcat(injection, ", ");
+            PL_strcat(injection, "\"");
+            PL_strcat(injection, SelfTest::TEST_NAMES[i]);
+            PL_strcat(injection, "\"");
+        }
+        if (SelfTest::nTests > 0)
+            PL_strcat(injection, "];\n");
+
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection);
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( selfTestResultsTemplate, injection );
+    } else if( ( PL_strstr( query, "op=agent_select_config" ) ) ) {
+        tokendbDebug( "authorization for op=agent_select_config\n" );
+        if (! is_agent) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "agent_select_config", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "agent_select_config", "Success", "Tokendb user authorization");
+
+        char *conf_type = NULL;
+        char *disp_conf_type = NULL;
+        conf_type = get_field(query, "type=", SHORT_LEN);
+
+        if (conf_type == NULL) {
+            error_out("Invalid Invocation: Type is NULL", "Type is NULL");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            do_free(conf_type);
+            return DONE;
+        }
+
+        // check if agent has permission to see this config parameter
+        if (! agent_must_approve(conf_type)) {
+            error_out("Invalid Invocation: Agent is not permitted to view this configuration item", "Agent is not permitted to view this configuration item");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.list", conf_type );
+        const char *conf_list = RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", conf_type ); 
+        disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var conf_type = \"", conf_type, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_list = \"", (conf_list != NULL)? conf_list : "", "\";\n");
+
+        do_free(conf_type);
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection); //needed?
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( agentSelectConfigTemplate, injection );
+    } else if( ( PL_strstr( query, "op=select_config_parameter" ) ) ) {
+        tokendbDebug( "authorization for op=select_config_parameter\n" );
+        if (! is_admin) {
+            RA::Audit(EV_AUTHZ_FAIL, AUDIT_MSG_AUTHZ, userid, "select_config_parameter", "Failure", "Tokendb user authorization");
+            error_out("Authorization Failure", "Failed to authorize request");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+        RA::Audit(EV_AUTHZ_SUCCESS, AUDIT_MSG_AUTHZ, userid, "select_config_parameter", "Success", "Tokendb user authorization");
+
+        char *conf_type = NULL;
+        conf_type = get_field(query, "type=", SHORT_LEN);
+
+        if (conf_type == NULL) {
+            error_out("Invalid Invocation: Type is NULL", "Type is NULL");
+            do_free(buf);
+            do_strfree(uri);
+            do_strfree(query);
+            return DONE;
+        }
+
+        PR_snprintf( ( char * ) configname, 256,
+            "target.%s.list", conf_type );
+        const char *conf_list = RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( ( char * ) configname, 256, "target.%s.displayname", conf_type ); 
+        const char *disp_conf_type = (char *) RA::GetConfigStore()->GetConfigAsString( configname );
+
+        PR_snprintf( injection, MAX_INJECTION_SIZE,
+                     "%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s", JS_START,
+                     "var uriBase = \"", uri, "\";\n",
+                     "var userid = \"", userid, "\";\n",
+                     "var conf_type = \"", conf_type, "\";\n",
+                     "var disp_conf_type = \"", disp_conf_type, "\";\n",
+                     "var conf_list = \"", (conf_list != NULL)? conf_list : "", "\";\n");
+
+        do_free(conf_type);
+        // do_free(conf_list);
+        add_authorization_data(userid, is_admin, is_operator, is_agent, injection); //needed?
+        PL_strcat(injection, JS_STOP);
+
+        buf = getData( selectConfigTemplate, injection );
+    }
+
+    if( buf != NULL ) {
+        len = PL_strlen( buf );
+
+        ( void ) ap_rwrite( ( const void * ) buf, len, rq );
+
+        do_free(buf);
+    }
+    do_free(userid);
+    do_strfree(uri);
+    do_strfree(query);
+
+    return OK;
+}
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Command Phase
+**  _________________________________________________________________
+*/
+
+static const char *mod_tokendb_get_config_path_file( cmd_parms *cmd,
+                                                     void *mconfig,
+                                                     const char *tokendbconf )
+{
+    if( cmd->path ) {
+        ap_log_error( APLOG_MARK, APLOG_ERR, 0, NULL,
+                      "The %s config param cannot be specified "
+                      "in a Directory section.",
+                      cmd->directive->directive );
+    } else {
+        mod_tokendb_server_configuration *sc = NULL;
+
+        /* Retrieve the Tokendb module. */
+        sc = ( ( mod_tokendb_server_configuration * )
+               ap_get_module_config( cmd->server->module_config,
+                                     &MOD_TOKENDB_CONFIG_KEY ) );
+
+        /* Initialize the "Tokendb Configuration File" */
+        /* member of mod_tokendb_server_configuration. */
+        sc->Tokendb_Configuration_File = apr_pstrdup( cmd->pool, tokendbconf );
+    }
+
+    return NULL;
+}
+
+
+static const command_rec mod_tokendb_config_cmds[] = {
+    AP_INIT_TAKE1( MOD_TOKENDB_CONFIGURATION_FILE_PARAMETER,
+                   ( const char*(*)() ) mod_tokendb_get_config_path_file,
+                   NULL,
+                   RSRC_CONF,
+                   MOD_TOKENDB_CONFIGURATION_FILE_USAGE ),
+   { NULL }
+};
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Server Configuration Creation Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Create Tokendb module server configuration
+ */
+static void *
+mod_tokendb_config_server_create( apr_pool_t *p, server_rec *sv )
+{
+    /* Initialize all APR library routines. */
+    apr_initialize();
+
+    /* Create a memory pool for this server. */
+    mod_tokendb_server_configuration *sc = ( mod_tokendb_server_configuration * )
+                                           apr_pcalloc( p,
+                                                        ( apr_size_t )
+                                                        sizeof( *sc ) );
+    
+    /* Initialize all members of mod_tokendb_server_configuration. */
+    sc->Tokendb_Configuration_File = NULL;
+    sc->enabled = MOD_TOKENDB_FALSE;
+
+    return sc;
+}
+
+
+
+/*  _________________________________________________________________
+**
+**  Tokendb Module Registration Phase
+**  _________________________________________________________________
+*/
+                                                                                
+static void
+mod_tokendb_register_hooks( apr_pool_t *p )
+{
+    static const char *const mod_tokendb_preloaded_modules[]  = { "mod_nss.c",
+                                                                  "mod_tps.cpp",
+                                                                  NULL };
+    static const char *const mod_tokendb_postloaded_modules[] = { NULL };
+                                                                                
+    ap_hook_post_config( mod_tokendb_initialize,
+                         mod_tokendb_preloaded_modules,
+                         mod_tokendb_postloaded_modules,
+                         APR_HOOK_MIDDLE );
+
+    ap_hook_handler( mod_tokendb_handler,
+                     mod_tokendb_preloaded_modules,
+                     mod_tokendb_postloaded_modules,
+                     APR_HOOK_MIDDLE );
+}
+
+
+module TOKENDB_PUBLIC MOD_TOKENDB_CONFIG_KEY = {
+    STANDARD20_MODULE_STUFF,
+    NULL,                             /* create per-dir    config structures */
+    NULL,                             /* merge  per-dir    config structures */
+    mod_tokendb_config_server_create, /* create per-server config structures */
+    NULL,                             /* merge  per-server config structures */
+    mod_tokendb_config_cmds,          /* table of configuration directives   */
+    mod_tokendb_register_hooks        /* register hooks */
+};
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/modules/tps/AP_Context.cpp b/pki/base/tps/src/modules/tps/AP_Context.cpp
new file mode 100644
index 000000000..cde314254
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/AP_Context.cpp
@@ -0,0 +1,83 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "httpd/httpd.h"
+#include "httpd/http_log.h"
+#include "nspr.h"
+
+#include "modules/tps/AP_Context.h"
+
+#define MAX_LOG_MSG_SIZE               4096
+
+
+AP_Context::AP_Context( server_rec *sv )
+{
+    m_sv = sv;
+}
+
+
+AP_Context::~AP_Context()
+{
+    /* no clean up */
+}
+
+
+void AP_Context::LogError( const char *func, int line, const char *fmt, ... )
+{
+    char buf[MAX_LOG_MSG_SIZE];
+
+    va_list argp; 
+    va_start( argp, fmt );
+    PR_vsnprintf( buf, MAX_LOG_MSG_SIZE, fmt, argp );
+    va_end( argp );
+
+    ap_log_error( func, line, APLOG_ERR, 0, m_sv, buf );
+}
+
+
+void AP_Context::LogInfo( const char *func, int line, const char *fmt, ... )
+{
+    char buf[MAX_LOG_MSG_SIZE];
+
+    va_list argp; 
+    va_start( argp, fmt );
+    PR_vsnprintf( buf, MAX_LOG_MSG_SIZE, fmt, argp );
+    va_end( argp );
+
+    ap_log_error( func, line, APLOG_INFO, 0, m_sv, buf );
+}
+
+
+void AP_Context::InitializationError( const char *func, int line )
+{
+    ap_log_error( func, line, APLOG_INFO, 0, m_sv,
+                  "The nss module must be initialized "
+                  "prior to calling the tps module." );
+}
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/modules/tps/AP_Session.cpp b/pki/base/tps/src/modules/tps/AP_Session.cpp
new file mode 100644
index 000000000..36f455355
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/AP_Session.cpp
@@ -0,0 +1,1169 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include "nspr.h"
+#include "httpd/httpd.h"
+#include "httpd/http_protocol.h"
+
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "main/RA_Msg.h"
+#include "main/RA_pblock.h"
+#include "main/RA_Session.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "modules/tps/AP_Session.h"
+#include "main/Memory.h"
+#include "apr_strings.h"
+
+/**
+ * http parameters used in the protocol 
+ */
+#define PARAM_MSG_TYPE                "msg_type"
+#define PARAM_OPERATION               "operation"
+#define PARAM_INVALID_PW              "invalid_pw"
+#define PARAM_BLOCKED                 "blocked"
+#define PARAM_SCREEN_NAME             "screen_name"
+#define PARAM_PASSWORD                "password"
+#define PARAM_PIN_REQUIRED            "pin_required"
+#define PARAM_NEXT_VALUE              "next_value"
+#define PARAM_VALUE                   "value"
+#define PARAM_PIN                     "pin"
+#define PARAM_QUESTION                "question"
+#define PARAM_ANSWER                  "answer"
+#define PARAM_MINIMUM_LENGTH          "minimum_length"
+#define PARAM_MAXIMUM_LENGTH          "maximum_length"
+#define PARAM_NEW_PIN                 "new_pin"
+#define PARAM_PDU_SIZE                "pdu_size"
+#define PARAM_PDU_DATA                "pdu_data"
+#define PARAM_RESULT                  "result"
+#define PARAM_MESSAGE                 "message"
+#define PARAM_STATUS                  "current_state"
+#define PARAM_INFO                    "next_task_name"
+#define PARAM_EXTENSIONS              "extensions"
+
+#define MAX_RA_MSG_SIZE               4096
+#define MAX_LOG_MSG_SIZE              4096
+
+// maximum number of digits for message length
+#define MAX_LEN_DIGITS                4
+
+
+static int contains_sensitive_keywords(char *msg)
+{
+    if (strstr(msg, "password" ) != NULL ) {
+      return 1;
+    }
+    if (strstr(msg, "PASSWORD" ) != NULL ) {
+      return 1;
+    }
+    if (strstr(msg, "new_pin" ) != NULL ) {
+      return 1;
+    }
+    return 0;
+}
+
+
+/**
+ * AP_Session represents an active connection between the
+ * Registration authority and the token client.
+ *
+ * Note that AP_Session encapsulates all the glue logic 
+ * between Apache and the RA. If we need to go to anther platform 
+ * (i.e. NPE, NES, or other web servers) later, we just need 
+ * to implement a new Session implementation.
+ */
+AP_Session::AP_Session( request_rec *rq )
+{
+    m_rq = rq;
+    /* REQUEST_CHUNKED_DECHUNK  If chunked, remove the chunks for me */
+    ap_setup_client_block( rq, REQUEST_CHUNKED_DECHUNK);
+}
+
+
+AP_Session::~AP_Session()
+{
+    /* no clean up */
+}
+
+
+char *AP_Session::GetRemoteIP()
+{
+    return ( m_rq->connection->remote_ip );
+}
+
+
+/**
+ * reads from network "s=xx" where xx is the length of the message
+ * that follows.  The length is returned as int.
+ * @return length in int
+ */
+static int GetMsgLen( request_rec *rq )
+{
+    int len=0;
+    char msg_len[MAX_LEN_DIGITS]; // msg_len can't take more than 4 digits
+    char *p_msg_len = msg_len;
+    int sum = 0;
+
+    /* read msg size */
+    len = ( int ) ap_get_client_block( rq, p_msg_len,
+                                       ( apr_size_t ) 1 ); /* s */
+    if( len != 1 ) {
+        RA::Error( "AP_Session::GetMsgLen",
+                   "ap_get_client_block returned error: %d", len );
+
+        return 0;
+    }
+
+    len = ( int ) ap_get_client_block( rq, p_msg_len,
+                                       ( apr_size_t ) 1 ); /* = */
+
+    if( len != 1 ) {
+        RA::Error( "AP_Session::GetMsgLen",
+                   "ap_get_client_block returned error: %d", len );
+
+        return 0;
+    }
+
+    while( 1 ) {
+        if( sum > ( MAX_LEN_DIGITS -1 ) ) {
+            /* the length is too large */
+            RA::Error( "AP_Session::ReadMsg", "Message Size is too large." );
+            return -1;
+        }
+
+        len = ( int ) ap_get_client_block( rq, p_msg_len, ( apr_size_t ) 1 );
+
+        if( len != 1 ) {
+            break;   
+        }
+
+        if( len != 0 ) {
+            if( *p_msg_len == '&' ) {
+                break;
+            }
+
+            p_msg_len++;
+            sum++;
+        }
+    }
+
+    *p_msg_len = '\0';
+
+    return atoi( msg_len );
+}
+
+static int GetMsg( request_rec *rq, char *buf, int size )
+{
+    int len;
+    int sum = 0;
+    char *p_msg = buf;
+
+    while( 1 ) {
+        len = ( int ) ap_get_client_block( rq, p_msg, ( apr_size_t ) 1 );
+        if( len != 1 ) {
+            return -1;
+        }
+        p_msg += len;
+        sum += len;
+        buf[sum] = '\0';
+        if( sum == size ) {
+            break;
+        }
+    }
+
+    buf[sum] = '\0';
+
+    return sum;
+}
+
+char *stripEmptyArgs( char *data )
+{
+    char *n_data = ( char * ) PR_Malloc( strlen( data ) + 2 );
+    n_data[0] = '\0';
+    int nv_count = 0;
+
+    if( data != NULL && strlen( data ) > 0 ) {
+        char *lasts = NULL;
+        char *tok = PL_strtok_r( data, " ", &lasts ); 
+
+        while( tok != NULL ) {
+            if( tok[strlen( tok )-1] != '=' ) {
+                n_data = strcat( n_data, tok );
+                n_data = strcat( n_data, " " );
+                nv_count++;
+            }
+
+            tok = PL_strtok_r( NULL, " ", &lasts ); 
+        }
+        int len = strlen( n_data );
+        n_data[len-1] = '\0';
+    }
+
+    if( ( nv_count > MAX_NVS ) || ( n_data[0] == '\0' ) ) {
+        PR_Free( n_data );
+        n_data = NULL;
+    }
+
+    return n_data;
+}
+
+
+int pblock_str2pblock( char *n_data, apr_array_header_t *tm_pblock , request_rec *rec)
+{
+    int element = 0;
+
+    if( n_data != NULL && strlen( n_data ) > 0 ) {
+        char *lasts = NULL;
+        char *tok = PL_strtok_r( n_data, " ", &lasts ); 
+
+        /* store each name/value pair in the string into the pblock array */
+        while( tok != NULL ) {
+            char name[4096];
+            char value[4096];
+
+            for( int i = 0; i < ( int ) strlen( tok ); i++ ) {
+                if( tok[i] != '=' ) {
+                    /* extract and add to the name portion */
+                    name[i] = tok[i];
+                } else {
+                    /* null terminate the name portion */
+                    name[i] = '\0';
+                    /* extract the entire value portion */
+                    strcpy( value, &tok[i+1] );
+                    break;
+                }
+            }
+
+            /* store the name/value pair as an entry in the pblock array */
+            ( ( apr_table_entry_t * ) tm_pblock->elts )[element].key =
+              apr_pstrdup(rec->pool, name);
+            ( ( apr_table_entry_t * ) tm_pblock->elts )[element].val =
+              apr_pstrdup(rec->pool, value);
+
+            /* increment the entry to the pblock array */
+            element++;
+
+            /* get the next name/value pair from the string */
+            tok = PL_strtok_r( NULL, " ", &lasts ); 
+        }
+    }
+
+    return element;
+}
+
+
+/**
+ * Parses the data and creates an RA_pblock to store name/value pairs
+ * @param data null-terminated string containing a string with format:
+ *        n1=v1&n2=v2&n3=v3&...
+ * @return
+ *        pointer to RA_pblock if success
+ *        NULL if failure;
+ */
+RA_pblock *AP_Session::create_pblock( char *data )
+{
+    if( ( data == NULL ) || ( data[0] == '\0' ) ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "data is NULL" );
+        return NULL;
+    }
+
+    if(contains_sensitive_keywords(data)) {
+      RA::Debug( LL_PER_PDU,
+               "AP_Session::create_pblock",
+               "Data '(sensitive)'");
+    } else {
+      RA::Debug( LL_PER_PDU,
+               "AP_Session::create_pblock",
+               "Data '%s'", data);
+    }
+
+    //
+    // The data contains a set of name value pairs separated by an '&'
+    // (i. e. - n1=v1&n2=v2...).  Replace each '&' with a ' '.
+    //
+    // Note that since the values are expected to have been url-encoded,
+    // they must be url-decoded within the subclass method.
+    //
+    int i, j;
+    int len = strlen( data );
+
+    for( i = 0; i < len; i++ ) {
+        // need to check if data[i] is a valid url-encoded char...later
+        if( data[i] == '&' ) {
+            data[i] = ' ';
+        }
+    }
+
+    apr_array_header_t *tm_pblock = apr_array_make( m_rq->pool,
+                                                    MAX_NVS,
+                                                    sizeof( apr_table_entry_t )
+                                                  );
+
+    if( tm_pblock == NULL ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "apr_array_make returns NULL" );
+        return NULL;
+    }
+
+    //
+    // The data is in the format of "name=v1 name=v2 name=v3".  If the data
+    // has content like "name=v1 name= name=v3", the pblock_str2pblock will
+    // return (-1).  This is because pblock_str2pblock does not know how to
+    // handle the case of an empty value.  Therefore, before we invoke
+    // pblock_str2pblock, we make sure to remove any input data which
+    // contains an empty value.
+    //
+    char *n_data = stripEmptyArgs( data );
+    if( n_data == NULL ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "stripEmptyArgs was either empty or "
+                   "contained more than %d name/value pairs!",
+                   MAX_NVS );
+        return NULL;
+    }
+
+    int tm_nargs = pblock_str2pblock( n_data, tm_pblock , m_rq);
+    apr_table_entry_t *pe = NULL;
+
+    RA::Debug( LL_PER_PDU,
+               "AP_Session::create_pblock",
+               "Found Arguments=%d, nalloc=%d",
+               tm_nargs,
+               tm_pblock->nalloc );
+
+    // url decode all values and place into Buffer_nv's
+    Buffer_nv *tm_nvs[MAX_NVS];
+
+    for( i = 0, j = 0; i < tm_nargs; i++, j++ ) {
+        tm_nvs[j] = NULL;
+
+        pe = ( apr_table_entry_t * ) tm_pblock->elts;
+
+        if( pe == NULL ) {
+            continue;
+        }
+
+        if( ( pe[i].key == NULL ) ||
+            ( ( PR_CompareStrings( pe[i].key, "" ) == 1 ) ) ||
+            ( pe[i].val == NULL ) ||
+            ( ( PR_CompareStrings( pe[i].val, "" ) == 1 ) ) ) {
+            RA::Debug( LL_ALL_DATA_IN_PDU,
+                       "AP_Session::create_pblock",
+                       "name/value pair contains NULL...skip" );
+            continue;
+        }
+
+        if(contains_sensitive_keywords(pe[i].key)) {
+            RA::Debug( LL_PER_PDU,
+                       "AP_Session::create_pblock",
+                       "entry name=%s, value=<...do not print...>",
+                       pe[i].key );
+        } else {
+            RA::Debug( LL_PER_PDU,
+                       "AP_Session::create_pblock",
+                       "entry name=%s, value=%s",
+                       pe[i].key,
+                       pe[i].val );
+        }
+
+        Buffer *decoded = NULL;
+
+        decoded = Util::URLDecode( pe[i].val );
+
+        tm_nvs[j] = ( struct Buffer_nv * )
+                    PR_Malloc( sizeof( struct Buffer_nv ) );
+
+        if( tm_nvs[j] != NULL ) {
+            tm_nvs[j]->name = PL_strdup( pe[i].key );
+            tm_nvs[j]->value_s =  PL_strdup( pe[i].val );
+            tm_nvs[j]->value = decoded;
+        } else {
+            RA::Debug( LL_PER_PDU,
+                       "AP_Session::create_pblock",
+                       "tm_nvs[%d] is NULL",
+                       j );
+        }
+    } // for
+
+    RA_pblock *ra_pb = new RA_pblock( tm_nargs, tm_nvs );
+
+    if( n_data != NULL ) {
+        PR_Free( n_data );
+        n_data = NULL;
+    }
+
+    if( ra_pb == NULL ) {
+        RA::Error( "AP_Session::create_pblock",
+                   "RA_pblock is NULL" );
+        return NULL;
+    }
+
+    return ra_pb;
+}
+
+RA_Msg *AP_Session::ReadMsg()
+{
+    int len;
+    int msg_len = 0;
+    char msg[MAX_RA_MSG_SIZE];
+    char *msg_type = NULL;
+    int i_msg_type;
+    Buffer *msg_type_b = NULL;
+
+    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+               "========== ReadMsg Begins =======" );
+
+    msg_len = GetMsgLen( m_rq );
+
+    if( ( msg_len <= 0 ) || ( msg_len > MAX_RA_MSG_SIZE ) ) {
+        RA::Error( "AP_Session::ReadMsg",
+                   "Message Size not in range. size =%d. Operation may have been cancelled.", msg_len );
+        return NULL;
+    }
+
+    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", "msg_len=%d", msg_len );
+
+    len = GetMsg( m_rq, msg, msg_len );
+
+    if( len != msg_len ) {
+        RA::Error( "AP_Session::ReadMsg", 
+                   "Message Size Mismatch. Expected '%d' Received '%d'", 
+                   msg_len, len );
+        return NULL;
+    }
+
+    if(!contains_sensitive_keywords(msg)) {
+        RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                   "Received len='%d' msg='%s'", len, msg );
+    } else {
+        RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                   "Received len='%d' msg='<Password or new pin>'", len );
+    }
+
+    RA_Msg *ret_msg = NULL;
+
+    // format into array of name/value pair with value Buffer's
+    RA_pblock *ra_pb = ( RA_pblock * ) create_pblock( msg );
+
+    if( ra_pb == NULL ) {
+        goto loser;
+    }
+
+    // msg_type_b will be freed by destructor of RA_pblock
+    msg_type_b =  ra_pb->find_val( PARAM_MSG_TYPE );
+    if( msg_type_b == NULL ) {
+        goto loser;
+    }
+
+    // msg_type should be freed when done using
+    msg_type = msg_type_b->string();
+
+    if( msg_type == NULL ) {
+        RA::Error( "AP_Session::ReadMsg",
+                   "Parameter Not Found %s", PARAM_MSG_TYPE );
+        goto loser;
+    }
+
+    i_msg_type = atoi( msg_type );
+
+    switch( i_msg_type )
+    {
+        case MSG_BEGIN_OP: /* BEGIN_OP */
+        {
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "BEGIN_OP", msg_type );
+
+            Buffer *opB = ra_pb->find_val( PARAM_OPERATION );
+
+            if( opB == NULL ) {
+                goto loser;
+            }
+
+            RA::DebugBuffer( "AP_Session::ReadMsg", "content=", opB );
+
+            char *op_c = opB->string();
+
+            if( op_c == NULL ) {
+                goto loser;
+            }
+
+            int i_op = atoi( op_c );
+
+            if( op_c != NULL ) {
+                PR_Free( op_c );
+                op_c = NULL;
+            }
+
+            NameValueSet *exts = NULL;
+
+            Buffer *opE = ra_pb->find_val( PARAM_EXTENSIONS ); // optional
+
+            if( opE != NULL ) {
+                char *op_e = opE->string();
+                if( op_e == NULL ) {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                               "No extensions" );
+                } else {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "Extensions %s", op_e );
+                    exts = NameValueSet::Parse( op_e, "&" );
+                    if( op_e != NULL ) {
+                        PR_Free( op_e );
+                        op_e = NULL;
+                    }
+                }
+            }
+
+            switch( i_op )
+            {
+                case OP_ENROLL:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=ENROLL" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_ENROLL, exts );
+                    break;
+                }
+                case OP_UNBLOCK:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=UNBLOCK" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_UNBLOCK, exts );
+                    break;
+                }
+                case OP_RESET_PIN:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=RESET_PIN" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_RESET_PIN, exts );
+                    break;
+                }
+                case OP_RENEW:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=RENEW" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_RENEW, exts );
+                    break;
+                }
+                case OP_FORMAT:
+                {
+                    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg", 
+                               "begin_op_msg msg_type=FORMAT" );
+                    ret_msg = new RA_Begin_Op_Msg( OP_FORMAT, exts );
+                    break;
+                }
+                default:
+                {
+                    break;
+                    /* error */
+                }
+            } // switch( i_op )
+
+            break;
+        }
+        case MSG_EXTENDED_LOGIN_RESPONSE: /* LOGIN_RESPONSE */
+        {
+            char *name = NULL;
+            Buffer* value = NULL;
+            char *bufferStr = NULL;
+            AuthParams *params = new AuthParams();
+            int i;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "EXTENDED_LOGIN_RESPONSE", msg_type );
+
+            i = ra_pb->get_num_of_names();
+
+            for( i = 0; i < ra_pb->get_num_of_names(); i++ ) {
+                name = ra_pb->get_name( i );
+                if( name != NULL ) {
+                    value = ra_pb->find_val( ( const char * ) name );
+                    bufferStr = value->string();
+                    if( value != NULL ) {
+                        params->Add( name, bufferStr );
+                    }
+                    if (bufferStr != NULL) {
+                        PR_Free(bufferStr);
+                        bufferStr = NULL;
+                    }
+                }
+            }
+
+            ret_msg = new RA_Extended_Login_Response_Msg( params );
+
+            break;
+        }
+        case MSG_LOGIN_RESPONSE: /* LOGIN_RESPONSE */
+        {
+            char *uid = NULL, *password = NULL;
+            Buffer *uid_b, *pwd_b = NULL;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "LOGIN_RESPONSE", msg_type );
+
+            uid_b = ra_pb->find_val( PARAM_SCREEN_NAME );
+
+            if( uid_b == NULL ) {
+                goto aloser;
+            }
+
+            uid = uid_b->string();
+
+            if( uid == NULL ) {
+                goto aloser;
+            }
+
+            pwd_b = ra_pb->find_val( PARAM_PASSWORD );
+
+            if( pwd_b == NULL ) {
+                goto aloser;
+            }
+
+            password = pwd_b->string();
+
+            if( password == NULL ) {
+                goto aloser;
+            }
+
+            ret_msg = new RA_Login_Response_Msg( uid, password );
+
+        aloser:
+            if( uid != NULL ) {
+                PR_Free( uid );
+                uid = NULL;
+            }
+
+            if( password != NULL ) {
+                PR_Free( password );
+                password = NULL;
+            }
+
+            goto loser;
+        
+            break;
+        }
+        case MSG_STATUS_UPDATE_RESPONSE: /* SECUREID_RESPONSE */
+        {
+            char *value = NULL;
+            Buffer *value_b;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "STATUS_UPDATE_RESPONSE", msg_type );
+
+            value_b = ra_pb->find_val( PARAM_STATUS );
+
+            if( value_b == NULL ) {
+                goto zloser;
+            }
+
+            value = value_b->string();
+
+            if( value == NULL ) {
+                goto zloser;
+            }
+
+            ret_msg = new RA_Status_Update_Response_Msg( atoi( value ) );
+
+        zloser:
+            if( value != NULL ) {
+                PR_Free( value );
+                value = NULL;
+            }
+
+            goto loser;
+
+            break;
+        }
+        case MSG_SECUREID_RESPONSE: /* SECUREID_RESPONSE */
+        {
+            char *value = NULL, *pin = NULL;
+            Buffer *value_b = NULL, *pin_b = NULL;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "SECUREID_RESPONSE", msg_type );
+
+            value_b = ra_pb->find_val( PARAM_VALUE );
+
+            if( value_b == NULL ) {
+                goto bloser;
+            }
+
+            value = value_b->string();
+
+            if( value == NULL ) {
+                goto bloser;
+            }
+
+            pin_b = ra_pb->find_val( PARAM_PIN );
+
+            if( pin_b == NULL ) {
+                goto bloser;
+            }
+
+            pin = pin_b->string();
+
+            if( pin == NULL ) {
+                pin_b->zeroize();
+                goto bloser;
+            }
+
+            ret_msg = new RA_SecureId_Response_Msg( value, pin );
+
+            if( pin != NULL ) {
+                // zeroize memory before releasing
+                unsigned int i = 0;
+                for( i = 0; i < strlen( pin ); i++ ) {
+                    pin[i] = '\0';
+                }
+                if( pin != NULL ) {
+                    PR_Free( pin );
+                    pin = NULL;
+                }
+            }
+
+            pin_b->zeroize();
+
+        bloser:
+            if( value != NULL ) {
+                PR_Free( value );
+                value = NULL;
+            }
+
+            if( pin != NULL ) {
+                PR_Free( pin );
+                pin = NULL;
+            }
+
+            goto loser;
+
+            break;
+        }
+        case MSG_ASQ_RESPONSE: /* ASQ_RESPONSE */
+        {
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "ASQ_RESPONSE", msg_type );
+
+            Buffer *ans_b = ra_pb->find_val( PARAM_ANSWER );
+
+            if( ans_b == NULL ) {
+                goto loser;
+            }
+
+            char *answer = ans_b->string();
+
+            if( answer == NULL ) {
+                goto loser;
+            }
+
+            ret_msg = new RA_ASQ_Response_Msg( answer );
+
+            if( answer != NULL ) {
+                PR_Free( answer );
+                answer = NULL;
+            }
+
+            break;
+        }
+        case MSG_TOKEN_PDU_RESPONSE: /* TOKEN_PDU_RESPONSE */
+        {
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "TOKEN_PDU_RESPONSE", msg_type );
+
+            unsigned int pdu_size =0;
+
+            Buffer *pdu_size_b = ra_pb->find_val( PARAM_PDU_SIZE );
+
+            if( pdu_size_b == NULL ) {
+                goto loser;
+            }
+
+            char *p = pdu_size_b->string();
+
+            pdu_size = atoi( p );
+
+            if( p != NULL ) {
+                PR_Free( p );
+                p = NULL;
+            }
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%d", PARAM_PDU_SIZE, pdu_size );
+
+            if( pdu_size > 261 ) {
+                RA::Error( LL_PER_PDU, "AP_Session::ReadMsg",
+                           "%s exceeds limit", PARAM_PDU_SIZE );
+                goto loser;
+            }
+
+            Buffer *decoded_pdu = ra_pb->find_val( PARAM_PDU_DATA );
+
+            if( decoded_pdu == NULL ) {
+                goto loser;
+            }
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "decoded_pdu size= %d", decoded_pdu->size() );
+
+            if( pdu_size != decoded_pdu->size() ) {
+                goto loser;
+            }
+
+            RA::DebugBuffer( "AP_Session::ReadMsg",
+                             "decoded pdu = ", decoded_pdu );
+
+            APDU_Response *response = new APDU_Response( *decoded_pdu );
+
+            ret_msg = new RA_Token_PDU_Response_Msg( response );
+
+            break;
+        }
+        case MSG_NEW_PIN_RESPONSE: /* NEW_PIN_RESPONSE */
+        {
+            char *new_pin = NULL;
+            Buffer *new_pin_b = NULL;
+
+            RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+                       "Found %s=%s (%s)", PARAM_MSG_TYPE,
+                       "NEW_PIN_RESPONSE", msg_type );
+
+            new_pin_b = ra_pb->find_val( PARAM_NEW_PIN );
+
+            if( new_pin_b == NULL ) {
+                goto loser;
+            }
+
+            new_pin = new_pin_b->string();
+
+            if( new_pin == NULL ) {
+                new_pin_b->zeroize();
+                goto loser;
+            }
+
+            ret_msg = new RA_New_Pin_Response_Msg( new_pin );
+
+            if( new_pin != NULL ) {
+                // zeroize memory before releasing
+                unsigned int i = 0;
+
+                for( i = 0; i< strlen( new_pin ); i++ ) {
+                    new_pin[i] = '\0';
+                }
+
+                if( new_pin != NULL ) {
+                    PR_Free( new_pin );
+                    new_pin = NULL;
+                }
+            }
+
+            new_pin_b->zeroize();
+
+            break;
+        }
+        default:
+        {
+            RA::Error( "AP_Session::ReadMsg", "Found %s=%s", 
+                       PARAM_MSG_TYPE, "UNDEFINED" );
+            /* error */
+            break;
+        }
+    } // switch( i_msg_type )
+
+loser:
+    if( msg_type != NULL ) {
+        PR_Free( msg_type );
+        msg_type = NULL;
+    }
+
+    if( ra_pb != NULL ) {
+        delete ra_pb;
+        ra_pb = NULL;
+    }
+
+    RA::Debug( LL_PER_PDU, "AP_Session::ReadMsg",
+               "========= ReadMsg Ends =========" );
+
+    return ret_msg;
+}
+
+static void CreateChunk( char *msgbuf, char *buf, int buflen )
+{
+    int len;
+
+    len = strlen( msgbuf );
+    sprintf( buf, "s=%d&%s", len, msgbuf );
+}
+
+void AP_Session::WriteMsg( RA_Msg *msg )
+{
+    char msgbuf[MAX_RA_MSG_SIZE];
+    char buf[MAX_RA_MSG_SIZE];
+
+    switch( msg->GetType() )
+    {
+        case MSG_EXTENDED_LOGIN_REQUEST:
+        {
+            RA_Extended_Login_Request_Msg *login_request_msg = 
+            ( RA_Extended_Login_Request_Msg * ) msg;
+            int invalid_password = login_request_msg->IsInvalidPassword();
+            int is_blocked = login_request_msg->IsBlocked();
+
+            char *title = Util::URLEncode( login_request_msg->GetTitle() );
+            char *desc = Util::URLEncode( login_request_msg->GetDescription() );
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%s&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_EXTENDED_LOGIN_REQUEST,
+                     "invalid_login", invalid_password,
+                     PARAM_BLOCKED, is_blocked,
+                     "title", title, 
+                     "description", desc);  
+            if (title != NULL) {
+                PR_Free(title);
+                title = NULL;
+            }
+
+            if (desc != NULL) {
+                PR_Free(desc);
+                desc = NULL;
+            }
+
+            for( int i = 0; i < login_request_msg->GetLen(); i++ ) {
+                char *p = login_request_msg->GetParam( i );
+                char *encp = Util::URLEncode1( p );
+                sprintf( msgbuf, "%s&required_parameter%d=%s", 
+                         msgbuf, i, encp );
+                if (encp != NULL) {
+                    PR_Free(encp);
+                    encp = NULL;
+                }
+            }
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+            break;
+        }
+        case MSG_LOGIN_REQUEST:
+        {
+            RA_Login_Request_Msg *login_request_msg = 
+            ( RA_Login_Request_Msg * ) msg;
+            int invalid_password = login_request_msg->IsInvalidPassword();
+            int is_blocked = login_request_msg->IsBlocked();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_LOGIN_REQUEST,
+                     PARAM_INVALID_PW, invalid_password,
+                     PARAM_BLOCKED, is_blocked );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_END_OP:
+        {
+            RA_End_Op_Msg *end_op = ( RA_End_Op_Msg * ) msg;
+            int result = end_op->GetResult();
+            int local_msg = end_op->GetMsg();
+            int op = end_op->GetOpType();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d&%s=%d\r\n0\r\n", 
+                     PARAM_MSG_TYPE, MSG_END_OP,
+                     PARAM_OPERATION, op,
+                     PARAM_RESULT, result,
+                     PARAM_MESSAGE, local_msg );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_STATUS_UPDATE_REQUEST:
+        {
+            RA_Status_Update_Request_Msg *status_update_request_msg = 
+            ( RA_Status_Update_Request_Msg * ) msg;
+            int status = status_update_request_msg->GetStatus();
+            char *info = status_update_request_msg->GetInfo();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_STATUS_UPDATE_REQUEST,
+                     PARAM_STATUS, status,
+                     PARAM_INFO, info );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_SECUREID_REQUEST:
+        {
+            RA_SecureId_Request_Msg *secureid_request_msg = 
+            ( RA_SecureId_Request_Msg * ) msg;
+            int is_pin_required = secureid_request_msg->IsPinRequired();
+            int is_next_value = secureid_request_msg->IsNextValue();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_SECUREID_REQUEST,
+                     PARAM_PIN_REQUIRED, is_pin_required,
+                     PARAM_NEXT_VALUE, is_next_value );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_ASQ_REQUEST:
+        {
+            RA_ASQ_Request_Msg *asq_request_msg = ( RA_ASQ_Request_Msg * ) msg;
+            char *question = asq_request_msg->GetQuestion();
+
+            sprintf( msgbuf, "%s=%d&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_ASQ_REQUEST,
+                     PARAM_QUESTION, question );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_NEW_PIN_REQUEST:
+        {
+            RA_New_Pin_Request_Msg *new_pin_request_msg = 
+            ( RA_New_Pin_Request_Msg * ) msg;
+            int min = new_pin_request_msg->GetMinLen();
+            int max = new_pin_request_msg->GetMaxLen();
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%d", 
+                     PARAM_MSG_TYPE, MSG_NEW_PIN_REQUEST,
+                     PARAM_MINIMUM_LENGTH, min,
+                     PARAM_MAXIMUM_LENGTH, max );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        case MSG_TOKEN_PDU_REQUEST:
+        {
+            RA_Token_PDU_Request_Msg *token_pdu_request_msg = 
+            ( RA_Token_PDU_Request_Msg * ) msg;
+            APDU *apdu = token_pdu_request_msg->GetAPDU();
+            Buffer encoding;
+
+            apdu->GetEncoding( encoding );
+
+            int pdu_len = encoding.size();
+
+            RA::Debug( LL_PER_CONNECTION, "AP_Session::WriteMsg",
+                       "pdu_len='%d'", pdu_len );
+
+            Buffer pdu = encoding;
+            char *pdu_encoded = NULL;
+
+            if( RA::GetConfigStore()->GetConfigAsBool( "pdu_encoding.hex_mode",
+                                                       1 ) ) {
+                // pdu will be encoded in Hex mode which is easier to read
+                pdu_encoded = Util::URLEncodeInHex( pdu );
+            } else {
+                pdu_encoded = Util::URLEncode( pdu );
+            }
+
+            sprintf( msgbuf, "%s=%d&%s=%d&%s=%s", 
+                     PARAM_MSG_TYPE, MSG_TOKEN_PDU_REQUEST,
+                     PARAM_PDU_SIZE, pdu_len,
+                     PARAM_PDU_DATA, pdu_encoded );
+
+            CreateChunk( msgbuf, buf, MAX_RA_MSG_SIZE );
+
+            if( pdu_encoded != NULL ) {
+                PR_Free( pdu_encoded );
+                pdu_encoded = NULL;
+            }
+
+            RA::Debug( "AP_Session::WriteMsg", "Sent '%s'", buf );
+
+            ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), m_rq );
+
+            break;
+        }
+        default:
+        {
+            break;
+            /* error */
+        }
+    } // switch( msg->GetType() )
+
+    ap_rflush(m_rq);
+
+}
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/modules/tps/CMakeLists.txt b/pki/base/tps/src/modules/tps/CMakeLists.txt
new file mode 100644
index 000000000..275d8b30a
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/CMakeLists.txt
@@ -0,0 +1,52 @@
+project(tps_module CXX)
+
+set(TPS_PRIVATE_INCLUDE_DIRS
+    ${TPS_INCLUDE_DIR}
+    ${CMAKE_BINARY_DIR}
+    ${NSPR_INCLUDE_DIRS}
+    ${NSS_INCLUDE_DIRS}
+    ${APR_INCLUDE_DIRS}
+    ${SVRCORE_INCLUDE_DIRS}
+    ${LDAP_INCLUDE_DIRS}
+)
+
+set(TPS_MODULE
+    tps_module
+    CACHE INTERNAL "tps apache module"
+)
+
+set(TPS_LINK_LIBRARIES
+    ${TPS_SHARED_LIBRARY}
+    ${NSPR_LIBRARIES}
+    ${NSS_LIBRARIES}
+    ${APR_LIBRARIES}
+    ${SVRCORE_LIBRARIES}
+    ${LDAP_LIBRARIES}
+    ${TOKENDB_SHARED_LIBRARY}
+    ${TPS_SHARED_LIBRARY}
+)
+
+set(tps_module_SRCS
+    AP_Context.cpp
+    AP_Session.cpp
+    mod_tps.cpp
+)
+
+include_directories(${TPS_PRIVATE_INCLUDE_DIRS})
+
+add_library(${TPS_MODULE} MODULE ${tps_module_SRCS})
+target_link_libraries(${TPS_MODULE} ${TPS_LINK_LIBRARIES})
+
+set_target_properties(${TPS_MODULE}
+    PROPERTIES
+        OUTPUT_NAME
+            mod_tps
+        PREFIX ""
+)
+
+install(
+    TARGETS
+        ${TPS_MODULE}
+    DESTINATION
+        ${LIB_INSTALL_DIR}/httpd/modules
+)
diff --git a/pki/base/tps/src/modules/tps/mod_tps.cpp b/pki/base/tps/src/modules/tps/mod_tps.cpp
new file mode 100644
index 000000000..89890b3a0
--- /dev/null
+++ b/pki/base/tps/src/modules/tps/mod_tps.cpp
@@ -0,0 +1,677 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Headers
+**  _________________________________________________________________
+*/
+
+#include <stdio.h>
+#include <unistd.h>
+#include "nspr.h"
+
+#include "httpd/httpd.h"
+#include "httpd/http_config.h"
+#include "httpd/http_log.h"
+#include "httpd/http_protocol.h"
+#include "httpd/http_main.h"
+
+#include "apr_strings.h"
+
+#include "engine/RA.h"
+#include "main/Memory.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "modules/tps/AP_Context.h"
+#include "modules/tps/AP_Session.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "processor/RA_Enroll_Processor.h"
+#include "processor/RA_Format_Processor.h"
+#include "processor/RA_Pin_Reset_Processor.h"
+#include "processor/RA_Renew_Processor.h"
+#include "processor/RA_Unblock_Processor.h"
+#include "ssl.h"
+
+#define MOD_TPS_KEY_NAME "mod_tps"
+
+/*  _________________________________________________________________
+**
+**  TPS Module Request Data
+**  _________________________________________________________________
+*/
+
+/**
+ * Processors for different operations.
+ */
+static RA_Enroll_Processor m_enroll_processor;
+static RA_Unblock_Processor m_unblock_processor;
+static RA_Pin_Reset_Processor m_pin_reset_processor;
+static RA_Renew_Processor m_renew_processor;
+static RA_Format_Processor m_format_processor;
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Command Data
+**  _________________________________________________________________
+*/
+
+static const char MOD_TPS_CONFIGURATION_FILE_PARAMETER[] = "TPSConfigPathFile";
+
+static const char MOD_TPS_CONFIGURATION_FILE_USAGE[] =
+"TPS Configuration Filename prefixed by a complete path, or\n"
+"a path that is relative to the Apache server root.";
+
+/* per-process config structure */
+typedef struct {
+    int nInitCount;
+    int nSignedAuditInitCount;
+} mod_tps_global_config;
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Server Configuration Creation Data
+**  _________________________________________________________________
+*/
+
+typedef struct {
+    char *TPS_Configuration_File;
+    AP_Context *context;
+    mod_tps_global_config *gconfig; /* pointer to per-process config */
+} mod_tps_server_configuration;
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Registration Data
+**  _________________________________________________________________
+*/
+
+#define MOD_TPS_CONFIG_KEY tps_module
+
+static const char MOD_TPS_CONFIG_KEY_NAME[] = "tps_module";
+
+extern module TPS_PUBLIC MOD_TPS_CONFIG_KEY;
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Helper Functions
+**  _________________________________________________________________
+*/
+
+mod_tps_global_config *mod_tps_config_global_create(server_rec *s)
+{
+    apr_pool_t *pool = s->process->pool;
+    mod_tps_global_config *globalc = NULL;
+    void *vglobalc = NULL;
+
+    apr_pool_userdata_get(&vglobalc, MOD_TPS_KEY_NAME, pool);
+    if (vglobalc) {
+        return (mod_tps_global_config *) vglobalc; /* reused for lifetime of the server */
+    }
+
+    /*
+     * allocate an own subpool which survives server restarts
+     */
+    globalc = (mod_tps_global_config *)apr_palloc(pool, sizeof(*globalc));
+
+    /*
+     * initialize per-module configuration
+     */
+    globalc->nInitCount = 0;
+    globalc->nSignedAuditInitCount = 0;
+
+    apr_pool_userdata_set(globalc, MOD_TPS_KEY_NAME,
+                          apr_pool_cleanup_null,
+                          pool);
+
+    return globalc;
+}
+
+/**
+ * Terminate Apache
+ */
+void tps_die( void )
+{
+    /*
+     * This is used for fatal errors and here
+     * it is common module practice to really
+     * exit from the complete program.
+     */
+    exit( 1 );
+}
+
+
+/**
+ * Creates an RA_Session from the RA framework.
+ *
+ * Centralize the allocation of the session object here so that
+ * we can provide our own session management here in the future.
+ */
+static RA_Session *
+mod_tps_create_session( request_rec *rq )
+{
+    return new AP_Session( rq );
+} /* mod_tps_create_session */
+
+
+/**
+ * Returns RA_Session to the RA framework.
+ */
+static void
+mod_tps_destroy_session( RA_Session *session )
+{
+    if( session != NULL ) {
+        delete session;
+        session = NULL;
+    }
+} /* mod_tps_destroy_session */
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Request Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Terminate the TPS module
+ */
+static apr_status_t
+mod_tps_terminate( void *data )
+{
+    /* This routine is ONLY called when this server's */
+    /* pool has been cleared or destroyed.            */
+
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_terminate",
+               "The TPS module has been terminated!" );
+
+    /* Free TPS resources. */
+    RA::Shutdown();
+
+    /* Since all members of mod_tps_server_configuration are allocated */
+    /* from a pool, there is no need to unset any of these members.    */
+
+#ifdef MEM_PROFILING
+    /* If memory profiling is enabled, turn off memory profiling. */
+    MEM_shutdown();
+#endif
+
+    SSL_ClearSessionCache();
+    /* Shutdown all APR library routines.                   */
+    /* NOTE:  This automatically destroys all memory pools. */
+    /*        Allow the NSS Module to perform this task.    */
+    /* apr_terminate(); */
+
+
+    /* Terminate the entire Apache server                */
+    /* NOTE:  Allow the NSS Module to perform this task. */
+    /* tps_die(); */ 
+
+    return OK;
+}
+
+static int
+mod_tps_initialize( apr_pool_t *p,
+                    apr_pool_t *plog,
+                    apr_pool_t *ptemp,
+                    server_rec *sv )
+{
+    mod_tps_server_configuration *sc = NULL;
+    char *cfg_path_file = NULL;
+    int status;
+
+    /* Retrieve the TPS module. */
+    sc = ( ( mod_tps_server_configuration * )
+           ap_get_module_config( sv->module_config,
+                                 &MOD_TPS_CONFIG_KEY ) );
+
+    /* Check to see if the TPS module has been loaded. */
+    if( sc->context != NULL ) {
+        return OK;
+    }
+
+    sc->gconfig->nInitCount++;
+
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, sv,
+                 "Entering mod_tps_initialize - init count is [%d]",
+                 sc->gconfig->nInitCount);
+
+    /* Load the TPS module. */
+
+#ifdef MEM_PROFILING
+    /* If memory profiling is enabled, turn on memory profiling. */
+    MEM_init( MEM_AUDIT_FILE, MEM_DUMP_FILE );
+#endif
+
+    /* Retrieve the path to where the configuration files are located,    */
+    /* and insure that the TPS module configuration file is located here. */
+    if( sc->TPS_Configuration_File != NULL ) {
+        /* provide TPS Config File from <apache_server_root>/conf/httpd.conf */
+        if( sc->TPS_Configuration_File[0] == '/' ) {
+            /* Complete path to TPS Config File is denoted */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s",
+                                          ( char * )
+                                          sc->TPS_Configuration_File );
+        } else {
+            /* TPS Config File is located relative to the Apache server root */
+            cfg_path_file = apr_psprintf( p,
+                                          "%s/%s",
+                                          ( char * ) ap_server_root,
+                                          ( char * )
+                                          sc->TPS_Configuration_File );
+        }
+   } else {
+        /* Log information regarding this failure. */
+        ap_log_error( "mod_tps_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tps module was installed incorrectly since the "
+                      "parameter named '%s' is missing from the Apache "
+                      "Configuration file!",
+                      ( char * ) MOD_TPS_CONFIGURATION_FILE_PARAMETER );
+
+        /* Display information on the screen regarding this failure. */
+        printf( "\nUnable to start Apache:\n"
+                "    The tps module is missing the required parameter named\n"
+                "    '%s' in the Apache Configuration file!\n",
+                ( char * ) MOD_TPS_CONFIGURATION_FILE_PARAMETER );
+
+        goto loser;
+   }
+
+    /* Initialize the "server" member of mod_tps_server_configuration. */
+    sc->context = new AP_Context( sv );
+
+    status = RA::Initialize( cfg_path_file, sc->context );
+    if( status != RA_INITIALIZATION_SUCCESS ) {
+        /* Log information regarding this failure. */
+        ap_log_error( "mod_tps_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tps module was installed incorrectly "
+                      "since the file named '%s' does not exist!",
+                      cfg_path_file );
+
+        /* Display information on the screen regarding this failure. */
+        printf( "\nUnable to start Apache:\n"
+                "    The tps module configuration file called\n"
+                "    '%s' does not exist!\n",
+                cfg_path_file );
+
+        /* Since all members of mod_tps_server_configuration are allocated */
+        /* from a pool, there is no need to unset any of these members.    */
+
+        goto loser;
+    }
+  
+    if (sc->gconfig->nInitCount < 2 ) {
+        sc->gconfig->nSignedAuditInitCount++;
+        status = RA::InitializeInChild( sc->context,
+                   sc->gconfig->nSignedAuditInitCount); 
+    } else {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, sv,
+            "mod_tps_initialize - pid is [%d] - post config already done once -"
+            " additional config will be done in init_child",
+            getpid());
+        status = RA_INITIALIZATION_SUCCESS;
+    }
+
+    if (status !=  RA_INITIALIZATION_SUCCESS ) {
+        ap_log_error( "mod_tps_initialize",
+                      __LINE__, APLOG_ERR, 0, sv,
+                      "The tps module failed to do the initializeInChild tasks. ");
+        printf( "\nUnable to start Apache:\n"
+                "    The tps module failed to do the initializeInChild tasks. ");
+        goto loser;
+    }
+
+    /* Register a server termination routine. */
+    apr_pool_cleanup_register( p,
+                               sv,
+                               mod_tps_terminate,
+                               apr_pool_cleanup_null );
+
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_initialize",
+               "The TPS module has been successfully loaded!" );
+
+    return OK;
+
+loser:
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_initialize",
+               "Failed loading the TPS module!" );
+
+    if( sc->context != NULL ) {
+        /* Free TPS resources. */
+        RA::Shutdown();
+
+        /* Since all members of mod_tps_server_configuration are allocated */
+        /* from a pool, there is no need to unset any of these members.    */
+    }
+
+#ifdef MEM_PROFILING
+    /* If memory profiling is enabled, turn off memory profiling. */
+    MEM_shutdown();
+#endif
+
+    /* Shutdown all APR library routines.                   */
+    /* NOTE:  This automatically destroys all memory pools. */
+    apr_terminate();
+
+    /* Terminate the entire Apache server */
+    tps_die();
+
+    return DECLINED;
+}
+
+/**
+ * mod_tps_handler handles the protocol between the token client
+ * and the RA (Session)
+ */
+static int
+mod_tps_handler( request_rec *rq )
+{
+    char buf[1024];
+    int ret_code = DECLINED;
+    int status = DECLINED;
+    RA_Session *session = NULL;
+    RA_Begin_Op_Msg *begin_op_msg = NULL;
+    NameValueSet *extensions = NULL;
+    const char *tenc = apr_table_get(rq->headers_in, "Transfer-Encoding");
+
+    /* Log TPS module debug information. */
+    RA::Debug( "mod_tps::mod_tps_handler",
+               "mod_tps::mod_tps_handler" );
+
+    RA::Debug( "mod_tps::mod_tps_handler",
+               "uri '%s'", rq->uri);
+
+    /* XXX: We need to change "nk_service" to "tps", 
+            and need to update ESC. */
+    if (strcmp(rq->handler,"nk_service") != 0) {
+      RA::Debug( "mod_tps::mod_tps_handler",
+               "DECLINED uri '%s'", rq->uri);
+      return DECLINED;
+    }
+
+    RA::Debug( "mod_tps::mod_tps_handler",
+               "uri '%s' DONE", rq->uri);
+
+    /* 
+     * check to see if the http request contains 
+     * "transfer-encoding: chunked"
+     */  
+    /* XXX: rq->chunked not set to true even in the chunked mode */
+    if(!tenc || PL_strcasecmp(tenc, "chunked") != 0) {
+        /* print the following when browser accesses directly */
+        strcpy( buf, "<HTML>Registration Authority</HTML>" );
+
+        /* write out the data */
+        ( void ) ap_rwrite( ( const void * ) buf, strlen( buf ), rq );
+
+        ret_code = OK;
+
+        return ret_code;
+    } 
+
+    /* request contains chunked encoding */
+    session = mod_tps_create_session( rq );
+
+    /* read in the data present on the connection */
+    begin_op_msg = ( RA_Begin_Op_Msg * ) session->ReadMsg();
+    if( begin_op_msg == NULL ) {
+        /* Log TPS module error information. */
+        RA::Error( "mod_tps::mod_tps_handler",
+                   "no begin op found" );
+        goto loser;
+    }
+
+    /* retrieve the extensions */
+    extensions = begin_op_msg->GetExtensions();
+
+    /* perform the appropriate processing based upon the type of operation */
+    if( begin_op_msg->GetOpType() == OP_ENROLL ) {
+        status = m_enroll_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_UNBLOCK ) {
+        status = m_unblock_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_RESET_PIN ) {
+        status = m_pin_reset_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_RENEW ) {
+        status = m_renew_processor.Process( session, extensions );
+    } else if( begin_op_msg->GetOpType() == OP_FORMAT ) {
+        status = m_format_processor.Process( session, extensions );
+    } else {
+        /* Log TPS module error information. */
+        RA::Error( "mod_tps::mod_tps_handler",
+                   "unknown operation requested (op='%d')", 
+                   begin_op_msg->GetOpType() );
+        goto loser;
+    } /* if */
+
+    ret_code = OK;
+
+loser:
+    /* determine the results of the operation and report it */
+    if( begin_op_msg != NULL ) {
+        int result;         
+
+        if( status  == 0 ) {
+            result = RESULT_GOOD;
+        } else {
+            result = RESULT_ERROR;
+        }
+
+        RA_End_Op_Msg *end_op = new RA_End_Op_Msg( begin_op_msg->GetOpType(), 
+                                                   result, 
+                                                   status );
+
+        session->WriteMsg( end_op );
+
+        if( end_op != NULL ) {
+            delete end_op;
+            end_op = NULL;
+        }
+    }
+
+    /* remove any operational messages */
+    if( begin_op_msg != NULL ) {
+        delete begin_op_msg;
+        begin_op_msg = NULL;
+    }
+
+    /* remove any sessions */
+    if( session != NULL ) {
+        mod_tps_destroy_session( session );
+        session = NULL;
+    }
+
+    return ret_code;
+} /* mod_tps_handler */
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Command Phase
+**  _________________________________________________________________
+*/
+
+static const char *mod_tps_get_config_path_file( cmd_parms *cmd,
+                                                 void *mconfig,
+                                                 const char *tpsconf )
+{
+    if( cmd->path ) {
+        ap_log_error( APLOG_MARK, APLOG_ERR, 0, NULL,
+                      "The %s config param cannot be specified "
+                      "in a Directory section.",
+                      cmd->directive->directive );
+    } else {
+        mod_tps_server_configuration *sc = NULL;
+
+        /* Retrieve the TPS module. */
+        sc = ( ( mod_tps_server_configuration * )
+               ap_get_module_config( cmd->server->module_config,
+                                     &MOD_TPS_CONFIG_KEY ) );
+
+        /* Initialize the "TPS Configuration File" */
+        /* member of mod_tps_server_configuration. */
+        sc->TPS_Configuration_File = apr_pstrdup( cmd->pool, tpsconf );
+    }
+
+    return NULL;
+}
+
+
+static const command_rec mod_tps_config_cmds[] = {
+    AP_INIT_TAKE1( MOD_TPS_CONFIGURATION_FILE_PARAMETER,
+                   ( const char*(*)() ) mod_tps_get_config_path_file,
+                   NULL,
+                   RSRC_CONF,
+                   MOD_TPS_CONFIGURATION_FILE_USAGE ),
+   { NULL }
+};
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Server Configuration Creation Phase
+**  _________________________________________________________________
+*/
+
+/**
+ * Create TPS module server configuration
+ */
+static void *
+mod_tps_config_server_create( apr_pool_t *p, server_rec *sv )
+{
+    /* Initialize all APR library routines. */
+    apr_initialize();
+
+    /* Create a memory pool for this server. */
+    mod_tps_server_configuration *sc = ( mod_tps_server_configuration * )
+                                       apr_pcalloc( p,
+                                                    ( apr_size_t )
+                                                    sizeof( *sc ) );
+    
+    /* Initialize all members of mod_tps_server_configuration. */
+    sc->TPS_Configuration_File = NULL;
+    sc->context = NULL;
+    sc->gconfig = mod_tps_config_global_create(sv);
+
+    return sc;
+}
+
+static void mod_tps_init_child(apr_pool_t *p, server_rec *sv)
+{
+     int status = -1;
+    mod_tps_server_configuration *srv_cfg = NULL;
+    srv_cfg = ( ( mod_tps_server_configuration * )
+           ap_get_module_config(sv->module_config, &MOD_TPS_CONFIG_KEY));
+
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL,
+                 "Entering mod_tps_init_child pid [%d] init count is [%d]",
+                 getpid(), srv_cfg->gconfig->nInitCount);
+
+    srv_cfg = ( ( mod_tps_server_configuration * )
+           ap_get_module_config(sv->module_config, &MOD_TPS_CONFIG_KEY));
+
+    if (srv_cfg->gconfig->nInitCount > 1) {
+        srv_cfg->gconfig->nSignedAuditInitCount++; 
+        status = RA::InitializeInChild(srv_cfg->context,
+                   srv_cfg->gconfig->nSignedAuditInitCount); 
+    } else {
+        ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, sv,
+                     "mod_tps_init_child - pid is [%d] - config should be done in regular post config",
+                     getpid());
+    }
+
+    ap_log_error(APLOG_MARK, APLOG_DEBUG, 0 /* status */, NULL,
+                 "Leaving mod_tps_init_child");
+    return;
+}
+
+
+
+/*  _________________________________________________________________
+**
+**  TPS Module Registration Phase
+**  _________________________________________________________________
+*/
+                                                                                
+static void
+mod_tps_register_hooks( apr_pool_t *p )
+{
+    static const char *const mod_tps_preloaded_modules[]  = { "mod_nss.c",
+                                                              NULL };
+    static const char *const mod_tps_postloaded_modules[] = { NULL };
+
+    ap_hook_post_config( mod_tps_initialize,
+                         mod_tps_preloaded_modules,
+                         mod_tps_postloaded_modules,
+                         APR_HOOK_MIDDLE );
+  
+    ap_hook_child_init(mod_tps_init_child, NULL,NULL, APR_HOOK_MIDDLE);
+
+    ap_hook_handler( mod_tps_handler,
+                     mod_tps_preloaded_modules,
+                     mod_tps_postloaded_modules,
+                     APR_HOOK_MIDDLE );
+}
+
+
+module TPS_PUBLIC MOD_TPS_CONFIG_KEY = {
+    STANDARD20_MODULE_STUFF,
+    NULL,                           /* create per-dir    config structures */
+    NULL,                           /* merge  per-dir    config structures */
+    mod_tps_config_server_create,   /* create per-server config structures */
+    NULL,                           /* merge  per-server config structures */
+    mod_tps_config_cmds,            /* table of configuration directives   */
+    mod_tps_register_hooks          /* register hooks */
+};
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
diff --git a/pki/base/tps/src/msg/RA_ASQ_Request_Msg.cpp b/pki/base/tps/src/msg/RA_ASQ_Request_Msg.cpp
new file mode 100644
index 000000000..112c42152
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_ASQ_Request_Msg.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "main/Base.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs A Security Question (ASQ) request message.
+ */
+TPS_PUBLIC RA_ASQ_Request_Msg::RA_ASQ_Request_Msg (char *question)
+{
+    if (question == NULL)
+        m_question = NULL; 
+    else 
+        m_question = PL_strdup(question);
+}
+
+
+/**
+ * Destructs a ASQ request message.
+ */
+TPS_PUBLIC RA_ASQ_Request_Msg::~RA_ASQ_Request_Msg ()
+{
+    if( m_question != NULL ) { 
+        PL_strfree( m_question );
+        m_question = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_ASQ_Request_Msg::GetType ()
+{
+    return MSG_ASQ_REQUEST;
+}
+
+/**
+ * Retrieves the security question for
+ * the end user. 
+ */
+TPS_PUBLIC char *RA_ASQ_Request_Msg::GetQuestion()
+{
+    return m_question;
+}
diff --git a/pki/base/tps/src/msg/RA_ASQ_Response_Msg.cpp b/pki/base/tps/src/msg/RA_ASQ_Response_Msg.cpp
new file mode 100644
index 000000000..5e480c1f1
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_ASQ_Response_Msg.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs A Security Question (ASQ) response.
+ */
+TPS_PUBLIC RA_ASQ_Response_Msg::RA_ASQ_Response_Msg (char *answer)
+{
+    if (answer == NULL)
+        m_answer = NULL;
+    else
+        m_answer = PL_strdup(answer);
+}
+
+/**
+ * Destructs a ASQ response.
+ */
+TPS_PUBLIC RA_ASQ_Response_Msg::~RA_ASQ_Response_Msg ()
+{
+    if( m_answer != NULL ) { 
+        PL_strfree( m_answer );
+        m_answer = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_ASQ_Response_Msg::GetType ()
+{
+    return MSG_ASQ_RESPONSE;
+}
+
+/**
+ * Retrieves the answer to the security question
+ * from the end user.
+ */
+TPS_PUBLIC char *RA_ASQ_Response_Msg::GetAnswer()
+{
+    return m_answer;
+}
diff --git a/pki/base/tps/src/msg/RA_Begin_Op_Msg.cpp b/pki/base/tps/src/msg/RA_Begin_Op_Msg.cpp
new file mode 100644
index 000000000..44d568bd9
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Begin_Op_Msg.cpp
@@ -0,0 +1,72 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Begin_Op_Msg.h"
+#include "main/Memory.h"
+#include "main/NameValueSet.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a begin op message. Each operation
+ * transaction (i.e. enrollment, reset pin) 
+ * starts with a Begin Op message.
+ */
+TPS_PUBLIC RA_Begin_Op_Msg::RA_Begin_Op_Msg (RA_Op_Type op, NameValueSet *exts)
+{
+    m_op = op;
+    m_exts = exts;
+}
+
+/**
+ * Destructs a begin op message.
+ */
+TPS_PUBLIC RA_Begin_Op_Msg::~RA_Begin_Op_Msg ()
+{
+    if( m_exts != NULL ) {
+        delete m_exts;
+        m_exts = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Begin_Op_Msg::GetType ()
+{
+    return MSG_BEGIN_OP;
+}
+
+TPS_PUBLIC NameValueSet *RA_Begin_Op_Msg::GetExtensions()
+{
+    return m_exts;
+}
+
+/**
+ * Retrieves operation type.
+ */
+TPS_PUBLIC RA_Op_Type RA_Begin_Op_Msg::GetOpType()
+{
+    return m_op;
+}
diff --git a/pki/base/tps/src/msg/RA_End_Op_Msg.cpp b/pki/base/tps/src/msg/RA_End_Op_Msg.cpp
new file mode 100644
index 000000000..232122d49
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_End_Op_Msg.cpp
@@ -0,0 +1,73 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_End_Op_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a begin op message. Each operation
+ * transaction (i.e. enrollment, reset pin) 
+ * starts with a Begin Op message.
+ */
+TPS_PUBLIC RA_End_Op_Msg::RA_End_Op_Msg (RA_Op_Type op, int result, int msg)
+{
+    m_op = op;
+    m_result = result;
+    m_msg = msg;
+}
+
+/**
+ * Destructs a begin op message.
+ */
+TPS_PUBLIC RA_End_Op_Msg::~RA_End_Op_Msg ()
+{
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_End_Op_Msg::GetType ()
+{
+    return MSG_END_OP;
+}
+
+/**
+ * Retrieves operation type.
+ */
+TPS_PUBLIC RA_Op_Type RA_End_Op_Msg::GetOpType()
+{
+    return m_op;
+}
+
+TPS_PUBLIC int RA_End_Op_Msg::GetResult()
+{ 
+    return m_result;
+}
+
+TPS_PUBLIC int RA_End_Op_Msg::GetMsg()
+{
+    return m_msg;	 
+}
diff --git a/pki/base/tps/src/msg/RA_Extended_Login_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Extended_Login_Request_Msg.cpp
new file mode 100644
index 000000000..9da2f6d8f
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Extended_Login_Request_Msg.cpp
@@ -0,0 +1,114 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+                                                                                
+#include "plstr.h"
+#include "main/Base.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "engine/RA.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login request message that requests
+ * user id and password from the end user.
+ */
+TPS_PUBLIC RA_Extended_Login_Request_Msg::RA_Extended_Login_Request_Msg (int invalid_pw, int blocked, char **parameters, int len, char *title, char *description)
+{
+    m_invalid_pw = invalid_pw;
+    m_blocked = blocked;
+    m_title = PL_strdup(title);
+    m_description = PL_strdup(description);
+    if (parameters != NULL) {
+      if (len > 0) {
+        m_parameters = (char **) PR_Malloc (len);
+        for (int i = 0; i < len; i++) {
+          m_parameters[i] = PL_strdup(parameters[i]);
+        }
+      } else {
+        m_parameters = NULL;
+      }
+    }
+    m_len = len;
+}
+
+/**
+ * Destructs a login request message.
+ */
+TPS_PUBLIC RA_Extended_Login_Request_Msg::~RA_Extended_Login_Request_Msg ()
+{
+    for (int i = 0; i < m_len; i++) {
+        PL_strfree(m_parameters[i]);
+    }
+    if (m_parameters != NULL) {
+        PR_Free(m_parameters);
+    }
+}
+
+TPS_PUBLIC int RA_Extended_Login_Request_Msg::GetLen ()
+{
+    return m_len;
+}
+
+TPS_PUBLIC char *RA_Extended_Login_Request_Msg::GetTitle()
+{
+    return m_title;
+}
+
+TPS_PUBLIC char *RA_Extended_Login_Request_Msg::GetDescription()
+{
+    return m_description;
+}
+
+TPS_PUBLIC char *RA_Extended_Login_Request_Msg::GetParam (int i)
+{
+    return m_parameters[i];
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Extended_Login_Request_Msg::GetType ()
+{
+    return MSG_EXTENDED_LOGIN_REQUEST;
+}
+
+/**
+ * Is the password invalid in the previous login
+ * request.
+ */
+TPS_PUBLIC int RA_Extended_Login_Request_Msg::IsInvalidPassword()
+{
+    return m_invalid_pw;
+}
+
+/**
+ * Should the client block due to the previous
+ * invalid login.
+ */
+TPS_PUBLIC int RA_Extended_Login_Request_Msg::IsBlocked()
+{
+    return m_blocked;
+}
diff --git a/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp
new file mode 100644
index 000000000..f1d66b558
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Extended_Login_Response_Msg.cpp
@@ -0,0 +1,65 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login response message.
+ */
+TPS_PUBLIC RA_Extended_Login_Response_Msg::RA_Extended_Login_Response_Msg (AuthParams *params)
+{
+    m_params = params;
+}
+
+/**
+ * Destructs a login response message.
+ */
+TPS_PUBLIC RA_Extended_Login_Response_Msg::~RA_Extended_Login_Response_Msg ()
+{
+    if( m_params != NULL ) {
+        delete m_params;
+        m_params = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Extended_Login_Response_Msg::GetType ()
+{
+    return MSG_EXTENDED_LOGIN_RESPONSE;
+}
+
+/**
+ * Retrieves null-pointer terminated 
+ * user ID given by the end user.
+ */
+TPS_PUBLIC AuthParams *RA_Extended_Login_Response_Msg::GetAuthParams()
+{
+    return m_params;
+}
diff --git a/pki/base/tps/src/msg/RA_Login_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Login_Request_Msg.cpp
new file mode 100644
index 000000000..7bad331d7
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Login_Request_Msg.cpp
@@ -0,0 +1,71 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Login_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login request message that requests
+ * user id and password from the end user.
+ */
+TPS_PUBLIC RA_Login_Request_Msg::RA_Login_Request_Msg (int invalid_pw, int blocked)
+{
+    m_invalid_pw = invalid_pw;
+    m_blocked = blocked;
+}
+
+/**
+ * Destructs a login request message.
+ */
+TPS_PUBLIC RA_Login_Request_Msg::~RA_Login_Request_Msg ()
+{
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Login_Request_Msg::GetType ()
+{
+    return MSG_LOGIN_REQUEST;
+}
+
+/**
+ * Is the password invalid in the previous login
+ * request.
+ */
+TPS_PUBLIC int RA_Login_Request_Msg::IsInvalidPassword()
+{
+    return m_invalid_pw;
+}
+
+/**
+ * Should the client block due to the previous
+ * invalid login.
+ */
+TPS_PUBLIC int RA_Login_Request_Msg::IsBlocked()
+{
+    return m_blocked;
+}
diff --git a/pki/base/tps/src/msg/RA_Login_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Login_Response_Msg.cpp
new file mode 100644
index 000000000..67d796e6e
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Login_Response_Msg.cpp
@@ -0,0 +1,85 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a login response message.
+ */
+TPS_PUBLIC RA_Login_Response_Msg::RA_Login_Response_Msg (char *uid, char *password)
+{
+    if (uid == NULL)
+        m_uid = NULL;
+    else
+        m_uid = PL_strdup(uid);
+    if (password == NULL)
+        m_password = NULL;
+    else
+        m_password = PL_strdup(password);
+}
+
+/**
+ * Destructs a login response message.
+ */
+TPS_PUBLIC RA_Login_Response_Msg::~RA_Login_Response_Msg ()
+{
+    if( m_uid != NULL ) {
+        PL_strfree( m_uid );
+        m_uid = NULL;
+    }
+    if( m_password != NULL ) {
+        PL_strfree( m_password );
+        m_password = NULL;
+    }
+}
+
+/**
+ * Retrieves message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Login_Response_Msg::GetType ()
+{
+    return MSG_LOGIN_RESPONSE;
+}
+
+/**
+ * Retrieves null-pointer terminated 
+ * user ID given by the end user.
+ */
+TPS_PUBLIC char *RA_Login_Response_Msg::GetUID()
+{
+    return m_uid;
+}
+
+/**
+ * Retrieves null-pointer terminated password 
+ * given by the end user.
+ */
+TPS_PUBLIC char *RA_Login_Response_Msg::GetPassword()
+{
+    return m_password;
+}
diff --git a/pki/base/tps/src/msg/RA_New_Pin_Request_Msg.cpp b/pki/base/tps/src/msg/RA_New_Pin_Request_Msg.cpp
new file mode 100644
index 000000000..71889359e
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_New_Pin_Request_Msg.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a new pin request for the token.
+ */
+TPS_PUBLIC RA_New_Pin_Request_Msg::RA_New_Pin_Request_Msg (int min_len, int max_len)
+{
+    m_min_len = min_len;
+    m_max_len = max_len;
+}
+
+
+/**
+ * Destructs a new pin request.
+ */
+TPS_PUBLIC RA_New_Pin_Request_Msg::~RA_New_Pin_Request_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_New_Pin_Request_Msg::GetType ()
+{
+    return MSG_NEW_PIN_REQUEST;
+}
+
+/**
+ * Retrieves the minimium length required for the new password.
+ */
+TPS_PUBLIC int RA_New_Pin_Request_Msg::GetMinLen()
+{
+    return m_min_len;
+}
+
+
+/**
+ * Retrieves the maximium length required for the new password.
+ */
+TPS_PUBLIC int RA_New_Pin_Request_Msg::GetMaxLen()
+{
+    return m_max_len;
+}
diff --git a/pki/base/tps/src/msg/RA_New_Pin_Response_Msg.cpp b/pki/base/tps/src/msg/RA_New_Pin_Response_Msg.cpp
new file mode 100644
index 000000000..69b63f934
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_New_Pin_Response_Msg.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a new pin response.
+ */
+TPS_PUBLIC RA_New_Pin_Response_Msg::RA_New_Pin_Response_Msg (char *new_pin)
+{
+    if (new_pin == NULL)
+        m_new_pin = NULL;
+    else
+        m_new_pin = PL_strdup(new_pin);
+}
+
+/**
+ * Destructs a new pin response.
+ */
+TPS_PUBLIC RA_New_Pin_Response_Msg::~RA_New_Pin_Response_Msg ()
+{
+    if( m_new_pin != NULL ) {
+        PL_strfree( m_new_pin );
+        m_new_pin = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_New_Pin_Response_Msg::GetType ()
+{
+    return MSG_NEW_PIN_RESPONSE;
+}
+
+/**
+ * Retrieves the null-pointer terminated new pin 
+ * from the end user.
+ */
+TPS_PUBLIC char *RA_New_Pin_Response_Msg::GetNewPIN()
+{
+    return m_new_pin;
+}
diff --git a/pki/base/tps/src/msg/RA_SecureId_Request_Msg.cpp b/pki/base/tps/src/msg/RA_SecureId_Request_Msg.cpp
new file mode 100644
index 000000000..064461225
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_SecureId_Request_Msg.cpp
@@ -0,0 +1,69 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Secure ID request message for requesting
+ * Secure ID input from the end user.
+ */
+TPS_PUBLIC RA_SecureId_Request_Msg::RA_SecureId_Request_Msg (int pin_required, int next_value)
+{
+    m_pin_required = pin_required;
+    m_next_value = next_value;
+}
+
+/**
+ * Destructs a Secure ID request.
+ */
+TPS_PUBLIC RA_SecureId_Request_Msg::~RA_SecureId_Request_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_SecureId_Request_Msg::GetType ()
+{
+    return MSG_SECUREID_REQUEST;
+}
+
+/**
+ * Is PIN required?
+ */
+TPS_PUBLIC int RA_SecureId_Request_Msg::IsPinRequired()
+{
+    return m_pin_required;
+}
+
+/**
+ * Is next value required?
+ */
+TPS_PUBLIC int RA_SecureId_Request_Msg::IsNextValue()
+{
+    return m_next_value;
+}
diff --git a/pki/base/tps/src/msg/RA_SecureId_Response_Msg.cpp b/pki/base/tps/src/msg/RA_SecureId_Response_Msg.cpp
new file mode 100644
index 000000000..ff4191a61
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_SecureId_Response_Msg.cpp
@@ -0,0 +1,83 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "plstr.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Secure ID response.
+ */
+TPS_PUBLIC RA_SecureId_Response_Msg::RA_SecureId_Response_Msg (char *value, char *pin)
+{
+    if (value == NULL) 
+        m_value = NULL;
+    else 
+        m_value = PL_strdup(value);
+    if (pin == NULL)
+        m_pin = NULL;
+    else
+        m_pin = PL_strdup(pin);
+}
+
+/**
+ * Destructs a Secure ID response.
+ */
+TPS_PUBLIC RA_SecureId_Response_Msg::~RA_SecureId_Response_Msg ()
+{
+    if( m_value != NULL ) {
+        PL_strfree( m_value );
+        m_value = NULL;
+    }
+    if( m_pin != NULL ) {
+        PL_strfree( m_pin );
+        m_pin = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_SecureId_Response_Msg::GetType ()
+{
+    return MSG_SECUREID_RESPONSE;
+}
+
+/**
+ * Retrieves the value.
+ */
+TPS_PUBLIC char *RA_SecureId_Response_Msg::GetValue()
+{
+    return m_value;
+}
+
+/**
+ * Retrieves the PIN.
+ */
+TPS_PUBLIC char *RA_SecureId_Response_Msg::GetPIN()
+{
+    return m_pin;
+}
diff --git a/pki/base/tps/src/msg/RA_Status_Update_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Status_Update_Request_Msg.cpp
new file mode 100644
index 000000000..7bb0baefc
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Status_Update_Request_Msg.cpp
@@ -0,0 +1,66 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Request_Msg::RA_Status_Update_Request_Msg (int status, const char *info)
+{
+    m_status = status;
+    m_info = PL_strdup((char *) info);
+}
+
+/**
+ * Destructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Request_Msg::~RA_Status_Update_Request_Msg ()
+{
+    if( m_info != NULL ) {
+        PL_strfree( m_info );
+        m_info = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Status_Update_Request_Msg::GetType ()
+{
+    return MSG_STATUS_UPDATE_REQUEST;
+}
+
+TPS_PUBLIC int RA_Status_Update_Request_Msg::GetStatus()
+{
+    return m_status;
+}
+
+TPS_PUBLIC char *RA_Status_Update_Request_Msg::GetInfo()
+{
+    return m_info;
+}
diff --git a/pki/base/tps/src/msg/RA_Status_Update_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Status_Update_Response_Msg.cpp
new file mode 100644
index 000000000..6053c9af6
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Status_Update_Response_Msg.cpp
@@ -0,0 +1,56 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Response_Msg::RA_Status_Update_Response_Msg (int status)
+{
+    m_status = status;
+}
+
+/**
+ * Destructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Status_Update_Response_Msg::~RA_Status_Update_Response_Msg ()
+{
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Status_Update_Response_Msg::GetType ()
+{
+    return MSG_STATUS_UPDATE_RESPONSE;
+}
+
+TPS_PUBLIC int RA_Status_Update_Response_Msg::GetStatus()
+{
+    return m_status;
+}
diff --git a/pki/base/tps/src/msg/RA_Token_PDU_Request_Msg.cpp b/pki/base/tps/src/msg/RA_Token_PDU_Request_Msg.cpp
new file mode 100644
index 000000000..34b3d584b
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Token_PDU_Request_Msg.cpp
@@ -0,0 +1,63 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Token_PDU_Request_Msg::RA_Token_PDU_Request_Msg (APDU *apdu)
+{
+    m_apdu = apdu;
+}
+
+/**
+ * Destructs a Token PDU request.
+ */
+TPS_PUBLIC RA_Token_PDU_Request_Msg::~RA_Token_PDU_Request_Msg ()
+{
+    if( m_apdu != NULL ) {
+        delete m_apdu;
+        m_apdu = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type.
+ */
+TPS_PUBLIC RA_Msg_Type RA_Token_PDU_Request_Msg::GetType ()
+{
+    return MSG_TOKEN_PDU_REQUEST;
+}
+
+/**
+ * Retrieves the APDU that is targeted for the token.
+ */
+TPS_PUBLIC APDU *RA_Token_PDU_Request_Msg::GetAPDU()
+{
+    return m_apdu;
+}
diff --git a/pki/base/tps/src/msg/RA_Token_PDU_Response_Msg.cpp b/pki/base/tps/src/msg/RA_Token_PDU_Response_Msg.cpp
new file mode 100644
index 000000000..41b11388c
--- /dev/null
+++ b/pki/base/tps/src/msg/RA_Token_PDU_Response_Msg.cpp
@@ -0,0 +1,68 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "apdu/APDU_Response.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a Token PDU response.
+ */
+TPS_PUBLIC RA_Token_PDU_Response_Msg::RA_Token_PDU_Response_Msg (APDU_Response *response)
+{
+    m_response = response;
+}
+
+/**
+ * Destructs a Token PDU response.
+ */
+TPS_PUBLIC RA_Token_PDU_Response_Msg::~RA_Token_PDU_Response_Msg ()
+{
+    if( m_response != NULL ) {
+        delete m_response;
+        m_response = NULL;
+    }
+}
+
+/**
+ * Retrieves the message type. 
+ */
+TPS_PUBLIC RA_Msg_Type RA_Token_PDU_Response_Msg::GetType ()
+{
+    return MSG_TOKEN_PDU_RESPONSE;
+}
+
+/**
+ * Retrieves the response from the token.
+ * This response does not follow the standard
+ * APDU format. It is just a sequence of data
+ * with 2 bytes, at the end, that indicates 
+ * the status.
+ */
+TPS_PUBLIC APDU_Response *RA_Token_PDU_Response_Msg::GetResponse()
+{
+    return m_response;
+}
diff --git a/pki/base/tps/src/processor/RA_Enroll_Processor.cpp b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
new file mode 100644
index 000000000..c7c64c663
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Enroll_Processor.cpp
@@ -0,0 +1,5126 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ *  RA_Enroll_Processor handles initialization and enrollment of the token
+ */
+
+
+/* variable naming convention:
+ * a_ passed as an 'in' argument to a method
+ * o_ passed as an 'out' argument to a method
+ * m_ member variable
+ */
+
+
+#include <string.h>
+#include <time.h>
+#include "pkcs11.h"
+
+// for public key processing
+#include "secder.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+
+#include "cert.h"
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "main/PKCS11Obj.h"
+#include "engine/RA.h"
+#include "channel/Secure_Channel.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Enroll_Processor.h"
+#include "tus/tus_db.h"
+
+#include "cms/CertEnroll.h"
+#include "httpClient/httpc/response.h"
+#include "main/Memory.h"
+
+#define OP_PREFIX "op.enroll"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+SECStatus PK11_GenerateRandom(unsigned char *,int);
+void PrintPRTime(PRTime, const char *);
+
+
+// This parameter is read from the config file. It is the
+// applet build ID which the administrator wants to set as
+// the 'latest applet' to upgrade to.
+static const char *g_applet_target_version = NULL;
+
+
+/**
+ * this function returns a new allocated string
+ * @param cuid a 20 character string. Usually this is 20 hex
+ *  digits representing a token CUID.
+ * @returns a new string which is basically a copy of the input, but 
+ *   with extra colons. The caller is responsible for freeing the 
+ *   returned string with PR_Free().
+ */
+
+static char *GetPrettyPrintCUID(const char *cuid)
+{
+	int i,j;
+	char *ret = NULL;
+
+	if (cuid == NULL)
+		return NULL;
+	if (strlen(cuid) != 20) 
+		return NULL;
+	ret = (char *)PR_Malloc(20+4+1);
+	j = 0;
+	for (i = 0; i < 24; i++) {
+		if (i == 4 || i == 9 || i == 14 || i == 19) {
+		    ret[i] = '-';
+		} else {
+		    ret[i] = cuid[j];
+		    j++;
+		}
+	}
+	ret[24] = '\0';
+	return ret;
+}
+
+static SECItem *
+PK11_GetPubIndexKeyID(CERTCertificate *cert) {
+    SECKEYPublicKey *pubk;
+    SECItem *newItem = NULL;
+                                                                                
+    pubk = CERT_ExtractPublicKey(cert);
+    if (pubk == NULL) return NULL;
+                                                                                
+    switch (pubk->keyType) {
+    case rsaKey:
+    newItem = SECITEM_DupItem(&pubk->u.rsa.modulus);
+    break;
+    case dsaKey:
+        newItem = SECITEM_DupItem(&pubk->u.dsa.publicValue);
+    break;
+    case dhKey:
+        newItem = SECITEM_DupItem(&pubk->u.dh.publicValue);
+    break;
+    case ecKey:
+        newItem = SECITEM_DupItem(&pubk->u.ec.publicValue);
+    break;
+    case fortezzaKey:
+    default:
+    newItem = NULL; /* Fortezza Fix later... */
+    }
+    SECKEY_DestroyPublicKey(pubk);
+    /* make hash of it */
+    return newItem;
+}
+
+
+/**
+ * Constructs a processor for handling enrollment operation.
+ */
+TPS_PUBLIC RA_Enroll_Processor::RA_Enroll_Processor ()
+{
+}
+
+/**
+ * Destructs enrollment processor.
+ */
+TPS_PUBLIC RA_Enroll_Processor::~RA_Enroll_Processor ()
+{
+}
+
+RA_Status RA_Enroll_Processor::DoEnrollment(AuthParams *login, RA_Session *session, 
+                CERTCertificate **certificates,
+                char **origins,
+                char **ktypes,
+		    int pkcs11obj_enable,
+		PKCS11Obj *pkcs_objx,
+		NameValueSet *extensions,
+		int index, int keyTypeNum,
+		int start_progress,
+		int end_progress,
+		Secure_Channel *channel, Buffer *wrapped_challenge,
+		const char *tokenType,
+		const char *keyType,
+		Buffer *key_check, 
+		Buffer *plaintext_challenge,
+		const char *cuid,
+		const char *msn,
+		const char *khex, 
+		TokenKeyType key_type,
+		const char *profileId,
+		const char *userid, 
+		const char *cert_id, 
+                const char *publisher_id,
+		const char *cert_attr_id, 
+		const char *pri_attr_id,
+		const char *pub_attr_id, 
+		BYTE se_p1, BYTE se_p2, int keysize, const char *connid, const char *keyTypePrefix,char * applet_version)
+{
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    int len = 0;
+    int publish_result = -1;
+    Buffer *public_key = NULL;
+    SECItem si_mod;
+    Buffer *modulus=NULL;
+    SECItem *si_kid = NULL;
+    Buffer *keyid=NULL;
+    SECItem si_exp;
+    Buffer *exponent=NULL;
+    CertEnroll *certEnroll = NULL;
+    Buffer *cert = NULL;
+    Buffer CUID = channel->GetKeyDiversificationData();
+    const char *label = NULL;
+    const char *cuid_label = NULL;
+    const char *pattern;
+    char configname[256];
+    NameValueSet nv;
+    const char *pretty_cuid = NULL;
+
+    const char *FN="RA_Enroll_Processor::DoEnrollment";
+
+    char *cert_string = NULL;
+    SECItem* encodedPublicKeyInfo = NULL;
+    SECItem **ppEncodedPublicKeyInfo = NULL;
+	CERTSubjectPublicKeyInfo*  spkix = NULL;
+
+    char *pKey = NULL;
+    char *ivParam = NULL;
+    char *wrappedPrivKey = NULL;
+
+    const char *drmconnid = NULL;
+    bool serverKeygen = false;
+    SECKEYPublicKey *pk_p = NULL;
+
+    char audit_msg[512] = "";
+    char *keyVersion = NULL;
+    char cert_serial[2048] = "";
+    char activity_msg[4096] = "";
+
+    float progress_block_size = (float) (end_progress - start_progress) / keyTypeNum;
+    RA::Debug(LL_PER_CONNECTION,FN,
+	            "Start of keygen/certificate enrollment");
+
+    // get key version for audit logs
+    if (channel != NULL) {
+       if( keyVersion != NULL ) {
+           PR_Free( (char *) keyVersion );
+           keyVersion = NULL;
+       }
+       keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    // check if we need to do key generation (by default, overwrite everything)
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.overwrite", 
+		    OP_PREFIX, tokenType, keyType);
+      RA::Debug(LL_PER_CONNECTION,FN,
+	            "looking for config %s", configname);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+	    // do nothing
+      RA::Debug(LL_PER_CONNECTION,FN,
+	            "do overwrite");
+    } else {
+      RA::Debug(LL_PER_CONNECTION,FN,
+	            "do not overwrite, if %s exists", cert_id);
+      int num_objs = pkcs_objx->PKCS11Obj::GetObjectSpecCount();
+      char b[3];
+      bool foundObj = false;
+      for (int i = 0; i< num_objs; i++) {
+	ObjectSpec* os = pkcs_objx->GetObjectSpec(i);
+	unsigned long oid = os->GetObjectID();
+	b[0] = (char)((oid >> 24) & 0xff);
+	b[1] = (char)((oid >> 16) & 0xff);
+	b[2] = '\0';
+	/*
+	RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+		   "object id =%c:%c  b=%s",b[0], b[1], b);
+	*/
+	if (PL_strcasecmp(cert_id, b) == 0) {
+	  foundObj = true;
+	  break;
+	}
+      }
+
+
+      if (foundObj) {
+		// we already have a certificate there, skip enrollment
+                RA::Debug(LL_PER_CONNECTION,FN,
+	            "Found certficate. Will not overwrite. Skipped enrollment");
+		return status;
+	} else {
+                RA::Debug(LL_PER_CONNECTION,FN,
+	            "Certficate not found. Continuing with enrollment");
+	}
+    }
+    
+    StatusUpdate(session, extensions, 
+		 start_progress + (index * progress_block_size) + 
+		 (progress_block_size * 15/100) /* progress */, 
+		 "PROGRESS_KEY_GENERATION");
+
+    if (key_type == KEY_TYPE_ENCRYPTION) {// do serverSide keygen?
