diff options
-rw-r--r-- | .classpath | 2 | ||||
-rw-r--r-- | base/CMakeLists.txt | 1 | ||||
-rw-r--r-- | base/ra/CMakeLists.txt | 2 | ||||
-rw-r--r-- | base/ra/doc/CMakeLists.txt (renamed from base/ra/shared/conf/CMakeLists.txt) | 0 | ||||
-rw-r--r-- | base/ra/doc/CS.cfg.in (renamed from base/ra/shared/conf/CS.cfg.in) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/CMakeLists.txt | 67 | ||||
-rw-r--r-- | base/tps-tomcat/LICENSE | 469 | ||||
-rw-r--r-- | base/tps-tomcat/setup/CMakeLists.txt | 6 | ||||
-rw-r--r-- | base/tps-tomcat/setup/registry_instance | 60 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/CMakeLists.txt (renamed from base/tps/shared/conf/CMakeLists.txt) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/CS.cfg.in (renamed from base/tps/shared/conf/CS.cfg.in) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/acl.ldif (renamed from base/tps/shared/conf/acl.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/catalina.policy (renamed from base/tps/shared/conf/catalina.policy) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/catalina.properties (renamed from base/tps/shared/conf/catalina.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/context.xml (renamed from base/tps/shared/conf/context.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/database.ldif (renamed from base/tps/shared/conf/database.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/db.ldif (renamed from base/tps/shared/conf/db.ldif) | 0 | ||||
-rwxr-xr-x | base/tps-tomcat/shared/conf/etc/init.d/pki-tpsd (renamed from base/tps/shared/conf/etc/init.d/pki-tpsd) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/index.ldif (renamed from base/tps/shared/conf/index.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/jk2.manifest (renamed from base/tps/shared/conf/jk2.manifest) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/jk2.properties (renamed from base/tps/shared/conf/jk2.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/jkconf.ant.xml (renamed from base/tps/shared/conf/jkconf.ant.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/jkconfig.manifest (renamed from base/tps/shared/conf/jkconfig.manifest) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/logging.properties (renamed from base/tps/shared/conf/logging.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/manager.ldif (renamed from base/tps/shared/conf/manager.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/schema.ldif (renamed from base/tps/shared/conf/schema.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/server-minimal.xml (renamed from base/tps/shared/conf/server-minimal.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/server.xml (renamed from base/tps/shared/conf/server.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/shm.manifest (renamed from base/tps/shared/conf/shm.manifest) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/tomcat-jk2.manifest (renamed from base/tps/shared/conf/tomcat-jk2.manifest) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/tomcat-users.xml (renamed from base/tps/shared/conf/tomcat-users.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/tomcat6.conf (renamed from base/tps/shared/conf/tomcat6.conf) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/uriworkermap.properties (renamed from base/tps/shared/conf/uriworkermap.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/vlv.ldif (renamed from base/tps/shared/conf/vlv.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/vlvtasks.ldif (renamed from base/tps/shared/conf/vlvtasks.ldif) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/web.xml (renamed from base/tps/shared/conf/web.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/workers.properties (renamed from base/tps/shared/conf/workers.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/workers.properties.minimal (renamed from base/tps/shared/conf/workers.properties.minimal) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/workers2.properties (renamed from base/tps/shared/conf/workers2.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/conf/workers2.properties.minimal (renamed from base/tps/shared/conf/workers2.properties.minimal) | 0 | ||||
-rwxr-xr-x | base/tps-tomcat/shared/etc/init.d/pki-tpsd (renamed from base/tps/shared/etc/init.d/pki-tpsd) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/lib/systemd/system/pki-tpsd.target (renamed from base/tps/shared/lib/systemd/system/pki-tpsd.target) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/lib/systemd/system/pki-tpsd@.service (renamed from base/tps/shared/lib/systemd/system/pki-tpsd@.service) | 0 | ||||
-rwxr-xr-x | base/tps-tomcat/shared/webapps/tps/404.html (renamed from base/tps/shared/webapps/tps/404.html) | 0 | ||||
-rwxr-xr-x | base/tps-tomcat/shared/webapps/tps/500.html (renamed from base/tps/shared/webapps/tps/500.html) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/GenUnexpectedError.template (renamed from base/tps/shared/webapps/tps/GenUnexpectedError.template) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/META-INF/context.xml (renamed from base/tps/shared/webapps/tps/META-INF/context.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties (renamed from base/tps/shared/webapps/tps/WEB-INF/auth.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/WEB-INF/velocity.properties (renamed from base/tps/shared/webapps/tps/WEB-INF/velocity.properties) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml (renamed from base/tps/shared/webapps/tps/WEB-INF/web.xml) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/index.html (renamed from base/tps/shared/webapps/tps/index.html) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/shared/webapps/tps/services.template (renamed from base/tps/shared/webapps/tps/services.template) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/CMakeLists.txt (renamed from base/tps/java/CMakeLists.txt) | 2 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/TPSConnection.java (renamed from base/tps/java/org/dogtagpki/tps/TPSConnection.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/TPSMessage.java (renamed from base/tps/java/org/dogtagpki/tps/TPSMessage.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/server/TPSApplication.java (renamed from base/tps/java/org/dogtagpki/tps/server/TPSApplication.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/server/TPSServlet.java (renamed from base/tps/java/org/dogtagpki/tps/server/TPSServlet.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/server/TPSSubsystem.java (renamed from base/tps/java/org/dogtagpki/tps/server/TPSSubsystem.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/token/TokenDatabase.java (renamed from base/tps/java/org/dogtagpki/tps/token/TokenDatabase.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/token/TokenRecord.java (renamed from base/tps/java/org/dogtagpki/tps/token/TokenRecord.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/org/dogtagpki/tps/token/TokenService.java (renamed from base/tps/java/org/dogtagpki/tps/token/TokenService.java) | 0 | ||||
-rw-r--r-- | base/tps-tomcat/src/pki-tps.mf (renamed from base/tps/java/pki-tps.mf) | 0 | ||||
-rw-r--r-- | base/tps/CMakeLists.txt | 19 | ||||
-rw-r--r-- | base/tps/doc/CMakeLists.txt | 8 | ||||
-rw-r--r-- | base/tps/doc/CS.cfg.in | 1608 | ||||
-rwxr-xr-x | scripts/compose_dogtag_pki_meta_packages | 2 | ||||
-rwxr-xr-x | scripts/compose_dogtag_pki_theme_packages | 2 | ||||
-rwxr-xr-x | scripts/compose_ipa_pki_theme_packages | 2 | ||||
-rwxr-xr-x | scripts/compose_pki_console_packages | 2 | ||||
-rwxr-xr-x | scripts/compose_pki_core_packages | 25 | ||||
-rwxr-xr-x | scripts/compose_pki_migrate_packages | 2 | ||||
-rwxr-xr-x | scripts/compose_pki_ra_packages | 2 | ||||
-rwxr-xr-x | scripts/compose_pki_tps_packages | 2 | ||||
-rw-r--r-- | specs/pki-core.spec | 72 | ||||
-rw-r--r-- | specs/pki-tps.spec | 8 |
75 files changed, 2324 insertions, 39 deletions
diff --git a/.classpath b/.classpath index 0cc81a118..bee1aacbf 100644 --- a/.classpath +++ b/.classpath @@ -16,7 +16,7 @@ <classpathentry kind="src" path="base/kra/functional/src"/> <classpathentry kind="src" path="base/common/functional/src"/> <classpathentry kind="src" path="base/ca/functional/src"/> - <classpathentry kind="src" path="base/tps/java"/> + <classpathentry kind="src" path="base/tps-tomcat/src"/> <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/> <classpathentry kind="lib" path="/usr/share/java/apache-commons-cli.jar"/> <classpathentry kind="lib" path="/usr/share/java/apache-commons-logging.jar"/> diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt index 0a8e51647..0dc513666 100644 --- a/base/CMakeLists.txt +++ b/base/CMakeLists.txt @@ -17,6 +17,7 @@ if (APPLICATION_FLAVOR_PKI_CORE) add_subdirectory(kra) add_subdirectory(ocsp) add_subdirectory(tks) + add_subdirectory(tps) add_subdirectory(silent) if(WITH_JAVADOC) diff --git a/base/ra/CMakeLists.txt b/base/ra/CMakeLists.txt index e3e2c1eba..ece6713c6 100644 --- a/base/ra/CMakeLists.txt +++ b/base/ra/CMakeLists.txt @@ -1,7 +1,7 @@ project(ra) +add_subdirectory(doc) add_subdirectory(setup) -add_subdirectory(shared/conf) # install systemd scripts install( diff --git a/base/ra/shared/conf/CMakeLists.txt b/base/ra/doc/CMakeLists.txt index 419289d03..419289d03 100644 --- a/base/ra/shared/conf/CMakeLists.txt +++ b/base/ra/doc/CMakeLists.txt diff --git a/base/ra/shared/conf/CS.cfg.in b/base/ra/doc/CS.cfg.in index 227b117ce..227b117ce 100644 --- a/base/ra/shared/conf/CS.cfg.in +++ b/base/ra/doc/CS.cfg.in diff --git a/base/tps-tomcat/CMakeLists.txt b/base/tps-tomcat/CMakeLists.txt new file mode 100644 index 000000000..58304db06 --- /dev/null +++ b/base/tps-tomcat/CMakeLists.txt @@ -0,0 +1,67 @@ +project(tps Java) + +add_subdirectory(src) + +# install files +add_subdirectory(setup) +add_subdirectory(shared/conf) + +# install systemd scripts +install( + FILES + shared/lib/systemd/system/pki-tpsd.target + shared/lib/systemd/system/pki-tpsd@.service + DESTINATION + ${SYSTEMD_LIB_INSTALL_DIR} + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + +# install init script +install( + FILES + shared/etc/init.d/pki-tpsd + DESTINATION + ${SYSCONF_INSTALL_DIR}/rc.d/init.d + PERMISSIONS + OWNER_EXECUTE OWNER_WRITE OWNER_READ + GROUP_EXECUTE GROUP_READ + WORLD_EXECUTE WORLD_READ +) + +# install directories +install( + DIRECTORY + shared/ + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME} + PATTERN + "CMakeLists.txt" EXCLUDE + PATTERN + "etc/*" EXCLUDE + PATTERN + "conf/CS.cfg.in" EXCLUDE + PATTERN + "lib/*" EXCLUDE +) + +# install empty directories +install( + DIRECTORY + DESTINATION + ${VAR_INSTALL_DIR}/lock/pki/tps +) + +install( + DIRECTORY + DESTINATION + ${VAR_INSTALL_DIR}/run/pki/tps +) + +install( + DIRECTORY + DESTINATION + ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants +) diff --git a/base/tps-tomcat/LICENSE b/base/tps-tomcat/LICENSE new file mode 100644 index 000000000..af64f0781 --- /dev/null +++ b/base/tps-tomcat/LICENSE @@ -0,0 +1,469 @@ +This Program is free software; you can redistribute it and/or modify it +under the terms of the GNU Lesser General Public License as published by +the Free Software Foundation; version 2.1 of the License. + +This Program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY +or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License +for more details. + +You should have received a copy of the GNU Lesser General Public License along +with this Program; if not, write to the Free Software Foundation, Inc., +59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + + GNU LESSER GENERAL PUBLIC LICENSE + Version 2.1, February 1999 + + Copyright (C) 1991, 1999 Free Software Foundation, Inc. + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + +[This is the first released version of the Lesser GPL. It also counts + as the successor of the GNU Library Public License, version 2, hence + the version number 2.1.] + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +Licenses are intended to guarantee your freedom to share and change +free software--to make sure the software is free for all its users. + + This license, the Lesser General Public License, applies to some +specially designated software packages--typically libraries--of the +Free Software Foundation and other authors who decide to use it. You +can use it too, but we suggest you first think carefully about whether +this license or the ordinary General Public License is the better +strategy to use in any particular case, based on the explanations below. + + When we speak of free software, we are referring to freedom of use, +not price. Our General Public Licenses are designed to make sure that +you have the freedom to distribute copies of free software (and charge +for this service if you wish); that you receive source code or can get +it if you want it; that you can change the software and use pieces of +it in new free programs; and that you are informed that you can do +these things. + + To protect your rights, we need to make restrictions that forbid +distributors to deny you these rights or to ask you to surrender these +rights. These restrictions translate to certain responsibilities for +you if you distribute copies of the library or if you modify it. + + For example, if you distribute copies of the library, whether gratis +or for a fee, you must give the recipients all the rights that we gave +you. You must make sure that they, too, receive or can get the source +code. If you link other code with the library, you must provide +complete object files to the recipients, so that they can relink them +with the library after making changes to the library and recompiling +it. And you must show them these terms so they know their rights. + + We protect your rights with a two-step method: (1) we copyright the +library, and (2) we offer you this license, which gives you legal +permission to copy, distribute and/or modify the library. + + To protect each distributor, we want to make it very clear that +there is no warranty for the free library. Also, if the library is +modified by someone else and passed on, the recipients should know +that what they have is not the original version, so that the original +author's reputation will not be affected by problems that might be +introduced by others. + + Finally, software patents pose a constant threat to the existence of +any free program. We wish