+                                                                                
+      PR_snprintf((char *)configname, 256, "%s.serverKeygen.enable", keyTypePrefix);
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"looking for config %s", configname);
+      serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+    }
+
+    certEnroll = new CertEnroll();
+
+    if (serverKeygen) {
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Private key is to be generated on server");
+
+      PR_snprintf((char *)configname, 256, "%s.serverKeygen.drm.conn", keyTypePrefix);
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"looking for config %s", configname);
+      drmconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+      PR_snprintf((char *)configname, 256, "%s.serverKeygen.archive", keyTypePrefix);
+      bool archive = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"calling ServerSideKeyGen with userid =%s, archive=%s", userid, archive? "true":"false");
+
+      RA::ServerSideKeyGen(session, cuid, userid,
+                           channel->getDrmWrappedDESKey(), &pKey,
+                           &wrappedPrivKey, &ivParam, drmconnid,
+                           archive, keysize);
+
+      if (pKey == NULL) {
+	    RA::Error(LL_PER_CONNECTION,FN,
+		"Failed to generate key on server. Please check DRM.");
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ServerSideKeyGen called, pKey is NULL");
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen called, failed to generate key on server");
+	goto loser;
+      } else
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"key value = %s", pKey);
+
+
+      if (wrappedPrivKey == NULL) {
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ServerSideKeyGen called, wrappedPrivKey is NULL");
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen called, wrappedPrivKey is NULL");
+	goto loser;
+      } else
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"wrappedPrivKey = %s", wrappedPrivKey);
+
+      if (ivParam == NULL) {
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ServerSideKeyGen called, ivParam is NULL");
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen called, ivParam is NULL");
+	goto loser;
+      } else
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"ivParam = %s", ivParam);
+
+      /*
+       * the following code converts b64-encoded public key info into SECKEYPublicKey
+       */
+      SECStatus rv;
+      SECItem der;
+      CERTSubjectPublicKeyInfo* spki = NULL;
+               
+      der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
+      rv = ATOB_ConvertAsciiToItem (&der, pKey);
+      if (rv != SECSuccess){
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"failed to convert b64 private key to binary");
+	SECITEM_FreeItem(&der, PR_FALSE);
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen: failed to convert b64 private key to binary");
+	goto loser;
+      }else {
+	RA::Debug(LL_PER_CONNECTION,FN,
+		"decoded private key as: secitem (len=%d)",der.len);
+
+	spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
+
+	if (spki != NULL) {
+	  RA::Debug(LL_PER_CONNECTION,FN,
+		"Successfully decoded DER SubjectPublicKeyInfo structure");
+	  pk_p = SECKEY_ExtractPublicKey(spki);
+	  if (pk_p != NULL)
+	    RA::Debug(LL_PER_CONNECTION,FN,
+		"Successfully extracted public key from SPKI structure");
+	  else
+	    RA::Debug(LL_PER_CONNECTION,FN,
+		"Failed to extract public key from SPKI");
+	} else {
+	  RA::Debug(LL_PER_CONNECTION,FN,
+		"Failed to decode SPKI structure");
+	}
+
+	SECITEM_FreeItem(&der, PR_FALSE);
+    	SECKEY_DestroySubjectPublicKeyInfo(spki);
+	
+      }
+
+    } else { //generate keys on token
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+                "Private key is to be generated on token");
+
+      BYTE alg = 0x80;
+
+      if(key_check && key_check->size())
+         alg = 0x81;
+
+      len = channel->StartEnrollment(
+        se_p1, se_p2,
+        wrapped_challenge,
+        key_check,
+        alg /* alg */, keysize,
+        0x00 /* option */);
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"channel->StartEnrollment returned length of public key blob: len=%d", len);
+
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 45/100) /* progress */, 
+			"PROGRESS_READ_PUBLIC_KEY");
+
+      /* read the public key from buffer */
+      if (len <= 0) {
+	RA::Error(LL_PER_CONNECTION,FN,
+		  "Error generating key on token.");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "Error generating key on token");
+        goto loser;
+      }
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Reading public key buffer from token");
+
+      BYTE iobuf[4];
+      iobuf[0] = 0xff;
+      iobuf[1] = 0xff;
+      iobuf[2] = 0xff;
+      iobuf[3] = 0xff;
+      /* use ReadObject to read IO buffer */
+      public_key = channel->ReadObject(iobuf, 0, len);
+      if (public_key == NULL) {
+	RA::Error(LL_PER_CONNECTION,FN,
+		  "Unable to read public key buffer from token");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "Unable to read public key buffer from token");
+        goto loser;
+      }
+      RA::Debug(LL_PER_CONNECTION,FN,
+	      "Successfully read public key buffer");
+      
+      RA::DebugBuffer(LL_PER_CONNECTION,FN,
+		"public_key = ", public_key);
+
+      //got public key blob
+      // parse public key blob and check POP
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+	      "challenge size=%d",plaintext_challenge->size());
+      RA::DebugBuffer("RA_Enroll_Processor::process", "challenge = ", 
+          plaintext_challenge);
+
+
+      // send status update to the client
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 55/100) /* progress */, 
+			"PROGRESS_PARSE_PUBLIC_KEY");
+
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"About to Parse Public Key");
+
+      pk_p = certEnroll->ParsePublicKeyBlob(
+                (unsigned char *)(BYTE *)*public_key /*blob*/, 
+                plaintext_challenge);
+
+      if (pk_p == NULL) {
+	    RA::Error(LL_PER_CONNECTION,FN,
+		  "Failed to parse public key");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "Failed to parse public key");
+        goto loser;
+      }
+
+    } //serverKeygen or not
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"Keys generated. Proceeding with certificate enrollment");
+
+    RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+          userid != NULL ? userid : "",
+          cuid != NULL ? cuid : "",
+          msn != NULL ? msn : "",
+          "success",
+          "enrollment",
+          applet_version != NULL ? applet_version : "",
+          keyVersion != NULL? keyVersion : "",
+          "keys generated");
+
+    if(publisher_id != NULL)
+    {
+        ppEncodedPublicKeyInfo = &encodedPublicKeyInfo;
+
+    }
+
+    pretty_cuid = GetPrettyPrintCUID(cuid);
+
+    nv.Add("pretty_cuid", pretty_cuid);
+    nv.Add("cuid", cuid);
+    nv.Add("msn", msn);
+    nv.Add("userid", userid);
+    nv.Add("profileId", profileId);
+
+    /* populate auth parameters output to nv also */
+    /* so we can reference to the auth parameter by */
+    /* using $auth.cn$, or $auth.mail$ */
+    if (login != NULL) {
+      int s = login->Size();
+      for (int x = 0; x < s; x++) {
+         char namebuf[2048];
+         char *name = login->GetNameAt(x);
+         sprintf(namebuf, "auth.%s", name);
+         nv.Add(namebuf, login->GetValue(name));
+      }
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.cuid_label", 
+		    OP_PREFIX, tokenType, keyType);
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"Certificate label '%s'", configname);
+
+    pattern = RA::GetConfigStore()->GetConfigAsString(configname, "$cuid$");
+    cuid_label = MapPattern(&nv, (char *) pattern);
+
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 60/100) /* progress */, 
+			"PROGRESS_ENROLL_CERT");
+
+    cert = certEnroll->EnrollCertificate(
+                    pk_p, profileId, userid, cuid_label, 
+		    connid, audit_msg, ppEncodedPublicKeyInfo);
+
+    if (cert == NULL) {
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC_CERT_REQ, 
+          userid, cuid, msn, "failure", "enrollment", applet_version, 
+          keyVersion != NULL ? keyVersion : "", 
+          "", connid,  audit_msg);
+        goto loser;
+    }
+
+    si_mod = pk_p->u.rsa.modulus;
+    modulus = new Buffer((BYTE*) si_mod.data, si_mod.len);
+
+    /* 
+     * RFC 3279
+     * The keyIdentifier is composed of the 160-bit SHA-1 hash of the
+     * value of the BIT STRING subjectPublicKey (excluding the tag,
+     * length, and number of unused bits).
+     */
+	spkix = SECKEY_CreateSubjectPublicKeyInfo(pk_p);
+
+    /* 
+     * NSS magically multiply the length with 2^3 in cryptohi/seckey.c 
+     * Hack: 
+     */
+    spkix->subjectPublicKey.len >>= 3;
+    si_kid = PK11_MakeIDFromPubKey(&spkix->subjectPublicKey);
+    spkix->subjectPublicKey.len <<= 3;
+
+
+    keyid = new Buffer((BYTE*) si_kid->data, si_kid->len);
+
+    si_exp = pk_p->u.rsa.publicExponent;
+    exponent =  new Buffer((BYTE*) si_exp.data, si_exp.len);
+
+    RA::Debug(LL_PER_CONNECTION,FN,
+	      "Keyid, modulus and exponent have been extracted from public key");
+
+    SECKEY_DestroySubjectPublicKeyInfo(spkix);
+
+    cert_string = (char *) cert->string();
+    certificates[index] = CERT_DecodeCertFromPackage((char *) cert_string, 
+      (int) cert->size());
+    if (certificates[index] != NULL) {
+        RA::ra_tus_print_integer(cert_serial, &certificates[index]->serialNumber);
+        RA::Debug("DoEnrollment", "Received Certificate");
+        RA::Debug("DoEnrollment", cert_serial);
+
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC_CERT_REQ, 
+          userid, cuid, msn, "success", "enrollment", applet_version, 
+          (keyVersion != NULL) ? keyVersion : "", cert_serial, connid,  "certificate received");
+    }
+    free(cert_string);
+    ktypes[index] = PL_strdup(keyType);
+    origins[index] = PL_strdup(cuid);
+
+    if (serverKeygen) {
+      //do PKCS#8
+
+      BYTE objid[4];
+
+      objid[0] = 0xFF;
+      objid[1] = 0x00;
+      objid[2] = 0xFF;
+      objid[3] = 0xF3;
+      Buffer priv_keyblob;
+      /* url decode wrappedPrivKey */
+      {
+	Buffer *decodeKey = Util::URLDecode(wrappedPrivKey);
+	// RA::DebugBuffer("cfu debug"," private key =",decodeKey);
+	priv_keyblob =
+	  Buffer(1, 0x01) + // encryption
+	  Buffer(1, 0x09)+ // keytype is RSAPKCS8Pair
+	  Buffer(1,(BYTE)(keysize/256)) + // keysize is two bytes
+	  Buffer(1,(BYTE)(keysize%256)) +
+	  Buffer((BYTE*) *decodeKey, decodeKey->size());
+	delete decodeKey;
+      }
+
+      //inject PKCS#8 private key
+      BYTE perms[6];
+
+      perms[0] = 0x40;
+      perms[1] = 0x00;
+      perms[2] = 0x40;
+      perms[3] = 0x00;
+      perms[4] = 0x40;
+      perms[5] = 0x00;
+
+      if (channel->CreateObject(objid, perms, priv_keyblob.size()) != 1) {
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen: store keys in token failed, channel create object error");
+	goto loser;
+      }
+
+
+      if (channel->WriteObject(objid, (BYTE*)priv_keyblob, priv_keyblob.size()) != 1) {
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen: store keys in token failed, channel write object error");
+	goto loser;
+      }
+
+
+      /* url decode the wrapped kek session key and keycheck*/
+      Buffer data;
+      {
+
+	/*
+	  RA::Debug(LL_PER_PDU, "", "getKekWrappedDESKey() returns =%s", channel->getKekWrappedDESKey());
+	  RA::Debug(LL_PER_PDU, "", "getKeycheck() returns =%s", channel->getKeycheck());
+	*/
+	Buffer *decodeKey = Util::URLDecode(channel->getKekWrappedDESKey());
+
+	/*
+	  RA::Debug(LL_PER_PDU, "", "des key item len=%d",
+	  decodeKey->size());
+	  RA::DebugBuffer("cfu debug", "DES key =", decodeKey);
+	*/
+	char *keycheck = channel->getKeycheck();
+	Buffer *decodeKeyCheck = Util::URLDecode(keycheck);
+	if (keycheck)
+	  PL_strfree(keycheck);
+
+	/*
+	  RA::Debug(LL_PER_PDU, "", "keycheck item len=%d",
+	  decodeKeyCheck->size());
+	  RA::DebugBuffer("cfu debug", "key check=", decodeKeyCheck);
+	*/
+
+	//XXX need randomize this later
+
+	//	  BYTE iv[] = {0x01, 0x01,0x01,0x01,0x01,0x01,0x01,0x01};
+	// get ivParam
+	Buffer *iv_decoded = Util::URLDecode(ivParam);
+	if (ivParam) {
+	  PL_strfree(ivParam);
+	}
+
+        if(iv_decoded == NULL) {
+           status = STATUS_ERROR_MAC_ENROLL_PDU;
+           PR_snprintf(audit_msg, 512, "ServerSideKeyGen: store keys in token failed, iv data not found");
+           delete decodeKey;
+           delete decodeKeyCheck;
+           goto loser; 
+        }
+
+        BYTE alg = 0x80;
+        if(decodeKey && decodeKey->size()) {
+            alg = 0x81;
+        }
+
+	data =
+	  Buffer((BYTE*)objid, 4)+ // object id
+	  Buffer(1,alg) +
+	  Buffer(1, (BYTE) decodeKey->size()) + // 1 byte length
+	  Buffer((BYTE *) *decodeKey, decodeKey->size())+ // key -encrypted to 3des block
+	  // check size
+	  // key check
+	  Buffer(1, (BYTE) decodeKeyCheck->size()) + //keycheck size
+	  Buffer((BYTE *) *decodeKeyCheck , decodeKeyCheck->size())+ // keycheck
+	  Buffer(1, iv_decoded->size())+ // IV_Length
+	  Buffer((BYTE*)*iv_decoded, iv_decoded->size());
+
+	delete iv_decoded;
+	//      RA::DebugBuffer("cfu debug", "ImportKeyEnc data buffer =", &data);
+
+	delete decodeKey;
+	delete decodeKeyCheck;
+      }
+
+      if (channel->ImportKeyEnc(se_p1, se_p2, &data) != 1) {
+	status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "ServerSideKeyGen: store keys in token failed, channel import key error");
+	goto loser;
+      }
+
+      RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+          userid != NULL ? userid : "",
+          cuid != NULL ? cuid : "",
+          msn != NULL ? msn : "",
+          "success",
+          "enrollment",
+          applet_version != NULL ? applet_version : "",
+          keyVersion != NULL? keyVersion : "",
+          "server generated keys stored in token");
+
+
+      /*
+       * After keys are injected successfully, then write certificate object apdu
+       * to token
+       */
+
+    } // serverKeygen
+
+
+    StatusUpdate(session, extensions,
+		 start_progress + (index * progress_block_size) + 
+		 (progress_block_size * 70/100) /* progress */, 
+		 "PROGRESS_PUBLISH_CERT");
+
+    //Attempt publish if relevant
+    if(ppEncodedPublicKeyInfo)
+      { 
+
+        publish_result = DoPublish(cuid,encodedPublicKeyInfo,cert,publisher_id,applet_version); 
+
+      }
+
+    if(ppEncodedPublicKeyInfo)
+      {
+	RA::Debug(LL_PER_CONNECTION,FN,
+			"Deleting PublicKeyInfo object.");
+
+	SECITEM_FreeItem(*ppEncodedPublicKeyInfo, PR_TRUE);
+      }
+
+    if(publish_result == 0)
+      {
+        status = STATUS_ERROR_PUBLISH;
+
+        RA::Error(LL_PER_CONNECTION,FN,
+		 "Enroll Certificate Publish Failure %d", status);
+
+        RA::Debug(LL_PER_CONNECTION,FN,
+		"Enroll Certificate Publish Failure %d",status);
+        PR_snprintf(audit_msg, 512, "publish certificate error");
+        goto loser;
+      }
+
+    if (cert != NULL) {
+      RA::Debug(LL_PER_CONNECTION,FN,
+		"Enroll Certificate Finished");
+    } else {
+      RA::Error(LL_PER_CONNECTION,FN,
+	"Enroll Certificate Failure");
+
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "cert is null");
+        goto loser;
+    }
+
+	StatusUpdate(session, extensions,
+			start_progress + (index * progress_block_size) + 
+			(progress_block_size * 80/100) /* progress */, 
+			"PROGRESS_IMPORT_CERT");
+
+    /* write certificate from CA to netkey */
+    if (pkcs11obj_enable) {
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(cert_id[0] << 24) +
+				(cert_id[1] << 16),
+				cert);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"About to create certificate object on token");
+    	rc = channel->CreateCertificate(cert_id, cert);
+    	if (rc == -1) {
+       	 	RA::Error(LL_PER_CONNECTION,FN,
+		"Failed to create certificate object on token");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+                PR_snprintf(audit_msg, 512, "Failed to create certificate object on token");
+        	goto loser;
+    	}
+    }
+
+    // build label
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.label", 
+		    OP_PREFIX, tokenType, keyType);
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"label '%s'", configname);
+    pattern = RA::GetConfigStore()->GetConfigAsString(configname);
+    label = MapPattern(&nv, (char *) pattern);
+
+    if (pkcs11obj_enable) {
+    	Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+			key_type, cert_attr_id, label, keyid);
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(cert_attr_id[0] << 24) +
+				(cert_attr_id[1] << 16),
+				&b);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"About to create PKCS#11 certificate Attributes");
+    	rc = channel->CreatePKCS11CertAttrs(key_type, cert_attr_id, label, keyid);
+    	if (rc == -1) {
+       	 RA::Error(LL_PER_CONNECTION,FN,
+		"PKCS11 Certificate attributes creation failed");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+                PR_snprintf(audit_msg, 512, "PKCS11 Certificate attributes creation failed");
+        	goto loser;
+    	}
+    }
+
+    if (pkcs11obj_enable) {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"Create PKCS11 Private Key Attributes Buffer");
+    	Buffer b = channel->CreatePKCS11PriKeyAttrsBuffer(key_type, 
+			pri_attr_id, label, keyid, modulus, OP_PREFIX, 
+			tokenType, keyTypePrefix);
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(pri_attr_id[0] << 24) +
+				(pri_attr_id[1] << 16),
+				&b);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"Create PKCS11 Private Key Attributes");
+    	rc = channel->CreatePKCS11PriKeyAttrs(key_type, pri_attr_id, label, keyid, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+    	if (rc == -1) {
+        	RA::Error(LL_PER_CONNECTION,FN,
+		"PKCS11 private key attributes creation failed");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+                PR_snprintf(audit_msg, 512, "PKCS11 private key attributes creation failed");
+        	goto loser;
+    	}
+    }
+
+    if (pkcs11obj_enable) {
+    	Buffer b = channel->CreatePKCS11PubKeyAttrsBuffer(key_type, 
+			pub_attr_id, label, keyid, 
+           exponent, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+	ObjectSpec *objSpec = 
+		ObjectSpec::ParseFromTokenData(
+				(pub_attr_id[0] << 24) +
+				(pub_attr_id[1] << 16),
+				&b);
+	pkcs_objx->AddObjectSpec(objSpec);
+    } else {
+    	RA::Debug(LL_PER_CONNECTION,FN,
+		"Create PKCS11 Public Key Attributes");
+    	rc = channel->CreatePKCS11PubKeyAttrs(key_type, pub_attr_id, label, keyid, 
+           exponent, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+    	if (rc == -1) {
+        	RA::Error(LL_PER_CONNECTION,FN,
+			"PKCS11 public key attributes creation failed");
+        	status = STATUS_ERROR_MAC_ENROLL_PDU;
+                PR_snprintf(audit_msg, 512, "PKCS11 public key attributes creation failed");
+        	goto loser;
+    	}
+    }
+    RA::Debug(LL_PER_CONNECTION,FN, "End of keygen/certificate enrollment");
+
+    PR_snprintf(activity_msg, 4096, "certificate %s stored on token", cert_serial);
+    RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "enrollment",
+      applet_version != NULL ? applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      activity_msg);
+ 
+   RA::tdb_activity(session->GetRemoteIP(), 
+      (char *) cuid, 
+      "enrollment", 
+      "success", 
+      activity_msg,
+      userid != NULL? userid : "",
+      tokenType);
+
+loser:
+    if (strlen(audit_msg) > 0) { // a failure occurred
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+          userid != NULL ? userid : "",
+          cuid != NULL ? cuid : "",
+          msn != NULL ? msn : "",
+          "failure",
+          "enrollment",
+          applet_version != NULL ? applet_version : "",
+          keyVersion != NULL? keyVersion : "",
+          audit_msg);
+
+        if ((cuid != NULL) && (tokenType != NULL)) {
+            RA::tdb_activity(session->GetRemoteIP(),
+                (char *) cuid,
+                "enrollment",
+                "failure",
+                audit_msg,
+                userid != NULL? userid : "",
+                tokenType);
+        }
+    }
+
+    if( keyVersion != NULL ) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+
+    if( modulus != NULL ) {
+        delete modulus;
+        modulus = NULL;
+    }
+    if( keyid != NULL ) {
+        delete keyid;
+        keyid = NULL;
+    }
+    if( exponent != NULL ) {
+        delete exponent;
+        exponent = NULL;
+    }
+    if( cert != NULL ) {
+        delete cert;
+        cert = NULL;
+    }
+    if( public_key != NULL ) {
+        delete public_key;
+        public_key = NULL;
+    }
+  
+    if (pKey !=NULL)
+        PR_Free(pKey);
+
+    if (wrappedPrivKey !=NULL)
+        PR_Free(wrappedPrivKey);
+
+    if( si_kid != NULL ) {
+        SECITEM_FreeItem( si_kid, PR_TRUE );
+        si_kid = NULL;
+    }
+    if( certEnroll != NULL ) {
+        delete certEnroll;
+        certEnroll = NULL;
+    }
+    if( label != NULL ) {
+        PL_strfree( (char *) label );
+        label = NULL;
+    }
+    if( cuid_label != NULL ) {
+        PL_strfree( (char *) cuid_label );
+        cuid_label = NULL;
+    }
+    if( pretty_cuid != NULL ) {
+        PR_Free( (char *) pretty_cuid );
+        pretty_cuid = NULL;
+    }
+    if (pk_p != NULL) {
+        if (serverKeygen) {
+            SECKEY_DestroyPublicKey(pk_p);
+        } else {
+            free(pk_p);
+        }
+        pk_p = NULL;
+    }
+    return status;
+}
+
+SECStatus getRandomNumber(unsigned long *number) {
+  SECStatus rv;
+
+  if (number == NULL) {
+    return SECFailure;
+  }
+
+  rv = PK11_GenerateRandom((unsigned char *) number, sizeof(unsigned long));
+  return rv;
+}
+
+
+/**
+ * @return true if successfull
+ */
+bool RA_Enroll_Processor::GetCardManagerAppletInfo(
+    RA_Session *a_session,   /* in */
+	Buffer *a_cardmanagerAID,  /* in */
+    RA_Status &a_status,     /* out */
+    char * &msn,             /* out */
+    char * &cuid,            /* out */
+    Buffer &token_cuid       /* out */
+)
+{
+	bool r = true;  // result
+    Buffer *cplc_data = NULL;
+    Buffer token_msn;
+
+    SelectApplet(a_session, 0x04, 0x00, a_cardmanagerAID);
+    cplc_data = GetData(a_session);
+    if (cplc_data == NULL) {
+          RA::Error("RA_Enroll_Processor::Process", 
+			"Get Data Failed");
+          a_status = STATUS_ERROR_SECURE_CHANNEL;		 
+		  r = false;
+          goto loser;
+    }
+    RA::DebugBuffer("RA_Enroll_Processor::process", "CPLC Data = ", 
+		    	cplc_data);
+    if (cplc_data->size() < 47) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Invalid CPLC Size");
+          a_status = STATUS_ERROR_SECURE_CHANNEL;
+		  r = false;
+          goto loser;
+    }
+    token_cuid =  Buffer(cplc_data->substr(3,4)) + 
+	     Buffer(cplc_data->substr(19,2)) + 
+	     Buffer(cplc_data->substr(15,4));
+    RA::DebugBuffer("RA_Enroll_Processor::process", "Token CUID= ", 
+		    	&token_cuid);
+    cuid = Util::Buffer2String(token_cuid);
+    RA::Debug("RA_Enroll_Processor::process", "CUID(String)= '%s'", 
+		    	cuid);
+    token_msn = Buffer(cplc_data->substr(41, 4));
+    RA::DebugBuffer("RA_Enroll_Processor::process", "Token MSN= ", 
+		    	&token_msn);
+    msn = Util::Buffer2String(token_msn);
+    RA::Debug("RA_Enroll_Processor::process", "MSN(String)= '%s'", 
+		    	msn);
+	loser:
+    if( cplc_data != NULL ) {
+        delete cplc_data;
+    }
+
+	return r;
+}
+
+bool RA_Enroll_Processor::GetAppletInfo(
+	RA_Session *a_session,   /* in */
+    Buffer *a_aid ,  /* in */
+    BYTE &o_major_version,
+    BYTE &o_minor_version,
+    BYTE &o_app_major_version,
+    BYTE &o_app_minor_version)
+{
+    int total_mem = 0;
+    int free_mem  = 0;
+    Buffer *token_status = NULL;
+    SelectApplet(a_session, 0x04, 0x00, a_aid);
+    token_status = GetStatus(a_session, 0x00, 0x00);
+    if (token_status == NULL) {
+      o_major_version = 0x0;
+      o_minor_version = 0x0;
+      o_app_major_version = 0x0;
+      o_app_minor_version = 0x0;
+    } else {
+      o_major_version = ((BYTE*)*token_status)[0];     // is this protocol version?
+      o_minor_version = ((BYTE*)*token_status)[1];
+      o_app_major_version = ((BYTE*)*token_status)[2]; // and this applet version?
+      o_app_minor_version = ((BYTE*)*token_status)[3];
+
+      BYTE tot_high = ((BYTE*)*token_status)[6];
+      BYTE tot_low  = ((BYTE*)*token_status)[7];
+
+      BYTE free_high = ((BYTE*)*token_status)[10];
+      BYTE free_low  = ((BYTE*)*token_status)[11];
+
+      total_mem =   (tot_high << 8)  + tot_low;
+      free_mem  =   (free_high << 8) + free_low;
+
+      totalAvailableMemory = total_mem;
+      totalFreeMemory      = free_mem;
+
+      RA::DebugBuffer("RA_Enroll_Processor::Process AppletInfo Data", "Data=", token_status);
+      delete token_status;
+    }
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	      "Major=%d Minor=%d Applet Major=%d Applet Minor=%d Total Mem %d Free Mem %d", 
+			o_major_version, o_minor_version, o_app_major_version, o_app_minor_version,total_mem,free_mem);
+	return true;
+}
+
+
+/**
+ * Query applet for build ID info
+ * 'Pretty'-print it into useful format, along with version info
+ * example input:
+ *  a_app_major_version = 1
+ *  a_app_minor_version = 3
+ * Examples for the following outputs:
+ * o_av   = "1.3.45FC0218"
+ * The caller is responsible for free'ing (o_av)
+ */
+bool RA_Enroll_Processor::FormatAppletVersionInfo(
+    RA_Session *a_session,
+	const char *a_tokenType,
+	char *a_cuid,
+    BYTE a_app_major_version,
+    BYTE a_app_minor_version,
+	RA_Status &o_status,            // out
+	char * &o_av // out.  
+)
+{
+	bool r=true;
+	char configname[256];
+	char *av=NULL;
+	
+	// retrieve the 4-byte applet ID from the token
+	Buffer *tokenBuildID = GetAppletVersion(a_session);
+
+	if (tokenBuildID == NULL) {
+		// If there was no applet on the token
+		PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX,
+				a_tokenType);
+	// XXX checks if emptyToken is enabled. This should probably get moved
+    // to the applet update function, and leave this fn only for getting
+    // the version information
+		if (!RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+			RA::Error("RA_Enroll_Processor::Process", 
+					"no applet found and applet upgrade not enabled");
+			o_status = STATUS_ERROR_SECURE_CHANNEL;  // XXX  incorrect error message
+			r=false;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel not established", "", a_tokenType); // XXX incorrect error message
+			goto loser;
+		}
+	} else {
+		// if there was an applet on the token:
+		char * bid_string =  Util::Buffer2String(*tokenBuildID);
+		RA::Debug("RA_Enroll_Processor", "buildid = %s", bid_string);
+		av = PR_smprintf( "%x.%x.%s", 
+			a_app_major_version, a_app_minor_version, bid_string);
+		PR_Free(bid_string);
+	}
+	o_av = (av == NULL) ? strdup("") : av;
+
+	RA::Debug("RA_Enroll_Processor", "final_applet_version = %s", o_av);
+loser:
+	if( tokenBuildID != NULL ) {
+		delete tokenBuildID;
+	}
+	return r;
+}
+
+/**
+ * Checks if we need to upgrade applet. 
+ * The version of the current token is passed IN to this function
+ * in o_current_applet_on_token. If the applet is upgraded, this
+ * out parameter will be set to the new applet version id.
+ * maj/minor versions will be also updated if the applet was updated.
+ */
+bool RA_Enroll_Processor::CheckAndUpgradeApplet(
+		RA_Session *a_session,
+		NameValueSet *a_extensions,
+		char *a_cuid,
+		const char *a_tokenType,
+		char *&o_current_applet_on_token,
+		BYTE &o_major_version,
+		BYTE &o_minor_version,
+		Buffer *a_aid,
+                const char *a_msn, 
+                const char *a_userid,
+		RA_Status &o_status, 
+                char **keyVersion )
+{
+	const char *FN = "RA_Enroll_Processor::CheckAndUpgradeApplet";
+	bool r = true;
+	const char *applet_dir=NULL;
+    const char *connid = NULL;
+    Buffer *token_status = NULL;
+	char configname[256];
+
+	// You specify the following parameters to get applet upgrade working
+	// *.update.applet.enable=true
+	// *.update.applet.requiredVersion=maj.min.xxxxxxxx
+	PR_snprintf((char *)configname, 256, "%s.%s.update.applet.encryption", OP_PREFIX, a_tokenType);
+	SecurityLevel security_level = SECURE_MSG_MAC;
+	if (RA::GetConfigStore()->GetConfigAsBool(configname, true))
+			security_level = SECURE_MSG_MAC_ENC;
+
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.enable", OP_PREFIX, a_tokenType);
+	if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+		PR_snprintf((char *)configname, 256, "%s.%s.update.applet.requiredVersion", OP_PREFIX, a_tokenType);
+                g_applet_target_version = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (g_applet_target_version == NULL) {
+			RA::Error(FN, "upgrade.version not found");
+			o_status = STATUS_ERROR_MISCONFIGURATION;		 
+			r = false;
+			goto loser;
+		}
+		/* Bugscape #55826: used case-insensitive check below */
+		if (PL_strcasecmp(g_applet_target_version, o_current_applet_on_token) != 0) {
+			RA::Debug(LL_PER_CONNECTION, FN, "tokenType=%s before updating applet", a_tokenType);
+			/* upgrade applet */
+			PR_snprintf((char *)configname, 256, "%s.%s.update.applet.directory", OP_PREFIX, a_tokenType);
+			applet_dir = RA::GetConfigStore()->GetConfigAsString(configname);
+			if (applet_dir == NULL) {
+				RA::Error(LL_PER_CONNECTION, FN,
+						"Failed to read applet directory parameter %s", configname);
+				o_status = STATUS_ERROR_MISCONFIGURATION;		 
+				r = false;
+				goto loser;
+			}
+			PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, a_tokenType);
+			connid = RA::GetConfigStore()->GetConfigAsString(configname);
+			RA::Debug(FN, "TKS connection id =%s", connid);
+			//StatusUpdate(a_session, a_extensions, 5, "PROGRESS_UPGRADE_APPLET");
+
+			if (UpgradeApplet(a_session, (char *) OP_PREFIX, (char*) a_tokenType,
+				o_major_version, o_minor_version, 
+				g_applet_target_version, 
+				applet_dir, security_level, 
+				connid, a_extensions, 
+				5, 
+				12, 
+                                keyVersion) != 1) {
+
+				RA::Debug(FN, "applet upgrade failed");
+				/**
+				 * Bugscape #55709: Re-select Net Key Applet ONLY on failure.
+				 */
+				SelectApplet(a_session, 0x04, 0x00, a_aid);
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "applet upgrade error", "", a_tokenType);
+				o_status = STATUS_ERROR_UPGRADE_APPLET;		 
+				r = false;
+
+                                RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+                                  a_userid, a_cuid, a_msn, "Failure", "enrollment",
+                                  *keyVersion != NULL? *keyVersion : "",
+                                  o_current_applet_on_token, g_applet_target_version,
+                                  "applet upgrade");
+                                
+				goto loser;
+			} else {
+				// there may be a better place to do this, but worth testing here
+				// RA::tdb_update(a_cuid, g_applet_target_version);
+			}
+
+			// Upgrade Applet reported success
+                        
+                        RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+                          a_userid, a_cuid, a_msn, "Success", "enrollment",
+                          *keyVersion != NULL? *keyVersion : "",
+                          o_current_applet_on_token, g_applet_target_version, 
+                          "applet upgrade");
+
+			o_current_applet_on_token = strdup(g_applet_target_version);
+
+			token_status = GetStatus(a_session, 0x00, 0x00);
+			if (token_status == NULL) {
+				RA::Error(FN, "Get Status Failed");
+				o_status = STATUS_ERROR_SECURE_CHANNEL;		 // XXX
+				RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "secure channel error", "", a_tokenType);
+				r = false;
+				goto loser;
+			}
+
+			o_major_version = ((BYTE*)*token_status)[2]; // applet version
+			o_minor_version = ((BYTE*)*token_status)[3]; // not protocol version
+loser:
+    		if( token_status != NULL ) {
+        		delete token_status;
+    		}
+		}
+	} else {
+        RA::Debug(FN, "Applet Upgrade has been disabled.");
+    }
+	return r;
+}
+
+/**
+ * Authenticate user with LDAP plugin
+ * @return true if authentication was successful
+ */
+bool RA_Enroll_Processor::AuthenticateUserLDAP(
+		RA_Session *a_session,
+                NameValueSet *a_extensions,
+		char *a_cuid,
+		AuthenticationEntry *a_auth,
+		AuthParams *&login,
+		RA_Status &o_status,
+                const char *a_token_type
+)
+{
+	const char *FN = "RA_Enroll_Processor::AuthenticateUserLDAP";
+	int retry_limit = a_auth->GetAuthentication()->GetNumOfRetries();
+	int retries = 0;
+	int rc;
+	bool r=false;
+
+	RA::Debug(LL_PER_PDU, FN, "LDAP_Authentication is invoked.");
+	rc = a_auth->GetAuthentication()->Authenticate(login);
+
+	RA::Debug(FN, "Authenticate returned: %d", rc);
+
+	// rc: (0:login correct) (-1:LDAP error)  (-2:User not found) (-3:Password error)
+
+	// XXX replace with proper enums
+	// XXX evaluate rc==0 as specific case - this is success, it shouldn't be the default
+
+	while ((rc == TPS_AUTH_ERROR_USERNOTFOUND || 
+			rc == TPS_AUTH_ERROR_PASSWORDINCORRECT ) 
+				&& (retries < retry_limit)) {
+		login = RequestLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */);
+		retries++;
+        if (login != NULL)
+		    rc = a_auth->GetAuthentication()->Authenticate(login);
+	}
+
+	switch (rc) {
+	case TPS_AUTH_OK:
+		RA::Debug(LL_PER_PDU, FN, "Authentication successful.");
+		r=true;
+		break;
+	case TPS_AUTH_ERROR_LDAP:
+		RA::Error(FN, "Authentication failed. LDAP Error");
+		o_status = STATUS_ERROR_LDAP_CONN;
+		RA::Debug(LL_PER_PDU, FN, "Authentication status=%d rc=%d", o_status,rc);
+		RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "", a_token_type);
+		r = false;
+		break;
+	case TPS_AUTH_ERROR_USERNOTFOUND:
+		RA::Error(FN, "Authentication failed. User not found");
+		o_status = STATUS_ERROR_LOGIN;
+		RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error",  "", a_token_type);
+		r = false;
+		break;
+	case TPS_AUTH_ERROR_PASSWORDINCORRECT:
+		RA::Error(FN, "Authentication failed. Password Incorrect");
+		o_status = STATUS_ERROR_LOGIN;
+		RA::Debug(LL_PER_PDU, FN, "Authentication status=%d rc=%d", o_status,rc);
+		RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "", a_token_type);
+		r = false;
+		break;
+	default:
+		RA::Error(FN, "Undefined LDAP Auth Error.");
+		r = false;
+		break;
+	}
+
+	return r;
+}
+
+/**
+ * Request Login info and user id from user, if necessary
+ * This call will allocate a new Login structure,
+ * and a char* for the user id. The caller is responsible
+ * for freeing this memory
+ * @return true of success, false if failure
+ */
+bool RA_Enroll_Processor::RequestUserId(
+			RA_Session * a_session,
+                        NameValueSet *a_extensions,
+			const char * a_configname, 
+			const char * a_tokenType, 
+			char *a_cuid,
+			AuthParams *& o_login, const char *&o_userid, RA_Status &o_status) 
+{
+
+	if (RA::GetConfigStore()->GetConfigAsBool(a_configname, 1)) {
+		if (a_extensions != NULL && 
+		    a_extensions->GetValue("extendedLoginRequest") != NULL) 
+                {
+                   // XXX - extendedLoginRequest
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+				"Extended Login Request detected");
+                   AuthenticationEntry *entry = GetAuthenticationEntry(
+			OP_PREFIX, a_configname, a_tokenType);
+                   char **params = NULL;
+                   char pb[1024];
+                   char *locale = NULL;
+		   if (a_extensions != NULL && 
+		       a_extensions->GetValue("locale") != NULL) 
+                   {
+                           locale = a_extensions->GetValue("locale");
+                   } else {
+                           locale = ( char * ) "en"; /* default to english */
+                   }
+                   int n = entry->GetAuthentication()->GetNumOfParamNames();
+                   if (n > 0) {
+                       RA::Debug("RA_Enroll_Processor::RequestUserId",
+				"Extended Login Request detected n=%d", n);
+                       params = (char **) PR_Malloc(n);
+                       for (int i = 0; i < n; i++) {
+                         sprintf(pb,"id=%s&name=%s&desc=%s&type=%s&option=%s",
+                             entry->GetAuthentication()->GetParamID(i),
+                             entry->GetAuthentication()->GetParamName(i, locale),
+                             entry->GetAuthentication()->GetParamDescription(i, locale),
+                             entry->GetAuthentication()->GetParamType(i),
+                             entry->GetAuthentication()->GetParamOption(i)
+                             );
+                         params[i] = PL_strdup(pb);
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", 
+				"params[i]=%s", params[i]);
+                       }
+                   }
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() locale=%s", locale);
+
+                   char *title = PL_strdup(entry->GetAuthentication()->GetTitle(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "title=%s", title);
+                   char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description);
+		   o_login = RequestExtendedLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description);
+
+                   if (params != NULL) {
+                       for (int nn=0; nn < n; nn++) {
+                           if (params[nn] != NULL) {
+                               PL_strfree(params[nn]);
+                               params[nn] = NULL;
+                           }
+                       }
+                       free(params);
+                       params = NULL;
+                   }
+
+                   if (title != NULL) {
+                       PL_strfree(title);
+                       title = NULL;
+                   }
+
+                   if (description != NULL) {
+                       PL_strfree(description);
+                       description = NULL;
+                   }
+
+		  if (o_login == NULL) {
+			RA::Error("RA_Enroll_Processor::Process", 
+					"login not provided");
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, 
+					"enrollment", "failure", "login not found", "", a_tokenType);
+			return false;
+		  }
+
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+	"Extended Login Request detected calling RequestExtendedLogin() login=%x", o_login);
+		  o_userid = PL_strdup( o_login->GetUID() );
+		  RA::Debug("RA_Enroll_Processor::Process", 
+				"userid = '%s'", o_userid);
+                } else {
+		  o_login = RequestLogin(a_session, 0 /* invalid_pw */, 0 /* blocked */);
+		  if (o_login == NULL) {
+			RA::Error("RA_Enroll_Processor::Process", 
+					"login not provided");
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, 
+					"enrollment", "failure", "login not found", o_userid, a_tokenType);
+			return false;
+		  }
+		  o_userid = PL_strdup( o_login->GetUID() );
+		  RA::Debug("RA_Enroll_Processor::Process", 
+				"userid = '%s'", o_userid);
+                }
+	}
+	return true;
+}
+
+/**
+ *  Authenticate the user with the configured authentication plugin
+ * @return true if authentication successful
+ */
+
+bool RA_Enroll_Processor::AuthenticateUser(
+			RA_Session * a_session,
+			const char * a_configname, 
+			char *a_cuid,
+			NameValueSet *a_extensions,
+			const char *a_tokenType,
+			AuthParams *& a_login, const char *&o_userid, RA_Status &o_status
+			)
+{
+	bool r=false;
+
+	RA::Debug("RA_Enroll_Processor::AuthenticateUser", "started");
+	if (RA::GetConfigStore()->GetConfigAsBool(a_configname, false)) {
+		if (a_login == NULL) {
+			RA::Error("RA_Enroll_Processor::AuthenticateUser", "Login Request Disabled. Authentication failed.");
+			o_status = STATUS_ERROR_LOGIN;
+			goto loser;
+		}
+
+		RA::Debug("RA_Enroll_Processor::AuthenticateUser",
+				"Authentication enabled");
+		char configname[256];
+		PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, a_tokenType);
+		const char *authid = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (authid == NULL) {
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "login not found", "", a_tokenType);
+			goto loser;
+		}
+		AuthenticationEntry *auth = RA::GetAuth(authid);
+
+		if (auth == NULL) {
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "", a_tokenType);
+			goto loser;
+		}
+
+		StatusUpdate(a_session, a_extensions, 2, "PROGRESS_START_AUTHENTICATION");
+
+		char *type = auth->GetType();
+		if (type == NULL) {
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication is missing param type", "", a_tokenType);
+			r = false;
+			goto loser;
+		}
+
+		if (strcmp(type, "LDAP_Authentication") == 0) {
+	                RA::Debug("RA_Enroll_Processor::AuthenticateUser", "LDAP started");
+			r = AuthenticateUserLDAP(a_session, a_extensions, a_cuid, auth, a_login, o_status, a_tokenType);
+			o_status = STATUS_ERROR_LOGIN;
+			goto loser;
+		} else {
+			RA::Error("RA_Enroll_Processor::AuthenticateUser", "No Authentication type was found.");
+			o_status = STATUS_ERROR_LOGIN;
+			RA::tdb_activity(a_session->GetRemoteIP(), a_cuid, "enrollment", "failure", "authentication error", "", a_tokenType);
+			r = false;
+			goto loser;
+		}
+	} else {
+		r = true;
+		RA::Debug("RA_Enroll_Processor::AuthenticateUser",
+				"Authentication has been disabled.");
+	}
+	loser:
+		return r;
+}
+
+
+
+
+    /**
+     * Checks if the token has the required key version.
+	 * If not, we can swap out the keys on the token with another
+     * set of keys
+     */
+
+/* XXX AID's should be member variables */
+bool RA_Enroll_Processor::CheckAndUpgradeSymKeys(
+	//RA_Session * a_session,
+	//NameValueSet *a_extensions,
+	//const char * a_configname, 
+	//char *a_cuid,
+	RA_Session *a_session,
+	NameValueSet* a_extensions,
+	char *a_cuid,
+	const char *a_tokenType,
+	char *a_msn,
+        const char *a_applet_version,
+        const char *a_userid,
+        const char *a_key_version,
+	Buffer *a_cardmanagerAID,  /* in */
+	Buffer *a_appletAID,       /* in */
+    Secure_Channel *&o_channel,  /* out */
+	RA_Status &o_status          /* out */
+	)
+{
+	char *FN = ( char * ) "RA_EnrollProcessor::CheckAndUpgradeSymKeys";
+	char configname[256];
+	const char *connid = NULL;
+	const char *tksid = NULL;
+	int rc;
+	bool r = false;
+	Buffer key_data_set;
+        char audit_msg[512] = "";
+
+	// the TKS is responsible for doing much of the symmetric keys update
+	// so lets find which TKS we're talking about TKS now.
+	PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, a_tokenType);
+	tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+	PR_snprintf((char *)configname, 256,"%s.%s.update.symmetricKeys.enable", OP_PREFIX, a_tokenType);
+
+	RA::Debug(FN, "Symmetric Keys %s", configname);
+
+	if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+
+		RA::Debug(LL_PER_CONNECTION, FN, 
+			"tokenType=%s configured to update symmetric keys", a_tokenType);
+
+		// the requiredVersion config parameter indicates what key version
+		// the token should have before further operations. If the token
+		// has an older version, we try to change it.
+		PR_snprintf((char *)configname, 256, 
+			"%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, a_tokenType);
+
+		int requiredV = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+
+		// If there was a secure channel set up, let's clear it out
+		if( o_channel != NULL ) {
+			delete o_channel;
+			o_channel = NULL;
+		}
+		// try to make a secure channel with the 'requiredVersion' keys
+		// If this fails, we know we will have to attempt an upgrade
+		// of the keys
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+		o_channel = SetupSecureChannel(a_session, 
+				requiredV,
+				defKeyIndex  /* default key index */, tksid);
+
+		// If that failed, we need to find out what version of keys 
+		// are on the token
+		if (o_channel != NULL) {
+          r = true;
+        } else {
+			/**
+			 * Select Card Manager for Put Key operation.
+			 */
+			SelectApplet(a_session, 0x04, 0x00, a_cardmanagerAID);
+			/* if the key of the required version is
+			 * not found, create them.
+			 */ 
+			//  This sends a InitializeUpdate request to the token.
+			//  We tell the token to use whatever it thinks is the
+			//  default key version (0). It will return the version
+			//  of the key it actually used later. (This is accessed
+			//  with GetKeyInfoData below)
+			//  [ Note: This is not explained very well in the manual
+			//    The token can have multiple sets of symmetric keys
+			//    Each set is given a version number, which I think is
+			//    better thought of as a SLOT. One key slot is populated
+			//    with a set of keys when the token is manufactured.
+			//    This is then designated as the default key set version.
+			//    Later, we will write a new key set with PutKey, and
+			//    set it to be the new default]
+        PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+        int defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+			o_channel = SetupSecureChannel(a_session, 
+					defKeyVer,  /* default key version */
+					defKeyIndex  /* default key index */, tksid);
+
+			if (o_channel == NULL) {
+                                PR_snprintf(audit_msg, 512, "enrollment processing, failed to create secure channel"); 
+
+				RA::Error(FN, "failed to establish secure channel");
+				o_status = STATUS_ERROR_SECURE_CHANNEL;		 
+				goto loser;
+			}
+
+			/* Complete the secure channel handshake */
+			/* XXX need real enumeration of error codes here */
+			rc = o_channel->ExternalAuthenticate();
+			if (rc != 1) {
+				RA::Error(FN, "External authentication in secure channel failed");
+				o_status = STATUS_ERROR_EXTERNAL_AUTH;
+				/* XXX should print out error codes */
+                                PR_snprintf(audit_msg, 512, "enrollment processing, external authentication error"); 
+				goto loser;
+			}
+
+			// Assemble the Buffer with the version information
+			// The second byte is the key offset, which is always 1
+			BYTE nv[2] = { requiredV, 0x01 };
+			Buffer newVersion(nv, 2);
+
+			// GetKeyInfoData will return a buffer which is bytes 11,12 of
+			// the data structure on page 89 of Cyberflex Access Programmer's
+			// Guide
+			// Byte 0 is the key set version.
+			// Byte 1 is the index into that key set
+			Buffer curKeyInfo = o_channel->GetKeyInfoData();
+
+
+			// This code makes a call to the TKS to get a new key set for
+			// the token. The new key set data is written to the Buffer
+			// key_data_set.
+			PR_snprintf((char *)configname, 256,"%s.%s.tks.conn", OP_PREFIX, a_tokenType);
+			connid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+			rc = CreateKeySetData(
+					o_channel->GetKeyDiversificationData(), 
+					curKeyInfo,
+					newVersion,
+					key_data_set, connid);
+			if (rc != 1) {
+				RA::Error(FN, "failed to create new key set");
+				o_status = STATUS_ERROR_CREATE_CARDMGR;
+                                PR_snprintf(audit_msg, 512, "enrollment processing, create card key error"); 
+				goto loser;
+			}
+
+			StatusUpdate(a_session, a_extensions, 13, "PROGRESS_PUT_KEY");
+
+			// sends a PutKey PDU with the new key set to change the
+			// keys on the token
+			BYTE curVersion = ((BYTE*)curKeyInfo)[0];
+			BYTE curIndex = ((BYTE*)curKeyInfo)[1];
+			rc = o_channel->PutKeys(a_session, 
+					curVersion, 
+					curIndex,
+					&key_data_set);
+
+                        if (rc!=0) {
+                            RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
+                              a_userid, a_cuid, a_msn, "Failure", "enrollment",
+                              a_applet_version, curVersion, ((BYTE*)newVersion)[0],
+                              "key changeover");
+
+                            if ((a_cuid != NULL) && (a_tokenType != NULL)) {
+                                RA::tdb_activity(a_session->GetRemoteIP(),
+                                    a_cuid,
+                                    "enrollment",
+                                    "failure",
+                                    "key changeover failed",
+                                    a_userid != NULL? a_userid : "",
+                                    a_tokenType);
+                            }
+                            goto loser;
+                        } else {
+                            RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
+                              a_userid, a_cuid, a_msn, "Success", "enrollment",
+                              a_applet_version, curVersion, ((BYTE*)newVersion)[0],
+                              "key changeover");
+                        }
+
+			/**
+			 * Re-select the Applet.
+			 */
+			SelectApplet(a_session, 0x04, 0x00, a_appletAID);
+			if( o_channel != NULL ) {
+				delete o_channel;
+				o_channel = NULL;
+			}
+
+			// Make a new secure channel with the new symmetric keys
+			o_channel = SetupSecureChannel(a_session, requiredV,
+					defKeyIndex  /* default key index */, tksid);
+			if (o_channel == NULL) {
+				RA::Error(FN, "failed to establish secure channel after reselect");
+				o_status = STATUS_ERROR_CREATE_CARDMGR;
+                                PR_snprintf(audit_msg, 512, "enrollment processing, secure channel setup error after reselect"); 
+				goto loser;
+			} else {
+				RA::Debug(FN, "Key Upgrade has completed successfully.");
+				r = true;  // Success!!
+
+                                RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+                                  a_userid, a_cuid, a_msn, "success", "enrollment", a_applet_version, 
+                                  ((BYTE*)newVersion)[0], "enrollment processing, key upgrade completed");
+			}
+
+		}
+	} else {
+
+		RA::Debug(FN, "Key Upgrade has been disabled.");
+
+		if( o_channel != NULL ) {
+			delete o_channel;
+			o_channel = NULL;
+		}
+        PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+        int defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+		o_channel = SetupSecureChannel(a_session, 
+				defKeyVer,
+				defKeyIndex  /* default key index */, tksid);
+		r = true;	  // Sucess!!
+                RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+                  a_userid, a_cuid, a_msn, "success", "enrollment", a_applet_version, 
+                  a_key_version != NULL? a_key_version: "", 
+                  "enrollment processing, key upgrade disabled");
+	}
+loser:
+    if (strlen(audit_msg) > 0) { // a failure occurred
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+          a_userid != NULL ? a_userid : "",
+          a_cuid != NULL ? a_cuid : "",
+          a_msn != NULL ? a_msn : "",
+          "failure",
+          "enrollment",
+          a_applet_version != NULL ? a_applet_version : "",
+          a_key_version != NULL? a_key_version : "", 
+          audit_msg);
+
+        if ((a_cuid != NULL) && (a_tokenType != NULL)) {
+            RA::tdb_activity(a_session->GetRemoteIP(),
+                a_cuid,
+                "enrollment",
+                "failure",
+                audit_msg,
+                a_userid != NULL? a_userid : "",
+                a_tokenType);
+        }
+    }
+
+    return r;
+}
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Enroll_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    char *FN = ( char * ) "RA_Enroll_Processor::Process";
+    char configname[256];
+    char *cuid = NULL;
+    char *msn = NULL;
+    PRIntervalTime start, end;
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    Secure_Channel *channel = NULL;
+    Buffer kdd;
+    AuthParams *login = NULL;
+    char *new_pin = NULL;
+#define PLAINTEXT_CHALLENGE_SIZE 16
+#define WRAPPED_CHALLENGE_SIZE 16
+    Buffer *plaintext_challenge = 
+        new Buffer(PLAINTEXT_CHALLENGE_SIZE, (BYTE)0);
+    Buffer *wrapped_challenge = new Buffer(WRAPPED_CHALLENGE_SIZE, (BYTE)0);
+    Buffer *key_check = new Buffer(0, (BYTE)0);
+    const char *tokenType = NULL;
+
+    //SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+    BYTE major_version = 0x0;
+    BYTE minor_version = 0x0;
+    BYTE app_major_version = 0x0;
+    BYTE app_minor_version = 0x0;
+    int isPinPresent = 0;
+    Buffer *object = NULL;
+    int seq = 0x00;
+    unsigned long lastFormatVersion = 0x00;
+    unsigned long lastObjectVersion = 0x00;
+    int foundLastObjectVersion = 0;
+    int pkcs11obj_enable = 0;
+    int compress = 0;
+    NameValueSet nv;
+    int o_certNums = 0;
+
+    CertEnroll *certEnroll = NULL;
+
+    Buffer *token_status = NULL;
+    char* appletVersion = NULL;
+    char *final_applet_version = NULL;
+
+    char *keyVersion = PL_strdup( "" );
+    const char *userid = PL_strdup( "" );
+    char *token_state = PL_strdup("inactive");
+    char *khex = NULL;
+
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    const char *connid = NULL;
+    const char *tksid = NULL;
+    const char *authid = NULL;
+    PKCS11Obj *pkcs11objx = NULL;
+    Buffer labelBuffer;
+    char activity_msg[4096];
+    char audit_msg[512] = ""; 
+
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		   RA::CFG_APPLET_CARDMGR_INSTANCE_AID, 
+		   RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_NETKEY_INSTANCE_AID, 
+		    RA::CFG_DEF_NETKEY_INSTANCE_AID);
+    Buffer token_cuid;
+    int maxRetries = 3;
+    const char *pattern = NULL;
+    char *label = NULL;
+    CERTCertificate **certificates = NULL;
+    char **ktypes = NULL;
+    char **origins = NULL;
+    char **tokenTypes = NULL;
+    char *tokentype = NULL;
+    char *profile_state = NULL;
+	RA_Status st;
+    bool renewed = false;
+    bool do_force_format = false;
+
+    RA::Debug("RA_Enroll_Processor::Process", "Client %s", 
+                      session->GetRemoteIP());
+    RA::Debug(LL_PER_PDU, FN, "Begin enroll process");
+
+    // XXX need to validate all user input (convert to 'string' types)
+    // to ensure that no buffer overruns
+    start = PR_IntervalNow();
+
+    /* Get the card serial number */
+    if (!GetCardManagerAppletInfo(session, CardManagerAID, st, msn, cuid, token_cuid)) goto loser;
+
+    /* Get the applet version information */
+    if (!GetAppletInfo(session, NetKeyAID, 
+        /*by ref*/ major_version, minor_version, 
+        app_major_version, app_minor_version )) goto loser;
+
+    if (!GetTokenType(OP_PREFIX, major_version, minor_version, 
+            cuid, msn, extensions,
+            status, tokenType)) { /* last two are 'out' params */
+        /* ADE figure out what to do here for this line*/
+        // RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "token type not found", "");
+        goto loser;
+    }
+
+    // check if profile is enabled here
+    PR_snprintf((char *)configname, 256, "config.Profiles.%s.state", tokenType);
+    profile_state = (char *) RA::GetConfigStore()->GetConfigAsString(configname);
+    if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) {
+         RA::Error(FN, "Profile %s Disabled for CUID %s", tokenType, cuid);
+         status =  STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+         PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType);
+         goto loser;
+    }
+
+    if (RA::ra_is_token_present(cuid)) {
+        RA::Debug(FN, "Found token %s", cuid);
+        if (RA::ra_is_tus_db_entry_disabled(cuid)) {
+            RA::Error(FN, "CUID %s Disabled", cuid);
+            status = STATUS_ERROR_DISABLED_TOKEN;
+            PR_snprintf(audit_msg, 512, "token disabled");
+            goto loser;
+        }
+
+        // at this point, token is either active or uninitialized (formatted)
+        // or the adminstrator has called for a force format.
+
+        do_force_format = RA::ra_force_token_format(cuid);
+
+        RA::Debug("RA_Enroll_Processor::Process","force format flag %d", do_force_format);
+
+        if (!RA::ra_allow_token_reenroll(cuid) &&
+            !RA::ra_allow_token_renew(cuid) &&
+            !do_force_format) {
+            RA::Error(FN, "CUID %s Re-Enrolled Disallowed", cuid);
+            status = STATUS_ERROR_DISABLED_TOKEN;
+            PR_snprintf(audit_msg, 512, "token re-enrollment or renewal disallowed");
+            goto loser;
+        }
+    } else {
+        RA::Debug(FN, "Not Found token %s", cuid);
+        // This is a new token. We need to check our policy to see
+        // if we should allow enrollment. raidzilla #57414
+        PR_snprintf((char *)configname, 256, "%s.allowUnknownToken", 
+            OP_PREFIX);
+        if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+            RA::Error(FN, "CUID %s Enroll Unknown Token", cuid);
+            status = STATUS_ERROR_DISABLED_TOKEN;
+            PR_snprintf(audit_msg, 512, "unknown token disallowed");
+            goto loser;
+        }
+    }
+
+    RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+        userid != NULL ? userid : "",
+        cuid != NULL ? cuid : "",
+        msn != NULL ? msn : "",
+        "success",
+        "enrollment",
+        final_applet_version != NULL ? final_applet_version : "",
+        keyVersion != NULL ? keyVersion : "",
+        "token enabled");
+
+
+    /* XXX - this comment does not belong here
+     *
+     * This is very risky to call initialize and then
+     * external authenticate later on.
+     * The token will be locked if no external authenticate
+     * follows the initialize update.
+     */
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", 
+		    OP_PREFIX, tokenType);
+    tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (tksid == NULL) {
+        RA::Error(FN, "TKS Connection Parameter %s Not Found", configname);
+        status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+        PR_snprintf(audit_msg, 512, "token type TKS connection parameter not found");
+        goto loser;
+    }
+
+	/* figure some more information about the applet version */
+	/* XXX should probably move this further down, since the results
+       of this function aren't used til much later */
+	if (!FormatAppletVersionInfo(session, tokenType, cuid,
+		app_major_version, app_minor_version,
+		status,
+		final_applet_version /*out */)) { 
+            PR_snprintf(audit_msg, 512, "FormatAppletVersionInfo error");
+            goto loser;
+        }
+
+	PR_snprintf((char *)configname, 256, "%s.%s.loginRequest.enable", OP_PREFIX, tokenType);
+	if (!RequestUserId(session, extensions, configname, tokenType, cuid, login, userid, status)){
+                PR_snprintf(audit_msg, 512, "RequestUserId error");
+		goto loser;
+	}
+    
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.enable", OP_PREFIX, tokenType);
+
+	if (!AuthenticateUser(session, configname, cuid, extensions, 
+				tokenType, login, userid, status)){
+                PR_snprintf(audit_msg, 512, "AuthenticateUser error");
+		goto loser;
+	}
+
+    RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+        userid != NULL ? userid : "",
+        cuid != NULL ? cuid : "",
+        msn != NULL ? msn : "",
+        "success",
+        "enrollment",
+        final_applet_version != NULL ? final_applet_version : "",
+        keyVersion != NULL ? keyVersion : "",
+        "token login successful");
+
+        // get authid for audit log
+        PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, tokenType);
+        authid = RA::GetConfigStore()->GetConfigAsString(configname);
+
+	StatusUpdate(session, extensions, 4, "PROGRESS_APPLET_UPGRADE");
+
+        if(do_force_format)  {
+            bool skip_auth = true;
+            if(Format(session,extensions,skip_auth) != STATUS_NO_ERROR )  {
+                    PR_snprintf(audit_msg,512, "ForceUpgradeApplet error");
+                    status = STATUS_ERROR_MAC_ENROLL_PDU; 
+                    goto loser;
+                } else {
+                    RA::Debug(LL_PER_CONNECTION, "RA_Enroll_Processor::Process",
+                              "after Successful ForceUpdgradeApplet, succeeded!");
+
+                    PR_snprintf(audit_msg,512, "ForceUpgradeApplet succeeded as per policy.");
+                   status = STATUS_NO_ERROR;
+                    goto loser;
+
+                }
+        }  else {
+            if (! CheckAndUpgradeApplet(
+		    session,
+		    extensions,
+		    cuid,
+		    tokenType,
+		    final_applet_version,
+		    app_major_version, app_minor_version,
+		    //appletVersion,
+		    NetKeyAID,
+               	    msn,
+            	    userid,
+		    status, 
+       		    &keyVersion)) {
+                PR_snprintf(audit_msg, 512, "CheckAndUpgradeApplet error");
+		goto loser;
+	      }
+      }
+
+      RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+        userid != NULL ? userid : "",
+        cuid != NULL ? cuid : "",
+        msn != NULL ? msn : "",
+        "success",
+        "enrollment",
+        final_applet_version != NULL ? final_applet_version : "",
+        keyVersion != NULL ? keyVersion : "",
+        "applet upgraded successfully");
+
+    isPinPresent = IsPinPresent(session, 0x0);
+
+	StatusUpdate(session, extensions, 12, "PROGRESS_KEY_UPGRADE");
+
+	if (!CheckAndUpgradeSymKeys(
+		session,
+		extensions,
+		cuid,
+		tokenType,
+		msn,
+                final_applet_version,
+                userid,
+                keyVersion,
+		CardManagerAID,
+		NetKeyAID,
+		channel,
+		status)) 
+	{
+                PR_snprintf(audit_msg, 512, "CheckAndUpgradeSymKeys error");
+		goto loser;
+	}
+		
+    /* we should have a good channel here */
+    if (channel == NULL) {
+            RA::Error(FN, "no good channel");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            PR_snprintf(audit_msg, 512, "secure channel setup error");
+            goto loser;
+    }
+
+    if (channel != NULL) {
+	if( keyVersion != NULL ) {
+		PR_Free( (char *) keyVersion );
+		keyVersion = NULL;
+	}
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+    
+	StatusUpdate(session, extensions, 14, "PROGRESS_TOKEN_AUTHENTICATION");
+
+    rc = channel->ExternalAuthenticate();
+    if (rc == -1) {
+      RA::Error(FN, "external authenticate failed");
+        status = STATUS_ERROR_CREATE_CARDMGR;
+        PR_snprintf(audit_msg, 512, "external authentication error");
+        goto loser;
+    }
+
+    RA::Debug(LL_PER_CONNECTION, FN, "after SetupSecureChannel, succeeded");
+
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+
+      PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.minLen", OP_PREFIX, tokenType);
+      unsigned int minlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 4);
+      PR_snprintf((char *)configname, 256,"%s.%s.pinReset.pin.maxLen", OP_PREFIX, tokenType);
+      unsigned int maxlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 10);
+     
+      new_pin = RequestNewPin(session, minlen, maxlen);
+      if (new_pin == NULL) {
+	RA::Error(FN, "new pin request failed");
+
+        status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+        PR_snprintf(audit_msg, 512, "new pin request error");
+        goto loser;
+      }
+      RA::Debug(LL_PER_CONNECTION, "RA_Enroll_Processor::Process",
+	      "after RequestNewPin, succeeded");
+
+    RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+        userid != NULL ? userid : "",
+        cuid != NULL ? cuid : "",
+        msn != NULL ? msn : "",
+        "success",
+        "enrollment",
+        final_applet_version != NULL ? final_applet_version : "",
+        keyVersion != NULL ? keyVersion : "",
+        "RequestNewPin completed successfully");
+
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+      if (!isPinPresent) {
+    	PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.maxRetries", OP_PREFIX, tokenType);
+	maxRetries = RA::GetConfigStore()->GetConfigAsInt(configname, 0x7f);
+        RA::Debug(LL_PER_CONNECTION, FN,
+	      "param=%s maxRetries=%d", configname, maxRetries);
+        rc = channel->CreatePin(0x0, 
+		maxRetries,
+		RA::GetConfigStore()->GetConfigAsString("create_pin.string", "password"));
+        if (rc == -1) {
+	    RA::Error("RA_Enroll_Processor::Process",
+		  "create pin failed");
+
+            status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+            PR_snprintf(audit_msg, 512, "create pin request error");
+            goto loser;
+        }
+
+
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+           userid != NULL ? userid : "",
+           cuid != NULL ? cuid : "",
+           msn != NULL ? msn : "",
+           "success",
+           "enrollment",
+           final_applet_version != NULL ? final_applet_version : "",
+           keyVersion != NULL ? keyVersion : "",
+           "CreatePin completed successfully");
+
+      }
+    }
+
+      rc = channel->ResetPin(0x0, new_pin);
+      if (rc == -1) {
+	  RA::Error("RA_Enroll_Processor::Process",
+		  "reset pin failed");
+
+          status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+          PR_snprintf(audit_msg, 512, "reset pin request error");
+          goto loser;
+      }
+
+      RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+        userid != NULL ? userid : "",
+        cuid != NULL ? cuid : "",
+        msn != NULL ? msn : "",
+        "success",
+        "enrollment",
+        final_applet_version != NULL ? final_applet_version : "",
+        keyVersion != NULL ? keyVersion : "",
+        "ResetPin completed successfully");
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	      "after ResetPin, succeeded");
+
+    // to help testing, we may use fix challenge
+    PR_snprintf((char *)configname, 256, "%s.%s.generateChallenge", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+      /* generate challenge for enrollment */
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	      "Generate Challenge");
+/*
+ random number generation moved to TKS
+      rc = Util::GetRandomChallenge(*plaintext_challenge);
+      if (rc == -1) {
+	RA::Error("RA_Enroll_Processor::Process",
+		  "random challenge creation failed");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "general challenge error", "", tokenType);
+        goto loser;
+      }
+*/
+
+    }
+    kdd =  channel->GetKeyDiversificationData();
+    khex = kdd.toHex();
+    RA::Debug("RA_Enroll_Processor::Process", "cuid=%s", khex);
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+    connid = RA::GetConfigStore()->GetConfigAsString(configname);
+    /* wrap challenge with KEK key */
+    rc = EncryptData(kdd,
+      channel->GetKeyInfoData(), *plaintext_challenge, *wrapped_challenge, connid);
+    if (rc == -1) {
+	RA::Error("RA_Enroll_Processor::Process",
+		  "encryt data failed");
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        PR_snprintf(audit_msg, 512, "challenge encryption error");
+        goto loser;
+    }
+    // read objects back
+    PR_snprintf((char *)configname, 256, "%s.%s.pkcs11obj.enable", 
+		    OP_PREFIX, tokenType);
+    pkcs11obj_enable = RA::GetConfigStore()->GetConfigAsBool(configname, 1);
+
+    if (pkcs11obj_enable) {
+      pkcs11objx = new PKCS11Obj();
+
+      // read old objects
+      seq = 0x00;
+      lastFormatVersion = 0x0100;
+      //      lastObjectVersion = 0;
+      if (getRandomNumber(&lastObjectVersion) != SECSuccess) {
+          RA::Error(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	    "Could not generate a random version number...assigning 0x00");
+          lastObjectVersion = 0x00;
+      } else {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+            "got random version numer: %ul", lastObjectVersion);
+      }
+
+      foundLastObjectVersion = 0;
+      do {
+        object = ListObjects(session, seq);
+	if (object == NULL) {
+		seq = 0;
+	} else {
+		seq = 1; // get next entry
+		Buffer objectID = object->substr(0, 4);
+		Buffer objectLen = object->substr(4, 4);
+		unsigned long objectIDVal = 
+			((((BYTE *)objectID)[0] << 24)) + 
+			((((BYTE *)objectID)[1] << 16)) + 
+			((((BYTE *)objectID)[2] << 8)) + 
+			((((BYTE *)objectID)[3]));
+		unsigned long objectLenVal = 
+			((((BYTE *)objectLen)[0] << 24)) + 
+			((((BYTE *)objectLen)[1] << 16)) + 
+			((((BYTE *)objectLen)[2] << 8)) + 
+			((((BYTE *)objectLen)[3]));
+
+		Buffer *o = channel->ReadObject((BYTE*)objectID, 0, 
+				(int)objectLenVal);
+        if (o == NULL) {
+          status = STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY;
+          PR_snprintf(audit_msg, 512, "error in creating token entry");
+          goto loser;
+        }
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                     "object read from token");
+
+		if (((unsigned char *)objectID)[0] == 'z' && 
+				((unsigned char *)objectID)[1] == '0') {
+			lastFormatVersion = (((BYTE*)*o)[0] << 8) + 
+					(((BYTE*)*o)[1]);
+			lastObjectVersion = (((BYTE*)*o)[2] << 8) + 
+					(((BYTE*)*o)[3]);
+      			foundLastObjectVersion = 1;
+
+			//
+			delete pkcs11objx;
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                     "parsing pkcs11obj read from token");
+			pkcs11objx = PKCS11Obj::Parse(o, 0);
+			seq = 0;
+		} else {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                     "new pkcs11obj");
+			ObjectSpec *objSpec = 
+				ObjectSpec::ParseFromTokenData(objectIDVal, o);
+			if (objSpec != NULL) {
+				pkcs11objx->AddObjectSpec(objSpec);
+			}
+		}
+
+		delete o; 
+		delete object;
+	}
+      } while (seq != 0);
+
+    }
+
+    rc = RA::tdb_add_token_entry((char *)userid, cuid, "uninitialized", tokenType);
+    if (rc == -1) {
+        status = STATUS_ERROR_CREATE_TUS_TOKEN_ENTRY;
+        PR_snprintf(audit_msg, 512, "error in creating uninitialized token entry");
+        goto loser;
+    }
+
+	StatusUpdate(session, extensions, 15, "PROGRESS_PROCESS_PROFILE");
+
+    tokentype = (char *)malloc(256 * sizeof(char)) ;
+    PL_strcpy(tokentype, tokenType);
+    /* generate signing key on netkey */
+    if (!GenerateCertsAfterRecoveryPolicy(login, session, origins, ktypes, tokentype, pkcs11objx, 
+      pkcs11obj_enable, extensions, channel, wrapped_challenge, 
+      key_check, plaintext_challenge, cuid, msn, final_applet_version, 
+      khex, userid, status, certificates, o_certNums, tokenTypes)) {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process"," - GenerateCertsAfterRecoveryPolicy returns false");
+        goto loser;
+    } else {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process"," - GenerateCertsAfterRecoveryPolicy returns true");
+        if (status == STATUS_NO_ERROR) {
+            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process"," - after GenerateCertsAfterRecoveryPolicy", "status is STATUS_NO_ERROR");
+            if (!GenerateCertificates(login, session, origins, ktypes, tokentype, pkcs11objx, 
+              pkcs11obj_enable, extensions, channel, wrapped_challenge, 
+              key_check, plaintext_challenge, cuid, msn, final_applet_version, 
+              khex, userid, status, certificates, o_certNums, tokenTypes)) {
+                RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process - after GenerateCertificates"," returns false might as well clean up token.");
+                bool skip_auth = true;
+                Format(session,extensions,skip_auth);
+                goto loser;
+            } else {
+                RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process - after GenerateCertificates"," returns true");
+            }
+        } else {
+            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process - after GenerateCertsAfterRecoveryPolicy", "status is %d", status);
+        }
+    }
+
+    if ((status == STATUS_ERROR_RENEWAL_IS_PROCESSED) &&
+            RA::ra_allow_token_renew(cuid)) {
+        renewed = true;
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "renewal happened.. "); 
+    }
+    
+    // read objects back
+    if (pkcs11obj_enable) {
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "pkcs11obj enabled"); 
+      pkcs11objx->SetFormatVersion(lastFormatVersion);
+      if (foundLastObjectVersion) {
+          while (lastObjectVersion == 0xff) {
+              if (getRandomNumber(&lastObjectVersion) != SECSuccess) {
+                  RA::Error(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                    "Encounter 0xff, could not generate a random version number...assigning 0x00");
+                  lastObjectVersion = 0x00;
+              } else {
+                  RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+                    "Encounter 0xff, got random version numer: %ul", lastObjectVersion);
+              }
+           }
+
+           pkcs11objx->SetObjectVersion(lastObjectVersion+1);
+      } else {
+      	pkcs11objx->SetObjectVersion(lastObjectVersion);
+      }
+      pkcs11objx->SetCUID(token_cuid);
+
+      /* add additional certificate objects */
+      PR_snprintf((char *)configname, 256, "%s.certificates.num", 
+		    OP_PREFIX);
+      int certNum = RA::GetConfigStore()->GetConfigAsInt(configname);
+      if (certNum > 0) {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "about to write certificate chain");
+      }
+      for (int i = 0; i < certNum; i++) {
+
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "root certificate #%d", i);
+
+        PR_snprintf((char *)configname, 256, "%s.certificates.value.%d", 
+		    OP_PREFIX, i);
+        char *certName = (char *)RA::GetConfigStore()->GetConfigAsString(configname);
+
+        /* retrieve certificate info */
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.nickName", 
+		    OP_PREFIX, certName);
+        char *certNickName = (char *)RA::GetConfigStore()->GetConfigAsString(configname);
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.certId", 
+		    OP_PREFIX, certName);
+        char *certId = (char *)
+          RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+
+/*
+op.enroll.certificates.num=1
+op.enroll.certificates.value.0=caCert
+op.enroll.certificates.caCert.nickName=caCert0 fpki-tps
+op.enroll.certificates.caCert.certId=C5
+op.enroll.certificates.caCert.certAttrId=c5
+op.enroll.certificates.caCert.label=caCert Label
+ */
+
+        /* retrieve certificate */
+        CERTCertificate *cert = CERT_FindCertByNickname(
+                CERT_GetDefaultCertDB(), certNickName);
+
+        if (cert == NULL) {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Cannot find certificate %s", certNickName);
+        } else {
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Found certificate %s", certNickName);
+
+          /* add certificate to z object */
+          Buffer *certBuf = new Buffer((BYTE*)cert->derCert.data, 
+                        (unsigned int)cert->derCert.len);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Certificate buffer created");
+	      ObjectSpec *objSpec = ObjectSpec::ParseFromTokenData(
+				(certId[0] << 24) +
+				(certId[1] << 16), certBuf);
+	      pkcs11objx->AddObjectSpec(objSpec);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Certificate object Added to PKCS11 Object");
+
+          /* add PK11 attributes */
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.label", 
+		    OP_PREFIX, certName);
+        char *certLabel = (char *)RA::GetConfigStore()->GetConfigAsString(configname);
+        PR_snprintf((char *)configname, 256, "%s.certificates.%s.certAttrId", 
+		    OP_PREFIX, certName);
+        char *certAttrId = (char *)
+          RA::GetConfigStore()->GetConfigAsString(configname, "c0");
+
+          Buffer *keyid = NULL;
+          if (cert->subjectKeyID.data != NULL) {
+            keyid = new Buffer((BYTE*)cert->subjectKeyID.data,
+                                    (unsigned int)cert->subjectKeyID.len);
+          } else {
+            SECItem *pubKeyData = PK11_GetPubIndexKeyID(cert) ;
+            SECItem *tmpitem = PK11_MakeIDFromPubKey(pubKeyData);
+            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Got Key ID");
+         
+             
+            keyid = new Buffer((BYTE*)tmpitem->data, 
+                                         (unsigned int)tmpitem->len);
+          }
+
+          Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+                   KEY_TYPE_ENCRYPTION /* not being used */, 
+                   certAttrId, certLabel, keyid);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Created buffer for PKCS11 cert attributes");
+	      objSpec = ObjectSpec::ParseFromTokenData(
+							   (certAttrId[0] << 24) +
+							   (certAttrId[1] << 16),
+							   &b);
+	      pkcs11objx->AddObjectSpec(objSpec);
+          RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", 
+              "Added PKCS11 certificate attribute");
+        }
+      }
+      
+      // build label
+      PR_snprintf((char *)configname, 256, "%s.%s.keyGen.tokenName", 
+		    OP_PREFIX, tokentype);
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "tokenName '%s'",
+		   configname);
+      pattern = RA::GetConfigStore()->GetConfigAsString(configname, "$cuid$");
+      nv.Add("cuid", cuid);
+      nv.Add("msn", msn);
+      nv.Add("userid", userid);
+      nv.Add("profileId", tokenType);
+
+      /* populate auth parameters output to nv also */
+      /* so we can reference to the auth parameter by */
+      /* using $auth.cn$, or $auth.mail$ */
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Check login");
+      if (login != NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Found login");
+        int s = login->Size();
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "login size=%d", s);
+        for (int x = 0; x < s; x++) {
+           char namebuf[2048];
+           char *name = login->GetNameAt(x);
+           sprintf(namebuf, "auth.%s", name);
+           if (strcmp(name,"PASSWORD") != 0) {
+             RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Exposed %s=%s", namebuf, login->GetValue(name));
+           }
+           nv.Add(namebuf, login->GetValue(name));
+        }
+      }
+      label = MapPattern(&nv, (char *) pattern);
+      RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "labelName '%s'",
+		   label);
+      labelBuffer = Buffer((BYTE*)label, strlen(label));
+      pkcs11objx->SetTokenName(labelBuffer); 
+
+      // write PKCS11 Obj
+      BYTE objid[4];
+
+      objid[0] = 'z';
+      objid[1] = '0';
+      objid[2] = 0;
+      objid[3] = 0;
+      Buffer xb;
+
+      PR_snprintf((char *)configname, 256, "%s.%s.pkcs11obj.compress.enable", 
+		    OP_PREFIX, tokentype);
+      compress = RA::GetConfigStore()->GetConfigAsBool(configname, 1);
+
+      if (compress) {
+      	xb = pkcs11objx->GetCompressedData(); 
+        RA::Debug("RA_Enroll_Processor::Process PKCSData", "Compressed Data");
+      } else {
+      	xb = pkcs11objx->GetData(); 
+        RA::Debug("RA_Enroll_Processor::Process PKCSData", "Uncompressed Data");
+      }
+      RA::DebugBuffer("RA_Enroll_Processor::Process PKCSData", "PKCS Data=", &xb);
+
+
+      if(xb.size() == 0)  {
+          status = STATUS_ERROR_MAC_ENROLL_PDU;
+          RA::Debug("RA_Enroll_Processor::Failure to get token object!"," failed");
+          PR_snprintf(audit_msg, 512, "channel createObject failed");
+          goto loser;
+      }
+
+      if((int) xb.size() > totalAvailableMemory) {
+          status = STATUS_ERROR_MAC_ENROLL_PDU;
+          RA::Debug("RA_Enroll_Processor::Failure pkcs11 object may exceed applet memory"," failed");
+          PR_snprintf(audit_msg, 512, "Applet memory exceeded when writing out final token data");
+          bool skip_auth = true;
+          if(!renewed) { //Renewal should leave what they have on the token.
+          	Format(session,extensions,skip_auth);
+          }
+          goto loser;
+      }
+
+	BYTE perms[6];
+
+	perms[0] = 0xff;
+	perms[1] = 0xff;
+	perms[2] = 0x40;
+	perms[3] = 0x00;
+	perms[4] = 0x40;
+	perms[5] = 0x00;
+
+	if (channel->CreateObject(objid, perms, xb.size()) != 1) {
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+          RA::Debug("RA_Enroll_Processor::channel createObject"," failed");
+          PR_snprintf(audit_msg, 512, "channel createObject failed");
+	  goto loser;
+	}
+      //      channel->CreateObject(objid, xb.size());
+	if (channel->WriteObject(objid, (BYTE*)xb, xb.size()) != 1) {
+	  status = STATUS_ERROR_MAC_ENROLL_PDU;
+          RA::Debug("RA_Enroll_Processor::channel writeObject"," failed");
+          PR_snprintf(audit_msg, 512, "channel writeObject failed");
+	  goto loser;
+	}
+    }
+
+	StatusUpdate(session, extensions, 90, "PROGRESS_SET_LIFE_CYCLE_STATE");
+    
+    // add issuer info to the token
+    PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.enable",
+          OP_PREFIX, tokenType);
+    RA::Debug("RA_Enroll_Processor", "Getting %s", configname);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+        if (channel != NULL) {
+            char issuer[224];
+            for (int i = 0; i < 224; i++) {
+              issuer[i] = 0;
+            }
+            PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.value",
+               OP_PREFIX, tokenType);
+            char *issuer_val = (char*)RA::GetConfigStore()->GetConfigAsString(
+                                   configname);
+            RA::Debug("RA_Enroll_Processor", 
+              "Before pattern substitution mapping is %s", issuer_val);
+            issuer_val = MapPattern(&nv, (char *) issuer_val);
+            RA::Debug("RA_Enroll_Processor", 
+              "After pattern substitution mapping is %s", issuer_val);
+            sprintf(issuer, "%s", issuer_val);
+            RA::Debug("RA_Enroll_Processor", "Set Issuer Info %s", issuer_val);
+            Buffer *info = new Buffer((BYTE*)issuer, 224);
+            rc = channel->SetIssuerInfo(info);
+      
+            if (info != NULL) {
+                delete info;
+                info = NULL;
+            }
+        }
+    }
+    /* write lifecycle bit */
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "Set Lifecycle State");
+    rc = channel->SetLifecycleState(0x0f);
+    if (rc == -1) {
+        RA::Error("RA_Enroll_Processor::Process",
+		"Set life cycle state failed");
+        status = STATUS_ERROR_MAC_LIFESTYLE_PDU;
+        PR_snprintf(audit_msg, 512, "set life cycle state error");
+        goto loser;
+    }
+
+    rc = channel->Close();
+    if (rc == -1) {
+        RA::Error("RA_Enroll_Processor::Process",
+		"Failed to close channel");
+        status = STATUS_ERROR_CONNECTION;
+        PR_snprintf(audit_msg, 512, "channel not closed");
+        goto loser;
+    }
+    
+	StatusUpdate(session, extensions, 100, "PROGRESS_DONE");
+
+    status = STATUS_NO_ERROR;
+
+    sprintf(activity_msg, "applet_version=%s tokenType=%s userid=%s", 
+           final_applet_version, tokentype, userid);
+
+    if (renewed) {
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "renewal", "success", activity_msg, userid, tokenType);
+    } else {
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "success", activity_msg, userid, tokenType);
+    }
+    RA::tdb_update((char *)userid, cuid, (char *)final_applet_version, (char *)keyVersion, "active", "", tokenType);
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "after tdb_update()");
+
+    RA::tdb_update_certificates(cuid, tokenTypes, (char*)userid, certificates, ktypes, origins, o_certNums);
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "after tdb_update_certificates()");
+
+    rc = 1;
+
+    end = PR_IntervalNow();
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "after end");
+
+    /* audit log for successful enrollment */
+    if (renewed) { 
+        if (authid != NULL) { 
+            PR_snprintf(activity_msg, 4096, "renewal processing completed, authid = %s", authid);
+        } else {
+            PR_snprintf(activity_msg, 4096, "renewal processing completed");
+        }
+        RA::Audit(EV_RENEWAL, AUDIT_MSG_PROC,
+          userid, cuid, msn, "success", "renewal", final_applet_version, keyVersion, activity_msg);
+    } else { 
+        if (authid != NULL) { 
+            PR_snprintf(activity_msg, 4096, "enrollment processing completed, authid = %s", authid);
+        } else {
+            PR_snprintf(activity_msg, 4096, "enrollment processing completed");
+        }
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+          userid, cuid, msn, "success", "enrollment", final_applet_version, keyVersion, activity_msg);
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "after audit, o_certNums=%d",o_certNums);
+
+loser:
+
+    if (strlen(audit_msg) > 0) { // a failure occurred
+        if (renewed) { 
+            RA::Audit(EV_RENEWAL, AUDIT_MSG_PROC,
+              userid != NULL ? userid : "", 
+              cuid != NULL ? cuid : "", 
+              msn != NULL ? msn : "", 
+              "failure", 
+              "renewal", 
+              final_applet_version != NULL ? final_applet_version : "", 
+              keyVersion != NULL ? keyVersion : "", 
+              audit_msg);
+
+            if ((cuid != NULL) && (tokenType != NULL)) {
+                RA::tdb_activity(session->GetRemoteIP(),
+                    cuid, 
+                    "renewal", 
+                    "failure",
+                    audit_msg, 
+                    userid != NULL? userid : "", 
+                    tokenType);
+            }
+        } else { 
+            RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+              userid != NULL ? userid : "", 
+              cuid != NULL ? cuid : "", 
+              msn != NULL ? msn : "", 
+              "failure", 
+              "enrollment", 
+              final_applet_version != NULL ? final_applet_version : "", 
+              keyVersion != NULL ? keyVersion : "", 
+              audit_msg);
+
+            if ((cuid != NULL) && (tokenType != NULL)) {
+                RA::tdb_activity(session->GetRemoteIP(),
+                    cuid, 
+                    "enrollment", 
+                    "failure",
+                    audit_msg, 
+                    userid != NULL? userid : "", 
+                    tokenType);
+            }
+        }
+    }
+
+    if (tokenTypes != NULL) {
+        for (int nn=0; nn<o_certNums; nn++) {
+            if (tokenTypes[nn] != NULL)
+                PL_strfree(tokenTypes[nn]);
+            tokenTypes[nn] = NULL;
+        }
+        free(tokenTypes);
+        tokenTypes = NULL;
+    }
+    if (certificates != NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "before CERT_DestroyCertificate.  certNums=%d", o_certNums);
+        for (int i=0;i < o_certNums; i++) {
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "CERT_DestroyCertificate:  i=%d", i);
+            if (certificates[i] != NULL) {
+                   CERT_DestroyCertificate(certificates[i]);
+            }
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "CERT_DestroyCertificate:  i=%i done", i);
+        }
+        free(certificates);
+        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "after CERT_DestroyCertificate");
+    }
+
+    if( certEnroll != NULL ) {
+        delete certEnroll;
+        certEnroll = NULL;
+    }
+
+    if (ktypes != NULL) {
+       for (int nn=0; nn < o_certNums; nn++) {
+           if (ktypes[nn] != NULL)
+               PL_strfree(ktypes[nn]);
+           ktypes[nn] = NULL;
+       } 
+       free(ktypes);
+       ktypes = NULL;
+    }
+
+    if (origins != NULL) {
+       for (int nn=0; nn < o_certNums; nn++) {
+           if (origins[nn] != NULL)
+               PL_strfree(origins[nn]);
+           origins[nn] = NULL;
+       }
+       free(origins);
+       origins = NULL;
+    }
+
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+
+    if( NetKeyAID != NULL ) {
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+
+    if( login != NULL ) {
+        delete login;
+        login = NULL;
+    }
+
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+
+    if( new_pin != NULL ) {
+        PL_strfree( new_pin );
+        new_pin = NULL;
+    }
+
+    if( key_check != NULL ) {
+        delete key_check;
+        key_check = NULL;
+    }
+
+    if( wrapped_challenge != NULL ) {
+        delete wrapped_challenge;
+        wrapped_challenge = NULL;
+    }
+
+    if( plaintext_challenge != NULL ) {
+        delete plaintext_challenge;
+        plaintext_challenge = NULL;
+    }
+
+    if( token_status != NULL ) {
+        delete token_status;
+        token_status = NULL;
+    }
+    
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+ 
+    if( appletVersion != NULL ) {
+        PR_Free( (char *) appletVersion );
+        appletVersion = NULL;
+    }
+    if( khex != NULL ) {
+        PR_Free( khex );
+        khex = NULL;
+    }
+    if( keyVersion != NULL ) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+    if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+    }
+    if (token_state != NULL) {
+        PR_Free((char *)token_state);
+        token_state = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( cuid );
+        cuid = NULL;
+    }
+    if( msn != NULL ) {
+        PR_Free( msn );
+        msn = NULL;
+    }
+    if( label != NULL ) {
+        PL_strfree( (char *) label );
+        label = NULL;
+    }
+    if (tokentype != NULL) {
+      PR_Free(tokentype);
+    }
+    if (pkcs11objx != NULL) {
+      delete pkcs11objx;
+    }
+
+#ifdef   MEM_PROFILING     
+            MEM_dump_unfree();
+#endif
+
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process", "returning status");
+    return status;
+}
+
+
+bool RA_Enroll_Processor::GenerateCertificates(AuthParams *login, RA_Session *session, char **&origins, char **&ktypes, 
+  char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable, 
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid, RA_Status &o_status, 
+  CERTCertificate **&certificates, int &o_certNums, char **&tokenTypes) {
+
+    bool noFailedCerts = true;
+    bool r=true;
+    int keyTypeNum = 0;
+    int i = 0;
+    char configname[256];
+	const char *FN = "RA_Enroll_Processor::GenerateCertificates";
+    RA_Status lastErrorStatus = STATUS_NO_ERROR;
+
+
+    RA::Debug(LL_PER_CONNECTION,FN, "tokenType=%s", tokenType); 
+    PR_snprintf((char *)configname, 256, "%s.%s.keyGen.keyType.num", OP_PREFIX, tokenType);
+    keyTypeNum = RA::GetConfigStore()->GetConfigAsInt(configname);
+    if (keyTypeNum == 0) {
+        r = false;
+        RA::Error(LL_PER_CONNECTION,FN,
+                        "Profile parameters are not found");
+        o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        goto loser; 
+    }
+
+    ktypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+    origins = (char **) malloc (sizeof(char *) * keyTypeNum);
+    tokenTypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+    
+    certificates = (CERTCertificate **) malloc (sizeof(CERTCertificate *) * keyTypeNum);
+    o_certNums = keyTypeNum;
+    for (i=0; i<keyTypeNum; i++) {
+		certificates[i] = NULL;
+		ktypes[i] = NULL;
+		origins[i] = NULL;
+		tokenTypes[i] = NULL;
+
+    }
+    for (i=0; i<keyTypeNum; i++) {
+
+        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.keyType.value.%d", OP_PREFIX, tokenType, i);
+        const char *keyTypeValue = RA::GetConfigStore()->GetConfigAsString(configname, "signing");
+
+        r = GenerateCertificate(login,keyTypeNum, keyTypeValue, i, session, origins, ktypes, tokenType,
+          pkcs11objx, pkcs11obj_enable, extensions, channel, wrapped_challenge,
+          key_check, plaintext_challenge, cuid, msn, final_applet_version,
+          khex, userid, o_status, certificates);
+
+        RA::Debug("GenerateCertificates","configname %s  result  %d",configname,r);
+
+        tokenTypes[i] = PL_strdup(tokenType);
+        if(r == false)  {
+            noFailedCerts  = false;
+            lastErrorStatus = o_status;
+            break;
+       }
+            
+    }
+
+    if (noFailedCerts == true) {
+    //In this special case of re-enroll
+    //Revoke  current certs for this token  
+    // before the just enrolled certs are written to the db
+         char error_msg[512];
+         bool success = RevokeCertificates(session, cuid,error_msg,(char *)final_applet_version,
+                                             NULL,(char *)tokenType,(char *)userid,o_status
+         );
+
+         RA::Debug("GenerateCertificates","Revoke result %d  ",(int) success);
+
+         if (!success) {
+              //Don't blow the whole thing up for this.
+              RA::Debug("GenerateCertificates","Revocation failure %s  ",error_msg);
+         }
+
+    }
+ loser:
+    if(lastErrorStatus != STATUS_NO_ERROR) {
+        o_status = lastErrorStatus;
+    }
+    return noFailedCerts;
+}
+
+bool RA_Enroll_Processor::GenerateCertificate(AuthParams *login, int keyTypeNum, const char *keyTypeValue, int i, RA_Session *session, 
+  char **origins, char **ktypes, char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable,
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid, 
+  RA_Status &o_status, CERTCertificate **certificates)
+{
+    bool r = true;
+    char configname[256];
+    char keyTypePrefix[200];
+	const char *FN="RA_Enroll_Processor::GenerateCertificate";
+
+    PR_snprintf((char *)keyTypePrefix, 256, "%s.%s.keyGen.%s", OP_PREFIX, tokenType, keyTypeValue);
+    RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::GenerateCertificate","keyTypePrefix is %s",keyTypePrefix);
+    PR_snprintf((char *)configname, 256, "%s.ca.profileId", keyTypePrefix);
+    const char *profileId = RA::GetConfigStore()->GetConfigAsString(configname, "");
+    PR_snprintf((char *)configname, 256,"%s.certId", keyTypePrefix);
+    const char *certId = RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+    PR_snprintf((char *)configname, 256, "%s.certAttrId", keyTypePrefix);
+    const char *certAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "c0");
+    PR_snprintf((char *)configname, 256, "%s.privateKeyAttrId", keyTypePrefix);
+    const char *priKeyAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "k0"); 
+    PR_snprintf((char *)configname,  256,"%s.publicKeyAttrId", keyTypePrefix);
+    const char *pubKeyAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "k1");
+    PR_snprintf((char *)configname, 256, "%s.keySize", keyTypePrefix);
+    int keySize = RA::GetConfigStore()->GetConfigAsInt(configname, 1024);
+
+    PR_snprintf((char *)configname, 256, "%s.publisherId", keyTypePrefix);
+    const char *publisherId = RA::GetConfigStore()->GetConfigAsString(configname, NULL);
+
+    PR_snprintf((char *)configname, 256, "%s.keyUsage", keyTypePrefix);
+    int keyUsage = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+    PR_snprintf((char *)configname, 256, "%s.keyUser", keyTypePrefix);
+    int keyUser = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+    PR_snprintf((char *)configname, 256, "%s.privateKeyNumber", keyTypePrefix);
+    int priKeyNumber = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+    PR_snprintf((char *)configname, 256, "%s.publicKeyNumber", keyTypePrefix);
+    int pubKeyNumber = RA::GetConfigStore()->GetConfigAsInt(configname, 1);
+
+
+    // get key capabilites to determine if the key type is SIGNING, 
+    // ENCRYPTION, or SIGNING_AND_ENCRYPTION
+    PR_snprintf((char *)configname, 256, "%s.private.keyCapabilities.sign", keyTypePrefix);
+    bool isSigning = RA::GetConfigStore()->GetConfigAsBool(configname);
+    PR_snprintf((char *)configname, 256, "%s.public.keyCapabilities.encrypt", keyTypePrefix);
+    bool isEncrypt = RA::GetConfigStore()->GetConfigAsBool(configname);
+    int keyTypeEnum = 0;
+
+    if ((isSigning) &&
+        (isEncrypt)) {
+        keyTypeEnum = KEY_TYPE_SIGNING_AND_ENCRYPTION;
+    } else if (isSigning) {
+        keyTypeEnum = KEY_TYPE_SIGNING;
+    } else if (isEncrypt) {
+        keyTypeEnum = KEY_TYPE_ENCRYPTION;
+    }
+    RA::Debug(LL_PER_CONNECTION,FN,
+		"key type is %d",keyTypeEnum);
+
+    PR_snprintf((char *)configname, 256, "%s.ca.conn", keyTypePrefix);
+    const char *caconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+    certificates[i] = NULL;
+    ktypes[i] = NULL;
+    origins[i] = NULL;
+
+    o_status = DoEnrollment(login, session, certificates, origins, ktypes, pkcs11obj_enable,
+                    pkcs11objx, extensions, i, keyTypeNum,
+                    15 /* start progress */,
+                    90 /* end progress */, channel, wrapped_challenge,
+          tokenType,
+          keyTypeValue,
+          key_check,
+          plaintext_challenge,
+          cuid,
+          msn,
+          khex, (TokenKeyType)keyTypeEnum, profileId, userid, certId,publisherId, certAttrId, priKeyAttrId,
+          pubKeyAttrId, (keyUser << 4)+priKeyNumber,
+          (keyUsage << 4)+pubKeyNumber, keySize, caconnid, keyTypePrefix,(char *)final_applet_version);
+
+    if (o_status != STATUS_NO_ERROR) {
+        r = false;
+
+        RA::Debug(LL_PER_CONNECTION,FN,
+			"Got a status error from DoEnrollment:  %d", o_status);
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "enrollment error", "", tokenType);
+        goto loser;
+    }
+
+ loser:
+
+    return r;
+}
+  
+bool RA_Enroll_Processor::GenerateCertsAfterRecoveryPolicy(AuthParams *login, RA_Session *session, char **&origins, char **&ktypes, 
+  char *&tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable, 
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid, RA_Status &o_status, 
+  CERTCertificate **&certificates, int &o_certNums, char **&tokenTypes)
+{
+    LDAPMessage *ldapResult = NULL;
+    LDAPMessage *e = NULL;
+    int nEntries = 0;
+    char filter[512];
+    char configname[512];
+    char tokenStatus[100];
+    char *tokenid = NULL;
+    int rc = -1;
+    bool r=true;
+    o_status = STATUS_NO_ERROR;
+    char *origTokenType = NULL;
+
+	const char *FN="RA_Enroll_Process::GenerateCertsAfterRecoveryPolicy";
+    PR_snprintf(filter, 512, "tokenUserID=%s", userid);
+    
+    rc = RA::ra_find_tus_token_entries_no_vlv(filter, &ldapResult, 1);
+  
+    if (rc != LDAP_SUCCESS) {
+        RA::Debug(LL_PER_CONNECTION,FN,
+			"Cant find any tokens associated with the userid=%s. "
+			"There should be at least one token.", userid);
+        r = false;
+        o_status = STATUS_ERROR_INACTIVE_TOKEN_NOT_FOUND;
+        goto loser;
+    } else {
+        nEntries = RA::ra_get_number_of_entries(ldapResult);
+        for (e = RA::ra_get_first_entry(ldapResult); e != NULL; e = RA::ra_get_next_entry(e)) {   
+            struct berval ** attr_values = RA::ra_get_attribute_values(e, "tokenStatus");
+
+            if ((attr_values == NULL) || (attr_values[0] == NULL)) {
+                RA::Debug(LL_PER_CONNECTION,FN, "Error obtaining token status");
+                r = false;
+                o_status = STATUS_ERROR_BAD_STATUS;
+                if (attr_values != NULL) {
+                    RA::ra_free_values(attr_values);
+                    attr_values = NULL;
+                }
+                goto loser;
+            }
+          
+            RA::Debug(LL_PER_CONNECTION,FN, "tokenStatus = %s",
+              attr_values[0]->bv_val);
+
+            strncpy(tokenStatus, attr_values[0]->bv_val, 100);
+            // free attr_values
+            if (attr_values != NULL) {
+              RA::ra_free_values(attr_values);
+              attr_values = NULL;
+            }
+            tokenid = RA::ra_get_token_id(e);
+            RA::Debug(LL_PER_CONNECTION,FN, "tokenID = %s", tokenid);
+            int cmp_result = PL_strcasecmp(tokenid, cuid);
+            free(tokenid);
+            if (cmp_result == 0) {
+                if (PL_strcasecmp(tokenStatus, "uninitialized") == 0 ) {
+                    if (nEntries == 1) {
+                        // need to do enrollment outside
+                        break;
+                    } else {
+                        RA::Debug(LL_PER_CONNECTION,FN,
+                          "There are multiple token entries for user %s.", userid);
+
+                        if (RA::ra_tus_has_active_tokens((char *)userid) == 0) {
+                            r = false;
+                            o_status = STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN;
+                            RA::Debug(LL_PER_CONNECTION,FN, "User already has one active token.");
+                            goto loser;
+                        } else {
+                            // 1) current token is in active state
+                            // 2) there are no other active tokens for this user
+                            // 3) that means the previous one is the lost one
+                            // get the most recent previous token:
+                            LDAPMessage *prev = RA::ra_get_next_entry(e);
+                            char *reason = RA::ra_get_token_reason(prev);
+                            char *lostTokenCUID = RA::ra_get_token_id(prev);
+
+                            // if the previous one is lost, then check lost reason
+                            origTokenType = PL_strdup(tokenType);
+                            if (PL_strcasecmp(reason, "keyCompromise") == 0) {
+                                r = ProcessRecovery(login, reason, session, origins, ktypes,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  extensions, channel, wrapped_challenge,
+                                  key_check, plaintext_challenge, cuid, msn,
+                                  final_applet_version, khex, userid,
+                                  o_status, certificates, lostTokenCUID, o_certNums, tokenTypes, origTokenType); 
+
+                                break;
+                            } else if (PL_strcasecmp(reason, "onHold") == 0) {
+                                // then the inactive one becomes the temp token
+                                // No recovery scheme, basically we are going to
+                                // do the brand new enrollment
+                                PR_snprintf(configname, 512, "op.enroll.%s.temporaryToken.tokenType", tokenType);
+                                char *tempTokenType = (char *)(RA::GetConfigStore()->GetConfigAsString(configname, "userKeyTemporary"));
+                                RA::Debug(LL_PER_CONNECTION,FN, 
+									"Token type for temporary token: %s", tempTokenType);
+                                PL_strcpy(tokenType, tempTokenType);
+                                r = ProcessRecovery(login, reason, session, origins, ktypes,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  extensions, channel, wrapped_challenge,
+                                  key_check, plaintext_challenge, cuid, msn,
+                                  final_applet_version, khex, userid,
+                                  o_status, certificates, lostTokenCUID, o_certNums, tokenTypes, origTokenType); 
+
+                                break;
+                            } else if (PL_strcasecmp(reason, "destroyed") == 0) {
+                                r = ProcessRecovery(login, reason, session, origins, ktypes,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  extensions, channel, wrapped_challenge,
+                                  key_check, plaintext_challenge, cuid, msn,
+                                  final_applet_version, khex, userid,
+                                  o_status, certificates, lostTokenCUID, o_certNums, tokenTypes, origTokenType); 
+
+                                break;
+                            } else {
+                                r = false;
+                                o_status = STATUS_ERROR_NO_SUCH_LOST_REASON;
+                                RA::Debug(LL_PER_CONNECTION,FN,
+                                  "No such lost reason=%s for this cuid=%s",
+                                  reason, cuid);
+                                goto loser;
+                            }
+                        }
+                    }
+                } else if (strcmp(tokenStatus, "active") == 0) {
+                    r = true;
+                    RA::Debug(LL_PER_CONNECTION,FN,
+			"This is the active token. You can re-enroll if the re-enroll=true; or renew if renew=true.");
+                    if (RA::ra_allow_token_renew(cuid)) {
+                        // renewal allowed instead of re-enroll
+                        r = ProcessRenewal(login, session, ktypes, origins,
+                                  tokenType, pkcs11objx, pkcs11obj_enable,
+                                  channel,
+                                  cuid, msn,
+                                  final_applet_version, userid,
+                                  o_status, certificates, o_certNums,
+                                  tokenTypes); 
+                        if (r == true) {
+                            RA::Debug(LL_PER_CONNECTION,FN, "ProcessRenewal returns true");
+                        } else
+                            goto loser;
+                    }
+                    break;
+                } else if (strcmp(tokenStatus, "terminated") == 0) {
+                    RA::Debug(LL_PER_CONNECTION,FN,
+                      "terminated token cuid=%s", cuid);
+                    r = false;
+                    o_status = STATUS_ERROR_CONTACT_ADMIN;
+                    goto loser;
+                } else if (strcmp(tokenStatus, "lost") == 0) {
+                    char *reason = RA::ra_get_token_reason(e);
+                    if (strcmp(reason, "keyCompromise") == 0) {
+                        r = false;
+                        o_status = STATUS_ERROR_UNUSABLE_TOKEN_KEYCOMPROMISE;
+                        RA::Debug(LL_PER_CONNECTION,FN,
+							"This token cannot be reused because it has been reported lost");
+                        goto loser;
+                    } else if (strcmp(reason, "onHold") == 0) {
+                        if (RA::ra_tus_has_active_tokens((char *)userid) == 0) {
+                            r = false;
+                            o_status = STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN;
+                            RA::Debug(LL_PER_CONNECTION,FN,
+								"User already has an active token.");
+                            goto loser;
+                        } else { // change it back to active token
+                            r = false;
+                            o_status = STATUS_ERROR_CONTACT_ADMIN;
+                            RA::Debug(LL_PER_CONNECTION,FN,
+				"User needs to contact administrator to report lost token (it should be put on Hold).");
+                            break;
+                        }
+                    } else if (strcmp(reason, "destroyed") == 0) {
+                        r = false;
+                        RA::Debug(LL_PER_CONNECTION,FN,
+							"This destroyed lost case should not be executed because the token is so damaged. It should not get here");
+                        o_status = STATUS_ERROR_TOKEN_DISABLED;
+                        goto loser;
+                    } else {
+                        RA::Debug(LL_PER_CONNECTION,FN,
+							"No such lost reason=%s for this cuid=%s", reason, cuid);
+                        r = false;
+                        o_status = STATUS_ERROR_NO_SUCH_LOST_REASON;
+                        goto loser;
+                    }
+                } else {
+                    RA::Debug(LL_PER_CONNECTION,FN,
+                      "No such token status for this cuid=%s", cuid);
+                    r = false;
+                    o_status = STATUS_ERROR_NO_SUCH_TOKEN_STATE;
+                    goto loser;
+                }
+            } else { // cuid != cuid of the current token
+                continue;
+/*
+                if (RA::ra_tus_has_active_tokens((char *)userid) == 0) {
+                    r = false;
+                    o_status = STATUS_ERROR_HAS_AT_LEAST_ONE_ACTIVE_TOKEN;
+                    RA::Debug("RA_Enroll_Processor::GenerateCertsAfterRecoveryPolicy", "You already have one active token.");
+                    goto loser;
+                } else
+                    continue;
+*/
+            }
+        }
+    }
+
+ loser:
+    if (origTokenType != NULL) {
+        PL_strfree(origTokenType);
+        origTokenType = NULL;
+    }
+    if (rc == 0)
+        if (ldapResult != NULL)
+            ldap_msgfree(ldapResult);
+
+
+RA::Debug("RA_Enroll_Processor::GenerateCertsAfterRecoveryPolicy", "returning boolean = %d", r); 
+    return r;
+}
+
+/*
+ * cfu - check  if a cert is within the renewal grace period
+ *  utilize passed in grace period values. 
+ */
+bool RA_Enroll_Processor::isCertRenewable(CERTCertificate *cert, int graceBefore, int graceAfter){
+    PRTime timeBefore, timeAfter, now;
+
+    //Grace period input in days
+    RA::Debug("RA_Enroll_Processor::isCertRenewable","graceBefore %d graceAfter %d",graceBefore,graceAfter);
+    PRTime graceBefore64, graceAfter64,microSecondsPerSecond;
+    PRInt64 graceBeforeSeconds,graceAfterSeconds;
+
+    LL_I2L(microSecondsPerSecond, PR_USEC_PER_SEC);
+
+    //Get number of microseconds in each grace period value.
+    LL_I2L(graceBeforeSeconds, graceBefore * 60 * 60 * 24);
+    LL_I2L(graceAfterSeconds,graceAfter * 60 * 60 * 24);
+
+    LL_MUL(graceBefore64, microSecondsPerSecond,graceBeforeSeconds);
+    LL_MUL(graceAfter64,  microSecondsPerSecond,graceAfterSeconds);
+
+    PRTime lowerBound, upperBound;
+ 
+    DER_DecodeTimeChoice(&timeBefore, &cert->validity.notBefore);
+    DER_DecodeTimeChoice(&timeAfter, &cert->validity.notAfter);
+
+    PrintPRTime(timeBefore,"timeBefore");
+    PrintPRTime(timeAfter,"timeAfter");
+
+    now = PR_Now();
+
+    //Calculate lower and upper legal bounds for time
+    LL_SUB(lowerBound,timeAfter, graceBefore64);
+    LL_ADD(upperBound,timeAfter,graceAfter64);
+
+    PrintPRTime(lowerBound,"lowerBound");
+    PrintPRTime(now,"now");
+    PrintPRTime(upperBound,"upperBound");
+
+    if(LL_CMP(now,>=, lowerBound) && LL_CMP(now,<=,upperBound)) {
+        RA::Debug("RA_Enroll_Processor::isCertRenewable","returning true!");
+        return true;
+    }
+
+    RA::Debug("RA_Enroll_Processor::isCertRenewable","returning false!");
+
+    return false;
+}
+
+/*
+ * cfu
+ * DoRenewal - use i_cert's serial number for renewal
+ * i_cert - cert to renew
+ * o_cert - cert newly issued
+ */
+bool RA_Enroll_Processor::DoRenewal(const char *connid, const char *profileId, CERTCertificate *i_cert,
+CERTCertificate **o_cert, char *error_msg)
+{
+    RA_Status status = STATUS_NO_ERROR;
+    bool r = true;
+    CertEnroll *certRenewal = NULL;
+    Buffer *cert = NULL;
+    char *cert_string = NULL;
+
+    PRUint64 snum = DER_GetInteger(&(i_cert)->serialNumber);
+    RA::Debug("RA_Enroll_Processor::DoRenewal", "begins renewal for serial number %u with profileId=%s", (int)snum, profileId);
+
+    certRenewal = new CertEnroll();
+    cert = certRenewal->RenewCertificate(snum, connid, profileId, error_msg);
+
+// this is where renewal happens .. audit log for fail/ success here? 
+    if (cert == NULL) {
+        r = false;
+        RA::Debug("RA_Enroll_Processor::DoRenewal", "Renewal failed for serial number %d", snum);
+        status = STATUS_ERROR_MAC_ENROLL_PDU;
+        goto loser;
+    }
+    RA::Debug("RA_Enroll_Processor::DoRenewal", "Renewal suceeded for serial number %d", snum);
+
+    cert_string = (char *) cert->string();
+    *o_cert = CERT_DecodeCertFromPackage((char *) cert_string, 
+      (int) cert->size());
+    if (o_cert != NULL) {
+        char msg[2048];
+        RA::ra_tus_print_integer(msg, &(o_cert[0])->serialNumber);
+        RA::Debug("DoRenewal", "Received newly issued Certificate");
+        RA::Debug("DoRenewal serial=", msg);
+        RA::Debug("DoRenewal", "yes");
+    } else {
+        r = false;
+    }
+    free(cert_string);
+
+loser:
+    if( certRenewal != NULL ) {
+        delete certRenewal;
+        certRenewal = NULL;
+    }
+    if( cert != NULL ) {
+        delete cert;
+        cert = NULL;
+    }
+    return r;
+}
+
+#define RENEWAL_FAILURE 1
+#define RENEWAL_FAILURE_GRACE 2
+
+/*
+* Renewal logic
+*  1. Create Optional local TPS grace period per token profile, 
+*     per token type, such as signing or encryption.
+*    This grace period must match how the CA is configured. Ex:
+*    op.enroll.userKey.renewal.encryption.enable=true
+*    op.enroll.userKey.renewal.encryption.gracePeriod.enable=true
+*    op.enroll.userKey.renewal.encryption.gracePeriod.before=30
+*    op.enroll.userKey.renewal.encryption.gracePeriod.after=30
+*  2. In case of a grace period failure the code will go on 
+*     and attempt to renew the next certificate in the list.
+*  3. In case of any other code failure, the code will abort
+*     and leave the token untouched, while informing the user
+*     with an error message.
+*
+*
+*/
+bool RA_Enroll_Processor::ProcessRenewal(AuthParams *login, RA_Session *session, char **&ktypes,
+ char **&origins,
+  char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable,
+  Secure_Channel *channel,
+  const char *cuid, char *msn,
+  const char *final_applet_version, const char *userid,
+  RA_Status &o_status, CERTCertificate **&certificates,
+  int &o_certNums, char **&tokenTypes)
+{
+    bool r = true;
+    o_status = STATUS_ERROR_RENEWAL_IS_PROCESSED;
+    char keyTypePrefix[256];
+    char configname[256];
+    char filter[256];
+    LDAPMessage *result = NULL;
+    const char *pretty_cuid = NULL;
+    char audit_msg[512] = "";
+    char *keyVersion = NULL;
+    int renewal_failure_found = 0;
+   
+    int   maxCertUpdate = 25; 
+    char  *renewedCertUpdateList[25];
+    int   renewedCertUpdateCount = 0;
+
+    int i = 0;
+    const char *FN="RA_Enroll_Processor::ProcessRenewal";
+
+    RA::Debug("RA_Enroll_Processor::ProcessRenewal", "starts");
+
+    // get key version for audit logs
+    if (channel != NULL) {
+        if( keyVersion != NULL ) {
+            PR_Free( (char *) keyVersion );
+            keyVersion = NULL;
+        }
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    // e.g. op.enroll.userKey.renewal.keyType.num
+    // renewal params will just have to match that of the previous
+    // enrollment tps profile. Will try to be smarter later...
+    PR_snprintf(configname, 256, "op.enroll.%s.renewal.keyType.num",
+      tokenType);
+    int keyTypeNum = RA::GetConfigStore()->GetConfigAsInt(configname, -1);
+    if (keyTypeNum == -1) {
+        RA::Debug("RA_Enroll_Processor::ProcessRenewal", "Missing the configuration parameter for %s", configname);
+        r = false;
+        o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        PR_snprintf(audit_msg, 512, "Missing the configuration parameter for %s", configname);
+        goto loser;
+    }
+
+    RA::Debug("RA_Enroll_Processor::ProcessRenewal", "keyType.num=%d", keyTypeNum);
+
+    o_certNums = keyTypeNum;
+    certificates = (CERTCertificate **) malloc (sizeof(CERTCertificate *) * keyTypeNum);
+    ktypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+    origins = (char **) malloc (sizeof(char *) * keyTypeNum);
+    tokenTypes = (char **) malloc (sizeof(char *) * keyTypeNum);
+
+    for (i=0; i<keyTypeNum; i++) {
+        certificates[i] = NULL;
+        ktypes[i] = NULL;
+        origins[i] = NULL;
+        tokenTypes[i] = NULL;
+
+        bool renewable = true;
+        // e.g. op.enroll.userKey.renewal.keyType.value.0=signing
+        // e.g. op.enroll.userKey.renewal.keyType.value.1=encryption
+        PR_snprintf(configname, 256, "op.enroll.%s.renewal.keyType.value.%d", tokenType, i);
+        const char *keyTypeValue = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+
+        if (keyTypeValue == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+              "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            PR_snprintf(audit_msg, 512, "Missing the configuration parameter for %s", configname);
+            goto loser;
+        }
+        RA::Debug("RA_Enroll_Processor::ProcessRenewal", "keyType == %s ", keyTypeValue);
+        TokenKeyType key_type = KEY_TYPE_ENCRYPTION;
+        if (strcmp(keyTypeValue, "signing") == 0)
+          key_type = KEY_TYPE_SIGNING;
+        else if (strcmp(keyTypeValue, "encryption") == 0) 
+          key_type = KEY_TYPE_ENCRYPTION;
+        else
+          key_type = KEY_TYPE_SIGNING_AND_ENCRYPTION;
+
+        // e.g. op.enroll.userKey.renewal.signing.enable=true
+        PR_snprintf(configname, 256, "op.enroll.%s.renewal.%s.enable", tokenType, keyTypeValue);
+        renewable = RA::GetConfigStore()->GetConfigAsBool(configname);
+
+        if (!renewable) {
+           RA::Debug("RA_Enroll_Processor::ProcessRenewal", "renewal not enabled");
+           continue;
+        }
+
+        // set allowable $$ config patterns
+        NameValueSet nv;
+        pretty_cuid = GetPrettyPrintCUID(cuid);
+
+        nv.Add("pretty_cuid", pretty_cuid);
+        nv.Add("cuid", cuid);
+        nv.Add("msn", msn);
+        nv.Add("userid", userid);
+        //nv.Add("profileId", profileId);
+
+        /* populate auth parameters output to nv also */
+        /* so we can reference to the auth parameter by */
+        /* using $auth.cn$, or $auth.mail$ */
+        if (login != NULL) {
+          int s = login->Size();
+          for (int x = 0; x < s; x++) {
+             char namebuf[2048];
+             char *name = login->GetNameAt(x);
+             sprintf(namebuf, "auth.%s", name);
+             nv.Add(namebuf, login->GetValue(name));
+          }
+        }
+
+        /*
+         * Get certs from the tokendb for this token to find out about
+         * renewal possibility
+         */
+
+
+            RA::Debug("RA_Enroll_Processor::ProcessRenewal", "Renew the certs for %s", keyTypeValue);
+            PR_snprintf(filter, 256, "(&(tokenKeyType=%s)(tokenID=%s))",
+              keyTypeValue, cuid);       
+            int rc = RA::ra_find_tus_certificate_entries_by_order_no_vlv(filter,
+              &result, 1);
+ 
+            tokenTypes[i] = PL_strdup(tokenType);
+            if (rc == LDAP_SUCCESS) {
+                bool renewed = false;
+                const char *caconnid;
+                const char *profileId;
+                PR_snprintf(keyTypePrefix, 256, "op.enroll.%s.keyGen.%s", tokenType,keyTypeValue);
+                PR_snprintf(configname, 256, "op.enroll.%s.renewal.%s.enable", tokenType, keyTypeValue);
+                PR_snprintf((char *)configname, 256,"op.enroll.%s.renewal.%s.certId", tokenType, keyTypeValue);
+                char *certId = (char *)RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+                PR_snprintf((char *)configname, 256, "op.enroll.%s.renewal.%s.certAttrId", tokenType, keyTypeValue);
+                char *certAttrId = (char *)RA::GetConfigStore()->GetConfigAsString(configname, "c0");
+                //PR_snprintf((char *)configname, 256, "%s.privateKeyAttrId", keyTypePrefix);
+                //const char *priKeyAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "k0");
+                //PR_snprintf((char *)configname,  256,"%s.publicKeyAttrId", keyTypePrefix);
+                //const char *pubKeyAttrId = RA::GetConfigStore()->GetConfigAsString(configname, "k1");
+                RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+                  "certId=%s, certAttrId=%s",certId, certAttrId);
+
+                char finalCertId[3];
+                char finalCertAttrId[3];
+
+                finalCertId[0] = certId[0];
+                finalCertId[1] = certId[1];
+                finalCertId[2] = 0;
+
+                finalCertAttrId[0] = certAttrId[0];
+                finalCertAttrId[1] = certAttrId[1];
+                finalCertAttrId[2] = 0;
+
+                LDAPMessage *e= NULL;
+                char *attr_status = NULL;
+                for( e = RA::ra_get_first_entry( result );
+                       e != NULL;
+                       e = RA::ra_get_next_entry( e ) ) {
+                    attr_status = RA::ra_get_cert_status( e );
+                    if( (strcmp( attr_status, "revoked" ) == 0) ||
+                        (strcmp( attr_status, "renewed" ) == 0) ) {
+                        if (attr_status != NULL) {
+                            PL_strfree(attr_status);
+                            attr_status = NULL;
+                        }
+                        continue;
+                    }
+
+                    const char *label= NULL;
+                    const char *pattern= NULL;
+                    Buffer *certbuf = NULL;
+
+                    // retrieve the most recent certificate to start
+
+                    CERTCertificate **certs = RA::ra_get_certificates(e);
+                    CERTCertificate *o_cert = NULL;
+                    SECKEYPublicKey *pk_p = NULL;
+                    SECItem si_mod;
+                    Buffer *modulus=NULL;
+                    SECItem *si_kid = NULL;
+                    Buffer *keyid=NULL;
+                    SECItem si_exp;
+                    Buffer *exponent=NULL;
+                    CERTSubjectPublicKeyInfo*  spkix = NULL;
+
+                    bool graceEnabled = false;
+                    int graceBefore = 0;
+                    int graceAfter = 0;
+
+                    if (certs[0] != NULL) {
+
+                        RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+                          "Certificate to check for renew");
+
+                        // check if renewable (note: CA makes the final decision)
+                        /* testing...pass through for now
+                        if (!isCertRenewable(certs[0])) {
+                            RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+                                "Cert outside of renewal period");
+                            r = false;
+                            goto rloser;
+                        }
+                        */
+
+                        // op.enroll.userKey.renewal.signing.ca.conn
+                        // op.enroll.userKey.renewal.encryption.ca.conn
+                        PR_snprintf(configname, 256, 
+                          "op.enroll.%s.renewal.%s.ca.conn", tokenType, keyTypeValue);
+                        caconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+                        if (caconnid == NULL) {
+                            RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+                              "Missing the configuration parameter for %s", configname);
+                              r = false;
+                            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+                            PR_snprintf(audit_msg, 512, "Missing the configuration parameter for %s", configname);
+                            goto rloser;
+                        }
+                        
+                        // op.enroll.userKey.renewal.signing.ca.profileId
+                        // op.enroll.userKey.renewal.encryption.ca.profileId
+                        PR_snprintf(configname, 256, 
+                          "op.enroll.%s.renewal.%s.ca.profileId", tokenType, keyTypeValue);
+                        profileId = RA::GetConfigStore()->GetConfigAsString(configname);
+                        if (profileId == NULL) {
+                            RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+                              "Missing the configuration parameter for %s", configname);
+                              r = false;
+                            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+                            PR_snprintf(audit_msg, 512, "Missing the configuration parameter for %s", configname);
+                            goto rloser;
+                        }
+
+                        RA::Debug("RA_Enroll_Processor::ProcessRenewal","got profileId=%s",profileId);
+			RA::Debug("RA_Enroll_Processor::ProcessRenewal", "begin renewal");
+
+
+                        PR_snprintf(configname,256,
+                           "op.enroll.%s.renewal.%s.gracePeriod.enable",tokenType,keyTypeValue);
+
+                        graceEnabled = RA::GetConfigStore()->GetConfigAsBool(configname,0);
+
+                        if(graceEnabled) {
+
+                            PR_snprintf(configname,256,
+                               "op.enroll.%s.renewal.%s.gracePeriod.before",tokenType,keyTypeValue);
+
+                            graceBefore = RA::GetConfigStore()->GetConfigAsInt(configname,0);
+
+                            PR_snprintf(configname,256,
+                                "op.enroll.%s.renewal.%s.gracePeriod.after",tokenType,keyTypeValue); 
+                            
+                            graceAfter = RA::GetConfigStore()->GetConfigAsInt(configname,0); 
+                            // check if renewable (note: CA makes the final decision)
+                            if (!isCertRenewable(certs[0],graceBefore,graceAfter)) {
+                                RA::Debug("RA_Enroll_Processor::ProcessRenewal",
+                                    "Cert outside of renewal period");
+                                renewal_failure_found = RENEWAL_FAILURE_GRACE;
+                                //Since this is merely a grace period failure for one cert
+                                //let's keep going.
+                                r = true;
+                                goto rloser;
+                            }
+
+                        }
+
+                        // send renewal request to CA
+                        // o_cert is the cert gotten back
+                        r = DoRenewal(caconnid, profileId, certs[0], &o_cert, audit_msg);
+                        if (r == false) {
+			    RA::Debug("RA_Enroll_Processor::ProcessRenewal", "after DoRenewal failure. o_cert %p",o_cert);
+                            o_status = STATUS_ERROR_MAC_ENROLL_PDU;
+                            //Assume a renewal grace failure here since we can't obtain the reason.
+                            //This is the most likely error and there is a chance the next renewal may succeed.
+                            renewal_failure_found = RENEWAL_FAILURE_GRACE;
+                            char snum[2048];
+                            RA::ra_tus_print_integer(snum, &(certs[0])->serialNumber);
+                            RA::Audit(EV_RENEWAL, AUDIT_MSG_PROC_CERT_REQ, 
+                              userid, cuid, msn, "failure", "renewal", final_applet_version,
+                              keyVersion != NULL ? keyVersion :  "", 
+                              snum, caconnid, audit_msg);
+                            //Since this is merely a grace period or renewal failure for one cert
+                            //let's keep it going
+
+                            r = true;
+                            goto rloser;
+                        }
+
+                        // got cert... 
+
+                        // build label
+                        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.label",
+	                    OP_PREFIX, tokenType, keyTypeValue);
+                        RA::Debug(LL_PER_CONNECTION,FN,
+		                "label '%s'", configname);
+                        pattern = RA::GetConfigStore()->GetConfigAsString(configname);
+
+                        if(pattern == NULL)
+                        {
+                            RA::Debug("RA_Enroll_Processor::ProcessRenewal", "no configured cert label!");
+                            renewal_failure_found = RENEWAL_FAILURE;
+                            PR_snprintf(audit_msg,512, "No cert label configured for cert!");
+                            goto rloser;
+                        }
+
+                        RA::Debug(LL_PER_CONNECTION,FN,
+                                "pattern '%s'",pattern);
+
+			label = MapPattern(&nv, (char *) pattern);
+
+                        RA::Debug(LL_PER_CONNECTION,FN,
+                                "label '%s'",label);
+
+			if (o_cert != NULL) {
+			  RA::Debug("RA_Enroll_Processor::ProcessRenewal", "got cert!!");
+//			  tmp_c = NSSBase64_EncodeItem(0, 0, 0, &(o_cert)->derCert);
+//			  RA::Debug("RA_Enroll_Processor::ProcessRenewal", "after NSSBase64_EncodeItem");
+
+                          char snum[2048];
+                          RA::ra_tus_print_integer(snum, &o_cert->serialNumber);
+                          RA::Audit(EV_RENEWAL, AUDIT_MSG_PROC_CERT_REQ, 
+                            userid, cuid, msn, "success", "renewal", final_applet_version, 
+                            keyVersion != NULL ? keyVersion :  "", 
+                            snum, caconnid, "certificate renewed");
+			} else {
+			  RA::Debug("RA_Enroll_Processor::ProcessRenewal", "no cert!!");
+                          PR_snprintf(audit_msg, 512, "No cert returned from DoRenewal");
+			  goto rloser;
+			}
+
+                        ktypes[i] = PL_strdup(keyTypeValue);
+                        origins[i] = PL_strdup(cuid);
+                        certificates[i] = o_cert;
+                        //o_certNums++;
+
+                        // For the encrytion cert we actually need to calculate the proper certId and certAttrId
+                        // since we now leave previous encryption certs on the token to allow dencryption of old
+                        // Emails by the user.
+             
+                        if( key_type == KEY_TYPE_ENCRYPTION) {
+
+                            int new_cert_id = GetNextFreeCertIdNumber(pkcs11objx);
+
+                            RA::Debug("RA_Enroll_Processor::ProcessRenewal", 
+                                "Encryption cert, calculated new cert id: %d",new_cert_id);
+
+                            //Is the calculated cert id reasonable based on the current state of the
+                            // token and the expected renewal configuration.
+                            if( !(new_cert_id  > keyTypeNum ) || new_cert_id > 9) {
+                                RA::Debug(LL_PER_CONNECTION,FN,
+                                    "RA_Enroll_Processor::ProcessRenewal","Possible misconfiguration or out of sync token!");
+                                PR_snprintf(audit_msg, 512, "Renewal of cert failed, misconfiguration or out of sync token!");
+                                renewal_failure_found = RENEWAL_FAILURE; 
+                                goto rloser;
+
+                            }
+
+                            finalCertId[0]= 'C';
+                            finalCertId[1] = '0' + new_cert_id;
+                       
+                            finalCertAttrId[0] = 'c';
+                            finalCertAttrId[1] = '0' + new_cert_id;
+
+                            RA::Debug(LL_PER_CONNECTION,FN,
+                                 "finalCertId %s finalCertAttrId %s", finalCertId, finalCertAttrId);
+                        }
+
+                        // write certificate to token
+			certbuf = new Buffer(o_cert->derCert.data, o_cert->derCert.len);
+                        if (pkcs11obj_enable)
+			{
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (finalCertId[0] << 24) +
+							   (finalCertId[1] << 16),
+							   certbuf);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			} else {
+                          RA::Debug(LL_PER_CONNECTION,FN,
+                            "Not implemented");
+                          renewal_failure_found = RENEWAL_FAILURE;
+                          PR_snprintf(audit_msg, 512, "Write cert to token failed: pkcs11obj_enable = false not implemented");
+                          goto rloser;
+/*
+                          RA::Debug(LL_PER_CONNECTION,FN,
+                                 "About to create certificate object on token");
+                          rc = channel->CreateCertificate(certId, certbuf);
+                          if (rc == -1) {
+                                 RA::Error(LL_PER_CONNECTION,FN,
+                                 "Failed to create certificate object on token");
+
+                                 o_status = STATUS_ERROR_MAC_ENROLL_PDU;
+                                 goto rloser;
+                          }
+*/
+                        }
+
+                        if (o_cert->subjectKeyID.data != NULL) {
+			  RA::Debug("RA_Enroll_Processor::ProcessRenewal", "subjectKeyID found in cert");
+//later, add code to check if keys really exist on token!
+                          keyid = new Buffer((BYTE*)o_cert->subjectKeyID.data,
+                                    (unsigned int)o_cert->subjectKeyID.len);
+
+                        } else {// should always have keyid
+//use existing original keyid
+			  RA::Debug("RA_Enroll_Processor::ProcessRenewal", "no subjectKeyID found in cert, use existing");
+                          keyid = new Buffer((BYTE*)certs[0]->subjectKeyID.data,
+                                    (unsigned int)certs[0]->subjectKeyID.len);
+                        }
+
+                        if (pkcs11obj_enable)
+			{
+			  Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+                               key_type , finalCertAttrId, label, keyid);
+                          if (b == NULL) {
+                              PR_snprintf(audit_msg, 512, "Write cert to token failed: CreatePKCS11CertAttrsBuffer returns null");
+                              renewal_failure_found = RENEWAL_FAILURE;
+                              goto rloser;
+                          }
+                          ObjectSpec *objSpec = 
+                              ObjectSpec::ParseFromTokenData(
+				   (finalCertAttrId[0] << 24) +
+				   (finalCertAttrId[1] << 16),
+				   &b);
+                          if (objSpec == NULL) {
+                              PR_snprintf(audit_msg, 512, "Write cert to token failed: ParseFromTokenData returns null");
+                              renewal_failure_found = RENEWAL_FAILURE;
+                              goto rloser;
+                          }
+
+                          //We need to massage the fixedAttributes of this object to allow the CKA_ID value
+                          //of the original encryption cert to be available for coolkey to read.
+                          // Coolkey only deals in a one byte index 0 - n, ex: "01".
+                          // Coolkey uses the final byte of the "fixedAttributes" property of each object
+                          // to identify the object. This value needs to be the same for each cert and its
+                          // corresponding key pair. See ObjectSpec::ParseAttributes.
+
+                          if (key_type == KEY_TYPE_ENCRYPTION) {
+
+                             unsigned long currentFixedAttributes = objSpec->GetFixedAttributes();
+                             unsigned long modifiedFixedAttributes = currentFixedAttributes;
+
+                             // Here we want the original encryption cert's id number.
+                             int val = (certId[1] - '0');
+
+                             modifiedFixedAttributes &= (BYTE) 0xFFFFFFF0;
+                             modifiedFixedAttributes |=  (BYTE) val;
+                             objSpec->SetFixedAttributes(modifiedFixedAttributes);
+ 
+                             RA::Debug("RA_Enroll_Processor::ProcessRenewal", 
+                                 "original fixed Attributes %lu  modified ones %lu",
+                                 currentFixedAttributes,modifiedFixedAttributes);  
+                          }
+
+			  pkcs11objx->AddObjectSpec(objSpec);
+			} else {
+                          RA::Debug(LL_PER_CONNECTION,FN,
+                            "Not implemented");
+                          PR_snprintf(audit_msg, 512, "Write cert to token failed: pkcs11obj_enable = false not implemented");
+                          renewal_failure_found = RENEWAL_FAILURE;
+                          goto rloser;
+/*
+                          RA::Debug(LL_PER_CONNECTION,FN,
+                                  "About to create PKCS#11 certificate Attributes");
+                          rc = channel->CreatePKCS11CertAttrs(keyTypeValue, certAttrId, label, keyid);
+                          if (rc == -1) {
+                           RA::Error(LL_PER_CONNECTION,FN,
+                                  "PKCS11 Certificate attributes creation failed");
+                                  o_status = STATUS_ERROR_MAC_ENROLL_PDU;
+                                  goto rloser;
+                          }
+*/
+                        }
+
+                        spkix = &(o_cert->subjectPublicKeyInfo);
+                        if (spkix == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: subjectPublicKeyInfo is null");
+                            goto rloser;
+                        }
+                        pk_p = SECKEY_ExtractPublicKey(spkix);
+                        if (pk_p == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: ExtractPublicKey is null");
+                            goto rloser;
+                        }
+                        SECKEY_DestroySubjectPublicKeyInfo(spkix);
+
+			/* fill in keyid, modulus, and exponent */
+
+			si_mod = pk_p->u.rsa.modulus;
+			modulus = new Buffer((BYTE*) si_mod.data, si_mod.len);
+                        if (modulus == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: modulus is null");
+                            renewal_failure_found = RENEWAL_FAILURE;
+                            goto rloser;
+                        }
+			spkix = SECKEY_CreateSubjectPublicKeyInfo(pk_p);
+                        if (spkix == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: CreateSubjectPublicKeyInfo returns null");
+                            renewal_failure_found = RENEWAL_FAILURE;
+                            goto rloser;
+                        }
+
+			/* 
+			 * RFC 3279
+			 * The keyIdentifier is composed of the 160-bit SHA-1 hash of the
+			 * value of the BIT STRING subjectPublicKey (excluding the tag,
+			 * length, and number of unused bits).
+			 */
+			spkix->subjectPublicKey.len >>= 3;
+			si_kid = PK11_MakeIDFromPubKey(&spkix->subjectPublicKey);
+                        if (si_kid == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: si_kid is null");
+                            renewal_failure_found = RENEWAL_FAILURE;
+                            goto rloser;
+                        }
+			spkix->subjectPublicKey.len <<= 3;
+			SECKEY_DestroySubjectPublicKeyInfo(spkix);
+
+                        if (keyid == NULL)
+			    keyid = new Buffer((BYTE*) si_kid->data, si_kid->len);
+                        if (keyid == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: keyid is null");
+                            renewal_failure_found = RENEWAL_FAILURE;
+                            goto rloser;
+                        }
+			si_exp = pk_p->u.rsa.publicExponent;
+			exponent =  new Buffer((BYTE*) si_exp.data, si_exp.len);
+                        if (exponent == NULL) {
+                            PR_snprintf(audit_msg, 512, "Write cert to token failed: exponent is null");
+                            renewal_failure_found = RENEWAL_FAILURE;
+                            goto rloser;
+                        }
+			RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+              "Keyid, modulus and exponent have been extracted from public key");
+
+                        renewed = true;
+
+                        RA::Audit(EV_RENEWAL, AUDIT_MSG_PROC,
+                          userid != NULL ? userid : "",
+                          cuid != NULL ? cuid : "",
+                          msn != NULL ? msn : "",
+                          "success",
+                          "renewal",
+                          final_applet_version != NULL ? final_applet_version : "",
+                          keyVersion != NULL? keyVersion : "",
+                          "Cert written to token successfully");
+
+
+		    rloser:
+
+                        if( keyid != NULL ) {
+                          delete keyid;
+                          keyid = NULL;
+                        }
+			if( label != NULL ) {
+			  PL_strfree( (char *) label );
+			  label = NULL;
+			}
+                        if(renewal_failure_found == RENEWAL_FAILURE) {
+                            RA::Debug("RA_Enroll_Processor_ProcessRenewal", "A renewal in list failed other than grace period error, aborting.");
+                            goto loser;
+                        }
+                    }
+                    break;
+                  } //for
+                  if((strcmp( attr_status, "active" ) == 0) &&
+                       renewed) {
+                      char *cn = RA::ra_get_cert_cn(e);
+                      if(renewedCertUpdateCount < ( maxCertUpdate -1)) //unlikely scenario this fails 
+                          renewedCertUpdateList[renewedCertUpdateCount++] = PL_strdup(cn);
+                      // Let's hold off on the celebration until the end.
+                      // RA::ra_update_cert_status(cn, "renewed");
+                      if (cn != NULL) {
+                          PL_strfree(cn);
+                          cn = NULL;
+                      }
+                  }
+                  if( attr_status != NULL ) {
+                      PL_strfree( attr_status );
+                      attr_status = NULL;
+                  }
+            } else {
+	      r = false;
+	      o_status = STATUS_ERROR_LDAP_CONN;
+	      goto loser;
+            }
+            RA::Debug("RA_Enroll_Processor::ProcessRenewal", 
+		      "Filter to find certificates = %s", filter);
+    }
+
+loser:
+    if (strlen(audit_msg) > 0) { // a failure occurred
+        RA::Audit(EV_RENEWAL, AUDIT_MSG_PROC,
+          userid != NULL ? userid : "",
+          cuid != NULL ? cuid : "",
+          msn != NULL ? msn : "",
+          "failure",
+          "renewal",
+          final_applet_version != NULL ? final_applet_version : "",
+          keyVersion != NULL? keyVersion : "",
+          audit_msg);
+    }
+
+    //Let's wait until all the certs are processed to actually update the renewal status
+    RA::Debug("RA_Enroll_Process::ProcessRenewal","renewedCertUpdateCount %d", renewedCertUpdateCount);
+    if(renewedCertUpdateCount > 0) {
+        for(int rr = 0; rr < renewedCertUpdateCount; rr++) {
+            if(renewedCertUpdateList[rr]) {
+                if(renewal_failure_found != RENEWAL_FAILURE) {
+                    RA::Debug("RA_Enroll_Process::ProcessRenewal","updating to renewed status of cn= %s", renewedCertUpdateList[rr]);
+                    RA::ra_update_cert_status(renewedCertUpdateList[rr],"renewed");
+                }
+                PL_strfree(renewedCertUpdateList[rr]);
+                renewedCertUpdateList[rr] = NULL;
+            }
+        }
+    } else {
+        // All certs failed to renew 
+         RA::Debug("RA_Enroll_Process::ProcessRenewal","All certs failed to renew, bailing with error");
+        o_status =  STATUS_ERROR_MAC_ENROLL_PDU;
+        r = false;
+
+    }
+
+    if( pretty_cuid != NULL ) {
+        PR_Free( (char *) pretty_cuid );
+        pretty_cuid = NULL;
+    }
+    if( result != NULL ) {
+        ldap_msgfree( result );
+    }
+  
+    if( keyVersion != NULL ) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+
+    return r;
+}
+
+bool RA_Enroll_Processor::ProcessRecovery(AuthParams *login, char *reason, RA_Session *session, char **&origins, char **&ktypes,
+  char *tokenType, PKCS11Obj *pkcs11objx, int pkcs11obj_enable,
+  NameValueSet *extensions, Secure_Channel *channel, Buffer *wrapped_challenge,
+  Buffer *key_check, Buffer *plaintext_challenge, char *cuid, char *msn,
+  const char *final_applet_version, char *khex, const char *userid,
+  RA_Status &o_status, CERTCertificate **&certificates, char *lostTokenCUID,
+  int &o_certNums, char **&tokenTypes, char *origTokenType)
+{
+    bool r = true;
+    o_status = STATUS_ERROR_RECOVERY_IS_PROCESSED;
+    char keyTypePrefix[256];
+    char configname[256];
+    char filter[256];
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    char *o_pub = NULL;
+    char *o_priv = NULL;
+    const char *connid = NULL;
+    bool tksServerKeygen = false;
+    bool serverKeygen = false;
+    bool archive = false;
+    const char *pretty_cuid = NULL;
+    char audit_msg[512] = "";
+    char *keyVersion = NULL;
+    char *ivParam = NULL;
+
+    int i = 0;
+    int totalNumCerts = 0;
+    int actualCertIndex = 0; 
+    int legalScheme = 0;
+    int isGenerateandRecover = 0;
+    const char *FN="RA_Enroll_Processor::ProcessRecovery";
+
+    RA::Debug("RA_Enroll_Processor::ProcessRecovery","entering...");
+    // get key version for audit logs
+    if (channel != NULL) {
+        if( keyVersion != NULL ) {
+            PR_Free( (char *) keyVersion );
+            keyVersion = NULL;
+        }
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    PR_snprintf(configname, 256, "op.enroll.%s.keyGen.recovery.%s.keyType.num",
+      tokenType, reason);
+    int keyTypeNum = RA::GetConfigStore()->GetConfigAsInt(configname, -1);
+    if (keyTypeNum == -1) {
+        RA::Debug("RA_Enroll_Processor::ProcessRecovery", "Missing the configuration parameter for %s", configname);
+        r = false;
+        o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        goto loser;
+    }
+
+    //We will have to rifle through the configuration to see if there any recovery operations with
+    //scheme "GenerateNewKeyandRecoverLast" which allows for recovering the old key AND generating a new
+    // one for the encryption type only. If this scheme is present, the number of certs for bump by
+    // 1 for each occurance.
+
+    totalNumCerts = 0;
+    for(i = 0; i<keyTypeNum; i++) {
+        PR_snprintf(configname, 256, "op.enroll.%s.keyGen.recovery.%s.keyType.value.%d", tokenType, reason, i);
+        const char *keyTypeValue = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+
+        if (keyTypeValue == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+              "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+        }
+        PR_snprintf(configname, 256, "op.enroll.%s.keyGen.%s.recovery.%s.scheme", tokenType, keyTypeValue, reason);
+        char *scheme = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+        if (scheme == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+            "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+        }
+
+        //If we are doing "GenerateNewKeyandRecoverLast, we will create two certificates
+        //for that particular round.
+        if(PL_strcasecmp(scheme, "GenerateNewKeyandRecoverLast") == 0) {
+
+            //Make sure someone doesn't try "GenerateNewKeyandRecoverLast" with a signing key.
+
+            if(PL_strcasecmp(keyTypeValue,"encryption" ) != 0) {
+                 RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                 "Invalid config param for %s. Can't use GenerateNewKeyandRecoveLaste scheme with non encryption key",
+                 configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+            }
+            totalNumCerts ++;
+        }
+        totalNumCerts ++;
+    }
+
+    RA::Debug("RA_Enroll_Processor::ProcessRecovery","totalNumCerts %d ",totalNumCerts);
+    RA::Debug("RA_Enroll_Processor::ProcessRecovery", "keyTypenum=%d", keyTypeNum);
+
+
+    if(!(totalNumCerts > keyTypeNum)) {
+        totalNumCerts = keyTypeNum;
+    }
+
+    o_certNums = totalNumCerts;
+    certificates = (CERTCertificate **) malloc (sizeof(CERTCertificate *) * totalNumCerts);
+    ktypes = (char **) malloc (sizeof(char *) * totalNumCerts);
+    origins = (char **) malloc (sizeof(char *) * totalNumCerts);
+    tokenTypes = (char **) malloc (sizeof(char *) * totalNumCerts);
+
+    for(i = 0; i < totalNumCerts; i++) {
+        ktypes[i] = NULL;
+        origins[i] = NULL;
+        tokenTypes[i] = NULL;
+        certificates[i] = NULL;
+    }
+
+    //Iterate through number of key types. Iteration will be modified in case we have to insert extra
+    //certificates due to the "GenerateNewKeyandRecoverLast" scheme.
+
+    actualCertIndex = 0;
+    legalScheme = 0;
+    for (i=0; i<keyTypeNum; i++) {
+         RA::Debug("RA_Enroll_Processor::ProcessRecovery","Top cert loop: i %d actualCertIndex %d",i,actualCertIndex);
+        PR_snprintf(configname, 256, "op.enroll.%s.keyGen.recovery.%s.keyType.value.%d", tokenType, reason, i);
+        const char *keyTypeValue = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+
+        RA::Debug("RA_Enroll_Processor::ProcessRecovery", "keyType == %s ", keyTypeValue);
+
+        if (keyTypeValue == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+              "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+        }
+        PR_snprintf(configname, 256, "op.enroll.%s.keyGen.%s.recovery.%s.scheme", tokenType, keyTypeValue, reason);
+        char *scheme = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+        if (scheme == NULL) {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+            "Missing the configuration parameter for %s", configname);
+            r = false;
+            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+            goto loser;
+        }
+
+        // set allowable $$ config patterns
+        NameValueSet nv;
+        pretty_cuid = GetPrettyPrintCUID(cuid);
+
+        nv.Add("pretty_cuid", pretty_cuid);
+        nv.Add("cuid", cuid);
+        nv.Add("msn", msn);
+        nv.Add("userid", userid);
+        //nv.Add("profileId", profileId);
+
+        /* populate auth parameters output to nv also */
+        /* so we can reference to the auth parameter by */
+        /* using $auth.cn$, or $auth.mail$ */
+        if (login != NULL) {
+          int s = login->Size();
+          for (int x = 0; x < s; x++) {
+             char namebuf[2048];
+             char *name = login->GetNameAt(x);
+             sprintf(namebuf, "auth.%s", name);
+             nv.Add(namebuf, login->GetValue(name));
+          }
+        }
+        //Check for the special scheme where we generate a new cert and 
+        //recover the last one.
+
+        if(PL_strcasecmp(scheme, "GenerateNewKeyandRecoverLast") == 0)  {
+            isGenerateandRecover = 1;
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+                "Scheme %s: GenerateNewKeyandRecoverLast case!",scheme); 
+        } else {
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+                "Scheme %s: Not GenerateNewKeyandRecoverLast case!",scheme);
+            isGenerateandRecover = 0;
+        }
+        
+        if ((PL_strcasecmp(scheme, "GenerateNewKey") == 0) || isGenerateandRecover) {
+            legalScheme = 1;
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", "Generate new key for %s", keyTypeValue);
+            r = GenerateCertificate(login, keyTypeNum, keyTypeValue, actualCertIndex, session, origins, ktypes, tokenType,
+              pkcs11objx, pkcs11obj_enable, extensions, channel, wrapped_challenge,
+              key_check, plaintext_challenge, cuid, msn, final_applet_version,
+              khex, userid, o_status, certificates);
+            tokenTypes[actualCertIndex] = PL_strdup(tokenType);
+            if (o_status == STATUS_NO_ERROR)
+                o_status = STATUS_ERROR_RECOVERY_IS_PROCESSED;
+        } 
+
+        if ((PL_strcasecmp(scheme, "RecoverLast") == 0) || isGenerateandRecover) {
+            RA::Debug("RA_Enroll_Processor::RecoverLast", "Recover the key for %s", keyTypeValue);
+            // Special case for GenerateandRecover scenario.
+
+            legalScheme = 1;
+            if(isGenerateandRecover) {
+                RA::Debug("RA_Enroll_Processor::RecoverLast", 
+                    "Generate extra recoverd cert for GenerateNewKeyandRecoverLast");
+
+                actualCertIndex ++;
+            }
+            PR_snprintf(filter, 256, "(&(tokenKeyType=%s)(tokenID=%s))",
+              keyTypeValue, lostTokenCUID);       
+            int rc = RA::ra_find_tus_certificate_entries_by_order_no_vlv(filter,
+              &result, 1);
+ 
+            tokenTypes[actualCertIndex] = PL_strdup(origTokenType);
+            char **attr = (char **) malloc (sizeof(char *) * totalNumCerts);
+            if (rc == LDAP_SUCCESS) {
+                // retrieve the most recent certificate, we just recover the most
+                // recent one
+                e = RA::ra_get_first_entry(result);
+                if (e != NULL) {
+                    CERTCertificate **certs = RA::ra_get_certificates(e);
+                    if (certs[0] != NULL) {
+                        RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                          "Certificate used to restore the private key");
+                        PR_snprintf(configname, 256, 
+                          "op.enroll.%s.keyGen.%s.serverKeygen.drm.conn", tokenType, keyTypeValue);
+                        const char *drmconnid = RA::GetConfigStore()->GetConfigAsString(configname);
+                        if (drmconnid == NULL) {
+                            RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                              "Missing the configuration parameter for %s", configname);
+                              r = false;
+                            o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+                            PR_snprintf(audit_msg, 512, "Key Recovery failed. Missing the configuration parameter for %s", configname);
+                            goto loser;
+                        }
+       
+			RA::Debug("RA_Enroll_Processor::ProcessRecovery", "begin recovery code");
+
+			SECKEYPublicKey *pk_p = NULL;
+			SECItem si_mod;
+			Buffer *modulus=NULL;
+			SECItem *si_kid = NULL;
+			Buffer *keyid=NULL;
+			SECItem si_exp;
+			Buffer *exponent=NULL;
+	CERTSubjectPublicKeyInfo*  spkix = NULL;
+
+                        //Now we have to get the original config params for the encryption cert and keys
+
+                        //XXX these attr functions shouldn't take config params
+                        PR_snprintf(keyTypePrefix, 256, "op.enroll.%s.keyGen.encryption", tokenType);
+
+                        PR_snprintf((char *)configname, 256, "%s.keySize", keyTypePrefix);
+                        int keysize = RA::GetConfigStore()->GetConfigAsInt(configname, 1024);
+
+                        PR_snprintf((char *)configname, 256, "%s.keyUsage", keyTypePrefix);
+                        int keyUsage = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+                        PR_snprintf((char *)configname, 256, "%s.keyUser", keyTypePrefix);
+                        int keyUser = RA::GetConfigStore()->GetConfigAsInt(configname, 0);
+
+                        PR_snprintf((char *)configname, 256, "%s.certId",keyTypePrefix);
+
+                        const char *origCertId = RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+ 
+                        //actually adjust the crucial values based on this extra certificate
+                        //being generated.
+
+                        int highestCertId = 0;
+                        int newCertId = 0;
+                        if(isGenerateandRecover) {
+                           //find highest cert id number.
+                           for(int j=0; j < keyTypeNum; j++) {
+                               PR_snprintf((char *)configname, 256,"%s.certId", keyTypePrefix); 
+                               const char *cId = RA::GetConfigStore()->GetConfigAsString(configname, "C0");
+                               int id_int = 0;
+                               if(cId)  {
+                                   id_int = cId[1] - '0';
+                               }
+
+                               if (id_int > highestCertId)
+                                   highestCertId = id_int;
+                           }
+                           highestCertId++; 
+                        } else {
+                           highestCertId = origCertId[1] - '0';
+                        }
+
+                        newCertId = highestCertId;
+
+                        RA::Debug("RA_Enroll_Processor::ProcessRecovery","Calculated new CertID %d.",newCertId);
+
+                        char certId[3];
+                        char certAttrId[3];
+                        char privateKeyAttrId[3];
+                        char publicKeyAttrId[3];
+                        int pubKeyNumber=0;
+                        int priKeyNumber=0;
+                       
+                        certId[0] = 'C';
+                        certId[1] = '0' + newCertId;
+                        certId[2] = 0;
+
+                        certAttrId[0] = 'c';
+                        certAttrId[1] = '0' + newCertId;
+                        certAttrId[2] = 0;
+ 
+			pubKeyNumber = 2 * newCertId + 1;
+			priKeyNumber = 2 * newCertId;
+
+			privateKeyAttrId[0] = 'k';
+                        privateKeyAttrId[1] = '0' + priKeyNumber;
+                        privateKeyAttrId[2] = 0;
+
+			publicKeyAttrId[0] = 'k';
+                        publicKeyAttrId[1] = '0' + pubKeyNumber;
+                        publicKeyAttrId[2] = 0;
+
+                        RA::Debug(
+                         "RA_Enroll_Processor::ProcessRecovery",
+                         "certId %s certAttrId %s privateKeyAttrId %s publicKeyAtrId %s priKeyNum %d pubKeyNum %d",
+                          certId,certAttrId,privateKeyAttrId,publicKeyAttrId,priKeyNumber, pubKeyNumber);
+
+            PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.label", 
+		            OP_PREFIX, tokenType, keyTypeValue);
+            RA::Debug(LL_PER_CONNECTION,FN,
+		        "label '%s'", configname);
+            const char *pattern = RA::GetConfigStore()->GetConfigAsString(configname);
+			const char* label = MapPattern(&nv, (char *) pattern);
+
+			BYTE objid[4];
+
+			objid[0] = 0xFF;
+			objid[1] = 0x00;
+			objid[2] = 0xFF;
+			objid[3] = 0xF3;
+
+			char *tmp_c = NULL;
+			if (certs[0] != NULL) {
+			  tmp_c = NSSBase64_EncodeItem(0, 0, 0, &(certs[0]->derCert));
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after NSSBase64_EncodeItem");
+			} else {
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "no cert!!");
+                          PR_snprintf(audit_msg, 512, "Key Recovery failed. no cert");
+			  goto rloser;
+			}
+
+			if ((tmp_c == NULL) || (strcmp(tmp_c,"")==0)) {
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "NSSBase64_EncodeItem failed");
+                          PR_snprintf(audit_msg, 512, "Key Recovery failed. NSSBase64_EncodeItem failed");
+			  goto rloser;
+			}
+			RA::Debug("RA_Enroll_Processor::ProcessRecovery", "NSSBase64_EncodeItem succeeded");
+			attr[0] = PL_strdup(tmp_c);
+			RA::Debug("RA_Enroll_Processor::ProcessRecovery", "b64 encoded cert =%s",attr[0]);
+
+                         if( newCertId > 9) {
+
+                            RA::Debug(LL_PER_CONNECTION,FN,
+                                "RA_Enroll_Processor::ProcessRecovery","Possible misconfiguration or out of sync token!");
+                                PR_snprintf(audit_msg, 512,
+                                    "Renewal of cert failed, misconfiguration or out of sync token!");
+                                goto rloser;
+                        }
+	
+                        // get serverKeygen and archive, check if they are enabled.
+                        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.serverKeygen.enable", 
+		          OP_PREFIX, tokenType, keyTypeValue);
+                        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	                  "looking for config %s", configname);
+                        serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, 0);
+                        PR_snprintf((char *)configname, 256, "%s.%s.keyGen.%s.serverKeygen.archive",
+                          OP_PREFIX, tokenType, keyTypeValue);
+                        RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+	                  "looking for config %s", configname);
+                        archive = RA::GetConfigStore()->GetConfigAsBool(configname, 0);
+			PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+			connid = RA::GetConfigStore()->GetConfigAsString(configname);
+                        tksServerKeygen = false;
+                        if (connid != NULL) {
+                            PR_snprintf((char *)configname, 256, "conn.%s.serverKeygen", connid);
+                            tksServerKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, 0);
+                        } else {
+			    r = false;
+			    o_status = STATUS_ERROR_NO_TKS_CONNID;
+                            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery", "Missing tks.connid");
+                            PR_snprintf(audit_msg, 512, "Key Recovery failed. Missing tks.connid");
+			    goto rloser;
+                        }
+                        
+                        if (tksServerKeygen && archive && serverKeygen) {
+                            RA::RecoverKey(session, lostTokenCUID, userid, 
+				                           channel->getDrmWrappedDESKey(),
+				                           attr[0], &o_pub, &o_priv,
+				                           (char *)drmconnid,&ivParam);
+                        } else {
+			    r = false;
+			    o_status = STATUS_ERROR_KEY_ARCHIVE_OFF;
+                            RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery", "Archival is turned off");
+                            PR_snprintf(audit_msg, 512, "Key Recovery failed. Archival is turned off");
+			    goto rloser;
+                        }
+
+			if (o_pub == NULL) {
+			  RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::DoEnrollment()", "RecoverKey called, o_pub is NULL");
+			  r = false;
+			  o_status = STATUS_ERROR_RECOVERY_FAILED;
+                          PR_snprintf(audit_msg, 512, "Key Recovery failed. o_pub is NULL");
+			  goto rloser;
+			} else
+			  RA::Debug(LL_PER_PDU, "DoEnrollment", "o_pub = %s", o_pub);
+
+                       
+			if (o_priv == NULL) {
+			  RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::DoEnrollment()", "RecoverKey called, o_priv is NULL");
+			  /* XXX
+			     r = false;
+			     o_status = STATUS_ERROR_RECOVERY_FAILED;
+			     goto rloser;
+			  */
+			} else
+			  RA::Debug(LL_PER_PDU, "DoEnrollment", "o_priv = %s", o_priv);
+
+                        if (ivParam == NULL) {
+                            RA::Debug(LL_PER_CONNECTION,"RA_Enroll_Processor::ProcessRecovery",
+                            "ProcessRecovery called, ivParam is NULL");
+                             r = false;
+                             o_status = STATUS_ERROR_RECOVERY_FAILED;
+                             PR_snprintf(audit_msg, 512, "RA_Enroll_Processor::ProcessRecovery called, ivParam is NULL");
+                             goto rloser;
+                        } else {
+                           RA::Debug(LL_PER_CONNECTION,"ProcessRecovery",
+                            "ivParam = %s", ivParam);
+                        }
+                       
+			RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::ProcessRecovery()", "key injection for RecoverKey occurs here");
+			/*
+			 * the following code converts b64-encoded public key info into SECKEYPublicKey
+			 */
+			SECStatus rv;
+			SECItem der;
+			CERTSubjectPublicKeyInfo*  spki;
+               
+			der.type = (SECItemType) 0; /* initialize it, since convertAsciiToItem does not set it */
+			rv = ATOB_ConvertAsciiToItem (&der, o_pub);
+			if (rv != SECSuccess){
+			  RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key, rv is failure");
+			  SECITEM_FreeItem(&der, PR_FALSE);
+			  r = false;
+			  o_status = STATUS_ERROR_RECOVERY_FAILED;
+                          PR_snprintf(audit_msg, 512, "Key Recovery failed. after converting public key, rv is failure");
+			  goto rloser;
+			}else {
+			  RA::Debug(LL_PER_PDU, "ProcessRecovery", "item len=%d, item type=%d",der.len, der.type);
+
+			  spki = SECKEY_DecodeDERSubjectPublicKeyInfo(&der);
+			  SECITEM_FreeItem(&der, PR_FALSE);
+
+			  if (spki != NULL) {
+			    RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key spki is not NULL");
+			    pk_p = SECKEY_ExtractPublicKey(spki);
+			    if (pk_p != NULL)
+			      RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key pk_p is not NULL");
+			    else
+			      RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key, pk_p is NULL");
+			  } else
+			    RA::Debug("RA_Enroll_Processor::ProcessRecovery", "after converting public key, spki is NULL");
+
+			}
+			SECKEY_DestroySubjectPublicKeyInfo(spki);
+
+			if( pk_p == NULL ) {
+			    RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                          "pk_p is NULL; unable to continue");
+			    r = false;
+			    o_status = STATUS_ERROR_RECOVERY_FAILED;
+                            PR_snprintf(audit_msg, 512, "Key Recovery failed. pk_p is NULL; unable to continue");
+			    goto rloser;
+            }
+
+                        // XXX - Add serial number and public key to audit log 
+                        //get serial number for audit log
+                        //char msg[2048];
+                        //RA::ra_tus_print_integer(msg, &certs[0]->serialNumber);
+
+                        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+                          userid != NULL ? userid : "",
+                          cuid != NULL ? cuid : "",
+                          msn != NULL ? msn : "",
+                          "success",
+                          "enrollment",
+                          final_applet_version != NULL ? final_applet_version : "",
+                          keyVersion != NULL? keyVersion : "",
+                          "key recovered successfully");
+
+
+			/* fill in keyid, modulus, and exponent */
+
+			si_mod = pk_p->u.rsa.modulus;
+			modulus = new Buffer((BYTE*) si_mod.data, si_mod.len);
+
+			spkix = SECKEY_CreateSubjectPublicKeyInfo(pk_p);
+
+			/* 
+			 * RFC 3279
+			 * The keyIdentifier is composed of the 160-bit SHA-1 hash of the
+			 * value of the BIT STRING subjectPublicKey (excluding the tag,
+			 * length, and number of unused bits).
+			 */
+			spkix->subjectPublicKey.len >>= 3;
+			si_kid = PK11_MakeIDFromPubKey(&spkix->subjectPublicKey);
+			spkix->subjectPublicKey.len <<= 3;
+			SECKEY_DestroySubjectPublicKeyInfo(spkix);
+
+			keyid = new Buffer((BYTE*) si_kid->data, si_kid->len);
+			si_exp = pk_p->u.rsa.publicExponent;
+			exponent =  new Buffer((BYTE*) si_exp.data, si_exp.len);
+
+			RA::Debug(LL_PER_PDU, "RA_Enroll_Processor::Process",
+				  " keyid, modulus and exponent are retrieved");
+
+                        ktypes[actualCertIndex] = PL_strdup(keyTypeValue);
+                        // We now store the token id of the original token
+                        // that generates this certificate so we can
+                        // tell if the certificate should be operated
+                        // on or not during formation operation
+                        origins[actualCertIndex] = PL_strdup(lostTokenCUID);
+                        certificates[actualCertIndex] = certs[0];
+
+
+			// Create KeyBlob for private key, but first b64 decode it
+			/* url decode o_priv */
+			{
+			  Buffer priv_keyblob;
+			  Buffer *decodeKey = Util::URLDecode(o_priv);
+			  //RA::DebugBuffer("cfu debug"," private key =",decodeKey);
+			  priv_keyblob =
+			    Buffer(1, 0x01) + // encryption
+			    Buffer(1, 0x09)+ // keytype is RSAPKCS8Pair
+			    Buffer(1,(BYTE)(keysize/256)) + // keysize is two bytes
+			    Buffer(1,(BYTE)(keysize%256)) +
+			    Buffer((BYTE*) *decodeKey, decodeKey->size());
+			  delete decodeKey;
+
+			  //inject PKCS#8 private key
+			  BYTE perms[6];
+
+			  perms[0] = 0x40;
+			  perms[1] = 0x00;
+			  perms[2] = 0x40;
+			  perms[3] = 0x00;
+			  perms[4] = 0x40;
+			  perms[5] = 0x00;
+
+			  if (channel->CreateObject(objid, perms, priv_keyblob.size()) != 1) {
+			    r = false;
+                            PR_snprintf(audit_msg, 512, "Failed to write key to token. CreateObject failed.");
+			    goto rloser;
+			  }
+
+			  if (channel->WriteObject(objid, (BYTE*)priv_keyblob, priv_keyblob.size()) != 1) {
+			    r = false;
+                            PR_snprintf(audit_msg, 512, "Failed to write key to token. WriteObject failed.");
+			    goto rloser;
+			  }
+			}
+
+			/* url decode the wrapped kek session key and keycheck*/
+			{
+			  Buffer data;
+			  /*
+			    RA::Debug(LL_PER_PDU, "", "getKekWrappedDESKey() returns =%s", channel->getKekWrappedDESKey());
+			    RA::Debug(LL_PER_PDU, "", "getKeycheck() returns =%s", channel->getKeycheck());
+			  */
+			  Buffer *decodeKey = Util::URLDecode(channel->getKekWrappedDESKey());
+
+			  /*
+			    RA::Debug(LL_PER_PDU, "", "des key item len=%d",
+			    decodeKey->size());
+			    RA::DebugBuffer("cfu debug", "DES key =", decodeKey);
+			  */
+			  char *keycheck = channel->getKeycheck();
+			  Buffer *decodeKeyCheck = Util::URLDecode(keycheck);
+			  if (keycheck)
+			    PL_strfree(keycheck);
+
+			  /*
+			    RA::Debug(LL_PER_PDU, "", "keycheck item len=%d",
+			    decodeKeyCheck->size());
+			    RA::DebugBuffer("cfu debug", "key check=", decodeKeyCheck);
+			  */
+
+                          BYTE alg = 0x80;
+                          if(decodeKey && decodeKey->size()) {
+                              alg = 0x81;
+                          }
+
+                          //Get iv data returned by DRM
+
+                          Buffer *iv_decoded = Util::URLDecode(ivParam);
+                          if (ivParam) {
+                             PL_strfree(ivParam);
+                          }
+
+                          if(iv_decoded == NULL) {
+                             r = false;
+                             PR_snprintf(audit_msg, 512, "ProcessRecovery: store keys in token failed, iv data not found");
+                             delete decodeKey;
+                             delete decodeKeyCheck;
+                             goto rloser;
+                          }
+
+			  data =
+			    Buffer((BYTE*)objid, 4)+ // object id
+                            Buffer(1,alg) +
+			    //Buffer(1, 0x08) + // key type is DES3: 8
+			    Buffer(1, (BYTE) decodeKey->size()) + // 1 byte length
+			    Buffer((BYTE *) *decodeKey, decodeKey->size())+ // key -encrypted to 3des block
+			    // check size
+			    // key check
+			    Buffer(1, (BYTE) decodeKeyCheck->size()) + //keycheck size
+			    Buffer((BYTE *) *decodeKeyCheck , decodeKeyCheck->size())+ // keycheck
+                            Buffer(1, iv_decoded->size())+ // IV_Length
+                            Buffer((BYTE*)*iv_decoded, iv_decoded->size());
+
+			    //RA::DebugBuffer("cfu debug", "ImportKeyEnc data buffer =", &data);
+
+			  delete decodeKey;
+			  delete decodeKeyCheck;
+                          delete iv_decoded;
+
+			  if (channel->ImportKeyEnc((keyUser << 4)+priKeyNumber,
+						    (keyUsage << 4)+pubKeyNumber, &data) != 1) {
+			    r = false;
+                            PR_snprintf(audit_msg, 512, "Failed to write key to token. ImportKeyEnc failed.");
+			    goto rloser;
+			  }
+			}
+
+			{
+			  Buffer *certbuf = new Buffer(certs[0]->derCert.data, certs[0]->derCert.len);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (certId[0] << 24) +
+							   (certId[1] << 16),
+							   certbuf);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+			{
+			  Buffer b = channel->CreatePKCS11CertAttrsBuffer(
+									  KEY_TYPE_ENCRYPTION , certAttrId, label, keyid);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (certAttrId[0] << 24) +
+							   (certAttrId[1] << 16),
+							   &b);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+
+			{
+			  Buffer b = channel->CreatePKCS11PriKeyAttrsBuffer(KEY_TYPE_ENCRYPTION, 
+									    privateKeyAttrId, label, keyid, modulus, OP_PREFIX, 
+									    tokenType, keyTypePrefix);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (privateKeyAttrId[0] << 24) +
+							   (privateKeyAttrId[1] << 16),
+							   &b);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+
+			{
+			  Buffer b = channel->CreatePKCS11PubKeyAttrsBuffer(KEY_TYPE_ENCRYPTION, 
+									    publicKeyAttrId, label, keyid, 
+									    exponent, modulus, OP_PREFIX, tokenType, keyTypePrefix);
+			  ObjectSpec *objSpec = 
+			    ObjectSpec::ParseFromTokenData(
+							   (publicKeyAttrId[0] << 24) +
+							   (publicKeyAttrId[1] << 16),
+							   &b);
+			  pkcs11objx->AddObjectSpec(objSpec);
+			}
+
+                        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+                          userid != NULL ? userid : "",
+                          cuid != NULL ? cuid : "",
+                          msn != NULL ? msn : "",
+                          "success",
+                          "enrollment",
+                          final_applet_version != NULL ? final_applet_version : "",
+                          keyVersion != NULL? keyVersion : "",
+                          "key written to token successfully");
+
+		    rloser:
+
+			if( modulus != NULL ) {
+			  delete modulus;
+			  modulus = NULL;
+			}
+			if( keyid != NULL ) {
+			  delete keyid;
+			  keyid = NULL;
+			}
+			if( exponent != NULL ) {
+			  delete exponent;
+			  exponent = NULL;
+			}
+			if( attr[0] != NULL ) {
+			  PR_Free(attr[0]);
+			  attr[0] = NULL;
+			}
+			if( o_pub != NULL ) {
+			  PR_Free(o_pub);
+			  o_pub = NULL;
+			}
+
+			if (o_priv !=NULL) {
+			  PR_Free(o_priv);
+			  o_priv = NULL;
+			}
+
+			if( si_kid != NULL ) {
+			  SECITEM_FreeItem( si_kid, PR_TRUE );
+			  si_kid = NULL;
+			}
+			if( label != NULL ) {
+			  PL_strfree( (char *) label );
+			  label = NULL;
+			}
+
+                    }
+                }
+            } else {
+	      r = false;
+	      o_status = STATUS_ERROR_LDAP_CONN;
+	      goto loser;
+            }
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+		      "Filter to find certificates = %s", filter);
+            RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+		      "Recover key for %s", keyTypeValue);
+
+           //Unrevoke this successfully recovered certificate
+           if ( o_status == STATUS_ERROR_RECOVERY_IS_PROCESSED && e != NULL) {
+               char *statusString = NULL;
+               int statusNum = UnrevokeRecoveredCert(e, statusString);
+
+               // Error from the CA log and get out
+               if (statusNum != 0) {
+                       r = false;
+                       o_status =  STATUS_ERROR_RECOVERY_FAILED;
+                       if (statusString == NULL || strlen(statusString) == 0) {
+                           statusString = PL_strdup("Unknown Key Recovery Error.");
+                       }
+                       RA::Debug("RA_Enroll::Prcessor::ProcessRecovery", "Unrevoke statusString: %s",statusString);
+                       PR_snprintf(audit_msg, 512, "Key Recovery failed. Can not unrevoke recovered certificate! %s",statusString);
+                       if (statusString) {
+                           PL_strfree(statusString);
+                       }
+                       goto loser;
+                }
+
+                if (statusString) {
+                   PL_strfree(statusString);
+                } 
+           }  
+        }
+        if( !legalScheme)  {
+	      RA::Debug("RA_Enroll_Processor::ProcessRecovery", 
+		    "Misconfigure parameter for %s", configname);
+	      r = false;
+	      o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+	      goto loser;
+        }
+
+        actualCertIndex++;
+         RA::Debug("RA_Enroll_Processor::ProcessRecovery","leaving cert loop... ");
+    }
+
+ loser:
+    if (strlen(audit_msg) > 0) { // a failure occurred
+        RA::Audit(EV_ENROLLMENT, AUDIT_MSG_PROC,
+          userid != NULL ? userid : "",
+          cuid != NULL ? cuid : "",
+          msn != NULL ? msn : "",
+          "failure",
+          "enrollment",
+          final_applet_version != NULL ? final_applet_version : "",
+          keyVersion != NULL? keyVersion : "",
+          audit_msg);
+    }
+
+    if( pretty_cuid != NULL ) {
+        PR_Free( (char *) pretty_cuid );
+        pretty_cuid = NULL;
+    }
+    if( result != NULL ) {
+        ldap_msgfree( result );
+    }
+
+    
+     RA::Debug("RA_Enroll_Processor::ProcessRecovery","leaving whole function...");
+    return r;
+}
+
+int RA_Enroll_Processor::DoPublish(const char *cuid,SECItem *encodedPublicKeyInfo,Buffer *cert,const char *publisher_id,char *applet_version)
+{
+
+        int res = 0;
+
+        CERTCertificate *certObj = NULL;
+		const char *FN="DoPublish";
+
+        unsigned char *public_key_data = NULL;
+        int public_key_len = 0;
+        PRTime not_before,not_after;
+
+        // 1980 epoch offset
+
+        PRTime ul_1980 = ((365 * 10 + 2) * 86400);
+
+
+        if(! encodedPublicKeyInfo)
+        {
+            return 0;
+        }
+
+
+        RA::Debug(LL_PER_CONNECTION,FN, "1980 epoch offset %u ",ul_1980);
+
+        PRUint32  ul_not_before, ul_not_after;
+
+        int key_type =  1;    
+
+        RA::Debug(LL_PER_CONNECTION,FN, "We got a public key back. Now attempt publish operation.");
+
+        public_key_data = encodedPublicKeyInfo->data;
+        public_key_len = encodedPublicKeyInfo->len;
+
+        unsigned long applet_version_long =  0;
+
+        char *end = NULL;
+
+        if(applet_version)
+        {
+            applet_version_long = (unsigned long) strtol((const char *)applet_version,&end,16);
+        }
+        if(cuid)
+        {
+            RA::Debug(LL_PER_CONNECTION,FN,
+				"cuid %s public_key_len %ud",cuid,public_key_len);
+
+        }
+        if(cert)
+        {
+            RA::Debug(LL_PER_CONNECTION,FN,
+				"cert.size() %ld. cert %s",cert->size(),(char *) (BYTE *) cert);
+
+            certObj = CERT_DecodeCertFromPackage((char *) cert->string(), (int) cert->size());
+        }
+        RA::Debug(LL_PER_CONNECTION,FN,
+				"certObj %p.",certObj);
+
+        if(certObj && cuid != NULL)
+        {
+             RA::Debug(LL_PER_CONNECTION,FN,
+				 "We got pointer to Certificate data.");
+             CERT_GetCertTimes (certObj, &not_before, &not_after);
+
+             ul_not_before = ( PRUint32 )( not_before/1000000 );
+             ul_not_after = ( PRUint32 )( not_after/1000000 );
+
+             RA::Debug(LL_PER_CONNECTION,FN,
+				"Cert date not_before %u not_after %u.",ul_not_before,ul_not_after);
+
+              // Convert to 1980 epoch time
+
+              ul_not_before -= (PRUint32) ul_1980;
+              ul_not_after  -= (PRUint32) ul_1980;
+
+
+              RA::Debug(LL_PER_CONNECTION,FN,
+					"Cert date, after 1980 translation, not_before %ul not_after %ul.",ul_not_before,ul_not_after);
+
+
+              PublisherEntry *publish = RA::getPublisherById(publisher_id);
+
+              if(publish != NULL)
+              {
+                  RA::Debug(LL_PER_CONNECTION,FN,
+						"publisher %s ",publish->id);
+              }
+              else
+              {
+                   RA::Debug(LL_PER_CONNECTION,FN,
+						"publisher %s not found ",publisher_id);
+
+              }
+
+              res = 0;
+              if(publish && publish->publisher  )
+              {
+                  IPublisher *pb = publish->publisher;
+                  RA::Debug(LL_PER_CONNECTION,FN,
+					"publisher %p ",pb);
+                  res = pb->publish((unsigned char *) cuid,(int) strlen(cuid),(long) key_type,(unsigned char *) public_key_data,(int) public_key_len,(unsigned long)ul_not_before,(unsigned long) ul_not_after,applet_version_long,applet_version_long - ul_1980);
+
+              }
+              if(!res)
+              {
+                   RA::Debug(LL_PER_CONNECTION,FN,
+						"Publish failed.");
+              }
+              else
+              {
+                    RA::Debug(LL_PER_CONNECTION,FN,
+						"Publish success.");
+              }
+        }
+        else
+        {
+            RA::Debug(LL_PER_CONNECTION,FN,
+					"No Publish failed Either cuid or certObj is NULL.");
+        }
+
+        if(certObj)
+        {
+
+            CERT_DestroyCertificate(certObj);
+        }
+        return res;
+}
+
+int RA_Enroll_Processor::GetNextFreeCertIdNumber(PKCS11Obj *pkcs11objx)
+{
+    if(!pkcs11objx)
+        return 0;
+
+    //Look through the objects actually currently on the token
+    //to determine an appropriate free certificate id
+
+     int num_objs = pkcs11objx->PKCS11Obj::GetObjectSpecCount();
+    char objid[2];
+
+    int highest_cert_id = 0;
+    for (int i = 0; i< num_objs; i++) {
+        ObjectSpec* os = pkcs11objx->GetObjectSpec(i);
+        unsigned long oid = os->GetObjectID();
+        objid[0] = (char)((oid >> 24) & 0xff);
+        objid[1] = (char)((oid >> 16) & 0xff);
+
+        if(objid[0] == 'C') { //found a certificate
+
+            int id_int = objid[1] - '0';
+
+            if(id_int > highest_cert_id) {
+                highest_cert_id = id_int;
+            }
+          }
+    }
+
+    RA::Debug(LL_PER_CONNECTION,
+                                  "RA_Enroll_Processor::GetNextFreeCertIdNumber",
+                                   "returning id number: %d", highest_cert_id + 1);
+    return highest_cert_id + 1;
+}
+
+//Unrevoke a cert that has been recovered
+int RA_Enroll_Processor::UnrevokeRecoveredCert(const LDAPMessage *e, char *&statusString)
+{
+    char configname[256];
+    CertEnroll certEnroll;
+    //Default to error return
+    int statusNum = 0;
+    char serial[100]="";
+
+    RA::Debug("RA_Enroll_Processor::ProcessRecovery",
+                      "About to unrevoke recovered certificate.");
+
+    if (e == NULL) {
+        return 1;
+    }
+
+    char *attr_serial= RA::ra_get_cert_serial( (LDAPMessage *) e );
+    char *attr_tokenType = RA::ra_get_cert_tokenType( (LDAPMessage *) e );
+    char *attr_keyType = RA::ra_get_cert_type( (LDAPMessage *) e );
+
+    // does the config say we have to revoke this cert?
+    PR_snprintf( ( char * ) configname, 256,
+                  "op.enroll.%s.keyGen.%s.recovery."
+                  "onHold.revokeCert",
+                  attr_tokenType, attr_keyType );
+
+    RA::Debug("RA_Enroll_Processor::UnrevokeRecoveredCert",
+        "Recovered Cert Unrevoke config value %s \n", configname);
+    bool revokeCert = RA::GetConfigStore()->
+        GetConfigAsBool( configname, false );
+    if( revokeCert ) {
+        // Assume the worst
+        statusNum = 1;
+        // Get the conn to the CA
+        PR_snprintf( ( char * ) configname, 256,
+                     "op.enroll.%s.keyGen.%s.ca.conn",
+                     attr_tokenType, attr_keyType );
+
+        char *connid = ( char * )
+             RA::GetConfigStore()->
+                 GetConfigAsString( configname );
+
+        if (connid) {
+            PR_snprintf( serial, 100, "0x%s", attr_serial );
+
+            //Actually make call to the CA to unrevoke
+            statusNum = certEnroll.UnrevokeCertificate(serial, connid, statusString);
+
+            RA::Debug("RA_Enroll_Processor::UnrevokeRecoveredCert",
+               "Recovered Cert statusNum %d statusString %s \n", statusNum, statusString);
+       } 
+    }
+
+    if (attr_serial) {
+        PL_strfree(attr_serial);
+    }
+
+    if (attr_tokenType) {
+        PL_strfree(attr_tokenType);
+    }
+
+    if (attr_keyType) {
+        PL_strfree(attr_keyType);
+    }
+    return statusNum;
+}
+
+void PrintPRTime(PRTime theTime, const char *theName)
+{
+  struct tm t;
+  PRExplodedTime explode;
+  char buffer[256];
+
+  if(!theName)
+      return;
+  
+  PR_ExplodeTime (theTime, PR_LocalTimeParameters, &explode);
+  
+  t.tm_sec = explode.tm_sec;
+  t.tm_min = explode.tm_min;
+  t.tm_hour = explode.tm_hour;
+  t.tm_mday = explode.tm_mday;
+  t.tm_mon = explode.tm_month;
+  t.tm_year = explode.tm_year - 1900;
+  t.tm_wday = explode.tm_wday;
+  t.tm_yday = explode.tm_yday;
+  
+  PL_strncpy(buffer, asctime (&t), 256);
+  buffer[256 - 1] = 0;
+ 
+  RA::Debug("PrintPRTime","Date/Time: %s %s",theName,buffer); 
+}
diff --git a/pki/base/tps/src/processor/RA_Format_Processor.cpp b/pki/base/tps/src/processor/RA_Format_Processor.cpp
new file mode 100644
index 000000000..b09a7495b
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Format_Processor.cpp
@@ -0,0 +1,70 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "main/Util.h"
+#include "engine/RA.h"
+#include "channel/Secure_Channel.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Format_Processor.h"
+#include "cms/CertEnroll.h"
+#include "httpClient/httpc/response.h"
+#include "main/Memory.h"
+#include "tus/tus_db.h"
+#include "ldap.h"
+
+#define OP_PREFIX "op.format"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a processor for handling upgrade operation.
+ */
+TPS_PUBLIC RA_Format_Processor::RA_Format_Processor ()
+{
+}
+
+/**
+ * Destructs upgrade processor.
+ */
+TPS_PUBLIC RA_Format_Processor::~RA_Format_Processor ()
+{
+}
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Format_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    bool skip_auth = false;
+    return Format(session,extensions,skip_auth);
+}
diff --git a/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
new file mode 100644
index 000000000..07c1b6e76
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Pin_Reset_Processor.cpp
@@ -0,0 +1,953 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/Util.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "channel/Secure_Channel.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Pin_Reset_Processor.h"
+#include "main/Memory.h"
+#include "tus/tus_db.h"
+#define OP_PREFIX "op.pinReset"
+static const char *expected_version = NULL;
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a processor for hanlding pin reset operation.
+ */
+TPS_PUBLIC RA_Pin_Reset_Processor::RA_Pin_Reset_Processor()
+{
+}
+
+/**
+ * Destructs pin reset processor.
+ */
+TPS_PUBLIC RA_Pin_Reset_Processor::~RA_Pin_Reset_Processor()
+{
+}
+
+/**
+ * Process the current session.
+ */
+TPS_PUBLIC RA_Status RA_Pin_Reset_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    struct berval **tokenOwner=NULL;
+    char configname[256];
+    const char *tokenType = NULL;
+    char *cuid = NULL;
+    const char *msn = NULL;
+    PRIntervalTime start, end;
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    AuthParams *login = NULL;
+    Secure_Channel *channel = NULL;
+    char *new_pin = NULL;
+    unsigned int minlen = 0, maxlen = 0;
+    const char *applet_dir;
+    bool upgrade_enc = false;
+    SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_CARDMGR_INSTANCE_AID,
+		    RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_NETKEY_INSTANCE_AID,
+		    RA::CFG_DEF_NETKEY_INSTANCE_AID);
+
+    int i;
+    Buffer key_data_set;
+    Buffer *token_status = NULL;
+    Buffer *buildID = NULL;
+    char *policy = NULL; 
+    char *tmp_policy = NULL; 
+    const char* required_version = NULL;
+    const char *appletVersion = NULL;
+    const char *final_applet_version = NULL;
+    char *keyVersion = PL_strdup( "" );
+    const char *userid = PL_strdup( "" );
+    BYTE major_version = 0x0;
+    BYTE minor_version = 0x0;
+    BYTE app_major_version = 0x0;
+    BYTE app_minor_version = 0x0;
+    char *token_userid = NULL;
+
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    Buffer token_cuid;
+    Buffer token_msn;
+    const char *connId = NULL;
+    const char *connid = NULL;
+    const char *tksid = NULL;
+    const char *authid = NULL;
+    AuthParams *authParams = NULL;
+    start = PR_IntervalNow();
+    Buffer *cplc_data = NULL;
+    char activity_msg[4096];
+    LDAPMessage *e = NULL;
+    LDAPMessage *ldapResult = NULL;
+    int maxReturns = 10;
+    char audit_msg[512] = "";
+    char *profile_state = NULL;
+
+
+    RA::Debug("RA_Pin_Reset_Processor::Process", "Client %s",                       session->GetRemoteIP());
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+        "RA_Pin_Reset_Processor::Process");
+
+
+    SelectApplet(session, 0x04, 0x00, CardManagerAID);
+    cplc_data = GetData(session);
+    if (cplc_data == NULL) {
+          RA::Error("RA_Pin_Reset_Processor::Process",
+                        "Get Data Failed");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          PR_snprintf(audit_msg, 512, "Get Data Failed, status = STATUS_ERROR_SECURE_CHANNEL");
+          goto loser;
+    }
+    RA::DebugBuffer("RA_Pin_Reset_Processor::process", "CPLC Data = ", 
+                        cplc_data);
+    if (cplc_data->size() < 47) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Invalid CPLC Size");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          PR_snprintf(audit_msg, 512, "Invalid CPLC Size, status = STATUS_ERROR_SECURE_CHANNEL");
+          goto loser;
+    }
+    token_cuid =  Buffer(cplc_data->substr(3,4)) +
+             Buffer(cplc_data->substr(19,2)) +
+             Buffer(cplc_data->substr(15,4));
+    RA::DebugBuffer("RA_Pin_Reset_Processor::process", "Token CUID= ",
+                        &token_cuid);
+    cuid = Util::Buffer2String(token_cuid);
+
+    token_msn = Buffer(cplc_data->substr(41, 4));
+    RA::DebugBuffer("RA_Pin_Reset_Processor::process", "Token MSN= ",
+                        &token_msn);
+    msn = Util::Buffer2String(token_msn);
+
+    /**
+     * Checks if the netkey has the required applet version.