to make sure that a company cannot +effectively restrict the users of a free program by obtaining a +restrictive license from a patent holder. Therefore, we insist that +any patent license obtained for a version of the library must be +consistent with the full freedom of use specified in this license. + + Most GNU software, including some libraries, is covered by the +ordinary GNU General Public License. This license, the GNU Lesser +General Public License, applies to certain designated libraries, and +is quite different from the ordinary General Public License. We use +this license for certain libraries in order to permit linking those +libraries into non-free programs. + + When a program is linked with a library, whether statically or using +a shared library, the combination of the two is legally speaking a +combined work, a derivative of the original library. The ordinary +General Public License therefore permits such linking only if the +entire combination fits its criteria of freedom. The Lesser General +Public License permits more lax criteria for linking other code with +the library. + + We call this license the "Lesser" General Public License because it +does Less to protect the user's freedom than the ordinary General +Public License. It also provides other free software developers Less +of an advantage over competing non-free programs. These disadvantages +are the reason we use the ordinary General Public License for many +libraries. However, the Lesser license provides advantages in certain +special circumstances. + + For example, on rare occasions, there may be a special need to +encourage the widest possible use of a certain library, so that it becomes +a de-facto standard. To achieve this, non-free programs must be +allowed to use the library. A more frequent case is that a free +library does the same job as widely used non-free libraries. In this +case, there is little to gain by limiting the free library to free +software only, so we use the Lesser General Public License. + + In other cases, permission to use a particular library in non-free +programs enables a greater number of people to use a large body of +free software. For example, permission to use the GNU C Library in +non-free programs enables many more people to use the whole GNU +operating system, as well as its variant, the GNU/Linux operating +system. + + Although the Lesser General Public License is Less protective of the +users' freedom, it does ensure that the user of a program that is +linked with the Library has the freedom and the wherewithal to run +that program using a modified version of the Library. + + The precise terms and conditions for copying, distribution and +modification follow. Pay close attention to the difference between a +"work based on the library" and a "work that uses the library". The +former contains code derived from the library, whereas the latter must +be combined with the library in order to run. + + GNU LESSER GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License Agreement applies to any software library or other +program which contains a notice placed by the copyright holder or +other authorized party saying it may be distributed under the terms of +this Lesser General Public License (also called "this License"). +Each licensee is addressed as "you". + + A "library" means a collection of software functions and/or data +prepared so as to be conveniently linked with application programs +(which use some of those functions and data) to form executables. + + The "Library", below, refers to any such software library or work +which has been distributed under these terms. A "work based on the +Library" means either the Library or any derivative work under +copyright law: that is to say, a work containing the Library or a +portion of it, either verbatim or with modifications and/or translated +straightforwardly into another language. (Hereinafter, translation is +included without limitation in the term "modification".) + + "Source code" for a work means the preferred form of the work for +making modifications to it. For a library, complete source code means +all the source code for all modules it contains, plus any associated +interface definition files, plus the scripts used to control compilation +and installation of the library. + + Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running a program using the Library is not restricted, and output from +such a program is covered only if its contents constitute a work based +on the Library (independent of the use of the Library in a tool for +writing it). Whether that is true depends on what the Library does +and what the program that uses the Library does. + + 1. You may copy and distribute verbatim copies of the Library's +complete source code as you receive it, in any medium, provided that +you conspicuously and appropriately publish on each copy an +appropriate copyright notice and disclaimer of warranty; keep intact +all the notices that refer to this License and to the absence of any +warranty; and distribute a copy of this License along with the +Library. + + You may charge a fee for the physical act of transferring a copy, +and you may at your option offer warranty protection in exchange for a +fee. + + 2. You may modify your copy or copies of the Library or any portion +of it, thus forming a work based on the Library, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) The modified work must itself be a software library. + + b) You must cause the files modified to carry prominent notices + stating that you changed the files and the date of any change. + + c) You must cause the whole of the work to be licensed at no + charge to all third parties under the terms of this License. + + d) If a facility in the modified Library refers to a function or a + table of data to be supplied by an application program that uses + the facility, other than as an argument passed when the facility + is invoked, then you must make a good faith effort to ensure that, + in the event an application does not supply such function or + table, the facility still operates, and performs whatever part of + its purpose remains meaningful. + + (For example, a function in a library to compute square roots has + a purpose that is entirely well-defined independent of the + application. Therefore, Subsection 2d requires that any + application-supplied function or table used by this function must + be optional: if the application does not supply it, the square + root function must still compute square roots.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Library, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Library, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote +it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Library. + +In addition, mere aggregation of another work not based on the Library +with the Library (or with a work based on the Library) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may opt to apply the terms of the ordinary GNU General Public +License instead of this License to a given copy of the Library. To do +this, you must alter all the notices that refer to this License, so +that they refer to the ordinary GNU General Public License, version 2, +instead of to this License. (If a newer version than version 2 of the +ordinary GNU General Public License has appeared, then you can specify +that version instead if you wish.) Do not make any other change in +these notices. + + Once this change is made in a given copy, it is irreversible for +that copy, so the ordinary GNU General Public License applies to all +subsequent copies and derivative works made from that copy. + + This option is useful when you wish to copy part of the code of +the Library into a program that is not a library. + + 4. You may copy and distribute the Library (or a portion or +derivative of it, under Section 2) in object code or executable form +under the terms of Sections 1 and 2 above provided that you accompany +it with the complete corresponding machine-readable source code, which +must be distributed under the terms of Sections 1 and 2 above on a +medium customarily used for software interchange. + + If distribution of object code is made by offering access to copy +from a designated place, then offering equivalent access to copy the +source code from the same place satisfies the requirement to +distribute the source code, even though third parties are not +compelled to copy the source along with the object code. + + 5. A program that contains no derivative of any portion of the +Library, but is designed to work with the Library by being compiled or +linked with it, is called a "work that uses the Library". Such a +work, in isolation, is not a derivative work of the Library, and +therefore falls outside the scope of this License. + + However, linking a "work that uses the Library" with the Library +creates an executable that is a derivative of the Library (because it +contains portions of the Library), rather than a "work that uses the +library". The executable is therefore covered by this License. +Section 6 states terms for distribution of such executables. + + When a "work that uses the Library" uses material from a header file +that is part of the Library, the object code for the work may be a +derivative work of the Library even though the source code is not. +Whether this is true is especially significant if the work can be +linked without the Library, or if the work is itself a library. The +threshold for this to be true is not precisely defined by law. + + If such an object file uses only numerical parameters, data +structure layouts and accessors, and small macros and small inline +functions (ten lines or less in length), then the use of the object +file is unrestricted, regardless of whether it is legally a derivative +work. (Executables containing this object code plus portions of the +Library will still fall under Section 6.) + + Otherwise, if the work is a derivative of the Library, you may +distribute the object code for the work under the terms of Section 6. +Any executables containing that work also fall under Section 6, +whether or not they are linked directly with the Library itself. + + 6. As an exception to the Sections above, you may also combine or +link a "work that uses the Library" with the Library to produce a +work containing portions of the Library, and distribute that work +under terms of your choice, provided that the terms permit +modification of the work for the customer's own use and reverse +engineering for debugging such modifications. + + You must give prominent notice with each copy of the work that the +Library is used in it and that the Library and its use are covered by +this License. You must supply a copy of this License. If the work +during execution displays copyright notices, you must include the +copyright notice for the Library among them, as well as a reference +directing the user to the copy of this License. Also, you must do one +of these things: + + a) Accompany the work with the complete corresponding + machine-readable source code for the Library including whatever + changes were used in the work (which must be distributed under + Sections 1 and 2 above); and, if the work is an executable linked + with the Library, with the complete machine-readable "work that + uses the Library", as object code and/or source code, so that the + user can modify the Library and then relink to produce a modified + executable containing the modified Library. (It is understood + that the user who changes the contents of definitions files in the + Library will not necessarily be able to recompile the application + to use the modified definitions.) + + b) Use a suitable shared library mechanism for linking with the + Library. A suitable mechanism is one that (1) uses at run time a + copy of the library already present on the user's computer system, + rather than copying library functions into the executable, and (2) + will operate properly with a modified version of the library, if + the user installs one, as long as the modified version is + interface-compatible with the version that the work was made with. + + c) Accompany the work with a written offer, valid for at + least three years, to give the same user the materials + specified in Subsection 6a, above, for a charge no more + than the cost of performing this distribution. + + d) If distribution of the work is made by offering access to copy + from a designated place, offer equivalent access to copy the above + specified materials from the same place. + + e) Verify that the user has already received a copy of these + materials or that you have already sent this user a copy. + + For an executable, the required form of the "work that uses the +Library" must include any data and utility programs needed for +reproducing the executable from it. However, as a special exception, +the materials to be distributed need not include anything that is +normally distributed (in either source or binary form) with the major +components (compiler, kernel, and so on) of the operating system on +which the executable runs, unless that component itself accompanies +the executable. + + It may happen that this requirement contradicts the license +restrictions of other proprietary libraries that do not normally +accompany the operating system. Such a contradiction means you cannot +use both them and the Library together in an executable that you +distribute. + + 7. You may place library facilities that are a work based on the +Library side-by-side in a single library together with other library +facilities not covered by this License, and distribute such a combined +library, provided that the separate distribution of the work based on +the Library and of the other library facilities is otherwise +permitted, and provided that you do these two things: + + a) Accompany the combined library with a copy of the same work + based on the Library, uncombined with any other library + facilities. This must be distributed under the terms of the + Sections above. + + b) Give prominent notice with the combined library of the fact + that part of it is a work based on the Library, and explaining + where to find the accompanying uncombined form of the same work. + + 8. You may not copy, modify, sublicense, link with, or distribute +the Library except as expressly provided under this License. Any +attempt otherwise to copy, modify, sublicense, link with, or +distribute the Library is void, and will automatically terminate your +rights under this License. However, parties who have received copies, +or rights, from you under this License will not have their licenses +terminated so long as such parties remain in full compliance. + + 9. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Library or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Library (or any work based on the +Library), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Library or works based on it. + + 10. Each time you redistribute the Library (or any work based on the +Library), the recipient automatically receives a license from the +original licensor to copy, distribute, link with or modify the Library +subject to these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties with +this License. + + 11. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Library at all. For example, if a patent +license would not permit royalty-free redistribution of the Library by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Library. + +If any portion of this section is held invalid or unenforceable under any +particular circumstance, the balance of the section is intended to apply, +and the section as a whole is intended to apply in other circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 12. If the distribution and/or use of the Library is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Library under this License may add +an explicit geographical distribution limitation excluding those countries, +so that distribution is permitted only in or among countries not thus +excluded. In such case, this License incorporates the limitation as if +written in the body of this License. + + 13. The Free Software Foundation may publish revised and/or new +versions of the Lesser General Public License from time to time. +Such new versions will be similar in spirit to the present version, +but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Library +specifies a version number of this License which applies to it and +"any later version", you have the option of following the terms and +conditions either of that version or of any later version published by +the Free Software Foundation. If the Library does not specify a +license version number, you may choose any version ever published by +the Free Software Foundation. + + 14. If you wish to incorporate parts of the Library into other free +programs whose distribution conditions are incompatible with these, +write to the author to ask for permission. For software which is +copyrighted by the Free Software Foundation, write to the Free +Software Foundation; we sometimes make exceptions for this. Our +decision will be guided by the two goals of preserving the free status +of all derivatives of our free software and of promoting the sharing +and reuse of software generally. + + NO WARRANTY + + 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO +WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR +OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY +KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE +LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME +THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN +WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY +AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU +FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR +CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING +RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A +FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF +SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH +DAMAGES. diff --git a/base/tps-tomcat/setup/CMakeLists.txt b/base/tps-tomcat/setup/CMakeLists.txt new file mode 100644 index 000000000..d2a1399e6 --- /dev/null +++ b/base/tps-tomcat/setup/CMakeLists.txt @@ -0,0 +1,6 @@ +install( + FILES + registry_instance + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/setup +) diff --git a/base/tps-tomcat/setup/registry_instance b/base/tps-tomcat/setup/registry_instance new file mode 100644 index 000000000..6365ecb9e --- /dev/null +++ b/base/tps-tomcat/setup/registry_instance @@ -0,0 +1,60 @@ +# Establish PKI Variable "Slot" Substitutions + +PKI_SUBSYSTEM_TYPE=[PKI_SUBSYSTEM_TYPE] +export PKI_SUBSYSTEM_TYPE + +PKI_USER=[PKI_USER] +export PKI_USER + +PKI_GROUP=[PKI_GROUP] +export PKI_GROUP + +PKI_INSTANCE_NAME=[PKI_INSTANCE_NAME] +export PKI_INSTANCE_NAME + +PKI_INSTANCE_PATH=[PKI_INSTANCE_PATH] +export PKI_INSTANCE_PATH + +PKI_INSTANCE_INITSCRIPT=[PKI_INSTANCE_INITSCRIPT] +export PKI_INSTANCE_INITSCRIPT + +PKI_SERVER_XML_CONF=[PKI_SERVER_XML_CONF] +export PKI_SERVER_XML_CONF + +# Use CATALINA_BASE + +CATALINA_BASE=$PKI_INSTANCE_PATH +export CATALINA_BASE + +TOMCAT_PROG=$PKI_INSTANCE_NAME +export TOMCAT_PROG + +TOMCAT_USER=$PKI_USER +export TOMCAT_USER + +TOMCAT_GROUP=$PKI_GROUP +export TOMCAT_GROUP + +PKI_LOCKDIR="/var/lock/pki/${PKI_SUBSYSTEM_TYPE}" +export PKI_LOCKDIR + +PKI_LOCKFILE="${PKI_LOCKDIR}/${PKI_INSTANCE_NAME}" +export PKI_LOCKFILE + +PKI_PIDDIR="/var/run/pki/${PKI_SUBSYSTEM_TYPE}" +export PKI_PIDDIR + +PKI_PIDFILE="${PKI_PIDDIR}/${PKI_INSTANCE_NAME}.pid" +export PKI_PIDFILE + +TOMCAT_LOCKFILE=/var/lock/subsys/${PKI_INSTANCE_NAME} +export TOMCAT_LOCKFILE + +TOMCAT_PIDFILE=[TOMCAT_PIDFILE] +export TOMCAT_PIDFILE + +pki_instance_configuration_file=${PKI_INSTANCE_PATH}/conf/CS.cfg +export pki_instance_configuration_file + +RESTART_SERVER=${PKI_INSTANCE_PATH}/conf/restart_server_after_configuration +export RESTART_SERVER diff --git a/base/tps/shared/conf/CMakeLists.txt b/base/tps-tomcat/shared/conf/CMakeLists.txt index 419289d03..419289d03 100644 --- a/base/tps/shared/conf/CMakeLists.txt +++ b/base/tps-tomcat/shared/conf/CMakeLists.txt diff --git a/base/tps/shared/conf/CS.cfg.in b/base/tps-tomcat/shared/conf/CS.cfg.in index 1a392a119..1a392a119 100644 --- a/base/tps/shared/conf/CS.cfg.in +++ b/base/tps-tomcat/shared/conf/CS.cfg.in diff --git a/base/tps/shared/conf/acl.ldif b/base/tps-tomcat/shared/conf/acl.ldif index fb63122d1..fb63122d1 100644 --- a/base/tps/shared/conf/acl.ldif +++ b/base/tps-tomcat/shared/conf/acl.ldif diff --git a/base/tps/shared/conf/catalina.policy b/base/tps-tomcat/shared/conf/catalina.policy index 5ccc7959e..5ccc7959e 100644 --- a/base/tps/shared/conf/catalina.policy +++ b/base/tps-tomcat/shared/conf/catalina.policy diff --git a/base/tps/shared/conf/catalina.properties b/base/tps-tomcat/shared/conf/catalina.properties index f6d1d1415..f6d1d1415 100644 --- a/base/tps/shared/conf/catalina.properties +++ b/base/tps-tomcat/shared/conf/catalina.properties diff --git a/base/tps/shared/conf/context.xml b/base/tps-tomcat/shared/conf/context.xml index ba139add2..ba139add2 100644 --- a/base/tps/shared/conf/context.xml +++ b/base/tps-tomcat/shared/conf/context.xml diff --git a/base/tps/shared/conf/database.ldif b/base/tps-tomcat/shared/conf/database.ldif index d3c5f9e68..d3c5f9e68 100644 --- a/base/tps/shared/conf/database.ldif +++ b/base/tps-tomcat/shared/conf/database.ldif diff --git a/base/tps/shared/conf/db.ldif b/base/tps-tomcat/shared/conf/db.ldif index 1dada984a..1dada984a 100644 --- a/base/tps/shared/conf/db.ldif +++ b/base/tps-tomcat/shared/conf/db.ldif diff --git a/base/tps/shared/conf/etc/init.d/pki-tpsd b/base/tps-tomcat/shared/conf/etc/init.d/pki-tpsd index 7b991f39c..7b991f39c 100755 --- a/base/tps/shared/conf/etc/init.d/pki-tpsd +++ b/base/tps-tomcat/shared/conf/etc/init.d/pki-tpsd diff --git a/base/tps/shared/conf/index.ldif b/base/tps-tomcat/shared/conf/index.ldif index d896de394..d896de394 100644 --- a/base/tps/shared/conf/index.ldif +++ b/base/tps-tomcat/shared/conf/index.ldif diff --git a/base/tps/shared/conf/jk2.manifest b/base/tps-tomcat/shared/conf/jk2.manifest index 986d7b874..986d7b874 100644 --- a/base/tps/shared/conf/jk2.manifest +++ b/base/tps-tomcat/shared/conf/jk2.manifest diff --git a/base/tps/shared/conf/jk2.properties b/base/tps-tomcat/shared/conf/jk2.properties index 934d6ed54..934d6ed54 100644 --- a/base/tps/shared/conf/jk2.properties +++ b/base/tps-tomcat/shared/conf/jk2.properties diff --git a/base/tps/shared/conf/jkconf.ant.xml b/base/tps-tomcat/shared/conf/jkconf.ant.xml index 48396f1b7..48396f1b7 100644 --- a/base/tps/shared/conf/jkconf.ant.xml +++ b/base/tps-tomcat/shared/conf/jkconf.ant.xml diff --git a/base/tps/shared/conf/jkconfig.manifest b/base/tps-tomcat/shared/conf/jkconfig.manifest index 3ba1f2e3e..3ba1f2e3e 100644 --- a/base/tps/shared/conf/jkconfig.manifest +++ b/base/tps-tomcat/shared/conf/jkconfig.manifest diff --git a/base/tps/shared/conf/logging.properties b/base/tps-tomcat/shared/conf/logging.properties index 796cfc071..796cfc071 100644 --- a/base/tps/shared/conf/logging.properties +++ b/base/tps-tomcat/shared/conf/logging.properties diff --git a/base/tps/shared/conf/manager.ldif b/base/tps-tomcat/shared/conf/manager.ldif index 18700dd4b..18700dd4b 100644 --- a/base/tps/shared/conf/manager.ldif +++ b/base/tps-tomcat/shared/conf/manager.ldif diff --git a/base/tps/shared/conf/schema.ldif b/base/tps-tomcat/shared/conf/schema.ldif index bde045630..bde045630 100644 --- a/base/tps/shared/conf/schema.ldif +++ b/base/tps-tomcat/shared/conf/schema.ldif diff --git a/base/tps/shared/conf/server-minimal.xml b/base/tps-tomcat/shared/conf/server-minimal.xml index fc855c6e3..fc855c6e3 100644 --- a/base/tps/shared/conf/server-minimal.xml +++ b/base/tps-tomcat/shared/conf/server-minimal.xml diff --git a/base/tps/shared/conf/server.xml b/base/tps-tomcat/shared/conf/server.xml index b66cb51ae..b66cb51ae 100644 --- a/base/tps/shared/conf/server.xml +++ b/base/tps-tomcat/shared/conf/server.xml diff --git a/base/tps/shared/conf/shm.manifest b/base/tps-tomcat/shared/conf/shm.manifest index 0505c085b..0505c085b 100644 --- a/base/tps/shared/conf/shm.manifest +++ b/base/tps-tomcat/shared/conf/shm.manifest diff --git a/base/tps/shared/conf/tomcat-jk2.manifest b/base/tps-tomcat/shared/conf/tomcat-jk2.manifest index acfef4a90..acfef4a90 100644 --- a/base/tps/shared/conf/tomcat-jk2.manifest +++ b/base/tps-tomcat/shared/conf/tomcat-jk2.manifest diff --git a/base/tps/shared/conf/tomcat-users.xml b/base/tps-tomcat/shared/conf/tomcat-users.xml index daa9260cc..daa9260cc 100644 --- a/base/tps/shared/conf/tomcat-users.xml +++ b/base/tps-tomcat/shared/conf/tomcat-users.xml diff --git a/base/tps/shared/conf/tomcat6.conf b/base/tps-tomcat/shared/conf/tomcat6.conf index 2d7def5ec..2d7def5ec 100644 --- a/base/tps/shared/conf/tomcat6.conf +++ b/base/tps-tomcat/shared/conf/tomcat6.conf diff --git a/base/tps/shared/conf/uriworkermap.properties b/base/tps-tomcat/shared/conf/uriworkermap.properties index c89dd82a6..c89dd82a6 100644 --- a/base/tps/shared/conf/uriworkermap.properties +++ b/base/tps-tomcat/shared/conf/uriworkermap.properties diff --git a/base/tps/shared/conf/vlv.ldif b/base/tps-tomcat/shared/conf/vlv.ldif index db7988e36..db7988e36 100644 --- a/base/tps/shared/conf/vlv.ldif +++ b/base/tps-tomcat/shared/conf/vlv.ldif diff --git a/base/tps/shared/conf/vlvtasks.ldif b/base/tps-tomcat/shared/conf/vlvtasks.ldif index b6b4bb762..b6b4bb762 100644 --- a/base/tps/shared/conf/vlvtasks.ldif +++ b/base/tps-tomcat/shared/conf/vlvtasks.ldif diff --git a/base/tps/shared/conf/web.xml b/base/tps-tomcat/shared/conf/web.xml index 8330ecca8..8330ecca8 100644 --- a/base/tps/shared/conf/web.xml +++ b/base/tps-tomcat/shared/conf/web.xml diff --git a/base/tps/shared/conf/workers.properties b/base/tps-tomcat/shared/conf/workers.properties index ae26a983c..ae26a983c 100644 --- a/base/tps/shared/conf/workers.properties +++ b/base/tps-tomcat/shared/conf/workers.properties diff --git a/base/tps/shared/conf/workers.properties.minimal b/base/tps-tomcat/shared/conf/workers.properties.minimal index 51980ac49..51980ac49 100644 --- a/base/tps/shared/conf/workers.properties.minimal +++ b/base/tps-tomcat/shared/conf/workers.properties.minimal diff --git a/base/tps/shared/conf/workers2.properties b/base/tps-tomcat/shared/conf/workers2.properties index 3c8e0f4a5..3c8e0f4a5 100644 --- a/base/tps/shared/conf/workers2.properties +++ b/base/tps-tomcat/shared/conf/workers2.properties diff --git a/base/tps/shared/conf/workers2.properties.minimal b/base/tps-tomcat/shared/conf/workers2.properties.minimal index 0e88d14c7..0e88d14c7 100644 --- a/base/tps/shared/conf/workers2.properties.minimal +++ b/base/tps-tomcat/shared/conf/workers2.properties.minimal diff --git a/base/tps/shared/etc/init.d/pki-tpsd b/base/tps-tomcat/shared/etc/init.d/pki-tpsd index 7b991f39c..7b991f39c 100755 --- a/base/tps/shared/etc/init.d/pki-tpsd +++ b/base/tps-tomcat/shared/etc/init.d/pki-tpsd diff --git a/base/tps/shared/lib/systemd/system/pki-tpsd.target b/base/tps-tomcat/shared/lib/systemd/system/pki-tpsd.target index 443c2adad..443c2adad 100644 --- a/base/tps/shared/lib/systemd/system/pki-tpsd.target +++ b/base/tps-tomcat/shared/lib/systemd/system/pki-tpsd.target diff --git a/base/tps/shared/lib/systemd/system/pki-tpsd@.service b/base/tps-tomcat/shared/lib/systemd/system/pki-tpsd@.service index 4703b3fe8..4703b3fe8 100644 --- a/base/tps/shared/lib/systemd/system/pki-tpsd@.service +++ b/base/tps-tomcat/shared/lib/systemd/system/pki-tpsd@.service diff --git a/base/tps/shared/webapps/tps/404.html b/base/tps-tomcat/shared/webapps/tps/404.html index 0bf93578c..0bf93578c 100755 --- a/base/tps/shared/webapps/tps/404.html +++ b/base/tps-tomcat/shared/webapps/tps/404.html diff --git a/base/tps/shared/webapps/tps/500.html b/base/tps-tomcat/shared/webapps/tps/500.html index 3e1e8bb66..3e1e8bb66 100755 --- a/base/tps/shared/webapps/tps/500.html +++ b/base/tps-tomcat/shared/webapps/tps/500.html diff --git a/base/tps/shared/webapps/tps/GenUnexpectedError.template b/base/tps-tomcat/shared/webapps/tps/GenUnexpectedError.template index ea545c145..ea545c145 100644 --- a/base/tps/shared/webapps/tps/GenUnexpectedError.template +++ b/base/tps-tomcat/shared/webapps/tps/GenUnexpectedError.template diff --git a/base/tps/shared/webapps/tps/META-INF/context.xml b/base/tps-tomcat/shared/webapps/tps/META-INF/context.xml index e838503a6..e838503a6 100644 --- a/base/tps/shared/webapps/tps/META-INF/context.xml +++ b/base/tps-tomcat/shared/webapps/tps/META-INF/context.xml diff --git a/base/tps/shared/webapps/tps/WEB-INF/auth.properties b/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties index 8ed17dbe0..8ed17dbe0 100644 --- a/base/tps/shared/webapps/tps/WEB-INF/auth.properties +++ b/base/tps-tomcat/shared/webapps/tps/WEB-INF/auth.properties diff --git a/base/tps/shared/webapps/tps/WEB-INF/velocity.properties b/base/tps-tomcat/shared/webapps/tps/WEB-INF/velocity.properties index 5cd0454cc..5cd0454cc 100644 --- a/base/tps/shared/webapps/tps/WEB-INF/velocity.properties +++ b/base/tps-tomcat/shared/webapps/tps/WEB-INF/velocity.properties diff --git a/base/tps/shared/webapps/tps/WEB-INF/web.xml b/base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml index 9a6c87462..9a6c87462 100644 --- a/base/tps/shared/webapps/tps/WEB-INF/web.xml +++ b/base/tps-tomcat/shared/webapps/tps/WEB-INF/web.xml diff --git a/base/tps/shared/webapps/tps/index.html b/base/tps-tomcat/shared/webapps/tps/index.html index 30662d47a..30662d47a 100644 --- a/base/tps/shared/webapps/tps/index.html +++ b/base/tps-tomcat/shared/webapps/tps/index.html diff --git a/base/tps/shared/webapps/tps/services.template b/base/tps-tomcat/shared/webapps/tps/services.template index c6792fea1..c6792fea1 100644 --- a/base/tps/shared/webapps/tps/services.template +++ b/base/tps-tomcat/shared/webapps/tps/services.template diff --git a/base/tps/java/CMakeLists.txt b/base/tps-tomcat/src/CMakeLists.txt index c8f90e44e..2c9af352a 100644 --- a/base/tps/java/CMakeLists.txt +++ b/base/tps-tomcat/src/CMakeLists.txt @@ -104,6 +104,8 @@ javac(pki-tps-classes ${JSS_JAR} ${COMMONS_CODEC_JAR} ${SYMKEY_JAR} ${SERVLET_JAR} OUTPUT_DIR ${CMAKE_BINARY_DIR}/classes + DEPENDS + pki-nsutil-jar pki-cmsutil-jar pki-certsrv-jar pki-cms-jar pki-cmscore-jar ) configure_file( diff --git a/base/tps/java/org/dogtagpki/tps/TPSConnection.java b/base/tps-tomcat/src/org/dogtagpki/tps/TPSConnection.java index cd62ff530..cd62ff530 100644 --- a/base/tps/java/org/dogtagpki/tps/TPSConnection.