+     */
+    SelectApplet(session, 0x04, 0x00, NetKeyAID);
+    token_status = GetStatus(session, 0x00, 0x00);
+    if (token_status == NULL) {
+      major_version = 0x0;
+      minor_version = 0x0;
+      app_major_version = 0x0;
+      app_minor_version = 0x0;
+    } else {
+      major_version = ((BYTE*)*token_status)[0];
+      minor_version = ((BYTE*)*token_status)[1];
+      app_major_version = ((BYTE*)*token_status)[2];
+      app_minor_version = ((BYTE*)*token_status)[3];
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+              "Major=%d Minor=%d", major_version, minor_version);
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+	      "Applet Major=%d Applet Minor=%d", app_major_version, app_minor_version);
+
+    if (!RA::ra_is_token_present(cuid)) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "CUID %s Not Present", cuid);
+        status = STATUS_ERROR_DB;
+        PR_snprintf(audit_msg, 512, "CUID Not Present, status = STATUS_ERROR_DB");
+        goto loser;
+    }
+
+    // retrieve CUID
+
+    if (!GetTokenType(OP_PREFIX, major_version,
+                    minor_version, cuid, msn,
+                    extensions, status, tokenType)) {
+                PR_snprintf(audit_msg, 512, "Failed to get token type");
+		goto loser;
+    }
+
+    // check if profile is enabled 
+    PR_snprintf((char *)configname, 256, "config.Profiles.%s.state", tokenType);
+    profile_state = (char *) RA::GetConfigStore()->GetConfigAsString(configname);
+    if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) {
+        RA::Error("RA_Pin_Reset_Processor::Process", "Profile %s Disabled for CUID %s", tokenType, cuid);
+        status =  STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType);
+        goto loser;
+    }
+
+    if (RA::ra_is_tus_db_entry_disabled(cuid)) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "CUID %s Disabled", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        PR_snprintf(audit_msg, 512, "Token disabled, status = STATUS_ERROR_DISABLED_TOKEN");
+        goto loser;
+     }
+
+    // we know cuid and msn here 
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "pin_reset",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "token enabled");
+
+    if (!RA::ra_is_token_pin_resetable(cuid)) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "CUID %s Cannot Pin Reset", cuid);
+        status = STATUS_ERROR_NOT_PIN_RESETABLE;
+        PR_snprintf(audit_msg, 512, "token cannot pin reset, status = STATUS_ERROR_PIN_RESETABLE");
+        goto loser;
+      }
+
+    // we know cuid and msn here 
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "pin_reset",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "pin reset allowed");
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn",
+                    OP_PREFIX, tokenType);
+    tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (tksid == NULL) {
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "TKS Connection Parameter %s Not Found", configname);
+        status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+        PR_snprintf(audit_msg, 512, "TKS Connection Parameter %s Not Found, status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND", configname);
+        goto loser;
+    }
+
+    buildID = GetAppletVersion(session);
+    if (buildID == NULL) {
+        PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX,
+          tokenType); 
+         if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+                 appletVersion = PL_strdup( "" );
+         } else {
+          	RA::Error("RA_Pin_Reset_Processor::Process", 
+			"no applet found and applet upgrade not enabled");
+                 status = STATUS_ERROR_SECURE_CHANNEL;
+                PR_snprintf(audit_msg, 512, "no applet found and applet upgrade not enabled, status = STATUS_ERROR_SECURE_CHANNEL");
+		 goto loser;
+	 }
+    } else {
+      char * buildid =  Util::Buffer2String(*buildID);
+      RA::Debug("RA_Pin_Reset_Processor", "buildid = %s", buildid);
+      char version[13];
+      PR_snprintf((char *) version, 13,
+		  "%x.%x.%s", app_major_version, app_minor_version,
+		  buildid);
+      appletVersion = strdup(version);
+      if (buildid != NULL) {
+          PR_Free(buildid);
+          buildid = NULL;
+      }
+    }
+
+    final_applet_version = strdup(appletVersion);
+    RA::Debug("RA_Pin_Reset_Processor", "final_applet_version = %s", final_applet_version);
+
+    /**
+     * Checks if we need to upgrade applet. 
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+        PR_snprintf((char *)configname, 256, "%s.%s.update.applet.requiredVersion", OP_PREFIX, tokenType);
+        required_version = RA::GetConfigStore()->GetConfigAsString(configname);
+	expected_version = PL_strdup(required_version);
+
+	if (expected_version == NULL) {
+             RA::Error("RA_Pin_Reset_Processor::Process", 
+			"misconfiguration for upgrade");
+              status = STATUS_ERROR_MISCONFIGURATION;
+              PR_snprintf(audit_msg, 512, "misconfiguration for upgrade, status = STATUS_ERROR_MISCONFIGURATION");
+              goto loser;
+	}
+	/* Bugscape #55826: used case-insensitive check below */
+        if (PL_strcasecmp(expected_version, appletVersion) != 0) {
+                /* upgrade applet */
+            PR_snprintf((char *)configname, 256, "%s.%s.update.applet.directory", OP_PREFIX, tokenType);
+            applet_dir = RA::GetConfigStore()->GetConfigAsString(configname);
+            if (applet_dir == NULL) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet",
+                                "Failed to get %s", applet_dir);
+                PR_snprintf(audit_msg, 512, "Failed to get %s", applet_dir);
+                goto loser;
+            }
+            PR_snprintf((char *)configname, 256, "%s.%s.update.applet.encryption", OP_PREFIX, tokenType);
+            upgrade_enc = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+            if (!upgrade_enc)
+              security_level = SECURE_MSG_MAC;
+            PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+            connid = RA::GetConfigStore()->GetConfigAsString(configname);
+            int upgrade_rc = UpgradeApplet(session, (char *) OP_PREFIX, (char*)tokenType, major_version, minor_version, 
+                expected_version, applet_dir, security_level, connid, extensions, 30, 70, &keyVersion);
+	    if (upgrade_rc != 1) {
+               RA::Error("RA_Pin_Reset_Processor::Process", 
+			"upgrade failure");
+              status = STATUS_ERROR_UPGRADE_APPLET;
+              /**
+               * Bugscape #55709: Re-select Net Key Applet ONLY on failure.
+               */
+              SelectApplet(session, 0x04, 0x00, NetKeyAID);
+
+              RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+                userid, cuid, msn, "Failure", "pin_reset", 
+                keyVersion != NULL? keyVersion : "", 
+                appletVersion, expected_version, "applet upgrade");
+              goto loser;
+	    }
+
+            RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE,
+              userid, cuid, msn, "Success", "pin_reset", 
+              keyVersion != NULL? keyVersion : "", 
+              appletVersion, expected_version, "applet upgrade");
+
+	    final_applet_version = expected_version;
+        }
+    }
+
+    /**
+     * Checks if the netkey has the required key version.
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+      PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+      int requiredVersion = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+      PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+      connId = RA::GetConfigStore()->GetConfigAsString(configname);
+      if( channel != NULL ) {
+          delete channel;
+          channel = NULL;
+      }
+      channel = SetupSecureChannel(session, requiredVersion, 
+                  0x00  /* default key index */, connId);
+      if (channel == NULL) {
+
+        /* if version 0x02 key not found, create them */
+        SelectApplet(session, 0x04, 0x00, CardManagerAID);
+        channel = SetupSecureChannel(session,
+                  0x00,  /* default key version */
+                  0x00  /* default key index */, connId);
+
+        if (channel == NULL) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"setup secure channel failure");
+            status = STATUS_ERROR_SECURE_CHANNEL;
+            PR_snprintf(audit_msg, 512, "setup secure channel failure, status = STATUS_ERROR_SECURE_CHANNEL");
+            goto loser;
+	}
+
+        rc = channel->ExternalAuthenticate();
+        if (rc != 1) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"External authentication in secure channel failed");
+            status = STATUS_ERROR_EXTERNAL_AUTH;
+            PR_snprintf(audit_msg, 512, "External authentication in secure channel failed, status = STATUS_ERROR_EXTERNAL_AUTH");
+            goto loser;
+        } 
+
+        PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+        int v = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+        Buffer curKeyInfo = channel->GetKeyInfoData();
+        BYTE nv[2] = { v, 0x01 };
+        Buffer newVersion(nv, 2);
+        PR_snprintf((char *)configname,  256,"%s.%s.tks.conn", OP_PREFIX, tokenType);
+        connid = RA::GetConfigStore()->GetConfigAsString(configname);
+        rc = CreateKeySetData(
+             channel->GetKeyDiversificationData(),
+             curKeyInfo,
+             newVersion,
+             key_data_set, connid);
+        if (rc != 1) {
+            RA::Error("RA_Pin_Reset_Processor::Process",
+                        "failed to create new key set");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            PR_snprintf(audit_msg, 512, "failed to create new key set, status = STATUS_ERROR_CREATE_CARDMGR");
+            goto loser;
+        }
+
+
+	 BYTE curVersion = ((BYTE*)curKeyInfo)[0];
+         BYTE curIndex = ((BYTE*)curKeyInfo)[1];
+         rc = channel->PutKeys(session,
+                  curVersion,
+                  curIndex,
+                  &key_data_set);
+
+        if (rc!=0) {
+            RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
+                userid, cuid, msn, "Failure", "pin_reset",
+                final_applet_version, curVersion, ((BYTE*)newVersion)[0],
+                "key changeover failed");
+        }
+
+         SelectApplet(session, 0x04, 0x00, NetKeyAID);
+        PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+        if( channel != NULL ) {
+            delete channel;
+            channel = NULL;
+        }
+
+        PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+        connId = RA::GetConfigStore()->GetConfigAsString(configname);
+         channel = SetupSecureChannel(session, 
+                  RA::GetConfigStore()->GetConfigAsInt(configname, 0x00),
+                  0x00  /* default key index */, connId);
+         if (channel == NULL) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"setup secure channel failure");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            PR_snprintf(audit_msg, 512, "setup secure channel failure, status = STATUS_ERROR_CREATE_CARDMGR");
+            goto loser;
+         }
+
+        RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
+                userid, cuid, msn, "Success", "pin_reset",
+                final_applet_version, curVersion, ((BYTE*)newVersion)[0],
+                "key changeover");
+      }
+    } else {
+      PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+      connId = RA::GetConfigStore()->GetConfigAsString(configname);
+      if( channel != NULL ) {
+          delete channel;
+          channel = NULL;
+      }
+      channel = SetupSecureChannel(session,
+                  0x00,
+                  0x00  /* default key index */, connId);
+    }
+
+    /* we should have a good channel here */
+    if (channel == NULL) {
+            RA::Error("RA_Pin_Reset_Processor::Process", 
+			"no channel creation failure");
+            status = STATUS_ERROR_CREATE_CARDMGR;
+            PR_snprintf(audit_msg, 512, "no channel creation failure, status = STATUS_ERROR_CREATE_CARDMGR");
+            goto loser;
+    }
+
+    if (channel != NULL) {
+	if( keyVersion != NULL ) {
+		PR_Free( (char *) keyVersion );
+		keyVersion = NULL;
+	}
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.loginRequest.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+        if (extensions != NULL &&
+               extensions->GetValue("extendedLoginRequest") != NULL)
+        {
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "Extended Login Request detected");
+                   AuthenticationEntry *entry = GetAuthenticationEntry(
+            OP_PREFIX, configname, tokenType);
+                   char **params = NULL;
+                   char pb[1024];
+                   char *locale = NULL;
+           if (extensions != NULL &&
+               extensions->GetValue("locale") != NULL)
+                   {
+                           locale = extensions->GetValue("locale");
+                   } else {
+                           locale = ( char * ) "en"; /* default to english */
+                   }
+                   int n = entry->GetAuthentication()->GetNumOfParamNames();
+                   if (n > 0) {
+                       RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "Extended Login Request detected n=%d", n);
+                       params = (char **) PR_Malloc(n);
+                       for (int i = 0; i < n; i++) {
+                         sprintf(pb,"id=%s&name=%s&desc=%s&type=%s&option=%s",
+                             entry->GetAuthentication()->GetParamID(i),
+                             entry->GetAuthentication()->GetParamName(i, locale),
+                             entry->GetAuthentication()->GetParamDescription(i,
+locale),
+                             entry->GetAuthentication()->GetParamType(i),
+                             entry->GetAuthentication()->GetParamOption(i)
+                             );
+                         params[i] = PL_strdup(pb);
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+                "params[i]=%s", params[i]);
+                       }
+                   }
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "Extended Login Request detected calling RequestExtendedLogin() locale=%s", locale);
+                                                                                
+                   char *title = PL_strdup(entry->GetAuthentication()->GetTitle(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "title=%s", title);
+                   char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale));
+                   RA::Debug("RA_Enroll_Processor::RequestUserId", "description=%s", description);
+           login = RequestExtendedLogin(session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description);
+                                                                                
+                   RA::Debug("RA_Enroll_Processor::RequestUserId",
+    "Extended Login Request detected calling RequestExtendedLogin() login=%x", login);
+
+                    if (params != NULL) {
+                       for (int nn=0; nn < n; nn++) {
+                           if (params[nn] != NULL) {
+                               PL_strfree(params[nn]);
+                               params[nn] = NULL;
+                           }
+                       }
+                       free(params);
+                       params = NULL;
+                   }
+
+                   if (title != NULL) {
+                       PL_strfree(title);
+                       title = NULL;
+                   }
+
+                   if (description != NULL) {
+                       PL_strfree(description);
+                       description = NULL;
+                   }
+
+        } else {
+      login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+        }
+      if (login == NULL) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"login not provided");
+        status = STATUS_ERROR_LOGIN;
+        PR_snprintf(audit_msg, 512, "login not provided, status = STATUS_ERROR_LOGIN");
+
+        goto loser;
+      }
+      if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+      }
+      userid = PL_strdup( login->GetUID() );
+    }
+
+    if (extensions != NULL &&
+           extensions->GetValue("statusUpdate") != NULL) {
+           StatusUpdate(session, 30 /* progress */,
+                        "PROGRESS_START_AUTHENTICATION");
+    }
+
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "pin_reset",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "userid obtained");
+
+    PR_snprintf(configname, 256, "cn=%s", cuid);
+    rc = RA::ra_find_tus_token_entries(configname, maxReturns, &ldapResult, 0);
+
+    if (rc == 0) {
+        for (e = RA::ra_get_first_entry(ldapResult); e != NULL;
+          e = RA::ra_get_next_entry(e)) {
+            tokenOwner = RA::ra_get_attribute_values(e, "tokenUserID");
+            if ((tokenOwner != NULL) && (tokenOwner[0] != NULL) &&
+                (tokenOwner[0]->bv_val != NULL) && (strlen(tokenOwner[0]->bv_val) > 0) &&
+                (strcmp(userid, tokenOwner[0]->bv_val) != 0)) {
+                status = STATUS_ERROR_NOT_TOKEN_OWNER;
+                PR_snprintf(audit_msg, 512, "token owner mismatch, status = STATUS_ERROR_NOT_TOKEN_OWNER");
+                goto loser;
+            }
+        }
+    } else {
+        RA::Error("RA_Pin_Reset_Processor::Process", "Error in ldap connection with token database.");
+        status = STATUS_ERROR_LDAP_CONN;
+        PR_snprintf(audit_msg, 512, "Error in ldap connection with token database, status = STATUS_ERROR_LDAP_CONN");
+        goto loser;
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, false)) {
+        if (login == NULL) {
+                RA::Error("RA_Pin_Reset_Processor::Process", "Login Request Disabled. Authentication failed.");
+                status = STATUS_ERROR_LOGIN;
+                PR_snprintf(audit_msg, 512, "Login Request Disabled. status = STATUS_ERROR_LOGIN");
+                goto loser;
+        }
+
+
+        PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, tokenType);
+        authid = RA::GetConfigStore()->GetConfigAsString(configname);
+        if (authid == NULL) {
+                status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "authid is null, status = STATUS_ERROR_LOGIN");
+            goto loser;
+	}
+        AuthenticationEntry *auth = RA::GetAuth(authid);
+   
+        if(auth == NULL) 
+        {
+            RA::Error("RA_Pin_Reset_Processor::Process", "Authentication manager is NULL . Authentication failed.");
+            status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "Authentication manager is NULL, status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+ 
+        char *type = auth->GetType();
+        if (type == NULL) {
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication is missing param type", "", tokenType);
+            PR_snprintf(audit_msg, 512, "authentication is missing param type, status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+        if (strcmp(type, "LDAP_Authentication") == 0) {
+            RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+                    "LDAP_Authentication is invoked.");
+            int passwd_retries = auth->GetAuthentication()->GetNumOfRetries();
+            int retries = 0;
+            authParams = new AuthParams();
+            authParams->SetUID(login->GetUID());
+            authParams->SetPassword(login->GetPassword());
+            rc = auth->GetAuthentication()->Authenticate(authParams);
+
+            RA::Debug("RA_Pin_Reset_Processor::Process",
+              "Authenticate returns: %d", rc);
+
+            while ((rc == -2 || rc == -3) && (retries < passwd_retries)) {
+                login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+                if (login == NULL) {
+                    RA::Error("RA_Pin_Reset_Processor::Process", "Login Request Disabled. Authentication failed.");
+                    status = STATUS_ERROR_LOGIN;
+                    PR_snprintf(audit_msg, 512, "Login Request Disabled, r=-2 or -3. status= STATUS_ERROR_LOGIN");
+                    goto loser;
+                }
+                retries++;
+                authParams->SetUID(login->GetUID());
+                authParams->SetPassword(login->GetPassword());
+                rc = auth->GetAuthentication()->Authenticate(authParams);
+            }
+
+            if (rc == -1) {
+                RA::Error("RA_Pin_Reset_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LDAP_CONN;
+                RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", "Authentication status = %d", status);
+                PR_snprintf(audit_msg, 512, "authentication failed, rc=-1, status = STATUS_ERROR_LDAP_CONN");
+                goto loser; 
+            }
+
+            if (rc == -2 || rc == -3) {
+                RA::Error("RA_Pin_Reset_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LOGIN;
+                RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", "Authentication status = %d", status);
+                PR_snprintf(audit_msg, 512, "authentication failed, rc=-2 or rc=-3, status = STATUS_ERROR_LOGIN");
+                goto loser; 
+            }
+
+            RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", "Authentication successful.");
+        } else {
+            RA::Error("RA_Pin_Reset_Processor::Process", "No Authentication type was found.");
+            status = STATUS_ERROR_LOGIN;
+            RA::tdb_activity(session->GetRemoteIP(), cuid, "enrollment", "failure", "authentication error", "", tokenType);
+            PR_snprintf(audit_msg, 512, "No Authentication type was found. status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+    } else {
+        RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "Authentication has been disabled.");
+    }
+
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "pin_reset",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "authentication successful");
+
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "SetupSecureChannel");
+
+#if 0
+    if (RA::GetConfigStore()->GetConfigAsBool("tus.enable", 0)) {
+        if (IsTokenDisabledByTus(channel)) {
+           status = STATUS_ERROR_TOKEN_DISABLED;
+           goto loser;
+        }
+    }
+#endif
+
+    /* check if the user owns the token */
+    token_userid = RA::ra_get_token_userid(cuid);
+    if (token_userid == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "No user owns the token '%s'", cuid);
+        status = STATUS_ERROR_TOKEN_DISABLED;
+        PR_snprintf(audit_msg, 512, "No user owns the token, status = STATUS_ERROR_TOKEN_DISABLED");
+        goto loser;
+    } else {
+      if (strcmp(token_userid, userid) != 0) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "User does not own the token '%s'", cuid);
+        status = STATUS_ERROR_TOKEN_DISABLED;
+        PR_snprintf(audit_msg, 512, "User does not own the token. status = STATUS_ERROR_TOKEN_DISABLED");
+        goto loser;
+      }
+    }
+
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "pin_reset",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "login successful");
+
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "ExternalAuthenticate");
+    rc = channel->ExternalAuthenticate();
+    if (rc == -1) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"External Authenticate failed.");
+        status = STATUS_ERROR_CREATE_CARDMGR;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "external authentication error", "", tokenType);
+        PR_snprintf(audit_msg, 512, "External Authenticate failed, status = STATUS_ERROR_CREATE_CARDMGR");
+        goto loser;
+    }
+    RA::Debug(LL_PER_PDU, "RA_Pin_Reset_Processor::Process", 
+          "RequestNewPin");
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.minLen", OP_PREFIX, tokenType);
+    minlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 4);
+    PR_snprintf((char *)configname, 256, "%s.%s.pinReset.pin.maxLen", OP_PREFIX, tokenType);
+    maxlen = RA::GetConfigStore()->GetConfigAsUnsignedInt(configname, 10);
+    new_pin = RequestNewPin(session, minlen, maxlen);
+    if (new_pin == NULL) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"Set Pin failed.");
+        status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "request new pin error", "", tokenType);
+        PR_snprintf(audit_msg, 512, "RequestNewPin failed, status = STATUS_ERROR_MAC_RESET_PIN_PDU");
+        goto loser;
+    }
+
+    if (extensions != NULL &&
+           extensions->GetValue("statusUpdate") != NULL) {
+           StatusUpdate(session, 70 /* progress */,
+                        "PROGRESS_PIN_RESET");
+    }
+
+    rc = channel->ResetPin(0x0, new_pin);
+    if (rc == -1) {
+        status = STATUS_ERROR_MAC_RESET_PIN_PDU;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "ereset pin error", "", tokenType);
+        PR_snprintf(audit_msg, 512, "ResetPin failed, status = STATUS_ERROR_MAC_RESET_PIN_PDU");
+        goto loser;
+    }
+
+    rc = channel->Close();
+    if (rc == -1) {
+        RA::Error("RA_Pin_Reset_Processor::Process", 
+			"Failed to close channel");
+        status = STATUS_ERROR_CONNECTION;
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "pin reset", "failure", "secure channel close error", "", tokenType);
+        PR_snprintf(audit_msg, 512, "Failed to close channel, status = STATUS_ERROR_CONNECTION");
+        goto loser;
+    }
+
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "pin_reset",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "ResetPin successful");
+
+    if (extensions != NULL &&
+           extensions->GetValue("statusUpdate") != NULL) {
+           StatusUpdate(session, 100 /* progress */,
+                        "PROGRESS_DONE");
+    }
+
+    end = PR_IntervalNow();
+
+    rc = 1;
+
+    if (RA::ra_is_token_present(cuid)) {
+	    /* 
+	     * we want to have a tus policy to change PIN_RESET=YES 
+	     * parameter to PIN_RESET=NO
+	     */
+      if (RA::ra_is_token_pin_resetable(cuid)) {
+	policy = RA::ra_get_token_policy(cuid);
+        RA::Error("RA_Pin_Reset_Processor::Process",
+                        "Policy %s is %s", cuid, policy);
+	tmp_policy = PL_strstr(policy, "PIN_RESET=YES");
+	if (tmp_policy != NULL) {
+	  tmp_policy[10] = 'N';
+	  tmp_policy[11] = 'O';
+	  for (i = 12; tmp_policy[i] != '\0'; i++)
+	    tmp_policy[i] = tmp_policy[i+1];
+	  rc = RA::ra_update_token_policy(cuid, policy);
+          if (rc != 0) { 
+              RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+                  userid != NULL ? userid : "",
+                  cuid != NULL ? cuid : "",
+                  msn != NULL ? msn : "",
+                 "failure",
+                 "pin_reset",
+                 final_applet_version != NULL ? final_applet_version : "",
+                 keyVersion != NULL? keyVersion : "",
+                 "failed to reset token policy");
+          }
+	}
+      }
+    }
+
+    sprintf(activity_msg, "applet_version=%s tokenType=%s",
+           (char *)final_applet_version, tokenType);
+    RA::tdb_activity(session->GetRemoteIP(), (char *)cuid, "pin reset", "success", activity_msg, userid, tokenType);
+
+    /* audit log for successful pin reset */
+    if (authid != NULL) {
+        sprintf(activity_msg, "pin_reset processing completed, authid = %s", authid);
+    } else {
+        sprintf(activity_msg, "pin_reset processing completed");
+    }
+    RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+          userid, cuid, msn, "success", "pin_reset", final_applet_version, keyVersion!=NULL? keyVersion: "", activity_msg);
+
+loser:
+    if (strlen(audit_msg) > 0) {
+            RA::Audit(EV_PIN_RESET, AUDIT_MSG_PROC,
+               userid != NULL ? userid : "",
+               cuid != NULL ? cuid : "",
+               msn != NULL ? msn : "",
+              "failure",
+              "pin_reset",
+              final_applet_version != NULL ? final_applet_version : "",
+              keyVersion != NULL? keyVersion : "",
+              audit_msg);
+            
+           if ((cuid != NULL) && (tokenType != NULL)) {
+                RA::tdb_activity(session->GetRemoteIP(),
+                    cuid,
+                    "pin_reset",
+                    "failure",
+                    audit_msg,
+                    userid != NULL ? userid : "",
+                    tokenType);
+           }
+    }
+
+    if( token_status != NULL ) {
+        delete token_status;
+        token_status = NULL;
+    }
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+    if( NetKeyAID != NULL ) { 
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( login != NULL ) {
+        delete login;
+        login = NULL;
+    }
+    if( new_pin != NULL ) {
+        PL_strfree( new_pin );
+        new_pin = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( (char *) cuid );
+        cuid = NULL;
+    }
+    if( msn != NULL ) {
+        PR_Free( (char *) msn );
+        msn = NULL;
+    }
+    if( buildID != NULL ) {
+        delete buildID;
+        buildID = NULL;
+    }
+    if( appletVersion != NULL ) {
+        PR_Free( (char *) appletVersion );
+        appletVersion = NULL;
+    }
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+    if( keyVersion != NULL ) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+    if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+    }
+    if( authParams != NULL ) {
+        delete authParams;
+        authParams = NULL;
+    }
+    if( cplc_data != NULL ) {
+        delete cplc_data;
+        cplc_data = NULL;
+    }
+
+    if (tokenOwner != NULL) {
+        ldap_value_free_len(tokenOwner);
+        tokenOwner = NULL;
+    }
+
+    if (ldapResult != NULL) {
+        ldap_msgfree(ldapResult);
+        ldapResult = NULL;
+    }
+
+#ifdef   MEM_PROFILING     
+         MEM_dump_unfree();
+#endif
+
+    return status;
+} /* Process */
diff --git a/pki/base/tps/src/processor/RA_Processor.cpp b/pki/base/tps/src/processor/RA_Processor.cpp
new file mode 100644
index 000000000..f70ee2398
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Processor.cpp
@@ -0,0 +1,3454 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <math.h>
+#include "plstr.h"
+#include "engine/RA.h"
+#include "main/Buffer.h"
+#include "main/Base.h"
+#include "main/Util.h"
+#include "main/RA_Session.h"
+#include "main/RA_Msg.h"
+#include "main/Login.h"
+#include "main/SecureId.h"
+#include "main/Util.h"
+#include "httpClient/httpc/http.h"
+#include "httpClient/httpc/request.h"
+#include "httpClient/httpc/response.h"
+#include "httpClient/httpc/engine.h"
+#include "processor/RA_Processor.h"
+#include "cms/HttpConnection.h"
+#include "cms/CertEnroll.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/APDU_Response.h"
+#include "channel/Secure_Channel.h"
+#include "main/Memory.h"
+
+#if 0
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include "tus/tus_db.h"
+#ifdef __cplusplus
+}
+#endif
+#endif
+
+/**
+ * Constructs a base processor.
+ */
+RA_Processor::RA_Processor ()
+{
+    totalAvailableMemory = 0;
+    totalFreeMemory = 0;
+}
+
+
+/**
+ * Destructs processor.
+ */
+RA_Processor::~RA_Processor ()
+{
+}
+
+AuthenticationEntry *RA_Processor::GetAuthenticationEntry(
+            const char *prefix, const char * a_configname, const char *a_tokenType)
+{
+    AuthenticationEntry *auth = NULL;
+                                                                                
+    if (!RA::GetConfigStore()->GetConfigAsBool(a_configname, false))
+            return NULL;
+                                                                                
+        RA::Debug("RA_Enroll_Processor::AuthenticateUser",
+                "Authentication enabled");
+    char configname[256];
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.id", prefix, a_tokenType);
+    const char *authid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (authid == NULL) {
+        goto loser;
+    }
+    auth = RA::GetAuth(authid);
+        return auth;
+loser:
+    return NULL;
+}
+
+
+void RA_Processor::StatusUpdate(RA_Session *a_session,  
+		NameValueSet *a_extensions,
+    int a_status, const char *a_info)
+{
+    if (a_extensions != NULL) {
+		if (a_extensions->GetValue("statusUpdate") != NULL) {
+        	StatusUpdate(a_session, a_status, a_info);
+		}
+    }
+}
+
+void RA_Processor::StatusUpdate(RA_Session *session,  
+    int status, const char *info)
+{
+    RA_Status_Update_Request_Msg *status_update_request_msg = NULL;
+    RA_Status_Update_Response_Msg *status_update_response_msg = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::StatusUpdate",
+        "RA_Processor::StatusUpdate");
+
+    status_update_request_msg = new RA_Status_Update_Request_Msg(
+        status, info);
+    session->WriteMsg(status_update_request_msg);
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::StatusUpdate",
+        "Sent status_update_msg");
+
+    status_update_response_msg = (RA_Status_Update_Response_Msg *)
+        session->ReadMsg();
+    if (status_update_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::StatusUpdate",
+            "No Status Update Response Msg Received");
+        goto loser;
+    }
+    if (status_update_response_msg->GetType() != MSG_STATUS_UPDATE_RESPONSE) {
+            RA::Error("Secure_Channel::StatusUpdate",
+            "Invalid Msg Type");
+            goto loser;
+    }
+
+loser:
+    if( status_update_request_msg != NULL ) {
+        delete status_update_request_msg;
+        status_update_request_msg = NULL;
+    }
+    if( status_update_response_msg != NULL ) {
+        delete status_update_response_msg;
+        status_update_response_msg = NULL;
+    }
+
+} /* StatusUpdate */
+
+/**
+ * Requests login ID and password from user.
+ */
+AuthParams *RA_Processor::RequestExtendedLogin(RA_Session *session,  
+    int invalid_pw, int blocked,
+    char **parameters, int len, char *title, char *description)
+{
+    RA_Extended_Login_Request_Msg *login_request_msg = NULL;
+    RA_Extended_Login_Response_Msg *login_response_msg = NULL;
+    AuthParams *login = NULL;
+    AuthParams *c = NULL;
+    int i = 0;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::RequestExtendedLogin",
+        "RA_Processor::RequestExtendedLogin %s %s", 
+        title, description);
+
+    login_request_msg = new RA_Extended_Login_Request_Msg(
+        invalid_pw, blocked, parameters, len, title, description);
+    session->WriteMsg(login_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::RequestExtendedLogin",
+        "Sent login_request_msg");
+
+    login_response_msg = (RA_Extended_Login_Response_Msg *)
+        session->ReadMsg();
+    if (login_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::RequestExtendedLogin",
+            "No Extended Login Response Msg Received");
+        goto loser;
+    }
+    if (login_response_msg->GetType() != MSG_EXTENDED_LOGIN_RESPONSE) {
+            RA::Error("Secure_Channel::Login_Request",
+            "Invalid Msg Type");
+            goto loser;
+    }
+
+    login = new AuthParams();
+    c = login_response_msg->GetAuthParams();
+    for (i = 0; i < c->Size(); i++) {
+      login->Add(c->GetNameAt(i), c->GetValue(c->GetNameAt(i)));
+    }
+
+loser:
+    if( login_request_msg != NULL ) {
+        delete login_request_msg;
+        login_request_msg = NULL;
+    }
+    if( login_response_msg != NULL ) {
+        delete login_response_msg;
+        login_response_msg = NULL;
+    }
+
+    return login;
+} /* RequestExtendedLogin */
+
+/**
+ * Requests login ID and password from user.
+ */
+AuthParams *RA_Processor::RequestLogin(RA_Session *session,  
+    int invalid_pw, int blocked)
+{
+    RA_Login_Request_Msg *login_request_msg = NULL;
+    RA_Login_Response_Msg *login_response_msg = NULL;
+    AuthParams *login = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Login_Request",
+        "RA_Processor::Login_Request");
+
+    login_request_msg = new RA_Login_Request_Msg(
+        invalid_pw, blocked);
+    session->WriteMsg(login_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Login_Request",
+        "Sent login_request_msg");
+
+    login_response_msg = (RA_Login_Response_Msg *)
+        session->ReadMsg();
+    if (login_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::Login_Request",
+            "No Login Response Msg Received");
+        goto loser;
+    }
+    if (login_response_msg->GetType() != MSG_LOGIN_RESPONSE) {
+            RA::Error("Secure_Channel::Login_Request",
+            "Invalid Msg Type");
+            goto loser;
+    }
+    login = new AuthParams();
+    login->Add("UID", login_response_msg->GetUID());
+    login->Add("PASSWORD", login_response_msg->GetPassword());
+
+loser:
+    if( login_request_msg != NULL ) {
+        delete login_request_msg;
+        login_request_msg = NULL;
+    }
+    if( login_response_msg != NULL ) {
+        delete login_response_msg;
+        login_response_msg = NULL;
+    }
+
+    return login;
+} /* RequestLogin */
+
+/**
+ * Upgrade the applet to the current session with the new version.
+ */
+int RA_Processor::UpgradeApplet(RA_Session *session, char *prefix, char *tokenType, BYTE major_version, BYTE minor_version, const char *new_version, const char *applet_dir, SecurityLevel security_level, const char *connid,
+		NameValueSet *extensions,
+		int start_progress,
+		int end_progress, 
+                char **key_version)
+{
+        Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_INSTANCE_AID,
+		        RA::CFG_DEF_NETKEY_INSTANCE_AID);
+        Buffer *OldAAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_OLD_INSTANCE_AID,
+		        RA::CFG_DEF_NETKEY_OLD_INSTANCE_AID);
+        Buffer *OldPAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_OLD_FILE_AID,
+		        RA::CFG_DEF_NETKEY_OLD_FILE_AID);
+        Buffer *NetKeyPAID = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_NETKEY_FILE_AID,
+		        RA::CFG_DEF_NETKEY_FILE_AID);
+        Buffer *PIN = RA::GetConfigStore()->GetConfigAsBuffer(
+			RA::CFG_APPLET_SO_PIN,
+		        RA::CFG_DEF_APPLET_SO_PIN);
+        Buffer empty;
+	PRFileDesc *f = NULL;
+	char path[4096];
+	char configname[4096];
+	PRFileInfo info;
+	PRStatus status;
+	int rc = 0;
+        Secure_Channel *channel = NULL;
+	int size_to_send = 0;
+	char *dataf = NULL;
+	int block_size;
+	BYTE refControl;
+	int count;
+	Buffer programFile;
+        Buffer tag;
+        Buffer length;
+        Buffer tbsProgramFile;
+        unsigned int totalLen;
+	int num_loops;
+	float progress_block_size;
+	int x_blocksize;
+	int instance_size;
+        int applet_memory_size;
+	int defKeyVer;
+	int defKeyIndex;
+	char *ext;
+
+	if (applet_dir == NULL) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+				"Failed to get upgrade.directory");
+		goto loser;		
+	}
+	sprintf(configname, "general.applet_ext");
+	ext = (char*)RA::GetConfigStore()->GetConfigAsString(configname, "ijc");
+	sprintf(path, "%s/%s.%s", applet_dir, new_version, ext);
+	RA::Debug("RA_Processor::UpgradeApplet", "path = %s", path);
+	status = PR_GetFileInfo(path, &info);
+	if (status != PR_SUCCESS) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+				"Failed to get file info");
+		goto loser;		
+	}
+	f = PR_Open(path, PR_RDONLY, 400);
+	if (f == NULL) {
+                RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+			"Failed to open '%s'", path);
+		goto loser;		
+	}
+	dataf = (char *)malloc(info.size);
+	PR_Read(f, dataf, info.size);
+    if( f != NULL ) {
+	    PR_Close( f );
+        f = NULL;
+    }
+
+	/* Select Applet - Select Card manager */
+	SelectCardManager(session, prefix, tokenType);
+
+    PR_snprintf((char *)configname, 256,"channel.blockSize");
+    x_blocksize = RA::GetConfigStore()->GetConfigAsInt(configname, 0xf8);
+    PR_snprintf((char *)configname, 256,"channel.instanceSize");
+    instance_size = RA::GetConfigStore()->GetConfigAsInt(configname, 18000);
+
+    PR_snprintf((char *)configname, 256,"channel.appletMemorySize");
+
+    applet_memory_size = RA::GetConfigStore()->GetConfigAsInt(configname, 5000);
+
+    PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+    defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+    PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+    defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+	channel = SetupSecureChannel(session, defKeyVer, defKeyIndex, security_level, connid);
+	if (channel == NULL) {
+             RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "channel creation failure");
+	     goto loser;
+	}
+
+        // get keyVersion
+        if (channel != NULL) {
+            *key_version = Util::Buffer2String(channel->GetKeyInfoData());
+        }
+
+	if (channel->ExternalAuthenticate() == -1) {
+             RA::Error(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "failed to external authenticate during upgrade");
+	     goto loser;
+	}
+
+	/* Delete File - Delete 627601ff000000 (CoolKey Instance) */
+        rc = channel->DeleteFileX(session, NetKeyAID);
+	if (rc != 1) {
+	     /* it is ok to fail to delete file */
+             RA::DebugBuffer(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "Warning: failed to delete file", NetKeyAID);
+	}
+
+	if (RA::GetConfigStore()->GetConfigAsBool(RA::CFG_APPLET_DELETE_NETKEY_OLD, true)) {
+	    /* Delete File - Delete a00000000101 */
+            rc = channel->DeleteFileX(session, OldAAID);
+	    if (rc != 1) {
+	       /* it is ok to fail to delete file */
+               RA::DebugBuffer(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "Warning: failed to delete file", OldAAID);
+	    }
+	    /* Delete File - Delete a000000001 */
+            rc = channel->DeleteFileX(session, OldPAID);
+	    if (rc != 1) {
+               RA::DebugBuffer(LL_PER_PDU, "RA_Processor::UpgradeApplet", 
+		  "Warning: failed to delete file", OldPAID);
+	    }
+	}
+
+	/* Delete File - Delete 627601ff0000 */
+        channel->DeleteFileX(session, NetKeyPAID);
+
+	/* Install Applet - Install applet instance */
+        channel->InstallLoad(session, 
+			*NetKeyPAID,
+			empty,
+			info.size);
+
+	/* Multiple Load Program File - Load 627601ff0000 */
+	programFile = Buffer ((BYTE *)dataf, info.size);
+	if( dataf != NULL ) {
+        free( dataf );
+        dataf = NULL;
+	}
+        tag = Buffer(1, 0xC4);
+        tbsProgramFile = tag + length + programFile;
+        totalLen = tbsProgramFile.size();
+        if( programFile.size() < 128 ) {
+            length = Buffer(1, programFile.size());
+        } else if( programFile.size() <= 255 ) {
+            length = Buffer(2, 0);
+            ((BYTE*)length)[0] = 0x81;
+	    ((BYTE*)length)[1] = programFile.size();
+	} else {
+            length = Buffer(3, 0);
+            ((BYTE*)length)[0] = 0x82;
+            ((BYTE*)length)[1] = (programFile.size() >> 8) & 0xff;
+            ((BYTE*)length)[2] = programFile.size() & 0xff;
+        }
+        tbsProgramFile = tag + length + programFile;
+        totalLen = tbsProgramFile.size();
+
+	size_to_send = totalLen;
+	if (security_level == SECURE_MSG_MAC_ENC) {
+	  // need leave room for possible encryption padding
+	  block_size = x_blocksize - 0x10;
+	} else {
+	  block_size = x_blocksize - 8;
+	}
+
+	// rough number is good enough
+	num_loops = size_to_send / block_size;
+	progress_block_size = (float) (end_progress - start_progress) / num_loops;
+
+	count = 0;
+	refControl = 0x00; // intermediate block
+	do {
+		if (size_to_send < block_size) {
+			block_size = size_to_send;
+			// last block		
+			refControl = 0x80;
+		}
+		if (size_to_send - block_size == 0) {
+			// last block		
+			refControl = 0x80;
+		}
+		Buffer d = tbsProgramFile.substr(totalLen - size_to_send, block_size);
+                channel->LoadFile(session, (BYTE)refControl, (BYTE)count,  &d);
+
+		size_to_send -= block_size;
+
+		// send status update to the client
+		if (extensions != NULL && 
+		    extensions->GetValue("statusUpdate") != NULL) {
+		  StatusUpdate(session, 
+			start_progress + (count * progress_block_size) /* progress */, 
+			"PROGRESS_APPLET_BLOCK");
+		}
+		count++;
+	} while (size_to_send > 0);
+
+
+	/* Install Applet - Install applet instance */
+        channel->InstallApplet(session, 
+			*NetKeyPAID,
+			*NetKeyAID,
+			0 /* appPrivileges */,
+			instance_size /* instanceSize */,
+                        applet_memory_size /* appletMemorySize */);
+
+	/* Select File - Select 627601ff000000 */
+        SelectApplet(session, 0x04, 0x00, NetKeyAID);
+
+	rc = 1;
+loser:
+    if( NetKeyAID != NULL ) {
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( OldAAID != NULL ) {
+        delete OldAAID;
+        OldAAID = NULL;
+    }
+    if( OldPAID != NULL ) {
+        delete OldPAID;
+        OldPAID = NULL;
+    }
+    if( NetKeyPAID != NULL ) {
+        delete NetKeyPAID;
+        NetKeyPAID = NULL;
+    }
+    if( PIN != NULL ) {
+        delete PIN;
+        PIN = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( dataf != NULL ) {
+        free( dataf );
+        dataf = NULL;
+    }
+
+	return rc;
+}
+
+char *RA_Processor::MapPattern(NameValueSet *nv, char *pattern)
+{
+        int i=0,x=0,j=0,z=0;
+        unsigned int q = 0;
+        char token[4096];
+        char result[4096];
+	char *value;
+
+	if (pattern == NULL)
+		return NULL;
+        i = strlen(pattern);
+        for (x = 0; x < i; x++) {
+                if (pattern[x] == '$') {
+                  if (pattern[x+1] == '$') {
+                        result[z] = pattern[x];
+			z++;
+                        x++;
+                  } else {
+                          x++;
+                          j = 0;
+                          while (pattern[x] != '$') {
+                                  token[j] = pattern[x];
+                                  j++;
+                                  x++;
+                          }
+                          token[j] = '\0';
+			  value = nv->GetValue(token);
+			  if (value != NULL) {
+                             for (q = 0; q < strlen(value); q++) {
+                                 result[z] = value[q];
+				 z++;
+			     }
+
+			  }
+                  }
+                } else {
+                        result[z] = pattern[x];
+			z++;
+                }
+        }
+	result[z] = '\0';
+
+	return PL_strdup(result);
+}
+
+int RA_Processor::FormatMuscleApplet(RA_Session *session,
+        unsigned short memSize,
+        Buffer &PIN0, BYTE pin0Tries,
+        Buffer &unblockPIN0, BYTE unblock0Tries,
+        Buffer &PIN1, BYTE pin1Tries,
+        Buffer &unblockPIN1, BYTE unblock1Tries,
+        unsigned short objCreationPermissions,
+        unsigned short keyCreationPermissions,
+        unsigned short pinCreationPermissions)
+{   
+    int rc = 0;
+    APDU_Response *format_response = NULL;
+    RA_Token_PDU_Request_Msg *format_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *format_response_msg = NULL;
+    Format_Muscle_Applet_APDU *format_apdu = NULL;
+    // Buffer *mac = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::FormatMuscle",
+        "RA_Processor::FormatMuscle");
+
+    format_apdu = new Format_Muscle_Applet_APDU(memSize, PIN0, pin0Tries,
+                                unblockPIN0, unblock0Tries,
+                                PIN1, pin1Tries,
+                                unblockPIN1, unblock1Tries,
+                                objCreationPermissions,
+                                keyCreationPermissions,
+                                pinCreationPermissions);
+    format_request_msg =
+        new RA_Token_PDU_Request_Msg(format_apdu);
+    session->WriteMsg(format_request_msg);
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::FormatMuscle",
+        "Sent format_request_msg");
+
+    format_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (format_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::FormatMuscle",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (format_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::FormatMuscle", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    format_response = format_response_msg->GetResponse();
+    if (!(format_response->GetSW1() == 0x90 && 
+        format_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::FormatMuscle",
+            "Bad Response");
+	goto loser;
+    }
+    rc = 1;
+
+loser:
+    if( format_request_msg != NULL ) {
+        delete format_request_msg;
+        format_request_msg = NULL;
+    }
+    if( format_response_msg != NULL ) {
+        delete format_response_msg;
+        format_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Determine the Token Type. The user can set up mapping rules in the 
+ * config file which allow different operations depending on the
+ * CUID, applet version, ATR, etc.
+ */
+bool RA_Processor::GetTokenType(const char *prefix, int major_version, int minor_version, const char *cuid, const char *msn, NameValueSet *extensions, 
+	RA_Status &o_status /* out */, const char *&o_tokenType /* out */)
+{
+	const char *e_tokenATR = NULL;
+	const char *tokenATR = NULL;
+	const char *e_tokenType = NULL;
+	const char *tokenType = NULL;
+	const char *tokenCUIDStart = NULL;
+	const char *tokenCUIDEnd = NULL;
+	const char *targetTokenType = NULL;
+	const char *majorVersion = NULL;
+	const char *minorVersion = NULL;
+	const char *order = NULL;
+	char *order_x = NULL;
+	const char *mappingId = NULL;
+	char configname[256];
+	int start_pos = 0, done = 0;
+	unsigned int end_pos = 0;
+	const char *cuid_x = NULL;
+        int rc=0;
+
+	cuid_x = cuid;
+
+	sprintf(configname, "%s.mapping.order", prefix);
+	order = RA::GetConfigStore()->GetConfigAsString(configname);
+	if (order == NULL) {
+		RA::Error("RA_Processor::GetTokenType", "Token type is not found");
+    	o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+		RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+				"cannot find config ", configname);
+		return false; /* no mapping found */
+	}
+
+	RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+			"Starting:");
+	order_x = PL_strdup(order);
+
+	start_pos = 0;
+	end_pos = 0;
+	done = 0;
+	while (1) 
+	{
+		if (done) {
+			break;
+		}
+		end_pos = start_pos;
+		while ((end_pos < strlen(order)) && (order_x[end_pos] != ',')) {
+			end_pos++;
+		}
+		if (end_pos < strlen(order)) {
+			order_x[end_pos] = '\0';
+			done = 0;
+		} else {
+			done = 1;
+		}
+		mappingId = &order_x[start_pos];
+		RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+				"mappingId='%s'", mappingId);
+
+		start_pos = end_pos + 1;
+
+		sprintf(configname, "%s.mapping.%s.target.tokenType", prefix, 
+				mappingId);
+		targetTokenType = RA::GetConfigStore()->GetConfigAsString(configname);
+
+
+		if (targetTokenType == NULL) {
+			break;
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenType", prefix, 
+				mappingId);
+		tokenType = RA::GetConfigStore()->GetConfigAsString(configname);
+
+		RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+				"tokenType: %s",tokenType);
+
+		if (tokenType != NULL && strlen(tokenType) > 0) {
+			if (extensions == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			e_tokenType = extensions->GetValue("tokenType");
+			if (e_tokenType == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			if (strcmp(tokenType, e_tokenType) != 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenATR", prefix, 
+				mappingId);
+		tokenATR = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (tokenATR != NULL && strlen(tokenATR) > 0) {
+			if (extensions == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			e_tokenATR = extensions->GetValue("tokenATR");
+			if (e_tokenATR == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			if (strcmp(tokenATR, e_tokenATR) != 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenCUID.start", prefix, 
+				mappingId);
+		tokenCUIDStart = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (tokenCUIDStart != NULL && strlen(tokenCUIDStart) > 0) {
+			if (cuid_x == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+					"cuid_x=%s tokenCUIDStart=%s %d", cuid_x, tokenCUIDStart, 
+					PL_strcasecmp(cuid_x, tokenCUIDStart));
+
+			if(strlen(tokenCUIDStart) != 20)
+			{
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDStart: %s",tokenCUIDStart);
+				continue;
+			}
+
+			char *pend = NULL;
+			rc = strtol((const char *) tokenCUIDStart, &pend, 16);
+
+			if(*pend != '\0')
+			{
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDStart: %s",tokenCUIDStart);
+
+				continue;
+			}
+
+			if (PL_strcasecmp(cuid_x, tokenCUIDStart) < 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.tokenCUID.end", prefix, 
+				mappingId);
+		tokenCUIDEnd = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (tokenCUIDEnd != NULL && strlen(tokenCUIDEnd) > 0) {
+			if (cuid_x == NULL) {
+				continue; /* mapping not matched, next mapping */
+			}
+			RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType", 
+					"cuid_x=%s tokenCUIDEnd=%s %d", cuid_x, tokenCUIDEnd, 
+					PL_strcasecmp(cuid_x, tokenCUIDEnd));
+
+			if(strlen(tokenCUIDEnd) != 20)
+			{
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDEnd: %s",tokenCUIDEnd);
+				continue;
+			}
+
+			char *pend = NULL;
+			rc = strtol((const char *) tokenCUIDEnd, &pend, 16);
+
+			if(*pend != '\0')
+			{
+
+				RA::Debug(LL_PER_PDU, "RA_Processor::GetTokenType",
+						"Invalid tokenCUIDEnd: %s",tokenCUIDEnd);
+
+				continue;
+			}
+
+			if (PL_strcasecmp(cuid_x, tokenCUIDEnd) > 0) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.appletMajorVersion", 
+				prefix, mappingId);
+		majorVersion = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (majorVersion != NULL && strlen(majorVersion) > 0) {
+			if (major_version != atoi(majorVersion)) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+		sprintf(configname, "%s.mapping.%s.filter.appletMinorVersion", 
+				prefix, mappingId);
+		minorVersion = RA::GetConfigStore()->GetConfigAsString(configname);
+		if (minorVersion != NULL && strlen(minorVersion) > 0) {
+			if (minor_version != atoi(minorVersion)) {
+				continue; /* mapping not matched, next mapping */
+			}
+		}
+
+		if( order_x != NULL ) {
+			PL_strfree( order_x );
+			order_x = NULL;
+		}
+	    RA::Debug("RA_Processor::GetTokenType",
+                        "Selected Token type is '%s'", targetTokenType);
+		o_tokenType = targetTokenType;
+		return true;
+	}
+
+
+	if( order_x != NULL ) {
+		PL_strfree( order_x );
+		order_x = NULL;
+	}
+	RA::Error("RA_Processor::GetTokenType", "Token type is not found");
+    o_status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+	
+	return false;
+}
+
+int RA_Processor::SelectCardManager(RA_Session *session, char *prefix, char *tokenType)
+{
+    char configname[256];
+    int rc;
+    PR_snprintf((char *)configname, 256, "%s.%s.cardmgr_instance", prefix, tokenType);
+    const char *cardmgr_instance = 
+          RA::GetConfigStore()->GetConfigAsString(configname);
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+           cardmgr_instance, RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    rc = SelectApplet(session, 0x04, 0x00, CardManagerAID);
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+    return rc;
+}
+
+/**
+ * GetData  
+ */
+Buffer *RA_Processor::GetData(RA_Session *session)
+{
+    Buffer data;
+    Buffer *status = NULL;
+    APDU_Response *get_data_response = NULL;
+    RA_Token_PDU_Request_Msg *get_data_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *get_data_response_msg = NULL;
+    Get_Data_APDU *get_data_apdu = NULL;
+    Buffer get_status_data;
+
+    get_data_apdu =
+        new Get_Data_APDU();
+    get_data_request_msg =
+        new RA_Token_PDU_Request_Msg(get_data_apdu);
+    session->WriteMsg(get_data_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::GetData",
+        "Sent get_data_request_msg");
+
+    get_data_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (get_data_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::GetData",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (get_data_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::GetData", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    get_data_response =
+        get_data_response_msg->GetResponse();
+    if (get_data_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetData", 
+		"No Response From Token");
+           goto loser;
+    }
+    data = get_data_response->GetData();
+
+    if (!(get_data_response->GetSW1() == 0x90 && 
+        get_data_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::GetData",
+            "Bad Response");
+	goto loser;
+    }
+
+    status = new Buffer(data.substr(0, data.size()));
+
+loser:
+
+    if( get_data_request_msg != NULL ) {
+        delete get_data_request_msg;
+        get_data_request_msg = NULL;
+    }
+    if( get_data_response_msg != NULL ) {
+        delete get_data_response_msg;
+        get_data_response_msg = NULL;
+    }
+
+    return status;
+}
+
+Buffer *RA_Processor::ListObjects(RA_Session *session, BYTE seq)
+{
+    Buffer data;
+    Buffer *status = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *request_msg = NULL;
+    RA_Token_PDU_Response_Msg *response_msg = NULL;
+    List_Objects_APDU *list_objects_apdu = NULL;
+    Buffer get_status_data;
+
+    list_objects_apdu =
+        new List_Objects_APDU(seq);
+    request_msg =
+        new RA_Token_PDU_Request_Msg(list_objects_apdu);
+    session->WriteMsg(request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::ListObjects",
+        "Sent request_msg");
+
+    response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::ListObjects",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::ListObjects", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    response = response_msg->GetResponse();
+    if (response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::ListObjects", 
+		"No Response From Token");
+           goto loser;
+    }
+
+    if (!(response->GetSW1() == 0x90 && 
+        response->GetSW2() == 0x00)) {
+  //  	RA::Error(LL_PER_PDU, "RA_Processor::ListObjects",
+  //         "Bad Response");
+	goto loser;
+    }
+
+    data = response->GetData();
+
+    status = new Buffer(data.substr(0, data.size()));
+
+loser:
+
+    if( request_msg != NULL ) {
+        delete request_msg;
+        request_msg = NULL;
+    }
+    if( response_msg != NULL ) {
+        delete response_msg;
+        response_msg = NULL;
+    }
+
+    return status;
+}
+
+/**
+ * GetStatus  
+ */
+Buffer *RA_Processor::GetStatus(RA_Session *session, BYTE p1, BYTE p2)
+{
+    Buffer data;
+    Buffer *status = NULL;
+    APDU_Response *get_status_response = NULL;
+    RA_Token_PDU_Request_Msg *get_status_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *get_status_response_msg = NULL;
+    Get_Status_APDU *get_status_apdu = NULL;
+    Buffer get_status_data;
+
+    get_status_apdu =
+        new Get_Status_APDU();
+    get_status_request_msg =
+        new RA_Token_PDU_Request_Msg(get_status_apdu);
+    session->WriteMsg(get_status_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::GetStatus",
+        "Sent get_status_request_msg");
+
+    get_status_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (get_status_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::GetStatus",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (get_status_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::GetStatus", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    get_status_response =
+        get_status_response_msg->GetResponse();
+    if (get_status_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetStatus", 
+		"No Response From Token");
+           goto loser;
+    }
+    data = get_status_response->GetData();
+
+    if (!(get_status_response->GetSW1() == 0x90 && 
+        get_status_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::GetStatus",
+            "Bad Response");
+	goto loser;
+    }
+
+    status = new Buffer(data.substr(0, data.size()));
+
+loser:
+
+    if( get_status_request_msg != NULL ) {
+        delete get_status_request_msg;
+        get_status_request_msg = NULL;
+    }
+    if( get_status_response_msg != NULL ) {
+        delete get_status_response_msg;
+        get_status_response_msg = NULL;
+    }
+
+    return status;
+}
+
+int RA_Processor::CreatePin(RA_Session *session, BYTE pin_number, 
+		BYTE max_retries, char *pin)
+{
+    int rc = -1;
+    Create_Pin_APDU *create_pin_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Secure_Channel::IsPinPresent");
+    Buffer pin_buffer = Buffer((BYTE*)pin, strlen(pin));
+    create_pin_apdu = new Create_Pin_APDU(pin_number, max_retries, 
+		    pin_buffer);
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        create_pin_apdu);
+    session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::CreatePin",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::CreatePin", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::CreatePin",
+            "No Response From Token");
+        goto loser;
+    }
+
+    rc = 1;
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+int RA_Processor::IsPinPresent(RA_Session *session, BYTE pin_number)
+{
+    int rc = -1;
+    Buffer data;
+    List_Pins_APDU *list_pins_apdu = NULL;
+    APDU_Response *response = NULL;
+    RA_Token_PDU_Request_Msg *token_pdu_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *token_pdu_response_msg = NULL;
+    Buffer *mac = NULL;
+
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Secure_Channel::IsPinPresent");
+    list_pins_apdu = new List_Pins_APDU(2);
+
+    /*
+    mac = ComputeAPDUMac(set_pin_apdu);
+    set_pin_apdu->SetMAC(*mac);
+    */
+    token_pdu_request_msg = new RA_Token_PDU_Request_Msg(
+        list_pins_apdu);
+    session->WriteMsg(token_pdu_request_msg);
+    RA::Debug("Secure_Channel::IsPinPresent",
+        "Sent token_pdu_request_msg");
+
+    token_pdu_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (token_pdu_response_msg == NULL)
+    {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (token_pdu_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::IsPinReset", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    response = token_pdu_response_msg->GetResponse();
+    if (response == NULL) {
+        RA::Error("Secure_Channel::IsPinReset",
+            "No Response From Token");
+        goto loser;
+    }
+    data = response->GetData();
+    if (data.size() < 2) { 
+  	RA::Error(LL_PER_PDU, "Secure_Channel::IsPinReset", 
+		"Invalid Response From Token");
+          goto loser;
+    }
+
+    if (pin_number < 8) {
+       rc = ((((BYTE*)data)[1] & (1 << pin_number)) > 0);
+    } else {
+       rc = ((((BYTE*)data)[0] & (1 << (pin_number - 8))) > 0);
+    }
+
+loser:
+    if( mac != NULL ) {
+        delete mac;
+        mac = NULL;
+    }
+    if( token_pdu_request_msg != NULL ) {
+        delete token_pdu_request_msg;
+        token_pdu_request_msg = NULL;
+    }
+    if( token_pdu_response_msg != NULL ) {
+        delete token_pdu_response_msg;
+        token_pdu_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Select applet.
+ *
+ * Global Platform Open Platform Card Specification 
+ * Version 2.0.1 Page 9-22
+ *
+ * Sample Data:
+ *
+ * _____________ CLA
+ * |  __________ INS
+ * |  |  _______ P1
+ * |  |  |  ____ P2
+ * |  |  |  |  _ Len
+ * |  |  |  |  |
+ * 00 A4 04 00 07
+ * 53 4C 42 47 49 4E 41
+ */
+int RA_Processor::SelectApplet(RA_Session *session, BYTE p1, BYTE p2, Buffer *aid)
+{
+    int rc = 0;
+    APDU_Response *select_response = NULL;
+    RA_Token_PDU_Request_Msg *select_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *select_response_msg = NULL;
+    Select_APDU *select_apdu = NULL;
+
+    if (aid != NULL) {
+      RA::DebugBuffer(LL_PER_PDU, "RA_Processor::SelectApplet",
+		      "RA_Processor::SelectApplet with aid= ", aid);
+    }
+
+    select_apdu = new Select_APDU(p1, p2, *aid);
+    select_request_msg =
+        new RA_Token_PDU_Request_Msg(select_apdu);
+    session->WriteMsg(select_request_msg);
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::SelectApplet",
+        "Sent select_request_msg");
+
+    select_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (select_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::SelectApplet",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (select_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "Secure_Channel::SelectApplet", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    select_response = select_response_msg->GetResponse();
+    if (select_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::SelectApplet", 
+		"No Response From Token");
+           goto loser;
+    }
+    if (select_response->GetData().size() < 2) { 
+  	RA::Error(LL_PER_PDU, "Secure_Channel::SelectApplet", 
+		"Invalid Response From Token");
+          goto loser;
+    }
+    if (!(select_response->GetSW1() == 0x90 && 
+        select_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::SelectApplet",
+            "Bad Response");
+	goto loser;
+    }
+
+
+loser:
+    if( select_request_msg != NULL ) {
+        delete select_request_msg;
+        select_request_msg = NULL;
+    }
+    if( select_response_msg != NULL ) {
+        delete select_response_msg;
+        select_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Get Build ID from Net Key Applet.
+ * @returns a buffer with 4 bytes of data. This is the applet ID. 
+ *    The caller is responsible for freeing the buffer with 
+ *    the 'delete' operator.
+ */
+Buffer *RA_Processor::GetAppletVersion(RA_Session *session)
+{
+    Buffer data;
+    Buffer *buildID = NULL;
+    APDU_Response *get_version_response = NULL;
+    RA_Token_PDU_Request_Msg *get_version_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *get_version_response_msg = NULL;
+    Get_Version_APDU *get_version_apdu = NULL;
+    Buffer get_version_data;
+
+    get_version_apdu =
+        new Get_Version_APDU();
+    get_version_request_msg =
+        new RA_Token_PDU_Request_Msg(get_version_apdu);
+    session->WriteMsg(get_version_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::GetAppletVersion",
+        "Sent get_version_request_msg");
+
+    get_version_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (get_version_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::GetAppletVersion",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (get_version_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::GetAppletVersion", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    get_version_response =
+        get_version_response_msg->GetResponse();
+    if (get_version_response == NULL) { 
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetAppletVersion", 
+		"No Response From Token");
+           goto loser;
+    }
+    data = get_version_response->GetData();
+    if (!(get_version_response->GetSW1() == 0x90 && 
+        get_version_response->GetSW2() == 0x00)) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::GetAppletVersion",
+            "Bad Response");
+	goto loser;
+    }
+
+    /* Sample: 3FBAB4BF9000 */
+    if (data.size() != 6) {
+	   RA::Error(LL_PER_PDU, "Secure_Channel::GetAppletVersion", 
+		"Invalid Applet Version");
+	    goto loser;
+    }
+
+    buildID = new Buffer(data.substr(0, 4));
+
+/*
+    buildID = (get_version_data[0] << 24) | (get_version_data[1] << 16) |
+	      (get_version_data[2] << 8) | get_version_data[3];
+
+*/ 
+
+loser:
+
+    if( get_version_request_msg != NULL ) {
+        delete get_version_request_msg;
+        get_version_request_msg = NULL;
+    }
+    if( get_version_response_msg != NULL ) {
+        delete get_version_response_msg;
+        get_version_response_msg = NULL;
+    }
+    return buildID;
+}
+
+/*
+ * this one sets the security level
+ */
+Secure_Channel *RA_Processor::SetupSecureChannel(RA_Session *session, 
+     BYTE key_version, BYTE key_index, SecurityLevel security_level,
+     const char *connId)
+{
+    Secure_Channel *channel = SetupSecureChannel(session, key_version, key_index, connId);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel","Resetting security level ...");
+
+    /* Bugscape Bug #55774: Prevent NetKey RA from crashing . . . */
+    if( channel != NULL ) {
+        channel->SetSecurityLevel(security_level);
+    } else {
+        RA::Error( LL_PER_PDU, "RA_Processor::SetupSecureChannel", "%s %s",
+			       "Failed to create a secure channel - potentially due to an",
+                   "RA/TKS key mismatch or differing RA/TKS key versions." );
+    }
+    return channel;
+  
+}
+
+int RA_Processor::InitializeUpdate(RA_Session *session, 
+     BYTE key_version, BYTE key_index, 
+     Buffer &key_diversification_data,
+     Buffer &key_info_data,
+     Buffer &card_challenge,
+     Buffer &card_cryptogram,
+     Buffer &host_challenge, const char *connId)
+{
+    int rc = -1;
+    APDU_Response *initialize_update_response = NULL;
+    RA_Token_PDU_Request_Msg *initialize_update_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *initialize_update_response_msg = NULL;
+    Initialize_Update_APDU *initialize_update_apdu = NULL;
+    Buffer update_response_data;
+    char configname[256];
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "RA_Processor::InitializeUpdate");
+
+
+    PR_snprintf((char *) configname, 256, "conn.%s.generateHostChallenge", connId);
+    bool gen_host_challenge_tks  = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+
+    if(gen_host_challenge_tks) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Generate host challenge on TKS.");
+        rc = ComputeRandomData(host_challenge, (int) host_challenge.size(), connId);
+    } else {
+        rc = Util::GetRandomChallenge(host_challenge);
+    }
+
+    if(rc == -1) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "Failed to generate host challenge");
+        goto loser;
+
+    }
+
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Generated Host Challenge",
+        &host_challenge);
+
+    initialize_update_apdu =
+        new Initialize_Update_APDU(key_version, key_index, host_challenge);
+    initialize_update_request_msg =
+        new RA_Token_PDU_Request_Msg(initialize_update_apdu);
+    session->WriteMsg(initialize_update_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Sent initialize_update_request_msg");
+
+    initialize_update_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (initialize_update_response_msg == NULL)
+    {
+    	RA::Error(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (initialize_update_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::InitializeUpdate", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    initialize_update_response =
+        initialize_update_response_msg->GetResponse();
+    update_response_data = initialize_update_response->GetData();
+
+    if (!(initialize_update_response->GetSW1() == 0x90 && 
+        initialize_update_response->GetSW2() == 0x00)) {
+    	RA::Debug(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "Key version mismatch - key changeover to follow");
+	goto loser;
+    }
+
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Update Response Data", &update_response_data);
+
+    /**
+     * Initialize Update response:
+     *   Key Diversification Data - 10 bytes
+     *   Key Information Data - 2 bytes
+     *   Card Challenge - 8 bytes
+     *   Card Cryptogram - 8 bytes
+     */
+    if (initialize_update_response->GetData().size() < 10) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+            "Invalid Initialize Update Response Size");
+	goto loser;
+    }
+    key_diversification_data = Buffer(update_response_data.substr(0, 10));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Key Diversification Data", &key_diversification_data);
+    key_info_data = Buffer(update_response_data.substr(10, 2));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Key Info Data", &key_info_data);
+    card_challenge = Buffer(update_response_data.substr(12, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Card Challenge", &card_challenge);
+    card_cryptogram = Buffer(update_response_data.substr(20, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::InitializeUpdate",
+        "Card Cryptogram", &card_cryptogram);
+
+    rc = 1;
+
+loser:
+    if( initialize_update_request_msg != NULL ) {
+        delete initialize_update_request_msg;
+        initialize_update_request_msg = NULL;
+    }
+    if( initialize_update_response_msg != NULL ) {
+        delete initialize_update_response_msg;
+        initialize_update_response_msg = NULL;
+    }
+
+    return rc;
+}
+
+/**
+ * Setup secure channel between RA and the token.
+ */
+Secure_Channel *RA_Processor::SetupSecureChannel(RA_Session *session, 
+     BYTE key_version, BYTE key_index, const char *connId)
+{
+    Secure_Channel *channel = NULL;
+    APDU_Response *initialize_update_response = NULL;
+    RA_Token_PDU_Request_Msg *initialize_update_request_msg = NULL;
+    RA_Token_PDU_Response_Msg *initialize_update_response_msg = NULL;
+    Initialize_Update_APDU *initialize_update_apdu = NULL;
+    Buffer update_response_data;
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    char configname[256];
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "RA_Processor::Setup_Secure_Channel");
+
+    PR_snprintf((char *) configname, 256, "conn.%s.generateHostChallenge", connId);
+    bool gen_host_challenge_tks  = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+
+    int rc = 0;
+    if(gen_host_challenge_tks) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Generate host challenge on TKS.");
+        rc = ComputeRandomData(host_challenge, (int) host_challenge.size(), connId);
+    } else {
+        rc = Util::GetRandomChallenge(host_challenge); 
+    }
+
+    if(rc == -1) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::SetupSecureChannel",
+            "Failed to generate host challenge");
+        goto loser;
+
+    }
+
+
+
+ /*   if (Util::GetRandomChallenge(host_challenge) != PR_SUCCESS)
+    {
+        RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "Failed to generate host challenge");
+        goto loser;
+    }
+
+*/
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Generated Host Challenge",
+        &host_challenge);
+
+    initialize_update_apdu =
+        new Initialize_Update_APDU(key_version, key_index, host_challenge);
+    initialize_update_request_msg =
+        new RA_Token_PDU_Request_Msg(initialize_update_apdu);
+    session->WriteMsg(initialize_update_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Sent initialize_update_request_msg");
+
+    initialize_update_response_msg = (RA_Token_PDU_Response_Msg *)
+        session->ReadMsg();
+    if (initialize_update_response_msg == NULL)
+    {
+    	RA::Error(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "No Token PDU Response Msg Received");
+        goto loser;
+    }
+    if (initialize_update_response_msg->GetType() != MSG_TOKEN_PDU_RESPONSE) {
+	   RA::Error(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel", 
+		"Invalid Message Type");
+           goto loser;
+    }
+    initialize_update_response =
+        initialize_update_response_msg->GetResponse();
+    update_response_data = initialize_update_response->GetData();
+
+    if (!(initialize_update_response->GetSW1() == 0x90 && 
+        initialize_update_response->GetSW2() == 0x00)) {
+    	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "Key version mismatch - key changeover to follow");
+	goto loser;
+    }
+
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Update Response Data", &update_response_data);
+
+    /**
+     * Initialize Update response:
+     *   Key Diversification Data - 10 bytes
+     *   Key Information Data - 2 bytes
+     *   Card Challenge - 8 bytes
+     *   Card Cryptogram - 8 bytes
+     */
+    if (initialize_update_response->GetData().size() < 28) {
+    	RA::Error(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+            "Invalid Initialize Update Response Size");
+	goto loser;
+    }
+    key_diversification_data = Buffer(update_response_data.substr(0, 10));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Key Diversification Data", &key_diversification_data);
+    key_info_data = Buffer(update_response_data.substr(10, 2));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Key Info Data", &key_info_data);
+    card_challenge = Buffer(update_response_data.substr(12, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Card Challenge", &card_challenge);
+    card_cryptogram = Buffer(update_response_data.substr(20, 8));
+    RA::DebugBuffer(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "Card Cryptogram", &card_cryptogram);
+
+    channel = GenerateSecureChannel(
+        session, connId,
+        key_diversification_data,
+        key_info_data,
+        card_challenge,
+        card_cryptogram,
+        host_challenge);
+
+loser:
+    if( initialize_update_request_msg != NULL ) {
+        delete initialize_update_request_msg;
+        initialize_update_request_msg = NULL;
+    }
+    if( initialize_update_response_msg != NULL ) {
+        delete initialize_update_response_msg;
+        initialize_update_response_msg = NULL;
+    }
+
+    return channel;
+} /* SetupSecureChannel */
+
+/**
+ * Requests secure ID.
+ */
+SecureId *RA_Processor::RequestSecureId(RA_Session *session)
+{
+    SecureId *secure_id = NULL;
+    RA_SecureId_Request_Msg *secureid_request_msg = NULL;
+    RA_SecureId_Response_Msg *secureid_response_msg = NULL;
+    char *value;
+    char *pin;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::SecureId_Request",
+        "RA_Processor::SecureId_Request");
+
+    secureid_request_msg = new RA_SecureId_Request_Msg(
+        0 /* pin_required */, 0 /* next_value */);
+    session->WriteMsg(secureid_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::SecureId_Request",
+        "Sent secureid_request_msg");
+
+    secureid_response_msg = (RA_SecureId_Response_Msg *)
+        session->ReadMsg();
+    if (secureid_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::SecureId_Request",
+            "No SecureID Response Msg Received");
+        goto loser;
+    }
+
+    if (secureid_response_msg->GetType() != MSG_SECUREID_RESPONSE) {
+            RA::Error("Secure_Channel::SecureId_Request",
+            "Invalid Msg Type");
+            goto loser;
+    }
+
+    value = secureid_response_msg->GetValue();
+    pin = secureid_response_msg->GetPIN();
+
+    secure_id = new SecureId(value, pin);
+
+loser:
+
+    if( secureid_request_msg != NULL ) {
+        delete secureid_request_msg;
+        secureid_request_msg = NULL;
+    }
+    if( secureid_response_msg != NULL ) {
+        delete secureid_response_msg;
+        secureid_response_msg = NULL;
+    }
+    return secure_id;
+} /* RequestSecureId */
+
+/**
+ * Requests new pin for token.
+ */
+char *RA_Processor::RequestNewPin(RA_Session *session, unsigned int min, unsigned int max)
+{
+    char *new_pin = NULL;
+    RA_New_Pin_Request_Msg *new_pin_request_msg = NULL;
+    RA_New_Pin_Response_Msg *new_pin_response_msg = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+        "RA_Processor::New_Pin_Request");
+
+    new_pin_request_msg = new RA_New_Pin_Request_Msg(
+        min, max);
+    session->WriteMsg(new_pin_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+        "Sent new_pin_request_msg");
+
+    new_pin_response_msg = (RA_New_Pin_Response_Msg *)
+        session->ReadMsg();
+    if (new_pin_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+            "No New Pin Response Msg Received");
+        goto loser;
+    }
+
+    if (new_pin_response_msg->GetType() != MSG_NEW_PIN_RESPONSE) {
+        RA::Error(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+            "Invalid Message Type");
+        goto loser;
+    }
+
+    if (new_pin_response_msg->GetNewPIN() == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Processor::New_Pin_Request",
+            "No New Pin");
+        goto loser;
+    }
+
+    new_pin = PL_strdup(new_pin_response_msg->GetNewPIN());
+
+    if (strlen(new_pin) < min) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+          "The length of the new pin is shorter than the mininum length (%d)", min);
+        if( new_pin != NULL ) {
+            PL_strfree( new_pin );
+            new_pin = NULL;
+        }
+        new_pin = NULL;
+        goto loser;
+    } else if (strlen(new_pin) > max) {
+        RA::Error(LL_PER_PDU, "RA_Pin_Reset_Processor::Process",
+          "The length of the new pin is longer than the maximum length (%d)", max);
+        if( new_pin != NULL ) {
+            PL_strfree( new_pin );
+            new_pin = NULL;
+        }
+        new_pin = NULL;
+        goto loser;
+    }
+
+loser:
+
+    if( new_pin_request_msg != NULL ) {
+        delete new_pin_request_msg;
+        new_pin_request_msg = NULL;
+    }
+    if( new_pin_response_msg != NULL ) {
+        delete new_pin_response_msg;
+        new_pin_response_msg = NULL;
+    }
+
+    return new_pin;
+} /* RequestNewPin */
+
+/**
+ * Requests A Security Question (ASQ) from user.
+ */
+char *RA_Processor::RequestASQ(RA_Session *session, char *question)
+{
+    char *answer = NULL;
+    RA_ASQ_Request_Msg *asq_request_msg = NULL;
+    RA_ASQ_Response_Msg *asq_response_msg = NULL;
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::ASQ_Request",
+        "RA_Processor::ASQ_Request");
+
+    asq_request_msg = new RA_ASQ_Request_Msg(question);
+    session->WriteMsg(asq_request_msg);
+    RA::Debug(LL_PER_PDU, "RA_Processor::ASQ_Request",
+        "Sent asq_request_msg");
+
+    asq_response_msg = (RA_ASQ_Response_Msg *)
+        session->ReadMsg();
+    if (asq_response_msg == NULL)
+    {
+        RA::Error(LL_PER_PDU, "RA_Processor::ASQ_Request",
+            "No ASQ Response Msg Received");
+        goto loser;
+    }
+    if (asq_response_msg->GetType() != MSG_ASQ_RESPONSE) {
+        RA::Error(LL_PER_PDU, "RA_Processor::ASQ_Request",
+            "Invalid Message Type");
+        goto loser;
+    }
+
+    if (asq_response_msg->GetAnswer() == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Processor::ASQ_Request",
+            "No ASQ Answer");
+        goto loser;
+    }
+    answer = PL_strdup(asq_response_msg->GetAnswer());
+
+loser:
+    if( asq_request_msg != NULL ) {
+        delete asq_request_msg;
+        asq_request_msg = NULL;
+    }
+    if( asq_response_msg != NULL ) {
+        delete asq_response_msg;
+        asq_response_msg = NULL;
+    }
+
+    return answer;
+} /* RequestASQ */
+
+/**
+ * Creates a secure channel between RA and the token.
+ * challenges are sent to TKS which generates
+ * host cryptogram, and session key.
+ */
+Secure_Channel *RA_Processor::GenerateSecureChannel(
+    RA_Session *session, const char *connId,
+    Buffer &key_diversification_data, /* CUID */
+    Buffer &key_info_data,
+    Buffer &card_challenge,
+    Buffer &card_cryptogram,
+    Buffer &host_challenge)
+{
+    PK11SymKey *session_key = NULL;
+    Buffer *host_cryptogram = NULL;
+    char configname[256];
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+        "RA_Processor::GenerateSecureChannel");
+
+    PK11SymKey *enc_session_key = NULL;
+
+
+    // desKey_s will be assigned to channel and will be destroyed when channel closed
+    char *drm_desKey_s = NULL;
+    char *kek_desKey_s = NULL;
+    char *keycheck_s = NULL;
+
+    session_key = RA::ComputeSessionKey(session, key_diversification_data, 
+                                        key_info_data, card_challenge,
+                                        host_challenge, &host_cryptogram, 
+		                                card_cryptogram, &enc_session_key,
+                                        &drm_desKey_s, &kek_desKey_s,
+                                        &keycheck_s, connId);
+    if (session_key == NULL) {
+      RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+	  "RA_Processor::GenerateSecureChannel - did not get session_key");
+         return NULL;
+    }
+
+    // is serversideKeygen on?
+    PR_snprintf((char *) configname, 256, "conn.%s.serverKeygen", connId);
+    bool serverKeygen = RA::GetConfigStore()->GetConfigAsBool(configname, false);
+
+    if (serverKeygen) {
+      if ((drm_desKey_s == NULL) || (strcmp(drm_desKey_s, "")==0)) {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - did not get drm_desKey_s");
+	return NULL;
+      } else {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - drm_desKey_s = %s", drm_desKey_s);
+      }
+      if ((kek_desKey_s == NULL) || (strcmp(kek_desKey_s,"")==0))  {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - did not get kek_desKey_s");
+	return NULL;
+      } else {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - kek_desKey_s = %s", kek_desKey_s);
+      }
+      if ((keycheck_s == NULL) || (strcmp(keycheck_s,"")==0)) {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - did not get keycheck_s");
+	return NULL;
+    }
+
+    if (enc_session_key == NULL) {
+      RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+	  "RA_Processor::GenerateSecureChannel - did not get enc_session_key");
+         return NULL;
+    }
+    if (host_cryptogram == NULL) {
+      RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+	  "RA_Processor::GenerateSecureChannel - did not get host_cryptogram");
+         return NULL;
+      } else {
+	RA::Debug(LL_PER_PDU, "RA_Processor::Setup_Secure_Channel",
+		  "RA_Processor::GenerateSecureChannel - keycheck_s = %s", keycheck_s);
+      }
+    }
+/*
+    host_cryptogram = RA::ComputeHostCryptogram(
+        card_challenge, host_challenge);
+*/
+
+
+    Secure_Channel *channel = new Secure_Channel(session, session_key,
+						 enc_session_key,
+						 drm_desKey_s, kek_desKey_s, keycheck_s,
+        key_diversification_data, key_info_data,
+        card_challenge, card_cryptogram,
+        host_challenge, *host_cryptogram);
+
+    if( host_cryptogram != NULL ) {
+      delete host_cryptogram;
+      host_cryptogram = NULL;
+    }
+
+    if (channel != NULL) {
+        // this can be overridden by individual processor later
+        channel->SetSecurityLevel(RA::GetGlobalSecurityLevel());
+    } else {
+        if( session_key != NULL ) {
+            PK11_FreeSymKey( session_key );
+            session_key = NULL;
+        }
+        if( enc_session_key != NULL ) {
+            PK11_FreeSymKey( enc_session_key );
+            enc_session_key = NULL;
+        }
+
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::GenerateSecureChannel", "complete");
+    return channel;
+} /* GenerateSecureChannel */
+
+int RA_Processor::CreateKeySetData(Buffer &CUID, Buffer &version, 
+  Buffer &NewMasterVer, Buffer &out, const char *connid)
+{
+    char body[5000];
+    char configname[256];
+    HttpConnection *tksConn = NULL;
+    tksConn = RA::GetTKSConn(connid);
+    if (tksConn == NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::CreateKeySetData", "Failed to get TKSConnection %s", connid);
+        RA::Error(LL_PER_PDU, "RA_Processor::CreateKeySetData", "Failed to get TKSConnection %s", connid);
+        return -1;
+    } else {
+        // PRLock *tks_lock = RA::GetTKSLock();
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        int currRetries = 0;
+        char *cuid = Util::SpecialURLEncode(CUID);
+        char *versionID = Util::SpecialURLEncode(version);
+        char *masterV = Util::SpecialURLEncode(NewMasterVer);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.keySet", connid);
+        const char *keySet = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        PR_snprintf((char *)body, 5000,
+           "newKeyInfo=%s&CUID=%s&KeyInfo=%s&keySet=%s", masterV, cuid, versionID,keySet);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.createKeySetData", connid);
+        const char *servletID = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        if( cuid != NULL ) {
+            PR_Free( cuid );
+            cuid = NULL;
+        }
+        if( versionID != NULL ) {
+            PR_Free( versionID );
+            versionID = NULL;
+        }
+        if( masterV != NULL ) {
+            PR_Free( masterV );
+            masterV = NULL;
+        }
+
+        tks_curr = RA::GetCurrentIndex(tksConn);
+
+        PSHttpResponse * response = tksConn->getResponse(tks_curr, servletID, body);
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+        char **hostport = connInfo->GetHostPortList();
+
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The CreateKeySetData response from TKS ",
+              "at %s is NULL.", hostport[tks_curr]);
+        else
+            RA::Debug(LL_PER_PDU, "The CreateKeySetData response from TKS ",
+              "at % is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+            tks_curr = RA::GetCurrentIndex(tksConn);
+
+            RA::Debug(LL_PER_PDU, "RA is reconnecting to TKS ",
+              "at %s for createKeySetData.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug(LL_PER_PDU, "Used up all the retries. Response is NULL","");
+                RA::Error(LL_PER_PDU, "RA_Processor::CreateKeySetData","Failed connecting to TKS after %d retries", currRetries);
+                if (tksConn != NULL) {
+                    RA::ReturnTKSConn(tksConn);
+                }
+                return -1;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body);
+        }
+
+        int status = 0;
+
+        Buffer *keydataset = NULL;
+        if (response != NULL) {
+            RA::Debug(LL_PER_PDU,"Response is not ","NULL");
+            char * content = response->getContent();
+            if (content == NULL) {
+                RA::Debug(LL_PER_PDU,"TKSConnection::CreateKeySetData","Content Is NULL");
+            } else {
+                RA::Debug(LL_PER_PDU,"TKSConnection::CreateKeySetData","Content Is '%s'",
+                                        content);
+            }
+            if (content != NULL) {
+                char *statusStr = strstr((char *)content, "status=0&");
+                if (statusStr == NULL) {
+                    status = 1;
+                    char *p = strstr((char *)content, "status=");
+                    if(p != NULL) {
+                        status = int(p[7]) - 48;
+		    } else {
+			status = 4;
+                        return -1;
+		    }
+                } else {
+                    status = 0;
+                    char *p = &content[9];
+                    char *rcStr = strstr((char *)p, "keySetData=");
+                    if (rcStr != NULL) {
+                        rcStr = &rcStr[11];
+                        if (!strcmp(rcStr, "%00")) {
+                            return -1;
+                        }
+                        keydataset = Util::URLDecode(rcStr);
+                    }
+                }
+            }
+        }
+
+        if (keydataset == NULL)
+        {
+            RA::Debug(LL_PER_PDU, "RA_Processor:CreateKeySetData",
+              "Key Set Data is NULL");
+
+               return -1;
+        }
+
+        RA::Debug(LL_PER_PDU, "RA_Processor:CreateKeySetData", "Status of CreateKeySetData=%d", status);
+        RA::Debug(LL_PER_PDU, "finish CreateKeySetData", "");
+
+        if (status > 0) {
+	    if (tksConn != NULL) {
+                RA::ReturnTKSConn(tksConn);
+	    }
+            return -1;
+	} else {
+            out = *keydataset;
+            if( keydataset != NULL ) {
+                delete keydataset;
+                keydataset = NULL;
+            }
+        }
+
+        if( response != NULL ) {
+            response->freeContent();
+            delete response;
+            response = NULL;
+        }
+
+	if (tksConn != NULL) {
+            RA::ReturnTKSConn(tksConn);
+	}
+        return 1;
+    }
+        BYTE kek_key[] = {
+                0x40, 0x41, 0x42, 0x43,
+                0x44, 0x45, 0x46, 0x47,
+                0x48, 0x49, 0x4a, 0x4b,
+                0x4c, 0x4d, 0x4e, 0x4f
+        };
+        BYTE key[] = {
+                0x40, 0x41, 0x42, 0x43,
+                0x44, 0x45, 0x46, 0x47,
+                0x48, 0x49, 0x4a, 0x4b,
+                0x4c, 0x4d, 0x4e, 0x4f
+        };
+    Buffer old_kek_key(kek_key, 16);
+    Buffer new_auth_key(key, 16);
+    Buffer new_mac_key(key, 16);
+    Buffer new_kek_key(key, 16);
+
+
+        Util::CreateKeySetData(
+             NewMasterVer,
+             old_kek_key,
+             new_auth_key,
+             new_mac_key,
+             new_kek_key,
+             out);
+
+	if (tksConn != NULL) {
+		RA::ReturnTKSConn(tksConn);
+	}
+   return 1;
+}
+
+
+/**
+ * Input data wrapped by KEK key in TKS.