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/TPSConnection.java diff --git a/base/tps/java/org/dogtagpki/tps/TPSMessage.java b/base/tps-tomcat/src/org/dogtagpki/tps/TPSMessage.java index 522a0f408..522a0f408 100644 --- a/base/tps/java/org/dogtagpki/tps/TPSMessage.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/TPSMessage.java diff --git a/base/tps/java/org/dogtagpki/tps/server/TPSApplication.java b/base/tps-tomcat/src/org/dogtagpki/tps/server/TPSApplication.java index 2f2b2a63a..2f2b2a63a 100644 --- a/base/tps/java/org/dogtagpki/tps/server/TPSApplication.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/server/TPSApplication.java diff --git a/base/tps/java/org/dogtagpki/tps/server/TPSServlet.java b/base/tps-tomcat/src/org/dogtagpki/tps/server/TPSServlet.java index 78e6df4f8..78e6df4f8 100644 --- a/base/tps/java/org/dogtagpki/tps/server/TPSServlet.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/server/TPSServlet.java diff --git a/base/tps/java/org/dogtagpki/tps/server/TPSSubsystem.java b/base/tps-tomcat/src/org/dogtagpki/tps/server/TPSSubsystem.java index 92017812c..92017812c 100644 --- a/base/tps/java/org/dogtagpki/tps/server/TPSSubsystem.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/server/TPSSubsystem.java diff --git a/base/tps/java/org/dogtagpki/tps/token/TokenDatabase.java b/base/tps-tomcat/src/org/dogtagpki/tps/token/TokenDatabase.java index 3db76649f..3db76649f 100644 --- a/base/tps/java/org/dogtagpki/tps/token/TokenDatabase.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/token/TokenDatabase.java diff --git a/base/tps/java/org/dogtagpki/tps/token/TokenRecord.java b/base/tps-tomcat/src/org/dogtagpki/tps/token/TokenRecord.java index 1f9d9caf5..1f9d9caf5 100644 --- a/base/tps/java/org/dogtagpki/tps/token/TokenRecord.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/token/TokenRecord.java diff --git a/base/tps/java/org/dogtagpki/tps/token/TokenService.java b/base/tps-tomcat/src/org/dogtagpki/tps/token/TokenService.java index bc8b35d59..bc8b35d59 100644 --- a/base/tps/java/org/dogtagpki/tps/token/TokenService.java +++ b/base/tps-tomcat/src/org/dogtagpki/tps/token/TokenService.java diff --git a/base/tps/java/pki-tps.mf b/base/tps-tomcat/src/pki-tps.mf index d77fe8fa9..d77fe8fa9 100644 --- a/base/tps/java/pki-tps.mf +++ b/base/tps-tomcat/src/pki-tps.mf diff --git a/base/tps/CMakeLists.txt b/base/tps/CMakeLists.txt index aa6ac8cb1..954146cb4 100644 --- a/base/tps/CMakeLists.txt +++ b/base/tps/CMakeLists.txt @@ -36,13 +36,12 @@ SET(CMAKE_INSTALL_RPATH "${LIB_INSTALL_DIR}/tps") # which point to directories outside the build tree to the install RPATH SET(CMAKE_INSTALL_RPATH_USE_LINK_PATH TRUE) -add_subdirectory(java) add_subdirectory(src) add_subdirectory(tools) # install files +add_subdirectory(doc) add_subdirectory(setup) -add_subdirectory(shared/conf) # install systemd scripts install( @@ -214,19 +213,3 @@ install( DESTINATION ${SYSTEMD_ETC_INSTALL_DIR}/pki-tpsd.target.wants ) - -# install directories -install( - DIRECTORY - shared/ - DESTINATION - ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME} - PATTERN - "CMakeLists.txt" EXCLUDE - PATTERN - "etc/*" EXCLUDE - PATTERN - "conf/CS.cfg.in" EXCLUDE - PATTERN - "lib/*" EXCLUDE -) diff --git a/base/tps/doc/CMakeLists.txt b/base/tps/doc/CMakeLists.txt new file mode 100644 index 000000000..419289d03 --- /dev/null +++ b/base/tps/doc/CMakeLists.txt @@ -0,0 +1,8 @@ +configure_file(${CMAKE_CURRENT_SOURCE_DIR}/CS.cfg.in ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg @ONLY) + +install( + FILES + ${CMAKE_CURRENT_BINARY_DIR}/CS.cfg + DESTINATION + ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}/conf +) diff --git a/base/tps/doc/CS.cfg.in b/base/tps/doc/CS.cfg.in new file mode 100644 index 000000000..d5c0f312e --- /dev/null +++ b/base/tps/doc/CS.cfg.in @@ -0,0 +1,1608 @@ +_000=## +_001=## Token Processing System (TPS) Configuration File +_002=## +pidDir=[PKI_PIDDIR] +pkicreate.pki_instance_root=[PKI_INSTANCE_ROOT] +pkicreate.pki_instance_name=[PKI_INSTANCE_NAME] +pkicreate.subsystem_type=[PKI_SUBSYSTEM_TYPE] +pkicreate.secure_port=[PKI_SECURE_PORT] +pkicreate.non_clientauth_secure_port=[NON_CLIENTAUTH_SECURE_PORT] +pkicreate.unsecure_port=[PKI_UNSECURE_PORT] +pkicreate.user=[PKI_USER] +pkicreate.group=[PKI_GROUP] +pkiremove.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] +cs.type=TPS +selftests._000=## +selftests._001=## Self Tests +selftests._002=## +selftests._003=## The Self-Test plugin TPSSystemCertsVerification uses the +selftests._004=## following parameters (where certusage is optional): +selftests._005=## tps.cert.list = <list of cert tag names deliminated by ","> +selftests._006=## tps.cert.<cert tag name>.nickname +selftests._007=## tps.cert.<cert tag name>.certusage +selftests._008=## +selftests.container.logger.enable=true +selftests.container.logger.expirationTime=0 +selftests.container.logger.file.type=RollingLogFile +selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log +selftests.container.logger.level=10 +selftests.container.logger.maxFileSize=2000 +selftests.container.logger.rolloverInterval=2592000 +selftests.container.order.startup=TPSPresence:critical, TPSSystemCertsVerification:critical +selftests.container.order.onDemand=TPSPresence:critical, TPSValidity:critical, TPSSystemCertsVerification:critical +selftests.plugin.TPSPresence.nickname=[HSM_LABEL][NICKNAME] +selftests.plugin.TPSValidity.nickname=[HSM_LABEL][NICKNAME] +service.machineName=[PKI_HOSTNAME] +service.instanceDir=[PKI_INSTANCE_PATH] +service.securePort=[PKI_SECURE_PORT] +service.non_clientauth_securePort=[NON_CLIENTAUTH_SECURE_PORT] +service.unsecurePort=[PKI_UNSECURE_PORT] +service.instanceID=[PKI_INSTANCE_NAME] +logging._000=######################################### +logging._001=# RA configuration File +logging._002=# +logging._003=# All <...> must be replaced with +logging._004=# appropriate values. +logging._005=######################################### +logging._006=######################################## +logging._007=# logging +logging._008=# +logging._009=# logging.debug.enable: +logging._010=# logging.audit.enable: +logging._011=# logging.error.enable: +logging._012=# - enable or disable the corresponding logging +logging._013=# logging.debug.filename: +logging._014=# logging.audit.filename: +logging._015=# logging.error.filename: +logging._016=# - name of the log file +logging._017=# logging.debug.level: +logging._018=# logging.audit.level: +logging._019=# logging.error.level: +logging._020=# - level of logging. (0-10) +logging._021=# 0 - no logging, +logging._022=# 4 - LL_PER_SERVER these messages will occur only once +logging._023=# during the entire invocation of the +logging._024=# server, e. g. at startup or shutdown +logging._025=# time., reading the conf parameters. +logging._026=# Perhaps other infrequent events +logging._027=# relating to failing over of CA, TKS, +logging._028=# too +logging._029=# 6 - LL_PER_CONNECTION these messages happen once per +logging._030=# connection - most of the log events +logging._031=# will be at this level +logging._032=# 8 - LL_PER_PDU these messages relate to PDU +logging._033=# processing. If you have something that +logging._034=# is done for every PDU, such as +logging._035=# applying the MAC, it should be logged +logging._036=# at this level +logging._037=# 9 - LL_ALL_DATA_IN_PDU dump all the data in the PDU - a more +logging._038=# chatty version of the above +logging._039=# 10 - all logging +logging._040=# logging.audit.buffer.size: # in bytes +logging._041=# logging.audit.flush.interval: # in seconds, 0 disables flush thread +logging._042=# logging.*.file.type: +logging._043=# - file type: RollingLogFile or LogFile +logging._044=# logging.*.rolloverInterval: +logging._045=# - interval to roll over logs (seconds), 0 to disable rollover +logging._046=# logging.*.maxFileSize: +logging._047=# - size at which file rollover occurs, in kB +logging._048=# logging.*.expirationTime: +logging._049=# - maximum age of log, older unmodified logs are deleted( in seconds, 0 to disable) +logging._050=######################################### +logging.debug.enable=true +logging.debug.filename=[PKI_INSTANCE_PATH]/logs/tps-debug.log +logging.debug.level=10 +logging.debug.file.type=RollingLogFile +logging.debug.maxFileSize=2000 +logging.debug.rolloverInterval=2592000 +logging.debug.expirationTime=0 +logging.audit.enable=true +logging.audit.filename=[PKI_INSTANCE_PATH]/logs/tps-audit.log +logging.audit.signedAuditFilename=[PKI_INSTANCE_PATH]/logs/signedAudit/tps_audit +logging.audit.level=10 +logging.audit.logSigning=false +logging.audit.signedAuditCertNickname=auditSigningCert cert-[PKI_INSTANCE_NAME] +logging.audit.selected.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION +logging.audit.selectable.events=AUTHZ_SUCCESS,AUTHZ_FAIL,AUTH_FAIL,AUTH_SUCCESS,ROLE_ASSUME,ENROLLMENT,PIN_RESET,FORMAT,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL,CIMC_CERT_VERIFICATION +logging.audit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,LOGGING_SIGNED_AUDIT_SIGNING +logging.audit.buffer.size=512 +logging.audit.flush.interval=5 +logging.audit.file.type=RollingLogFile +logging.audit.maxFileSize=2000 +logging.audit.rolloverInterval=2592000 +logging.audit.expirationTime=0 +logging.error.enable=true +logging.error.filename=[PKI_INSTANCE_PATH]/logs/tps-error.log +logging.error.level=10 +logging.error.file.type=RollingLogFile +logging.error.maxFileSize=2000 +logging.error.rolloverInterval=2592000 +logging.error.expirationTime=0 +conn.ca1._000=######################################### +conn.ca1._001=# CA connection +conn.ca1._002=# +conn.ca1._003=# conn.ca<n>.hostport: +conn.ca1._004=# - host name and port number of your CA, format is host:port +conn.ca1._005=# conn.ca<n>.clientNickname: +conn.ca1._006=# - nickname of the client certificate for +conn.ca1._007=# authentication +conn.ca1._008=# conn.ca<n>.servlet.enrollment: +conn.ca1._009=# - servlet to contact in CA +conn.ca1._010=# - must be '/ca/profileSubmitSSLClient' +conn.ca1._011=# conn.ca<n>.retryConnect: +conn.ca1._012=# - number of reconnection attempts on failure +conn.ca1._013=# conn.ca<n>.timeout: +conn.ca1._014=# - connection timeout +conn.ca1._015=# conn.ca<n>.SSLOn: +conn.ca1._016=# - enable SSL or not +conn.ca1._017=# conn.ca<n>.keepAlive: +conn.ca1._018=# - enable keep alive or not +conn.ca1._019=# conn.ca<n>.caNickname: +conn.ca1._020=# - nickname of the ca certificate +conn.ca1._021=# conn.ca<n>.caSKI: +conn.ca1._022=# - Subject Key Identifier (in Base64) of the ca certificate +conn.ca1._023=# (automatically calculated by the system) +conn.ca1._024=# +conn.ca1._025=# conn.ca.list=ca1,ca2...ca<n> +conn.ca1._026=# - list of ca connection IDs for revocation routing +conn.ca1._027=# +conn.ca1._028=# where +conn.ca1._029=# <n> - CA connection ID +conn.ca1._030=######################################### +failover.pod.enable=false +conn.ca1.hostport=[PKI_CA_HOSTNAME]:[PKI_CA_PORT] +conn.ca1.clientNickname=[HSM_LABEL][NICKNAME] +conn.ca1.servlet.enrollment=/ca/ee/ca/profileSubmitSSLClient +conn.ca1.servlet.renewal=/ca/ee/ca/profileSubmitSSLClient +conn.ca1.servlet.revoke=/ca/ee/subsystem/ca/doRevoke +conn.ca1.servlet.unrevoke=/ca/ee/subsystem/ca/doUnrevoke +conn.ca1.retryConnect=3 +conn.ca1.timeout=100 +conn.ca1.SSLOn=true +conn.ca1.keepAlive=true +conn.tks1._000=######################################### +conn.tks1._001=# TKS connection +conn.tks1._002=# +conn.tks1._003=# conn.tks<n>.hostport: +conn.tks1._004=# - host name and port number of your TKS, the format is host:port +conn.tks1._005=# conn.tks<n>.clientNickname: +conn.tks1._006=# - nickname of the client certificate for +conn.tks1._007=# authentication +conn.tks1._008=# conn.tks<n>.servlet.computeSessionKey: +conn.tks1._009=# - servlet to compute session key +conn.tks1._010=# - must be '/tks/computeSessionKey' +conn.tks1._011=# conn.tks<n>.servlet.encryptData: +conn.tks1._012=# - servlet to encrypt data +conn.tks1._013=# - must be '/tks/encryptData' +conn.tks1._014=# conn.tks<n>.servlet.createKeySetData: +conn.tks1._015=# - servlet to create key set data +conn.tks1._016=# - must be '/tks/createKeySetData' +conn.tks1._017=# conn.tks<n>.retryConnect: +conn.tks1._018=# - number of reconnection attempts on failure +conn.tks1._019=# conn.tks<n>.SSLOn +conn.tks1._020=# - enable SSL or not +conn.tks1._021=# conn.tks<n>.keepAlive: +conn.tks1._022=# - enable keep alive or not +conn.tks1._023=# +conn.tks1._024=# where +conn.tks1._025=# <n> - TKS connection ID +conn.tks1._026=# conn.tks<n>.tksSharedSymKeyName: +conn.tks1._027=# - set shared secret key name +conn.tks1._028=######################################### +conn.tks1.hostport=[TKS_HOST]:[TKS_PORT] +conn.tks1.clientNickname=[HSM_LABEL][NICKNAME] +conn.tks1.servlet.computeSessionKey=/tks/agent/tks/computeSessionKey +conn.tks1.servlet.encryptData=/tks/agent/tks/encryptData +conn.tks1.servlet.createKeySetData=/tks/agent/tks/createKeySetData +conn.tks1.servlet.computeRandomData=/tks/agent/tks/computeRandomData +conn.tks1.retryConnect=3 +conn.tks1.timeout=100 +conn.tks1.generateHostChallenge=true +conn.tks1.SSLOn=true +conn.tks1.keepAlive=false +conn.tks1.keySet=defKeySet +conn.tks1.serverKeygen=[SERVER_KEYGEN] +conn.tks1.tksSharedSymKeyName=sharedSecret +conn.drm1._000=######################################### +conn.drm1._001=# DRM connection +conn.drm1._002=# +conn.drm1._003=#conn.drm.totalConns +conn.drm1._004=# - # of DRM connections +conn.drm1._005=#conn.drm<n>.hostport +conn.drm1._006=# - host name and port number of your DRM, the format is host:port +conn.drm1._007=#conn.drm<n>.clientNickname +conn.drm1._008=# - nickname of the client certificate for +conn.drm1._009=# authentication +conn.drm1._010=#conn.drm<n>.servlet.GenerateKeyPair +conn.drm1._011=# - servlet to generate key pairs and archive keys on DRM +conn.drm1._012=# - must be '/kra/GenerateKeyPair' +conn.drm1._013=#conn.drm<n>.servlet.TokenKeyRecovery=/kra/TokenKeyRecovery +conn.drm1._014=# - servlet to handle key recovery +conn.drm1._015=# - must be '/kra/TokenKeyRecovery' +conn.drm1._016=#conn.drm<n>.retryConnect=3 +conn.drm1._017=# - number of reconnection attempts on failure +conn.drm1._018=#conn.drm<n>.SSLOn=true +conn.drm1._019=# - enable SSL or not +conn.drm1._020=#conn.drm<n>.keepAlive=false +conn.drm1._021=# - enable keep alive or not +conn.drm1._022=# +conn.drm1._023=# where +conn.drm1._024=# <n> - DRM connection ID +conn.drm1._025=######################################### +conn.drm.totalConns=1 +conn.drm1.hostport=[DRM_HOST]:[DRM_PORT] +conn.drm1.clientNickname=[HSM_LABEL][NICKNAME] +conn.drm1.servlet.GenerateKeyPair=/kra/agent/kra/GenerateKeyPair +conn.drm1.servlet.TokenKeyRecovery=/kra/agent/kra/TokenKeyRecovery +conn.drm1.retryConnect=3 +conn.drm1.timeout=100 +conn.drm1.SSLOn=true +conn.drm1.keepAlive=false +auth.instance._000=######################################## +auth.instance._001=# publishing +auth.instance._002=# +auth.instance._003=# publisher.instance.<n>.libraryName: +auth.instance._004=# - name of the library specified with a fully qualified path name +auth.instance._005=# publisher.instance.<n>.libraryFactory: +auth.instance._006=# - the name of the function which instantiates the publisher +auth.instance._007=# publisher.instance.<n>.publisherId: +auth.instance._008=# - the publisher ID +auth.instance._009=# +auth.instance._010=# where +auth.instance._011=# <n> - publisher connection ID +auth.instance._012=######################################## +auth.instance._013=######################################### +auth.instance._014=# authentication +auth.instance._015=# +auth.instance._016=# auth.instance.<n>.libraryName: +auth.instance._017=# - name of the library specified with a fully qualified path name +auth.instance._018=# auth.instance.<n>.libraryFactory: +auth.instance._019=# - the name of the function which instantiates the authentication +auth.instance._020=# auth.instance.<n>.authId +auth.instance._021=# - the authentication ID +auth.instance._022=# auth.instance.<n>.hostport +auth.instance._023=# - parameter specific to the given authentication, +auth.instance._024=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._025=# - host name and port number, host:port +auth.instance._026=# - for failover, provide multiple host:port designations +auth.instance._027=# separated by " " +auth.instance._028=# auth.instance.<n>.SSLOn: +auth.instance._029=# - parameter specific to the given authentication, +auth.instance._030=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._031=# - use SSL or not for LDAP service +auth.instance._032=# auth.instance.<n>.retries: +auth.instance._033=# - parameter specific to the given authentication, +auth.instance._034=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._035=# - number of authentication re-attempts when authentication failed +auth.instance._036=# auth.instance.<n>.retryConnect: +auth.instance._037=# - parameter specific to the given authentication, +auth.instance._038=# i. e., LDAPAuthentication (id=ldap1) +auth.instance._039=# - number of connection re-attempts when connection failed +auth.instance._040=# +auth.instance._041=# where +auth.instance._042=# <n> - authentication connection ID +auth.instance._043=######################################### +auth.instance.0.type=LDAP_Authentication +auth.instance.0.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT] +auth.instance.0.libraryFactory=GetAuthentication +auth.instance.0.authId=ldap1 +auth.instance.0.hostport=[LDAP_HOST]:[LDAP_PORT] +auth.instance.0.SSLOn=false +auth.instance.0.retries=1 +auth.instance.0.retryConnect=3 +auth.instance.0.baseDN=[LDAP_ROOT] +auth.instance.0.ssl=false +auth.instance.0.attributes._001=############################################## +auth.instance.0.attributes._002=# attributes will be available +auth.instance.0.attributes._003=# as $auth.<attribute>$ +auth.instance.0.attributes._004=############################################## +auth.instance.0.attributes=mail,cn,uid +auth.instance.0.ui.title.en=LDAP Authentication +auth.instance.0.ui.description.en=This authenticates user against the LDAP directory. +auth.instance.0.ui.id.UID.name.en=LDAP User ID +auth.instance.0.ui.id.PASSWORD.name.en=LDAP Password +auth.instance.0.ui.id.UID.description.en=LDAP User ID +auth.instance.0.ui.id.PASSWORD.description.en=LDAP Password +auth.instance.1.type=LDAP_Authentication +auth.instance.1.libraryName=[SYSTEM_USER_LIBRARIES]/tps/[LIB_PREFIX]ldapauth[OBJ_EXT] +auth.instance.1.libraryFactory=GetAuthentication +auth.instance.1.authId=ldap2 +auth.instance.1.bindDN=cn=Directory Manager +auth.instance.1.bindPWD=[PKI_INSTANCE_PATH]/conf/password.conf +auth.instance.1.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] +auth.instance.1.SSLOn=false +auth.instance.1.retries=1 +auth.instance.1.retryConnect=3 +auth.instance.1.baseDN=[TOKENDB_ROOT] +auth.instance.1.ssl=false +auth.instance.1.attributes._001=############################################## +auth.instance.1.attributes._002=# attributes will be available +auth.instance.1.attributes._003=# as $auth.<attribute>$ +auth.instance.1.attributes._004=############################################## +auth.instance.1.attributes=mail,cn,uid +auth.instance.1.ui.title.en=LDAP Authentication +auth.instance.1.ui.description.en=This authenticates user against the LDAP directory. +auth.instance.1.ui.id.UID.name.en=LDAP User ID +auth.instance.1.ui.id.PASSWORD.name.en=LDAP Password +auth.instance.1.ui.id.UID.description.en=LDAP User ID +auth.instance.1.ui.id.PASSWORD.description.en=LDAP Password +applet._000=######################################### +applet._001=# applet information +applet._002=# SAF Key: +applet._003=# applet.aid.cardmgr_instance=A0000001510000 +applet._004=######################################### +applet.aid.cardmgr_instance=A0000000030000 +applet.aid.netkey_instance=627601FF000000 +applet.aid.netkey_file=627601FF0000 +applet.aid.netkey_old_instance=A00000000101 +applet.aid.netkey_old_file=A000000001 +applet.so_pin=000000000000 +applet.delete_old=true +general.verifyProof=1 +general.applet_ext=ijc +general.search.sizelimit.max=2000 +general.search.sizelimit.default=100 +general.search.timelimit.max=10 +general.search.timelimit.default=10 +general.pwlength.min=16 +channel._000=######################################### +channel._001=# channel.encryption: +channel._002=# +channel._003=# - enable encryption for all operation commands to token +channel._004=# - default is true +channel._005=# channel.blocksize=242 +channel._006=# channel.defKeyVersion=0 +channel._007=# channel.defKeyIndex=0 +channel._008=######################################### +channel.encryption=true +channel.blocksize=248 +channel.defKeyVersion=0 +channel.defKeyIndex=0 +# NOTE: Since the following comments will be 'scrubbed' from any TPS +# instance's configuration file, they will ONLY be viewable in +# the '/usr/share/pki/tps/conf/CS.cfg' TPS subsystem template! +# +# Config the size of memory managed memory in the applet +# Default is 5000, try not go get close to the instanceSize +# which defaults to 18000: +# +# * channel.instanceSize=18000 +# * channel.appletMemorySize=5000 +# +preop.pin=[PKI_RANDOM_NUMBER] +cms.product.version=@APPLICATION_VERSION@ +preop.cert._000=######################################### +preop.cert._001=# Installation configuration "preop" certs parameters +preop.cert._002=######################################### +preop.cert.list=sslserver,subsystem,audit_signing +tps.cert.audit_signing.certusage=ObjectSigner +tps.cert.sslserver.certusage=SSLServer +tps.cert.subsystem.certusage=SSLClient +preop.cert.sslserver.enable=true +preop.cert.subsystem.enable=true +preop.cert.audit_signing.enable=false +preop.cert.sslserver.defaultSigningAlgorithm=SHA256withRSA +preop.cert.sslserver.dn=CN=[PKI_HOSTNAME], OU=[PKI_INSTANCE_NAME] +preop.cert.sslserver.keysize.customsize=2048 +preop.cert.sslserver.keysize.size=2048 +preop.cert.sslserver.keysize.select=default +preop.cert.sslserver.nickname=Server-Cert cert-[PKI_INSTANCE_NAME] +preop.cert.sslserver.profile=caInternalAuthServerCert +preop.cert.sslserver.subsystem=tps +preop.cert._003=#preop.cert.sslserver.type=local +preop.cert.sslserver.userfriendlyname=SSL Server Certificate +preop.cert._004=#preop.cert.sslserver.cncomponent.override=false +preop.cert.subsystem.defaultSigningAlgorithm=SHA256withRSA +preop.cert.subsystem.dn=CN=TPS Subsystem Certificate, OU=[PKI_INSTANCE_NAME] +preop.cert.subsystem.keysize.customsize=2048 +preop.cert.subsystem.keysize.size=2048 +preop.cert.subsystem.keysize.select=default +preop.cert.subsystem.nickname=subsystemCert cert-[PKI_INSTANCE_NAME] +preop.cert.subsystem.profile=caInternalAuthSubsystemCert +preop.cert.subsystem.subsystem=tps +preop.cert._005=#preop.cert.subsystem.type=local +preop.cert.subsystem.userfriendlyname=Subsystem Certificate +preop.cert._006=#preop.cert.subsystem.cncomponent.override=true +preop.cert.audit_signing.defaultSigningAlgorithm=SHA256withRSA +preop.cert.audit_signing.dn=CN=TPS Audit Signing Certificate, OU=[PKI_INSTANCE_NAME] +preop.cert.audit_signing.keysize.customsize=2048 +preop.cert.audit_signing.keysize.size=2048 +preop.cert.audit_signing.keysize.select=default +preop.cert.audit_signing.nickname=auditSigningCert cert-[PKI_INSTANCE_NAME] +preop.cert.audit_signing.profile=caInternalAuthAuditSigningCert +preop.cert.audit_signing.subsystem=tps +preop.cert._005=#preop.cert.audit_signing.type=local +preop.cert.audit_signing.userfriendlyname=Audit Log Signing Certificate +preop.cert._006=#preop.cert.audit_signing.cncomponent.override=true +preop.configModules._000=######################################### +preop.configModules._001=# Installation configuration "preop" module parameters +preop.configModules._002=######################################### +preop.configModules.count=3 +preop.configModules.module0.commonName=NSS Internal PKCS #11 Module +preop.configModules.module0.imagePath=/pki/images/clearpixel.gif +preop.configModules.module0.userFriendlyName=NSS Internal PKCS #11 Module +preop.configModules.module1.commonName=nfast +preop.configModules.module1.imagePath=/pki/images/clearpixel.gif +preop.configModules.module1.userFriendlyName=nCipher's nFast Token Hardware Module +preop.configModules.module2.commonName=lunasa +preop.configModules.module2.imagePath=/pki/images/clearpixel.gif +preop.configModules.module2.userFriendlyName=SafeNet's LunaSA Token Hardware Module +preop.module.token=NSS Certificate DB +preop.keysize._000=######################################### +preop.keysize._001=# Installation configuration "preop" keysize parameters +preop.keysize._002=######################################### +preop.keysize.customsize=2048 +preop.keysize.select=default +preop.keysize.size=2048 +preop.keysize.ecc.size=256 +preop.adminauth.done=false +preop.adminpanel.done=false +preop.agentauth.done=false +preop.authdb.done=false +preop.cainfo.done=false +preop.certprettyprint.done=false +preop.certrequest.done=false +preop.confighsmlogin.done=false +preop.confighsm.done=false +preop.database.done=false +preop.displaycertchain2.done=false +preop.displaycertchain.done=false +preop.donepanel.done=false +preop.drminfo.done=false +preop.importadmincert.done=false +preop.loginpanel.done=false +preop.ModulePanel.done=false +preop.namepanel.done=false +preop.securitydomain.done=false +preop.SizePanel.done=false +preop.subsystemtype.done=false +preop.tksinfo.done=false +preop.welcome.done=false +op.enroll._000=######################################### +op.enroll._001=# Default Operations +op.enroll._002=# +op.enroll._003=# op.<op>.mapping.order=<n>,<n>,<n> +op.enroll._004=# - contains at least one value or a series +op.enroll._005=# of comma-separated mapping values which +op.enroll._006=# are checked in sequential order +op.enroll._007=# op.<op>.mapping.<n>.filter.tokenType=userKey +op.enroll._008=# - can be either empty or token type +op.enroll._009=# specified by the client +op.enroll._010=# op.<op>.mapping.<n>.filter.tokenATR= +op.enroll._011=# - can be either empty or token ATR +op.enroll._012=# specified by the client +op.enroll._013=# op.<op>.mapping.<n>.filter.appletMajorVersion=1 +op.enroll._014=# - can be either empty or applet major version +op.enroll._015=# specified by the client +op.enroll._016=# op.<op>.mapping.<n>.filter.appletMinorVersion= +op.enroll._017=# - can be either empty or applet minor version +op.enroll._018=# specified by the client +op.enroll._019=# - if major and minor versions are both zero, this +op.enroll._020=# indicate there is no applet on the token. +op.enroll._021=# op.<op>.mapping.