+ */
+int RA_Processor::EncryptData(Buffer &CUID, Buffer &version, Buffer &in, Buffer &out, const char *connid)
+{
+    char body[5000];
+    char configname[256];
+#define PLAINTEXT_CHALLENGE_SIZE 16
+	// khai, here we wrap the input with the KEK key
+	// in TKS
+        HttpConnection *tksConn = NULL;
+        char kek_key[16] = {
+                0x40, 0x41, 0x42, 0x43,
+                0x44, 0x45, 0x46, 0x47,
+                0x48, 0x49, 0x4a, 0x4b,
+                0x4c, 0x4d, 0x4e, 0x4f
+        };
+    int status = 0;
+
+    tksConn = RA::GetTKSConn(connid);
+    if (tksConn == NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::EncryptData", "Failed to get TKSConnection %s", connid);
+        RA::Debug(LL_PER_PDU, "RA_Processor::EncryptData", "Failed to get TKSConnection %s", connid);
+        return -1;
+    } else {
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        int currRetries = 0;
+        char *data = NULL;
+        Buffer *zerob = new Buffer(PLAINTEXT_CHALLENGE_SIZE, (BYTE)0);
+        if (!(in == *zerob))
+          data = Util::SpecialURLEncode(in);
+        else
+          RA::Debug(LL_PER_PDU, "RA_Processor::EncryptData","Challenge to be generated on TKS");
+
+        if (zerob != NULL) {
+            delete zerob;
+        }
+
+        char *cuid = Util::SpecialURLEncode(CUID);
+        char *versionID = Util::SpecialURLEncode(version);
+
+        PR_snprintf((char *)configname, 256, "conn.%s.keySet", connid);
+        const char *keySet = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        PR_snprintf((char *)body, 5000, "data=%s&CUID=%s&KeyInfo=%s&keySet=%s",
+          ((data != NULL)? data:""), cuid, versionID,keySet);
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.encryptData", connid);
+        const char *servletID = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        if( cuid != NULL ) {
+            PR_Free( cuid );
+            cuid = NULL;
+        }
+        if( versionID != NULL ) {
+            PR_Free( versionID );
+            versionID = NULL;
+        }
+
+        PSHttpResponse *response = tksConn->getResponse(tks_curr, servletID, body);
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+        char **hostport = connInfo->GetHostPortList();
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The encryptedData response from TKS ",
+              "at %s is NULL.", hostport[tks_curr]);
+        else
+            RA::Debug(LL_PER_PDU, "The encryptedData response from TKS ",
+              "at %s is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+            tks_curr = RA::GetCurrentIndex(tksConn);
+            RA::Debug(LL_PER_PDU, "RA is reconnecting to TKS ",
+              "at %s for encryptData.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug(LL_PER_PDU, "Used up all the retries. Response is NULL","");
+                RA::Error(LL_PER_PDU, "RA_Processor::EncryptData", "Failed connecting to TKS after %d retries", currRetries);
+                if (tksConn != NULL) {
+		          RA::ReturnTKSConn(tksConn);
+	            }
+                return -1;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body);
+        }
+
+        Buffer *encryptedData = NULL;
+        // preEncData is only useful when data is null, and data is to be randomly
+        // generated on TKS
+        Buffer *preEncData = NULL;
+        status = 0;
+        if (response != NULL) {
+            RA::Debug(LL_PER_PDU, "EncryptData Response is not ","NULL");
+            char *content = response->getContent();
+            if (content != NULL) {
+                char *statusStr = strstr((char *)content, "status=0&");
+                if (statusStr == NULL) {
+                    char *p = strstr((char *)content, "status=");
+
+                    if(p != NULL) {
+                        status = int(p[7]) - 48;
+		    } else {
+			status = 4;
+                        return -1;
+		    }
+                } else {
+                    status = 0;
+                    char *p = &content[9];
+                    // get pre-encryption data
+                    char *preStr = strstr((char *)p, "data=");
+                    if (preStr != NULL) {
+                      p = &preStr[5];
+                      char pstr[PLAINTEXT_CHALLENGE_SIZE*3+1];
+                      strncpy(pstr, p, PLAINTEXT_CHALLENGE_SIZE*3); 
+                      pstr[PLAINTEXT_CHALLENGE_SIZE*3] = '\0';
+                      preEncData = Util::URLDecode(pstr);
+//RA::DebugBuffer("RA_Processor::EncryptData", "preEncData=", preEncData);
+                    }
+
+                    // get encrypted data
+                    p = &content[9];
+                    char *rcStr = strstr((char *)p, "encryptedData=");
+                    if (rcStr != NULL) {
+                        rcStr = &rcStr[14];
+                        encryptedData = Util::URLDecode(rcStr);
+//RA::DebugBuffer("RA_Processor::EncryptData", "encryptedData=", encryptedData);
+                    }
+                }
+            }
+        }
+        if (encryptedData == NULL)
+            RA::Debug(LL_PER_PDU, "RA_Processor:GetEncryptedData",
+              "Encrypted Data is NULL");
+
+        RA::Debug(LL_PER_PDU, "EncryptedData ", "status=%d", status);
+        RA::Debug(LL_PER_PDU, "finish EncryptedData", "");
+        if ((status > 0) || (preEncData == NULL) || (encryptedData == NULL)) {
+            if (tksConn != NULL) {
+                RA::ReturnTKSConn(tksConn);
+	        }
+            if( data != NULL ) {
+                PR_Free( data );
+                data = NULL;
+            }
+            return -1;   
+	    } else {
+            out = *encryptedData;
+            if( encryptedData != NULL ) {
+                delete encryptedData;
+                encryptedData = NULL;
+            }
+            if (data != NULL) {
+                RA::Debug(LL_PER_PDU, "EncryptedData ", "challenge overwritten by TKS");
+                PR_Free( data );
+                data = NULL;
+            }
+            in = *preEncData;
+
+            if( preEncData != NULL ) {
+                delete preEncData;
+                preEncData = NULL;
+            }
+        }
+        if( response != NULL ) {
+            response->freeContent();
+            delete response;
+            response = NULL;
+        }
+
+        if (tksConn != NULL) {
+            RA::ReturnTKSConn(tksConn);
+	    }
+        return 1;
+    }
+
+	Buffer kek_buffer = Buffer((BYTE*)kek_key, 16);
+	status = Util::EncryptData(kek_buffer, in, out);
+#if 0
+        RA::DebugBuffer(LL_PER_PDU, "RA_Processor::EncryptData", "Encrypted Data",
+		&out);
+        Buffer out1 = Buffer(16, (BYTE)0);
+	status = Util::DecryptData(kek_buffer, out, out1);
+        RA::DebugBuffer(LL_PER_PDU, "RA_Processor::EncryptData", "Clear Data",
+		&out1);
+#endif
+        if (tksConn != NULL) {
+	    RA::ReturnTKSConn(tksConn);
+	}
+	return status;
+}
+
+int RA_Processor::ComputeRandomData(Buffer &data_out, int dataSize,  const char *connid)
+{
+    char body[5000];
+    char configname[256];
+    HttpConnection *tksConn = NULL;
+    int status = -1;
+    Buffer *decodedRandomData = NULL;
+    PSHttpResponse *response = NULL;
+
+    //check for absurd dataSize values
+    if(dataSize <= 0 || dataSize > 1024) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::ComputeRandomData", "Invalid dataSize requested %d", dataSize);
+        return -1;
+    }
+
+    tksConn = RA::GetTKSConn(connid);
+    if (tksConn == NULL) {
+        RA::Debug(LL_PER_PDU, "RA_Processor::ComputeRandomData", "Failed to get TKSConnection %s", connid);
+        return -1;
+    } else {
+        int tks_curr = RA::GetCurrentIndex(tksConn);
+        int currRetries = 0;
+
+        PR_snprintf((char *)body, 5000, "dataNumBytes=%d"
+          , dataSize );
+
+        PR_snprintf((char *)configname, 256, "conn.%s.servlet.computeRandomData", connid);
+        const char *servletID = RA::GetConfigStore()->GetConfigAsString(configname);
+
+        response = tksConn->getResponse(tks_curr, servletID, body);
+        ConnectionInfo *connInfo = tksConn->GetFailoverList();
+        char **hostport = connInfo->GetHostPortList();
+        if (response == NULL)
+            RA::Debug(LL_PER_PDU, "The ComputeRandomData response from TKS ",
+              "at %s is NULL.", hostport[tks_curr]);
+        else
+            RA::Debug(LL_PER_PDU, "The ComputeRandomData response from TKS ",
+              "at %s is not NULL.", hostport[tks_curr]);
+
+        while (response == NULL) {
+            RA::Failover(tksConn, connInfo->GetHostPortListLen());
+            tks_curr = RA::GetCurrentIndex(tksConn);
+            RA::Debug(LL_PER_PDU, "RA_Processor::ComputeRandomData: RA is reconnecting to TKS ",
+              "at %s for ComputeRandomData.", hostport[tks_curr]);
+
+            if (++currRetries >= tksConn->GetNumOfRetries()) {
+                RA::Debug(LL_PER_PDU, "RA_Processor::ComputeRandomData: Used up all the retries. Response is NULL","");
+                RA::Error(LL_PER_PDU, "RA_Processor::ComputeRandomData", "Failed connecting to TKS after %d retries", currRetries);
+                if (tksConn != NULL) {
+		          RA::ReturnTKSConn(tksConn);
+	            }
+                status = -1;
+                goto loser;
+            }
+            response = tksConn->getResponse(tks_curr, servletID, body);
+        }
+
+        status = 0;
+        if (response != NULL) {
+            RA::Debug(LL_PER_PDU, "RA_Processor::ComputeRandomData Response is not ","NULL");
+            char *content = response->getContent();
+            if (content != NULL) {
+                char *statusStr = strstr((char *)content, "status=0&");
+                if (statusStr == NULL) {
+                    char *p = strstr((char *)content, "status=");
+
+                    if(p != NULL) {
+                        status = int(p[7]) - 48;
+
+                        RA::Debug(LL_PER_PDU, "RA_Processor::ComputeRandomData status from TKS is ","status %d",status);
+                        status = -1;
+		    } else {
+			status = -1;
+                        goto loser;
+		    }
+                } else {
+                    status = 0;
+                    // skip over "status=0&"
+                    char *p = &content[9];
+
+                    // get random data
+                    char *dataStr = strstr((char *)p, "DATA=");
+                    if (dataStr != NULL) {
+                      // skip over "DATA="
+                      p = &dataStr[5];
+
+                      char *dstr = new char[ dataSize *3 + 1];
+                      if(!dstr) {
+                          status = -1;
+                          goto loser;
+                      }
+                      strncpy(dstr, p, dataSize * 3); 
+                      dstr[dataSize*3] = '\0';
+                      decodedRandomData = Util::URLDecode(dstr);
+                      RA::DebugBuffer("RA_Processor::ComputeRandomData", "decodedRandomData=", decodedRandomData);
+
+                      if(dstr) {
+                          data_out = *decodedRandomData;
+                          delete [] dstr;
+                          dstr = NULL;
+                      }
+                      if(decodedRandomData) {
+                         delete decodedRandomData;
+                         decodedRandomData = NULL;
+                      }
+                }
+            }
+        }
+    }
+  }
+loser:
+    if( response != NULL ) {
+        response->freeContent();
+        delete response;
+        response = NULL;
+    }
+
+    if (tksConn != NULL) {
+       RA::ReturnTKSConn(tksConn);
+    }
+
+    return status;
+}
+
+bool RA_Processor::RevokeCertificates(RA_Session *session, char *cuid,char *audit_msg, 
+                                	char *final_applet_version, 
+                                	char *keyVersion, 
+                                	char *tokenType,
+                                        char *userid,
+                                        RA_Status &status )
+{
+        const char *OP_PREFIX = "op.format";
+        char *statusString = NULL;
+        char configname[256];
+        char filter[512];
+        char activity_msg[512];
+        char serial[100];
+        int rc = 0;
+        int statusNum;
+        LDAPMessage  *result = NULL;
+        LDAPMessage *e = NULL;
+        bool revocation_failed = false;
+
+        RA::Debug("RA_Processor::RevokeCertificates","RevokeCertificates! cuid %s",cuid);
+        PR_snprintf((char *)filter, 256, "(tokenID=%s)", cuid);
+        rc = RA::ra_find_tus_certificate_entries_by_order(filter, 100, &result, 1);
+        if (rc == 0) {
+            CertEnroll *certEnroll = new CertEnroll();
+            for (e = RA::ra_get_first_entry(result); e != NULL; e = RA::ra_get_next_entry(e)) {
+                char *attr_status = RA::ra_get_cert_status(e);
+                if (strcmp(attr_status, "revoked") == 0) {
+                    if (attr_status != NULL) {
+                        PL_strfree(attr_status);
+                        attr_status = NULL;
+                    }
+                    rc = RA::ra_delete_certificate_entry(e);
+                    continue;
+                }
+                char *attr_serial= RA::ra_get_cert_serial(e);
+                /////////////////////////////////////////////////
+                // Raidzilla Bug #57803:
+                // If the certificate is not originally created for this
+                // token, we should not revoke the certificate here.
+                //
+                // To figure out if this certificate is originally created
+                // for this token, we check the tokenOrigin attribute.
+                /////////////////////////////////////////////////
+                char *origin = RA::ra_get_cert_attr_byname(e, "tokenOrigin");
+                if (origin != NULL) {
+                  RA::Debug("RA_Processor::RevokeCertificates", "Origin is %s, Current is %s", origin, cuid);
+                  if (strcmp(origin, cuid) != 0) {
+                    // skip this certificate, no need to do nothing
+                    // We did not create this originally
+
+                    rc = RA::ra_delete_certificate_entry(e);
+                    continue;
+                  }
+                } else {
+                  RA::Debug("RA_Processor::RevokeCertificates", "Origin is not present");
+                }
+
+                PR_snprintf((char *)configname, 256, "%s.%s.revokeCert", OP_PREFIX, tokenType);
+                bool revokeCert = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+                if (revokeCert) {
+                    char *attr_cn = RA::ra_get_cert_cn(e);
+                    PR_snprintf((char *)configname, 256, "%s.%s.ca.conn", OP_PREFIX,
+                      tokenType);
+                    char *connid = (char *)(RA::GetConfigStore()->GetConfigAsString(configname));
+                    if (connid == NULL) {
+                       RA::Debug(LL_PER_PDU, "RA_Processor::RevokeCertificates", "Failed to get connection.");
+                       status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED;
+                       PR_snprintf(audit_msg, 512, "Failed to connect to CA, status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED");
+            
+                       revocation_failed = true;           
+                       goto loser;
+                    }
+                    PR_snprintf(serial, 100, "0x%s", attr_serial);
+         
+                    // if the certificates are revoked_on_hold, dont do 
+                    // anything because the certificates may be referenced
+                    // by more than one token.
+                    if (strcmp(attr_status, "revoked_on_hold") == 0) {
+                        RA::Debug("RA_Processor::RevokeCertificates", "This is revoked_on_hold certificate, skip it.");
+                        if (attr_status != NULL) {
+                            PL_strfree(attr_status);
+                            attr_status = NULL;
+                        }
+                        if (attr_serial != NULL) {
+                            PL_strfree(attr_serial);
+                            attr_serial = NULL;
+                        }
+                        if (attr_cn != NULL) {
+                            PL_strfree(attr_cn);
+                            attr_cn = NULL;
+                        }
+
+                        rc = RA::ra_delete_certificate_entry(e);
+                        continue;
+                    }
+                    statusNum = certEnroll->RevokeCertificate("1", serial, connid, statusString);
+                    RA::Debug("RA_Processor::RevokeCertificates", "Revoke cert %s status %d",serial,statusNum);
+
+                    if (statusNum == 0) {
+                        RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                      "Success", "revoke", serial, connid, "");
+                        PR_snprintf(activity_msg, 512, "certificate %s revoked", serial);
+                        RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "success", activity_msg, "", tokenType); 
+                        RA::ra_update_cert_status(attr_cn, "revoked");
+                    } else {
+                        RA::Audit(EV_FORMAT, AUDIT_MSG_CERT_STATUS_CHANGE, userid,
+                                      "Failure", "revoke", serial, connid, statusString);
+                        PR_snprintf(activity_msg, 512, "error in revoking certificate %s: %s", serial, statusString);
+                        RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", activity_msg, "", tokenType);
+                        revocation_failed = true;
+                    }
+
+                    if (attr_status != NULL) {
+                        PL_strfree(attr_status);
+                        attr_status = NULL;
+                    }
+                    if (attr_serial != NULL) {
+                        PL_strfree(attr_serial);
+                        attr_serial = NULL;
+                    }
+                    if (attr_cn != NULL) {
+                        PL_strfree(attr_cn);
+                        attr_cn = NULL;
+                    }
+                    if (statusString != NULL) {
+                        PR_Free(statusString);
+                        statusString = NULL;
+                    }
+                }
+                rc = RA::ra_delete_certificate_entry(e);
+            }
+            if (result != NULL)
+                ldap_msgfree(result);
+            if (certEnroll != NULL) 
+                delete certEnroll;
+        } else {
+            RA::Debug(LL_PER_PDU, "RA_Processor::RevokeCertificates", "Failed to revoke certificates on this token. Certs not found.");
+            status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED;
+            PR_snprintf(audit_msg, 512, "Failed to revoke certificates on this token. Certs not found. status = STATUS_ERROR_REVOKE_CERTIFICATES_FAILED");
+            revocation_failed = true;
+            goto loser;
+        }
+
+        rc = 0;
+        if (keyVersion != NULL) {
+            rc = RA::tdb_update("", cuid, (char *)final_applet_version, keyVersion, "uninitialized", "", tokenType);
+        }
+
+        if (rc != 0) {
+            RA::Debug(LL_PER_PDU, "RA_Processor::RevokeCertificates",
+	      "Failed to update the token database");
+            status = STATUS_ERROR_UPDATE_TOKENDB_FAILED;
+            PR_snprintf(audit_msg, 512, "Revoked certificates but failed to update the token database, status = STATUS_ERROR_UPDATE_TOKENDB_FAILED");
+            goto loser;
+        }
+
+loser:
+
+    return !revocation_failed;
+}
+
+RA_Status RA_Processor::Format(RA_Session *session, NameValueSet *extensions, bool skipAuth)
+{
+    const char *OP_PREFIX="op.format";
+    char configname[256];
+    char *cuid = NULL;
+    char *msn = NULL;
+    const char *tokenType = NULL;
+    PRIntervalTime start, end;
+    RA_Status status = STATUS_NO_ERROR;
+    int rc = -1;
+    Secure_Channel *channel = NULL;
+    Buffer kdd;
+    AuthParams *login = NULL;
+    // char *new_pin = NULL;
+    const char *applet_dir;
+    bool upgrade_enc = false;
+    SecurityLevel security_level = SECURE_MSG_MAC_ENC;
+
+    Buffer *buildID = NULL;
+    Buffer *token_status = NULL;
+    const char* required_version = NULL;
+    const char *appletVersion = NULL;
+    const char *final_applet_version = NULL;
+    const char *userid = PL_strdup( "" );
+    // BYTE se_p1 = 0x00;
+    // BYTE se_p2 = 0x00;
+    const char *expected_version;
+    int requiredV = 0;
+    const char *tksid = NULL;
+    const char *authid = NULL;
+    AuthParams *authParams = NULL;
+    Buffer host_challenge = Buffer(8, (BYTE)0);
+    Buffer key_diversification_data;
+    Buffer key_info_data;
+    Buffer card_challenge;
+    Buffer card_cryptogram;
+    Buffer *cplc_data = NULL;
+    char activity_msg[4096];
+    LDAPMessage *ldapResult = NULL;
+    LDAPMessage *e = NULL;
+    LDAPMessage  *result = NULL;
+    char filter[512];
+    Buffer curKeyInfo;
+    BYTE curVersion;
+    bool tokenFound = false;
+    int finalKeyVersion = 0;
+    char *keyVersion = NULL;
+    char *xuserid = NULL;
+    char audit_msg[512] = "";
+    char *profile_state = NULL;
+
+    Buffer *CardManagerAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		   RA::CFG_APPLET_CARDMGR_INSTANCE_AID, 
+		   RA::CFG_DEF_CARDMGR_INSTANCE_AID);
+    Buffer *NetKeyAID = RA::GetConfigStore()->GetConfigAsBuffer(
+		    RA::CFG_APPLET_NETKEY_INSTANCE_AID, 
+		    RA::CFG_DEF_NETKEY_INSTANCE_AID);
+    Buffer key_data_set;
+    Buffer token_cuid;
+    Buffer token_msn;
+    RA::Debug(LL_PER_PDU, "RA_Processor::Format",
+	      "Begin upgrade process");
+
+    BYTE major_version = 0x0;
+    BYTE minor_version = 0x0;
+    BYTE app_major_version = 0x0;
+    BYTE app_minor_version = 0x0;
+        const char *connid = NULL;
+        int upgrade_rc;
+
+    start = PR_IntervalNow();
+
+    RA::Debug("RA__Processor::Format", "Client %s",                       session->GetRemoteIP());
+
+
+    SelectApplet(session, 0x04, 0x00, CardManagerAID);
+    cplc_data = GetData(session);
+    if (cplc_data == NULL) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Get Data Failed");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          PR_snprintf(audit_msg, 512, "Get Data Failed, status = STATUS_ERROR_SECURE_CHANNEL");
+          goto loser;
+    }
+    RA::DebugBuffer("RA_Processor::Format", "CPLC Data = ", 
+                        cplc_data);
+    if (cplc_data->size() < 47) {
+          RA::Error("RA_Format_Processor::Process",
+                        "Invalid CPLC Size");
+          status = STATUS_ERROR_SECURE_CHANNEL;
+          PR_snprintf(audit_msg, 512, "Invalid CPLC Size, status = STATUS_ERROR_SECURE_CHANNEL");
+          goto loser;
+    }
+    token_cuid =  Buffer(cplc_data->substr(3,4)) +
+             Buffer(cplc_data->substr(19,2)) +
+             Buffer(cplc_data->substr(15,4));
+    RA::DebugBuffer("RA_Processor::Format", "Token CUID= ",
+                        &token_cuid);
+    cuid = Util::Buffer2String(token_cuid);
+
+    token_msn = Buffer(cplc_data->substr(41, 4));
+    RA::DebugBuffer("RA_Processor::Format", "Token MSN= ",
+                        &token_msn);
+    msn = Util::Buffer2String(token_msn);
+
+
+    /**
+     * Checks if the netkey has the required applet version.
+     */
+    SelectApplet(session, 0x04, 0x00, NetKeyAID);
+    token_status = GetStatus(session, 0x00, 0x00);
+    if (token_status == NULL) {
+        major_version = 0;
+        minor_version = 0;
+        app_major_version = 0x0;
+        app_minor_version = 0x0;
+    } else {
+        major_version = ((BYTE*)*token_status)[0];
+        minor_version = ((BYTE*)*token_status)[1];
+        app_major_version = ((BYTE*)*token_status)[2];
+        app_minor_version = ((BYTE*)*token_status)[3];
+    }
+
+    RA::Debug(LL_PER_PDU, "RA_Processor::Format",
+	      "Major=%d Minor=%d", major_version, minor_version);
+    RA::Debug(LL_PER_PDU, "RA_Processor::Format",
+	      "Applet Major=%d Applet Minor=%d", app_major_version, app_minor_version);
+
+    if (!GetTokenType(OP_PREFIX, major_version,
+                    minor_version, cuid, msn,
+                    extensions, status, tokenType)) {
+        PR_snprintf(audit_msg, 512, "Failed to get token type");
+        goto loser;
+    }
+
+    // check if profile is enabled 
+    PR_snprintf((char *)configname, 256, "config.Profiles.%s.state", tokenType);
+    profile_state = (char *) RA::GetConfigStore()->GetConfigAsString(configname);
+    if ((profile_state != NULL) && (PL_strcmp(profile_state, "Enabled") != 0)) {
+        RA::Error("RA_Format_Processor::Process", "Profile %s Disabled for CUID %s", tokenType, cuid);
+        status =  STATUS_ERROR_DEFAULT_TOKENTYPE_PARAMS_NOT_FOUND;
+        PR_snprintf(audit_msg, 512, "profile %s disabled", tokenType);
+        goto loser;
+    }
+
+    if (RA::ra_is_token_present(cuid)) {
+       RA::Debug("RA_Processor::Format",
+	      "Found token %s", cuid);
+
+      if (RA::ra_is_tus_db_entry_disabled(cuid)) {
+        RA::Error("RA_Format_Processor::Process",
+                        "CUID %s Disabled", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        PR_snprintf(audit_msg, 512, "CUID %s Disabled, status=STATUS_ERROR_DISABLED_TOKEN", cuid);
+        goto loser;
+      }
+    } else {
+       RA::Debug("RA_Processor::Format",
+	      "Not Found token %s", cuid);
+      // This is a new token. We need to check our policy to see
+      // if we should allow enrollment. raidzilla #57414
+      PR_snprintf((char *)configname, 256, "%s.allowUnknownToken",
+            OP_PREFIX);
+      if (!RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+        RA::Error("Process", "CUID %s Format Unknown Token", cuid);
+        status = STATUS_ERROR_DISABLED_TOKEN;
+        PR_snprintf(audit_msg, 512, "Unknown token disallowed,  status=STATUS_ERROR_DISABLED_TOKEN");
+        goto loser;
+      }
+
+    }
+
+    // we know cuid and msn here 
+    RA::Audit(EV_FORMAT, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "format",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "token enabled");
+
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn",
+                    OP_PREFIX, tokenType);
+    tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (tksid == NULL) {
+        RA::Error("RA_Format_Processor::Process",
+                        "TKS Connection Parameter %s Not Found", configname);
+        status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND;
+        PR_snprintf(audit_msg, 512, "TKS Connection Parameter %s Not Found, status = STATUS_ERROR_DEFAULT_TOKENTYPE_NOT_FOUND", configname);
+        goto loser;
+    }
+
+    buildID = GetAppletVersion(session);
+    if (buildID == NULL) {
+        PR_snprintf((char *)configname, 256, "%s.%s.update.applet.emptyToken.enable", OP_PREFIX, tokenType);
+        if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+            appletVersion = PL_strdup( "" );
+        } else {
+            RA::Error("RA_Format_Processor::Process", 
+              "no applet found and applet upgrade not enabled");
+            status = STATUS_ERROR_SECURE_CHANNEL;		 
+            PR_snprintf(audit_msg, 512, "No applet found and applet upgrade not enabled, status = STATUS_ERROR_SECURE_CHANNEL");
+            goto loser;
+        }
+    } else {
+      char * buildid =  Util::Buffer2String(*buildID);
+      RA::Debug("RA_Processor::Format", "buildid = %s", buildid);
+      char version[13];
+      PR_snprintf((char *) version, 13,
+		  "%x.%x.%s", app_major_version, app_minor_version,
+		  buildid);
+      appletVersion = strdup(version);
+      if (buildid != NULL) {
+          PR_Free(buildid);
+          buildid=NULL;
+      }
+    }
+
+    final_applet_version = strdup(appletVersion);
+    RA::Debug("RA_Processor::Format", "final_applet_version = %s", final_applet_version);
+
+    /**
+     * Checks if we need to upgrade applet. 
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.requiredVersion", OP_PREFIX, tokenType);
+
+    required_version = RA::GetConfigStore()->GetConfigAsString(
+      configname);
+    expected_version = PL_strdup(required_version);
+
+    if (expected_version == NULL) {
+        RA::Error("RA_Format_Processor::Process", 
+          "upgrade.version not found");
+        status = STATUS_ERROR_MISCONFIGURATION;		 
+        PR_snprintf(audit_msg, 512, "Upgrade version not found, status = STATUS_ERROR_MISCONFIGURATION");
+        goto loser;
+    }
+    /* upgrade applet */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.directory", OP_PREFIX, tokenType);
+    applet_dir = RA::GetConfigStore()->GetConfigAsString(configname);
+    if (applet_dir == NULL) {
+        RA::Error(LL_PER_PDU, "RA_Processor::UpdateApplet",
+          "Failed to get %s", applet_dir);
+        status = STATUS_ERROR_MISCONFIGURATION;		 
+        PR_snprintf(audit_msg, 512, "Failed to get %s, status = STATUS_ERROR_MISCONFIGURATION", applet_dir);
+        goto loser;
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.loginRequest.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1) && !skipAuth) {
+        if (extensions != NULL &&
+               extensions->GetValue("extendedLoginRequest") != NULL)
+        {
+                   RA::Debug("RA_rocessor::Format",
+                "Extended Login Request detected");
+                   AuthenticationEntry *entry = GetAuthenticationEntry(
+            OP_PREFIX, configname, tokenType);
+                   char **params = NULL;
+                   char pb[1024];
+                   char *locale = NULL;
+           if (extensions != NULL &&
+               extensions->GetValue("locale") != NULL)
+                   {
+                           locale = extensions->GetValue("locale");
+                   } else {
+                           locale = ( char * ) "en"; /* default to english */
+                   }
+                   int n = entry->GetAuthentication()->GetNumOfParamNames();
+                   if (n > 0) {
+                       RA::Debug("RA_Processor::Format",
+                "Extended Login Request detected n=%d", n);
+                       params = (char **) PR_Malloc(n);
+                       for (int i = 0; i < n; i++) {
+                         sprintf(pb,"id=%s&name=%s&desc=%s&type=%s&option=%s",
+                             entry->GetAuthentication()->GetParamID(i),
+                             entry->GetAuthentication()->GetParamName(i, locale),
+                             entry->GetAuthentication()->GetParamDescription(i,
+locale),
+                             entry->GetAuthentication()->GetParamType(i),
+                             entry->GetAuthentication()->GetParamOption(i)
+                             );
+                         params[i] = PL_strdup(pb);
+                   RA::Debug("RA_Processor::Format",
+                "params[i]=%s", params[i]);
+                       }
+                   }
+                   RA::Debug("RA_rocessor::Format", "Extended Login Request detected calling RequestExtendedLogin() locale=%s", locale);
+                                                                                
+                   char *title = PL_strdup(entry->GetAuthentication()->GetTitle(locale));
+                   RA::Debug("RA_Processor::Format", "title=%s", title);
+                   char *description = PL_strdup(entry->GetAuthentication()->GetDescription(locale));
+                   RA::Debug("RA_Processor::Format", "description=%s", description);
+           login = RequestExtendedLogin(session, 0 /* invalid_pw */, 0 /* blocked */, params, n, title, description);
+
+                   if (params != NULL) {
+                       for (int nn=0; nn < n; nn++) {
+                           if (params[nn] != NULL) {
+                               PL_strfree(params[nn]);
+                               params[nn] = NULL;
+                           }
+                       }
+                       free(params);
+                       params = NULL;
+                   }
+
+                   if (title != NULL) {
+                       PL_strfree(title);
+                       title = NULL;
+                   }
+          
+                   if (description != NULL) {
+                       PL_strfree(description);
+                       description = NULL;
+                   }
+
+
+                   RA::Debug("RA_Processor::Format",
+    "Extended Login Request detected calling RequestExtendedLogin() login=%x", login);
+        } else {
+          login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+        }
+        if (login == NULL) {
+            RA::Error("RA_Format_Processor::Process",
+              "login not provided");
+            status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "login not provided, status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+        if( userid != NULL ) {
+          PR_Free( (char *) userid );
+          userid = NULL;
+        }
+        if (login->GetUID() == NULL) {
+          userid = NULL;
+        } else {
+          userid = PL_strdup( login->GetUID() );
+        } 
+    }
+
+    // send status update to the client
+    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 2 /* progress */, 
+	                          "PROGRESS_START_AUTHENTICATION");
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.auth.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, false) && !skipAuth) {
+        if (login == NULL) {
+            RA::Error("RA_Format_Processor::Process", "Login Request Disabled. Authentication failed.");
+            status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "login request disabled, status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+
+        PR_snprintf((char *)configname, 256, "%s.%s.auth.id", OP_PREFIX, tokenType);
+        authid = RA::GetConfigStore()->GetConfigAsString(configname);
+        if (authid == NULL) {
+            status = STATUS_ERROR_LOGIN;		 
+            PR_snprintf(audit_msg, 512, "login not found, status = STATUS_ERROR_LOGIN");
+            goto loser;
+	}
+        AuthenticationEntry *auth = RA::GetAuth(authid);
+
+        if(auth == NULL)
+        {
+            RA::Error("RA_Format_Processor::Process", "Authentication manager is NULL . Authentication failed.");
+            status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "authentication manager is NULL, status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+
+        char *type = auth->GetType();
+        if (type == NULL) {
+            status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "authentication is missing param type, status = STATUS_ERROR_LOGIN");
+            goto loser;
+        }
+        if (strcmp(type, "LDAP_Authentication") == 0) {
+            RA::Debug(LL_PER_PDU, "RA_Format_Processor::Process",
+                    "LDAP_Authentication is invoked.");
+            int passwd_retries = auth->GetAuthentication()->GetNumOfRetries();
+            int retries = 0;
+            authParams = new AuthParams();
+            authParams->SetUID(login->GetUID());
+            authParams->SetPassword(login->GetPassword());
+            rc = auth->GetAuthentication()->Authenticate(authParams);
+
+            RA::Debug("RA_Format_Processor::Process",
+              "Authenticate returns: %d", rc);
+
+            while ((rc == -2 || rc == -3) && (retries < passwd_retries)) {
+                login = RequestLogin(session, 0 /* invalid_pw */, 0 /* blocked */);
+                retries++;
+                if (login == NULL || login->GetUID() == NULL) {
+                  RA::Error("RA_Format_Processor::Process", "Authentication failed.");
+                  status = STATUS_ERROR_LOGIN;
+                  PR_snprintf(audit_msg, 512, "authentication failed, status = STATUS_ERROR_LOGIN");
+                  goto loser;
+                }
+                authParams->SetUID(login->GetUID());
+                authParams->SetPassword(login->GetPassword());
+                rc = auth->GetAuthentication()->Authenticate(authParams);
+            }
+
+            if (rc == -1) {
+                RA::Error("RA_Format_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LDAP_CONN;
+                RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication status = %d", status);
+                PR_snprintf(audit_msg, 512, "Authentication failed, status = STATUS_ERROR_LDAP_CONN"); 
+                goto loser;
+            }
+
+            if (rc == -2 || rc == -3) {
+                RA::Error("RA_Format_Processor::Process", "Authentication failed.");
+                status = STATUS_ERROR_LOGIN;
+                RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication status = %d", status);
+                PR_snprintf(audit_msg, 512, "Authentication failed, rc=-2 or -3, status = STATUS_ERROR_LOGIN"); 
+                goto loser;
+            }
+
+            RA::Debug(LL_PER_PDU, "RA_Processor::Format", "Authentication successful.");
+        } else {
+            RA::Error("RA_Format_Processor::Process", "No Authentication type was found.");
+            status = STATUS_ERROR_LOGIN;
+            PR_snprintf(audit_msg, 512, "No Authentication type found, status = STATUS_ERROR_LOGIN"); 
+            goto loser;
+        }
+    } else {
+        RA::Debug(LL_PER_PDU, "RA_Processor::Format",
+          "Authentication has been disabled.");
+    }
+
+    // check if it is the token owner
+   xuserid = RA::ra_get_token_userid(cuid);
+   if (xuserid != NULL && strcmp(xuserid, "") != 0) {
+     if (login != NULL) {
+       if (strcmp(login->GetUID(), xuserid) != 0) {
+          RA::Debug(LL_PER_PDU, "RA_Processor::Format",
+            "Token owner mismatched");
+          status = STATUS_ERROR_NOT_TOKEN_OWNER;
+          PR_snprintf(audit_msg, 512, "Token owner mismatched, status = STATUS_ERROR_NOT_TOKEN_OWNER");
+          goto loser;
+       }
+     }
+   }
+
+    // we know cuid, msn and userid  here 
+    RA::Audit(EV_FORMAT, AUDIT_MSG_PROC,
+      userid != NULL ? userid : "",
+      cuid != NULL ? cuid : "",
+      msn != NULL ? msn : "",
+      "success",
+      "format",
+      final_applet_version != NULL ? final_applet_version : "",
+      keyVersion != NULL? keyVersion : "",
+      "logged into token");
+
+    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 10 /* progress */, 
+	                          "PROGRESS_APPLET_UPGRADE");
+    }
+
+    PR_snprintf((char *)configname, 256, "%s.%s.update.applet.encryption", OP_PREFIX, tokenType);
+    upgrade_enc = RA::GetConfigStore()->GetConfigAsBool(configname, true);
+    if (!upgrade_enc)
+        security_level = SECURE_MSG_MAC;
+    PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+    connid = RA::GetConfigStore()->GetConfigAsString(configname);
+    upgrade_rc = UpgradeApplet(session,(char *) OP_PREFIX, (char*)tokenType, major_version, 
+      minor_version, expected_version, applet_dir, security_level, connid,
+			       extensions, 10, 90, &keyVersion);
+    if (upgrade_rc != 1) {
+        RA::Debug("RA_Processor::Format", 
+          "applet upgrade failed");
+        status = STATUS_ERROR_UPGRADE_APPLET;		 
+        /**
+         * Bugscape #55709: Re-select Net Key Applet ONLY on failure.
+         */
+        SelectApplet(session, 0x04, 0x00, NetKeyAID);
+        RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "failure", "applet upgrade error", "", tokenType);
+    
+        RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, 
+          userid, cuid, msn, "Failure", "format", 
+          keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "applet upgrade");
+
+        goto loser;
+    } 
+
+    RA::Audit(EV_APPLET_UPGRADE, AUDIT_MSG_APPLET_UPGRADE, 
+      userid, cuid, msn, "Success", "format", 
+      keyVersion != NULL? keyVersion : "", appletVersion, expected_version, "applet upgrade");
+
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+
+    final_applet_version = expected_version;
+
+    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 90 /* progress */, 
+	                          "PROGRESS_KEY_UPGRADE");
+    }
+
+    // add issuer info to the token
+    PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.enable", 
+          OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 0)) {
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        channel = SetupSecureChannel(session, 0x00,
+                  defKeyIndex  /* default key index */, connid);
+        rc = channel->ExternalAuthenticate();
+        if (channel != NULL) {
+            char issuer[224];
+            for (int i = 0; i < 224; i++) {
+              issuer[i] = 0;
+            }
+            PR_snprintf((char *)configname, 256, "%s.%s.issuerinfo.value", 
+               OP_PREFIX, tokenType);
+            char *issuer_val = (char*)RA::GetConfigStore()->GetConfigAsString(
+                                   configname);
+            sprintf(issuer, "%s", issuer_val);
+            RA::Debug("RA_Processor::Format", "Set Issuer Info %s", issuer_val);
+            Buffer *info = new Buffer((BYTE*)issuer, 224);
+            rc = channel->SetIssuerInfo(info);
+             
+            if (info != NULL) {
+                delete info;
+                info = NULL;
+            }
+        }
+    }
+
+    /**
+     * Checks if the netkey has the required key version.
+     */
+    PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.enable", OP_PREFIX, tokenType);
+    if (RA::GetConfigStore()->GetConfigAsBool(configname, 1)) {
+
+        PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+        requiredV = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+        PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+        tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        channel = SetupSecureChannel(session, requiredV,
+                   defKeyIndex  /* default key index */, tksid);
+        if (channel == NULL) {
+            /**
+             * Select Card Manager for Put Key operation.
+             */
+            SelectApplet(session, 0x04, 0x00, CardManagerAID);
+	    // send status update to the client
+	    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 92 /* progress */, 
+	                          "PROGRESS_SETUP_SECURE_CHANNEL");
+	    }
+            /* if the key of the required version is
+             * not found, create them.
+             */ 
+        PR_snprintf((char *)configname, 256,"channel.defKeyVersion");
+        int defKeyVer = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+        PR_snprintf((char *)configname, 256,"channel.defKeyIndex");
+        int defKeyIndex = RA::GetConfigStore()->GetConfigAsInt(configname, 0x0);
+            channel = SetupSecureChannel(session, 
+                  defKeyVer,  /* default key version */
+                  defKeyIndex  /* default key index */, tksid);
+ 
+            if (channel == NULL) {
+                RA::Error("RA_Upgrade_Processor::Process", 
+                  "failed to establish secure channel");
+                status = STATUS_ERROR_SECURE_CHANNEL;		 
+                PR_snprintf(audit_msg, 512, "Failed to establish secure channel");
+                goto loser;
+            }
+
+	    // send status update to the client
+	    if (extensions != NULL && 
+		extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 94 /* progress */, 
+	                          "PROGRESS_EXTERNAL_AUTHENTICATE");
+	    }
+
+            rc = channel->ExternalAuthenticate();
+
+            PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+            int v = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+            curKeyInfo = channel->GetKeyInfoData();
+            BYTE nv[2] = { v, 0x01 };
+            Buffer newVersion(nv, 2);
+            PR_snprintf((char *)configname,  256,"%s.%s.tks.conn", OP_PREFIX, tokenType);
+            connid = RA::GetConfigStore()->GetConfigAsString(configname);
+            rc = CreateKeySetData(
+              channel->GetKeyDiversificationData(), 
+              curKeyInfo,
+              newVersion,
+              key_data_set, connid);
+            if (rc != 1) {
+                RA::Error("RA_Format_Processor::Process", 
+                  "failed to create new key set");
+                status = STATUS_ERROR_CREATE_CARDMGR;
+                PR_snprintf(audit_msg, 512, "create key set error, status = STATUS_ERROR_CREATE_CARDMGR");
+                goto loser;
+            }
+
+            curVersion = ((BYTE*)curKeyInfo)[0];
+
+
+	    // send status update to the client
+	    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 96 /* progress */, 
+	                          "PROGRESS_PUT_KEYS");
+	    }
+
+            BYTE curIndex = ((BYTE*)curKeyInfo)[1];
+            rc = channel->PutKeys(session, 
+                  curVersion,
+                  curIndex,
+                  &key_data_set);
+
+
+            // need to check return value of rc
+             // and create audit log for failure
+
+            if (rc != 0) {
+                RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
+                    userid, cuid, msn, "Failure", "format", 
+                    final_applet_version, curVersion, ((BYTE*)newVersion)[0], 
+                    "key changeover failed");
+                // do we goto loser here?
+            } 
+
+             finalKeyVersion = ((int) ((BYTE *)newVersion)[0]);
+            /**
+	     * Re-select Net Key Applet.
+	     */
+            SelectApplet(session, 0x04, 0x00, NetKeyAID);
+            PR_snprintf((char *)configname, 256, "%s.%s.update.symmetricKeys.requiredVersion", OP_PREFIX, tokenType);
+            requiredV = RA::GetConfigStore()->GetConfigAsInt(configname, 0x00);
+            PR_snprintf((char *)configname, 256, "%s.%s.tks.conn", OP_PREFIX, tokenType);
+            tksid = RA::GetConfigStore()->GetConfigAsString(configname);
+            if( channel != NULL ) {
+                delete channel;
+                channel = NULL;
+            }
+	    // send status update to the client
+	    if (extensions != NULL && 
+	             extensions->GetValue("statusUpdate") != NULL) {
+	               StatusUpdate(session, 98 /* progress */, 
+	                          "PROGRESS_SETUP_SECURE_CHANNEL");
+	    }
+
+
+            channel = SetupSecureChannel(session, requiredV,
+              defKeyIndex  /* default key index */, tksid);
+            if (channel == NULL) {
+                RA::Error("RA_Format_Processor::Process", 
+			      "failed to establish secure channel after reselect");
+                status = STATUS_ERROR_CREATE_CARDMGR;
+                PR_snprintf(audit_msg, 512,"failed to establish secure channel after reselect, status = STATUS_ERROR_CREATE_CARDMGR");
+                goto loser;
+            }
+
+            RA::Audit(EV_KEY_CHANGEOVER, AUDIT_MSG_KEY_CHANGEOVER,
+                    userid, cuid, msn, "Success", "format",
+                    final_applet_version, curVersion, ((BYTE*)newVersion)[0],
+                    "key changeover");
+
+        }     
+    }
+
+    PR_snprintf((char *)filter, 256, "(cn=%s)", cuid);
+    rc = RA::ra_find_tus_token_entries(filter, 100, &result, 0);
+    if (rc == 0) {
+        for (e = RA::ra_get_first_entry(result); e != NULL; e = RA::ra_get_next_entry(e)) {
+            tokenFound = true;
+            break;
+        }
+        if (result != NULL)
+            ldap_msgfree(result);
+    }
+
+    // get keyVersion
+    if (channel != NULL) {
+        if (keyVersion != NULL) {
+            PR_Free( (char *) keyVersion );
+            keyVersion = NULL;
+        }
+        keyVersion = Util::Buffer2String(channel->GetKeyInfoData());
+    }
+
+    // need to revoke all the certificates on this token
+    if (tokenFound) {
+
+       //Now we call a separate function, the audit_msg will get filled in there if needed.
+
+       bool success = RevokeCertificates(session, cuid,audit_msg,(char *)final_applet_version,
+                                             keyVersion,(char *)tokenType,(char *)userid,status
+        );
+
+        if(!success)  {
+            goto loser;
+        }
+
+    } else {        
+        rc = RA::tdb_update("", cuid, (char *)final_applet_version, keyVersion, "uninitialized", "", tokenType);
+        if (rc != 0) {
+            RA::Debug(LL_PER_PDU, "RA_Processor::Format",
+              "Failed to update the token database");
+            status = STATUS_ERROR_UPDATE_TOKENDB_FAILED;
+            PR_snprintf(audit_msg, 512, "Failed to update the token database, status = STATUS_ERROR_UPDATE_TOKENDB_FAILED");
+            goto loser;
+        }
+    }
+
+    // send status update to the client
+    if (extensions != NULL &&
+               extensions->GetValue("statusUpdate") != NULL) {
+                      StatusUpdate(session, 100 /* progress */,
+                                                 "PROGRESS_DONE");
+    }
+
+    status = STATUS_NO_ERROR;
+    rc = 1;
+
+    end = PR_IntervalNow();
+
+    sprintf(activity_msg, "applet_version=%s tokenType=%s", 
+           final_applet_version, tokenType);
+    RA::tdb_activity(session->GetRemoteIP(), cuid, "format", "success", activity_msg, userid, tokenType);
+
+    /* audit log for successful format */
+    if (authid != NULL) {
+        sprintf(activity_msg, "format processing complete, authid = %s", authid);
+    } else {
+        sprintf(activity_msg, "format processing complete");
+    } 
+    RA::Audit(EV_FORMAT, AUDIT_MSG_PROC, 
+      userid, cuid, msn, "success", "format", final_applet_version, 
+      keyVersion != NULL? keyVersion : "", activity_msg);
+
+loser:
+    if (strlen(audit_msg) > 0) { // a failure occurred
+        RA::Audit(EV_FORMAT, AUDIT_MSG_PROC,
+          userid != NULL ? userid : "",
+          cuid != NULL ? cuid : "",
+          msn != NULL ? msn : "",
+          "failure",
+          "format",
+          final_applet_version != NULL ? final_applet_version : "",
+          keyVersion != NULL? keyVersion : "",
+          audit_msg);
+
+        if ((cuid != NULL) && (tokenType != NULL)) {
+            RA::tdb_activity(session->GetRemoteIP(),
+                cuid, 
+                "format", 
+                "failure",
+                audit_msg, 
+                userid != NULL? userid : "", 
+                tokenType);
+        } 
+    }
+
+    if (keyVersion != NULL) {
+        PR_Free( (char *) keyVersion );
+        keyVersion = NULL;
+    }
+
+    if (ldapResult != NULL) {
+        ldap_msgfree(ldapResult);
+    }
+
+    if( cplc_data != NULL ) {
+        delete cplc_data;
+        cplc_data = NULL;
+    }
+    if( CardManagerAID != NULL ) {
+        delete CardManagerAID;
+        CardManagerAID = NULL;
+    }
+    if( NetKeyAID != NULL ) {
+        delete NetKeyAID;
+        NetKeyAID = NULL;
+    }
+    if( channel != NULL ) {
+        delete channel;
+        channel = NULL;
+    }
+    if( token_status != NULL ) {
+        delete token_status;
+        token_status = NULL;
+    }
+    if( buildID != NULL ) {
+        delete buildID;
+        buildID = NULL;
+    }
+    if( appletVersion != NULL ) {
+        PR_Free( (char *) appletVersion );
+        appletVersion = NULL;
+    }
+    if( final_applet_version != NULL ) {
+        PR_Free( (char *) final_applet_version );
+        final_applet_version = NULL;
+    }
+    if( userid != NULL ) {
+        PR_Free( (char *) userid );
+        userid = NULL;
+    }
+    if( cuid != NULL ) {
+        PR_Free( cuid );
+        cuid = NULL;
+    }
+    if( msn != NULL ) {
+        PR_Free( msn );
+        msn = NULL;
+    }
+    if( authParams != NULL ) {
+        delete authParams;
+        authParams = NULL;
+    }
+    if( login != NULL ) {
+        delete login;
+        login = NULL;
+    }
+
+#ifdef   MEM_PROFILING     
+            MEM_dump_unfree();
+#endif
+
+    RA::Debug("RA_Processor::Format"," returning status %d", status);
+    return status;
+}
+
+/**
+ * Process the current session. It does nothing in the base
+ * class.
+ */
+RA_Status RA_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    return STATUS_NO_ERROR;
+} /* Process */
+
diff --git a/pki/base/tps/src/processor/RA_Renew_Processor.cpp b/pki/base/tps/src/processor/RA_Renew_Processor.cpp
new file mode 100644
index 000000000..5caa329b4
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Renew_Processor.cpp
@@ -0,0 +1,57 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Renew_Processor.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs a renew processor.
+ */
+TPS_PUBLIC RA_Renew_Processor::RA_Renew_Processor()
+{
+}
+
+/**
+ * Destructs a renew processor.
+ */
+TPS_PUBLIC RA_Renew_Processor::~RA_Renew_Processor()
+{
+}
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Renew_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    RA::Debug("RA_Renew_Processor::Process",
+        "RA_Renew_Processor::Process");
+
+    return STATUS_NO_ERROR;
+}
diff --git a/pki/base/tps/src/processor/RA_Unblock_Processor.cpp b/pki/base/tps/src/processor/RA_Unblock_Processor.cpp
new file mode 100644
index 000000000..0bdbcfa2b
--- /dev/null
+++ b/pki/base/tps/src/processor/RA_Unblock_Processor.cpp
@@ -0,0 +1,58 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "engine/RA.h"
+#include "main/RA_Msg.h"
+#include "main/RA_Session.h"
+#include "processor/RA_Processor.h"
+#include "processor/RA_Unblock_Processor.h"
+#include "main/Memory.h"
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+/**
+ * Constructs the unblock processor.
+ */
+TPS_PUBLIC RA_Unblock_Processor::RA_Unblock_Processor()
+{
+} /* RA_Unblock_Processor */
+
+/**
+ * Destructs the unblock processor.
+ */
+TPS_PUBLIC RA_Unblock_Processor::~RA_Unblock_Processor()
+{
+} /* RA_Unblock_Processor */
+
+/**
+ * Processes the current session.
+ */
+TPS_PUBLIC RA_Status RA_Unblock_Processor::Process(RA_Session *session, NameValueSet *extensions)
+{
+    RA::Debug("RA_Unblock_Processor::Process", "Client %s",                       session->GetRemoteIP());
+
+    RA::Debug("RA_Unblock_Processor::Process",
+        "RA_Unblock_Processor::Process");
+    return STATUS_NO_ERROR;
+} /* Process */
diff --git a/pki/base/tps/src/selftests/SelfTest.cpp b/pki/base/tps/src/selftests/SelfTest.cpp
new file mode 100644
index 000000000..71266d581
--- /dev/null
+++ b/pki/base/tps/src/selftests/SelfTest.cpp
@@ -0,0 +1,220 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#include "cert.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+}   
+#endif
+
+#include "engine/RA.h"
+#include "main/ConfigStore.h"
+#include "selftests/SelfTest.h"
+#include "selftests/TPSPresence.h"
+#include "selftests/TPSValidity.h"
+#include "selftests/TPSSystemCertsVerification.h"
+
+
+const char *SelfTest::CFG_SELFTEST_STARTUP = "selftests.container.order.startup";
+const char *SelfTest::CFG_SELFTEST_ONDEMAND = "selftests.container.order.onDemand";
+const int  SelfTest::nTests = 3;
+const char *SelfTest::TEST_NAMES[SelfTest::nTests] = { TPSPresence::TEST_NAME, TPSValidity::TEST_NAME, TPSSystemCertsVerification::TEST_NAME };
+
+int SelfTest::isInitialized = 0;
+int SelfTest::StartupSystemCertsVerificationRun = 0;
+
+SelfTest::SelfTest()
+{
+}
+
+SelfTest::~SelfTest()
+{
+}
+
+void SelfTest::Initialize (ConfigStore *cfg)
+{
+    if (SelfTest::isInitialized == 0) {
+        SelfTest::isInitialized = 1;
+        TPSPresence::Initialize (cfg);
+        TPSValidity::Initialize (cfg);
+        TPSSystemCertsVerification::Initialize (cfg);
+        SelfTest::isInitialized = 2;
+    }
+    RA::SelfTestLog("SelfTest::Initialize", "%s", ((isInitialized==2)?"successfully completed":"failed"));
+}
+
+// Error codes:
+//   -1 - missing cert db handle
+//    2 - missing cert
+//   -3 - missing cert nickname
+//    4 - secCertTimeExpired
+//    5 - secCertTimeNotValidYet
+// critical errors are negative
+
+int SelfTest::runStartUpSelfTests (const char *nickname)
+{
+    int rc = 0;
+    CERTCertificate *cert = 0;
+
+    RA::SelfTestLog("SelfTest::runStartUpSelfTests", "per cert selftests starting for %s", nickname);
+    if (TPSPresence::isStartupEnabled()) {
+        rc = TPSPresence::runSelfTest(nickname, &cert);
+    }
+    if (rc != 0 && TPSPresence::isStartupCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSPresence self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSPresence self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSPresence self test has been successfully completed.");
+    }
+    if (TPSValidity::isStartupEnabled()) {
+        rc = TPSValidity::runSelfTest(nickname, cert);
+    }
+    if (cert != 0) {
+        CERT_DestroyCertificate (cert);
+        cert = 0;
+    }
+    if (rc != 0 && TPSValidity::isStartupCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSValidity self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSValidity self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSValidity self test has been successfully completed.");
+    }
+
+    RA::SelfTestLog("SelfTest::runStartUpSelfTests", "per cert selftests done for %s", nickname);
+    return 0;
+}
+
+int SelfTest::runStartUpSelfTests ()
+{
+    int rc = 0;
+
+    RA::SelfTestLog("SelfTest::runStartUpSelfTests", "general selftests starting");
+    /* this only needs to run once at startup */
+    if (SelfTest::StartupSystemCertsVerificationRun == 0) {
+        if (TPSSystemCertsVerification::isStartupEnabled()) {
+           rc = TPSSystemCertsVerification::runSelfTest();
+       }
+       if (rc != 0 && TPSSystemCertsVerification::isStartupCritical()) {
+           if (rc > 0) rc *= -1;
+           RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc);
+           return rc;
+       } else if (rc != 0) {
+           RA::SelfTestLog("SelfTest::runStartUpSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc);
+       } else {
+           RA::SelfTestLog("SelfTest::runStartUpSelfTests", "TPSSystemCertsVerification self test has been successfully completed.");
+       }
+       SelfTest::StartupSystemCertsVerificationRun = 1;
+    }
+
+    RA::SelfTestLog("SelfTest::runStartUpSelfTests", "general selftests done");
+    return 0;
+}
+
+int SelfTest::runOnDemandSelfTests ()
+{
+    int rc = 0;
+    RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "starting");
+    if (TPSPresence::isOnDemandEnabled()) {
+        rc = TPSPresence::runSelfTest();
+    }
+    if (rc != 0 && TPSPresence::isOnDemandCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSPresence self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSPresence self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSPresence self test has been successfully completed.");
+    }
+    if (TPSValidity::isOnDemandEnabled()) {
+        rc = TPSValidity::runSelfTest();
+    }
+    if (rc != 0 && TPSValidity::isOnDemandCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSValidity self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSValidity self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSValidity self test has been successfully completed.");
+    }
+
+    if (TPSSystemCertsVerification::isOnDemandEnabled()) {
+        rc = TPSSystemCertsVerification::runSelfTest();
+    }
+    if (rc != 0 && TPSSystemCertsVerification::isOnDemandCritical()) {
+        if (rc > 0) rc *= -1;
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Critical TPSSystemCertsVerification self test failure: %d", rc);
+        return rc;
+    } else if (rc != 0) {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "Noncritical TPSSystemCertsVerification self test failure: %d", rc);
+    } else {
+        RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "TPSSystemCertsVerification self test has been successfully completed.");
+    }
+    RA::SelfTestLog("SelfTest::runOnDemandSelfTests", "done");
+    return rc;
+}
+
+int SelfTest::isOnDemandEnabled ()
+{
+    int n = 0;
+    if (TPSPresence::isOnDemandEnabled()) n++;
+    if (TPSValidity::isOnDemandEnabled()) n += 2;
+    if (TPSSystemCertsVerification::isOnDemandEnabled()) n += 4;
+    return n;
+}
+
+int SelfTest::isOnDemandCritical ()
+{
+    int n = 0;
+    if (TPSPresence::isOnDemandCritical()) n++;
+    if (TPSValidity::isOnDemandCritical()) n += 2;
+    if (TPSSystemCertsVerification::isOnDemandCritical()) n += 4;
+    return n;
+}
+
diff --git a/pki/base/tps/src/selftests/TPSPresence.cpp b/pki/base/tps/src/selftests/TPSPresence.cpp
new file mode 100644
index 000000000..7f37fd0fb
--- /dev/null
+++ b/pki/base/tps/src/selftests/TPSPresence.cpp
@@ -0,0 +1,204 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#include "cert.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+}   
+#endif
+
+#include "engine/RA.h"
+#include "main/ConfigStore.h"
+#include "selftests/TPSPresence.h"
+
+
+int  TPSPresence::initialized = 0;
+bool TPSPresence::startupEnabled = false;
+bool TPSPresence::onDemandEnabled = false;
+bool TPSPresence::startupCritical = false;
+bool TPSPresence::onDemandCritical = false;
+char *TPSPresence::nickname = 0;
+const char *TPSPresence::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]";
+const char *TPSPresence::NICKNAME_NAME = "selftests.plugin.TPSPresence.nickname";
+const char *TPSPresence::CRITICAL_TEST_NAME = "TPSPresence:critical";
+const char *TPSPresence::TEST_NAME = "TPSPresence";
+
+//default constructor
+TPSPresence::TPSPresence()
+{
+}
+
+TPSPresence::~TPSPresence()
+{
+}
+
+void TPSPresence::Initialize (ConfigStore *cfg)
+{
+    if (TPSPresence::initialized == 0) {
+        TPSPresence::initialized = 1;
+        const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP);
+        if (s != 0) {
+            if (PL_strstr (s, TPSPresence::CRITICAL_TEST_NAME) != 0) {
+                startupCritical = true;
+                startupEnabled = true;
+            } else if (PL_strstr (s, TPSPresence::TEST_NAME) != 0) {
+                startupEnabled = true;
+            }
+        }
+        const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND);
+        if (d != 0) {
+            if (PL_strstr (d, TPSPresence::CRITICAL_TEST_NAME) != 0) {
+                onDemandCritical = true;
+                onDemandEnabled = true;
+            } else if (PL_strstr (d, TPSPresence::TEST_NAME) != 0) {
+                onDemandEnabled = true;
+            }
+        }
+        char* n = (char*)(cfg->GetConfigAsString(TPSPresence::NICKNAME_NAME));
+        if (n != 0 && PL_strlen(n) > 0) {
+            if (PL_strstr (n, TPSPresence::UNINITIALIZED_NICKNAME) != NULL) {
+                TPSPresence::initialized = 0;
+            } else {
+                TPSPresence::nickname = n;
+            }
+
+            TPSPresence::nickname = n;
+        }
+        if (TPSPresence::initialized == 1) {
+            TPSPresence::initialized = 2;
+        }
+    }
+    RA::SelfTestLog("TPSPresence::Initialize", "%s", ((initialized==2)?"successfully completed":"failed"));
+}
+
+// Error codes:
+//   -1 - missing cert db handle
+//    2 - missing cert
+//   -3 - missing cert nickname
+//    4 - secCertTimeExpired
+//    5 - secCertTimeNotValidYet
+// critical errors are negative
+
+int TPSPresence::runSelfTest ()
+{
+    int rc = 0;
+
+    if (TPSPresence::initialized == 2) {
+        if (TPSPresence::nickname != 0 && PL_strlen(TPSPresence::nickname) > 0) {
+            rc = TPSPresence::runSelfTest (TPSPresence::nickname);
+        } else {
+            rc = -3;
+        }
+    }
+
+    return rc;
+}
+
+int TPSPresence::runSelfTest (const char *nick_name)
+{
+    int rc = 0;
+    CERTCertDBHandle *handle = 0;
+    CERTCertificate *cert = 0;
+
+    if (TPSPresence::initialized == 2) {
+        if (nick_name != 0 && PL_strlen(nick_name) > 0) {
+            handle = CERT_GetDefaultCertDB();
+            if (handle != 0) {
+                cert = CERT_FindCertByNickname( handle, (char *) nick_name);
+                if (cert != 0) {
+                    CERT_DestroyCertificate (cert);
+                    cert = 0;
+                } else {
+                    rc = 2;
+                }
+            } else {
+                rc = -1;
+            }
+        } else {
+            rc = TPSPresence::runSelfTest ();
+        }
+    }
+
+    return rc;
+}
+
+int TPSPresence::runSelfTest (const char *nick_name, CERTCertificate **cert)
+{
+    int rc = 0;
+    CERTCertDBHandle *handle = 0;
+
+    if (TPSPresence::initialized == 2) {
+        handle = CERT_GetDefaultCertDB();
+        if (handle != 0) {
+            *cert = CERT_FindCertByNickname( handle, (char *) nick_name);
+            if (*cert == NULL) {
+                rc = 2;
+            }
+        } else {
+            rc = 1;
+        }
+    }
+
+    return rc;
+}
+
+bool TPSPresence::isStartupEnabled ()
+{
+    return startupEnabled;
+}
+
+bool TPSPresence::isOnDemandEnabled ()
+{
+    return onDemandEnabled;
+}
+
+bool TPSPresence::isStartupCritical ()
+{
+    return startupCritical;
+}
+
+bool TPSPresence::isOnDemandCritical ()
+{
+    return onDemandCritical;
+}
+
+
diff --git a/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp b/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp
new file mode 100644
index 000000000..a89d18d04
--- /dev/null
+++ b/pki/base/tps/src/selftests/TPSSystemCertsVerification.cpp
@@ -0,0 +1,149 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#include "cert.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+}   
+#endif
+
+#include "engine/RA.h"
+#include "main/ConfigStore.h"
+#include "selftests/TPSSystemCertsVerification.h"
+
+
+int  TPSSystemCertsVerification::initialized = 0;
+bool TPSSystemCertsVerification::startupEnabled = false;
+bool TPSSystemCertsVerification::onDemandEnabled = false;
+bool TPSSystemCertsVerification::startupCritical = false;
+bool TPSSystemCertsVerification::onDemandCritical = false;
+const char *TPSSystemCertsVerification::CRITICAL_TEST_NAME = "TPSSystemCertsVerification:critical";
+const char *TPSSystemCertsVerification::TEST_NAME = "TPSSystemCertsVerification";
+// for testing if system is initialized
+const char *TPSSystemCertsVerification::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]";
+const char *TPSSystemCertsVerification::SUBSYSTEM_NICKNAME= "tps.cert.subsystem.nickname";
+
+
+//default constructor
+TPSSystemCertsVerification::TPSSystemCertsVerification()
+{
+}
+
+TPSSystemCertsVerification::~TPSSystemCertsVerification()
+{
+}
+
+void TPSSystemCertsVerification::Initialize (ConfigStore *cfg)
+{
+    if (TPSSystemCertsVerification::initialized == 0) {
+        TPSSystemCertsVerification::initialized = 1;
+        const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP);
+        if (s != NULL) {
+            if (PL_strstr (s, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) {
+                startupCritical = true;
+                startupEnabled = true;
+            } else if (PL_strstr (s, TPSSystemCertsVerification::TEST_NAME) != NULL) {
+                startupEnabled = true;
+            }
+        }
+        const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND);
+        if (d != NULL) {
+            if (PL_strstr (d, TPSSystemCertsVerification::CRITICAL_TEST_NAME) != NULL) {
+                onDemandCritical = true;
+                onDemandEnabled = true;
+            } else if (PL_strstr (d, TPSSystemCertsVerification::TEST_NAME) != NULL) {
+                onDemandEnabled = true;
+            }
+        }
+        char* n = (char*)(cfg->GetConfigAsString(TPSSystemCertsVerification::SUBSYSTEM_NICKNAME));
+        if (n != NULL && PL_strlen(n) > 0) {
+            if (PL_strstr (n, TPSSystemCertsVerification::UNINITIALIZED_NICKNAME) != NULL) {
+                TPSSystemCertsVerification::initialized = 0;
+            }
+        }
+        if (TPSSystemCertsVerification::initialized == 1) {
+            TPSSystemCertsVerification::initialized = 2;
+        }
+    }
+    RA::SelfTestLog("TPSSystemCertsVerification::Initialize", "%s", ((initialized==2)?"successfully completed":"failed"));
+}
+
+// Error codes:
+//   -1 -  failed system certs verification
+// critical errors are negative
+
+int TPSSystemCertsVerification::runSelfTest ()
+{
+    int rc = 0;
+
+    if (TPSSystemCertsVerification::initialized == 2) {
+        rc = RA::verifySystemCerts();
+        if (rc == true) {
+            return 0;
+        } else {
+            rc = -1;
+        }
+    }
+
+    return rc;
+}
+
+bool TPSSystemCertsVerification::isStartupEnabled ()
+{
+    return startupEnabled;
+}
+
+bool TPSSystemCertsVerification::isOnDemandEnabled ()
+{
+    return onDemandEnabled;
+}
+
+bool TPSSystemCertsVerification::isStartupCritical ()
+{
+    return startupCritical;
+}
+
+bool TPSSystemCertsVerification::isOnDemandCritical ()
+{
+    return onDemandCritical;
+}
+
diff --git a/pki/base/tps/src/selftests/TPSValidity.cpp b/pki/base/tps/src/selftests/TPSValidity.cpp
new file mode 100644
index 000000000..e70263e80
--- /dev/null
+++ b/pki/base/tps/src/selftests/TPSValidity.cpp
@@ -0,0 +1,215 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2010 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+#include <stdio.h>
+#include <stdarg.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+
+#include "cert.h"
+#include "certt.h"
+
+#ifdef __cplusplus
+}   
+#endif
+
+#include "engine/RA.h"
+#include "main/ConfigStore.h"
+#include "selftests/TPSValidity.h"
+
+
+int  TPSValidity::initialized = 0;
+bool TPSValidity::startupEnabled = false;
+bool TPSValidity::onDemandEnabled = false;
+bool TPSValidity::startupCritical = false;
+bool TPSValidity::onDemandCritical = false;
+char *TPSValidity::nickname = 0;
+const char *TPSValidity::UNINITIALIZED_NICKNAME = "[HSM_LABEL][NICKNAME]";
+const char *TPSValidity::NICKNAME_NAME = "selftests.plugin.TPSValidity.nickname";
+const char *TPSValidity::CRITICAL_TEST_NAME = "TPSValidity:critical";
+const char *TPSValidity::TEST_NAME = "TPSValidity";
+
+
+//default constructor
+TPSValidity::TPSValidity()
+{
+}
+
+TPSValidity::~TPSValidity()
+{
+}
+
+void TPSValidity::Initialize (ConfigStore *cfg)
+{
+    if (TPSValidity::initialized == 0) {
+        TPSValidity::initialized = 1;
+        const char* s = cfg->GetConfigAsString(CFG_SELFTEST_STARTUP);
+        if (s != NULL) {
+            if (PL_strstr (s, TPSValidity::CRITICAL_TEST_NAME) != NULL) {
+                startupCritical = true;
+                startupEnabled = true;
+            } else if (PL_strstr (s, TPSValidity::TEST_NAME) != NULL) {
+                startupEnabled = true;
+            }
+        }
+        const char* d = cfg->GetConfigAsString(CFG_SELFTEST_ONDEMAND);
+        if (d != NULL) {
+            if (PL_strstr (d, TPSValidity::CRITICAL_TEST_NAME) != NULL) {
+                onDemandCritical = true;
+                onDemandEnabled = true;
+            } else if (PL_strstr (d, TPSValidity::TEST_NAME) != NULL) {
+                onDemandEnabled = true;
+            }
+        }
+        char* n = (char*)(cfg->GetConfigAsString(TPSValidity::NICKNAME_NAME));
+        if (n != NULL && PL_strlen(n) > 0) {
+            if (PL_strstr (n, TPSValidity::UNINITIALIZED_NICKNAME) != NULL) {
+                TPSValidity::initialized = 0;
+            } else {
+                TPSValidity::nickname = n;
+            }
+        }
+        if (TPSValidity::initialized == 1) {
+            TPSValidity::initialized = 2;
+        }
+    }
+    RA::SelfTestLog("TPSValidity::Initialize", "%s", ((initialized==2)?"successfully completed":"failed"));
+}
+
+// Error codes:
+//   -1 - missing cert db handle
+//    2 - missing cert
+//   -3 - missing cert nickname
+//    4 - secCertTimeExpired
+//    5 - secCertTimeNotValidYet
+// critical errors are negative
+
+int TPSValidity::runSelfTest ()
+{
+    int rc = 0;
+
+    if (TPSValidity::initialized == 2) {
+        if (TPSValidity::nickname != NULL && PL_strlen(TPSValidity::nickname) > 0) {
+            rc = TPSValidity::runSelfTest (TPSValidity::nickname);
+        } else {
+            rc = -3;
+        }
+    }
+
+    return rc;
+}
+
+int TPSValidity::runSelfTest (const char *nick_name)
+{
+    SECCertTimeValidity certTimeValidity;
+    PRTime now;
+    int rc = 0;
+    CERTCertDBHandle *handle = 0;
+    CERTCertificate *cert = 0;
+
+    if (TPSValidity::initialized == 2) {
+        handle = CERT_GetDefaultCertDB();
+        if (handle != 0) {
+            cert = CERT_FindCertByNickname( handle, (char *) nick_name);
+            if (cert != 0) {
+                now = PR_Now();
+                certTimeValidity = CERT_CheckCertValidTimes (cert, now, PR_FALSE);
+                if (certTimeValidity == secCertTimeExpired) {
+                    rc = 4;
+                } else if (certTimeValidity == secCertTimeNotValidYet) {
+                    rc = 5;
+                }
+                CERT_DestroyCertificate (cert);
+                cert = 0;
+            } else {
+                rc = 2;
+            }
+        } else {
+            rc = -1;
+        }
+    }
+
+    return rc;
+}
+
+int TPSValidity::runSelfTest (const char *nick_name, CERTCertificate *cert)
+{
+    SECCertTimeValidity certTimeValidity;
+    PRTime now;
+    int rc = 0;
+
+    if (TPSValidity::initialized == 2) {
+        if (cert != 0) {
+            now = PR_Now();
+            certTimeValidity = CERT_CheckCertValidTimes (cert, now, PR_FALSE);
+                if (certTimeValidity == secCertTimeExpired) {
+                    rc = 4;
+                } else if (certTimeValidity == secCertTimeNotValidYet) {
+                    rc = 5;
+                }
+                CERT_DestroyCertificate (cert);
+                cert = 0;
+        } else if (nick_name != 0 && PL_strlen(nick_name) > 0) {
+            rc = TPSValidity::runSelfTest (nick_name);
+        } else {
+            rc = TPSValidity::runSelfTest ();
+        }
+    }
+
+    return rc;
+
+}
+
+bool TPSValidity::isStartupEnabled ()
+{
+    return startupEnabled;
+}
+
+bool TPSValidity::isOnDemandEnabled ()
+{
+    return onDemandEnabled;
+}
+
+bool TPSValidity::isStartupCritical ()
+{
+    return startupCritical;
+}
+
+bool TPSValidity::isOnDemandCritical ()
+{
+    return onDemandCritical;
+}
+
diff --git a/pki/base/tps/src/test/Test_ConfigStore.cfg b/pki/base/tps/src/test/Test_ConfigStore.cfg
new file mode 100644
index 000000000..60f8e8675
--- /dev/null
+++ b/pki/base/tps/src/test/Test_ConfigStore.cfg
@@ -0,0 +1,28 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+integer=100
+string=steve
+sub1.integer=500
+sub1.string=paul
+sub1.sub2.integer=1000
+sub1.sub2.string=jim
+
+
diff --git a/pki/base/tps/src/test/Test_ConfigStore.cpp b/pki/base/tps/src/test/Test_ConfigStore.cpp
new file mode 100644
index 000000000..d81a67b03
--- /dev/null
+++ b/pki/base/tps/src/test/Test_ConfigStore.cpp
@@ -0,0 +1,79 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+#include "main/ConfigStore.h"
+
+
+// This is needed to resolve a symbol expected by the linker
+int __nsapi30_table;
+
+ConfigStore getsubstore(ConfigStore& config, char *subname)
+{
+	printf("Getting sub store : %s\n", subname);
+	ConfigStore sub2 = config.GetSubStore(subname);
+	const char *t = sub2.GetConfigAsString("string");
+	printf("substore string   : %s\n", t);
+
+
+	printf("returning substore to parent\n");
+	return sub2;
+}
+
+int main()
+{
+	int i;
+	const char *s;
+
+	ConfigStore *cfg = ConfigStore::CreateFromConfigFile("Test_ConfigStore.cfg");
+	
+	printf("TOP LEVEL\n");
+	i = cfg->GetConfigAsInt("integer");
+	printf("int    : %d\n",i);
+	s = cfg->GetConfigAsString("string");
+	printf("string : %s\n",s);
+
+
+	printf("\nSUB1 LEVEL\n");
+	ConfigStore subcfg = cfg->GetSubStore("sub1");
+	i = subcfg.GetConfigAsInt("integer");
+	printf("int      : %d\n",i);
+	s = subcfg.GetConfigAsString("string");
+	printf("string   : %s\n",s);
+	s = subcfg["string"];
+	printf("[string] : %s\n",s);
+
+	printf("\nSUB2 LEVEL in method\n");
+	ConfigStore sub2cfg = getsubstore(subcfg,"sub2");
+	printf("accessing sub2 from main\n");
+	i = sub2cfg.GetConfigAsInt("integer");
+	printf("int      : %d\n",i);
+	
+	
+	printf("\nTOP LEVEL AGAIN\n");
+	i = cfg->GetConfigAsInt("integer");
+	printf("int      : %d\n",i);
+	s = cfg->GetConfigAsString("string");
+
+	ConfigStore subcfg2 = cfg->GetSubStore("level2");
+
+
+}
+
diff --git a/pki/base/tps/src/tus/CMakeLists.txt b/pki/base/tps/src/tus/CMakeLists.txt
new file mode 100644
index 000000000..3148d9e59
--- /dev/null
+++ b/pki/base/tps/src/tus/CMakeLists.txt
@@ -0,0 +1,50 @@
+project(tokendb_library C)
+
+set(TOKENDB_PUBLIC_INCLUDE_DIRS
+  ${CMAKE_CURRENT_BINARY_DIR}
+  ${CMAKE_CURRENT_SOURCE_DIR}
+  ${TPS_INCLUDE_DIR}
+  CACHE INTERNAL "tokendb public include directories"
+)
+
+set(TOKENDB_PRIVATE_INCLUDE_DIRS
+  ${TOKENDB_PUBLIC_INCLUDE_DIRS}
+  ${CMAKE_BINARY_DIR}
+  ${NSPR_INCLUDE_DIRS}
+  ${NSS_INCLUDE_DIRS}
+  ${SVRCORE_INCLUDE_DIRS}
+  ${LDAP_INCLUDE_DIRS}
+)
+
+set(TOKENDB_SHARED_LIBRARY
+  tokendb_library
+  CACHE INTERNAL "tokendb shared library"
+)
+
+set(TOKENDB_LINK_LIBRARIES
+  ${NSPR_LIBRARIES}
+  ${NSS_LIBRARIES}
+  ${SVRCORE_LIBRARIES}
+  ${LDAP_LIBRARIES}
+)
+
+set(tokendb_library_SRCS
+    tus_db.c
+)
+
+include_directories(${TOKENDB_PRIVATE_INCLUDE_DIRS})
+
+add_library(${TOKENDB_SHARED_LIBRARY} SHARED ${tokendb_library_SRCS})
+target_link_libraries(${TOKENDB_SHARED_LIBRARY} ${TOKENDB_LINK_LIBRARIES})
+
+set_target_properties(${TOKENDB_SHARED_LIBRARY}
+    PROPERTIES
+        OUTPUT_NAME
+            tokendb
+)
+
+install(
+    TARGETS
+        ${TOKENDB_SHARED_LIBRARY}
+    LIBRARY DESTINATION ${LIB_INSTALL_DIR}/tps
+)
diff --git a/pki/base/tps/src/tus/tus_db.c b/pki/base/tps/src/tus/tus_db.c
new file mode 100644
index 000000000..abcf0cf5a
--- /dev/null
+++ b/pki/base/tps/src/tus/tus_db.c
@@ -0,0 +1,4480 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef XP_WIN32
+#define TPS_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define TPS_PUBLIC
+#endif /* !XP_WIN32 */
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+#include "nspr.h"
+#include "pk11func.h"
+#include "cryptohi.h"
+#include "keyhi.h"
+#include "base64.h"
+#include "nssb64.h"
+#include "prlock.h"
+#include "secder.h"
+#include "cert.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <assert.h>
+
+#include "plstr.h"
+#include "prmem.h"
+#include "prprf.h"
+#include "prtime.h"
+
+#include "tus/tus_db.h"
+
+static char *tokenActivityAttributes[] = { TOKEN_ID,
+                                           TOKEN_CUID,
+                                           TOKEN_OP,
+                                           TOKEN_USER,
+                                           TOKEN_MSG,
+                                           TOKEN_RESULT,
+                                           TOKEN_IP,
+                                           TOKEN_C_DATE,
+                                           TOKEN_M_DATE,
+                                           TOKEN_TYPE,
+                                           NULL };
+static char *tokenAttributes[] = { TOKEN_ID,
+                                   TOKEN_USER,
+                                   TOKEN_STATUS,
+                                   TOKEN_APPLET,
+                                   TOKEN_KEY_INFO,
+                                   TOKEN_MODS,
+                                   TOKEN_C_DATE,
+                                   TOKEN_M_DATE,
+                                   TOKEN_RESETS,
+                                   TOKEN_ENROLLMENTS,
+                                   TOKEN_RENEWALS,
+                                   TOKEN_RECOVERIES,
+                                   TOKEN_POLICY,
+                                   TOKEN_REASON,
+                                   TOKEN_TYPE,
+                                   NULL };
+static char *tokenCertificateAttributes[] = { TOKEN_ID,
+                                              TOKEN_CUID,
+                                              TOKEN_USER,
+                                              TOKEN_STATUS, 
+                                              TOKEN_C_DATE,
+                                              TOKEN_M_DATE,
+                                              TOKEN_SUBJECT,
+                                              TOKEN_ISSUER,
+                                              TOKEN_SERIAL,
+                                              TOKEN_CERT,
+                                              TOKEN_TYPE,
+                                              TOKEN_NOT_BEFORE,
+                                              TOKEN_NOT_AFTER,
+                                              TOKEN_KEY_TYPE,
+                                              TOKEN_STATUS,
+                                              NULL };
+
+static char *userAttributes[] = {USER_ID,
+                                 USER_SN,
+                                 USER_GIVENNAME, 
+                                 USER_CN, 
+                                 USER_CERT, 
+                                 C_TIME, 
+                                 M_TIME, 
+                                 PROFILE_ID,
+                                 NULL};                                    
+
+static char *viewUserAttributes[] = {USER_ID,
+                                     USER_SN, 
+                                     USER_CN, 
+                                     C_TIME, 
+                                     M_TIME, 
+                                     NULL}; 
+                                   
+static char *tokenStates[] = { STATE_UNINITIALIZED,
+                               STATE_ACTIVE,
+                               STATE_DISABLED,
+                               NULL };
+
+#ifdef __cplusplus
+}
+#endif
+
+static char *ssl     = NULL; /* true or false */
+static char *host     = NULL;
+static int  port      = 0;
+static char *userBaseDN   = NULL;
+static char *baseDN   = NULL;
+static char *activityBaseDN   = NULL;
+static char *certBaseDN   = NULL;
+static char *bindDN   = NULL;
+static char *bindPass = NULL;
+static char *defaultPolicy = NULL;
+
+static int  ccHost        = 0;
+static int  ccBaseDN      = 0;
+static int  ccBindDN      = 0;
+static int  ccBindPass    = 0;
+
+static LDAP *ld           = NULL;
+static int  bindStatus    = -1;
+
+static PRFileDesc *debug_fd  = NULL;
+static PRFileDesc *audit_fd  = NULL;
+
+extern void audit_log(const char *func_name, const char *userid, const char *msg);
+
+char *get_pwd_from_conf(char *filepath, char *name);
+static int tus_check_conn();
+
+TPS_PUBLIC int valid_berval(struct berval **b)
+{
+    if ((b != NULL) && (b[0] != NULL) && (b[0]->bv_val != NULL))
+        return 1;
+    return 0;
+}
+
+TPS_PUBLIC void set_tus_db_port(int number)
+{
+    port = number;
+}
+
+TPS_PUBLIC void set_tus_db_hostport(char *name)
+{
+    char *s = NULL;
+
+    s = PL_strstr(name, ":");
+    if (s == NULL) {
+      set_tus_db_port(389);
+    } else {
+      set_tus_db_port(atoi(s+1));
+      s[0] = '\0'; 
+    } 
+    set_tus_db_host(name);
+}
+
+TPS_PUBLIC void set_tus_db_host(char *name)
+{
+    if( ccHost > 0 && host != NULL ) {
+        PL_strfree( host );
+        host = NULL;
+    }
+    if( name != NULL ) {
+        host = PL_strdup( name );
+    }
+    ccHost++;
+}
+
+TPS_PUBLIC void set_tus_db_baseDN(char *dn)
+{
+    if( ccBaseDN > 0 && baseDN != NULL ) {
+        PL_strfree( baseDN );
+        baseDN = NULL;
+    }
+    if( dn != NULL ) {
+        baseDN = PL_strdup( dn );
+    }
+    ccBaseDN++;
+}
+
+TPS_PUBLIC void set_tus_db_userBaseDN(char *dn)
+{
+    if( userBaseDN != NULL ) {
+        PL_strfree( userBaseDN );
+        userBaseDN = NULL;
+    }
+    if( dn != NULL ) {
+        userBaseDN = PL_strdup( dn );
+    }
+}
+
+TPS_PUBLIC void set_tus_db_activityBaseDN(char *dn)
+{
+    if( activityBaseDN != NULL ) {
+        PL_strfree( activityBaseDN );
+        activityBaseDN = NULL;
+    }
+    if( dn != NULL ) {
+        activityBaseDN = PL_strdup( dn );
+    }
+}
+
+TPS_PUBLIC void set_tus_db_certBaseDN(char *dn)
+{
+    if( certBaseDN != NULL ) {
+        PL_strfree( certBaseDN );
+        certBaseDN = NULL;
+    }
+    if( dn != NULL ) {
+        certBaseDN = PL_strdup( dn );
+    }
+}
+
+TPS_PUBLIC void set_tus_db_bindDN(char *dn)
+{
+    if( ccBindDN > 0 && bindDN != NULL ) {
+        PL_strfree( bindDN );
+        bindDN = NULL;
+    }
+    if( dn != NULL ) {
+        bindDN = PL_strdup( dn );
+    }
+    ccBindDN++;
+}
+
+TPS_PUBLIC void set_tus_db_bindPass(char *p)
+{
+    if( ccBindPass > 0 && bindPass != NULL ) {
+        PL_strfree( bindPass );
+        bindPass = NULL;
+    }
+    if( p != NULL ) {
+        bindPass = PL_strdup( p );
+    }
+    ccBindPass++;
+}
+
+TPS_PUBLIC int is_tus_db_initialized()
+{
+    return ((ld != NULL && bindStatus == LDAP_SUCCESS)? 1: 0);
+}
+
+TPS_PUBLIC int get_tus_db_config(char *cfg_name)
+{
+    PRFileInfo info;
+    PRFileDesc *fd = NULL;
+    PRUint32   size;
+    int  k, n, p;
+    char *buf = NULL;
+    char *s   = NULL;
+    char *v   = NULL;
+
+    if (PR_GetFileInfo (cfg_name, &info) != PR_SUCCESS)
+        return 0;
+    size = info.size;
+    size++;
+    buf = (char *)PR_Malloc(size);
+    if (buf == NULL)
+        return 0;
+
+    fd = PR_Open(cfg_name, PR_RDONLY, 400);
+    if (fd == NULL) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+
+    k = 0;
+    while ((n = PR_Read(fd, &buf[k], size-k-1)) > 0) {
+        k += n;
+        if ((PRUint32)(k+1) >= size) break;
+    }
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+    if (n < 0 || ((PRUint32)(k+1) > size)) {
+        if( buf != NULL ) {
+            PR_Free( buf );
+            buf = NULL;
+        }
+        return 0;
+    }
+    buf[k] = '\0';
+
+    if ((s = PL_strstr(buf, "tokendb.hostport=")) != NULL) {
+
+        s += 17;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_hostport(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.port=")) != NULL) {
+
+        s += 13;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            p = atoi(s);
+            set_tus_db_port(p);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.ssl=")) != NULL) {
+
+        s += 12;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            if (strcmp(s, "") != 0) {
+              ssl = PL_strdup( s );
+            }
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.auditLog=")) != NULL) {
+
+        s += 17;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            if (strcmp(s, "") != 0) {
+              audit_fd = PR_Open(s, PR_RDWR | PR_CREATE_FILE | PR_APPEND,
+                   400 | 200);
+            }
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.host=")) != NULL) {
+
+        s += 13;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_host(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.defaultPolicy=")) != NULL) {
+
+        s += 22;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            defaultPolicy = PL_strdup( s );
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.userBaseDN=")) != NULL) {
+        s += 19;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_userBaseDN(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if ((s = PL_strstr(buf, "tokendb.baseDN=")) != NULL) {
+        s += 15;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_baseDN(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.activityBaseDN=")) != NULL) {
+        s += strlen("tokendb.activityBaseDN=");
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_activityBaseDN(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.certBaseDN=")) != NULL) {
+        s += strlen("tokendb.certBaseDN=");
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_certBaseDN(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.bindDN=")) != NULL) {
+        s += 15;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            set_tus_db_bindDN(s);
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+    if ((s = PL_strstr(buf, "tokendb.bindPassPath=")) != NULL) {
+        s += 21;
+        v = s;
+        while (*s != '\x0D' && *s != '\x0A' && *s != '\0' && 
+               (PRUint32)(s - buf) < size) {
+            s++;
+        }
+        n = s - v;
+        s = PL_strndup(v, n);
+        if (s != NULL) {
+            /* read tokendbBindPass from bindPassPath */
+            char *p = NULL;
+            p = get_pwd_from_conf(s, "tokendbBindPass");
+            set_tus_db_bindPass(p);
+            if (p) {
+                if (debug_fd)
+	              PR_fprintf(debug_fd, "freeing p - %s\n", p);
+                PR_Free( p );
+            }
+            PL_strfree( s );
+            s = NULL;
+        } else {
+            if( buf != NULL ) {
+                PR_Free( buf );
+                buf = NULL;
+            }
+            return 0;
+        }
+    }
+
+    if( buf != NULL ) {
+        PR_Free( buf );
+        buf = NULL;
+    }
+
+    tus_db_end();
+
+    return 1;
+}
+
+
+TPS_PUBLIC char *tus_authenticate(char *cert)
+{
+    char *dst;
+    int len;
+    int certlen;
+    int  rc = -1;
+#define MAX_FILTER_LEN 4096
+    char filter[MAX_FILTER_LEN];
+    char searchBase[MAX_FILTER_LEN];
+    struct berval **v = NULL;
+    char *userid = NULL;
+    LDAPMessage *result = NULL;
+    LDAPMessage *entry =  NULL;
+    int i,j;
+    char *certX = NULL;
+    int tries;
+
+    tus_check_conn();
+    if (cert == NULL)
+      return NULL;
+
+    certlen = strlen(cert);
+
+    certX = malloc(certlen);
+    j = 0;
+    for (i = 0; i < certlen; i++) {
+       if (cert[i] != '\n' && cert[i] != '\r') {
+         certX[j++] = cert[i];
+       }
+    } 
+    certX[j++] = '\0';
+    dst = malloc(3 * strlen(certX) / 4);
+    len = base64_decode(certX, ( unsigned char * ) dst);
+    free(certX);
+
+    if (len <= 0) {
+      if (dst != NULL) free(dst);
+      return NULL;
+    }
+
+    PR_snprintf(filter, MAX_FILTER_LEN, "(userCertificate=");
+
+    for (i = 0; i < len; i++) {
+      char c = dst[i];
+      PR_snprintf(filter, MAX_FILTER_LEN, "%s\\%02x", filter, (c & 0xff) );
+    }
+    PR_snprintf(filter, MAX_FILTER_LEN, "%s)", filter);
+    PR_snprintf(searchBase, MAX_FILTER_LEN, "ou=People, %s", userBaseDN);
+
+    if (dst != NULL) free(dst);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s(ld, searchBase, LDAP_SCOPE_SUBTREE, 
+               filter, NULL, 0, NULL, NULL, NULL, 0, &result)) == LDAP_SUCCESS )  
+		{
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+		}
+	}
+		
+    if (rc != LDAP_SUCCESS) {
+        if (result != NULL) {
+            free_results(result);
+            result = NULL;
+        }
+        return NULL;
+    }
+
+    if (result == NULL)
+      return NULL;
+
+    entry = get_first_entry (result);
+    if (entry == NULL) {
+        if (result != NULL) {
+            free_results(result);
+            result = NULL;
+        }
+        return NULL;
+    }
+
+    v = ldap_get_values_len(ld, entry, "uid");
+    if (v == NULL) {
+        if (result != NULL) {
+            free_results(result);
+            result = NULL;
+        }
+        return NULL;
+    }
+
+    if (valid_berval(v) && PL_strlen(v[0]->bv_val) > 0) {
+        userid = PL_strdup(v[0]->bv_val);
+    }
+    if( v != NULL ) {
+        ldap_value_free_len( v );
+        v = NULL;
+    }
+
+    if (result != NULL) {
+        free_results(result);
+        result = NULL;
+    }
+
+    return userid;
+}
+
+/*********
+ * tus_authorize
+ * parameters passed in: 
+ *   char * group ("TUS Agents", "TUS Officers", "TUS Administrators") 
+ *   const char* userid
+ * returns : 1 if userid is member of that group
+ *           0 otherwise
+ **/                    
+
+TPS_PUBLIC int tus_authorize(const char *group, const char *userid)
+{
+    int rc;
+    char filter[4096];
+	int tries;
+    LDAPMessage *result = NULL;
+
+    PR_snprintf(filter, 4096, 
+          "(&(cn=%s)(member=uid=%s,*))", group ,userid);
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s(ld, userBaseDN, LDAP_SCOPE_SUBTREE, 
+               filter, NULL, 0, NULL, NULL, NULL, 0, &result))  == LDAP_SUCCESS )  
+		{
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+		}
+	}
+
+    if (rc != LDAP_SUCCESS) {
+      if (result != NULL) {
+        free_results(result);
+        result = NULL;
+      }
+      return 0;
+    }
+    if (ldap_count_entries (ld, result) <= 0) {
+      if (result != NULL) {
+        free_results(result);
+        result = NULL;
+      }
+      return 0;
+    }
+    if (result != NULL) {
+        free_results(result);
+        result = NULL;
+    }
+    return 1;
+}
+
+/******
+ * get_authorized_profiles()
+ * params: userid 
+ *       : is_admin (1 if user is in admin group, 0 otherwise
+ * returns: ldap filter with the tokenTypes the user has access to - to be appended 
+ *    to any other user search filer.
+ *    examples: (|(tokenType=foo)(tokenType=bar)
+ *    example: (!(tokenType=foo)(tokenType=no_token_type)) -- if user is an admin, always
+ *        add no_token_type to catch admin events
+ *    example: NO_PROFILES -- not an admin, and no profiles
+ *    exmaple: (tokenType=no_token_type) : admin with no other tokens
+ *
+ *    Caller must free the result (char*)
+ **/
+TPS_PUBLIC char *get_authorized_profiles(const char *userid, int is_admin)
+{
+    int status;
+    char filter[512];
+    char ret[4096] = "";
+    char *profile_filter = NULL;
+    struct berval **vals = NULL;
+    int nVals;
+    int i;
+
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+
+//    Debug("TUS","get_authorized_profiles");
+    PR_snprintf(filter, 512, "(uid=%s)", userid);
+    status = find_tus_user_entries_no_vlv(filter, &result, 0);
+
+    if (status == LDAP_SUCCESS) {
+
+        e = get_first_entry(result);
+
+        vals = get_attribute_values(e,"profileID");
+        if (valid_berval(vals)) {
+            nVals = ldap_count_values_len(vals);
+            if (nVals == 1) {
+                if (PL_strstr(vals[0]->bv_val, ALL_PROFILES)) {
+                    if (is_admin) {
+                        // all profiles
+                        PR_snprintf(ret, 4096, ALL_PROFILES);
+                    } else {
+                        // all profile except admin no token events
+                        PR_snprintf(ret, 4096, "(!(tokenType=%s))", NO_TOKEN_TYPE);
+                    }
+                } else {
+                    if (is_admin) {
+                        PL_strcat(ret, "(|(tokenType=");
+                        PL_strcat(ret, NO_TOKEN_TYPE);
+                        PL_strcat(ret, ")(tokenType=");
+                        PL_strcat(ret, vals[0]->bv_val);
+                        PL_strcat(ret, "))");
+                    } else {
+                        PL_strcat(ret, "(tokenType=");
+                        PL_strcat(ret, vals[0]->bv_val);
+                        PL_strcat(ret, ")");
+                    }
+                }
+            } else if (nVals > 1) {
+                for( i = 0; vals[i] != NULL; i++ ) {
+                    if (i==0) { 
+                        PL_strcat(ret, "(|");
+                        if (is_admin) {
+                            PL_strcat(ret, "(tokenType=");
+                            PL_strcat(ret, NO_TOKEN_TYPE);
+                            PL_strcat(ret, ")");
+                        }
+                    }
+                    if (vals[i]->bv_val != NULL) {
+                        PL_strcat(ret, "(tokenType=");
+                        PL_strcat(ret, vals[i]->bv_val);
+                        PL_strcat(ret, ")");
+                    }
+                }
+                PL_strcat(ret, ")"); 
+            } else if (nVals == 0) {
+                if (is_admin) {
+                    PR_snprintf(ret, 4096, "(tokenType=%s)", NO_TOKEN_TYPE);
+                } else {
+                    PR_snprintf(ret, 4096, NO_PROFILES);
+                }
+            } else { //error
+                return NULL;
+            }
+        } else {
+            if (is_admin) {
+                PR_snprintf(ret, 4096, "(tokenType=%s)", NO_TOKEN_TYPE);
+            } else {
+                PR_snprintf(ret, 4096, NO_PROFILES);
+            }
+        }
+    } else {
+        // log error message here
+        PR_snprintf(ret, 4096, NO_PROFILES);
+    }
+
+    profile_filter = PL_strdup(ret);
+
+    if (vals != NULL) {
+        free_values(vals, 1);
+        vals =  NULL;
+    }
+
+    if (result != NULL) {
+       free_results(result);
+       result = NULL;
+    }
+
+    e = NULL;
+
+    return profile_filter;
+}
+
+static int tus_check_conn()
+{
+    int  version = LDAP_VERSION3;
+    int  status  = -1;
+    char ldapuri[1024];
+
+/* for production, make sure this variable is not defined.