<n>.target.tokenType=userKey +op.enroll._022=# - if tokenType, tokenATR, appletMajorVersion, +op.enroll._023=# and appletMinorVersion are matched, value in +op.enroll._024=# targetTokenType will be used to locate +op.enroll._025=# the corresponding token profile to +op.enroll._026=# process the request. +op.enroll._027=# +op.enroll._028=# where +op.enroll._029=# <op> - operation; enroll,pinReset,format +op.enroll._030=# <n> - mapping ID; order is specifiable +op.enroll._031=# +op.enroll._032=# Token ATR: +op.enroll._033=# Web Store - 3B759400006202020201 +op.enroll._034=######################################### +op.enroll.mapping.order=0,1,2 +op.enroll.mapping.0.filter.tokenType=userKey +op.enroll.mapping.0.filter.tokenATR= +op.enroll.mapping.0.filter.tokenCUID.start= +op.enroll.mapping.0.filter.tokenCUID.end= +op.enroll.mapping.0.filter.appletMajorVersion=1 +op.enroll.mapping.0.filter.appletMinorVersion= +op.enroll.mapping.0.target.tokenType=userKey +op.enroll.mapping.1.filter.tokenType=soKey +op.enroll.mapping.1.filter.tokenATR= +op.enroll.mapping.1.filter.tokenCUID.start= +op.enroll.mapping.1.filter.tokenCUID.end= +op.enroll.mapping.1.filter.appletMajorVersion= +op.enroll.mapping.1.filter.appletMinorVersion= +op.enroll.mapping.1.target.tokenType=soKey +op.enroll.mapping.2.filter.tokenType= +op.enroll.mapping.2.filter.tokenATR= +op.enroll.mapping.2.filter.tokenCUID.start= +op.enroll.mapping.2.filter.tokenCUID.end= +op.enroll.mapping.2.filter.appletMajorVersion= +op.enroll.mapping.2.filter.appletMinorVersion= +op.enroll.mapping.2.target.tokenType=userKey +op.pinReset.mapping.order=0 +op.pinReset.mapping.0.filter.tokenType= +op.pinReset.mapping.0.filter.tokenATR= +op.pinReset.mapping.0.filter.tokenCUID.start= +op.pinReset.mapping.0.filter.tokenCUID.end= +op.pinReset.mapping.0.filter.appletMajorVersion= +op.pinReset.mapping.0.filter.appletMinorVersion= +op.pinReset.mapping.0.target.tokenType=userKey +op.format.mapping.order=0,1,2,3,4,5,6 +op.format.mapping.0.filter.tokenType=soCleanUserToken +op.format.mapping.0.filter.tokenATR= +op.format.mapping.0.filter.tokenCUID.start= +op.format.mapping.0.filter.tokenCUID.end= +op.format.mapping.0.filter.appletMajorVersion= +op.format.mapping.0.filter.appletMinorVersion= +op.format.mapping.0.target.tokenType=soCleanUserToken +op.format.mapping.1.filter.tokenType=soUserKey +op.format.mapping.1.filter.tokenATR= +op.format.mapping.1.filter.tokenCUID.start= +op.format.mapping.1.filter.tokenCUID.end= +op.format.mapping.1.filter.appletMajorVersion= +op.format.mapping.1.filter.appletMinorVersion= +op.format.mapping.1.target.tokenType=soUserKey +op.format.mapping.2.filter.tokenType=soKey +op.format.mapping.2.filter.tokenATR= +op.format.mapping.2.filter.tokenCUID.start= +op.format.mapping.2.filter.tokenCUID.end= +op.format.mapping.2.filter.appletMajorVersion= +op.format.mapping.2.filter.appletMinorVersion= +op.format.mapping.2.target.tokenType=soKey +op.format.mapping.3.filter.tokenType=userKey +op.format.mapping.3.filter.tokenATR= +op.format.mapping.3.filter.tokenCUID.start= +op.format.mapping.3.filter.tokenCUID.end= +op.format.mapping.3.filter.appletMajorVersion= +op.format.mapping.3.filter.appletMinorVersion= +op.format.mapping.3.target.tokenType=userKey +op.format.mapping.4.filter.tokenType=soCleanSOToken +op.format.mapping.4.filter.tokenATR= +op.format.mapping.4.filter.tokenCUID.start= +op.format.mapping.4.filter.tokenCUID.end= +op.format.mapping.4.filter.appletMajorVersion= +op.format.mapping.4.filter.appletMinorVersion= +op.format.mapping.5.filter.tokenType=cleanToken +op.format.mapping.5.filter.tokenATR= +op.format.mapping.5.filter.tokenCUID.start= +op.format.mapping.5.filter.tokenCUID.end= +op.format.mapping.5.filter.appletMajorVersion= +op.format.mapping.5.filter.appletMinorVersion= +op.format.mapping.5.target.tokenType=cleanToken +op.format.mapping.4.target.tokenType=soCleanSOToken +op.format.mapping.6.filter.tokenATR= +op.format.mapping.6.filter.tokenCUID.start= +op.format.mapping.6.filter.tokenCUID.end= +op.format.mapping.6.filter.appletMajorVersion= +op.format.mapping.6.filter.appletMinorVersion= +op.format.mapping.6.target.tokenType=tokenKey +op.enroll.userKey._000=######################################### +op.enroll.userKey._001=# Enrollment Operation For CoolKey +op.enroll.userKey._002=# +op.enroll.userKey._003=# op.enroll.<tokenType>.keyGen.<keyType>.keySize=1024 +op.enroll.userKey._004=# - size of the key the token should generate +op.enroll.userKey._005=# - max value: 1024 +op.enroll.userKey._006=# +op.enroll.userKey._007=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.encrypt=false +op.enroll.userKey._008=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sign=true +op.enroll.userKey._009=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.signRecover=true +op.enroll.userKey._010=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.decrypt=false +op.enroll.userKey._011=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.derive=false +op.enroll.userKey._012=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.unwrap=false +op.enroll.userKey._013=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.wrap=false +op.enroll.userKey._014=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verifyRecover=true +op.enroll.userKey._015=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.verify=true +op.enroll.userKey._016=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.sensitive=true +op.enroll.userKey._017=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.private=true +op.enroll.userKey._018=# op.enroll.<tokenType>.keyGen.<keyType>.keyCapabilities.token=true +op.enroll.userKey._019=# - specify the PKCS11 attributes to set on the token +op.enroll.userKey._020=# +op.enroll.userKey._021=# op.enroll.userKey.keyGen.signing.cuid_label +op.enroll.userKey._022=# - specify the CUID shown in the certificate +op.enroll.userKey._023=# +op.enroll.userKey._024=# op.enroll.userKey.keyGen.signing.label +op.enroll.userKey._025=# - specify the token name. all resulting labels for co-existing keys +op.enroll.userKey._026=# on the same token must be unique +op.enroll.userKey._027=# - $pretty_cuid$ - Pretty Print CUID (i.e. 4090-0062-FF02-0000-0B9C) +op.enroll.userKey._028=# - $cuid$ - CUID (i.e. 40900062FF0200000B9C) +op.enroll.userKey._029=# - $msn$ - MSN +op.enroll.userKey._030=# - $userid$ - User ID +op.enroll.userKey._031=# - $profileId$ - Profile ID +op.enroll.userKey._032=# +op.enroll.userKey._033=# op.enroll.<tokenType>.keyGen.<keyType>.overwrite=true|false +op.enroll.userKey._034=# - if key and certificate exist, should RA overwrite them +op.enroll.userKey._035=# +op.enroll.userKey._036=# op.enroll.<tokenType>.keyGen.<keyType>.certId=C1 +op.enroll.userKey._037=# op.enroll.<tokenType>.keyGen.<keyType>.certAttrId=c1 +op.enroll.userKey._038=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyAttrId=k2 +op.enroll.userKey._039=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyAttrId=k3 +op.enroll.userKey._040=# op.enroll.<tokenType>.keyGen.<keyType>.privateKeyNumber=2 +op.enroll.userKey._041=# op.enroll.<tokenType>.keyGen.<keyType>.publicKeyNumber=3 +op.enroll.userKey._042=# - specify name PKCS11 object IDs +op.enroll.userKey._043=# - Lower case letters signify objects containing PKCS11 object attributes, +op.enroll.userKey._044=# in the format described below. +op.enroll.userKey._045=# 'c' An object containing PKCS11 attributes for a certificate. +op.enroll.userKey._046=# 'k' An object containing PKCS11 attributes for a public or private key +op.enroll.userKey._047=# 'r' An object containing PKCS11 attributes for an "reader". +op.enroll.userKey._048=# - Upper case letters signify objects containing raw data corresponding to +op.enroll.userKey._049=# the lower case letters described above. For example, object "C0" +op.enroll.userKey._050=# contains raw data corresponding to object "c0". +op.enroll.userKey._051=# 'C' This object contains an entire DER cert, and nothing else. +op.enroll.userKey._052=# 'K' This object contains a MUSCLE "key blob". TPS does not use this. +op.enroll.userKey._053=# +op.enroll.userKey._054=# op.enroll.<tokenType>.keyGen.<keyType>.keyUsage=0 +op.enroll.userKey._055=# op.enroll.<tokenType>.keyGen.<keyType>.keyUser=0 +op.enroll.userKey._056=# - user specifies which PIN user should be granted +op.enroll.userKey._057=# use privilege of the generated private key, or +op.enroll.userKey._058=# 15 if all users have use privilege for the private key +op.enroll.userKey._059=# - Valid uage: (only specifies the usage for the private key) +op.enroll.userKey._060=# 0 - default usage (Signing only for this APDU) +op.enroll.userKey._061=# 1 - signing only +op.enroll.userKey._062=# 2 - decryption only +op.enroll.userKey._063=# 3 - signing and decryption +op.enroll.userKey._064=# +op.enroll.userKey._065=# op.enroll.<tokenType>.pkcs11obj.enable=true|false +op.enroll.userKey._066=# - enable writing of PKCS11 cache object to the token +op.enroll.userKey._067=# +op.enroll.userKey._068=# op.enroll.<tokenType>.pkcs11obj.compress.enable=true|false +op.enroll.userKey._069=# - enable compression for writing of PKCS11 cache object to the token +op.enroll.userKey._070=# +op.enroll.userKey._071=# op.enroll.<tokenType>.pinReset.pin.maxRetries=127 +op.enroll.userKey._072=# - max number of retries before blocking the token +op.enroll.userKey._073=# - max value: 127 +op.enroll.userKey._074=# +op.enroll.userKey._075=# There is a special case of tokenType userKeyTemporary. +op.enroll.userKey._076=# Make sure the profile specified by the profileId to have +op.enroll.userKey._077=# short validity period (eg, 7 days) for the certificate. +op.enroll.userKey._078=# +op.enroll.userKey._079=# The three recovery schemes supported are: +op.enroll.userKey._080=# +op.enroll.userKey._081=# * GenerateNewKey - Generate a new +op.enroll.userKey._082=# cert for the +op.enroll.userKey._083=# encryption cert. +op.enroll.userKey._084=# * RecoverLast - Recover the most +op.enroll.userKey._085=# recent cert for the +op.enroll.userKey._086=# encryption cert. +op.enroll.userKey._087=# * GenerateNewKeyandRecoverLast - Generate new cert AND +op.enroll.userKey._088=# recover last for +op.enroll.userKey._089=# encryption cert. +op.enroll.userKey._090=######################################### +op.enroll.allowUnknownToken=true +op.enroll.userKey.temporaryToken.tokenType=userKeyTemporary +op.enroll.userKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.userKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.userKey.keyGen.tokenName=$auth.cn$ +op.enroll.userKey.keyGen.keyType.num=2 +op.enroll.userKey.keyGen.keyType.value.0=signing +op.enroll.userKey.keyGen.keyType.value.1=encryption +op.enroll.userKey.keyGen.signing.keySize=1024 +op.enroll.userKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.signing.label=signing key for $userid$ +op.enroll.userKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKey.keyGen.signing.overwrite=true +op.enroll.userKey.keyGen.signing.certId=C1 +op.enroll.userKey.keyGen.signing.certAttrId=c1 +op.enroll.userKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKey.keyGen.signing.keyUsage=0 +op.enroll.userKey.keyGen.signing.keyUser=0 +op.enroll.userKey.keyGen.signing.privateKeyNumber=2 +op.enroll.userKey.keyGen.signing.publicKeyNumber=3 +op.enroll.userKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.userKey.keyGen.signing.ca.conn=ca1 +op.enroll.userKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.userKey.keyGen.encryption.keySize=1024 +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKey.keyGen.encryption.overwrite=true +op.enroll.userKey.keyGen.encryption.certId=C2 +op.enroll.userKey.keyGen.encryption.certAttrId=c2 +op.enroll.userKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKey.keyGen.encryption.keyUsage=0 +op.enroll.userKey.keyGen.encryption.keyUser=0 +op.enroll.userKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.userKey.keyGen.encryption.ca.conn=ca1 +op.enroll.userKey.pkcs11obj.enable=true +op.enroll.userKey.pkcs11obj.compress.enable=true +op.enroll.userKey.update.applet.emptyToken.enable=true +op.enroll.userKey.update.applet.enable=true +op.enroll.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.userKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKey.update.applet.encryption=true +op.enroll.userKey.update.symmetricKeys.enable=false +op.enroll.userKey.update.symmetricKeys.requiredVersion=1 +op.enroll.userKey.loginRequest.enable=true +op.enroll.userKey.pinReset.enable=true +op.enroll.userKey.pinReset.pin.maxRetries=127 +op.enroll.userKey.pinReset.pin.minLen=4 +op.enroll.userKey.pinReset.pin.maxLen=10 +op.enroll.userKey.cardmgr_instance=A0000000030000 +op.enroll.userKey.tks.conn=tks1 +op.enroll.userKey.auth.id=ldap1 +op.enroll.userKey.auth.enable=true +op.enroll.userKey.issuerinfo.enable=true +op.enroll.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.userKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.userKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.userKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.userKey.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.userKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.userKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.userKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.userKeyTemporary.keyGen.keyType.num=3 +op.enroll.userKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.userKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.userKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.userKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.userKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.auth.overwrite=false +op.enroll.userKeyTemporary.keyGen.auth.certId=C0 +op.enroll.userKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.userKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.userKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.userKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.userKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.userKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.userKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.userKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.userKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.userKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.signing.overwrite=true +op.enroll.userKeyTemporary.keyGen.signing.certId=C1 +op.enroll.userKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.userKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.userKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.userKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.userKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.userKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.userKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.userKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.userKey._080=#op.enroll.userKeyTemporary.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.userKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.userKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.userKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.userKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.userKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.userKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.userKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.userKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.userKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.userKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.userKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.userKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.userKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.userKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.userKeyTemporary.pkcs11obj.enable=true +op.enroll.userKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.userKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.userKeyTemporary.update.applet.enable=true +op.enroll.userKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.userKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.userKeyTemporary.update.applet.encryption=true +op.enroll.userKeyTemporary.update.symmetricKeys.enable=false +op.enroll.userKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.userKeyTemporary.loginRequest.enable=true +op.enroll.userKeyTemporary.pinReset.enable=true +op.enroll.userKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.userKeyTemporary.pinReset.pin.minLen=4 +op.enroll.userKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.userKeyTemporary.tks.conn=tks1 +op.enroll.userKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.userKeyTemporary.auth.id=ldap1 +op.enroll.userKeyTemporary.auth.enable=true +op.enroll.userKey.renewal._000=######################################### +op.enroll.userKey.renewal._001=# Token Renewal. +op.enroll.userKey.renewal._002=# +op.enroll.userKey.renewal._003=# For each token in TPS UI, set the +op.enroll.userKey.renewal._004=# following to trigger renewal +op.enroll.userKey.renewal._005=# operations: +op.enroll.userKey.renewal._006=# +op.enroll.userKey.renewal._007=# RENEW=YES +op.enroll.userKey.renewal._008=# +op.enroll.userKey.renewal._009=# Optional grace period enforcement +op.enroll.userKey.renewal._010=# must coincide exactly with what +op.enroll.userKey.renewal._011=# the CA enforces. +op.enroll.userKey.renewal._012=# +op.enroll.userKey.renewal._013=# In case of renewal, encryption certId +op.enroll.userKey.renewal._014=# values are for completeness only, server +op.enroll.userKey.renewal._015=# code calculates actual values used. +op.enroll.userKey.renewal._016=# +op.enroll.userKey.renewal._017=######################################### +op.enroll.userKey.renewal.keyType.num=2 +op.enroll.userKey.renewal.keyType.value.0=signing +op.enroll.userKey.renewal.keyType.value.1=encryption +op.enroll.userKey.renewal.signing.enable=true +op.enroll.userKey.renewal.signing.gracePeriod.enable=false +op.enroll.userKey.renewal.signing.gracePeriod.before=30 +op.enroll.userKey.renewal.signing.gracePeriod.after=30 +op.enroll.userKey.renewal.signing.certId=C1 +op.enroll.userKey.renewal.encryption.certId=C2 +op.enroll.userKey.renewal.signing.certAttrId=c1 +op.enroll.userKey.renewal.encryption.certAttrId=c2 +op.enroll.userKey.renewal.encryption.enable=true +op.enroll.userKey.renewal.encryption.gracePeriod.enable=false +op.enroll.userKey.renewal.encryption.gracePeriod.before=30 +op.enroll.userKey.renewal.encryption.gracePeriod.after=30 +op.enroll.userKey.renewal.signing.ca.conn=ca1 +op.enroll.userKey.renewal.encryption.ca.conn=ca1 +op.enroll.userKey.renewal.signing.ca.profileId=caTokenUserSigningKeyRenewal +op.enroll.userKey.renewal.encryption.ca.profileId=caTokenUserEncryptionKeyRenewal +op.enroll.soKey.temporaryToken.tokenType=soKeyTemporary +op.enroll.soKey.keyGen.recovery.destroyed.keyType.num=2 +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.destroyed.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.recovery.destroyed.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert=false +op.enroll.soKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0 +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.num=2 +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.keyCompromise.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.keyCompromise.revokeCert.reason=1 +op.enroll.soKey.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKey.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.signing.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.encryption.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKey.keyGen.encryption.recovery.onHold.revokeCert.reason=6 +op.enroll.soKey.keyGen.tokenName=$auth.cn$ +op.enroll.soKey.keyGen.keyType.num=2 +op.enroll.soKey.keyGen.keyType.value.0=signing +op.enroll.soKey.keyGen.keyType.value.1=encryption +op.enroll.soKey.keyGen.signing.keySize=1024 +op.enroll.soKey.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKey.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.signing.label=signing key for $userid$ +op.enroll.soKey.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKey.keyGen.signing.overwrite=true +op.enroll.soKey.keyGen.signing.certId=C1 +op.enroll.soKey.keyGen.signing.certAttrId=c1 +op.enroll.soKey.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKey.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKey.keyGen.signing.keyUsage=0 +op.enroll.soKey.keyGen.signing.keyUser=0 +op.enroll.soKey.keyGen.signing.privateKeyNumber=2 +op.enroll.soKey.keyGen.signing.publicKeyNumber=3 +op.enroll.soKey.keyGen.signing.ca.profileId=caTokenUserSigningKeyEnrollment +op.enroll.soKey.keyGen.signing.ca.conn=ca1 +op.enroll.soKey._079=#op.enroll.userKey.keyGen.signing.publisherId=fileBasedPublisher +op.enroll.soKey.keyGen.encryption.keySize=1024 +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKey.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKey.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKey.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKey.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKey.keyGen.encryption.overwrite=true +op.enroll.soKey.keyGen.encryption.certId=C2 +op.enroll.soKey.keyGen.encryption.certAttrId=c2 +op.enroll.soKey.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKey.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKey.keyGen.encryption.keyUsage=0 +op.enroll.soKey.keyGen.encryption.keyUser=0 +op.enroll.soKey.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKey.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKey.keyGen.encryption.ca.profileId=caTokenUserEncryptionKeyEnrollment +op.enroll.soKey.keyGen.encryption.ca.conn=ca1 +op.enroll.soKey.pkcs11obj.enable=true +op.enroll.soKey.pkcs11obj.compress.enable=true +op.enroll.soKey.update.applet.emptyToken.enable=true +op.enroll.soKey.update.applet.enable=true +op.enroll.soKey.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.soKey.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKey.update.applet.encryption=true +op.enroll.soKey.update.symmetricKeys.enable=false +op.enroll.soKey.update.symmetricKeys.requiredVersion=1 +op.enroll.soKey.loginRequest.enable=true +op.enroll.soKey.pinReset.enable=true +op.enroll.soKey.pinReset.pin.maxRetries=127 +op.enroll.soKey.pinReset.pin.minLen=4 +op.enroll.soKey.pinReset.pin.maxLen=10 +op.enroll.soKey.cardmgr_instance=A0000000030000 +op.enroll.soKey.tks.conn=tks1 +op.enroll.soKey.auth.id=ldap2 +op.enroll.soKey.auth.enable=true +op.enroll.soKey.issuerinfo.enable=true +op.enroll.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.num=2 +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.0=signing +op.enroll.soKeyTemporary.keyGen.recovery.onHold.keyType.value.1=encryption +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.scheme=GenerateNewKey +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.signing.recovery.onHold.revokeCert.reason=0 +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.scheme=RecoverLast +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert=true +op.enroll.soKeyTemporary.keyGen.encryption.recovery.onHold.revokeCert.reason=0 +op.enroll.soKey.keyGen.encryption.serverKeygen.enable=[SERVER_KEYGEN] +op.enroll.soKey.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.soKey.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.enable=true +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.drm.conn=drm1 +op.enroll.soKeyTemporary.keyGen.encryption.serverKeygen.archive=true +op.enroll.soKeyTemporary.keyGen.tokenName=$auth.cn$ (Temporary) +op.enroll.soKeyTemporary.keyGen.keyType.num=3 +op.enroll.soKeyTemporary.keyGen.keyType.value.0=auth +op.enroll.soKeyTemporary.keyGen.keyType.value.1=signing +op.enroll.soKeyTemporary.keyGen.keyType.value.2=encryption +op.enroll.soKeyTemporary.keyGen.auth.keySize=1024 +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.auth.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.auth.label=Temporary Key for $userid$ +op.enroll.soKeyTemporary.keyGen.auth.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.auth.overwrite=false +op.enroll.soKeyTemporary.keyGen.auth.certId=C0 +op.enroll.soKeyTemporary.keyGen.auth.certAttrId=c0 +op.enroll.soKeyTemporary.keyGen.auth.privateKeyAttrId=k0 +op.enroll.soKeyTemporary.keyGen.auth.publicKeyAttrId=k1 +op.enroll.soKeyTemporary.keyGen.auth.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.auth.keyUser=15 +op.enroll.soKeyTemporary.keyGen.auth.privateKeyNumber=0 +op.enroll.soKeyTemporary.keyGen.auth.publicKeyNumber=1 +op.enroll.soKeyTemporary.keyGen.auth.ca.profileId=caTempTokenDeviceKeyEnrollment +op.enroll.soKeyTemporary.keyGen.auth.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.signing.keySize=1024 +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verifyRecover=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.verify=true +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.signing.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sign=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.signRecover=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.signing.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.signing.label=signing key for $userid$ +op.enroll.soKeyTemporary.keyGen.signing.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.signing.overwrite=true +op.enroll.soKeyTemporary.keyGen.signing.certId=C1 +op.enroll.soKeyTemporary.keyGen.signing.certAttrId=c1 +op.enroll.soKeyTemporary.keyGen.signing.privateKeyAttrId=k2 +op.enroll.soKeyTemporary.keyGen.signing.publicKeyAttrId=k3 +op.enroll.soKeyTemporary.keyGen.signing.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.signing.keyUser=0 +op.enroll.soKeyTemporary.keyGen.signing.privateKeyNumber=2 +op.enroll.soKeyTemporary.keyGen.signing.publicKeyNumber=3 +op.enroll.soKeyTemporary.keyGen.signing.ca.profileId=caTempTokenUserSigningKeyEnrollment +op.enroll.soKeyTemporary.keyGen.signing.ca.conn=ca1 +op.enroll.soKeyTemporary.keyGen.encryption.keySize=1024 +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.encrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.decrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.unwrap=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.wrap=true +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.sensitive=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.private=false +op.enroll.soKeyTemporary.keyGen.encryption.public.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.encrypt=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sign=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.signRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.decrypt=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.derive=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.unwrap=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.wrap=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verifyRecover=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.verify=false +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.sensitive=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.private=true +op.enroll.soKeyTemporary.keyGen.encryption.private.keyCapabilities.token=true +op.enroll.soKeyTemporary.keyGen.encryption.label=encryption key for $userid$ +op.enroll.soKeyTemporary.keyGen.encryption.cuid_label=$cuid$ +op.enroll.soKeyTemporary.keyGen.encryption.overwrite=true +op.enroll.soKeyTemporary.keyGen.encryption.certId=C2 +op.enroll.soKeyTemporary.keyGen.encryption.certAttrId=c2 +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyAttrId=k4 +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyAttrId=k5 +op.enroll.soKeyTemporary.keyGen.encryption.keyUsage=0 +op.enroll.soKeyTemporary.keyGen.encryption.keyUser=0 +op.enroll.soKeyTemporary.keyGen.encryption.privateKeyNumber=4 +op.enroll.soKeyTemporary.keyGen.encryption.publicKeyNumber=5 +op.enroll.soKeyTemporary.keyGen.encryption.ca.profileId=caTempTokenUserEncryptionKeyEnrollment +op.enroll.soKeyTemporary.keyGen.encryption.ca.conn=ca1 +op.enroll.soKeyTemporary.pkcs11obj.enable=true +op.enroll.soKeyTemporary.pkcs11obj.compress.enable=true +op.enroll.soKeyTemporary.update.applet.emptyToken.enable=true +op.enroll.soKeyTemporary.update.applet.enable=true +op.enroll.soKeyTemporary.update.applet.requiredVersion=1.4.4d40a449 +op.enroll.soKeyTemporary.update.applet.directory=[TPS_DIR]/applets +op.enroll.soKeyTemporary.update.applet.encryption=true +op.enroll.soKeyTemporary.update.symmetricKeys.enable=false +op.enroll.soKeyTemporary.update.symmetricKeys.requiredVersion=1 +op.enroll.soKeyTemporary.loginRequest.enable=true +op.enroll.soKeyTemporary.pinReset.enable=true +op.enroll.soKeyTemporary.pinReset.pin.maxRetries=127 +op.enroll.soKeyTemporary.pinReset.pin.minLen=4 +op.enroll.soKeyTemporary.pinReset.pin.maxLen=10 +op.enroll.soKeyTemporary.cardmgr_instance=A0000000030000 +op.enroll.soKeyTemporary.tks.conn=tks1 +op.enroll.soKeyTemporary.tks.keySet=defKeyset +op.enroll.soKeyTemporary.auth.id=ldap2 +op.enroll.soKeyTemporary.auth.enable=true +op.pinReset._000=######################################### +op.pinReset._001=# Certificate Chain Imports +op.pinReset._002=# +op.pinReset._003=# op.enroll.certificates.num=1 +op.pinReset._004=# op.enroll.certificates.value.0=caCert +op.pinReset._005=# op.enroll.certificates.caCert.nickName=caCert0 pki-tps +op.pinReset._006=# op.enroll.certificates.caCert.certId=C5 +op.pinReset._007=# op.enroll.certificates.caCert.certAttrId=c5 +op.pinReset._008=# op.enroll.certificates.caCert.label=caCert Label +op.pinReset._009=######################################### +op.pinReset._010=######################################### +op.pinReset._011=# Pin Reset Operation For CoolKey +op.pinReset._012=# +op.pinReset._013=# op.pinReset.userKey.update.applet.emptyToken.enable=false +op.pinReset._014=# - update applet or not if token is empty +op.pinReset._015=# +op.pinReset._016=# - N/A for HouseKey +op.pinReset._017=# - N/A for HouseKey with Legacy Applet +op.pinReset._018=######################################### +op.pinReset.userKey.update.applet.emptyToken.enable=true +op.pinReset.userKey.update.applet.enable=false +op.pinReset.