+ * Leaving it defined results in weird Apache SSL timeout errors */
+/*#define DEBUG_TOKENDB*/
+
+#ifdef DEBUG_TOKENDB
+    debug_fd = PR_Open("/tmp/debugTUSdb.log",
+           PR_RDWR | PR_CREATE_FILE | PR_APPEND,
+                   400 | 200);
+#endif
+    if (ld == NULL) {
+        if (ssl != NULL && strcmp(ssl, "true") == 0) {
+          /* enabling SSL */
+          snprintf(ldapuri, 1024, "ldaps://%s:%i", host, port);
+        } else {
+          snprintf(ldapuri, 1024, "ldap://%s:%i", host, port);
+        }
+        status = ldap_initialize(&ld, ldapuri);
+        if (ld == NULL) {
+            return status;
+        }
+
+        // This option was supported by mozldap but is not supported by openldap. 
+        // Code to provide this functionality needs to be written - FIXME
+        /*if ((status = ldap_set_option (ld, LDAP_OPT_RECONNECT, LDAP_OPT_ON)) != LDAP_SUCCESS) {
+            return status;
+        }*/
+
+        if ((status = ldap_set_option (ld, LDAP_OPT_PROTOCOL_VERSION, &version)) != LDAP_SUCCESS) {
+            return status;
+        }
+    }
+    if (ld != NULL && bindStatus != LDAP_SUCCESS) {
+        struct berval credential;
+        credential.bv_val = bindPass;
+        credential.bv_len= strlen(bindPass);
+        bindStatus = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+        if (bindStatus != LDAP_SUCCESS) {
+            return bindStatus;
+        }
+    }
+
+    return LDAP_SUCCESS;
+}
+
+TPS_PUBLIC int tus_db_init(char **errorMsg)
+{
+    return LDAP_SUCCESS;
+}
+
+TPS_PUBLIC void tus_db_end()
+{
+    if (ld != NULL) {
+        if (ldap_unbind_ext_s(ld, NULL, NULL) == LDAP_SUCCESS) {
+            ld = NULL;
+            bindStatus = -1;
+        }
+    }
+}
+
+TPS_PUBLIC void tus_db_cleanup()
+{
+    if (ssl != NULL) {
+        PL_strfree(ssl);
+        ssl = NULL;
+    }
+    if (host != NULL) { 
+        PL_strfree(host);
+        host = NULL;
+    }
+    if (userBaseDN != NULL) {
+        PL_strfree(userBaseDN);
+        userBaseDN = NULL;
+    }
+    if (baseDN != NULL) {
+        PL_strfree(baseDN);
+        baseDN = NULL;
+    }
+    if (activityBaseDN != NULL) {
+        PL_strfree(activityBaseDN);
+        activityBaseDN = NULL;
+    }
+    if(certBaseDN != NULL) { 
+        PL_strfree(certBaseDN);
+        certBaseDN = NULL;
+    }
+    if(bindDN != NULL) {
+        PL_strfree(bindDN);
+        bindDN = NULL;
+    }
+    if(bindPass != NULL) { 
+        PL_strfree(bindPass);
+        bindPass = NULL;
+    }
+    if(defaultPolicy != NULL) { 
+        PL_strfree(defaultPolicy);
+        defaultPolicy = NULL;
+    }
+    if (debug_fd != NULL) { 
+        PR_Close(debug_fd);
+        debug_fd = NULL;
+    }
+    if (audit_fd != NULL) {
+        PR_Close(audit_fd);
+        audit_fd = NULL;
+    }
+}
+
+/*****
+ * tus_print_integer
+ * summary: prints serial number as hex string
+ *          modeled on SECU_PrintInteger.  The length
+ *          4 below is arbitrary - but works!
+ *  params: out - output hexidecimal string
+ *          data - serial number as SECItem 
+ */
+TPS_PUBLIC void tus_print_integer(char *out, SECItem *i)
+{
+    int iv;
+
+    if (!i || !i->len || !i->data) {
+        sprintf(out, "(null)");
+    } else if (i->len > 4) {
+        tus_print_as_hex(out, i);
+    } else {
+        if (i->type == siUnsignedInteger && *i->data & 0x80) {
+            /* Make sure i->data has zero in the highest byte
+             * if i->data is an unsigned integer */
+            SECItem tmpI;
+            char data[] = {0, 0, 0, 0, 0};
+
+            PORT_Memcpy(data + 1, i->data, i->len);
+            tmpI.len = i->len + 1;
+            tmpI.data = (void*)data;
+
+            iv = DER_GetInteger(&tmpI);
+        } else {
+            iv = DER_GetInteger(i);
+        }
+        sprintf(out, "%x", iv);
+    }
+}
+
+/***
+ * tus_print_as_hex
+ * summary: prints serial number as a hex string, needed
+ *          because DER_GetInteger only works for small numbers
+ *          modeled on SECU_PrintAsHex
+ * params:  out - output hexidecimal string
+ *          data - serial number as SECItem
+ */
+TPS_PUBLIC void tus_print_as_hex(char *out, SECItem *data)
+{
+    unsigned i;
+    int isString = 1;
+    char tmp[32];
+
+    PR_snprintf(out, 2, "");
+
+    /* take a pass to see if it's all printable. */
+    for (i = 0; i < data->len; i++) {
+        unsigned char val = data->data[i];
+        if (!val || !isprint(val)) {
+            isString = 0;
+            break;
+        }
+    }
+
+    if (!isString) {
+        for (i = 0; i < data->len; i++) {
+            PR_snprintf(tmp, 32, "%02x", data->data[i]);
+            PL_strcat(out, tmp);
+        }
+    } else {
+        for (i = 0; i < data->len; i++) {
+            unsigned char val = data->data[i];
+
+            PR_snprintf(tmp, 32, "%c", val);
+            PL_strcat(out, tmp);
+        }
+    }
+    PL_strcat(out, '\0');
+}
+
+char **parse_number_change(int n)
+{
+    char tmp[32];
+    int  l;
+    char **v  = NULL;
+
+    PR_snprintf(tmp, 32, "%d", n);
+    l = PL_strlen(tmp);
+
+    if ((v = allocate_values(1, l+1)) == NULL) {
+        return NULL;
+    }
+    PL_strcpy(v[0], tmp);
+
+    return v;
+}
+
+TPS_PUBLIC int update_cert_status (char *cn, const char *status)
+{
+    char dn[256];
+    int  len;
+    int  tries;
+    int  rc = -1;
+    char **v = NULL;
+    LDAPMod **mods = NULL;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, certBaseDN) < 0)
+        return -1;
+
+        mods = allocate_modifications(2);
+        if (mods == NULL)
+            return -1;
+
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+
+        mods[0]->mod_op = LDAP_MOD_REPLACE;
+        mods[0]->mod_type = tokenAttributes[I_TOKEN_M_DATE];
+        mods[0]->mod_values = v;
+        if (status != NULL && PL_strlen(status) > 0) {
+            len = PL_strlen(status);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], status);
+
+            mods[1]->mod_op = LDAP_MOD_REPLACE;
+            mods[1]->mod_type = "tokenStatus";
+            mods[1]->mod_values = v;
+        }
+
+        for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                struct berval credential;
+                credential.bv_val = bindPass;
+                credential.bv_len= strlen(bindPass);
+                rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+    return rc;
+}
+
+TPS_PUBLIC int update_token_policy (char *cn, char *policy)
+{
+    char dn[256];
+    int  len, k;
+    int  tries;
+    int  rc = -1;
+    char **v = NULL;
+    LDAPMod **mods = NULL;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+        mods = allocate_modifications(2);
+        if (mods == NULL)
+            return -1;
+
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+
+        mods[0]->mod_op = LDAP_MOD_REPLACE;
+        mods[0]->mod_type = tokenAttributes[I_TOKEN_M_DATE];
+        mods[0]->mod_values = v;
+        k = 1;
+        if (policy != NULL && PL_strlen(policy) > 0) {
+            len = PL_strlen(policy);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], policy);
+
+            mods[k]->mod_op = LDAP_MOD_REPLACE;
+            mods[k]->mod_type = tokenAttributes[I_TOKEN_POLICY];
+            mods[k]->mod_values = v;
+            k++;
+        }
+
+        for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                struct berval credential;
+                credential.bv_val = bindPass;
+                credential.bv_len= strlen(bindPass);
+                rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+    return rc;
+}
+
+TPS_PUBLIC int update_tus_db_entry_with_mods (const char *agentid, const char *cn, LDAPMod **mods)
+{
+    char dn[256];
+    int  tries;
+    int  rc = -1;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                struct berval credential;
+                credential.bv_val = bindPass;
+                credential.bv_len= strlen(bindPass);
+                rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+    }
+
+    if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+    }
+
+    return rc;
+}
+
+/****
+ * update_tus_general_db_entry
+ * summary: internal function to modify a general db entry using ldap_modify_ext_s
+ * params: agentid - who is doing this modification (for audit logging)
+ *         dn - dn to modify
+ *         mods - NULL terminated list of modifications to apply
+ **/
+int update_tus_general_db_entry(const char *agentid, const char *dn, LDAPMod **mods)
+{
+    int  tries;
+    int  rc = -1;
+
+    tus_check_conn();
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                struct berval credential;
+                credential.bv_val = bindPass;
+                credential.bv_len= strlen(bindPass);
+                rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+    }
+
+    return rc;
+}
+
+/***
+ * update_user_db_entry
+ * summary: modifies an existing user entry
+ * params : agentid - agent that is performing this action (for audit log purposes)
+ *          uid, lastName, firstName, userCN, userCert - for entry to be added
+ * returns: ldap return code 
+ * */         
+TPS_PUBLIC int update_user_db_entry(const char *agentid, char *uid, char *lastName, char *firstName, char *userCN, char *userCert)
+{
+    char dn[256];
+    LDAPMod a01;
+    LDAPMod a02;
+    LDAPMod a03;
+    LDAPMod a04;
+    LDAPMod *mods[5];
+    int rc = -1;
+    int certlen=0;
+    int i,j;
+    char *certX = NULL;
+    char *dst = NULL;
+
+    char *sn_values[] = {lastName, NULL};
+    char *givenName_values[] = {firstName, NULL};
+    char *cn_values[] = {userCN, NULL};
+    struct berval berval;
+    struct berval *cert_values[2];
+
+    a01.mod_op = LDAP_MOD_REPLACE;
+    a01.mod_type = USER_SN;
+    a01.mod_values = sn_values;
+
+    a02.mod_op = LDAP_MOD_REPLACE;
+    a02.mod_type = USER_CN;
+    a02.mod_values = cn_values;
+
+    a03.mod_op = LDAP_MOD_REPLACE;
+    a03.mod_type = USER_GIVENNAME;
+    a03.mod_values = givenName_values;
+
+    mods[0] = &a01;
+    mods[1] = &a02;
+    mods[2] = &a03;
+
+    certlen = strlen(userCert);
+
+    certX = malloc(certlen);
+    j = 0;
+    for (i = 0; i < certlen; i++) {
+       if (userCert[i] != '\n' && userCert[i] != '\r') {
+         certX[j++] = userCert[i];
+       }
+    }
+    certX[j++] = '\0';
+    dst = malloc(3 * strlen(certX) / 4);
+    certlen = base64_decode(certX, ( unsigned char * ) dst);
+    free(certX);
+
+    if (certlen > 0) {
+        berval.bv_len = certlen;
+        berval.bv_val = ( char * ) dst;
+        cert_values[0] = &berval;
+        cert_values[1] = NULL;
+
+        a04.mod_op =LDAP_MOD_REPLACE |LDAP_MOD_BVALUES;
+        a04.mod_type = "userCertificate";
+        a04.mod_bvalues = cert_values;
+
+        mods[3] = &a04;
+    } else {
+        mods[3] = NULL;
+    }
+
+    mods[4] = NULL;
+
+    if (PR_snprintf(dn, 255, "uid=%s, ou=People, %s", uid, userBaseDN) < 0 ) 
+       return -1;
+
+    rc = update_tus_general_db_entry(agentid, dn, mods);
+    if (dst != NULL) free(dst);
+    if (rc == LDAP_SUCCESS) 
+      audit_log("modify_user", agentid, uid);
+
+    return rc;
+}
+
+TPS_PUBLIC int update_tus_db_entry (const char *agentid, char *cn, const char *uid, char *keyInfo, const char *status, char *applet_version, const char *reason)
+{
+    char dn[256];
+    int  len, k;
+    int  tries;
+    int  rc = -1;
+    char **v = NULL;
+    LDAPMod **mods = NULL;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+        if (keyInfo == NULL)
+            mods = allocate_modifications(5);
+        else
+            mods = allocate_modifications(6);
+        if (mods == NULL)
+            return -1;
+
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+
+        mods[0]->mod_op = LDAP_MOD_REPLACE;
+        mods[0]->mod_type = tokenAttributes[I_TOKEN_M_DATE];
+        mods[0]->mod_values = v;
+        k = 1;
+        if (applet_version != NULL && PL_strlen(applet_version) > 0) {
+            len = PL_strlen(applet_version);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], applet_version);
+
+            mods[k]->mod_op = LDAP_MOD_REPLACE;
+            mods[k]->mod_type = tokenAttributes[I_TOKEN_APPLET];
+            mods[k]->mod_values = v;
+            k++;
+        }
+
+    /* for userid */
+    if (uid != NULL && PL_strlen(uid) > 0)
+        len = PL_strlen(uid);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[k]->mod_op = LDAP_MOD_REPLACE;
+    mods[k]->mod_type = "tokenUserID";
+    if (uid != NULL && PL_strlen(uid) > 0)
+        PL_strcpy(v[0], uid);
+    else
+        v[0] = "";
+    mods[k]->mod_values = v;
+    k++;
+
+        if (status != NULL && PL_strlen(status) > 0) {
+            len = PL_strlen(status);
+            if ((v = allocate_values(1, len+1)) == NULL) {
+                if( mods != NULL ) {
+                    free_modifications( mods, 0 );
+                    mods = NULL;
+                }
+                return -1;
+            }
+            PL_strcpy(v[0], status);
+
+            mods[k]->mod_op = LDAP_MOD_REPLACE;
+            mods[k]->mod_type = tokenAttributes[I_TOKEN_STATUS];
+            mods[k]->mod_values = v;
+            k++;
+        }
+
+    /* for tokenReason */
+    if (reason != NULL && PL_strlen(reason) > 0)
+        len = PL_strlen(reason);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[k]->mod_op = LDAP_MOD_REPLACE;
+    mods[k]->mod_type = "tokenReason";
+    if (reason != NULL && PL_strlen(reason) > 0)
+        PL_strcpy(v[0], reason);
+    else
+        v[0] = "";
+    mods[k]->mod_values = v;
+    k++;
+
+    /* for keyinfo */
+    if (keyInfo != NULL) {
+        if (keyInfo != NULL && PL_strlen(keyInfo) > 0)
+            len = PL_strlen(keyInfo);
+        else
+            len = 0;
+        if ((v = allocate_values(1, len+1)) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+        mods[k]->mod_op = LDAP_MOD_REPLACE;
+        mods[k]->mod_type = tokenAttributes[I_TOKEN_KEY_INFO];
+        if (keyInfo != NULL && PL_strlen(keyInfo) > 0)
+            PL_strcpy(v[0], keyInfo);
+        else
+            v[0] = "";
+        mods[k]->mod_values = v;
+        k++;
+    }
+        for (tries = 0; tries < MAX_RETRIES; tries++) {
+            if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+                break;
+            } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+                struct berval credential;
+                credential.bv_val = bindPass;
+                credential.bv_len= strlen(bindPass);
+                rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+                if (rc != LDAP_SUCCESS) {
+                    bindStatus = rc;
+                    break;
+                }
+            }
+        }
+
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+
+    return rc;
+}
+
+int check_and_modify_tus_db_entry (char *userid, char *cn, char *check, LDAPMod **mods)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    if (check == NULL) { 
+        return -1;
+    }
+
+    struct berval check_ber;
+    check_ber.bv_val = check;
+    check_ber.bv_len = strlen(check);
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_compare_ext_s(ld, dn, get_number_of_modifications_name(), &check_ber, NULL, NULL))
+            == LDAP_COMPARE_TRUE) {
+            break;
+        } else {
+            if (rc != LDAP_SERVER_DOWN && rc != LDAP_CONNECT_ERROR) {
+                return rc;
+            }
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                return rc;
+            }
+        }
+    }
+    if (tries >= MAX_RETRIES)
+        return rc;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    /* audit log */
+    if (rc == LDAP_SUCCESS) {
+      audit_log("check_and_modify_token", userid, cn);
+    }
+
+    return rc;
+}
+
+int modify_tus_db_entry (char *userid, char *cn, LDAPMod **mods)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (ld == NULL) {
+      if (debug_fd)
+	PR_fprintf(debug_fd, "tus_db mod: ld null...no ldap");
+      return -1;
+    }
+    if (mods == NULL) {
+      if (debug_fd)
+	PR_fprintf(debug_fd, "tus_db mod: mods null, can't modify");
+      return -1;
+    }
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+    if (debug_fd)
+      PR_fprintf(debug_fd, "tus_db mod: modifying :%s\n",dn);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+    if (debug_fd)
+      PR_fprintf(debug_fd, "tus_db mod: tries=%d\n",tries);
+        if ((rc = ldap_modify_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    if (rc == LDAP_SUCCESS) {
+      audit_log("modify_token", userid, cn);
+    }
+
+    return rc;
+}
+
+int add_certificate (char *tokenid, char *origin, char *tokenType, char *userid, CERTCertificate *certificate, char *ktype, const char *status)
+{
+    PRExplodedTime time;
+    PRTime   now;
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  a08;
+    LDAPMod  a09;
+    LDAPMod  a10;
+    LDAPMod  a11;
+    LDAPMod  a12;
+    LDAPMod  a13;
+    LDAPMod  a14;
+    LDAPMod  a15;
+    LDAPMod  a16;
+    LDAPMod  *mods[17];
+    int  rc = 0, tries = 0;
+    char dn[2049];
+    char cdate[256];
+    char name[2048];
+    char x_not_before[2048];
+    char x_not_after[2048];
+    char serialnumber[2048];
+    char *serial_values[2];
+    char *cn_values[2];
+    char *issuer_values[2];
+    char *subject_values[2];
+    char *cdate_values[2];
+    char *id_values[2];
+    char *userid_values[2];
+    char *type_values[2];
+    char *key_type_values[2];
+    char *origin_values[2];
+    char *status_values[2];
+    char *not_before_values[2];
+    char *not_after_values[2];
+    PRThread *ct;
+    struct berval berval;
+    struct berval *cert_values[2]; 
+    char *objectClass_values[] = { "top", "tokenCert", NULL };
+    PRTime not_before,not_after;
+    char zcdate[256];
+
+    tus_check_conn();
+    ct = PR_GetCurrentThread();
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    /* unique id per activity */
+    tus_print_integer(serialnumber, &certificate->serialNumber);
+
+    PR_snprintf(name, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    /* unique id per activity */
+    PR_snprintf(zcdate, 256, "%s.%04d%02d%02d%02d%02d%02d",
+                serialnumber, 
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    cn_values[0] = zcdate;
+    cn_values[1] = NULL;
+
+    a01.mod_op = 0;
+    a01.mod_type = TOKEN_ID;
+    a01.mod_values = cn_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    cdate_values[0] = cdate;
+    cdate_values[1] = NULL;
+    a03.mod_op = 0;
+    a03.mod_type = TOKEN_C_DATE;
+    a03.mod_values = cdate_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = TOKEN_M_DATE;
+    a04.mod_values = cdate_values;
+
+    id_values[0] = tokenid;
+    id_values[1] = NULL;
+    a05.mod_op = 0;
+    a05.mod_type = TOKEN_CUID;
+    a05.mod_values = id_values;
+    
+    userid_values[0] = userid;
+    userid_values[1] = NULL;
+    a06.mod_op = 0;
+    a06.mod_type = TOKEN_USER;
+    a06.mod_values = userid_values;
+
+    berval.bv_len = certificate->derCert.len;
+    berval.bv_val = ( char * ) certificate->derCert.data;
+    cert_values[0] = &berval;
+    cert_values[1] = NULL;
+
+    a07.mod_op = LDAP_MOD_BVALUES;
+    a07.mod_type = TOKEN_CERT;
+    a07.mod_values = ( char ** ) cert_values;
+
+    subject_values[0] = certificate->subjectName;
+    subject_values[1] = NULL;
+    a08.mod_op = 0;
+    a08.mod_type = TOKEN_SUBJECT;
+    a08.mod_values = subject_values;
+
+    issuer_values[0] = certificate->issuerName;
+    issuer_values[1] = NULL;
+    a09.mod_op = 0;
+    a09.mod_type = TOKEN_ISSUER;
+    a09.mod_values = issuer_values;
+
+    serial_values[0] = serialnumber;
+    serial_values[1] = NULL;
+    a10.mod_op = 0;
+    a10.mod_type = TOKEN_SERIAL;
+    a10.mod_values = serial_values;
+
+    type_values[0] = tokenType;
+    type_values[1] = NULL;
+    a11.mod_op = 0;
+    a11.mod_type = TOKEN_TYPE;
+    a11.mod_values = type_values;
+
+    key_type_values[0] = ktype;
+    key_type_values[1] = NULL;
+    a12.mod_op = 0;
+    a12.mod_type = TOKEN_KEY_TYPE;
+    a12.mod_values = key_type_values;
+
+    status_values[0] = ( char * ) status;
+    status_values[1] = NULL;
+    a13.mod_op = 0;
+    a13.mod_type = TOKEN_STATUS;
+    a13.mod_values = status_values;
+
+    CERT_GetCertTimes (certificate, &not_before, &not_after);
+
+    PR_ExplodeTime(not_before, PR_LocalTimeParameters, &time);
+    PR_snprintf(x_not_before, 16, "%04d%02d%02d%02d%02d%02dZ",
+            time.tm_year, (time.tm_month + 1), time.tm_mday,
+            time.tm_hour, time.tm_min, time.tm_sec);
+
+    not_before_values[0] = x_not_before;
+    not_before_values[1] = NULL;
+    a14.mod_op = 0;
+    a14.mod_type = TOKEN_NOT_BEFORE;
+    a14.mod_values = not_before_values;
+
+    PR_ExplodeTime(not_after, PR_LocalTimeParameters, &time);
+    PR_snprintf(x_not_after, 16, "%04d%02d%02d%02d%02d%02dZ",
+            time.tm_year, (time.tm_month + 1), time.tm_mday,
+            time.tm_hour, time.tm_min, time.tm_sec);
+
+    not_after_values[0] = x_not_after;
+    not_after_values[1] = NULL;
+    a15.mod_op = 0;
+    a15.mod_type = TOKEN_NOT_AFTER;
+    a15.mod_values = not_after_values;
+
+    origin_values[0] = origin;
+    origin_values[1] = NULL;
+    a16.mod_op = 0;
+    a16.mod_type = TOKEN_ORIGIN;
+    a16.mod_values = origin_values;
+
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+    mods[6]  = &a07;
+    mods[7]  = &a08;
+    mods[8]  = &a09;
+    mods[9]  = &a10;
+    mods[10]  = &a11;
+    mods[11]  = &a12;
+    mods[12]  = &a13;
+    mods[13]  = &a14;
+    mods[14]  = &a15;
+    mods[15]  = &a16;
+    mods[16]  = NULL;
+
+    if (PR_snprintf(dn, 2048, "cn=%s,%s", cn_values[0], certBaseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+int add_activity (const char *ip, const char *id, const char *op, const char *result, const char *msg, const char *userid, const char *token_type)
+{
+    PRExplodedTime time;
+    PRTime   now;
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  a08;
+    LDAPMod  a09;
+    LDAPMod  a10;
+    LDAPMod  a11;
+    LDAPMod  *mods[12];
+    int  rc = 0, tries = 0;
+    char dn[256];
+    char cdate[256];
+    char zcdate[256];
+    char *cn_values[2];
+    char *objectClass_values[] = { "top", "tokenActivity", NULL };
+    char *cdate_values[2];
+    char *id_values[2];
+    char *result_values[2];
+    char *op_values[2];
+    char *msg_values[2];
+    char *ip_values[2];
+    char *userid_values[2];
+    char *token_type_values[2];
+    PRThread *ct;
+
+    tus_check_conn();
+    id_values[0] =  (char *) id;
+    id_values[1] = NULL;
+    result_values[0] = ( char * ) result;
+    result_values[1] = NULL;
+    op_values[0] = ( char * ) op;
+    op_values[1] = NULL;
+    msg_values[0] = ( char * ) msg;
+    msg_values[1] = NULL;
+    ip_values[0] = (char *) ip;
+    ip_values[1] = NULL;
+    userid_values[0] = (char *) userid;
+    userid_values[1] = NULL;
+    token_type_values[0] = (char *) token_type;
+    token_type_values[1] = NULL;
+
+    ct = PR_GetCurrentThread();
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    /* unique id per activity */
+    PR_snprintf(zcdate, 256, "%04d%02d%02d%02d%02d%02d%06d.%x",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec, time.tm_usec, ct);
+
+    cn_values[0] = zcdate;
+    cn_values[1] = NULL;
+
+    a01.mod_op = 0;
+    a01.mod_type = TOKEN_ID;
+    a01.mod_values = cn_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    cdate_values[0] = cdate;
+    cdate_values[1] = NULL;
+    a03.mod_op = 0;
+    a03.mod_type = TOKEN_C_DATE;
+    a03.mod_values = cdate_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = TOKEN_M_DATE;
+    a04.mod_values = cdate_values;
+
+    a05.mod_op = 0;
+    a05.mod_type = TOKEN_CUID;
+    a05.mod_values = id_values;
+    
+    a06.mod_op = 0;
+    a06.mod_type = TOKEN_OP;
+    a06.mod_values = op_values;
+
+    a07.mod_op = 0;
+    a07.mod_type = TOKEN_MSG;
+    a07.mod_values = msg_values;
+
+    a08.mod_op = 0;
+    a08.mod_type = TOKEN_RESULT;
+    a08.mod_values = result_values;
+
+    a09.mod_op = 0;
+    a09.mod_type = TOKEN_IP;
+    a09.mod_values = ip_values;
+
+    a10.mod_op = 0;
+    a10.mod_type = TOKEN_USER;
+    a10.mod_values = userid_values;
+
+    a11.mod_op = 0;
+    a11.mod_type = TOKEN_TYPE;
+    a11.mod_values = token_type_values;
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+    mods[6]  = &a07;
+    mods[7]  = &a08;
+    mods[8]  = &a09;
+    mods[9]  = &a10;
+    mods[10]  = &a11;
+    mods[11]  = NULL;
+
+    if (PR_snprintf(dn, 255, "cn=%s,%s", zcdate, activityBaseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+/**
+ * add_tus_general_db_entry
+ * summary: internal function to add a general ldap entry 
+ * params: dn = dn to add
+ *         mods = NULL terminated list of modifications (contains attribute values)
+ * returns: LDAP return code
+ **/
+int add_tus_general_db_entry (char *dn, LDAPMod **mods)
+{
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+
+    }
+    return rc;
+}
+
+int add_tus_db_entry (char *cn, LDAPMod **mods)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+int add_new_tus_db_entry (const char *userid, char *cn, const char *uid, int flag, const char *status, char *applet_version, char *key_info, const char* token_type)
+{
+    PRExplodedTime time;
+    PRTime   now;
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  a08;
+    LDAPMod  a09;
+    LDAPMod  a10;
+    LDAPMod  a11;
+    LDAPMod  a12;
+    LDAPMod  a13;
+    LDAPMod  a14;
+    LDAPMod  a15;
+    LDAPMod  a16;
+    LDAPMod  *mods[17];
+    int  rc = 0, tries = 0;
+    char dn[256];
+    char cdate[256];
+    char *cn_values[2];
+    char *objectClass_values[] = { "top", "tokenRecord", NULL };
+    char *cdate_values[2];
+    char *modified_values[] = { "0", NULL };
+    char *uid_values[] = { "", NULL };
+    char *status_values[] = { "", NULL };
+    char *aid_values[] = { "", NULL };
+    char *resets_values[] = { "0", NULL };
+    char *enrollments_values[] = { "0", NULL };
+    char *renewals_values[] = { "0", NULL };
+    char *recoveries_values[] = { "0", NULL };
+    char *key_info_values[] = { "", NULL };
+    char *reason_values[] = { "", NULL };
+    char *policy_values[2];
+    char *token_type_values[]= {"", NULL };
+
+    tus_check_conn();
+    cn_values[0] = cn;
+    cn_values[1] = NULL;
+
+    policy_values[0] = defaultPolicy;
+    policy_values[1] = NULL;
+
+    if (uid != NULL) uid_values[0] = ( char * ) uid;
+    if (key_info != NULL) key_info_values[0] = key_info;
+    status_values[0] = ( char * ) status;
+    token_type_values[0] = ( char *) token_type;
+
+    a01.mod_op = 0;
+    a01.mod_type = TOKEN_ID;
+    a01.mod_values = cn_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    cdate_values[0] = cdate;
+    cdate_values[1] = NULL;
+    a03.mod_op = 0;
+    a03.mod_type = TOKEN_C_DATE;
+    a03.mod_values = cdate_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = TOKEN_M_DATE;
+    a04.mod_values = cdate_values;
+
+    a05.mod_op = 0;
+    a05.mod_type = TOKEN_MODS;
+    a05.mod_values = modified_values;
+    
+    a06.mod_op = 0;
+    a06.mod_type = TOKEN_USER;
+    a06.mod_values = uid_values;
+
+    a07.mod_op = 0;
+    a07.mod_type = TOKEN_STATUS;
+    a07.mod_values = status_values;
+
+    a08.mod_op = 0;
+    a08.mod_type = TOKEN_APPLET;
+    if (applet_version != NULL) {
+        aid_values[0] = applet_version;
+    }
+    a08.mod_values = aid_values;
+
+    a09.mod_op = 0;
+    a09.mod_type = TOKEN_RESETS;
+    a09.mod_values = resets_values;
+
+    a10.mod_op = 0;
+    a10.mod_type = TOKEN_ENROLLMENTS;
+    a10.mod_values = enrollments_values;
+
+    a11.mod_op = 0;
+    a11.mod_type = TOKEN_RENEWALS;
+    a11.mod_values = renewals_values;
+
+    a12.mod_op = 0;
+    a12.mod_type = TOKEN_RECOVERIES;
+    a12.mod_values = recoveries_values;
+
+    a13.mod_op = 0;
+    a13.mod_type = TOKEN_KEY_INFO;
+    a13.mod_values = key_info_values;
+
+    a14.mod_op = 0;
+    a14.mod_type = TOKEN_POLICY;
+    a14.mod_values = policy_values;
+
+    a15.mod_op = 0;
+    a15.mod_type = TOKEN_REASON;
+    a15.mod_values = reason_values;
+
+    a16.mod_op = 0;
+    a16.mod_type = TOKEN_TYPE;
+    a16.mod_values = token_type_values;
+
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+    mods[6]  = &a07;
+    mods[7]  = &a08;
+    mods[8]  = &a09;
+    mods[9]  = &a10;
+    mods[10] = &a11;
+    mods[11] = &a12;
+    mods[12] = &a13;
+    mods[13] = &a14;
+    mods[14] = &a15;
+    mods[15] = &a16;
+    mods[16] = NULL;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+
+    PR_snprintf(cdate, 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_add_ext_s(ld, dn, mods, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    /* audit log */
+    if (rc == LDAP_SUCCESS) {
+      audit_log("add_token", userid, cn);
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int add_default_tus_db_entry (const char *uid, const char *agentid, char *cn, const char *status, char *applet_version, char *key_info, const char *token_type)
+{
+    return add_new_tus_db_entry (agentid, cn, uid, 0, status, applet_version, key_info, token_type);
+}
+
+/****
+ * add_user_db_entry
+ * summary: adds a new user entry
+ * params: agentid - user who is performing this change (for audit log)
+ *       :userid, userPassword, sn, givenName, cn, userCert - details for user to be added
+ * returns: ldap return code
+ */
+TPS_PUBLIC int add_user_db_entry(const char *agentid, char *userid, char *userPassword, char *sn, char *givenName, char *cn, char *userCert)
+{
+    LDAPMod  a01;
+    LDAPMod  a02;
+    LDAPMod  a03;
+    LDAPMod  a04;
+    LDAPMod  a05;
+    LDAPMod  a06;
+    LDAPMod  a07;
+    LDAPMod  *mods[8];
+    int  rc = 0;
+    char dn[256];
+    int i,j, certlen;
+    char *dst = NULL;
+    char *certX = NULL;
+    char *userid_values[] = {userid, NULL};
+    char *objectClass_values[] = { "top", "person", "organizationalPerson", "inetOrgPerson", "tpsProfileId", NULL };
+    char *userPassword_values[] = { userPassword, NULL };
+    char *sn_values[] = {sn, NULL};
+    char *cn_values[] = {cn, NULL};
+    char *givenName_values[] = {givenName, NULL};
+    struct berval berval;
+    struct berval *userCert_values[2];
+
+    a01.mod_op = 0;
+    a01.mod_type = USER_ID;
+    a01.mod_values = userid_values;
+
+    a02.mod_op = 0;
+    a02.mod_type = "objectClass";
+    a02.mod_values = objectClass_values;
+
+    a03.mod_op =0;
+    a03.mod_type = USER_PASSWORD;
+    a03.mod_values = userPassword_values;
+
+    a04.mod_op = 0;
+    a04.mod_type = USER_SN;
+    a04.mod_values = sn_values;
+
+    a05.mod_op =0;
+    a05.mod_type = USER_CN;
+    a05.mod_values = cn_values;
+
+    a06.mod_op =0;
+    a06.mod_type = USER_GIVENNAME;
+    a06.mod_values = givenName_values;
+
+    mods[0]  = &a01;
+    mods[1]  = &a02;
+    mods[2]  = &a03;
+    mods[3]  = &a04;
+    mods[4]  = &a05;
+    mods[5]  = &a06;
+
+    // now handle certificate
+    certlen = strlen(userCert);
+
+    certX = malloc(certlen);
+    j = 0;
+    for (i = 0; i < certlen; i++) {
+       if (userCert[i] != '\n' && userCert[i] != '\r') {
+         certX[j++] = userCert[i];
+       }
+    }
+    certX[j++] = '\0';
+    dst = malloc(3 * strlen(certX) / 4);
+    certlen = base64_decode(certX, ( unsigned char * ) dst);
+    free(certX);
+
+    if (certlen > 0) {
+        berval.bv_len = certlen;
+        berval.bv_val = ( char * ) dst;
+        userCert_values[0] = &berval;
+        userCert_values[1] = NULL;
+
+        a07.mod_op = LDAP_MOD_BVALUES;
+        a07.mod_type = USER_CERT;
+        a07.mod_bvalues = userCert_values;
+        
+        mods[6]  = &a07;
+    } else {
+        mods[6] = NULL;
+    }
+
+    mods[7] = NULL;
+
+    if (PR_snprintf(dn, 255, "uid=%s,ou=People, %s", userid, userBaseDN) < 0)
+        return -1;
+
+    rc = add_tus_general_db_entry(dn, mods);
+    if (dst != NULL) free(dst);
+
+    if (rc != LDAP_SUCCESS) {
+        return rc;
+    }
+
+    audit_log("add_user", agentid, userid);
+    return rc;
+}
+
+/**
+ * add_user_to_role_db_entry
+ * summary: adds user to be member of group (administrators, agents, operators)
+ * params: agentid -user who is performing this change
+ *       : userid - userid of user to be added to role
+ *       : role - Officers, Agents or Administrators
+ * returns: LDAP return code
+ */
+TPS_PUBLIC int add_user_to_role_db_entry(const char *agentid, char *userid, const char *role) {
+    LDAPMod  a01;
+    LDAPMod  *mods[2];
+    int  rc = 0;
+    char dn[256];
+    char userdn[256];
+    char msg[256];
+    char *userid_values[2]; 
+
+    if (PR_snprintf(userdn, 255, "uid=%s, ou=People, %s", userid, userBaseDN) < 0)
+         return -1;
+
+    userid_values[0] = userdn;
+    userid_values[1] = NULL;
+
+    a01.mod_op = LDAP_MOD_ADD;
+    a01.mod_type = GROUP_MEMBER;
+    a01.mod_values = userid_values;
+    mods[0]  = &a01;
+    mods[1]  = NULL;
+
+    if (PR_snprintf(dn, 255, "cn=TUS %s,ou=groups, %s", role, userBaseDN) < 0)
+            return -1;
+
+    rc = update_tus_general_db_entry(agentid, dn, mods);
+
+    if (rc == LDAP_SUCCESS) {
+        PR_snprintf(msg, 256, "Added role %s to user %s", role, userid); 
+        audit_log("add_user_to_role", agentid, msg);
+    }
+    return rc;
+}
+
+/**
+ * delete_user_to_role_db_entry
+ * summary: removes user from role group (administrators, agents, operators)
+ * params: agentid -user who is performing this change
+ *       : userid - userid of user to be removed from role
+ *       : role - Officers, Agents or Administrators
+ *  returns: LDAP return code
+ */
+TPS_PUBLIC int delete_user_from_role_db_entry(const char *agentid, char *userid, const char *role) {
+    LDAPMod  a01;
+    LDAPMod  *mods[2];
+    int  rc = 0;
+    char dn[256];
+    char userdn[256];
+    char *userid_values[2];
+    char msg[256];
+
+    if (PR_snprintf(userdn, 255, "uid=%s, ou=People, %s", userid, userBaseDN) < 0)
+         return -1;
+
+    userid_values[0] = userdn;
+    userid_values[1] = NULL;
+
+    a01.mod_op = LDAP_MOD_DELETE;
+    a01.mod_type = GROUP_MEMBER;
+    a01.mod_values = userid_values;
+    mods[0]  = &a01;
+    mods[1]  = NULL;
+
+    if (PR_snprintf(dn, 255, "cn=TUS %s,ou=groups, %s", role, userBaseDN) < 0)
+            return -1;
+
+    rc = update_tus_general_db_entry(agentid, dn, mods);
+    if (rc == LDAP_SUCCESS) {
+        PR_snprintf(msg, 256, "Deleted role %s from user %s", role, userid); 
+        audit_log("delete_user_from_role", agentid, msg);
+    }
+
+    return rc;
+}
+
+/**
+ * delete_profile_from_user
+ * summary: removes attribute profileID=profile from user entry
+ * params: agentid -user who is performing this change
+ *       : userid - userid of user to be modified
+ *       : profile - profile to be deleted
+ * returns: LDAP return code
+ */
+TPS_PUBLIC int delete_profile_from_user(const char *agentid, char *userid, const char *profile) {
+    LDAPMod  a01;
+    LDAPMod  *mods[2];
+    int  rc = 0;
+    char dn[256];
+    char msg[256];
+    char *profileid_values[2] = {(char *) profile, NULL};
+
+    if (PR_snprintf(dn, 255, "uid=%s, ou=People, %s", userid, userBaseDN) < 0)
+         return -1;
+
+    a01.mod_op = LDAP_MOD_DELETE;
+    a01.mod_type = PROFILE_ID;
+    a01.mod_values = profileid_values;
+    mods[0]  = &a01;
+    mods[1]  = NULL;
+
+    rc = update_tus_general_db_entry(agentid, dn, mods);
+    if (rc == LDAP_SUCCESS) {
+        PR_snprintf(msg, 256, "Deleted profile %s from user %s", profile, userid); 
+        audit_log("delete_profile_from_user", agentid, msg);
+    }
+
+    return rc;
+}
+
+/**
+ * delete_all_profiles_from_user
+ * summary: removes all attributes profileID from user entry 
+ *          same as above, but passing NULL for mod_values
+ * params: agentid -user who is performing this change
+ *       : userid - userid of user to be modified
+ *       : profile - profile to be deleted
+ * returns: LDAP return code
+ */
+TPS_PUBLIC int delete_all_profiles_from_user(const char *agentid, char *userid) {
+    LDAPMod  a01;
+    LDAPMod  *mods[2];
+    int  rc = 0;
+    char dn[256];
+    char msg[256];
+
+    if (PR_snprintf(dn, 255, "uid=%s, ou=People, %s", userid, userBaseDN) < 0)
+         return -1;
+
+    a01.mod_op = LDAP_MOD_DELETE;
+    a01.mod_type = PROFILE_ID;
+    a01.mod_values = NULL;  /* NULL will remove all values */
+    mods[0]  = &a01;
+    mods[1]  = NULL;
+
+    rc = update_tus_general_db_entry(agentid, dn, mods);
+    if (rc == LDAP_SUCCESS) {
+        PR_snprintf(msg, 256, "Deleted all profiles from user %s", userid); 
+        audit_log("delete_all_profiles_from_user", agentid, msg);
+    }
+
+    return rc;
+}
+
+
+/**
+ * add_profile_to_user
+ * summary: adds attribute profileID=profile to user entry
+ * params: agentid -user who is performing this change
+ *       : userid - userid of user to be modified
+ *       : profile - profile (tokenType) to be added
+ * returns: LDAP return code
+ */
+TPS_PUBLIC int add_profile_to_user(const char *agentid, char *userid, const char *profile) {
+    LDAPMod  a01;
+    LDAPMod  *mods[2];
+    int  rc = 0;
+    char dn[256];
+    char msg[256];
+    char *profileid_values[2] = {(char *) profile, NULL};
+
+    if (PR_snprintf(dn, 255, "uid=%s, ou=People, %s", userid, userBaseDN) < 0)
+         return -1;
+
+    a01.mod_op = LDAP_MOD_ADD;
+    a01.mod_type = PROFILE_ID;
+    a01.mod_values = profileid_values;
+    mods[0]  = &a01;
+    mods[1]  = NULL;
+
+    rc = update_tus_general_db_entry(agentid, dn, mods);
+    if (rc == LDAP_SUCCESS) {
+        PR_snprintf(msg, 256, "Added profile %s to user %s", profile, userid); 
+        audit_log("add_profile_to_user", agentid, msg);
+    }
+
+    return rc;
+}
+
+int delete_tus_db_entry (char *userid, char *cn)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_delete_ext_s(ld, dn, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    /* audit log */
+    if (rc == LDAP_SUCCESS) {
+      audit_log("delete_token", userid, cn);
+    }
+
+    return rc;
+}
+
+int delete_tus_general_db_entry (char *dn)
+{
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_delete_ext_s(ld, dn, NULL, NULL)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+/**
+ * delete_user_db_entry
+ * Deletes user entry
+ * params: agentid - user performing this change
+ *         uid - user to be deleted
+ * returns: LDAP return code
+ */
+TPS_PUBLIC int delete_user_db_entry(const char *agentid, char *uid)
+{
+    char dn[256];
+    int rc =0;
+    if (PR_snprintf(dn, 255, "uid=%s,ou=People,%s", uid, userBaseDN) < 0)
+        return -1;
+    rc = delete_tus_general_db_entry(dn);
+    
+    if (rc == LDAP_SUCCESS) {
+        audit_log("delete user", agentid, uid);
+    }
+
+    return rc;
+}
+
+
+TPS_PUBLIC int find_tus_db_entry (char *cn, int max, LDAPMessage **result)
+{
+    char dn[256];
+    int  rc = 0, tries = 0;
+
+    tus_check_conn();
+    if (ld == NULL)
+      return -1;
+
+    if (PR_snprintf(dn, 255, "cn=%s,%s", cn, baseDN) < 0)
+        return -1;
+
+    if (debug_fd)
+      PR_fprintf(debug_fd, "find_tus_db_entry: looking for :%s\n",dn);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+      if (debug_fd)
+	PR_fprintf(debug_fd, "find_tus_db_entry: tries = %d\n",tries);
+        if ((rc = ldap_search_ext_s (ld, dn, LDAP_SCOPE_BASE, "(objectclass=*)",
+                       NULL, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+	  if (debug_fd)
+	    PR_fprintf(debug_fd, "find_tus_db_entry: found it\n");
+
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+	  if (debug_fd)
+	    PR_fprintf(debug_fd, "find_tus_db_entry: server down or connect error\n");
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        } else {/* can't find?*/
+	  if (debug_fd)
+	    PR_fprintf(debug_fd, "find_tus_db_entry: can't find\n");
+	  break;
+	}
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_db_entries (const char *filter, int max, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVLVInfo vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlv_before_count = 0;
+    vlv_data.ldvlv_after_count = max - 1;
+    vlv_data.ldvlv_attrvalue = NULL;
+    vlv_data.ldvlv_count = max;
+    vlv_data.ldvlv_offset = 0;
+    vlv_data.ldvlv_version = 1; 
+    vlv_data.ldvlv_context = NULL;
+    vlv_data.ldvlv_extradata = NULL;
+    ldap_create_vlv_control(ld, &vlv_data, &controls[0]);
+   
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfModify");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */, 
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_db_entries_pcontrol_1(const char *filter, int max, int time_limit, int size_limit, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    struct berval *cookie=NULL;
+    struct timeval timeout;
+
+    timeout.tv_sec = time_limit;
+    timeout.tv_usec = 0;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    rc = ldap_create_page_control(ld, max, cookie, 0, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfModify");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                 NULL, 0, controls, NULL, 
+                 time_limit >0 ? &timeout : NULL, 
+                 size_limit, result);
+        if ((rc == LDAP_SUCCESS) || (rc == LDAP_PARTIAL_RESULTS)) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    if (cookie != NULL) {
+        ber_bvfree(cookie);
+        cookie = NULL;
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+static int sort_cmp(const char *v1, const char *v2)
+{
+  return PL_strcasecmp(v1, v2);
+}
+
+static int reverse_sort_cmp(const char *v1, const char *v2)
+{
+  return PL_strcasecmp(v2, v1);
+}
+
+typedef int (LDAP_SORT_AD_CMP_PROC) (const char * left, const char *right);
+static LDAP_SORT_AD_CMP_PROC *et_cmp_fn;
+
+struct entrything {
+    char **et_vals;
+    LDAPMessage *et_msg;
+};
+
+static int et_cmp(const void  *aa, const void  *bb)
+{
+    int i, rc;
+
+    struct entrything *a = (struct entrything *)aa;
+    struct entrything *b = (struct entrything *)bb;
+
+    if ((a == NULL) && (b == NULL))
+        return 0;
+    if (a == NULL)
+        return -1;
+    if (b == NULL)
+        return 1;
+
+    if ((a->et_vals == NULL) && (b->et_vals == NULL))
+        return 0;
+    if (a->et_vals == NULL)
+        return -1;
+    if (b->et_vals == NULL)
+        return 1;
+
+    for ( i = 0; a->et_vals[i] && b->et_vals[i]; i++ ) {
+        if ( (rc = (*et_cmp_fn)( a->et_vals[i], b->et_vals[i] )) != 0) {
+            return rc;
+        }
+    }
+
+    if ((a->et_vals[i] == NULL) && (b->et_vals[i] == NULL))
+        return 0;
+    if (a->et_vals[i] == NULL)
+        return -1;
+    return 1;
+}
+
+
+static int ldap_multisort_entries(LDAP *ld,  LDAPMessage **chain, char **attr, LDAP_SORT_AD_CMP_PROC *cmp)
+{
+    int i, count, c;
+    struct entrything *et;
+    LDAPMessage *e;
+
+    if ((chain == NULL) || (cmp == NULL) || (attr == NULL)) {
+        return LDAP_PARAM_ERROR;
+    }
+
+    count = ldap_count_entries( ld, *chain );
+
+    if (count < 0) { /* error, usually with bad ld or malloc */
+        return LDAP_PARAM_ERROR;
+    }
+
+    if (count < 2) { /* nothing to sort */
+        return 0;
+    }
+
+    if ((et = (struct entrything *)PR_Malloc( count * sizeof(struct entrything) )) == NULL ) {
+        //ldap_set_option(ld, LDAP_OPT_ERROR_NUMBER, LDAP_NO_MEMORY);
+        return -1;
+    }
+
+    for (i=0, e=get_first_entry(*chain); e != NULL; e = get_next_entry(e)) {
+        et[i].et_msg = e;
+        et[i].et_vals = NULL;
+        if (attr == NULL) {
+            /* if attr =NULL, sort by dn -- not yet implemented , fixme.
+               char *dn;
+               LDAPDN *ldapdn;
+               dn = ldap_get_dn(ld, e);
+               ldapstr2dn(dn, ldapdn, LDAP_DN_FORMAT_LDAPV3|LDAP_DN_P_NO_SPACES);
+               et[i].et_vals = ldap_explode_dn(dn, 1);
+               ldap_memfree(dn); */
+        } else {
+            int attrcnt;
+            struct berval **vals;
+
+            for (attrcnt = 0; attr[attrcnt] != NULL; attrcnt++ ) {
+                vals = ldap_get_values_len(ld, e, attr[attrcnt]);
+                if (vals == NULL) {
+                    continue;
+                }
+                for (c=0; vals[c] != NULL; c++); 
+                et[i].et_vals = (char **) PR_Malloc((c+1) * sizeof(char *));
+                for (c=0; vals[c] != NULL; c++) {
+                    if (vals[c]->bv_val != NULL) {
+                        et[i].et_vals[c] = (char *) PL_strdup(vals[c]->bv_val);
+                    } else {
+                        et[i].et_vals[c] = NULL;
+                    }
+                }
+                et[i].et_vals[c] = NULL; 
+
+                if (vals != NULL) {
+                    ldap_value_free_len(vals );
+                    vals = NULL;
+                }
+            }
+        }
+        i++;
+    }
+
+    et_cmp_fn = cmp;
+    qsort((void *) et, (size_t) count, (size_t) sizeof(struct entrything), et_cmp);
+
+    // reconstruct chain
+    
+    for (i=0; i< count-1; i++)
+        ldap_delete_result_entry(chain, et[i].et_msg);
+
+    for (i=count -2; i >=0; i--)
+        ldap_add_result_entry(chain, et[i].et_msg); 
+
+    // free et
+    for (i= 0; i < count; i++) {
+        for (c=0; et[i].et_vals[c] != NULL; c++) {
+            PL_strfree( et[i].et_vals[c]);
+            et[i].et_vals[c] = NULL;
+        } 
+    } 
+
+    PR_Free( (char *) et );
+
+    return 0;
+}
+
+/* this is not implemented in openldap and must be implemented in custom code.
+ * This code is adopted from mozldap sort.c 
+ */
+static int ldap_sort_entries(LDAP *ld, LDAPMessage **result, const char* attr, LDAP_SORT_AD_CMP_PROC *cmp) 
+{
+    char    *attrs[2];
+    attrs[0] = (char *) attr;
+    attrs[1] = NULL;
+    return ldap_multisort_entries(ld, result, attr ? attrs : NULL, cmp);
+} 
+
+TPS_PUBLIC int find_tus_token_entries_no_vlv(char *filter, LDAPMessage **result, int order) 
+{
+    int rc = LDAP_OTHER, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+                rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                     sort_cmp); 
+            } else { /* order == 1 */
+                rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                     reverse_sort_cmp); 
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+    
+    return rc;
+}
+
+/**
+ * find_tus_user_entries_no_vlv
+ * params: filter - ldap search filter
+ *         result - hash of LDAP Search results.
+ *         order  - 0 (order results increasing by uid), (!=0) order by decreasing uid
+ */ 
+TPS_PUBLIC int find_tus_user_entries_no_vlv(char *filter, LDAPMessage **result, int order)
+{
+    int rc = LDAP_OTHER, tries = 0;
+    char peopleBaseDN[256];
+
+    PR_snprintf(peopleBaseDN, 256, "ou=People,%s", userBaseDN);
+    
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, peopleBaseDN, LDAP_SCOPE_ONELEVEL, filter,
+                       userAttributes, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+                rc = ldap_sort_entries(ld, result, USER_ID, sort_cmp);
+            } else {
+                rc = ldap_sort_entries(ld, result, USER_ID, reverse_sort_cmp);
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+/**
+ * find_tus_user_role_entries
+ * summary: return the dns for the groups to which the user belongs
+ *        (TUS Administrators, Agents, Operator)
+ * params: uid - userid
+ *         result - hash of LDAPResults
+ */
+TPS_PUBLIC int find_tus_user_role_entries( const char*uid, LDAPMessage **result) 
+{
+    int rc = LDAP_OTHER, tries = 0;
+    char groupBaseDN[256];
+    char filter[256];
+    char *subgroup_attrs[] = {SUBGROUP_ID, NULL};
+ 
+    PR_snprintf(groupBaseDN, 256, "ou=Groups,%s", userBaseDN);
+    PR_snprintf(filter, 256, "member=uid=%s,ou=People,%s", uid, userBaseDN);
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, groupBaseDN, LDAP_SCOPE_SUBTREE, filter,
+            subgroup_attrs, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_activity_entries_no_vlv(char *filter, LDAPMessage **result, int order)
+{
+    int rc = LDAP_OTHER, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, activityBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                     sort_cmp);
+            } else { /* order == 1 */
+              rc = ldap_sort_entries(ld, result, "dateOfCreate",
+                                     reverse_sort_cmp);
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_token_entries(char *filter, int max, LDAPMessage **result, int order) 
+{
+    int rc = LDAP_OTHER, tries = 0;
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVLVInfo vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlv_before_count = 0;
+    vlv_data.ldvlv_after_count = max - 1;
+    vlv_data.ldvlv_attrvalue = NULL;
+    vlv_data.ldvlv_count = max;
+    vlv_data.ldvlv_offset = 0;
+    vlv_data.ldvlv_version = 1; 
+    vlv_data.ldvlv_context = NULL;
+    vlv_data.ldvlv_extradata = NULL;
+    ldap_create_vlv_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+     (*sortKeyList)->reverseOrder = order;
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+    
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+TPS_PUBLIC int update_token_status_reason_userid(const char *userid, char *cuid,
+  const char *tokenStatus, const char *reason, int modifyDateOfCreate) {
+    LDAPMod **mods = NULL;
+    int status;
+    char **v = NULL;
+    int len = 0;
+
+    tus_check_conn();
+    if (modifyDateOfCreate)
+        mods = allocate_modifications(5);
+    else
+        mods = allocate_modifications(4);
+
+    if (mods == NULL) {
+        return -1;
+    } else {
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+    }
+    
+    mods[0]->mod_op = LDAP_MOD_REPLACE;
+    mods[0]->mod_type = get_modification_date_name();
+    mods[0]->mod_values = v; 
+
+    /* for token status */
+    if (tokenStatus != NULL && PL_strlen(tokenStatus) > 0) {
+        len = PL_strlen(tokenStatus);
+        if ((v = allocate_values(1, len+1)) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+        PL_strcpy(v[0], tokenStatus);
+        mods[1]->mod_op = LDAP_MOD_REPLACE;
+        mods[1]->mod_type = get_token_status_name();
+        mods[1]->mod_values = v;
+    }
+  
+    /* for token reason */
+    if (reason != NULL && PL_strlen(reason) > 0)
+        len = PL_strlen(reason);
+    else 
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[2]->mod_op = LDAP_MOD_REPLACE;
+    mods[2]->mod_type = tokenAttributes[13];
+    if (reason != NULL && PL_strlen(reason) > 0)
+        PL_strcpy(v[0], reason);
+    else
+        v[0] = "";
+    mods[2]->mod_values = v;
+
+    /* for userid */
+    if (userid != NULL && PL_strlen(userid) > 0)
+        len = PL_strlen(userid);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[3]->mod_op = LDAP_MOD_REPLACE;
+    mods[3]->mod_type = "tokenUserID";
+    if (userid != NULL && PL_strlen(userid) > 0)
+        PL_strcpy(v[0], userid);
+    else
+        v[0] = "";
+    mods[3]->mod_values = v;
+
+    if (modifyDateOfCreate) {
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+    
+        mods[4]->mod_op = LDAP_MOD_REPLACE;
+        mods[4]->mod_type = "dateOfCreate";
+        mods[4]->mod_values = v; 
+
+    }
+
+    status = update_tus_db_entry_with_mods(userid, cuid, mods);
+    return status;
+}
+
+TPS_PUBLIC int update_token_status_reason(char *userid, char *cuid, const char *tokenStatus, const char *reason) {
+    LDAPMod **mods = NULL;
+    int status;
+    char **v = NULL;
+    int len = 0;
+    
+    tus_check_conn();
+    mods = allocate_modifications(3);
+
+    if (mods == NULL) {
+        return -1;    
+    } else {
+        if ((v = create_modification_date_change()) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+    }
+
+    mods[0]->mod_op = LDAP_MOD_REPLACE;
+    mods[0]->mod_type = get_modification_date_name();
+    mods[0]->mod_values = v;
+
+    /* for token status */
+    if (tokenStatus != NULL && PL_strlen(tokenStatus) > 0) {
+        len = PL_strlen(tokenStatus);
+        if ((v = allocate_values(1, len+1)) == NULL) {
+            if( mods != NULL ) {
+                free_modifications( mods, 0 );
+                mods = NULL;
+            }
+            return -1;
+        }
+        PL_strcpy(v[0], tokenStatus);
+        mods[1]->mod_op = LDAP_MOD_REPLACE;
+        mods[1]->mod_type = get_token_status_name();
+        mods[1]->mod_values = v;
+    }
+
+    /* for token reason */
+    if (reason != NULL && PL_strlen(reason) > 0)
+        len = PL_strlen(reason);
+    else
+        len = 0;
+    if ((v = allocate_values(1, len+1)) == NULL) {
+        if( mods != NULL ) {
+            free_modifications( mods, 0 );
+            mods = NULL;
+        }
+        return -1;
+    }
+    mods[2]->mod_op = LDAP_MOD_REPLACE;
+    mods[2]->mod_type = tokenAttributes[13];
+    if (reason != NULL && PL_strlen(reason) > 0)
+        PL_strcpy(v[0], reason);
+    else
+        v[0] = "";
+    mods[2]->mod_values = v;
+
+    status = update_tus_db_entry_with_mods(userid, cuid, mods);
+    return status;
+}
+
+TPS_PUBLIC int tus_has_active_tokens(char *userid)
+{
+    LDAPMessage *result;
+    char filter[256];
+    int n = 0;
+
+    int rc = LDAP_OTHER, tries = 0;
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVLVInfo vlv_data;
+    int max = 1000;
+    
+    tus_check_conn();
+    PR_snprintf(filter, 256, "(&(tokenStatus=active)(tokenUserID=%s))", userid);
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlv_before_count = 0;
+    vlv_data.ldvlv_after_count = max - 1;
+    vlv_data.ldvlv_attrvalue = NULL;
+    vlv_data.ldvlv_count = max;
+    vlv_data.ldvlv_offset = 0;
+    vlv_data.ldvlv_version = 1; 
+    vlv_data.ldvlv_context = NULL;
+    vlv_data.ldvlv_extradata = NULL;
+    ldap_create_vlv_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, baseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, &result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((n = ldap_count_entries (ld, result)) >= 0) {
+            break;
+        } else {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    if (rc == LDAP_SUCCESS) {
+        if (n > 0)
+            return 0;
+        else
+            return -1;
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_certificate_entries_by_order_no_vlv (char *filter, 
+  LDAPMessage **result, int order)
+{   
+    int  rc = LDAP_OTHER, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, certBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, NULL, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            /* we do client-side sorting here */
+            if (order == 0) {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                   sort_cmp);
+            } else {
+              rc = ldap_sort_entries(ld, result, "dateOfCreate", 
+                                   reverse_sort_cmp);
+            }
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential; 
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);  
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_certificate_entries_by_order (char *filter, int max, 
+  LDAPMessage **result, int order)
+{   
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVLVInfo vlv_data;
+                       
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+            
+    vlv_data.ldvlv_before_count = 0;
+    vlv_data.ldvlv_after_count = max - 1;
+    vlv_data.ldvlv_attrvalue = NULL;
+    vlv_data.ldvlv_count = max;
+    vlv_data.ldvlv_offset = 0;
+    vlv_data.ldvlv_version = 1; 
+    vlv_data.ldvlv_context = NULL;
+    vlv_data.ldvlv_extradata = NULL;
+    ldap_create_vlv_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    (*sortKeyList)->reverseOrder = order;
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, certBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential; 
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);  
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+int find_tus_certificate_entries (char *filter, int max, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVLVInfo vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlv_before_count = 0;
+    vlv_data.ldvlv_after_count = max - 1;
+    vlv_data.ldvlv_attrvalue = NULL;
+    vlv_data.ldvlv_count = max;
+    vlv_data.ldvlv_offset = 0;
+    vlv_data.ldvlv_version = 1; 
+    vlv_data.ldvlv_context = NULL;
+    vlv_data.ldvlv_extradata = NULL;
+    ldap_create_vlv_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */, 
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, certBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+int find_tus_activity_entries (char *filter, int max, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    LDAPVLVInfo vlv_data;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    vlv_data.ldvlv_before_count = 0;
+    vlv_data.ldvlv_after_count = max - 1;
+    vlv_data.ldvlv_attrvalue = NULL;
+    vlv_data.ldvlv_count = max;
+    vlv_data.ldvlv_offset = 0;
+    vlv_data.ldvlv_version = 1; 
+    vlv_data.ldvlv_context = NULL;
+    vlv_data.ldvlv_extradata = NULL;
+    ldap_create_vlv_control(ld, &vlv_data, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */, 
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((rc = ldap_search_ext_s (ld, activityBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                       NULL, 0, controls, NULL, NULL, 0, result)) == LDAP_SUCCESS) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+TPS_PUBLIC int find_tus_activity_entries_pcontrol_1(char *filter, int max, int time_limit, int size_limit, LDAPMessage **result)
+{
+    int  rc = LDAP_OTHER, tries = 0;
+    LDAPSortKey **sortKeyList;
+    LDAPControl *controls[3];
+    struct berval *cookie=NULL;
+    struct timeval timeout;
+
+    timeout.tv_sec = time_limit;
+    timeout.tv_usec = 0;
+
+    tus_check_conn();
+    controls[0] = NULL;
+    controls[1] = NULL;
+    controls[2] = NULL;
+
+    rc = ldap_create_page_control(ld, max, cookie, 0, &controls[0]);
+
+    ldap_create_sort_keylist(&sortKeyList, "-dateOfCreate");
+    ldap_create_sort_control(ld, sortKeyList, 1 /* non-critical */,
+        &controls[1]);
+
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        rc = ldap_search_ext_s (ld, activityBaseDN, LDAP_SCOPE_SUBTREE, filter,
+                 NULL, 0, controls, NULL,
+                 time_limit >0 ? &timeout : NULL,
+                 size_limit, result);
+        if ((rc == LDAP_SUCCESS) || (rc == LDAP_PARTIAL_RESULTS)) {
+            break;
+        } else if (rc == LDAP_SERVER_DOWN || rc == LDAP_CONNECT_ERROR) {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    if (cookie != NULL) {
+       ber_bvfree(cookie);
+       cookie = NULL;
+    }
+
+    ldap_free_sort_keylist(sortKeyList);
+
+    ldap_control_free(controls[0]);
+    ldap_control_free(controls[1]);
+
+    return rc;
+}
+
+int get_number_of_entries (LDAPMessage *result)
+{
+    int  n = 0, rc = 0, tries = 0;
+
+    tus_check_conn();
+    for (tries = 0; tries < MAX_RETRIES; tries++) {
+        if ((n = ldap_count_entries (ld, result)) >= 0) {
+            break;
+        } else {
+            struct berval credential;
+            credential.bv_val = bindPass;
+            credential.bv_len= strlen(bindPass);
+            rc = ldap_sasl_bind_s(ld, bindDN, LDAP_SASL_SIMPLE, &credential, NULL, NULL, NULL);
+            if (rc != LDAP_SUCCESS) {
+                bindStatus = rc;
+                break;
+            }
+        }
+    }
+
+    return n;
+}
+
+int free_results (LDAPMessage *results)
+{
+    return ldap_msgfree (results);
+}
+
+LDAPMessage *get_first_entry (LDAPMessage *result)
+{
+    return ldap_first_entry (ld, result);
+}
+
+LDAPMessage *get_next_entry (LDAPMessage *entry)
+{
+    return ldap_next_entry (ld, entry);
+}
+
+TPS_PUBLIC char **get_token_states()
+{
+    return tokenStates;
+}
+
+TPS_PUBLIC char **get_certificate_attributes()
+{
+    return tokenCertificateAttributes;
+}
+
+TPS_PUBLIC char **get_activity_attributes()
+{
+    return tokenActivityAttributes;
+}
+
+TPS_PUBLIC char **get_token_attributes()
+{
+    return tokenAttributes;
+}
+
+TPS_PUBLIC char **get_user_attributes()
+{
+    return userAttributes;
+}
+
+TPS_PUBLIC char **get_view_user_attributes()
+{
+    return viewUserAttributes;
+}
+
+CERTCertificate **get_certificates(LDAPMessage *entry) {
+    int i;    
+    struct berval **bvals;
+    CERTCertificate *cert;
+    int c = 0;
+    CERTCertificate **ret = NULL;
+
+    tus_check_conn();
+    bvals = ldap_get_values_len(ld, entry, "userCertificate");
+    if (bvals == NULL)
+        return NULL;
+
+    for (i = 0; bvals[i] != NULL; i++ )
+        c++;    
+    ret = (CERTCertificate **) malloc ((sizeof (CERTCertificate *) * c) + 1);
+    c = 0;
+    for (i = 0; bvals[i] != NULL; i++ ) {
+        cert = CERT_DecodeCertFromPackage((char *) bvals[i]->bv_val, (int) 
+          ( bvals[i]->bv_len ) );
+        ret[c] = cert;
+	c++;
+    }  
+    ret[c] = NULL;
+    return ret;
+   
+}
+
+struct berval **get_attribute_values(LDAPMessage *entry, const char *attribute)
+{
+    int i;
+    unsigned int j;
+    struct berval **bvals = NULL;
+    char buffer[2048];
+    int c = 0;
+    struct berval **ret = NULL;
+
+    tus_check_conn();
+    if (PL_strcasecmp(attribute, "userCertificate") == 0) {
+        bvals = ldap_get_values_len(ld, entry, attribute);
+        if (bvals == NULL)
+            return NULL;
+        for (i = 0; bvals[i] != NULL; i++ ) {
+	    c++;
+        }  
+        ret = (struct berval **) malloc ((sizeof (struct berval *) * c) + 1);
+        for (i=0; i< c; i++) {
+            ret[i] = (struct berval *) malloc(sizeof(struct berval));
+        }
+        ret[c] = NULL;
+        c = 0;
+        for (i = 0; bvals[i] != NULL; i++ ) {
+            char *tmp = BTOA_DataToAscii((unsigned char *)bvals[i]->bv_val,
+                                         (int)bvals[i]->bv_len);
+            snprintf(buffer, 2048, "%s", tmp); 
+            PORT_Free(tmp);
+
+            /* remove \r\n that javascript does not like */
+            for (j = 0; j < strlen(buffer); j++) {
+                if (buffer[j] == '\r') {
+                    buffer[j] = '.';
+                }
+                if (buffer[j] == '\n') {
+                    buffer[j] = '.';
+                }
+            }
+	    ret[c]->bv_val = PL_strdup(buffer);
+            ret[c]->bv_len = PL_strlen(buffer);
+	    c++;
+        }  
+        if (bvals != NULL) {
+            ldap_value_free_len(bvals);
+            bvals = NULL;
+        }
+
+        return ret;
+    } else {
+        return ldap_get_values_len(ld, entry, attribute);
+    }
+}
+
+void free_values(struct berval **values, int ldapValues)
+{
+    if (ldapValues != 0) {
+        if( values != NULL ) {
+            ldap_value_free_len( values );
+            values = NULL;
+        }
+    } else {
+        if( values != NULL ) {
+            PR_Free( values );
+            values = NULL;
+        }
+    }
+}
+
+TPS_PUBLIC char *get_token_users_name()
+{
+    return tokenAttributes[I_TOKEN_USER];
+}
+
+struct berval **get_token_users(LDAPMessage *entry)
+{
+    return ldap_get_values_len(ld, entry, TOKEN_USER);
+}
+
+char *get_token_id_name()
+{
+    return tokenAttributes[I_TOKEN_ID];
+}
+
+char *get_cert_attr_byname(LDAPMessage *entry, const char *name)
+{
+    struct berval **v = NULL;
+    char *value = NULL;
+
+    if (entry == NULL) return NULL;
+
+    v = ldap_get_values_len(ld, entry, name);
+    if (v == NULL) return NULL;
+    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+        value = PL_strdup(v[0]->bv_val);
+    }
+    if( v != NULL ) {
+        ldap_value_free_len( v );
+        v = NULL;
+    }
+
+    return value;
+}
+
+int get_cert_attr_byname_int(LDAPMessage *entry, const char *name)
+{
+    struct berval **v = NULL;
+    int  n = 0;
+
+    if (entry == NULL) return 0;
+
+    v = ldap_get_values_len(ld, entry, name);
+    if (v == NULL) return 0;
+    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+        n = atoi(v[0]->bv_val);
+    }
+    if( v != NULL ) {
+        ldap_value_free_len( v );
+        v = NULL;
+    }
+
+    return n;
+}
+
+
+TPS_PUBLIC char *get_token_reason(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, "tokenReason");
+}
+
+char *get_token_id(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, TOKEN_ID);
+}
+
+char *get_cert_tokenType(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, "tokenType");
+}
+
+char *get_cert_serial(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, "tokenSerial");
+}
+
+char *get_cert_type(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, "tokenKeyType");
+}
+
+char *get_cert_status(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, "tokenStatus");
+}
+
+char *get_cert_issuer(LDAPMessage *entry) {
+    return get_cert_attr_byname(entry, "tokenIssuer");
+}
+
+char *get_cert_cn(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, "cn");
+}
+
+char *get_token_status_name()
+{
+    return tokenAttributes[I_TOKEN_STATUS];
+}
+
+TPS_PUBLIC char *get_reason_name()
+{
+    return tokenAttributes[I_TOKEN_REASON];
+}
+
+TPS_PUBLIC char *get_policy_name()
+{
+    return tokenAttributes[I_TOKEN_POLICY];
+}
+
+char *get_token_status(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, TOKEN_STATUS);
+}
+
+char *get_applet_id_name()
+{
+    return tokenAttributes[I_TOKEN_APPLET];
+}
+
+char *get_applet_id(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, TOKEN_APPLET);
+}
+
+char *get_key_info_name()
+{
+    return tokenAttributes[I_TOKEN_KEY_INFO];
+}
+
+char *get_key_info(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, TOKEN_KEY_INFO);
+}
+
+char *get_creation_date_name()
+{
+    return tokenAttributes[I_TOKEN_C_DATE];
+}
+
+char *get_creation_date(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, TOKEN_C_DATE);
+}
+
+char *get_modification_date_name()
+{
+    return tokenAttributes[I_TOKEN_M_DATE];
+}
+
+char *get_modification_date(LDAPMessage *entry)
+{
+    return get_cert_attr_byname(entry, TOKEN_M_DATE);
+}
+
+char *get_number_of_modifications_name()
+{
+    return tokenAttributes[I_TOKEN_MODS];
+}
+
+int get_number_of_modifications(LDAPMessage *entry)
+{
+    return get_cert_attr_byname_int(entry, TOKEN_MODS);
+}
+
+TPS_PUBLIC char *get_dn(LDAPMessage *entry)
+{
+    char *ret = NULL;
+    char *dn = NULL;
+    if ((dn = ldap_get_dn( ld, entry )) != NULL) {
+        ret = PL_strdup(dn);
+        ldap_memfree(dn);
+    }
+    return ret;
+}
+
+char *get_number_of_resets_name()
+{
+    return tokenAttributes[I_TOKEN_RESETS];
+}
+
+int get_number_of_resets(LDAPMessage *entry)
+{
+    return get_cert_attr_byname_int(entry, TOKEN_RESETS);
+}
+
+char *get_number_of_enrollments_name()
+{
+    return tokenAttributes[I_TOKEN_ENROLLMENTS];
+}
+
+int get_number_of_enrollments(LDAPMessage *entry)
+{
+    return get_cert_attr_byname_int(entry, TOKEN_ENROLLMENTS);
+}
+
+char *get_number_of_renewals_name()
+{
+    return tokenAttributes[I_TOKEN_RENEWALS];
+}
+
+int get_number_of_renewals(LDAPMessage *entry)
+{
+    return get_cert_attr_byname_int(entry, TOKEN_RENEWALS);
+}
+
+char *get_number_of_recoveries_name()
+{
+    return tokenAttributes[I_TOKEN_RECOVERIES];
+}
+
+int get_number_of_recoveries(LDAPMessage *entry)
+{
+    return get_cert_attr_byname_int(entry, TOKEN_RECOVERIES);
+}
+
+TPS_PUBLIC char *get_token_userid(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    struct berval **v = NULL;
+    char *ret = NULL;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values_len(ld, e, TOKEN_USER)) != NULL) {
+                    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+                            ret = PL_strdup(v[0]->bv_val);
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free_len( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return ret;
+}
+
+TPS_PUBLIC char *get_token_policy(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    struct berval **v = NULL;
+    char *ret = NULL;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry(cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values_len(ld, e, TOKEN_POLICY)) != NULL) {
+                    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+                            ret = PL_strdup(v[0]->bv_val);
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free_len( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return ret;
+}
+
+TPS_PUBLIC int allow_token_enroll_policy(char *cn, const char *policy)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    struct berval **v = NULL;
+    int can_reenroll = 0;
+    int token_is_uninitialized = 0;
+    int is_reenroll_attempt = 0;
+    int rc = -1;
+    char *token_status = NULL;
+
+    if(PL_strstr(policy,"RE_ENROLL"))
+        is_reenroll_attempt = 1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if(is_reenroll_attempt) {
+                    token_status = get_token_status(e);
+
+                    if(token_status && PL_strcmp(token_status,STATE_UNINITIALIZED) == 0)
+                        token_is_uninitialized = 1;
+
+                    if(token_status)  {    
+                        PR_Free(token_status);
+                        token_status = NULL;
+                    }
+                }
+
+                if ((v = ldap_get_values_len(ld, e, TOKEN_POLICY)) != NULL) {
+                    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+                        if (PL_strstr(v[0]->bv_val, policy)) {
+                            can_reenroll = 1;
+                        }  else  {
+                            if( is_reenroll_attempt && token_is_uninitialized)  {
+                                can_reenroll = 1;
+                            }
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free_len( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return can_reenroll;
+}
+
+TPS_PUBLIC int allow_token_renew(char *cn)
+{
+    return allow_token_enroll_policy(cn, "RENEW=YES");
+}
+
+TPS_PUBLIC int allow_token_reenroll(char *cn)
+{
+    return allow_token_enroll_policy(cn, "RE_ENROLL=YES");
+}
+
+TPS_PUBLIC int force_token_format(char *cn)
+{
+    return allow_token_enroll_policy(cn,"FORCE_FORMAT=YES");
+}
+
+TPS_PUBLIC int is_token_present(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    int present = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                present = 1;
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return present;
+}
+
+TPS_PUBLIC int is_token_pin_resetable(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    struct berval **v = NULL;
+    int resetable = 1;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values_len(ld, e, TOKEN_POLICY)) != NULL) {
+                    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+                        if (PL_strstr(v[0]->bv_val, "PIN_RESET=NO")) {
+                            resetable = 0;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free_len( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return resetable;
+}
+
+TPS_PUBLIC int is_update_pin_resetable_policy(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    struct berval **v = NULL;
+    int resetable = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values_len(ld, e, TOKEN_POLICY)) != NULL) {
+                    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+                        if (PL_strstr(v[0]->bv_val, "RESET_PIN_RESET_TO_NO=YES")) {
+                            resetable = 1;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free_len( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return resetable;
+}
+
+TPS_PUBLIC int is_tus_db_entry_disabled(char *cn)
+{
+    LDAPMessage *result = NULL;
+    LDAPMessage *e = NULL;
+    struct berval **v = NULL;
+    int disabled = 0;
+    int rc = -1;
+
+    if (cn != NULL && PL_strlen(cn) > 0) {
+        if ((rc = find_tus_db_entry (cn, 0, &result)) == LDAP_SUCCESS) {
+            e = get_first_entry (result);
+            if (e != NULL) {
+                if ((v = ldap_get_values_len(ld, e, TOKEN_STATUS)) != NULL) {
+                    if ((valid_berval(v)) && (PL_strlen(v[0]->bv_val) > 0)) {
+                        if (!PL_strcasecmp(v[0]->bv_val, STATE_DISABLED)) {
+                            disabled = 1;
+                        }
+                    }
+                    if( v != NULL ) {
+                        ldap_value_free_len( v );
+                        v = NULL;
+                    }
+                }
+            }
+            if( result != NULL ) {
+                free_results( result );
+                result = NULL;
+            }
+        }
+    }
+    return disabled;
+}
+
+TPS_PUBLIC LDAPMod **allocate_modifications(int size)
+{
+    int i, n;
+    LDAPMod **mods = NULL;
+    char *s;
+
+    n = ((size + 1) * sizeof(LDAPMod *)) + (size * sizeof(LDAPMod));
+    s = (char *) PR_Malloc(n);
+    if (s == NULL)
+        return NULL;
+    memset(s, 0, n);
+
+    mods = (LDAPMod **)s;
+
+    s += ((size + 1) * sizeof(LDAPMod *));
+
+    for (i = 0; i < size; i++) {
+        mods[i] = (LDAPMod *)s;
+        s += sizeof(LDAPMod);
+    }
+
+    return mods;
+}
+
+void free_modifications(LDAPMod **mods, int ldapValues)
+{
+    int i;
+
+    if( mods == NULL ) {
+        return;
+    }
+
+    if (ldapValues) {
+        ldap_mods_free(mods, 0);
+        return;
+    }
+
+    for (i = 0; mods[i] != NULL; i++) {
+        if ((mods[i]->mod_op & LDAP_MOD_BVALUES) &&
+            (mods[i]->mod_bvalues != NULL)) {
+            if( ( mods[i] != NULL ) && ( mods[i]->mod_bvalues != NULL ) ) {
+                PR_Free( mods[i]->mod_bvalues );
+                mods[i]->mod_bvalues = NULL;
+            }
+        } else if (mods[i]->mod_values != NULL) {
+            if( ( mods[i] != NULL ) && ( mods[i]->mod_values != NULL ) ) {
+                PR_Free( mods[i]->mod_values );
+                mods[i]->mod_values = NULL;
+            }
+        }
+    }
+    if( mods != NULL ) {
+        PR_Free( mods );
+        mods = NULL;
+    }
+}
+
+TPS_PUBLIC char **allocate_values(int size, int extra)
+{
+    int  n;
+    char **values = NULL;
+    char *s;
+
+    n = (size + 1) * sizeof(char *);
+    if (extra > 0) {
+        n += extra * sizeof(char);
+    }
+    s = (char *) PR_Malloc(n);
+    if (s == NULL)
+        return NULL;
+    memset(s, 0, n);
+
+    values = (char **)s;
+
+    if (extra > 0) {
+        s += ((size + 1) * sizeof(char *));
+        values[0] = s;
+    }
+
+    return values;
+}
+
+TPS_PUBLIC char **create_modification_date_change()
+{
+    PRExplodedTime time;
+    PRTime now;
+    char **v = NULL;
+
+    if ((v = allocate_values(1, 16)) == NULL) {
+        return NULL;
+    }
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+
+    PR_snprintf(v[0], 16, "%04d%02d%02d%02d%02d%02dZ",
+                time.tm_year, (time.tm_month + 1), time.tm_mday,
+                time.tm_hour, time.tm_min, time.tm_sec);
+
+    return v;
+}
+
+/**
+ * Reads password.conf file
+ */
+static int ReadLine(PRFileDesc *f, char *buf, int buf_len, int *removed_return)
+{
+       char *cur = buf;
+       int sum = 0;
+       PRInt32 rc;
+
+       *removed_return = 0;
+       while (1) {
+         rc = PR_Read(f, cur, 1);
+         if (rc == -1 || rc == 0)
+             break;
+         if (*cur == '\r') {
+             continue;
+         }
+         if (*cur == '\n') {
+             *cur = '\0';
+             *removed_return = 1;
+             break;
+         }
+         sum++;
+         cur++;
+       }
+       return sum;
+}
+
+#define MAX_CFG_LINE_LEN 4096
+/*
+ * Search for password name "name" in the password file "filepath"
+ */
+char *get_pwd_from_conf(char *filepath, char *name)
+{
+    PRFileDesc *fd;
+    char line[MAX_CFG_LINE_LEN];
+    int removed_return;
+    char *val= NULL;
+
+    if (debug_fd)
+	    PR_fprintf(debug_fd, "get_pwd_from_conf looking for %s\n", name);
+    fd= PR_Open(filepath, PR_RDONLY, 400);
+    if (fd == NULL) {
+        return NULL;
+    }
+    if (debug_fd)
+	    PR_fprintf(debug_fd, "get_pwd_from_conf opened %s\n", filepath);
+
+    while (1) {
+        int n = ReadLine(fd, line, MAX_CFG_LINE_LEN, &removed_return);
+        if (n > 0) {
+            /* handle comment line */
+            if (line[0] == '#')
+                continue;
+            int c = 0;
+            while ((c < n) && (line[c] != ':')) {
+                c++;
+            }
+            if (c < n) {
+                line[c] = '\0';
+            } else {
+                continue; /* no ':', skip this line */
+            }
+            if (!PL_strcmp (line, name)) {
+                if (debug_fd)
+	              PR_fprintf(debug_fd, "get_pwd_from_conf found %s is %s\n", line, &line[c+1]);
+                val =  PL_strdup(&line[c+1]);
+                break;
+            }
+        } else if (n == 0 && removed_return == 1) {
+            continue; /* skip empty line */
+        } else {
+            break;
+        }
+    }
+    if( fd != NULL ) {
+        PR_Close( fd );
+        fd = NULL;
+    }
+    return val;
+
+}
+
+void audit_log(const char *func_name, const char *userid, const char *msg)
+{
+    const char* time_fmt = "%Y-%m-%d %H:%M:%S";
+    char datetime[1024];
+    PRTime now;
+    PRExplodedTime time;
+    PRThread *ct;
+
+    if (audit_fd == NULL)
+        return;
+
+    now = PR_Now();
+    PR_ExplodeTime(now, PR_LocalTimeParameters, &time);
+    PR_FormatTimeUSEnglish(datetime, 1024, time_fmt, &time);
+    ct = PR_GetCurrentThread();
+    PR_fprintf(audit_fd, "[%s] t=%x uid=%s op=%s - ", 
+	datetime, ct, userid, func_name);
+    PR_fprintf(audit_fd, msg);
+    PR_fprintf(audit_fd, "\n");
+}
+
+int base64_decode( char *src, unsigned char *dst )
+{
+
+#define RIGHT2            0x03
+#define RIGHT4            0x0f
+
+         unsigned char b642nib[0x80] = {
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0xff, 0xff, 0x3e, 0xff, 0xff, 0xff, 0x3f,
+         0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b,
+         0x3c, 0x3d, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+         0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
+         0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16,
+         0x17, 0x18, 0x19, 0xff, 0xff, 0xff, 0xff, 0xff,
+         0xff, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20,
+         0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28,
+         0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, 0x30,
+         0x31, 0x32, 0x33, 0xff, 0xff, 0xff, 0xff, 0xff
+         };
+         char            *p, *stop;
+         unsigned char   nib, *byte;
+         int             i, len;
+ 
+         stop = strchr( src, '\0' );
+         byte = dst;
+         for ( p = src, len = 0; p < stop; p += 4, len += 3 ) {
+                 for ( i = 0; i < 4; i++ ) {
+                         if ( p[i] != '=' && (p[i] & 0x80 ||
+                             b642nib[ p[i] & 0x7f ] > 0x3f) ) {
+                                 return( -1 );
+                         }
+                 }
+ 
+                 /* first digit */
+                 nib = b642nib[ p[0] & 0x7f ];
+                 byte[0] = nib << 2;
+ 
+                 /* second digit */
+                 nib = b642nib[ p[1] & 0x7f ];
+                 byte[0] |= nib >> 4;
+ 
+                 /* third digit */
+                 if ( p[2] == '=' ) {
+                         len += 1;
+                         break;
+                 }
+                 byte[1] = (nib & RIGHT4) << 4;
+                 nib = b642nib[ p[2] & 0x7f ];
+                 byte[1] |= nib >> 2;
+ 
+                 /* fourth digit */
+                 if ( p[3] == '=' ) {
+                         len += 2;
+                         break;
+                 }
+                 byte[2] = (nib & RIGHT2) << 6;
+                 nib = b642nib[ p[3] & 0x7f ];
+                 byte[2] |= nib;
+ 
+                 byte += 3;
+         }
+ 
+         return( len );
+}
+
diff --git a/pki/base/tps/stubs/modules/nss/mod_nss_stub.c b/pki/base/tps/stubs/modules/nss/mod_nss_stub.c
new file mode 100644
index 000000000..b47fa0edb
--- /dev/null
+++ b/pki/base/tps/stubs/modules/nss/mod_nss_stub.c
@@ -0,0 +1,51 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef XP_WIN32
+#define MOD_NSS_STUB_PUBLIC __declspec(dllexport)
+#else /* !XP_WIN32 */
+#define MOD_NSS_STUB_PUBLIC
+#endif /* !XP_WIN32 */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifndef XP_WIN32
+#include <unistd.h>  /* sleep */
+#else /* XP_WIN32 */
+#include <windows.h>
+#endif /* XP_WIN32 */
+
+#include "httpd/httpd.h"
+#include "httpd/http_config.h"
+#include "httpd/http_log.h"
+#include "httpd/http_protocol.h"
+#include "httpd/http_main.h"
+#include "httpd/apr_strings.h"
+
+MOD_NSS_STUB_PUBLIC char *nss_var_lookup( apr_pool_t *p, server_rec *s,
+                                          conn_rec *c, request_rec *r,
+                                          char *var )
+{
+	return NULL;
+}
+
diff --git a/pki/base/tps/tools/CMakeLists.txt b/pki/base/tps/tools/CMakeLists.txt
new file mode 100644
index 000000000..6ed05c43d
--- /dev/null
+++ b/pki/base/tps/tools/CMakeLists.txt
@@ -0,0 +1 @@
+add_subdirectory(raclient)
diff --git a/pki/base/tps/tools/raclient/CMakeLists.txt b/pki/base/tps/tools/raclient/CMakeLists.txt
new file mode 100644
index 000000000..8f01b34d8
--- /dev/null
+++ b/pki/base/tps/tools/raclient/CMakeLists.txt
@@ -0,0 +1,47 @@
+project(tpsclient CXX)
+
+set(TPS_PRIVATE_INCLUDE_DIRS
+    ${TPS_PUBLIC_INCLUDE_DIRS}
+    ${CMAKE_BINARY_DIR}
+    ${NSPR_INCLUDE_DIRS}
+    ${NSS_INCLUDE_DIRS}
+)
+
+set(TPS_EXECUTABLE
+    tpsclient
+    CACHE INTERNAL "tpsclient executable"
+)
+
+set(TPS_LINK_LIBRARIES
+    ${TPS_SHARED_LIBRARY}
+    ${NSPR_LIBRARIES}
+    ${NSS_LIBRARIES}
+)
+
+set(tpsclient_SRCS
+    RA_Client.cpp
+    RA_Conn.cpp
+    RA_Token.cpp
+)
+
+include_directories(${TPS_PRIVATE_INCLUDE_DIRS})
+
+add_executable(${TPS_EXECUTABLE} ${tpsclient_SRCS})
+target_link_libraries(${TPS_EXECUTABLE} ${TPS_LINK_LIBRARIES})
+
+install(
+    TARGETS
+        ${TPS_EXECUTABLE}
+    RUNTIME DESTINATION ${BIN_INSTALL_DIR}
+    LIBRARY DESTINATION ${LIB_INSTALL_DIR}/tps
+    ARCHIVE DESTINATION ${LIB_INSTALL_DIR}/tps
+)
+
+install(
+    FILES
+        enroll.tps
+        format.tps
+        reset_pin.tps
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/tps/samples
+)
diff --git a/pki/base/tps/tools/raclient/RA_Client.cpp b/pki/base/tps/tools/raclient/RA_Client.cpp
new file mode 100644
index 000000000..c2a610e33
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Client.cpp
@@ -0,0 +1,1645 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <stdio.h>
+#include <string.h>
+#include <stdarg.h>
+#include "prinrval.h"
+
+#include "prmem.h"
+#include "prsystem.h"
+#include "plstr.h"
+#include "prio.h"
+#include "prprf.h"
+#include "pk11func.h"
+
+#include "main/NameValueSet.h"
+#include "main/Util.h"
+#include "main/RA_Msg.h"
+#include "authentication/AuthParams.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "RA_Token.h"
+#include "RA_Client.h"
+
+#include "nss.h"
+
+static PRFileDesc *m_fd_debug = (PRFileDesc *) NULL;
+PRBool old_style = PR_TRUE;
+
+/**
+ * Constructs a RA client that talks to RA.
+ */
+RA_Client::RA_Client ()
+{
+  /* default global variables */
+  m_vars.Add ("ra_host", "air");
+  m_vars.Add ("ra_port", "8000");
+  m_vars.Add ("ra_uri", "/nk_service");
+}
+
+/**
+ * Destructs this RA client.
+ */
+RA_Client::~RA_Client ()
+{
+  if (m_fd_debug != NULL)
+    {
+      PR_Close (m_fd_debug);
+      m_fd_debug = NULL;
+    }
+}
+
+static void
+PrintHeader ()
+{
+  printf ("Registration Authority Client\n");
+  printf ("'op=help' for Help\n");
+}
+
+static void
+Output (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Output> ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+static void
+PrintPrompt ()
+{
+  printf ("Command>");
+}
+
+static void
+OutputSuccess (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Result> Success - ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+static void
+OutputError (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Result> Error - ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+static int
+ReadLine (char *buf, int len)
+{
+  char *cur = buf;
+
+  while (1)
+    {
+      *cur = getchar ();
+      if (*cur == '\r')
+	{
+	  continue;
+	}
+      if (*cur == '\n')
+	{
+	  *cur = '\0';
+	  return 1;
+	}
+      cur++;
+    }
+  return 0;
+}
+
+void
+RA_Client::Debug (const char *func_name, const char *fmt, ...)
+{
+  PRTime now;
+  const char *time_fmt = "%Y-%m-%d %H:%M:%S";
+  char datetime[1024];
+  PRExplodedTime time;
+
+  if (m_fd_debug == NULL)
+    return;
+  va_list ap;
+  va_start (ap, fmt);
+  now = PR_Now ();
+  PR_ExplodeTime (now, PR_LocalTimeParameters, &time);
+  PR_FormatTimeUSEnglish (datetime, 1024, time_fmt, &time);
+  PR_fprintf (m_fd_debug, "[%s] %s - ", datetime, func_name);
+  PR_vfprintf (m_fd_debug, fmt, ap);
+  va_end (ap);
+  PR_Write (m_fd_debug, "\n", 1);
+}
+
+int
+RA_Client::OpHelp (NameValueSet * params)
+{
+  Output ("Available Operations:");
+  Output ("op=debug filename=<filename> - enable debugging");
+  Output ("op=help");
+  Output
+    ("op=ra_enroll uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> keygen=<true|false> - Enrollment Via RA");
+  Output
+    ("op=ra_reset_pin uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> new_pin=<new_pin> - Reset Pin Via RA");
+  Output
+    ("op=ra_update uid=<uid> pwd=<pwd> num_threads=<number of threads> secureid_pin=<secureid_pin> new_pin=<new_pin> - Reset Pin Via RA");
+  Output ("op=token_set <name>=<value> - Set Token Value");
+  Output ("op=token_status - Print Token Status");
+  Output ("op=var_get name=<name> - Get Value of Variable");
+  Output ("op=var_list - List All Variables");
+  Output ("op=var_set name=<name> value=<value> - Set Value to Variable");
+
+  return 1;
+}
+
+static void
+GetBuffer (Buffer & buf, char *output, int len)
+{
+  int i;
+
+  output[0] = '\0';
+  for (i = 0; i < (int) buf.size (); ++i)
+    {
+      sprintf (output, "%s%02x", output, ((BYTE *) buf)[i]);
+    }
+}
+
+static BYTE
+ToVal (char c)
+{
+  if (c >= '0' && c <= '9')
+    {
+      return c - '0';
+    }
+  else if (c >= 'A' && c <= 'Z')
+    {
+      return c - 'A' + 10;
+    }
+  else if (c >= 'a' && c <= 'z')
+    {
+      return c - 'a' + 10;
+    }
+
+  /* The following return is needed to suppress compiler warnings on Linux. */
+  return 0;
+}
+
+static Buffer *
+ToBuffer (char *input)
+{
+  int len = strlen (input) / 2;
+  BYTE *buffer = NULL;
+
+  buffer = (BYTE *) malloc (len);
+  if (buffer == NULL)
+    {
+      return NULL;
+    }
+
+  for (int i = 0; i < len; i++)
+    {
+      buffer[i] = (ToVal (input[i * 2]) * 16) + ToVal (input[i * 2 + 1]);
+    }
+  Buffer *j;
+  j = new Buffer (buffer, len);
+
+  if (buffer != NULL)
+    {
+      free (buffer);
+      buffer = NULL;
+    }
+
+  return j;
+}
+
+int
+RA_Client::OpTokenStatus (NameValueSet * params)
+{
+  int i;
+  char output[2048];
+
+  Output ("life_cycle_state : '%x'", m_token.GetLifeCycleState ());
+  Output ("pin : '%s'", m_token.GetPIN ());
+  GetBuffer (m_token.GetAppletVersion (), output, 2048);
+  Output ("app_ver : '%s' (%d bytes)", output,
+	  m_token.GetAppletVersion ().size ());
+  Output ("major_ver : '%x'", m_token.GetMajorVersion ());
+  Output ("minor_ver : '%x'", m_token.GetMinorVersion ());
+  GetBuffer (m_token.GetCUID (), output, 2048);
+  Output ("cuid : '%s' (%d bytes)", output, m_token.GetCUID ().size ());
+  GetBuffer (m_token.GetMSN (), output, 2048);
+  Output ("msn : '%s' (%d bytes)", output, m_token.GetMSN ().size ());
+  GetBuffer (m_token.GetKeyInfo (), output, 2048);
+  Output ("key_info : '%s' (%d bytes)", output,
+	  m_token.GetKeyInfo ().size ());
+  GetBuffer (m_token.GetAuthKey (), output, 2048);
+  Output ("auth_key : '%s' (%d bytes)", output,
+	  m_token.GetAuthKey ().size ());
+  GetBuffer (m_token.GetMacKey (), output, 2048);
+  Output ("mac_key : '%s' (%d bytes)", output, m_token.GetMacKey ().size ());
+  GetBuffer (m_token.GetKekKey (), output, 2048);
+  Output ("kek_key : '%s' (%d bytes)", output, m_token.GetKekKey ().size ());
+
+  /* print all the public/private keys */
+  if (params->GetValue ("print_cert") != NULL)
+    {
+      for (i = 0; i < m_token.NoOfCertificates (); i++)
+	{
+	  CERTCertificate *cert = m_token.GetCertificate (i);
+	  Output ("Certificate #%d: '%s'", i, cert->nickname);
+	}
+    }
+
+  if (params->GetValue ("print_private") != NULL)
+    {
+      for (i = 0; i < m_token.NoOfPrivateKeys (); i++)
+	{
+	  SECKEYPrivateKey *key = m_token.GetPrivateKey (i);
+#if 0
+	  SECKEYPublicKey *pubKey = SECKEY_ConvertToPublicKey (key);
+	  Buffer modulus = Buffer (pubKey->u.rsa.modulus.data,
+				   pubKey->u.rsa.modulus.len);
+	  Buffer exponent = Buffer (pubKey->u.rsa.publicExponent.data,
+				    pubKey->u.rsa.publicExponent.len);
+#endif
+	  Output ("Private Key #%d: '%s'", i,
+		  PK11_GetPrivateKeyNickname (key));
+	}
+    }
+
+  return 1;
+}
+
+int
+RA_Client::OpTokenSet (NameValueSet * params)
+{
+  if (params->GetValue ("cuid") != NULL)
+    {
+      Buffer *CUID = ToBuffer (params->GetValue ("cuid"));
+      m_token.SetCUID (*CUID);
+      if (CUID != NULL)
+	{
+	  delete CUID;
+	  CUID = NULL;
+	}
+    }
+  if (params->GetValue ("msn") != NULL)
+    {
+      Buffer *MSN = ToBuffer (params->GetValue ("msn"));
+      m_token.SetMSN (*MSN);
+      if (MSN != NULL)
+	{
+	  delete MSN;
+	  MSN = NULL;
+	}
+    }
+  if (params->GetValue ("app_ver") != NULL)
+    {
+      Buffer *Version = ToBuffer (params->GetValue ("app_ver"));
+      m_token.SetAppletVersion (*Version);
+      if (Version != NULL)
+	{
+	  delete Version;
+	  Version = NULL;
+	}
+    }
+  if (params->GetValue ("major_ver") != NULL)
+    {
+      m_token.SetMajorVersion (atoi (params->GetValue ("major_ver")));
+    }
+  if (params->GetValue ("minor_ver") != NULL)
+    {
+      m_token.SetMinorVersion (atoi (params->GetValue ("minor_ver")));
+    }
+  if (params->GetValue ("key_info") != NULL)
+    {
+      Buffer *KeyInfo = ToBuffer (params->GetValue ("key_info"));
+      m_token.SetKeyInfo (*KeyInfo);
+      if (KeyInfo != NULL)
+	{
+	  delete KeyInfo;
+	  KeyInfo = NULL;
+	}
+    }
+  if (params->GetValue ("auth_key") != NULL)
+    {
+      Buffer *Key = ToBuffer (params->GetValue ("auth_key"));
+      m_token.SetAuthKey (*Key);
+      if (Key != NULL)
+	{
+	  delete Key;
+	  Key = NULL;
+	}
+    }
+  if (params->GetValue ("mac_key") != NULL)
+    {
+      Buffer *Key = ToBuffer (params->GetValue ("mac_key"));
+      m_token.SetMacKey (*Key);
+      if (Key != NULL)
+	{
+	  delete Key;
+	  Key = NULL;
+	}
+    }
+  if (params->GetValue ("kek_key") != NULL)
+    {
+      Buffer *Key = ToBuffer (params->GetValue ("kek_key"));
+      m_token.SetKekKey (*Key);
+      if (Key != NULL)
+	{
+	  delete Key;
+	  Key = NULL;
+	}
+    }
+  return 1;
+}
+
+static int
+HandleStatusUpdateRequest (RA_Client * client,
+			   RA_Status_Update_Request_Msg * req,
+			   RA_Token * token, RA_Conn * conn,
+			   NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleStatusUpdateRequest",
+		 "RA_Client::HandleStatusUpdateRequest");
+  RA_Status_Update_Response_Msg resp =
+    RA_Status_Update_Response_Msg (req->GetStatus ());
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleExtendedLoginRequest (RA_Client * client,
+			    RA_Extended_Login_Request_Msg * req,
+			    RA_Token * token, RA_Conn * conn,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleExtendLoginRequest",
+		 "RA_Client::HandleExtendedLoginRequest");
+  AuthParams *auths = new AuthParams;
+  auths->SetUID (params->GetValue ("uid"));
+  auths->SetPassword (params->GetValue ("pwd"));
+  if (vars->GetValueAsBool ("test_enable", 0) == 1)
+    {
+      if (vars->GetValueAsBool ("test_el_resp_exclude_uid", 0) == 1)
+	{
+	  auths->Remove ("UID");
+	}
+      if (vars->GetValueAsBool ("test_el_resp_exclude_pwd", 0) == 1)
+	{
+	  auths->Remove ("PASSWORD");
+	}
+      if (vars->GetValueAsBool ("test_el_resp_include_invalid_param", 0) == 1)
+	{
+	  auths->Add ("XXX", "YYY");
+	}
+    }
+  RA_Extended_Login_Response_Msg resp =
+    RA_Extended_Login_Response_Msg (auths);
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleLoginRequest (RA_Client * client,
+		    RA_Login_Request_Msg * req,
+		    RA_Token * token, RA_Conn * conn,
+		    NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleLoginRequest",
+		 "RA_Client::HandleLoginRequest");
+  RA_Login_Response_Msg resp =
+    RA_Login_Response_Msg (params->GetValue ("uid"),
+			   params->GetValue ("pwd"));
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleNewPinRequest (RA_Client * client,
+		     RA_New_Pin_Request_Msg * req,
+		     RA_Token * token, RA_Conn * conn,
+		     NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleNewPinRequest",
+		 "RA_Client::HandleNewPinRequest");
+  int min_len = req->GetMinLen ();
+  int max_len = req->GetMaxLen ();
+  Output ("Min Len: '%d' Max Len: '%d'", min_len, max_len);
+  RA_New_Pin_Response_Msg resp =
+    RA_New_Pin_Response_Msg (params->GetValue ("new_pin"));
+  conn->SendMsg (&resp);
+
+  return 1;
+}
+
+static int
+HandleASQRequest (RA_Client * client,
+		  RA_ASQ_Request_Msg * req,
+		  RA_Token * token, RA_Conn * conn,
+		  NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleASQRequest",
+		 "RA_Client::HandleASQRequest");
+  Output ("ASQ Question: '%s'", req->GetQuestion ());
+  RA_ASQ_Response_Msg resp =
+    RA_ASQ_Response_Msg (params->GetValue ("answer"));
+  conn->SendMsg (&resp);
+
+  return 1;
+}
+
+static int
+HandleSecureIdRequest (RA_Client * client,
+		       RA_SecureId_Request_Msg * req,
+		       RA_Token * token, RA_Conn * conn,
+		       NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleSecureIdRequest",
+		 "RA_Client::HandleSecureIdRequest");
+  int pin_required = req->IsPinRequired ();
+  int next_value = req->IsNextValue ();
+  Output ("Pin Required: '%d' Next Value: '%d'", pin_required, next_value);
+  RA_SecureId_Response_Msg resp =
+    RA_SecureId_Response_Msg (params->GetValue ("secureid_value"),
+			      params->GetValue ("secureid_pin"));
+  conn->SendMsg (&resp);
+  return 1;
+}
+
+static int
+HandleTokenPDURequest (RA_Client * client,
+		       RA_Token_PDU_Request_Msg * req,
+		       RA_Token * token, RA_Conn * conn,
+		       NameValueSet * vars, NameValueSet * params)
+{
+  client->Debug ("RA_Client::HandleTokenPDURequest",
+		 "RA_Client::HandleTokenPDURequest");
+  APDU *apdu = req->GetAPDU ();
+  APDU_Response *apdu_resp = token->Process (apdu, vars, params);
+  if (apdu_resp == NULL)
+    {
+      return 0;
+    }
+  RA_Token_PDU_Response_Msg *resp = new RA_Token_PDU_Response_Msg (apdu_resp);
+  conn->SendMsg (resp);
+
+  if (resp != NULL)
+    {
+      delete resp;
+      resp = NULL;
+    }
+  // if( apdu_resp != NULL ) {
+  //     delete apdu_resp;
+  //     apdu_resp = NULL;
+  // }
+
+  return 1;
+}
+
+
+typedef struct _ThreadArg
+{
+  PRTime time;			/* processing time */
+  int status;			/* status result */
+  NameValueSet *params;		/* parameters */
+  RA_Client *client;		/* client */
+  RA_Token *token;		/* token */
+
+  PRLock *donelock;		/* lock */
+  int done;			/* are we done? */
+} ThreadArg;
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+  static void ThreadConnUpdate (void *arg)
+  {
+    PRTime start, end;
+    ThreadArg *targ = (ThreadArg *) arg;
+
+      start = PR_Now ();
+    RA_Conn conn (targ->client->m_vars.GetValue ("ra_host"),
+		  atoi (targ->client->m_vars.GetValue ("ra_port")),
+		  targ->client->m_vars.GetValue ("ra_uri"));
+
+    if (!conn.Connect ())
+      {
+	OutputError ("Cannot connect to %s:%d",
+		     targ->client->m_vars.GetValue ("ra_host"),
+		     atoi (targ->client->m_vars.GetValue ("ra_port")));
+	targ->status = 0;
+	if (!old_style)
+	  {
+	    PR_Lock (targ->donelock);
+	    targ->done = PR_TRUE;
+	    PR_Unlock (targ->donelock);
+	  }
+
+	return;
+      }
+
+    NameValueSet *exts = NULL;
+    char *extensions =
+      targ->params->GetValueAsString ((char *) "extensions", NULL);
+    if (extensions != NULL)
+      {
+	exts = NameValueSet::Parse (extensions, "&");
+      }
+
+    RA_Begin_Op_Msg beginOp = RA_Begin_Op_Msg (OP_FORMAT, exts);
+    conn.SendMsg (&beginOp);
+
+    /* handle secure ID (optional) */
+    while (1)
+      {
+	RA_Msg *msg = (RA_Msg *) conn.ReadMsg (targ->token);
+	if (msg == NULL)
+	  break;
+	if (msg->GetType () == MSG_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleLoginRequest (targ->client, (RA_Login_Request_Msg *) msg,
+				  targ->token, &conn, &targ->client->m_vars,
+				  targ->params);
+	  }
+	else if (msg->GetType () == MSG_EXTENDED_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleExtendedLoginRequest (targ->client,
+					  (RA_Extended_Login_Request_Msg *)
+					  msg, targ->token, &conn,
+					  &targ->client->m_vars,
+					  targ->params);
+	  }
+	else if (msg->GetType () == MSG_STATUS_UPDATE_REQUEST)
+	  {
+	    targ->status =
+	      HandleStatusUpdateRequest (targ->client,
+					 (RA_Status_Update_Request_Msg *) msg,
+					 targ->token, &conn,
+					 &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_SECUREID_REQUEST)
+	  {
+	    targ->status =
+	      HandleSecureIdRequest (targ->client,
+				     (RA_SecureId_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_ASQ_REQUEST)
+	  {
+	    targ->status =
+	      HandleASQRequest (targ->client, (RA_ASQ_Request_Msg *) msg,
+				targ->token, &conn, &targ->client->m_vars,
+				targ->params);
+	  }
+	else if (msg->GetType () == MSG_TOKEN_PDU_REQUEST)
+	  {
+	    targ->status =
+	      HandleTokenPDURequest (targ->client,
+				     (RA_Token_PDU_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_NEW_PIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleNewPinRequest (targ->client,
+				   (RA_New_Pin_Request_Msg *) msg,
+				   targ->token, &conn, &targ->client->m_vars,
+				   targ->params);
+	  }
+	else if (msg->GetType () == MSG_END_OP)
+	  {
+	    RA_End_Op_Msg *endOp = (RA_End_Op_Msg *) msg;
+	    if (endOp->GetResult () == 0)
+	      {
+		targ->status = 1;	/* error */
+	      }
+	    else
+	      {
+		targ->status = 0;
+	      }
+	    if (msg != NULL)
+	      {
+		delete msg;
+		msg = NULL;
+	      }
+	    break;
+	  }
+	else
+	  {
+	    /* error */
+	    targ->status = 0;
+	  }
+	if (msg != NULL)
+	  {
+	    delete msg;
+	    msg = NULL;
+	  }
+
+	if (targ->status == 0)
+	  break;
+      }
+
+    conn.Close ();
+    end = PR_Now ();
+    targ->time = (end - start) / 1000;
+
+    if (!old_style)
+      {
+	PR_Lock (targ->donelock);
+	targ->done = PR_TRUE;
+	PR_Unlock (targ->donelock);
+      }
+  }
+
+  static void ThreadConnResetPin (void *arg)
+  {
+    PRTime start, end;
+    ThreadArg *targ = (ThreadArg *) arg;
+
+    start = PR_Now ();
+    RA_Conn conn (targ->client->m_vars.GetValue ("ra_host"),
+		  atoi (targ->client->m_vars.GetValue ("ra_port")),
+		  targ->client->m_vars.GetValue ("ra_uri"));
+
+    if (!conn.Connect ())
+      {
+	OutputError ("Cannot connect to %s:%d",
+		     targ->client->m_vars.GetValue ("ra_host"),
+		     atoi (targ->client->m_vars.GetValue ("ra_port")));
+	targ->status = 0;
+
+	if (!old_style)
+	  {
+	    PR_Lock (targ->donelock);
+	    targ->done = PR_TRUE;
+	    PR_Unlock (targ->donelock);
+	  }
+
+	return;
+      }
+
+    NameValueSet *exts = NULL;
+    char *extensions =
+      targ->params->GetValueAsString ((char *) "extensions", NULL);
+    if (extensions != NULL)
+      {
+	exts = NameValueSet::Parse (extensions, "&");
+      }
+
+    RA_Begin_Op_Msg beginOp = RA_Begin_Op_Msg (OP_RESET_PIN, exts);
+    conn.SendMsg (&beginOp);
+
+    /* handle secure ID (optional) */
+    while (1)
+      {
+	RA_Msg *msg = (RA_Msg *) conn.ReadMsg (targ->token);
+	if (msg == NULL)
+	  break;
+	if (msg->GetType () == MSG_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleLoginRequest (targ->client, (RA_Login_Request_Msg *) msg,
+				  targ->token, &conn, &targ->client->m_vars,
+				  targ->params);
+	  }
+	else if (msg->GetType () == MSG_EXTENDED_LOGIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleExtendedLoginRequest (targ->client,
+					  (RA_Extended_Login_Request_Msg *)
+					  msg, targ->token, &conn,
+					  &targ->client->m_vars,
+					  targ->params);
+	  }
+	else if (msg->GetType () == MSG_STATUS_UPDATE_REQUEST)
+	  {
+	    targ->status =
+	      HandleStatusUpdateRequest (targ->client,
+					 (RA_Status_Update_Request_Msg *) msg,
+					 targ->token, &conn,
+					 &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_SECUREID_REQUEST)
+	  {
+	    targ->status =
+	      HandleSecureIdRequest (targ->client,
+				     (RA_SecureId_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_ASQ_REQUEST)
+	  {
+	    targ->status =
+	      HandleASQRequest (targ->client, (RA_ASQ_Request_Msg *) msg,
+				targ->token, &conn, &targ->client->m_vars,
+				targ->params);
+	  }
+	else if (msg->GetType () == MSG_TOKEN_PDU_REQUEST)
+	  {
+	    targ->status =
+	      HandleTokenPDURequest (targ->client,
+				     (RA_Token_PDU_Request_Msg *) msg,
+				     targ->token, &conn,
+				     &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_NEW_PIN_REQUEST)
+	  {
+	    targ->status =
+	      HandleNewPinRequest (targ->client,
+				   (RA_New_Pin_Request_Msg *) msg,
+				   targ->token, &conn, &targ->client->m_vars,
+				   targ->params);
+	  }
+	else if (msg->GetType () == MSG_END_OP)
+	  {
+	    RA_End_Op_Msg *endOp = (RA_End_Op_Msg *) msg;
+	    if (endOp->GetResult () == 0)
+	      {
+		targ->status = 1;	/* error */
+	      }
+	    else
+	      {
+		targ->status = 0;
+	      }
+	    if (msg != NULL)
+	      {
+		delete msg;
+		msg = NULL;
+	      }
+	    break;
+	  }
+	else
+	  {
+	    /* error */
+	    targ->status = 0;
+	  }
+	if (msg != NULL)
+	  {
+	    delete msg;
+	    msg = NULL;
+	  }
+
+	if (targ->status == 0)
+	  break;
+      }
+
+    conn.Close ();
+    end = PR_Now ();
+    targ->time = (end - start) / 1000;
+
+    if (!old_style)
+      {
+	PR_Lock (targ->donelock);
+	targ->done = PR_TRUE;
+	PR_Unlock (targ->donelock);
+      }
+  }
+
+#ifdef __cplusplus
+}
+#endif
+
+int
+RA_Client::OpConnUpdate (NameValueSet * params)
+{
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  int i;
+  int status = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].time = 0;
+      arg[i].status = 0;
+      arg[i].client = this;
+      if (i == 0)
+	{
+	  arg[i].token = &this->m_token;
+	}
+      else
+	{
+	  arg[i].token = this->m_token.Clone ();
+	}
+      arg[i].params = params;
+      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnUpdate, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+				    PR_GLOBAL_THREAD,	/* Scope */
+				    PR_JOINABLE_THREAD,	/* State */
+				    0	/* Stack Size */
+	);
+    }
+
+  /* join threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      PR_JoinThread (threads[i]);
+    }
+
+  for (i = 0; i < num_threads; i++)
+    {
+      Output ("Thread (%d) status='%d' time='%d msec'", i,
+	      arg[i].status, arg[i].time);
+    }
+
+  status = arg[0].status;
+
+  return status;
+}
+
+int
+RA_Client::OpConnResetPin (NameValueSet * params)
+{
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  int i;
+  int status = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].time = 0;
+      arg[i].status = 0;
+      arg[i].client = this;
+      if (i == 0)
+	{
+	  arg[i].token = &this->m_token;
+	}
+      else
+	{
+	  arg[i].token = this->m_token.Clone ();
+	}
+      arg[i].params = params;
+      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnResetPin, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+				    PR_GLOBAL_THREAD,	/* Scope */
+				    PR_JOINABLE_THREAD,	/* State */
+				    0	/* Stack Size */
+	);
+    }
+
+  /* join threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      PR_JoinThread (threads[i]);
+    }
+
+  for (i = 0; i < num_threads; i++)
+    {
+      Output ("Thread (%d) status='%d' time='%d msec'", i,
+	      arg[i].status, arg[i].time);
+    }
+
+  status = arg[0].status;
+
+  return status;
+}
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+  static void ThreadConnEnroll (void *arg)
+  {
+    PRTime start, end;
+    ThreadArg *targ = (ThreadArg *) arg;
+
+      start = PR_Now ();
+    RA_Conn conn (targ->client->m_vars.GetValue ("ra_host"),
+		  atoi (targ->client->m_vars.GetValue ("ra_port")),
+		  targ->client->m_vars.GetValue ("ra_uri"));
+
+    if (!conn.Connect ())
+      {
+	OutputError ("Cannot connect to %s:%d",
+		     targ->client->m_vars.GetValue ("ra_host"),
+		     atoi (targ->client->m_vars.GetValue ("ra_port")));
+	targ->status = 0;
+
+	if (!old_style)
+	  {
+	    PR_Lock (targ->donelock);
+	    targ->done = PR_TRUE;
+	    PR_Unlock (targ->donelock);
+	  }
+
+	return;
+      }
+
+    NameValueSet *exts = NULL;
+    char *extensions =
+      targ->params->GetValueAsString ((char *) "extensions", NULL);
+    if (extensions != NULL)
+      {
+	exts = NameValueSet::Parse (extensions, "&");
+      }
+
+    RA_Begin_Op_Msg beginOp = RA_Begin_Op_Msg (OP_ENROLL, exts);
+    conn.SendMsg (&beginOp);
+
+    /* handle secure ID (optional) */
+    while (1)
+      {
+	RA_Msg *msg = (RA_Msg *) conn.ReadMsg (targ->token);
+	if (msg == NULL)
+	  break;
+	if (msg->GetType () == MSG_LOGIN_REQUEST)
+	  {
+	    targ->status = HandleLoginRequest (targ->client,
+					       (RA_Login_Request_Msg *) msg,
+					       targ->token, &conn,
+					       &targ->client->m_vars,
+					       targ->params);
+	  }
+	else if (msg->GetType () == MSG_EXTENDED_LOGIN_REQUEST)
+	  {
+	    targ->status = HandleExtendedLoginRequest (targ->client,
+						       (RA_Extended_Login_Request_Msg
+							*) msg, targ->token,
+						       &conn,
+						       &targ->client->m_vars,
+						       targ->params);
+	  }
+	else if (msg->GetType () == MSG_STATUS_UPDATE_REQUEST)
+	  {
+	    targ->status =
+	      HandleStatusUpdateRequest (targ->client,
+					 (RA_Status_Update_Request_Msg *) msg,
+					 targ->token, &conn,
+					 &targ->client->m_vars, targ->params);
+	  }
+	else if (msg->GetType () == MSG_SECUREID_REQUEST)
+	  {
+	    targ->status = HandleSecureIdRequest (targ->client,
+						  (RA_SecureId_Request_Msg *)
+						  msg, targ->token, &conn,
+						  &targ->client->m_vars,
+						  targ->params);
+	  }
+	else if (msg->GetType () == MSG_ASQ_REQUEST)
+	  {
+	    targ->status = HandleASQRequest (targ->client,
+					     (RA_ASQ_Request_Msg *) msg,
+					     targ->token, &conn,
+					     &targ->client->m_vars,
+					     targ->params);
+	  }
+	else if (msg->GetType () == MSG_TOKEN_PDU_REQUEST)
+	  {
+	    targ->status = HandleTokenPDURequest (targ->client,
+						  (RA_Token_PDU_Request_Msg *)
+						  msg, targ->token, &conn,
+						  &targ->client->m_vars,
+						  targ->params);
+	    targ->status = 1;
+	  }
+	else if (msg->GetType () == MSG_NEW_PIN_REQUEST)
+	  {
+	    targ->status = HandleNewPinRequest (targ->client,
+						(RA_New_Pin_Request_Msg *)
+						msg, targ->token, &conn,
+						&targ->client->m_vars,
+						targ->params);
+	  }
+	else if (msg->GetType () == MSG_END_OP)
+	  {
+	    RA_End_Op_Msg *endOp = (RA_End_Op_Msg *) msg;
+	    if (endOp->GetResult () == 0)
+	      {
+		targ->status = 1;	/* error */
+	      }
+	    else
+	      {
+		targ->status = 0;
+	      }
+	    if (msg != NULL)
+	      {
+		delete msg;
+		msg = NULL;
+	      }
+	    break;
+	  }
+	else
+	  {
+	    /* error */
+	    targ->status = 0;	/* error */
+	  }
+	if (msg != NULL)
+	  {
+	    delete msg;
+	    msg = NULL;
+	  }
+      }
+
+    conn.Close ();
+    end = PR_Now ();
+    targ->time = (end - start) / 1000;
+
+    if (!old_style)
+      {
+	PR_Lock (targ->donelock);
+	targ->done = PR_TRUE;
+	PR_Unlock (targ->donelock);
+      }
+  }
+
+#ifdef __cplusplus
+}
+#endif
+
+int
+RA_Client::OpConnEnroll (NameValueSet * params)
+{
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  int i;
+  int status = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;			/* error */
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].time = 0;
+      arg[i].status = 0;
+      arg[i].client = this;
+      if (i == 0)
+	{
+	  arg[i].token = &this->m_token;
+	}
+      else
+	{
+	  arg[i].token = this->m_token.Clone ();
+	}
+      arg[i].params = params;
+      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnEnroll, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+				    PR_GLOBAL_THREAD,	/* Scope */
+				    PR_JOINABLE_THREAD,	/* State */
+				    0	/* Stack Size */
+	);
+    }
+
+  /* join threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      PR_JoinThread (threads[i]);
+    }
+
+  status = 1;
+
+  for (i = 0; i < num_threads; i++)
+    {
+      Output ("Thread (%d) status='%d' time='%d msec'", i,
+	      arg[i].status, arg[i].time);
+      if (arg[i].status != 1)
+	{
+	  // if any thread fails, this operation 
+	  // is considered as failure     
+	  status = arg[i].status;
+	}
+    }
+
+
+  return status;
+}
+
+
+/*
+ * no more than num_threads will be running concurrently
+ * no more than a total of max_ops requests will be started
+ */
+int
+StartThreads (int num_threads, ThreadArg * arg, PRThread ** threads,
+	      int max_ops, RA_Client * _this, NameValueSet * params,
+	      RequestType op_type)
+{
+  int i;
+  int started = 0;
+
+  if (arg == NULL)
+    {
+      goto loser;
+    }
+
+  /* start threads */
+  for (i = 0; i < num_threads; i++)
+    {
+      if (started == max_ops)
+	{
+	  break;
+	}
+      if (threads[i] == NULL)
+	{
+	  arg[i].time = 0;
+	  arg[i].status = 0;
+	  arg[i].client = _this;
+	  arg[i].done = PR_FALSE;
+
+	  if (i == 0)
+	    {
+	      arg[i].token = &_this->m_token;
+	    }
+	  else
+	    {
+
+	      if (arg[i].token != NULL)
+		{
+		  if (arg[i].token->m_pin)
+		    {
+		      PL_strfree (arg[i].token->m_pin);
+		      arg[i].token->m_pin = NULL;
+		    }
+		  if (arg[i].token->m_session_key != NULL)
+		    {
+		      PORT_Free (arg[i].token->m_session_key);
+		      arg[i].token->m_session_key = NULL;
+		    }
+		  if (arg[i].token->m_enc_session_key != NULL)
+		    {
+		      PORT_Free (arg[i].token->m_enc_session_key);
+		      arg[i].token->m_enc_session_key = NULL;
+		    }
+		  if (arg[i].token->m_object != NULL)
+		    {
+		      delete (arg[i].token->m_object);
+		      arg[i].token->m_object = NULL;
+		    }
+
+		  delete (arg[i].token);
+		  arg[i].token = NULL;
+
+		}
+
+	      arg[i].token = _this->m_token.Clone ();
+	    }
+	  arg[i].params = params;
+	  Output ("WWWWWWWWW StartThreads -- thread (%d) begins", i);
+	  if (op_type == OP_CLIENT_ENROLL)
+	    {
+	      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnEnroll, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+					    PR_GLOBAL_THREAD,	/* Scope */
+					    PR_JOINABLE_THREAD,	/* State */
+					    0	/* Stack Size */
+		);
+	    }
+	  else if (op_type == OP_CLIENT_FORMAT)
+	    {
+	      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnUpdate, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+					    PR_GLOBAL_THREAD,	/* Scope */
+					    PR_JOINABLE_THREAD,	/* State */
+					    0	/* Stack Size */
+		);
+	    }
+	  else
+	    {			// OP_CLIENT_RESET_PIN
+	      threads[i] = PR_CreateThread (PR_USER_THREAD, ThreadConnResetPin, &arg[i], PR_PRIORITY_NORMAL,	/* Priority */
+					    PR_GLOBAL_THREAD,	/* Scope */
+					    PR_JOINABLE_THREAD,	/* State */
+					    0	/* Stack Size */
+		);
+	    }
+
+	  started++;
+	}
+      else
+	{
+	  Output ("thread[%d] is not NULL", i);
+	}
+    }
+
+loser:
+  Output ("StartThreads -- %d threads started", started);
+  return started;
+}
+
+/*
+ * no more than num_threads will be running concurrently
+ * no more than a total of max_ops requests will be started
+ */
+int
+RA_Client::OpConnStart (NameValueSet * params, RequestType op_type)
+{
+  // number of concurrent threads
+  int num_threads = params->GetValueAsInt ((char *) "num_threads", 1);
+  // number of total enrollments
+  int max_ops = params->GetValueAsInt ((char *) "max_ops", num_threads);
+  int count = 0;
+  int i;
+  int status = 1;
+  int started = 0;
+  PRThread **threads;
+  ThreadArg *arg;
+
+  threads = (PRThread **) malloc (sizeof (PRThread *) * num_threads);
+  if (threads == NULL)
+    {
+      return 0;			/* error */
+    }
+  arg = (ThreadArg *) malloc (sizeof (ThreadArg) * num_threads);
+  if (arg == NULL)
+    {
+      return 0;
+    }
+
+  for (i = 0; i < num_threads; i++)
+    {
+      arg[i].donelock = PR_NewLock ();
+      arg[i].token = NULL;
+      threads[i] = NULL;
+    }
+
+  count = 0;
+  PRBool hasFreeThread = PR_TRUE;
+  while (count < max_ops)
+    {
+      // fully populate the thread pool
+
+      if (hasFreeThread)
+	{
+	  started =
+	    StartThreads (num_threads, arg, threads, max_ops - count, this,
+			  params, op_type);
+	  count += started;
+	  Output ("OpConnStart: # requests started =%d", count);
+	  hasFreeThread = PR_FALSE;
+	}
+
+      //        PR_Sleep(PR_MillisecondsToInterval(500));
+      PR_Sleep (PR_SecondsToInterval (1));
+      Output ("OpConnStart: checking for free threads...");
+      // check if any threads are done
+      for (i = 0; i < num_threads; i++)
+	{
+	  if (threads[i] != NULL)
+	    {
+	      PR_Lock (arg[i].donelock);
+	      int arg_done = arg[i].done;
+	      PR_Unlock (arg[i].donelock);
+	      if (arg_done)
+		{
+		  PR_JoinThread (threads[i]);
+		  Output ("Thread (%d) status='%d' time='%d msec'", i,
+			  arg[i].status, arg[i].time);
+
+		  if (arg[i].status != 1)
+		    {
+		      // if any thread fails, this operation 
+		      // is considered as failure     
+		      status = arg[i].status;
+		    }
+		  threads[i] = NULL;
+
+		  hasFreeThread = PR_TRUE;
+
+		}
+	    }
+	}
+      Output ("OpConnStart: done checking for free threads...");
+    }				// while
+
+  Output ("OpConnStart: TOTAL REQUESTS: %d", count);
+
+  for (i = 0; i < num_threads; i++)
+    {
+      if (threads[i] != NULL)
+	{
+	  PR_JoinThread (threads[i]);
+	}
+      if (arg[i].donelock != NULL)
+	{
+	  PR_DestroyLock (arg[i].donelock);
+	}
+    }
+
+  return status;
+
+}
+
+int
+RA_Client::OpVarSet (NameValueSet * params)
+{
+  m_vars.Add (params->GetValue ("name"), params->GetValue ("value"));
+  Output ("%s: '%s'", params->GetValue ("name"),
+	  m_vars.GetValue (params->GetValue ("name")));
+  return 1;
+}
+
+int
+RA_Client::OpVarDebug (NameValueSet * params)
+{
+  if (m_fd_debug != NULL)
+    {
+      PR_Close (m_fd_debug);
+      m_fd_debug = NULL;
+    }
+  m_fd_debug = PR_Open (params->GetValue ("filename"),
+			PR_RDWR | PR_CREATE_FILE | PR_APPEND, 400 | 200);
+  return 1;
+}
+
+int
+RA_Client::OpVarGet (NameValueSet * params)
+{
+  char *value = m_vars.GetValue (params->GetValue ("name"));
+  Output ("%s: '%s'", params->GetValue ("name"), value);
+
+  return 1;
+}
+
+int
+RA_Client::OpVarList (NameValueSet * params)
+{
+  int i;
+  char *name;
+
+  for (i = 0; i < m_vars.Size (); i++)
+    {
+      name = m_vars.GetNameAt (i);
+      Output ("%s: '%s'", name, m_vars.GetValue (name));
+    }
+  return 1;
+}
+
+/**
+ * Invoke operation.
+ */
+void
+RA_Client::InvokeOperation (char *op, NameValueSet * params)
+{
+  PRTime start, end;
+  int status = 0;
+
+  start = PR_Now ();
+  Debug ("RA_Client::InvokeOperation", "op='%s'", op);
+  int max_ops = params->GetValueAsInt ((char *) "max_ops");
+  if (max_ops != 0)
+    old_style = PR_FALSE;
+
+  if (strcmp (op, "help") == 0)
+    {
+      status = OpHelp (params);
+    }
+  else if (strcmp (op, "ra_format") == 0)
+    {
+      if (old_style)
+	status = OpConnUpdate (params);
+      else
+	status = OpConnStart (params, OP_CLIENT_FORMAT);
+    }
+  else if (strcmp (op, "ra_reset_pin") == 0)
+    {
+      if (old_style)
+	status = OpConnResetPin (params);
+      else
+	status = OpConnStart (params, OP_CLIENT_RESET_PIN);
+    }
+  else if (strcmp (op, "ra_enroll") == 0)
+    {
+      if (old_style)
+	status = OpConnEnroll (params);
+      else
+	status = OpConnStart (params, OP_CLIENT_ENROLL);
+    }
+  else if (strcmp (op, "token_status") == 0)
+    {
+      status = OpTokenStatus (params);
+    }
+  else if (strcmp (op, "token_set") == 0)
+    {
+      status = OpTokenSet (params);
+    }
+  else if (strcmp (op, "debug") == 0)
+    {
+      status = OpVarDebug (params);
+    }
+  else if (strcmp (op, "var_set") == 0)
+    {
+      status = OpVarSet (params);
+    }
+  else if (strcmp (op, "var_get") == 0)
+    {
+      status = OpVarGet (params);
+    }
+  else if (strcmp (op, "var_list") == 0)
+    {
+      status = OpVarList (params);
+    }
+  end = PR_Now ();
+
+  if (status)
+    {
+      OutputSuccess ("Operation '%s' Success (%d msec)", op,
+		     (end - start) / 1000);
+    }
+  else
+    {
+      OutputError ("Operation '%s' Failure (%d msec)", op,
+		   (end - start) / 1000);
+    }
+}
+
+/**
+ * Execute RA client.
+ */
+void
+RA_Client::Execute ()
+{
+  char line[1024];
+  int rc;
+  char *op;
+  int done = 0;
+  char *lasts = NULL;
+
+  /* start main loop */
+  PrintHeader ();
+  while (!done)
+    {
+      PrintPrompt ();
+      rc = ReadLine (line, 1024);
+      printf ("%s\n", line);
+      if (rc <= 0)
+	{
+	  break;		/* exit if no more line */
+	}
+      if (line[0] == '#')
+	{
+	  continue;		/* ignore comment line */
+	}
+      /* format: 'op=cmd <parameters>' */
+      NameValueSet *params = NameValueSet::Parse (line, " ");
+      if (params == NULL)
+	{
+	  continue;
+	}
+      op = params->GetValue ("op");
+      if (op == NULL)
+	{
+	  /* user did not type op= */
+	  op = PL_strtok_r (line, " ", &lasts);
+	  if (op == NULL)
+	    continue;
+	}
+      if (strcmp (op, "exit") == 0)
+	{
+	  done = 1;
+	}
+      else
+	{
+	  InvokeOperation (op, params);
+	}
+      if (params != NULL)
+	{
+	  delete params;
+	  params = NULL;
+	}
+    }
+}				/* Execute */
+
+char *
+ownPasswd (PK11SlotInfo * slot, PRBool retry, void *arg)
+{
+  return PL_strdup ("password");
+}
+
+/**
+ * User certutil -d . -N to create a database.
+ * The database should have 'password' as the password.
+ */
+int
+main (int argc, char *argv[])
+{
+  char buffer[513];
+  SECStatus rv;
+  PK11SlotInfo *slot = NULL;
+  PRUint32 flags = 0;
+  // char *newpw = NULL;
+
+  /* Initialize NSPR & NSS */
+  PR_Init (PR_SYSTEM_THREAD, PR_PRIORITY_NORMAL, 1);
+  PK11_SetPasswordFunc (ownPasswd);
+  rv = NSS_Initialize (".", "", "", "", flags);
+  if (rv != SECSuccess)
+    {
+      PR_GetErrorText (buffer);
+      fprintf (stderr, "unable to initialize NSS library (%d - '%s')\n",
+	       PR_GetError (), buffer);
+      exit (0);
+    }
+  slot = PK11_GetInternalKeySlot ();
+  if (PK11_NeedUserInit (slot))
+    {
+      rv = PK11_InitPin (slot, (char *) NULL, (char *) "password");
+      if (rv != SECSuccess)
+	{
+	  PR_GetErrorText (buffer);
+	  fprintf (stderr, "unable to set new PIN (%d - '%s')\n",
+		   PR_GetError (), buffer);
+	  exit (0);
+	}
+
+    }
+  if (PK11_NeedLogin (slot))
+    {
+      rv = PK11_Authenticate (slot, PR_TRUE, NULL);
+      if (rv != SECSuccess)
+	{
+	  PR_GetErrorText (buffer);
+	  fprintf (stderr, "unable to authenticate (%d - '%s')\n",
+		   PR_GetError (), buffer);
+	  exit (0);
+	}
+    }
+
+  /* Start RA Client */
+  RA_Client client;
+  client.Execute ();
+
+  /* Shutdown NSS and NSPR */
+  NSS_Shutdown ();
+  PR_Cleanup ();
+
+  return 1;
+}
diff --git a/pki/base/tps/tools/raclient/RA_Client.h b/pki/base/tps/tools/raclient/RA_Client.h
new file mode 100644
index 000000000..6ab2ecf97
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Client.h
@@ -0,0 +1,78 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_CLIENT_H
+#define RA_CLIENT_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "prthread.h"
+#include "main/NameValueSet.h"
+#include "RA_Conn.h"
+#include "RA_Token.h"
+
+enum RequestType {
+  OP_CLIENT_ENROLL = 0,
+  OP_CLIENT_FORMAT = 1,
+  OP_CLIENT_RESET_PIN = 2
+};
+
+class RA_Client
+{
+  public:
+	  RA_Client();
+	  ~RA_Client();
+  public:
+	  int OpHelp(NameValueSet *set);
+	  int OpConnStart(NameValueSet *set, RequestType);
+	  int OpConnResetPin(NameValueSet *set);
+	  int OpConnEnroll(NameValueSet *set);
+	  int OpConnUpdate(NameValueSet *set);
+	  int OpTokenStatus(NameValueSet *set);
+	  int OpTokenSet(NameValueSet *set);
+	  int OpVarList(NameValueSet *set);
+	  int OpVarSet(NameValueSet *set);
+	  int OpVarDebug(NameValueSet *set);
+	  int OpVarGet(NameValueSet *set);
+	  int OpExit(NameValueSet *set);
+  public:
+	  void Debug(const char *func_name, const char *fmt, ...);
+	  void Execute();
+	  void InvokeOperation(char *op, NameValueSet *set);
+  public:
+	  RA_Token m_token;
+	  NameValueSet m_vars;
+};
+
+#endif /* RA_CLIENT_H */
diff --git a/pki/base/tps/tools/raclient/RA_Conn.cpp b/pki/base/tps/tools/raclient/RA_Conn.cpp
new file mode 100644
index 000000000..17a3ed34f
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Conn.cpp
@@ -0,0 +1,1037 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include <string.h>
+#include "prnetdb.h"
+#include "prerror.h"
+#include "prio.h"
+#include "plstr.h"
+#include "main/NameValueSet.h"
+#include "main/Util.h"
+#include "RA_Conn.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Unblock_Pin_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "msg/RA_Begin_Op_Msg.h"
+#include "msg/RA_End_Op_Msg.h"
+#include "msg/RA_Extended_Login_Request_Msg.h"
+#include "msg/RA_Login_Request_Msg.h"
+#include "msg/RA_SecureId_Request_Msg.h"
+#include "msg/RA_ASQ_Request_Msg.h"
+#include "msg/RA_New_Pin_Request_Msg.h"
+#include "msg/RA_Status_Update_Request_Msg.h"
+#include "msg/RA_Status_Update_Response_Msg.h"
+#include "msg/RA_Token_PDU_Request_Msg.h"
+#include "msg/RA_Login_Response_Msg.h"
+#include "msg/RA_Extended_Login_Response_Msg.h"
+#include "msg/RA_SecureId_Response_Msg.h"
+#include "msg/RA_ASQ_Response_Msg.h"
+#include "msg/RA_New_Pin_Response_Msg.h"
+#include "msg/RA_Token_PDU_Response_Msg.h"
+#include "engine/RA.h"
+
+/**
+ * http parameters used in the protocol 
+ */
+#define PARAM_MSG_TYPE                "msg_type"
+#define PARAM_OPERATION               "operation"
+#define PARAM_EXTENSIONS              "extensions"
+#define PARAM_INVALID_PW              "invalid_pw"
+#define PARAM_BLOCKED                 "blocked"
+#define PARAM_SCREEN_NAME             "screen_name"
+#define PARAM_PASSWORD                "password"
+#define PARAM_PIN_REQUIRED            "pin_required"
+#define PARAM_NEXT_VALUE              "next_value"
+#define PARAM_VALUE                   "value"
+#define PARAM_PIN                     "pin"
+#define PARAM_QUESTION                "question"
+#define PARAM_ANSWER                  "answer"
+#define PARAM_MINIMUM_LENGTH          "minimum_length"
+#define PARAM_MAXIMUM_LENGTH          "maximum_length"
+#define PARAM_NEW_PIN                 "new_pin"
+#define PARAM_PDU_SIZE                "pdu_size"
+#define PARAM_PDU_DATA                "pdu_data"
+#define PARAM_RESULT                  "result"
+#define PARAM_MESSAGE                 "message"
+#define PARAM_CURRENT_STATE           "current_state"
+#define PARAM_NEXT_TASK_NAME          "next_task_name"
+
+#define MAX_RA_MSG_SIZE               4096
+
+/**
+ * Constructs a RA connection.
+ */
+RA_Conn::RA_Conn (char *host, int port, char *uri)
+{
+  if (host == NULL)
+    m_host = NULL;
+  else
+    m_host = PL_strdup (host);
+  if (uri == NULL)
+    m_uri = NULL;
+  else
+    m_uri = PL_strdup (uri);
+  m_port = port;
+  m_read_header = 0;
+  m_fd = NULL;
+}
+
+/**
+ * Destructs a RA connection.
+ */
+RA_Conn::~RA_Conn ()
+{
+  if (m_host != NULL)
+    {
+      PL_strfree (m_host);
+      m_host = NULL;
+    }
+  if (m_uri != NULL)
+    {
+      PL_strfree (m_uri);
+      m_uri = NULL;
+    }
+  if (m_fd != NULL)
+    {
+      PR_Close (m_fd);
+      m_fd = NULL;
+    }
+}
+
+static void
+Output (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Output> ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+
+#ifdef VERBOSE
+static void
+printBuf (Buffer * buf)
+{
+  int sum = 0;
+
+  BYTE *data = *buf;
+  int i = 0;
+  if (buf->size () > 255)
+    {
+      Output ("printBuf: TOO BIG to print");
+      return;
+    }
+  Output ("Begin printing buffer =====");
+  for (i = 0; i < (int) buf->size (); i++)
+    {
+      printf ("%02x ", (unsigned char) data[i]);
+      sum++;
+      if (sum == 10)
+	{
+	  printf ("\n");
+	  sum = 0;
+	}
+    }
+  Output ("End printing buffer =====");
+}
+#endif
+
+
+static PRUint32
+GetIPAddress (const char *hostName)
+{
+  const unsigned char *p;
+  char buf[PR_NETDB_BUF_SIZE];
+  PRStatus prStatus;
+  PRUint32 rv = 0;
+  PRHostEnt prHostEnt;
+
+  prStatus = PR_GetHostByName (hostName, buf, sizeof buf, &prHostEnt);
+  if (prStatus != PR_SUCCESS)
+    return rv;
+
+#undef  h_addr
+#define h_addr  h_addr_list[0]	/* address, for backward compatibility */
+
+  p = (const unsigned char *) (prHostEnt.h_addr);	/* in Network Byte order */
+  rv = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+  return rv;
+}
+
+/**
+ * Connects to the RA.
+ */
+int
+RA_Conn::Connect ()
+{
+  PRStatus rc;
+  char header[4096];
+
+  sprintf (header, "POST %s HTTP/1.1\r\n"
+	   "Host: %s:%d\r\n"
+	   "Transfer-Encoding: chunked\r\n" "\r\n", m_uri, m_host, m_port);
+
+  m_fd = PR_NewTCPSocket ();
+
+  /*
+   *  Rifle through the values for the host
+   */
+
+  PRAddrInfo *ai;
+  void *iter;
+  PRNetAddr addr;
+  int family = PR_AF_INET;
+
+  ai = PR_GetAddrInfoByName(m_host, PR_AF_UNSPEC, PR_AI_ADDRCONFIG);
+  if (ai) {
+      iter = NULL;
+      while ((iter = PR_EnumerateAddrInfo(iter, ai, 0, &addr)) != NULL) {
+          family = PR_NetAddrFamily(&addr);
+          break;
+      }
+      PR_FreeAddrInfo(ai);
+  }
+
+  PR_SetNetAddr( PR_IpAddrNull, family, m_port, &addr );
+
+  m_fd = PR_OpenTCPSocket( family );
+  if( !m_fd ) {
+      return 0;
+  }
+
+  rc = PR_Connect (m_fd, &addr, PR_INTERVAL_NO_TIMEOUT /* timeout */ );
+  if (rc != PR_SUCCESS)
+    return 0;
+
+  /* Send header */
+
+  PR_Send (m_fd, header, strlen (header), 0, 1000000);
+
+  return 1;
+}
+
+static void
+CreateChunkEntity (char *msg, char *chunk, int chunk_len)
+{
+  int chunk_size;
+  int len;
+  Output ("***** msg = %s  *****", msg);
+  len = strlen (msg);
+  sprintf (chunk, "s=%d&%s", len, msg);
+  chunk_size = strlen (chunk);
+  sprintf (chunk, "%x\r\ns=%d&%s\r\n", chunk_size, len, msg);
+}
+
+/**
+ * Sends message to the RA.
+ */
+int
+RA_Conn::SendMsg (RA_Msg * msg)
+{
+  char msgbuf[MAX_RA_MSG_SIZE];
+  char chunk[MAX_RA_MSG_SIZE];
+
+  /* send chunk size */
+  if (msg->GetType () == MSG_BEGIN_OP)
+    {
+      RA_Begin_Op_Msg *begin = (RA_Begin_Op_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%d", PARAM_MSG_TYPE, MSG_BEGIN_OP,
+	       PARAM_OPERATION, begin->GetOpType ());
+      NameValueSet *exts = begin->GetExtensions ();
+      if (exts != NULL)
+	{
+	  sprintf (msgbuf, "%s&%s=", msgbuf, PARAM_EXTENSIONS);
+	  for (int i = 0; i < exts->Size (); i++)
+	    {
+	      if (i != 0)
+		{
+		  sprintf (msgbuf, "%s%%26", msgbuf);
+		}
+	      char *name = exts->GetNameAt (i);
+	      sprintf (msgbuf, "%s%s=%s",
+		       msgbuf, name, exts->GetValueAsString (name));
+	    }
+	}
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_LOGIN_RESPONSE)
+    {
+      RA_Login_Response_Msg *resp = (RA_Login_Response_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%s",
+	       PARAM_MSG_TYPE, MSG_LOGIN_RESPONSE,
+	       PARAM_SCREEN_NAME, resp->GetUID (),
+	       PARAM_PASSWORD, resp->GetPassword ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_EXTENDED_LOGIN_RESPONSE)
+    {
+      RA_Extended_Login_Response_Msg *resp =
+	(RA_Extended_Login_Response_Msg *) msg;
+      AuthParams *auth = resp->GetAuthParams ();
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%s",
+	       PARAM_MSG_TYPE, MSG_EXTENDED_LOGIN_RESPONSE,
+	       PARAM_SCREEN_NAME, auth->GetUID (),
+	       PARAM_PASSWORD, auth->GetPassword ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_STATUS_UPDATE_RESPONSE)
+    {
+      RA_Status_Update_Response_Msg *resp =
+	(RA_Status_Update_Response_Msg *) msg;
+      int status = resp->GetStatus ();
+      sprintf (msgbuf, "%s=%d&%s=%d",
+	       PARAM_MSG_TYPE, MSG_STATUS_UPDATE_RESPONSE,
+	       PARAM_CURRENT_STATE, status);
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_SECUREID_RESPONSE)
+    {
+      RA_SecureId_Response_Msg *resp = (RA_SecureId_Response_Msg *) msg;
+      char *value = resp->GetValue ();
+      char *pin = resp->GetPIN ();
+      if (pin == NULL)
+	{
+	  pin = (char *) "";
+	}
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%s",
+	       PARAM_MSG_TYPE, MSG_SECUREID_RESPONSE,
+	       PARAM_VALUE, value, PARAM_PIN, pin);
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_ASQ_RESPONSE)
+    {
+      RA_ASQ_Response_Msg *resp = (RA_ASQ_Response_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%s",
+	       PARAM_MSG_TYPE, MSG_ASQ_RESPONSE,
+	       PARAM_ANSWER, resp->GetAnswer ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_NEW_PIN_RESPONSE)
+    {
+      RA_New_Pin_Response_Msg *resp = (RA_New_Pin_Response_Msg *) msg;
+      sprintf (msgbuf, "%s=%d&%s=%s",
+	       PARAM_MSG_TYPE, MSG_NEW_PIN_RESPONSE,
+	       PARAM_NEW_PIN, resp->GetNewPIN ());
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else if (msg->GetType () == MSG_TOKEN_PDU_RESPONSE)
+    {
+      RA_Token_PDU_Response_Msg *resp = (RA_Token_PDU_Response_Msg *) msg;
+      APDU_Response *apdu_resp = resp->GetResponse ();
+      Buffer pdu = apdu_resp->GetData ();
+      char *pdu_encoded = Util::URLEncode (pdu);
+      sprintf (msgbuf, "%s=%d&%s=%s&%s=%d",
+	       PARAM_MSG_TYPE, MSG_TOKEN_PDU_RESPONSE,
+	       PARAM_PDU_DATA, pdu_encoded, PARAM_PDU_SIZE, pdu.size ());
+      if (pdu_encoded != NULL)
+	{
+	  PR_Free (pdu_encoded);
+	  pdu_encoded = NULL;
+	}
+      CreateChunkEntity (msgbuf, chunk, 4096);
+    }
+  else
+    {
+      /* error */
+    }
+
+  /* send chunk */
+  Output ("sending chunk -----  %s -----", chunk);
+  PR_Send (m_fd, chunk, strlen (chunk), 0, 1000000);
+
+  return 1;
+}
+
+static int
+ReadResponseHeader (PRFileDesc * fd)
+{
+  char buf[1024];
+  PRInt32 rc;
+  char *cur = buf;
+  int i;
+
+  for (i = 0; i < 1024; i++)
+    {
+      buf[i] = 0;
+    }
+  while (1)
+    {
+      rc = PR_Recv (fd, cur, 1, 0, 1000000);
+      if (buf[0] == '\r' &&
+	  buf[1] == '\n' && buf[2] == '\r' && buf[3] == '\n')
+	{
+	  break;
+	}
+      if (*cur == '\r')
+	{
+	  cur++;
+	}
+      else if (*cur == '\n')
+	{
+	  cur++;
+	}
+      else
+	{
+	  cur = buf;
+	}
+    }
+  return 1;
+}
+
+static int
+GetChunkSize (PRFileDesc * fd)
+{
+  char buf[1024];
+  char *cur = buf;
+  PRInt32 rc;
+  int i;
+  int ret;
+
+  for (i = 0; i < 1024; i++)
+    {
+      buf[i] = 0;
+    }
+  while (1)
+    {
+      rc = PR_Recv (fd, cur, 1, 0, 1000000);
+      if (rc <= 0)
+	{
+	  return 0;
+	}
+      if (*cur == '\r')
+	{
+	  *cur = '\0';
+	  /* read \n */
+	  rc = PR_Recv (fd, cur, 1, 0, 1000000);
+	  if (rc <= 0)
+	    {
+	      return 0;
+	    }
+	  *cur = '\0';
+	  break;
+	}
+      cur++;
+    }
+  sscanf (buf, "%x", (unsigned int *) (&ret));
+  return ret;
+}
+
+static int
+GetChunk (PRFileDesc * fd, char *buf, int buflen)
+{
+  int rc = 0;
+  int sum = 0;
+  char *cur = buf;
+
+  while (1)
+    {
+      rc = PR_Recv (fd, cur, buflen - sum, 0, 1000000);
+      if (rc <= 0)
+	{
+	  return -1;
+	}
+      sum += rc;
+      cur += rc;
+      cur[sum] = '\0';
+      if (sum == buflen)
+	return sum;
+    }
+}
+
+bool
+RA_Conn::isEncrypted ()
+{
+  return m_encrypted_channel;
+}
+
+void
+RA_Conn::setEncryption (bool encrypted)
+{
+  Output ("RA_Conn::setEncryption: setting encrypted channel: %d", encrypted);
+  m_encrypted_channel = encrypted;
+}
+
+APDU *
+RA_Conn::CreateAPDU (RA_Token * tok, Buffer & in_apdu_data, Buffer & mac)
+{
+  APDU *apdu = NULL;
+  Buffer apdu_data;
+
+  if (isEncrypted () && (((BYTE *) in_apdu_data)[0] == 0x84))
+    {
+      tok->decryptMsg (in_apdu_data, apdu_data);
+    }
+  else
+    {
+      apdu_data = in_apdu_data;
+    }
+
+  if (((BYTE *) apdu_data)[1] == 0x5a)
+    {
+      /* Create_Object_APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      BYTE object_id[4];
+      object_id[0] = ((BYTE *) apdu_data)[5];
+      object_id[1] = ((BYTE *) apdu_data)[6];
+      object_id[2] = ((BYTE *) apdu_data)[7];
+      object_id[3] = ((BYTE *) apdu_data)[8];
+      BYTE permissions[6];
+      permissions[0] = ((BYTE *) apdu_data)[13];
+      permissions[1] = ((BYTE *) apdu_data)[14];
+      permissions[2] = ((BYTE *) apdu_data)[15];
+      permissions[3] = ((BYTE *) apdu_data)[16];
+      permissions[4] = ((BYTE *) apdu_data)[17];
+      permissions[5] = ((BYTE *) apdu_data)[18];
+      int len =
+	(((BYTE *) apdu_data)[9] << 24) + (((BYTE *) apdu_data)[10] << 16) +
+	(((BYTE *) apdu_data)[11] << 8) + ((BYTE *) apdu_data)[12];
+      apdu = new Create_Object_APDU (object_id, permissions, len);
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x82)
+    {
+      /* External_Authenticate_APDU */
+      BYTE encryption = ((BYTE *) apdu_data)[2];	// P1 is sec level
+      if (encryption == (BYTE) 0x03)
+	{
+	  setEncryption (true);
+	}
+      else
+	{
+	  Output ("RA_Conn::CreateAPDU(): not encrypted");
+	}
+
+      // mac is last 8 bytes
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data = new Buffer (apdu_data.substr (5, 8));
+
+      if (isEncrypted () == true)
+	{
+	  apdu = new External_Authenticate_APDU (*data, SECURE_MSG_MAC_ENC);
+	}
+      else
+	{
+	  apdu = new External_Authenticate_APDU (*data, SECURE_MSG_ANY);
+	}
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x0A)
+    {
+      /* ImportKeyEnc APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      Buffer a;
+      apdu = new Import_Key_Enc_APDU ((BYTE) p[0], (BYTE) p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x0C)
+    {
+      /* Generate_Key_APDU */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      BYTE alg = ((BYTE *) apdu_data)[5];
+      int keysize = (((BYTE *) apdu_data)[6] << 8) + ((BYTE *) apdu_data)[7];
+      BYTE option = ((BYTE *) apdu_data)[8];
+      BYTE type = ((BYTE *) apdu_data)[9];
+      unsigned int wc_len = (unsigned int) ((BYTE *) apdu_data)[10];
+      Buffer *wrapped_challenge = new Buffer ((BYTE *) &
+					      ((BYTE *) apdu_data)[11],
+					      wc_len);
+      Buffer *key_check = new Buffer ((BYTE *) &
+				      ((BYTE *) apdu_data)[11 + wc_len + 1],
+				      (unsigned int) ((BYTE *) apdu_data)[11 +
+									  wc_len]);
+      apdu =
+	new Generate_Key_APDU (p[0], p[1], alg, keysize, option, type,
+			       *wrapped_challenge, *key_check);
+      if (wrapped_challenge != NULL)
+	{
+	  delete wrapped_challenge;
+	  wrapped_challenge = NULL;
+	}
+      if (key_check != NULL)
+	{
+	  delete key_check;
+	  key_check = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x50)
+    {
+      /* Initialize_Update_APDU */
+
+      setEncryption (false);
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      Buffer *data = new Buffer (apdu_data.substr (5, 8));
+      apdu = new Initialize_Update_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x56)
+    {				/* Read Objects */
+      BYTE p[4];
+      int offset = 0;
+      int size = 0;
+      p[0] = ((BYTE *) apdu_data)[5];
+      p[1] = ((BYTE *) apdu_data)[6];
+      p[2] = ((BYTE *) apdu_data)[7];
+      p[3] = ((BYTE *) apdu_data)[8];
+      offset = (((BYTE *) apdu_data)[9] << 24) +
+	(((BYTE *) apdu_data)[10] << 16) +
+	(((BYTE *) apdu_data)[11] << 8) + ((BYTE *) apdu_data)[12];
+      size = ((BYTE *) apdu_data)[13];	/* p2 */
+      apdu = new Read_Object_APDU (p, offset, size);
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x58)
+    {				/* List Objects */
+      apdu = new List_Objects_APDU (((BYTE *) apdu_data)[2]);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xf0)
+    {
+      /* Lifecycle_APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      apdu = new Lifecycle_APDU (((BYTE *) apdu_data)[2]);
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x08)
+    {
+      /* Read_BufferAPDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      int len = ((BYTE *) apdu_data)[2];
+      int offset = (((BYTE *) apdu_data)[5] << 8) + ((BYTE *) apdu_data)[6];
+      apdu = new Read_Buffer_APDU (len, offset);
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x04)
+    {
+      /* Set_Pin_APDU */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Set_Pin_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x2a)
+    {
+      Buffer dummy;
+      apdu = new Format_Muscle_Applet_APDU (0,
+					    dummy, 0,
+					    dummy, 0,
+					    dummy, 0, dummy, 0, 0, 0, 0);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xe6)
+    {
+      BYTE p1 = ((BYTE *) apdu_data)[2];	/* p1 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+/* Why was it ignored?
+	 	Buffer dummy;		
+		if (p1 == 0x02) {
+		    apdu = new Install_Load_APDU(dummy, dummy, 0);
+		} else {
+		    apdu = new Install_Applet_APDU(dummy, dummy, 0,0);
+		}
+*/
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      if (p1 == 0x02)
+	{
+	  apdu = new Install_Load_APDU (*data);
+	}
+      else
+	{
+	  apdu = new Install_Applet_APDU (*data);
+	}
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xe8)
+    {
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Load_File_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xe4)
+    {
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      // Delete File apdu has two extra bytes after header
+      // remove before proceed
+      Buffer *data =
+	new Buffer (apdu_data.substr (7, apdu_data.size () - 8 - 5 - 2));
+      apdu = new Delete_File_APDU (*data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x02)
+    {
+      /* Unblock_Pin_APDU */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      apdu = new Unblock_Pin_APDU ();
+      apdu->SetMAC (mac);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xa4)
+    {				/* Select */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      Buffer *data = NULL;
+      if (apdu_data.size () == 5)
+	{
+	  data = new Buffer ();
+	}
+      else
+	{
+	  data = new Buffer (apdu_data.substr (5, apdu_data.size () - 5));
+	}
+      apdu = new Select_APDU (p[0], p[1], *data);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x3C)
+    {				/* Get Status */
+      apdu = new Get_Status_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x70)
+    {				/* Get Version */
+      apdu = new Get_Version_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x48)
+    {
+      apdu = new List_Pins_APDU (0x02);
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x40)
+    {				/* Put Key */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Create_Pin_APDU (p[0], p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xca)
+    {				/* Get Data */
+      apdu = new Get_Data_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xf6)
+    {				/* Get_IssuerInfo */
+      apdu = new Get_IssuerInfo_APDU ();
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xf4)
+    {				/* Set_IssuerInfo */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Set_IssuerInfo_APDU (p[0], p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0xd8)
+    {				/* Put Key */
+      BYTE p[2];
+      p[0] = ((BYTE *) apdu_data)[2];	/* p1 */
+      p[1] = ((BYTE *) apdu_data)[3];	/* p2 */
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      Buffer *data =
+	new Buffer (apdu_data.substr (5, apdu_data.size () - 8 - 5));
+      apdu = new Put_Key_APDU (p[0], p[1], *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else if (((BYTE *) apdu_data)[1] == 0x54)
+    {
+      /* Write_Object_APDU */
+      BYTE object_id[4];
+      object_id[0] = ((BYTE *) apdu_data)[5];
+      object_id[1] = ((BYTE *) apdu_data)[6];
+      object_id[2] = ((BYTE *) apdu_data)[7];
+      object_id[3] = ((BYTE *) apdu_data)[8];
+      mac = Buffer (apdu_data.substr (apdu_data.size () - 8, 8));
+      int offset =
+	(((BYTE *) apdu_data)[9] << 24) + (((BYTE *) apdu_data)[10] << 16) +
+	(((BYTE *) apdu_data)[11] << 8) + ((BYTE *) apdu_data)[12];
+      Buffer *data =
+	new Buffer (apdu_data.substr (14, apdu_data.size () - 8 - 11 - 3));
+      apdu = new Write_Object_APDU (object_id, offset, *data);
+      apdu->SetMAC (mac);
+      if (data != NULL)
+	{
+	  delete data;
+	  data = NULL;
+	}
+    }
+  else
+    {
+      /* error */
+    }
+  return apdu;
+}
+
+/**
+ * Retrieves message from the RA.
+ */
+RA_Msg *
+RA_Conn::ReadMsg (RA_Token * token)
+{
+  int len = 0;
+  char buf[4096];
+  PRInt32 rc;
+  int i;
+  char *msg_type_s = NULL;
+  int msg_type;
+  RA_Msg *msg = NULL;
+
+  if (!m_read_header)
+    {
+      ReadResponseHeader (m_fd);
+      m_read_header = 1;
+    }
+
+  /* read chunk size */
+  len = GetChunkSize (m_fd);
+  if (len <= 0)
+    {
+      return NULL;
+    }
+
+  for (i = 0; i < 4096; i++)
+    {
+      buf[i] = 0;
+    }
+
+  /* read chunk */
+  rc = GetChunk (m_fd, buf, len + 2);
+  if (rc <= 0)
+    {
+      return NULL;
+    }
+  buf[len] = '\0';
+
+  /* parse name value pair */
+  NameValueSet *params = NameValueSet::Parse (buf, "&");
+  if (params == NULL)
+    return NULL;
+  msg_type_s = params->GetValue (PARAM_MSG_TYPE);
+  if (msg_type_s == NULL)
+    {
+      if (params != NULL)
+	{
+	  delete params;
+	  params = NULL;
+	}
+      return NULL;
+    }
+  msg_type = atoi (msg_type_s);
+
+  if (msg_type == MSG_LOGIN_REQUEST)
+    {
+      msg =
+	new RA_Login_Request_Msg (atoi (params->GetValue (PARAM_INVALID_PW)),
+				  atoi (params->GetValue (PARAM_BLOCKED)));
+    }
+  else if (msg_type == MSG_EXTENDED_LOGIN_REQUEST)
+    {
+      msg = new RA_Extended_Login_Request_Msg (0, 0, NULL, 0, NULL, NULL);
+    }
+  else if (msg_type == MSG_END_OP)
+    {
+      msg = new RA_End_Op_Msg ((RA_Op_Type)
+			       atoi (params->GetValue (PARAM_OPERATION)),
+			       atoi (params->GetValue (PARAM_RESULT)),
+			       atoi (params->GetValue (PARAM_MESSAGE)));
+    }
+  else if (msg_type == MSG_SECUREID_REQUEST)
+    {
+      msg =
+	new
+	RA_SecureId_Request_Msg (atoi (params->GetValue (PARAM_PIN_REQUIRED)),
+				 atoi (params->GetValue (PARAM_NEXT_VALUE)));
+    }
+  else if (msg_type == MSG_STATUS_UPDATE_REQUEST)
+    {
+      msg =
+	new
+	RA_Status_Update_Request_Msg (atoi
+				      (params->
+				       GetValue (PARAM_CURRENT_STATE)),
+				      params->
+				      GetValue (PARAM_NEXT_TASK_NAME));
+    }
+  else if (msg_type == MSG_ASQ_REQUEST)
+    {
+      msg = new RA_ASQ_Request_Msg (params->GetValue (PARAM_QUESTION));
+    }
+  else if (msg_type == MSG_NEW_PIN_REQUEST)
+    {
+      msg =
+	new
+	RA_New_Pin_Request_Msg (atoi
+				(params->GetValue (PARAM_MINIMUM_LENGTH)),
+				atoi (params->
+				      GetValue (PARAM_MAXIMUM_LENGTH)));
+    }
+  else if (msg_type == MSG_TOKEN_PDU_REQUEST)
+    {
+      char *pdu_encoded = params->GetValue (PARAM_PDU_DATA);
+      Buffer *apdu_data = Util::URLDecode (pdu_encoded);
+
+#ifdef VERBOSE
+      Output ("ReadMsg: URLDecoded apdu = ");
+      printBuf (apdu_data);
+#endif
+
+      Buffer mac;
+      APDU *apdu = CreateAPDU (token, *apdu_data, mac);
+      msg = new RA_Token_PDU_Request_Msg (apdu);
+      if (apdu_data != NULL)
+	{
+	  delete apdu_data;
+	  apdu_data = NULL;
+	}
+    }
+  else
+    {
+      /* error */
+      if (params != NULL)
+	{
+	  delete params;
+	  params = NULL;
+	}
+      return NULL;
+    }
+
+  if (params != NULL)
+    {
+      delete params;
+      params = NULL;
+    }
+
+  return msg;
+}
+
+/**
+ * Terminates this connection.
+ */
+int
+RA_Conn::Close ()
+{
+  if (m_fd != NULL)
+    {
+      PR_Close (m_fd);
+      m_fd = NULL;
+    }
+  return 1;
+}
diff --git a/pki/base/tps/tools/raclient/RA_Conn.h b/pki/base/tps/tools/raclient/RA_Conn.h
new file mode 100644
index 000000000..307166eaf
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Conn.h
@@ -0,0 +1,71 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_CONN_H
+#define RA_CONN_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "prio.h"
+#include "RA_Token.h"
+#include "main/RA_Msg.h"
+#include "main/Buffer.h"
+#include "apdu/APDU.h"
+
+class RA_Conn
+{
+  public:
+	  RA_Conn(char *host, int port, char *uri);
+	  ~RA_Conn();
+  public:
+          int SendMsg(RA_Msg *msg);
+          RA_Msg *ReadMsg();
+          RA_Msg *ReadMsg(RA_Token *token);
+          int Connect();
+          int Close();
+	  void setEncryption(bool encrypted);
+	  bool isEncrypted();
+  public:
+	  APDU *CreateAPDU(RA_Token *tok, Buffer &data, Buffer &mac);
+  private:
+          char *m_host;
+          int m_port;
+          char *m_uri;
+	  PRFileDesc *m_fd;
+	  int m_read_header;
+	  bool m_encrypted_channel;
+};
+
+#endif /* RA_MSG_H */
diff --git a/pki/base/tps/tools/raclient/RA_Token.cpp b/pki/base/tps/tools/raclient/RA_Token.cpp
new file mode 100644
index 000000000..069d6c23c
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Token.cpp
@@ -0,0 +1,2008 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This library is free software; you can redistribute it and/or
+// modify it under the terms of the GNU Lesser General Public
+// License as published by the Free Software Foundation;
+// version 2.1 of the License.
+// 
+// This library is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+// Lesser General Public License for more details.
+// 
+// You should have received a copy of the GNU Lesser General Public
+// License along with this library; if not, write to the Free Software
+// Foundation, Inc., 51 Franklin Street, Fifth Floor,
+// Boston, MA  02110-1301  USA 
+// 
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+#include "cryptohi.h"
+#include "plstr.h"
+#include "main/Util.h"
+#include "RA_Token.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "keyhi.h"
+#include "nss.h"
+#include "cert.h"
+
+//#define VERIFY_PROOF
+
+static BYTE
+ToVal (char c)
+{
+  if (c >= '0' && c <= '9')
+    {
+      return c - '0';
+    }
+  else if (c >= 'A' && c <= 'Z')
+    {
+      return c - 'A' + 10;
+    }
+  else if (c >= 'a' && c <= 'z')
+    {
+      return c - 'a' + 10;
+    }
+                                                                                
+  /* The following return is needed to suppress compiler warnings on Linux. */
+  return 0;
+}
+
+static Buffer *
+ToBuffer (char *input)
+{
+  int len = strlen (input) / 2;
+  BYTE *buffer = NULL;
+                                                                                
+  buffer = (BYTE *) malloc (len);
+  if (buffer == NULL)
+    {
+      return NULL;
+    }
+                                                                                
+  for (int i = 0; i < len; i++)
+    {
+      buffer[i] = (ToVal (input[i * 2]) * 16) + ToVal (input[i * 2 + 1]);
+    }
+  Buffer *j;
+  j = new Buffer (buffer, len);
+                                                                                
+  if (buffer != NULL)
+    {
+      free (buffer);
+      buffer = NULL;
+    }
+                                                                                
+  return j;
+}
+
+/**
+ * Constructs a virtual token.
+ */
+RA_Token::RA_Token ()
+{
+  m_session_key = NULL;
+  m_enc_session_key = NULL;
+  BYTE key_info[] = {
+    0x01, 0x01
+  };
+  BYTE version[] = {
+    0x00, 0x01, 0x02, 0x03
+  };
+  BYTE cuid[] = {
+    0x00, 0x01, 0x02, 0x03,
+    0x04, 0x05, 0x06, 0x07,
+    0x08, 0x09
+  };
+  BYTE msn[] = {
+    0x00, 0x00, 0x00, 0x00
+  };
+  BYTE key[] = {
+    0x40, 0x41, 0x42, 0x43,
+    0x44, 0x45, 0x46, 0x47,
+    0x48, 0x49, 0x4a, 0x4b,
+    0x4c, 0x4d, 0x4e, 0x4f
+  };
+
+  m_major_version = 0;
+  m_minor_version = 0;
+
+  /* default setting */
+  m_lifecycle_state = 0;
+  m_icv = Buffer (8, (BYTE) 0);
+  m_auth_key = Buffer (key, sizeof key);
+  m_mac_key = Buffer (key, sizeof key);
+  m_kek_key = Buffer (key, sizeof key);
+  m_cuid = Buffer (cuid, sizeof cuid);
+  m_msn = Buffer (msn, sizeof msn);
+  m_version = Buffer (version, sizeof version);
+  m_key_info = Buffer (key_info, sizeof key_info);
+  m_pin = PL_strdup ("password");
+  m_object_len = 0;
+  m_object = NULL;
+}
+
+
+/**
+ * Destructs token.
+ */
+RA_Token::~RA_Token ()
+{
+  if (m_pin != NULL)
+    {
+      PL_strfree (m_pin);
+      m_pin = NULL;
+    }
+  if (m_session_key != NULL)
+    {
+      PORT_Free (m_session_key);
+      m_session_key = NULL;
+    }
+  if (m_enc_session_key != NULL)
+    {
+      PORT_Free (m_enc_session_key);
+      m_enc_session_key = NULL;
+    }
+  if (m_object != NULL)
+    {
+      delete (m_object);
+      m_object = NULL;
+    }
+}
+
+RA_Token *
+RA_Token::Clone ()
+{
+  RA_Token *token = new RA_Token ();
+  token->m_icv = m_icv;
+  /*
+     token->m_session_key = m_session_key;
+     token->m_enc_session_key = m_enc_session_key;
+   */
+  token->m_session_key = NULL;
+  token->m_enc_session_key = NULL;
+  token->m_lifecycle_state = m_lifecycle_state;
+  token->m_auth_key = m_auth_key;
+  token->m_major_version = m_major_version;
+  token->m_minor_version = m_minor_version;
+  token->m_mac_key = m_mac_key;
+  token->m_kek_key = m_kek_key;
+  token->m_cuid = m_cuid;
+  token->m_version = m_version;
+  token->m_key_info = m_key_info;
+  PL_strfree (token->m_pin);
+  token->m_pin = PL_strdup (m_pin);
+  token->m_object_len = m_object_len;
+  return token;
+}
+
+static void
+Output (const char *fmt, ...)
+{
+  va_list ap;
+  va_start (ap, fmt);
+  printf ("Output> ");
+  vprintf (fmt, ap);
+  printf ("\n");
+  va_end (ap);
+}
+
+void
+printBuf (Buffer * buf)
+{
+  int sum = 0;
+
+  BYTE *data = *buf;
+  int i = 0;
+  if (buf->size () > 255)
+    {
+      Output ("printBuf: TOO BIG to print");
+      return;
+    }
+  Output ("Begin printing buffer =====");
+  for (i = 0; i < (int) buf->size (); i++)
+    {
+      printf ("%02x ", (unsigned char) data[i]);
+      sum++;
+      if (sum == 10)
+	{
+	  printf ("\n");
+	  sum = 0;
+	}
+    }
+  Output ("End printing buffer =====");
+}
+
+Buffer & RA_Token::GetCUID ()
+{
+  return m_cuid;
+}
+
+Buffer & RA_Token::GetMSN ()
+{
+  return m_msn;
+}
+
+void
+RA_Token::SetCUID (Buffer & cuid)
+{
+  m_cuid = cuid;
+}
+
+void
+RA_Token::SetMSN (Buffer & msn)
+{
+  m_msn = msn;
+}
+
+Buffer & RA_Token::GetAppletVersion ()
+{
+  return m_version;
+}
+
+void
+RA_Token::SetAppletVersion (Buffer & version)
+{
+  m_version = version;
+}
+
+void
+RA_Token::SetMajorVersion (int v)
+{
+  m_major_version = v;
+}
+
+void
+RA_Token::SetMinorVersion (int v)
+{
+  m_minor_version = v;
+}
+
+void
+RA_Token::SetAuthKey (Buffer & key)
+{
+  m_auth_key = key;
+}
+
+void
+RA_Token::SetMacKey (Buffer & key)
+{
+  m_mac_key = key;
+}
+
+void
+RA_Token::SetKekKey (Buffer & key)
+{
+  m_kek_key = key;
+}
+
+Buffer & RA_Token::GetKeyInfo ()
+{
+  return m_key_info;
+}
+
+void
+RA_Token::SetKeyInfo (Buffer & key_info)
+{
+  m_key_info = key_info;
+}
+
+int
+RA_Token::GetMajorVersion ()
+{
+  return m_major_version;
+}
+
+int
+RA_Token::GetMinorVersion ()
+{
+  return m_minor_version;
+}
+
+BYTE
+RA_Token::GetLifeCycleState ()
+{
+  return m_lifecycle_state;
+}
+
+char *
+RA_Token::GetPIN ()
+{
+  return m_pin;
+}
+
+Buffer & RA_Token::GetAuthKey ()
+{
+  return m_auth_key;
+}
+
+Buffer & RA_Token::GetMacKey ()
+{
+  return m_mac_key;
+}
+
+Buffer & RA_Token::GetKekKey ()
+{
+  return m_kek_key;
+}
+
+int
+RA_Token::NoOfPrivateKeys ()
+{
+  SECKEYPrivateKeyList *list = NULL;
+  SECKEYPrivateKeyListNode *node;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count;
+
+  list = PK11_ListPrivateKeysInSlot (slot);
+  for (count = 0, node = PRIVKEY_LIST_HEAD (list);
+       !PRIVKEY_LIST_END (node, list);
+       node = PRIVKEY_LIST_NEXT (node), count++)
+    {
+      /* nothing */
+    }
+  if (list != NULL)
+    {
+      SECKEY_DestroyPrivateKeyList (list);
+      list = NULL;
+    }
+
+  return count;
+}
+
+SECKEYPrivateKey *
+RA_Token::GetPrivateKey (int pos)
+{
+  SECKEYPrivateKeyList *list = NULL;
+  SECKEYPrivateKeyListNode *node;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count;
+
+  list = PK11_ListPrivateKeysInSlot (slot);
+  for (count = 0, node = PRIVKEY_LIST_HEAD (list);
+       !PRIVKEY_LIST_END (node, list);
+       node = PRIVKEY_LIST_NEXT (node), count++)
+    {
+      if (pos == count)
+	{
+	  return node->key;
+	}
+    }
+  if (list != NULL)
+    {
+      SECKEY_DestroyPrivateKeyList (list);
+      list = NULL;
+    }
+
+  return NULL;
+}
+
+int
+RA_Token::NoOfCertificates ()
+{
+  CERTCertList *clist = NULL;
+  CERTCertListNode *cln;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count = 0;
+
+  clist = PK11_ListCertsInSlot (slot);
+  for (cln = CERT_LIST_HEAD (clist); !CERT_LIST_END (cln, clist);
+       cln = CERT_LIST_NEXT (cln))
+    {
+      count++;
+    }
+
+  return count;
+}
+
+CERTCertificate *
+RA_Token::GetCertificate (int pos)
+{
+  CERTCertList *clist = NULL;
+  CERTCertListNode *cln;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int count = 0;
+
+  clist = PK11_ListCertsInSlot (slot);
+  for (cln = CERT_LIST_HEAD (clist); !CERT_LIST_END (cln, clist);
+       cln = CERT_LIST_NEXT (cln))
+    {
+      if (count == pos)
+	{
+	  CERTCertificate *cert = cln->cert;
+	  return cert;
+	}
+      count++;
+    }
+
+  return NULL;
+}
+
+void
+RA_Token::decryptMsg (Buffer & in_data, Buffer & out_data)
+{
+  Output ("RA_Token::decryptMsg: decryption about to proceed");
+
+  //add this header back later...does not include lc, since it might change
+  Buffer header = in_data.substr (0, 4);
+#ifdef VERBOSE
+  Output ("input data =");
+  printBuf (&in_data);
+  Output ("length = %d", in_data.size ());
+#endif
+
+  //add this mac back later
+  Buffer mac = in_data.substr (in_data.size () - 8, 8);
+
+#ifdef VERBOSE
+  Output ("mac=");
+  printBuf (&mac);
+#endif
+
+  // encrypted data area is the part without header and mac
+  Buffer enc_in_data = in_data.substr (5, in_data.size () - 8 - 5);
+
+#ifdef VERBOSE
+  Output ("RA_Token::decryptMsg: enc_in_data size: %d", enc_in_data.size ());
+  Output ("encrypted in_data =");
+  printBuf (&enc_in_data);
+#endif
+
+  Buffer d_apdu_data;
+  PRStatus status = Util::DecryptData (GetEncSessionKey (),
+				       enc_in_data, d_apdu_data);
+#ifdef VERBOSE
+  Output ("RA_Token::decryptMsg: decrypted data size = %d, data=",
+	  d_apdu_data.size ());
+  printBuf (&d_apdu_data);
+#endif
+
+  if (status == PR_SUCCESS)
+    {
+      Output ("RA_Token::decryptMsg: decrypt success");
+    }
+  else
+    {
+      Output ("RA_Token::decryptMsg: decrypt failure");
+      //      return NULL;
+    }
+
+  /*
+   * the original (pre-encrypted) data would look like the following
+   *   orig. Length | Data... | <80> | <padding>
+   * where orig. Length is one byte,
+   * if orig Length + 1byte length is multiple of 8,
+   *     it wasn't padded
+   * if orig Length + 1byte length is not multiple of 8,
+   *     '80' was appended to the right of data field
+   * if that was multiple was 8, it's done, otherwise
+   *    it was padded with 0 until the data len is a multiple of 8
+   */
+  int origLen = (int) ((BYTE *) d_apdu_data)[0];
+  Output ("RA_Token::decryptMsg: origLen = %d", origLen);
+
+  Buffer orig_data;
+
+  // this should perfectly skip the paddings, if was any
+  orig_data = d_apdu_data.substr (1, origLen);
+  out_data = header;
+  out_data += Buffer (1, ((BYTE *) d_apdu_data)[0] + 0x08);
+  out_data += orig_data;
+  out_data += mac;
+
+#ifdef VERBOSE
+  Output ("decrypted pdu data:");
+  printBuf (&out_data);
+#endif
+}
+
+APDU_Response *
+RA_Token::ProcessInitializeUpdate (Initialize_Update_APDU * apdu,
+				   NameValueSet * vars, NameValueSet * params)
+{
+  BYTE requested_version = apdu->GetP1 ();
+  //BYTE requested_index = apdu->GetP2();
+  Buffer host_challenge = apdu->GetHostChallenge ();
+  m_host_challenge = host_challenge;
+//        printf("Host Challenge: \n");
+//        host_challenge.dump();
+
+  Buffer ki = GetKeyInfo ();
+  BYTE current_version = ((BYTE *) ki)[0];
+  //BYTE current_index = ((BYTE*)ki)[1];
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_iu_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_iu_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (requested_version != 0x00 && requested_version != current_version)
+    {
+      // return an error
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  m_icv = Buffer (8, (BYTE) 0);
+
+	/**
+         * Initialize Update response:
+         *   Key Diversification Data - 10 bytes
+         *   Key Information Data - 2 bytes
+         *   Card Challenge - 8 bytes
+         *   Card Cryptogram - 8 bytes
+         */
+  Buffer card_challenge (8, (BYTE) 0);
+  Util::GetRandomChallenge (card_challenge);
+  m_card_challenge = card_challenge;
+
+  /* compute cryptogram */
+  Buffer icv = Buffer (8, (BYTE) 0);
+  Buffer input = host_challenge + card_challenge;
+  Buffer cryptogram (8, (BYTE) 0);
+
+  Buffer authkey = GetAuthKey ();
+  if (authkey == NULL)
+    {
+      return NULL;
+    }
+  PK11SymKey *encAuthKey = Util::DeriveKey (GetAuthKey (),
+					    host_challenge, card_challenge);
+  Util::ComputeMAC (encAuthKey, input, icv, cryptogram);
+
+  // printf("Cryptogram: \n");
+  // cryptogram.dump();
+  //
+  // establish session key
+  m_session_key = CreateSessionKey (mac, m_card_challenge, m_host_challenge);
+  // establish Encryption session key
+  m_enc_session_key = CreateSessionKey (auth, m_card_challenge,
+					m_host_challenge);
+
+  Buffer data = GetCUID () + GetKeyInfo () +
+    card_challenge + cryptogram +
+    Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+
+  return apdu_resp;
+}
+
+int
+RA_Token::VerifyMAC (APDU * apdu)
+{
+  Buffer data;
+  Buffer mac = apdu->GetMAC ();
+
+  Output ("RA_Token::VerifyMAC: Begins==== apdu type =%d", apdu->GetType ());
+  if (mac.size () != 8)
+    {
+      Output ("RA_Token::VerifyMAC:  no mac? ok");
+      return 1;
+    }
+
+  Buffer new_mac = Buffer (8, (BYTE) 0);
+
+  ComputeAPDUMac (apdu, new_mac);
+  if (new_mac != mac)
+    {
+#ifdef VERBOSE
+      Output ("old mac: ");
+      printBuf (&mac);
+      Output ("new mac: ");
+      printBuf (&new_mac);
+#endif
+      Output ("RA_Token::VerifyMAC:  *** failed ***");
+      return 0;
+    }
+  else
+    {
+      Output ("RA_Token::VerifyMAC:  passed");
+      return 1;
+    }
+}
+
+void
+RA_Token::ComputeAPDUMac (APDU * apdu, Buffer & new_mac)
+{
+  Buffer data;
+
+  apdu->GetDataToMAC (data);
+
+#ifdef VERBOSE
+  Output ("RA_Token::ComputeAPDUMac: data to mac =");
+  printBuf (&data);
+  Output ("RA_Token::ComputeAPDUMac: current m_icv =");
+  printBuf (&m_icv);
+#endif
+
+
+  Util::ComputeMAC (m_session_key, data, m_icv, new_mac);
+#ifdef VERBOSE
+  Output ("RA_Token::ComputeAPDUMac: got new mac =");
+#endif
+  printBuf (&new_mac);
+
+
+  m_icv = new_mac;
+}				/* EncodeAPDUMac */
+
+PK11SymKey *
+RA_Token::GetEncSessionKey ()
+{
+  return m_enc_session_key;
+}
+
+PK11SymKey *
+RA_Token::CreateSessionKey (keyType keytype, Buffer & card_challenge,
+			    Buffer & host_challenge)
+{
+  BYTE *key = NULL;
+  char input[16];
+  int i;
+  BYTE *cc = (BYTE *) card_challenge;
+  int cc_len = card_challenge.size ();
+  BYTE *hc = (BYTE *) host_challenge;
+  int hc_len = host_challenge.size ();
+
+  if (keytype == mac)
+    key = (BYTE *) m_mac_key;
+  else if (keytype == auth)
+    key = (BYTE *) m_auth_key;
+  else
+    key = (BYTE *) m_mac_key;	// for now
+
+  /* copy card and host challenge into input buffer */
+  for (i = 0; i < 8; i++)
+    {
+      input[i] = cc[i];
+    }
+  for (i = 0; i < 8; i++)
+    {
+      input[8 + i] = hc[i];
+    }
+
+  PK11SymKey *session_key =
+    Util::DeriveKey (Buffer (key, 16), Buffer (hc, hc_len),
+		     Buffer (cc, cc_len));
+
+  //printf("XXX mac key\n");
+  //m_mac_key.dump();
+  //printf("XXX card challenge\n");
+  //card_challenge.dump();
+  //printf("XXX host challenge\n");
+  //host_challenge.dump();
+  SECItem *data = PK11_GetKeyData (session_key);
+  Buffer db = Buffer (data->data, data->len);
+  //      printf("session key:\n");
+  //          db.dump();
+
+  return session_key;
+}
+
+APDU_Response *
+RA_Token::ProcessExternalAuthenticate (External_Authenticate_APDU * apdu,
+				       NameValueSet * vars,
+				       NameValueSet * params)
+{
+  Buffer host_cryptogram = apdu->GetHostCryptogram ();
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessExternalAuthenticate");
+#endif
+  // printf("Host Cryptogram: \n");
+  // host_cryptogram.dump();
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ea_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ea_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+static int
+VerifyProof (SECKEYPublicKey * pk, SECItem * siProof,
+	     unsigned short pkeyb_len, unsigned char *pkeyb,
+	     Buffer * challenge)
+{
+  // this doesn't work, and not needed anymore
+  return 1;
+
+  int rs = 1;
+  unsigned short i = 0;
+  unsigned int j = 0;
+  unsigned char *chal = NULL;
+
+  VFYContext *vc = VFY_CreateContext (pk, siProof,
+				      SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE,
+				      NULL);
+  if (vc == NULL)
+    {
+      Output ("VerifyProof: CreateContext failed");
+      return 0;			// error
+    }
+
+  SECStatus vs = VFY_Begin (vc);
+  if (vs == SECFailure)
+    {
+      rs = -1;
+      Output ("VerifyProof: Begin failed");
+      goto loser;
+    }
+  unsigned char proof[1024];
+
+  for (i = 0; i < pkeyb_len; i++)
+    {
+      proof[i] = pkeyb[i];
+    }
+  chal = (unsigned char *) (BYTE *) (*challenge);
+
+  for (j = 0; j < challenge->size (); i++, j++)
+    {
+      proof[i] = chal[j];
+    }
+  vs =
+    VFY_Update (vc, (unsigned char *) proof, pkeyb_len + challenge->size ());
+  if (vs == SECFailure)
+    {
+      rs = -1;
+      Output ("VerifyProof: Update failed");
+      goto loser;
+    }
+  vs = VFY_End (vc);
+  if (vs == SECFailure)
+    {
+      rs = -1;
+      Output ("VerifyProof: End failed");
+      goto loser;
+    }
+  else
+    {
+      Output ("VerifyProof good");
+    }
+
+loser:
+  if (vc != NULL)
+    {
+      VFY_DestroyContext (vc, PR_TRUE);
+      vc = NULL;
+    }
+  return rs;
+
+}
+
+static Buffer
+GetMusclePublicKeyData (SECKEYPublicKey * pubKey, int keylen)
+{
+  int i, j;
+
+  Buffer pk = Buffer (4 /* header len */  +
+		      pubKey->u.rsa.modulus.len +
+		      pubKey->u.rsa.publicExponent.len);
+
+  ((BYTE *) pk)[0] = 0;		/* BLOB_ENC_PLAIN */
+  ((BYTE *) pk)[1] = 0x01;	/* Public RSA Key */
+  ((BYTE *) pk)[2] = keylen / 256;
+  ((BYTE *) pk)[3] = keylen % 256;
+  ((BYTE *) pk)[4] = pubKey->u.rsa.modulus.len / 256;
+  ((BYTE *) pk)[5] = pubKey->u.rsa.modulus.len % 256;
+  for (i = 0; i < (int) pubKey->u.rsa.modulus.len; i++)
+    {
+      ((BYTE *) pk)[6 + i] = pubKey->u.rsa.modulus.data[i];
+    }
+  ((BYTE *) pk)[i++] = pubKey->u.rsa.publicExponent.len / 256;
+  ((BYTE *) pk)[i++] = pubKey->u.rsa.publicExponent.len % 256;
+  for (j = 0; j < (int) pubKey->u.rsa.publicExponent.len; j++)
+    {
+      ((BYTE *) pk)[i++] = pubKey->u.rsa.publicExponent.data[j];
+    }
+  return pk;
+}
+
+static Buffer
+Sign (SECKEYPrivateKey * privKey, Buffer & blob)
+{
+  SECStatus status;
+
+  SECItem sigitem;
+  int signature_len;
+
+  signature_len = PK11_SignatureLen (privKey);
+  sigitem.len = signature_len;
+  sigitem.data = (unsigned char *) PORT_Alloc (signature_len);
+
+  status = SEC_SignData (&sigitem, (BYTE *) blob, blob.size (), privKey,
+			 SEC_OID_ISO_SHA_WITH_RSA_SIGNATURE);
+  if (status != SECSuccess)
+    {
+      printf ("Signing error\n");
+      if (sigitem.data != NULL)
+	{
+	  PORT_Free (sigitem.data);
+	  sigitem.data = NULL;
+	}
+      return Buffer (16, (BYTE) 0);	// sucks
+    }
+
+  Buffer proof = Buffer (sigitem.data, signature_len);
+  if (sigitem.data != NULL)
+    {
+      PORT_Free (sigitem.data);
+      sigitem.data = NULL;
+    }
+  return proof;
+}
+
+static Buffer
+GetKeyBlob (int keysize, SECKEYPublicKey * pubKey)
+{
+  Buffer blob = Buffer (1, (BYTE) 0) +	/* encoding */
+    Buffer (1, (BYTE) 1) +	/* key type */
+    Buffer (1, (BYTE) (keysize >> 8) & 0xff) +	/* key size */
+    Buffer (1, (BYTE) keysize & 0xff) +	/* key size */
+    Buffer (1, (BYTE) (pubKey->u.rsa.modulus.len >> 8) & 0xff) +
+    Buffer (1, (BYTE) pubKey->u.rsa.modulus.len & 0xff) +
+    Buffer ((BYTE *) pubKey->u.rsa.modulus.data, pubKey->u.rsa.modulus.len) +
+    Buffer (1, (BYTE) (pubKey->u.rsa.publicExponent.len >> 8) & 0xff) +
+    Buffer (1, (BYTE) pubKey->u.rsa.publicExponent.len & 0xff) +
+    Buffer ((BYTE *) pubKey->u.rsa.publicExponent.data,
+	    pubKey->u.rsa.publicExponent.len);
+  return blob;
+}
+
+static Buffer
+GetSignBlob (Buffer & muscle_public_key, Buffer & challenge)
+{
+  int i, j;
+
+  Buffer data = Buffer (muscle_public_key.size () +
+			challenge.size (), (BYTE) 0);
+  for (i = 0; i < (int) muscle_public_key.size (); i++)
+    {
+      ((BYTE *) data)[i] = ((BYTE *) muscle_public_key)[i];
+    }
+  for (j = 0; j < (int) challenge.size (); j++, i++)
+    {
+      ((BYTE *) data)[i] = ((BYTE *) challenge)[j];
+    }
+  return data;
+}
+
+APDU_Response *
+RA_Token::ProcessGenerateKey (Generate_Key_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+  CK_MECHANISM_TYPE mechanism;
+  SECOidTag algtag;
+  PK11RSAGenParams rsaparams;
+  void *x_params;
+  SECKEYPrivateKey *privKey;
+  SECKEYPublicKey *pubKey;
+  PK11SlotInfo *slot = PK11_GetInternalKeySlot ();
+  int publicExponent = 0x010001;
+  int buffer_size;
+  // RA::Debug( LL_PER_PDU,
+  //            "RA_Token::ProcessGenerateKey: ",
+  //            "=====ProcessGenerateKey():in ProcessGenerateKey====" );
+
+  // for testing only
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessGenerateKey");
+#endif
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gk_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gk_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer req = apdu->GetData ();
+  BYTE *raw = (BYTE *) req;
+  // BYTE alg = (BYTE)req[5];
+  int keysize = (((BYTE *) req)[1] << 8) + ((BYTE *) req)[2];
+//      printf("Requested key size %d\n", keysize);
+
+  int wrapped_challenge_len = ((BYTE *) req)[5];
+//      printf("Challenged Size=%d\n", wrapped_challenge_len);
+  Buffer wrapped_challenge = Buffer ((BYTE *) & raw[6],
+				     wrapped_challenge_len);
+
+  rsaparams.keySizeInBits = keysize;
+  rsaparams.pe = publicExponent;
+  mechanism = CKM_RSA_PKCS_KEY_PAIR_GEN;
+  algtag = SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION;
+  x_params = &rsaparams;
+
+  /* generate key pair */
+  char *keygen_param = params->GetValue ("keygen");
+  if (keygen_param == NULL || (strcmp (keygen_param, "true") == 0))
+    {
+      privKey = PK11_GenerateKeyPair (slot, mechanism,
+				      x_params, &pubKey,
+				      PR_FALSE /*isPerm */ ,
+				      PR_TRUE /*isSensitive */ ,
+				      NULL /*wincx */ );
+      if (privKey == NULL)
+	{
+	  // printf("privKey == NULL\n");
+	  buffer_size = 1024;	/* testing */
+	}
+      else
+	{
+
+	  /* put key in the buffer */
+	  // printf("modulus len %d\n", pubKey->u.rsa.modulus.len);
+	  // printf("exponent len %d\n", pubKey->u.rsa.publicExponent.len);
+
+	  Buffer blob = GetKeyBlob (keysize, pubKey);
+
+/*
+ * The key generation operation creates a proof-of-location for the
+ * newly generated key. This proof is a signature computed with the 
+ * new private key using the RSA-with-MD5 signature algorithm.  The 
+ * signature is computed over the Muscle Key Blob representation of 
+ * the new public key and the challenge sent in the key generation 
+ * request.  These two data fields are concatenated together to form
+ * the input to the signature, without any other data or length fields.
+ */
+
+	  Buffer challenge = Buffer (16, (BYTE) 0x00);
+	  // printf("Encrypted Enrollment Challenge:\n");
+	  // wrapped_challenge.dump();
+	  Util::DecryptData (m_kek_key, wrapped_challenge, challenge);
+
+//              printf("Enrollment Challenge:\n");
+//              challenge.dump();
+//              printf("after challenge dump");
+	  Buffer muscle_public_key = GetMusclePublicKeyData (pubKey, keysize);
+//              printf("after muscle_public_key get, muscle_public_key size=%d", muscle_public_key.size());
+	  Buffer data_blob = GetSignBlob ( /*muscle_public_key */ blob,
+					  challenge);
+//              printf("after getsignblob, blob size =%d",blob.size());
+	  Buffer proof = Sign (privKey, data_blob);
+//              printf("begin verifying proof");
+	  unsigned char *pkeyb = (unsigned char *) (BYTE *) data_blob;
+	  int pkeyb_len = data_blob.size ();
+
+	  SECItem siProof;
+	  siProof.type = (SECItemType) 0;
+	  siProof.data = (unsigned char *) proof;
+	  siProof.len = proof.size ();
+
+	  //    int size = data_blob.size();
+	  // RA::Debug( LL_PER_PDU,
+	  //            "RA_Token::ProcessGenerateKey: ",
+	  //            "==== proof size =%d, data_blob size=%d",
+	  //            siProof.len,
+	  //            data_blob.size() );
+	  // RA::Debug( LL_PER_PDU,
+	  //            "RA_Token::ProcessGenerateKey: ",
+	  //            "==== === printing blob. size=%d",
+	  //            size );
+	  // RA::Debug( LL_PER_PDU,
+	  //            "RA_Token::ProcessGenerateKey: ",
+	  //            "pubKey->u.rsa.publicExponent.data[37] =%d",
+	  //            pubKey->u.rsa.publicExponent.data[37] );
+
+	  if (VerifyProof (pubKey, &siProof, pkeyb_len, pkeyb, &challenge) !=
+	      1)
+	    {
+
+	      Output ("VerifyProof failed");
+	      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+	      APDU_Response *apdu_resp = new APDU_Response (data);
+	      return apdu_resp;
+
+	    }
+
+	  m_buffer =
+	    Buffer (1, (BYTE) (blob.size () / 256)) +
+	    Buffer (1, (BYTE) (blob.size () % 256)) +
+	    Buffer (blob) +
+	    Buffer (1, (BYTE) (proof.size () / 256)) +
+	    Buffer (1, (BYTE) (proof.size () % 256)) + Buffer (proof);
+	  buffer_size = m_buffer.size ();
+	}			// if private key not NULL
+
+    }
+  else
+    {
+      // fake key
+      BYTE fake_key[] = {
+	0x00, 0x8b, 0x00, 0x01, 0x04, 0x00, 0x00, 0x80, 0x9f, 0xf9,
+	0x6e, 0xa6, 0x6c, 0xd9, 0x4b, 0x5c, 0x1a, 0xb6, 0xd8, 0x78,
+	0xd2, 0xaf, 0x45, 0xd5, 0xce, 0x8a, 0xee, 0x69, 0xfc, 0xdb,
+	0x16, 0x21, 0x46, 0x61, 0xb9, 0x91, 0x5d, 0xa8, 0x41, 0x3f,
+	0x5c, 0xce, 0xce, 0x16, 0x0b, 0xc3, 0x16, 0x99, 0xb7, 0x81,
+	0xe9, 0x9c, 0xe5, 0x31, 0x04, 0x6d, 0xab, 0xb2, 0xa3, 0xac,
+	0x91, 0x2b, 0xbd, 0x9b, 0x48, 0xa8, 0xd7, 0xd8, 0x34, 0x67,
+	0x4d, 0x58, 0xd3, 0xb9, 0x81, 0x4f, 0x8c, 0xf1, 0x2c, 0x92,
+	0xfa, 0xe7, 0x98, 0x72, 0xea, 0x52, 0xbb, 0x43, 0x73, 0x9e,
+	0x88, 0xdc, 0x6c, 0x44, 0xf3, 0x6d, 0xfd, 0x36, 0xa6, 0x5c,
+	0x61, 0x7d, 0x88, 0x51, 0xc7, 0x32, 0x14, 0x64, 0xf3, 0xe0,
+	0x6f, 0xfa, 0x86, 0x1d, 0xad, 0x6c, 0xdb, 0x8a, 0x1c, 0x30,
+	0xb2, 0x46, 0x26, 0xba, 0x3c, 0x71, 0x2c, 0x03, 0x45, 0x97,
+	0x7f, 0xb0, 0x10, 0x24, 0xf4, 0x45, 0x00, 0x03, 0x01, 0x00,
+	0x01, 0x00, 0x80, 0x58, 0x06, 0x40, 0x4e, 0x05, 0xd8, 0x54,
+	0x87, 0xb1, 0x5b, 0xfc, 0x67, 0x95, 0xe5
+      };
+      m_buffer = Buffer ((BYTE *) fake_key, sizeof fake_key);
+      buffer_size = m_buffer.size ();
+    }
+
+
+  Buffer data = Buffer (1, (BYTE) (buffer_size >> 8) & 0xff) +	// key length
+    Buffer (1, (BYTE) buffer_size & 0xff) +	// key length 
+    Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessCreateObject (Create_Object_APDU * apdu,
+			       NameValueSet * vars, NameValueSet * params)
+{
+  Buffer inputdata;
+  m_chunk_len = 0;
+  m_object_len = 0;
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessCreateObject");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_co_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_co_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  inputdata = apdu->GetData ();
+//    inputdata.dump();
+  m_objectid[0] = (char) (((BYTE *) inputdata)[0]);
+  m_objectid[1] = (char) (((BYTE *) inputdata)[1]);
+  m_objectid[2] = '\0';
+
+// skip permissions
+
+  m_object_len += (((BYTE *) inputdata)[4]) << 24;
+  m_object_len += (((BYTE *) inputdata)[5]) << 16;
+  m_object_len += (((BYTE *) inputdata)[6]) << 8;
+  m_object_len += ((BYTE *) inputdata)[7];
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  if (m_object != NULL)
+    {
+      delete m_object;
+      m_object = NULL;
+    }
+  m_object = new Buffer (m_object_len, (BYTE) 0);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessLifecycle (Lifecycle_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessLifecycle");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lc_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lc_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessDeleteFile (Delete_File_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessDeleteFile");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_df_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_df_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessInstallApplet (Install_Applet_APDU * apdu,
+				NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::InstallApplet");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ia_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ia_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessInstallLoad (Install_Load_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::InstallLoad");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_il_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_il_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessLoadFile (Load_File_APDU * apdu,
+			   NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessLoadFile");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lf_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lf_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessFormatMuscleApplet (Format_Muscle_Applet_APDU * apdu,
+				     NameValueSet * vars,
+				     NameValueSet * params)
+{
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessSelect (Select_APDU * apdu,
+			 NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_se_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_se_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessListPins (List_Pins_APDU * apdu,
+			   NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetIssuerInfo (Get_IssuerInfo_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_cp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_cp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessSetIssuerInfo (Set_IssuerInfo_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_cp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_cp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessCreatePin (Create_Pin_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_cp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_cp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetVersion (Get_Version_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gv_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gv_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = m_version + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetData (Get_Data_APDU * apdu,
+			  NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gd_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gd_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data =
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) +
+    m_cuid.substr (0, 4) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    m_cuid.substr (6, 4) +
+    m_cuid.substr (4, 2) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x00) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x00) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    m_msn.substr (0, 4) + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessGetStatus (Get_Status_APDU * apdu,
+			    NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_gs_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_gs_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  //Return a reasonable value for available applet memory.
+  //Free mem - 8192
+  //Tot  mem - 8447
+  BYTE free_mem_high = 0x20;
+  BYTE free_mem_low  = 0x00;
+  BYTE tot_mem_high  = 0x20;
+  BYTE tot_mem_low   = 0xff;
+  Buffer data =
+    Buffer (1, (BYTE) m_major_version) + Buffer (1, (BYTE) m_minor_version) +
+    Buffer (1, (BYTE) 0x00) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) tot_mem_high) +  Buffer (1, (BYTE) tot_mem_low) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) free_mem_high) + Buffer (1, (BYTE) free_mem_low) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x01) + Buffer (1, (BYTE) 0x00) +
+    Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00); 
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessPutKey (Put_Key_APDU * apdu,
+			 NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessPutKey");
+#endif
+  Buffer key_set_data = apdu->GetData ();
+  BYTE current_version = ((BYTE *) key_set_data)[0];
+  BYTE current_index = (apdu->GetP2 () & 0x0f);
+
+  BYTE ki[2] = { current_version, current_index };
+  Buffer kib (ki, 2);
+  SetKeyInfo (kib);
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_pk_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_pk_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  //BYTE new_version = key_set_data[0];
+  Buffer e_auth = key_set_data.substr (3, 16);
+  Buffer e_mac = key_set_data.substr (25, 16);
+  Buffer e_kek = key_set_data.substr (47, 16);
+
+  // need to retrieve the old kek, and decrypt the data 
+  // with it
+  Buffer auth;
+  Buffer mac;
+  Buffer kek;
+  Util::DecryptData (m_kek_key, e_auth, auth);
+  Util::DecryptData (m_kek_key, e_mac, mac);
+  Util::DecryptData (m_kek_key, e_kek, kek);
+
+  m_kek_key = kek;
+  m_mac_key = mac;
+  m_auth_key = auth;
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessImportKeyEnc (Import_Key_Enc_APDU * apdu,
+			       NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessImportKeyEnc");
+#endif
+  Buffer data;
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ik_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ik_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  data = apdu->GetData ();
+
+  data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessReadBuffer (Read_Buffer_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+  Buffer buffer;
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessReadBuffer");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_rb_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_rb_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  int len = apdu->GetLen ();
+  int offset = apdu->GetOffset ();
+
+  if (offset + len <= (int) m_buffer.size ())
+    {
+      buffer = m_buffer.substr (offset, len);
+    }
+  else
+    {
+      Output ("TESTING   offset = %d, len = %d, m_buffer.size = %d",
+	      offset, len, m_buffer.size ());
+      buffer = Buffer (len, (BYTE) 0);	/* for testing */
+    }
+  Buffer data = buffer + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessUnblockPin (Unblock_Pin_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessUnblockPin");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_up_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_up_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessListObjects (List_Objects_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_lo_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_lo_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x9C) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessReadObject (Read_Object_APDU * apdu,
+			     NameValueSet * vars, NameValueSet * params)
+{
+  Buffer buffer;
+
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessReadObject");
+#endif
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_ro_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_ro_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+
+  Buffer buf = apdu->GetData();
+  int len = ((BYTE*)buf)[8];
+  int offset = (((BYTE*)buf)[4] << 24) + (((BYTE*)buf)[5] << 16) +
+               (((BYTE*)buf)[6] << 8) + ((BYTE*)buf)[7];
+                                                                                
+  if (offset + len <= (int) m_buffer.size ())
+    {
+      buffer = m_buffer.substr (offset, len);
+    }
+  else
+    {
+      Output ("TESTING   offset = %d, len = %d, m_buffer.size = %d",
+          offset, len, m_buffer.size ());
+      buffer = Buffer (len, (BYTE) 0);  /* for testing */
+    }
+                                                                                
+  Buffer data = buffer + Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessWriteBuffer (Write_Object_APDU * apdu,
+			      NameValueSet * vars, NameValueSet * params)
+{
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessWriteBuffer");
+#endif
+#define MAX_WRITE_BUFFER_SIZE 0x40
+  int num = 0;
+  int rv = -1;
+  int index = MAX_WRITE_BUFFER_SIZE + 2;
+  PK11SlotInfo *slot;
+  CERTCertificate *cert = NULL;
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_wb_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_wb_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+  Buffer inputdata = apdu->GetData ();
+  num = m_object_len - m_chunk_len;
+  if (num > MAX_WRITE_BUFFER_SIZE)
+    {
+      for (int i = 2; i < index; i++)
+	{
+	  BYTE data = ((BYTE *) inputdata)[i];
+	  ((BYTE *) * m_object)[m_chunk_len] = data;
+	  m_chunk_len++;
+	}
+    }
+  else
+    {
+      for (int i = 2; i < num + 2; i++)
+	{
+	  ((BYTE *) * m_object)[m_chunk_len] = ((BYTE *) inputdata)[i];
+	  m_chunk_len++;
+	}
+
+      if (strcmp (m_objectid, "C0") == 0)
+	{
+	  // printf("RA_Token::ProcessWriteBuffer objectid = %s\n", m_objectid);
+	  // we got the whole certificate, import to the db.
+	  cert = CERT_DecodeCertFromPackage ((char *) ((BYTE *) * m_object),
+					     m_object->size ());
+	  if (cert == NULL)
+	    {
+	      // printf("cert is NULL\n");
+	    }
+	  else
+	    {
+	      slot = PK11_GetInternalKeySlot ();
+
+	      rv = PK11_Authenticate (slot, PR_TRUE, NULL);
+	      if (rv != SECSuccess)
+		{
+		  //  printf("Failed to authenticate to the internal token\n");
+		}
+	      else
+		{
+		  rv = PK11_ImportCert (slot, cert, CK_INVALID_HANDLE,
+					(char *) "testcert", PR_FALSE);
+		  if (rv != SECSuccess)
+		    {
+		      printf
+			("Failed to import the cert to the internal token\n");
+		    }
+		}
+	    }
+	}
+    }
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::ProcessSetPin (Set_Pin_APDU * apdu,
+			 NameValueSet * vars, NameValueSet * params)
+{
+  Buffer new_pin_buf = apdu->GetNewPIN ();
+#ifdef VERBOSE
+  Output ("RA_Token::ProcessSetPin");
+#endif
+
+  // for testing only
+  if (vars->GetValueAsBool("test_enable", 0) == 1) {
+    if (vars->GetValueAsBool("test_apdu_sp_return_enable", 0) == 1) {
+      Buffer *data = ToBuffer (vars->GetValue ("test_apdu_sp_return"));
+      APDU_Response *apdu_resp = new APDU_Response (*data);
+      return apdu_resp;
+    }
+  }
+
+  if (VerifyMAC (apdu) != 1)
+    {
+      Buffer data = Buffer (1, (BYTE) 0x6a) + Buffer (1, (BYTE) 0x88);
+      APDU_Response *apdu_resp = new APDU_Response (data);
+      return apdu_resp;
+    }
+#if 0
+  printf ("New PIN: \n");
+  new_pin_buf.dump ();
+#endif
+
+  /* replace current pin */
+  int i;
+  char *new_pin = (char *) malloc (new_pin_buf.size () + 1);
+  for (i = 0; i < (int) new_pin_buf.size (); i++)
+    {
+      new_pin[i] = ((BYTE *) new_pin_buf)[i];
+    }
+  new_pin[new_pin_buf.size ()] = '\0';
+
+  if (m_pin != NULL)
+    {
+      PL_strfree (m_pin);
+      m_pin = NULL;
+    }
+  m_pin = new_pin;
+
+  Buffer data = Buffer (1, (BYTE) 0x90) + Buffer (1, (BYTE) 0x00);
+  APDU_Response *apdu_resp = new APDU_Response (data);
+  return apdu_resp;
+}
+
+APDU_Response *
+RA_Token::Process (APDU * apdu, NameValueSet * vars, NameValueSet * params)
+{
+  APDU_Response *resp = NULL;
+
+  if (apdu->GetType () == APDU_INITIALIZE_UPDATE)
+    {
+      resp = ProcessInitializeUpdate ((Initialize_Update_APDU *) apdu, vars,
+				      params);
+    }
+  else if (apdu->GetType () == APDU_EXTERNAL_AUTHENTICATE)
+    {
+      resp = ProcessExternalAuthenticate ((External_Authenticate_APDU *) apdu,
+					  vars, params);
+    }
+  else if (apdu->GetType () == APDU_SET_PIN)
+    {
+      resp = ProcessSetPin ((Set_Pin_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LOAD_FILE)
+    {
+      resp = ProcessLoadFile ((Load_File_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_FORMAT_MUSCLE_APPLET)
+    {
+      resp = ProcessFormatMuscleApplet ((Format_Muscle_Applet_APDU *) apdu,
+					vars, params);
+    }
+  else if (apdu->GetType () == APDU_INSTALL_LOAD)
+    {
+      resp = ProcessInstallLoad ((Install_Load_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_INSTALL_APPLET)
+    {
+      resp = ProcessInstallApplet ((Install_Applet_APDU *) apdu, vars,
+				   params);
+    }
+  else if (apdu->GetType () == APDU_DELETE_FILE)
+    {
+      resp = ProcessDeleteFile ((Delete_File_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_CREATE_OBJECT)
+    {
+      resp = ProcessCreateObject ((Create_Object_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LIFECYCLE)
+    {
+      resp = ProcessLifecycle ((Lifecycle_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_READ_BUFFER)
+    {
+      resp = ProcessReadBuffer ((Read_Buffer_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_UNBLOCK_PIN)
+    {
+      resp = ProcessUnblockPin ((Unblock_Pin_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LIST_OBJECTS)
+    {
+      resp = ProcessListObjects ((List_Objects_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_READ_OBJECT)
+    {
+      resp = ProcessReadObject ((Read_Object_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_WRITE_OBJECT)
+    {
+      resp = ProcessWriteBuffer ((Write_Object_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_SELECT)
+    {
+      resp = ProcessSelect ((Select_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_VERSION)
+    {
+      resp = ProcessGetVersion ((Get_Version_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_PUT_KEY)
+    {
+      resp = ProcessPutKey ((Put_Key_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_STATUS)
+    {
+      resp = ProcessGetStatus ((Get_Status_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_ISSUERINFO)
+    {
+      resp = ProcessGetIssuerInfo ((Get_IssuerInfo_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_SET_ISSUERINFO)
+    {
+      resp = ProcessSetIssuerInfo ((Set_IssuerInfo_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GET_DATA)
+    {
+      resp = ProcessGetData ((Get_Data_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_LIST_PINS)
+    {
+      resp = ProcessListPins ((List_Pins_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_CREATE_PIN)
+    {
+      resp = ProcessCreatePin ((Create_Pin_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_GENERATE_KEY)
+    {
+      resp = ProcessGenerateKey ((Generate_Key_APDU *) apdu, vars, params);
+    }
+  else if (apdu->GetType () == APDU_IMPORT_KEY_ENC)
+    {
+      resp = ProcessImportKeyEnc ((Import_Key_Enc_APDU *) apdu, vars, params);
+    }
+  else
+    {
+      printf ("RA_Token: Unknown APDU (%d)\n", apdu->GetType ());
+      /* error */
+    }
+  return resp;
+}
diff --git a/pki/base/tps/tools/raclient/RA_Token.h b/pki/base/tps/tools/raclient/RA_Token.h
new file mode 100644
index 000000000..bf92e4e89
--- /dev/null
+++ b/pki/base/tps/tools/raclient/RA_Token.h
@@ -0,0 +1,225 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifndef RA_TOKEN_H
+#define RA_TOKEN_H
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "main/Buffer.h"
+#include "main/NameValueSet.h"
+#include "apdu/APDU_Response.h"
+#include "apdu/APDU.h"
+#include "apdu/Initialize_Update_APDU.h"
+#include "apdu/External_Authenticate_APDU.h"
+#include "apdu/Set_Pin_APDU.h"
+#include "apdu/Get_Status_APDU.h"
+#include "apdu/Create_Object_APDU.h"
+#include "apdu/Lifecycle_APDU.h"
+#include "apdu/Read_Buffer_APDU.h"
+#include "apdu/Get_IssuerInfo_APDU.h"
+#include "apdu/Set_IssuerInfo_APDU.h"
+#include "apdu/Load_File_APDU.h"
+#include "apdu/Format_Muscle_Applet_APDU.h"
+#include "apdu/Install_Applet_APDU.h"
+#include "apdu/Install_Load_APDU.h"
+#include "apdu/Unblock_Pin_APDU.h"
+#include "apdu/Write_Object_APDU.h"
+#include "apdu/Read_Object_APDU.h"
+#include "apdu/List_Pins_APDU.h"
+#include "apdu/List_Objects_APDU.h"
+#include "apdu/Create_Pin_APDU.h"
+#include "apdu/Generate_Key_APDU.h"
+#include "apdu/Select_APDU.h"
+#include "apdu/Delete_File_APDU.h"
+#include "apdu/Get_Version_APDU.h"
+#include "apdu/Get_Data_APDU.h"
+#include "apdu/Put_Key_APDU.h"
+#include "apdu/Import_Key_APDU.h"
+#include "apdu/Import_Key_Enc_APDU.h"
+
+typedef enum {
+        auth,
+        mac,
+        kek
+        } keyType;
+
+class RA_Token
+{
+  public:
+	  RA_Token();
+	  ~RA_Token();
+  public:
+	  char *GetPIN();
+	  Buffer &GetAuthKey();
+	  Buffer &GetMacKey();
+	  Buffer &GetKekKey();
+	  Buffer &GetAppletVersion();
+	  void SetAppletVersion(Buffer &version);
+	  Buffer &GetCUID();
+	  void SetCUID(Buffer &cuid);
+	  Buffer &GetMSN();
+	  void SetMSN(Buffer &msn);
+	  Buffer &GetKeyInfo();
+	  int GetMajorVersion();
+	  int GetMinorVersion();
+	  void SetKeyInfo(Buffer &key_info);
+	  void SetAuthKey(Buffer &key);
+	  void SetMacKey(Buffer &key);
+	  void SetKekKey(Buffer &key);
+	  void SetMajorVersion(int v);
+	  void SetMinorVersion(int v);
+	  BYTE GetLifeCycleState();
+  public:
+          int VerifyMAC(APDU *apdu);
+          void ComputeAPDUMac(APDU *apdu, Buffer &new_mac);
+          PK11SymKey *CreateSessionKey(keyType keytype,
+				Buffer &card_challenge,  
+		                Buffer &host_challenge);
+	  RA_Token *Clone();
+	  void decryptMsg(Buffer &in_data, Buffer &out_data);
+	  PK11SymKey *GetEncSessionKey();
+  public:
+	int NoOfCertificates();
+	CERTCertificate *GetCertificate(int pos);
+	int NoOfPrivateKeys();
+	SECKEYPrivateKey *GetPrivateKey(int pos);
+  public:
+	  APDU_Response *Process(APDU *apdu, NameValueSet *vars, NameValueSet *params);
+	  APDU_Response *ProcessInitializeUpdate(
+			  Initialize_Update_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessExternalAuthenticate(
+			  External_Authenticate_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessReadObject(Read_Object_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessListObjects(List_Objects_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessDeleteFile(Delete_File_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessSetPin(Set_Pin_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessInstallApplet(Install_Applet_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessInstallLoad(Install_Load_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessLoadFile(Load_File_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessFormatMuscleApplet(Format_Muscle_Applet_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetVersion(Get_Version_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessListPins(List_Pins_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessCreatePin(Create_Pin_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetData(Get_Data_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetStatus(Get_Status_APDU *apdu, 
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessCreateObject(Create_Object_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessLifecycle(Lifecycle_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessReadBuffer(Read_Buffer_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessUnblockPin(Unblock_Pin_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGetIssuerInfo(Get_IssuerInfo_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessSetIssuerInfo(Set_IssuerInfo_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessWriteBuffer(Write_Object_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessGenerateKey(Generate_Key_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessImportKeyEnc(Import_Key_Enc_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessSelect(Select_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+	  APDU_Response *ProcessPutKey(Put_Key_APDU *apdu,
+			  NameValueSet *vars,
+			  NameValueSet *params);
+  public:
+	  Buffer m_card_challenge;
+	  Buffer m_host_challenge;
+          PK11SymKey *m_session_key;
+          PK11SymKey *m_enc_session_key;
+	  Buffer m_icv;
+	  Buffer m_cuid;
+	  Buffer m_msn;
+	  Buffer m_version;
+	  Buffer m_key_info;
+	  Buffer m_auth_key;
+	  Buffer m_mac_key;
+	  Buffer m_kek_key;
+	  Buffer m_buffer;
+	  BYTE m_lifecycle_state;
+	  char *m_pin;
+          Buffer* m_object;
+          int m_major_version;
+          int m_minor_version;
+          int m_object_len;
+          int m_chunk_len;
+          char m_objectid[3];
+};
+
+#endif /* RA_TOKEN_H */
diff --git a/pki/base/tps/tools/raclient/enroll.tps b/pki/base/tps/tools/raclient/enroll.tps
new file mode 100644
index 000000000..08e40b6e1
--- /dev/null
+++ b/pki/base/tps/tools/raclient/enroll.tps
@@ -0,0 +1,42 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests enrollment operation.
+#
+# Execution:
+#    tpsclient < enroll.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8099
+op=var_set name=ra_uri value=/nk_service
+# print original token status
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+#op=ra_enroll uid=test pwd=password new_pin=password
+op=ra_enroll uid=sectest13 num_threads=1 pwd=home-boy new_pin=password 
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/enroll1.test b/pki/base/tps/tools/raclient/enroll1.test
new file mode 100644
index 000000000..fdd54f704
--- /dev/null
+++ b/pki/base/tps/tools/raclient/enroll1.test
@@ -0,0 +1,43 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests enrollent.
+#
+# Execution:
+#    tpsclient < enroll.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8000
+op=var_set name=ra_uri value=/nk_service
+# print original token status
+op=token_status
+###set token params
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+op=ra_enroll uid=sectest13 pwd=home-boy new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/format.tps b/pki/base/tps/tools/raclient/format.tps
new file mode 100644
index 000000000..f087a2d25
--- /dev/null
+++ b/pki/base/tps/tools/raclient/format.tps
@@ -0,0 +1,45 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests token format operation.
+#
+# Execution:
+#    tpsclient < format.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8000
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_status
+### set token params
+op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+## perform format operation
+op=ra_format uid=test pwd=password num_threads=1 new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/nt_enroll.test b/pki/base/tps/tools/raclient/nt_enroll.test
new file mode 100644
index 000000000..f4faf18fe
--- /dev/null
+++ b/pki/base/tps/tools/raclient/nt_enroll.test
@@ -0,0 +1,212 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests enrollment operation.
+#
+# Execution:
+#    tpsclient < enroll.test
+#
+########################################################
+op=var_set name=ra_host value=water
+op=var_set name=ra_port value=7888
+op=var_set name=ra_uri value=/nk_service
+########################################################
+# Possible return codes:
+#
+# General errors:
+#  6400 - No specific diagnosis
+#  6700 - Wrong length in Lc
+#  6982 - Security status not satisfied
+#  6985 - Conditions of use not satisified
+#  6a86 - Incorrect P1 P2
+#  6d00 - Invalid instruction
+#  6e00 - Invalid class
+#
+# Install Load errors:
+#  6581 - Memory Failure
+#  6a80 - Incorrect parameters in data field
+#  6a84 - Not enough memory space
+#  6a88 - Referenced data not found
+#
+# Delete errors:
+#  6200 - Application has been logically deleted
+#  6581 - Memory failure
+#  6985 - Referenced data cannot be deleted
+#  6a88 - Referenced data not found
+#  6a82 - Application not found
+#  6a80 - Incorrect values in command data
+#
+# Get Data errors:
+#  6a88 - Referenced data not found
+#
+# Get Status errors:
+#  6310 - More data available
+#  6a88 - Referenced data not found
+#  6a80 - Incorrect values in command data
+#
+# Load errors:
+#  6581 - Memory failure
+#  6a84 - Not enough memory space
+#  6a86 - Incorrect P1/P2
+#  6985 - Conditions of use not satisified
+########################################################
+#
+########################################################
+# Negative Test Cases Testing:
+#
+# To enable the testing, you need to uncomment
+# the following:
+#
+#op=var_set name=test_enable value=true
+#
+# Init Update APDU:
+#
+#op=var_set name=test_apdu_iu_return_enable value=true
+#op=var_set name=test_apdu_iu_return value=6a88
+#
+# External Authenticate APDU:
+#
+#op=var_set name=test_apdu_ea_return_enable value=true
+#op=var_set name=test_apdu_ea_return value=6a88
+#
+# Generate Key APDU:
+#
+#op=var_set name=test_apdu_gk_return_enable value=true
+#op=var_set name=test_apdu_gk_return value=6a88
+#
+# Create Object APDU:
+#
+#op=var_set name=test_apdu_co_return_enable value=true
+#op=var_set name=test_apdu_co_return value=6a88
+#
+# Life Cycle APDU:
+#
+#op=var_set name=test_apdu_lc_return_enable value=true
+#op=var_set name=test_apdu_lc_return value=6a88
+#
+# Delete File APDU:
+#
+#op=var_set name=test_apdu_df_return_enable value=true
+#op=var_set name=test_apdu_df_return value=6a88
+#
+# Install Applet APDU:
+#
+#op=var_set name=test_apdu_ia_return_enable value=true
+#op=var_set name=test_apdu_ia_return value=6a88
+#
+# Install Load APDU:
+#
+#op=var_set name=test_apdu_il_return_enable value=true
+#op=var_set name=test_apdu_il_return value=6a88
+#
+# Load File APDU:
+#
+#op=var_set name=test_apdu_lf_return_enable value=true
+#op=var_set name=test_apdu_lf_return value=6a88
+#
+# Select Applet APDU:
+#
+#op=var_set name=test_apdu_se_return_enable value=true
+#op=var_set name=test_apdu_se_return value=6a88
+#
+# List PINs APDU:
+#
+#op=var_set name=test_apdu_lp_return_enable value=true
+#op=var_set name=test_apdu_lp_return value=6a88
+#
+# Create PIN APDU:
+#
+#op=var_set name=test_apdu_cp_return_enable value=true
+#op=var_set name=test_apdu_cp_return value=6a88
+#
+# Get Version APDU:
+#
+#op=var_set name=test_apdu_gv_return_enable value=true
+#op=var_set name=test_apdu_gv_return value=6a88
+#
+# Get Data APDU:
+#op=var_set name=test_apdu_gd_return_enable value=true
+#op=var_set name=test_apdu_gd_return value=6a88
+#
+# Get Status APDU:
+#
+#op=var_set name=test_apdu_gs_return_enable value=true
+#op=var_set name=test_apdu_gs_return value=6a88
+#
+# Put Key APDU:
+#
+#op=var_set name=test_apdu_pk_return_enable value=true
+#op=var_set name=test_apdu_pk_return value=6a88
+#
+# Import Key Enc APDU:
+#
+#op=var_set name=test_apdu_ik_return_enable value=true
+#op=var_set name=test_apdu_ik_return value=6a88
+#
+# Read Buffer APDU:
+#
+#op=var_set name=test_apdu_rb_return_enable value=true
+#op=var_set name=test_apdu_rb_return value=6a88
+#
+# Unblock PIN APDU:
+#
+#op=var_set name=test_apdu_up_return_enable value=true
+#op=var_set name=test_apdu_up_return value=6a88
+#
+# List Objects APDU:
+#
+#op=var_set name=test_apdu_lo_return_enable value=true
+#op=var_set name=test_apdu_lo_return value=6a88
+#
+# Read Object APDU:
+#
+#op=var_set name=test_apdu_ro_return_enable value=true
+#op=var_set name=test_apdu_ro_return value=6a88
+#
+# Write Buffer APDU:
+#
+#op=var_set name=test_apdu_wb_return_enable value=true
+#op=var_set name=test_apdu_wb_return value=6a88
+#
+# Set PIN APDU:
+#
+#op=var_set name=test_apdu_sp_return_enable value=true
+#op=var_set name=test_apdu_sp_return value=6a88
+#
+# ExtendedLoginRequest Message:
+#
+#op=var_set name=test_msg_el_resp_exclude_uid value=true
+#op=var_set name=test_msg_el_resp_exclude_pwd value=true
+#op=var_set name=test_msg_el_resp_add_invalid_param value=true
+#
+########################################################
+# print original token status
+op=token_set cuid=a00192030405060708c9 msn=01020304 app_ver=6FBBC105 key_info=0101 major_ver=0 minor_ver=0
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+#op=ra_enroll uid=test pwd=password new_pin=password
+op=ra_enroll uid=testuser1 num_threads=1 pwd=netscape new_pin=password 
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/readme.txt b/pki/base/tps/tools/raclient/readme.txt
new file mode 100644
index 000000000..8997544ac
--- /dev/null
+++ b/pki/base/tps/tools/raclient/readme.txt
@@ -0,0 +1,247 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+Overview
+========
+
+tpsclient is a test utility that talks to the TPS
+directly using HTTP protocol.
+
+It is a software-based token. It can be used as a driver
+for stress/scalability testing.
+
+It can be used for the following operations:
+
+  enrollment     - This is for getting a certificate
+                   into the token.
+  pin reset      - This is for changing the token's pin. 
+  format         - This is for formatting the token to 
+                   remove the certificates from the token
+                   and load fresh applets.
+
+Configuration
+=============
+
+The tpsclient utility accepts a test script file. Each script 
+file contains a sequence of operations. Each operation 
+is composed of a set of name value pairs. For example,
+
+  op=var_set name=ra_host value=familiar
+
+It starts with an operation type such as 'op=var_set' and
+follows by a list of parameters as 'name=ra_host value=familiar'.
+
+The currently supported operation types are as follows:
+
+  op=var_list         - list all TPS connection parameters
+  op=var_get          - retrieve the value of a TPS connection parameter
+  op=var_set          - set the value of a TPS conection parameter
+
+  op=exit             - exit this utility
+  op=help             - get more information about each operation
+
+  op=token_status     - list all token parameters
+  op=token_set        - set the value of a token parameter
+
+  op=ra_enroll        - perform an enrollment operation
+  op=ra_reset_pin     - perform a pin reset operation
+  op=ra_format        - perform a format operation
+
+Configuration Examples
+======================
+
+Setup TPS's connection information:
+
+  op=var_set name=ra_host value=familiar
+  op=var_set name=ra_port value=9003
+  op=var_set name=ra_uri value=/nk_service
+
+Setup token's ID, Applet ID, and Key Set Version:
+
+  op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+
+Setup Key Data: (Note that '404142434445464748494a4b4c4d4e4f' is the
+default key created by the manufacturer in the real token)
+
+  op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+  op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+  op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+
+Perform an enrollment operation:
+
+  op=ra_enroll uid=sectest13 pwd=home-boy new_pin=password
+
+Perform a pin reset operation:
+
+  op=ra_reset_pin uid=test pwd=password new_pin=newpassw
+
+Perform a format operation:
+
+  op=ra_format uid=test pwd=password new_pin=newpassw
+
+Print the information inside token:
+
+  op=token_status
+
+Applet Upgrade Example 
+======================
+
+To test applet upgrade, you should first setup TPS to enable
+applet upgrade. Please consult the TPS documentation for those
+details.
+
+You should try to do an enrollment operation with an applet
+version that's different from the one that's configured in
+the TPS's configuration file. For example, you should have 
+the following in the test script.
+
+    op=token_set cuid=18888883333300000004 app_ver=402428AD key_info=0101
+
+This indicates that the token's applet version is currently at 
+40248AD. 
+
+
+After execution, you should see an audit event logged on the
+TPS's audit log file like this,
+
+
+    ...
+    [2004-11-15 16:56:38] 847f220 Enrollment - op='applet_upgrade'
+    app_ver='0.0.402428AD' new_app_ver='1.2.416DA155'
+    ...
+    ...
+    [2004-11-15 16:56:43] 847f220 Enrollment - status='success'
+    app_ver='1.2.416DA155' key_ver='0101' cuid='18888883333300000004'
+    msn='00000000' uid='user1' auth='ldap1' time='7243 msec'
+
+Key Change Over Example
+=======================
+
+To test key change over, you should setup a version 2 master key
+in TKS and enable the key change over feature in TPS. Please
+consult the TPS documentation for details.
+
+You should try to do an enrollment with a version 1 key in the
+token. TPS should change the key in your token to 
+version 2. For example, you should have the following in 
+the test script:
+
+  op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+  op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+  op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+  op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+
+Note 'key_info=0101' indicates a version 1 key set.
+
+After the execution, you should see the following in the output:
+
+  ...
+  Output> cuid : 'a00192030405060708c9' (10 bytes)
+  Output> key_info : '0201' (2 bytes)
+  Output> auth_key : 'a3523ec8c0740b621e18e9cdd99f75fc' (16 bytes)
+  Output> mac_key : '903af964eb7ede26ea189243a5caad9c' (16 bytes)
+  Output> kek_key : '44ef9de3775121a871c152563d9b9860' (16 bytes)
+  ...
+
+'key_info: 0201' indicates that the current key set in the
+token now changed from '0101' to '0201'. And as you noticed, 
+the key data for auth, mac, and kek keys are all different.
+
+If you check the TPS's log, you should see an audit event for
+the key change over operation. 
+
+After this, you should try to enroll with a version 2 keys.
+For example, create a new test script that contains:
+
+  op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0201
+  op=token_set auth_key=a3523ec8c0740b621e18e9cdd99f75fc
+  op=token_set mac_key=903af964eb7ede26ea189243a5caad9c
+  op=token_set kek_key=44ef9de3775121a871c152563d9b9860
+
+Execute this test script, and you should NOT see an audit
+event for key change over. It is because your token already
+has a version 2 key set.
+
+You can also try to key change over from version 2 back to 
+version 1 with appropriate TPS configuration and test 
+script.
+
+Choose a specific profile in TPS
+================================
+
+TPS can be configured to support several profiles like 
+
+  1) devicekey profile  - used to issue only signing certs
+  2) userKey profile - used to issue signing and encryption certs
+
+the tpsclient can be configured to tell TPS to select the right
+profile by adding the following to the op=ra_enroll line in the
+test script
+  
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=userKey
+
+  (OR)
+ 
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=deviceKey
+
+Stress test Example
+===================
+
+tpsclient can be configured to start multiple threads to perform
+enrollment or pin reset or format operations, to stress the TPS
+installation.
+
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=userKey
+
+In the above test script line, the num_threads parameter indicates
+the number of threads that will be started. 
+
+Also , to control the number of operations being performed, the
+following parameter should be set in the test script line.
+
+  op=ra_enroll uid=user1 num_threads=1 pwd=password new_pin=newpassw
+  extensions=tokenType=userKey max_ops=10
+
+max_ops, indicates the number of operations that will be performed
+by all the threads.
+
+
+
+
+Execution
+=========
+
+For Enrollment Operation:
+
+  tpsclient < enroll.test
+
+For Reset Pin Operation:
+
+  tpsclient < reset_pin.test
+
+Note
+====
+
+You may need to setup LD_LIBRARY_PATH (On Linux, and Solaris) to 
+point to the directory where you have NSPR, NSS, TPS shared libraries.
+
diff --git a/pki/base/tps/tools/raclient/reset_pin.tps b/pki/base/tps/tools/raclient/reset_pin.tps
new file mode 100644
index 000000000..1a81fd2a7
--- /dev/null
+++ b/pki/base/tps/tools/raclient/reset_pin.tps
@@ -0,0 +1,42 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests pin reset operation.
+#
+# Execution:
+#    tpsclient < reset_pin.test
+#
+########################################################
+op=var_set name=ra_host value=air
+op=var_set name=ra_port value=8000
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_set cuid=a00192030405060708c9 app_ver=6FBBC105 key_info=0101
+op=token_set auth_key=404142434445464748494a4b4c4d4e4f
+op=token_set mac_key=404142434445464748494a4b4c4d4e4f
+op=token_set kek_key=404142434445464748494a4b4c4d4e4f
+op=token_status
+op=ra_reset_pin uid=test pwd=password num_threads=1 new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/reset_pin1.test b/pki/base/tps/tools/raclient/reset_pin1.test
new file mode 100644
index 000000000..2169e7ce2
--- /dev/null
+++ b/pki/base/tps/tools/raclient/reset_pin1.test
@@ -0,0 +1,40 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests pin reset.
+#
+# Execution:
+#    tpsclient < reset_pin.test
+#
+# This one is failure case. The sectest12 requires securid but
+# the test doesnt provide one. 
+########################################################
+op=var_set name=ra_host value=broom
+op=var_set name=ra_port value=2020
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_status
+op=ra_reset_pin uid=sectest12 pwd=blue77 new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/raclient/reset_pin2.test b/pki/base/tps/tools/raclient/reset_pin2.test
new file mode 100644
index 000000000..77b5d20d2
--- /dev/null
+++ b/pki/base/tps/tools/raclient/reset_pin2.test
@@ -0,0 +1,39 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+########################################################
+# Description:
+#    This data file tests pin reset.
+#
+# Execution:
+#    tpsclient < reset_pin.test
+#
+# This one is success case. The sectest13 does not require securid.
+########################################################
+op=var_set name=ra_host value=broom
+op=var_set name=ra_port value=2020
+op=var_set name=ra_uri value=/nk_service
+op=var_list
+# print original token status
+op=token_status
+op=ra_reset_pin uid=sectest13 pwd=home-boy new_pin=password
+# print changed token status
+op=token_status
+op=exit
diff --git a/pki/base/tps/tools/tus/add.c b/pki/base/tps/tools/tus/add.c
new file mode 100644
index 000000000..f88ae9753
--- /dev/null
+++ b/pki/base/tps/tools/tus/add.c
@@ -0,0 +1,117 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include "nsapi.h"
+
+#include <time.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include "ldap.h"
+
+#include "tus/tus_db.h"
+
+/* Specify the search criteria here. */
+static char *host = "localhost";
+static int  port = 389;
+static char *baseDN    = "ou=Tokens,dc=mcom,dc=com";
+static char *prefix = "0000";
+static char *suffix = "0000";
+static int  start = 1;
+static int  len = 0;
+static char *who = NULL;
+static char *password = NULL;
+static char *token_type = NULL;
+
+
+#define SCOPE LDAP_SCOPE_SUBTREE
+#define FILTER "(cn=*)"
+
+int main (int argc, char **argv)
+{
+    int           i, h, rc;
+    char cn[256];
+    char *errorMsg = NULL;
+
+    if (argc < 9 || argc > 11) {
+        printf ("Usage:\n  %s baseDN prefix suffix start len who password token_type host port", argv[0]);
+        return 1;
+    }
+
+    baseDN = argv[1];
+    prefix = argv[2];
+    suffix = argv[3];
+    start = atoi(argv[4]);
+    len = atoi(argv[5]);
+    who = argv[6];
+    password = argv[7];
+    token_type = argv[8];
+
+    if (argc > 9) {
+        host = argv[9];
+    }
+
+    if (argc > 10) {
+        port = atoi(argv[10]);
+    }
+
+    set_tus_db_baseDN(baseDN);
+    set_tus_db_port(port);
+    set_tus_db_host(host);
+    set_tus_db_bindDN(who);
+    set_tus_db_bindPass(password);
+    rc = tus_db_init(errorMsg);
+    if (rc != LDAP_SUCCESS) {
+        fprintf(stderr, "tus_db_init: (%d) %s\n", rc, errorMsg);
+        return 1;
+    }
+
+    for (i = 0; i < len; i++) {
+        h = start + i;
+        sprintf(cn, "%s%08X%s", prefix, h, suffix);
+        printf ("Adding %s\n", cn);
+
+        rc = add_default_tus_db_entry (NULL, "", cn, "active", "", "", token_type);
+        if (rc != LDAP_SUCCESS) {
+            fprintf( stderr, "ldap_add_ext_s: %s\n", ldap_err2string( rc ) );
+            return 1;
+        }
+    }
+    
+    /* STEP 4: Disconnect from the server. */
+    tus_db_end();
+
+    return( 0 );
+}
diff --git a/pki/base/tps/tools/tus/test.c b/pki/base/tps/tools/tus/test.c
new file mode 100644
index 000000000..a307d1ccc
--- /dev/null
+++ b/pki/base/tps/tools/tus/test.c
@@ -0,0 +1,117 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ * 
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ * 
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor,
+ * Boston, MA  02110-1301  USA 
+ * 
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+#ifdef HAVE_CONFIG_H
+#ifndef AUTOTOOLS_CONFIG_H
+#define AUTOTOOLS_CONFIG_H
+
+/* Eliminate warnings when using Autotools */
+#undef PACKAGE_BUGREPORT
+#undef PACKAGE_NAME
+#undef PACKAGE_STRING
+#undef PACKAGE_TARNAME
+#undef PACKAGE_VERSION
+
+#include <config.h>
+#endif /* AUTOTOOLS_CONFIG_H */
+#endif /* HAVE_CONFIG_H */
+
+#include <stdio.h>
+#include "ldap.h"
+#include "ldappr.h"
+
+/* Specify the search criteria here. */
+#define HOSTNAME "localhost"
+#define PORTNUMBER 389
+#define BASEDN "ou=Tokens,dc=mcom,dc=com"
+#define SCOPE LDAP_SCOPE_SUBTREE
+#define FILTER "(cn=*)"
+
+int
+main( int argc, char **argv )
+{
+  char ldapuri[1024];
+  LDAP          *ld;
+  LDAPMessage   *result = NULL, *e;
+  char          *dn = NULL;
+  int           version, rc;
+  /* Print out an informational message. */
+  printf( "Connecting to host %s at port %d...\n\n", HOSTNAME,
+    PORTNUMBER );
+
+  /* STEP 1: Get a handle to an LDAP connection and
+    set any session preferences. */
+  snprintf(ldapuri, 1024, "ldap://%s:%i", HOSTNAME, PORTNUMBER);
+  rc = ldap_initialize(&ld, ldapuri);
+
+  if ( ld == NULL ) {
+    perror( "ldap_initialize" );
+    return( 1 );
+  }
+
+  /* Use the LDAP_OPT_PROTOCOL_VERSION session preference to specify
+    that the client is an LDAPv3 client. */
+  version = LDAP_VERSION3;
+  ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version );
+
+  /* STEP 2: Bind to the server.
+    In this example, the client binds anonymously to the server
+    (no DN or credentials are specified). */
+  rc = ldap_sasl_bind_s(ld, NULL, LDAP_SASL_SIMPLE, NULL, NULL, NULL, NULL);
+  if ( rc != LDAP_SUCCESS ) {
+    fprintf(stderr, "ldap_simple_bind_s: %s\n", ldap_err2string(rc));
+    return( 1 );
+  }
+  
+  /* Print out an informational message. */
+  printf( "Searching the directory for entries\n"
+    " starting from the base DN %s\n"
+    " within the scope %d\n"
+    " matching the search filter %s...\n\n",
+    BASEDN, SCOPE, FILTER );
+
+  /* STEP 3: Perform the LDAP operations.
+    In this example, a simple search operation is performed.
+    The client iterates through each of the entries returned and
+    prints out the DN of each entry. */
+  rc = ldap_search_ext_s( ld, BASEDN, SCOPE, FILTER, NULL, 0,
+    NULL, NULL, NULL, 0, &result );
+  if ( rc != LDAP_SUCCESS ) {
+    fprintf(stderr, "ldap_search_ext_s: %s\n", ldap_err2string(rc));
+    return( 1 );
+  }
+  for ( e = ldap_first_entry( ld, result ); e != NULL;
+   e = ldap_next_entry( ld, e ) ) {
+    if ( (dn = ldap_get_dn( ld, e )) != NULL ) {
+      printf( "dn: %s\n", dn );
+      ldap_memfree( dn );
+      dn = NULL;
+    }
+  }
+  if( result != NULL ) {
+      ldap_msgfree( result );
+      result = NULL;
+  }
+
+  /* STEP 4: Disconnect from the server. */
+  ldap_unbind_ext_s( ld, NULL, NULL );
+  return( 0 );
+}
diff --git a/pki/base/tps/ui/perl/Velocity.pm b/pki/base/tps/ui/perl/Velocity.pm
new file mode 100755
index 000000000..f5f45431f
--- /dev/null
+++ b/pki/base/tps/ui/perl/Velocity.pm
@@ -0,0 +1,1047 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+
+use strict;
+
+package Template::Velocity::Executor;
+sub new;
+
+package Template::Velocity;
+
+
+# The Template::Velocity package implements a Template execution
+# engine similar to the Java Velocity package.
+
+use Parse::RecDescent;
+use Data::Dumper;
+
+
+$Template::Velocity::parser;
+
+my $docroot="docroot";
+my %parsetrees = ();
+my $debugflag = 0;
+
+
+#GRAMMAR defined here
+
+my $vmgrammar = q{
+
+	{
+			use Data::Dumper;
+			sub Dumper
+			{
+				$::debugdumper = undef;
+				if ($::debugflag && $::debugdumper ) { return Data::Dumper(@_); }
+				else {""};
+			}
+
+	}
+	
+
+# Template is the top-level object
+	template: <skip:'[ \t]*'> section(s) /\Z/
+
+	section: blockdirective
+		   | nonblockdirective
+		   | plainline 
+
+	blockdirective: ifblock
+				  | foreachblock
+
+	plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n*/
+
+	HASH: '#'
+
+# HMM - this doesn't handle multiple variables on one line?
+	linecomp: variable 
+	        | <skip:'[ \t]*'> /[^\$\n]*/
+
+	nonblockdirective: '#' 'include' <commit> includeargs /\n*/ {  $item[4] ; }
+					 | '#' 'parse'   <commit> parseargs   /\n*/ {  $item[4] ; }
+					 | '#' 'set'     <commit> setargs     /\n*/ {  $item[4] ; }
+ 					 | <error:unknown command $text>
+
+
+	ifblock: ifdirective section(s) elseclause(?) enddirective 
+
+
+# this bubbles up the result of the expression inside the if()
+# which is from the 'ifargs' rule
+ 	ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+
+ 	enddirective: <skip:'[ \t]*'> '#' 'end' "\n"
+
+	elseclause: elsedirective section(s) 
+
+ 	elsedirective: '#' 'else' "\n"
+
+	foreachblock: foreachdirective section(s) enddirective
+
+ 	foreachdirective: '#' 'foreach' foreachargs "\n"
+
+   ifargs:        '(' expression ')' 
+			| <error:Argument to if must be an expression: $text>
+
+   foreachargs:   '(' variablename 'in' variable ')'
+			|  <error:Arguments to 'foreach' must be of form \$a in \$b: $text>
+
+   includeargs:   '(' string ')'
+			|  <error:invalid argument to include: $text>
+
+   parseargs:   '(' expression ')'
+			|  <error:invalid argument to parsearges: $text>
+
+
+   setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+			|  <error:Argument to set must be an assignment : $text>
+
+
+# expression evaluation
+
+# this goes roughly in order of precendence:
+#   ==
+#   &&, ||
+#   +, -
+#   *
+#   !
+
+# does not properly distinguish between lvalues and rvalues
+
+
+    expression: boolean
+			  | <error>
+
+
+    assignment: variablename '=' boolean 
+
+    boolean:    equality (boolean_operator equality)(?)
+
+	boolean_operator:     ( '&&' | '||' )
+
+	equality:   summation (equality_operator summation)(?)
+			
+
+	equality_operator:    ( '==' | '!=' )
+
+    summation:   product (summation_operator summation)(?)
+
+	summation_operator:   ( '+' | '-' )
+
+
+# must parenthesize operator '*' to get it to appear in the $item array
+
+    product:   negation ('*' product)(?)
+
+#XXX need to implement
+	negation:   notoperator(?) factor 
+
+	notoperator: "!"
+
+    factor:      number
+		|        string
+        |        variable
+
+
+
+#  These rules deal with variables
+#  handles $process
+#          $file.executablename
+#          $process.getpid()
+#          $person.getparent().getbrother().slap()
+#          $fred.getchildren()
+
+#   You'd make a dependency on the 'variable' rule if you want the value
+#   of the variable.
+#   You'd make a dependency on the 'variablename' rule if you want the
+#   name of the variable.
+#   (There's no real difference here - the expression evaluation is
+#   in the variable() subroutine)
+
+	variable:  variablename { ["variable", $item[1][1] ]; }
+
+	variablename: '$' identifier subfield(s?)
+		{
+			my $variableinfo = { 
+					top    => $item{identifier}, 
+					fields => $item{'subfield(s?)'}
+				};
+   			$return = [ "variablename", \$variableinfo ];
+		}
+
+	subfield:     '.' identifier arglist(?)
+		{
+			my $d;
+			my $a = $item{"arglist(?)"};
+			my $args;
+			
+			#::debug "arglist = ".Dumper($a)."\n";
+			if ($a) {
+
+				my ($argcount, $al, $alpresent);
+			
+				#$args = @{$a}->[2];
+				$args = $a->[0][2];
+				#::debug "arglist args=".Dumper($args)."\n";
+				$alpresent = $args;
+				$argcount = $#$args;
+				if ($alpresent && $argcount == -1) {
+					$args->[0] = [ ];
+				}
+			}
+
+			#::debug "arglist identifier=".$item{identifier}."\n";
+			$return = [ "subfield", { 
+					fieldname => $item{identifier},
+					arglist   => $args->[0],
+					} ];
+		}
+
+	arglist:      '(' list(?) ')'
+
+    list:         expression (',' list)(s?)
+	
+
+# Basic data types
+# identifiers, numbers and strings
+
+	identifier:  /[A-Za-z0-9_]+/ { $item[1]; }
+
+    number: /\d+/   {$item[1]; }
+
+	#XXX skip is all wrong here... should be in []
+    string:   <skip:'[ \t]'>   '"' <skip:""> /[^"]*/ '"' { $return = ["string",$item[4]]; }
+          |   <skip:'[ \t]'>   "'" <skip:""> /[^']*/ "'" { $return = ["string",$item[4]]; }
+
+
+# other literals
+	whitespace:  /\s*/
+
+  
+};
+
+
+# Get a parser object (transforming the built-in text grammar into RecDescent
+# data structure). This object can be reused for parsing multiple velocity files
+sub new
+{
+	#$::debugflag = 0;
+	my $class = shift;
+	$docroot = shift;
+	undef $::RD_HINT;
+	undef $::RD_WARN;
+	#$::RD_TRACE = 1;
+	my $parser = new Parse::RecDescent($vmgrammar) or die "Bad Grammar\n"; 
+	$Data::Dumper::Maxdepth = 1;;
+	my $self = {};
+	$self->{parser} = $parser;
+	# ugly - :-(
+	$Template::Velocity::parser = $parser;
+	bless $self, $class;
+	return $self;
+}
+
+
+# Execute a template.  Given a text string and a parser object, will return
+# a parse tree, useful for feeding into the executor.
+sub execute_string
+{
+	my $self = shift;
+	my $string = shift;
+	my $rule = shift;
+	if (! $rule ) { $rule = "template"; }
+	#print Dumper($self);
+
+	my $parser = $self->{parser};
+	my $parsetree = $parser->$rule($string);
+	my $executor = new Template::Velocity::Executor($parsetree, $parser );
+	
+	my @value = $executor->run();
+	#my @value = Template::Velocity::Executor::execute($parsetree, $parser);
+	my $value = shift @value;
+	return $value;
+}
+
+
+sub execute_file
+{
+
+	my $self = shift;
+	my $filename = shift;
+
+	my $parser = $self->{parser};
+
+	my $rule;
+	my $tree = $parsetrees{$filename};
+
+	if (! $tree) {
+		$rule = "template";
+		open my $fh, "<$docroot/$filename" or return undef;
+		my $string = join "",<$fh>;
+		close $fh;
+		$tree = $parser->$rule($string);
+		$parsetrees{$filename} = $tree;
+	}
+	
+	my $executor = new Template::Velocity::Executor($tree, $parser );
+
+	my @value = $executor->run();
+	my $value = shift @value;
+	return $value;
+	
+
+}
+
+
+
+
+
+
+
+
+sub Dumper
+{
+ return "";
+ if ($::debugflag && $::debugdumper) { 
+	return Data::Dumper->Dump([@_]); 
+ }
+ else {""};
+}
+
+
+
+
+# This autoaction returns an array of each parse element
+# The net result is a parse tree
+# I couldn't use <autotree> because I wanted to preserve
+# the order of the elements, and <autotree> returns a
+# hashtable, not an array
+
+$::RD_AUTOACTION = q{
+   [@item];
+};
+
+# debug flags set here
+
+
+
+
+
+
+#########   EXECUTE FUNCTIONS
+
+
+# These functions deal with executing the velocity parse tree
+{
+	package Template::Velocity::Executor::Rules;
+	use Data::Dumper;
+
+	# this imports symbols from these other packages, so
+    # we don't have to always use the fully-qualified names
+	*exe_all      = \&Template::Velocity::Executor::exe_all;
+	*exe_optional = \&Template::Velocity::Executor::exe_optional;
+	*execute      = \&Template::Velocity::Executor::execute;
+	*debug        = \&Template::Velocity::Executor::debug;
+	*indent       = \&Template::Velocity::Executor::indent;
+	*deindent     = \&Template::Velocity::Executor::deindent;
+	*docroot      = \&Template::Velocity::docroot;
+
+	sub Dumper
+	{
+		return "";
+ 		if ($::debugflag && $::debugdumper) { return Dumper(@_); }
+ 		else {""};
+	}
+
+	#template: <skip:'[ \t]*'> section(s) /\Z/
+	sub template {
+		my $f = "template";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		debug ("sections is a: ".(ref $sections)." - it should be an array\n");
+		my $r= ( join "", @{$item[2]});
+		return $r;
+	}
+	
+
+	#linecomp: variable 
+	#        | <skip:'[ \t]*'> /[^\$\n]*/
+	sub linecomp {
+		my $item;
+		debug ("linecomp: _[2] = '".$_[2]."'\n");
+		if ($_[2]) {
+			debug ("linecomp: inside if\n");
+			$item = $_[1].$_[2];
+		} else {
+			debug ("linecomp: inside else{\n");
+			($item) = exe_all($_[1]);
+			debug ("linecomp: end of else}\n");
+			debug ("linecomp: item =\n".Dumper($item)."\n");
+		}
+		debug ("linecomp: returning $item\n");
+		return $item;
+	}
+
+	# plainline : <skip:''> /[ \t]*/ ...!'#' linecomp(s?) /\n+/
+	sub plainline {
+		my @item = exe_all(@_);
+		debug ("$::level in plainline - linecomps should be an array of text: .".Dumper($item[4])."\n");
+		my $r = join "", @{$item[4]};
+		debug ("$::level in plainline - joined as: $r\n");
+		$r = $item[2] . $r. $item[5];
+		debug ("$::level in plainline - returning : $r\n");
+		return $r;
+	}
+
+	sub expression {
+		debug ("$::level expression  = ".Dumper($_[1])."\n");
+		my ($item) = exe_all($_[1]);
+		debug ("$::level expression returning $item\n");
+		return $item;
+	}
+
+	#foreachblock: foreachdirective section(s) enddirective
+	sub foreachblock {
+		my $f = "foreachblock";
+		debug ("$::level $f started!\n");
+		my ($directive)  = exe_all($_[1]);
+		debug ("$::level $f directive = \n".Dumper($directive)."\n");
+		my ($variable, $list) = @{$directive};
+		my $variablename = $$variable->{top};
+		debug ("$::level $f variable = $variablename\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+
+		my $result = "";
+		foreach my $q (@{$list}) {
+			debug ("$::level $f q=$q\n");
+			$::symbol{$variablename} = $q;
+			debug ("$::level $f setting variable $variablename = $q\n");
+			
+			my ($sections)  = exe_all($_[2]);
+			debug ("$::level $f sections was: ".Dumper($sections)."\n");
+			$result .= join "",@{$sections};
+		}
+		return $result;
+	}
+
+ 	#foreachdirective: '#' 'foreach' foreachargs "\n"
+	sub foreachdirective {
+		my ($item) = exe_all($_[3]);
+		return $item;
+	}
+
+    #foreachargs:   '(' variablename 'in' expression ')'
+	sub foreachargs {
+		my $f = "foreachargs";
+		my ($variable, $list) = exe_all($_[2], $_[4]);
+		debug ("$::level $f variable = \n".Dumper($variable)."\n");
+		debug ("$::level $f list = \n".Dumper($list)."\n");
+		return [$variable, $list];
+	}
+
+	# XXX if block should only execute section(s) if if arg is positve)
+	# likewise for else
+	#ifblock: ifdirective section(s) elseclause(?) enddirective 
+	sub ifblock {
+		my $f = "ifblock";
+		my @item = exe_all(@_);
+		debug ("$::level $f - sections should be an array of text: .".Dumper($item[2])."\n");
+		my $sections = $item[2];
+		my $else = $item[3];
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		debug ("$::level   item1: if expression = ".$item[1]."\n");
+		debug ("$::level $f elseclause is a: ".(ref $else)." - it should be an scalar\n");
+		my $r= ( 
+				$item[1]>0 ?                           # if expression
+					(join "", @{$item[2]}) : 
+					($item[3] ? join "",@{$item[3]} : "")
+			   );
+		# this is not quite right ... elseclause returns a scalar (it joins the sections)
+		# so why do I have to join again here? possibly because it's a '?'
+		return $r;
+	}
+
+	#elseclause: elsedirective section(s) 
+	sub elseclause {
+		my $f = "elseclause";
+		my ($sections) = exe_all($_[2]);
+		debug ("$::level $f sections is a: ".(ref $sections)." - it should be an array\n");
+		my $return = join "", @{$sections};
+		debug ("$::level $f returning: $return\n");
+		return $return;
+	}
+
+	sub ifargs {
+		debug ("$::level ifargs [2] = ".Dumper($_[2])."\n");
+		my ($item) = exe_all($_[2]);
+		debug ("$::level item  = ".Dumper($item)."\n");
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifargs returning $r\n");
+		return $r;
+	}
+
+ 	#ifdirective: '#' 'if' <skip:'[ \t]*'> ifargs /\n/  
+	sub ifdirective {
+		my ($item) = exe_all($_[4]);
+		my $r = $item>0 ? 1 : 0;  
+		debug ("$::level ifdirective returning $r\n");
+		return $r;
+	}
+
+    #boolean:    equality (boolean_operator equality)(?)
+	sub boolean {
+		my $f = "boolean";
+		my ($equality, $alt) = ( execute($_[1]), $_[2]);
+		my $r = $equality;
+		if (scalar @$alt) {
+			my ($op, $equality2) = exe_optional($alt, 1,2);
+
+			if ($op eq '&&') { 
+				$r = $equality && $equality2;
+			}
+			if ($op eq '||') {
+				$r = $equality || $equality2;
+			}
+		}
+
+		return $r;
+	}
+
+
+    #summation:   product (summation_operator summation)(?)
+	sub summation {
+		#my @item = exe_all(@_);
+		my $f = "summation";
+		my ($product, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f - product = $product, alternation = $alt\n");
+		debug("$::level $f - alternation = \n".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $summation) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $summation) = exe_optional($alt, 1,2);
+
+			if ($operator eq '+') { return $product + $summation;
+			} else { return $product - $summation; }
+		} else {
+			return $product;
+		}
+	}
+
+	
+
+	#equality:   summation (equality_operator summation)(?)
+	sub equality {
+		my $f = "equality";
+		my ($summation, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($operator, $summation2) = exe_optional($alt, 1,2);
+
+			# string comparison used, so (0.0) is NOT equal to (0)
+			if ($operator eq '==') { return ($summation eq $summation2) ? 1:0; }
+			else { return ($summation eq $summation2) ? 0:1; }
+		} else {
+			return $summation;
+		}
+	}
+
+
+	sub product {
+		my $f = "product";
+		my ($negation, $alt) = ( execute($_[1]), $_[2]);
+		debug("$::level $f negation = $negation, alternation = $alt\n");
+		debug("$::level $f - alternation = ".Dumper($alt)."\n");
+
+		if (scalar @$alt) {
+			if (0) {
+			debug("$::level $f - alt1= \n".Dumper($alt->[0][1])."\n");
+			debug("$::level $f - alt2= \n".Dumper($alt->[0][2])."\n");
+			my ($operator, $product) = ( execute($alt->[0][1]), execute($alt->[0][2]),);
+			}
+			my ($operator, $product) = exe_optional($alt,1,2);
+			return ($negation * $product);
+		} else {
+			return $negation;
+		}
+	}
+
+	sub factor {
+		my ($value) = exe_all($_[1]);
+		return $value;
+	}
+
+	#negation:   notoperator(?) factor 
+	sub negation {
+		debug ("$::level in negation... input = ".(join ",",@_)."\n");
+		#my @item = exe_all(@_);
+		my ($alt, $value) = ( $_[1], execute($_[2]) );
+		debug ("$::level negation: alternation= $alt\n");
+		debug ("$::level negation: value = $value\n");
+		my $operator = execute($alt->[0][1]);
+
+		my $r;
+		if ($operator && $operator eq '!') {
+			if ($value ) { $r = 0; }
+			else { $r = 1; }
+			debug ("$::level negation: inverting\n");
+		} else {
+			debug ("$::level negation: not inverting\n");
+			$r = $value;
+		}
+		debug ("$::level negation: returning $r\n");
+		return $r;
+	}
+
+   #setargs:   <skip:'[ \t]*'>  '(' assignment ')'  
+	sub setargs {
+		my $f = "setargs";
+		my ($args) = exe_all($_[3]);
+		debug("$::level $f args = \n".Dumper($args)."\n");
+		my ($variable, $value) = @{$args};
+		debug("$::level $f variable type =".(ref $variable)."\n");
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $symbolname = $$variable->{top};
+		debug("$::level $f setting variable '$symbolname' = $value\n");
+		$::symbol{$symbolname} = $value;
+		return "";
+	}
+
+    #assignment: variablename '=' boolean 
+	sub assignment { 
+		my $f = "assignment";
+		my ($variable, $value) = exe_all($_[1],$_[3]);
+		debug("$::level $f variable = \n".Dumper($variable)."\n");
+		my $r = [ $variable, $value ];
+		debug("$::level $f returning: \n".Dumper($r)."\n");
+		return $r;
+	}
+
+   	#includeargs:   '(' string ')'
+	sub includeargs {
+		my $f = "includeargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("including file: $filename\n");
+		open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		my $file = join "", <$fh>;
+		close FILE;
+		
+		return $file;
+	}
+
+	sub parseargs {
+		my $f = "parseargs";
+		my ($filename ) = execute($_[2]);
+
+		debug("parsing file: $filename\n");
+		open my $fh, "<$docroot/$filename" or return "filenotfound $docroot/$filename!\n";
+		my $file = join "", <$fh>;
+		close FILE;
+
+		#$result = $parser->template($string);
+		my $parsetree = $Template::Velocity::parser->template($file);
+		my @value = execute($parsetree);
+		my $value = shift @value;
+		
+		return $value;
+	}
+
+# variables
+
+# variables
+# this rule converts a variable name/identifier into its value
+# $main.subfield(argument1,argument2).subfield2(arg1,arg2)
+# There are two data structures at work here.
+#  1. the data structure specifying the variable name to be queried
+# this represents  $a.b.c(100,9,5,4)
+#{
+# 'top' => 'a'
+# 'fields' => [
+#   { 'fieldname' => 'b', 'arglist' => undef },
+#   { 'fieldname' => 'c', 'arglist' => [ '100', 9, 5, '4', ], }
+#   ],
+#}
+#  2. Data structure specifying the symbol table
+
+# return value could be:
+#  a scalar: either a string/number value or reference to an array of values
+#  an array
+ 
+	sub  variable {
+# look up the root object in the symbol table
+		my $f = "variable";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		debug("$::level $f var=\n".Dumper($var)."\n");
+# $$var works with # 27:   '#set (\$a=1+3)\n\$a\n'
+#0  REF(0x8fa0510)
+#   -> HASH(0x8fa1454)
+#        'fields' => ARRAY(0x8fa8c08)
+#            empty array
+#        'top' => 'a'
+
+# $var works with # 25:   '$employee.add(100,4+5,2+3,4,4,5,6)'
+#DB<2> x $var
+#0  HASH(0x9c7a340)
+#  'fields' => ARRAY(0xa06e7d8)
+#  0  ARRAY(0xa06e9ac)
+#     0  'subfield'
+#     1  HASH(0xa06e880)
+#        'arglist' => ARRAY(0xa074184)
+
+		my $top    = $$var->{top};    # name of the root object
+			debug("$::level $f top=\n".Dumper($top)."\n");
+		my $fields  = $$var->{fields}; # array of the subidentifiers
+			my $val    = "";
+
+		debug("$::level $f - top_id = $top\n");
+		debug("$::level $f : var: \n".Dumper($var)."\n");
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+
+
+		debug("$::level $f : top = ".$top."\n");
+		if (! defined $::symbol{$top} ) {
+# XXX
+			debug ("symbol table = ",(join ",",sort keys %::symbol)."\n");
+			debug ("undefined variable: $top\n");
+			return 0;
+		}
+		debug("$::level $f symbol table: \n".Dumper(\%::symbol)."\n");
+		$val = $::symbol{$top};
+		debug("$::level $f val before: \n".Dumper($val)."\n");
+
+		debug("$::level $f - fields = \n".Dumper($fields)."\n");
+		my $pass = 1;
+		foreach my $field (@$fields) {
+			my $args;
+
+			my ($fieldname, $values);
+			{
+				debug("$::level $f pass $pass \@_=\n".Dumper(\@_)."\n");
+				debug("$::level $f before strip field = \n".Dumper($field)."\n");
+#shift @$fn;   # 'subfield' string
+#$fn = $fn->[0];
+#$fn = [ (@{$fn}) ];
+#shift @$fn;
+				debug("$::level $f after strip fn = \n".Dumper($field)."\n");
+
+				$fieldname = $field->[1]->{fieldname};
+				debug("$::level $f processing field: $fieldname\n");
+				$args= $field->[1]->{arglist};
+
+
+# convert the argument list (which could be expressions, other
+# variables, etc) into raw values
+				if ($args) {
+					debug("$::level $f executing $fieldname with args:\n".Dumper($args)."\n");
+					($values) = execute($args);
+					debug("$::level $f returned values:\n".Dumper($values)."\n");
+				}
+			}
+
+			debug("$::level $f after execute, \@_=\n".Dumper(\@_)."\n");
+
+#call the function
+			if (ref $val) {
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				debug("$::level $f : inside loop(before) {\n".Dumper($val)."\n");
+				if ($args) {
+					debug("$::level $f: function call\n");
+#$val = $$val->$fieldname ($args);    # method call
+					my $func = $val->{$fieldname};    # method call
+					debug("$::level $f: $fieldname func=\n ".Dumper($func)."\n");
+					no strict;
+					$val = &$func($val, @$values);
+					debug("$::level $f: $fieldname result=$val\n");
+					debug("$::level $f: $fieldname result=\n".Dumper($val)."\n");
+
+				} else {
+					&::debug("$::level $f: plain field access\n");
+					if (ref $val eq "REF") {
+						$val = $$val->{$fieldname};  # field access
+					} else {
+						$val = $val->{$fieldname};  # field access
+					}
+				}
+				debug("$::level $f } inside loop(after val retrieval) val=\n".Dumper($val)."\n");
+			} 
+			$pass++;
+
+		}
+
+		return $val;
+	}
+
+	#$return = [ "variablename", \$variableinfo ];
+	sub  variablename {
+		my $f = "variablename";
+		debug("$::level $f: input\n".Dumper(\@_)."\n");
+		my $var    = $_[1];
+		return $var;
+	}
+
+	#arglist:      '(' list(?) ')'
+	sub arglist {
+		my ($list) = exe_all($_[2]);
+		debug("$::level list: ".Dumper($list)."\n");
+		if ($list) {
+			my $ll = $list->[0];
+			debug("$::level ll \n".Dumper($ll)."\n");
+			debug("$::level \$\$list: \n");
+			return $ll;
+		}
+		return undef;
+	}
+
+    #list:         expression (',' list)(s?)
+	sub list {
+		my ($expr, $alt) = ( execute($_[1]), $_[2] );
+
+		if (scalar @$alt) {
+			my ($list) = exe_optional($alt, 2);
+
+			debug("$::level list: expr: $expr\n");
+			debug("$::level list: list: $list\n:");
+			debug("$::level list ".Dumper($list)."\n");
+			my $r = [ $expr, (@$list) ];
+			return $r;
+		}
+		debug("$::level returning simple expression: $expr\n:");
+		return [$expr];
+	}
+
+	
+
+	sub _default {
+		debug ("$::level default rule {\n");
+		indent();
+		debug ("$::level parsing parameters\n");
+		my @item = exe_all(@_);
+		debug ("$::level default rule - last item in array is: ".$item[$#item]."\n");
+		my $r = join "",@item[1..$#item];
+		debug ("$::level default rule - returning: $r\n");
+		deindent();
+		debug ("$::level }\n");
+		return $r;
+
+	}
+
+
+}
+
+
+package Template::Velocity::Executor;
+
+use Data::Dumper;
+
+
+
+sub new
+{
+	my $class = shift;
+
+	my $parsetree = shift;
+	my $parser    = shift;
+
+	my $self = {};
+	$self->{parser} = $parser;
+	$self->{parsetree} = $parsetree;
+	bless $self, $class;
+	return $self;
+}
+
+
+sub run {
+	my $self = shift;
+
+	return (execute($self->{parsetree}));
+}
+
+
+
+my $level = " ";
+
+sub debug {
+	if ($::debugflag) {
+		print @_;
+	}
+}
+
+# This basically all works calling execute($parsetree).
+# Execute will look the Parsetree, which is built by a special autoaction
+#
+# It will call top-down, into functions called 'Executor::XXX', (where XXX is
+# the name of the production)
+#
+# Additional trees, representing child productions, will be passed in
+# as arguments to the Executor::XXX function. These arguments be processed
+# before the Executor::XXX function can proceed.
+#
+# If no such function is present, Executor:_default will be run
+# 
+# To process the arguments, use this in the Executor function:
+#     my @item = exe(@_);
+# Which will give you an @item array similar to that in the RD rules, one
+# exception being that productions which return arrays are flattened into
+# the @item array. (bad idea?)
+# 
+
+
+
+# executes a parsetree (gotten as a result of calling recdescent $parser->rule()
+# and returns the string value of the result.
+
+sub Dumper {
+ "";
+}
+
+sub execute {
+		my $result;
+		my $tree = shift;   # a reference to a tree is passed in
+		debug "$level execute: {\n";	
+		indent();
+		debug ("$level tree = \n".Dumper($tree)."\n");
+
+# there are 3 possible things this tree could be:
+
+# 1 a scalar .. in which case this rule represents a literal, and the
+#              the literal is just returned
+#
+# 2 an array of the form (array, ...)   - in which case this is the result of a production
+#                                         which returned an array of trees. This happens
+#                                         if you specify (s), (?), etc, in a production.
+# 3 an array of the form (scalar, ...)  - in which case this refers to a subrule
+# 
+
+# case 1...
+		my $type = ref $tree;
+		if ($type) {
+			debug "\n$level tree type: ".(ref $tree)." \n";
+		} else {
+			debug "\n$level tree type: scalar \n";
+		}
+		if ($type ne "ARRAY") {
+			debug "$level   returning literal: '$tree'\n";
+			deindent();
+			debug "$level }\n\n";
+			return $tree;
+		}
+
+		my @result;
+
+# if this tree is the result of a auto-generated rule (e.g. alternation)
+# then tree[0] is not a name.. it is an array. just call the default action with
+# the arguments
+
+		my $rule = @{$tree}->[0];   # rule name is first
+
+		if ($rule && ref $rule eq "ARRAY") {    # case 2
+			debug "$level element[0] is an array (case 2) \n";
+			debug "$level contents of input: \n".Dumper(\@{$tree})."\n";
+			#@result = exe(@{$rule});
+			debug "$level running exe on the array..\n";
+		# not sure about this...
+			@result = (exe_all(@{$tree}));
+			debug "$level contents of output: \n".Dumper(\@result)."\n";
+			#shift @result;   # get rid of function name
+			$result = \@result;
+			
+		} else {                                # case 3
+			my @args = @{$tree};
+
+			debug "$level rule is a function to execute (case 3): '$rule'\n";
+			indent();
+			my $qr = "Template::Velocity::Executor::Rules::$rule";
+			if (defined &$qr) {
+				no strict ;
+				$result = (&$qr(@args));
+			} else {
+				debug "$level no function defined for: '$rule' - calling default action\n";
+				$result = Template::Velocity::Executor::Rules::_default(@args);
+			}
+		}
+		deindent();
+		debug "$level function: $rule returned=\n".Dumper($result)."\n";
+
+		debug "$level }\n";
+		return $result;
+
+		}
+
+# these hold and set the current indent level. It's only used for nested debug messages
+sub indent {
+	$level .= "  ";
+	$Data::Dumper::Pad = $level."  ";
+}
+sub deindent {
+	$level = substr ($level,0,-2);
+	$Data::Dumper::Pad = $level."  ";
+}
+
+
+sub exe_optional {
+	my @r;
+	my $f = shift;
+	foreach my $q (@_) {
+		debug("$level: getting arg# $q\n");
+		push @r, execute($f->[0][$q]);
+	}
+	return @r;
+}
+
+# exe: for each argument, run the 'execute' function
+#
+
+sub exe_all {
+	my $d = $Data::Dumper::Maxdepth;
+	$Data::Dumper::Maxdepth = 9;
+	debug "\n$level exe_all (".$_[0].") arguments: {\n".Dumper(\@_)." \n";
+	my @r;
+	indent();
+
+	foreach my $i (@_) {
+		push @r, execute($i);
+	}
+	deindent();
+	debug "$level exe_all: returning: \n".Dumper(\@r)."$level}\n\n";
+	$Data::Dumper::Maxdepth = $d;
+	return @r;
+}
+
+
+
+
+
+#package PKI::TPS::GlobalVar;
+
+#sub new { my $self = {}; bless $self; return $self; }
+
+
+1;
+
diff --git a/pki/base/tps/wrappers/tpsclient.in b/pki/base/tps/wrappers/tpsclient.in
new file mode 100755
index 000000000..5f2f6b3f5
--- /dev/null
+++ b/pki/base/tps/wrappers/tpsclient.in
@@ -0,0 +1,78 @@
+#!/bin/sh
+# --- BEGIN COPYRIGHT BLOCK ---
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation;
+# version 2.1 of the License.
+# 
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# Lesser General Public License for more details.
+# 
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor,
+# Boston, MA  02110-1301  USA 
+# 
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+ 
+
+###############################################################################
+##  (1) Specify variables used by this script.                               ##
+###############################################################################
+
+LIB_DIR=@nss_libdir@:@nspr_libdir@:@ldapsdk_libdir@:@sasl_libdir@
+BIN_DIR=@libexecdir@
+COMMAND=tpsclient
+
+
+###############################################################################
+##  (2) Set the LD_LIBRARY_PATH environment variable to determine the        ##
+##      search order this command wrapper uses to find shared libraries.     ##
+###############################################################################
+
+LD_LIBRARY_PATH=${LIB_DIR}
+export LD_LIBRARY_PATH
+
+
+###############################################################################
+##  (3) Set the PATH environment variable to determine the search            ##
+##      order this command wrapper uses to find binary executables.          ##
+##                                                                           ##
+##      NOTE:  Since the wrappers themselves are ALWAYS located in           ##
+##             "/usr/bin", this directory will always be excluded            ##
+##             from the search path.  Since "/bin" is nothing more           ##
+##             than a symbolic link to "/usr/bin" on Solaris, this           ##
+##             directory will also always be excluded from the search        ##
+##             path on this platform.                                        ##
+###############################################################################
+
+PATH=${BIN_DIR}
+export PATH
+
+
+###############################################################################
+##  (4) Execute the binary executable specified by this command wrapper      ##
+##      based upon the preset LD_LIBRARY_PATH and PATH environment variables.##
+###############################################################################
+
+ORIGINAL_IFS=${IFS}
+IFS=:
+
+for dir in ${PATH}
+do
+	if [ -x ${dir}/${COMMAND} ]
+	then
+		IFS=${ORIGINAL_IFS}
+		${dir}/${COMMAND} "$@"
+		exit $?
+	fi
+done
+
+echo "Unable to find \"${COMMAND}\" in \"${PATH}\"!"
+
+exit 255
+
author	mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-10-04 01:17:41 +0000
committer	mharmsen <mharmsen@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2011-10-04 01:17:41 +0000
commit	a4682ceae6774956461edd03b2485bbacea445f4 (patch)
tree	94c475a125441da63101738220ce3972cf37db61 /pki/base/tps
parent	0c775428675d2cb1be9551f84e6b741ca813f77e (diff)
download	pki-a4682ceae6774956461edd03b2485bbacea445f4.tar.gz pki-a4682ceae6774956461edd03b2485bbacea445f4.tar.xz pki-a4682ceae6774956461edd03b2485bbacea445f4.zip