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.pinReset.userKey.update.applet.directory=[TPS_DIR]/applets +op.pinReset.userKey.update.applet.encryption=true +op.pinReset.userKey.update.symmetricKeys.enable=false +op.pinReset.userKey.update.symmetricKeys.requiredVersion=1 +op.pinReset.userKey.loginRequest.enable=true +op.pinReset.userKey.pinReset.pin.minLen=4 +op.pinReset.userKey.pinReset.pin.maxLen=10 +op.pinReset.userKey.tks.conn=tks1 +op.pinReset.userKey.cardmgr_instance=A0000000030000 +op.pinReset.userKey.auth.id=ldap1 +op.pinReset.userKey.auth.enable=true +op.format._000=######################################### +op.format._001=# Format Operation For tokenKey +op.format._002=# +op.format._003=# op.format.tokenKey.update.applet.emptyToken.enable=false +op.format._004=# - update applet or not if token is empty +op.format._005=# +op.format._006=# - applicable to CoolKey +op.format._007=# - applicable to HouseKey +op.format._008=# - applicable to HouseKey with Legacy Applet +op.format._009=######################################### +op.format.allowUnknownToken=true +op.format.soCleanUserToken.update.applet.emptyToken.enable=true +op.format.soCleanUserToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.soCleanUserToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanUserToken.update.applet.encryption=true +op.format.soCleanUserToken.update.symmetricKeys.enable=false +op.format.soCleanUserToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanUserToken.revokeCert=true +op.format.soCleanUserToken.ca.conn=ca1 +op.format.soCleanUserToken.loginRequest.enable=false +op.format.soCleanUserToken.cardmgr_instance=A0000000030000 +op.format.soCleanUserToken.tks.conn=tks1 +op.format.soCleanUserToken.auth.id=ldap1 +op.format.soCleanUserToken.auth.enable=false +op.format.soCleanUserToken.issuerinfo.enable=true +op.format.soCleanUserToken.issuerinfo.value= +op.format.soCleanSOToken.update.applet.emptyToken.enable=true +op.format.soCleanSOToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.soCleanSOToken.update.applet.directory=[TPS_DIR]/applets +op.format.soCleanSOToken.update.applet.encryption=true +op.format.soCleanSOToken.update.symmetricKeys.enable=false +op.format.soCleanSOToken.update.symmetricKeys.requiredVersion=1 +op.format.soCleanSOToken.revokeCert=true +op.format.soCleanSOToken.ca.conn=ca1 +op.format.soCleanSOToken.loginRequest.enable=false +op.format.soCleanSOToken.cardmgr_instance=A0000000030000 +op.format.soCleanSOToken.tks.conn=tks1 +op.format.soCleanSOToken.auth.id=ldap1 +op.format.soCleanSOToken.auth.enable=false +op.format.soCleanSOToken.issuerinfo.enable=true +op.format.soCleanSOToken.issuerinfo.value= +op.format.cleanToken.update.applet.emptyToken.enable=true +op.format.cleanToken.update.applet.requiredVersion=1.4.4d40a449 +op.format.cleanToken.update.applet.directory=[TPS_DIR]/applets +op.format.cleanToken.update.applet.encryption=true +op.format.cleanToken.update.symmetricKeys.enable=false +op.format.cleanToken.update.symmetricKeys.requiredVersion=1 +op.format.cleanToken.revokeCert=true +op.format.cleanToken.ca.conn=ca1 +op.format.cleanToken.loginRequest.enable=true +op.format.cleanToken.cardmgr_instance=A0000000030000 +op.format.cleanToken.tks.conn=tks1 +op.format.cleanToken.auth.id=ldap1 +op.format.cleanToken.auth.enable=false +op.format.cleanToken.issuerinfo.enable=true +op.format.cleanToken.issuerinfo.value= +op.format.soUserKey.update.applet.emptyToken.enable=true +op.format.soUserKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.soUserKey.update.applet.directory=[TPS_DIR]/applets +op.format.soUserKey.update.applet.encryption=true +op.format.soUserKey.update.symmetricKeys.enable=false +op.format.soUserKey.update.symmetricKeys.requiredVersion=1 +op.format.soUserKey.revokeCert=true +op.format.soUserKey.ca.conn=ca1 +op.format.soUserKey.loginRequest.enable=false +op.format.soUserKey.cardmgr_instance=A0000000030000 +op.format.soUserKey.tks.conn=tks1 +op.format.soUserKey.auth.id=ldap1 +op.format.soUserKey.auth.enable=false +op.format.soUserKey.issuerinfo.enable=true +op.format.soUserKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.soKey.update.applet.emptyToken.enable=true +op.format.soKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.soKey.update.applet.directory=[TPS_DIR]/applets +op.format.soKey.update.applet.encryption=true +op.format.soKey.update.symmetricKeys.enable=false +op.format.soKey.update.symmetricKeys.requiredVersion=1 +op.format.soKey.revokeCert=true +op.format.soKey.ca.conn=ca1 +op.format.soKey.loginRequest.enable=true +op.format.soKey.cardmgr_instance=A0000000030000 +op.format.soKey.tks.conn=tks1 +op.format.soKey.auth.id=ldap2 +op.format.soKey.auth.enable=true +op.format.soKey.issuerinfo.enable=true +op.format.soKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/so/index.cgi +op.format.userKey.update.applet.emptyToken.enable=true +op.format.userKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.userKey.update.applet.directory=[TPS_DIR]/applets +op.format.userKey.update.applet.encryption=true +op.format.userKey.update.symmetricKeys.enable=false +op.format.userKey.update.symmetricKeys.requiredVersion=1 +op.format.userKey.revokeCert=true +op.format.userKey.ca.conn=ca1 +op.format.userKey.loginRequest.enable=true +op.format.userKey.cardmgr_instance=A0000000030000 +op.format.userKey.tks.conn=tks1 +op.format.userKey.auth.id=ldap1 +op.format.userKey.auth.enable=true +op.format.userKey.issuerinfo.enable=true +op.format.userKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +op.format.tokenKey.update.applet.emptyToken.enable=true +op.format.tokenKey.update.applet.requiredVersion=1.4.4d40a449 +op.format.tokenKey.update.applet.directory=[TPS_DIR]/applets +op.format.tokenKey.update.applet.encryption=true +op.format.tokenKey.update.symmetricKeys.enable=false +op.format.tokenKey.update.symmetricKeys.requiredVersion=1 +op.format.tokenKey.revokeCert=true +op.format.tokenKey.ca.conn=ca1 +op.format.tokenKey.loginRequest.enable=true +op.format.tokenKey.cardmgr_instance=A0000000030000 +op.format.tokenKey.tks.conn=tks1 +op.format.tokenKey.auth.id=ldap1 +op.format.tokenKey.auth.enable=true +op.format.tokenKey.issuerinfo.enable=true +op.format.tokenKey.issuerinfo.value=http://[PKI_HOSTNAME]:[PKI_UNSECURE_PORT]/cgi-bin/home/index.cgi +tokendb._000=######################################### +tokendb._001=# tokendb.auditLog: +tokendb._002=# - audit log path +tokendb._003=# tokendb.host: +tokendb._004=# - tokendb host name +tokendb._005=# tokendb.port: +tokendb._006=# - tokendb port number +tokendb._007=# tokendb.bindDN: +tokendb._008=# - tokendb administration DN (i.e. cn=Directory Manager) +tokendb._009=# tokendb.bindPassPath: +tokendb._010=# - tokendb administration password file path +tokendb._011=# tokendb.templateDir +tokendb._012=# - directory where all the tokendb templates are located +tokendb._013=# tokendb.userBaseDN: +tokendb._014=# - directory base DN for users and groups +tokendb._015=# tokendb.baseDN: +tokendb._016=# - directory base DN for tokens +tokendb._017=# tokendb.activityBaseDN: +tokendb._018=# - directory base DN for activities +tokendb._019=# tokendb.indexTemplate=index.template +tokendb._020=# - index template +tokendb._021=# tokendb.newTemplate=new.template +tokendb._022=# - add template +tokendb._023=# tokendb.showTemplate=show.template +tokendb._024=# - show template +tokendb._025=# tokendb.errorTemplate=error.template +tokendb._026=# - error template +tokendb._027=# tokendb.searchTemplate=search.template +tokendb._028=# - search template +tokendb._029=# tokendb.searchResultTemplate=searchResults.template +tokendb._030=# - search result template +tokendb._031=# tokendb.editTemplate=edit.template +tokendb._032=# - edit template +tokendb._033=# tokendb.editResultTemplate=editResults.template +tokendb._034=# - edit result template +tokendb._035=# tokendb.addResultTemplate=addResults.template +tokendb._036=# - add result template +tokendb._037=# tokendb.deleteResultTemplate=deleteResults.template +tokendb._038=# - delete result template +tokendb._039=# tokendb.searchActivityTemplate=searchActivity.template +tokendb._040=# - search activity template +tokendb._041=# tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb._042=# - search activity result template +tokendb._043=# tokendb.showAdminTemplate=showAdmin.template +tokendb._044=# - show admin template +tokendb._045=# tokendb.editAdminTemplate=editAdmin.template +tokendb._046=# - edit admin template +tokendb._047=# tokendb.editAdminResultTemplate=editAdminResults.template +tokendb._048=# - edit admin result template +tokendb._049=# tokendb.searchAdminTemplate=searchAdmin.template +tokendb._050=# - search admin template +tokendb._051=# tokendb.searchAdminResultTemplate=searchAdminResults.template +tokendb._052=# - search admin result template +tokendb._053=# tokendb.defaultPolicy: +tokendb._054=# Supported Policy (Separated by ; [Semicolon]): +tokendb._055=# For example, PIN_RESET=YES|NO;RE_ENROLL=YES|NO +tokendb._056=# PIN_RESET=YES|NO +tokendb._057=# - If not present, pin reset by user is allowed. +tokendb._058=# - If present and agent change PIN_RESET from NO +tokendb._059=# to YES, user is allowed to do pin reset. This +tokendb._060=# policy will be changed back to NO after pin reset. +tokendb._061=# RE_ENROLL=YES|NO +tokendb._062=# - If not present, re-enrollment is allowed. +tokendb._063=# - If present, re-enrollment is allowed when RE_ENROLL +tokendb._064=# is set to YES. Otherwise, re-enrollment is not +tokendb._065=# allowed. +tokendb._066=# tokendb.allowedTransitions: +tokendb._067=# - has transitions between the following states +tokendb._068=# TOKEN_UNINITIALIZED = 0, +tokendb._069=# TOKEN_DAMAGED =1, +tokendb._070=# TOKEN_PERM_LOST=2, +tokendb._071=# TOKEN_TEMP_LOST=3, +tokendb._072=# TOKEN_FOUND =4, +tokendb._073=# TOKEN_TEMP_LOST_PERM_LOST =5, +tokendb._074=# TOKEN_TERMINATED = 6 +tokendb._075=######################################### +tokendb.auditLog=[PKI_INSTANCE_PATH]/logs/tokendb-audit.log +tokendb.hostport=[TOKENDB_HOST]:[TOKENDB_PORT] +tokendb.ssl=false +tokendb.bindDN=cn=Directory Manager +tokendb.bindPassPath=[PKI_INSTANCE_PATH]/conf/password.conf +tokendb.templateDir=[PKI_INSTANCE_PATH]/docroot/tus +tokendb.userBaseDN=[TOKENDB_ROOT] +tokendb.baseDN=ou=Tokens,[TOKENDB_ROOT] +tokendb.activityBaseDN=ou=Activities,[TOKENDB_ROOT] +tokendb.certBaseDN=ou=Certificates,[TOKENDB_ROOT] +tokendb.indexTemplate=index.template +tokendb.indexAdminTemplate=indexAdmin.template +tokendb.newTemplate=new.template +tokendb.showTemplate=show.template +tokendb.showCertTemplate=showCert.template +tokendb.errorTemplate=error.template +tokendb.searchTemplate=search.template +tokendb.searchResultTemplate=searchResults.template +tokendb.searchCertificateResultTemplate=searchCertificateResults.template +tokendb.editTemplate=edit.template +tokendb.editResultTemplate=editResults.template +tokendb.addResultTemplate=addResults.template +tokendb.deleteTemplate=delete.template +tokendb.deleteResultTemplate=deleteResults.template +tokendb.searchActivityTemplate=searchActivity.template +tokendb.searchCertificateTemplate=searchCertificate.template +tokendb.searchActivityResultTemplate=searchActivityResults.template +tokendb.searchActivityAdminTemplate=searchActivityAdmin.template +tokendb.searchActivityAdminResultTemplate=searchActivityAdminResults.template +tokendb.showAdminTemplate=showAdmin.template +tokendb.doTokenTemplate=doToken.template +tokendb.doTokenConfirmTemplate=doTokenConfirm.template +tokendb.revokeTemplate=revoke.template +tokendb.searchAdminTemplate=searchAdmin.template +tokendb.searchAdminResultTemplate=searchAdminResults.template +tokendb.defaultPolicy=RE_ENROLL=YES +tokendb.newUserTemplate=newUser.template +tokendb.userDeleteTemplate=userDelete.template +tokendb.searchUserResultTemplate=searchUserResults.template +tokendb.searchUserTemplate=searchUser.template +tokendb.editUserTemplate=editUser.template +tokendb.indexOperatorTemplate=indexOperator.template +tokendb.selfTestTemplate=selfTest.template +tokendb.selfTestResultsTemplate=selfTestResults.template +tokendb.auditAdminTemplate=auditAdmin.template +tokendb.selectConfigTemplate=selectConfig.template +tokendb.agentSelectConfigTemplate=agentSelectConfig.template +tokendb.editConfigTemplate=editConfig.template +tokendb.agentViewConfigTemplate=agentViewConfig.template +tokendb.addConfigTemplate=addConfig.template +tokendb.confirmConfigChangesTemplate=confirmConfigChanges.template +tokendb.confirmDeleteConfigTemplate=confirmDeleteConfig.template +log.instance.SignedAudit.selected.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL +log.instance.SignedAudit.selectable.events=ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,LOG_EXPIRATION_CHANGE,PRIVATE_KEY_ARCHIVE,PRIVATE_KEY_ARCHIVE_PROCESSED,KEY_RECOVERY_REQUEST,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_PROCESSED,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,CONFIG,CONFIG_ROLE,CONFIG_TOKEN,CONFIG_PROFILE,CONFIG_AUDIT,APPLET_UPGRADE,KEY_CHANGEOVER,RENEWAL +log.instance.SignedAudit.nonselectable.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_PROCESSED,SERVER_SIDE_KEYGEN_REQUEST +tokendb.allowedTransitions=0:1,0:2,0:3,0:4,0:5,0:6,3:4,3:5,3:6,4:1,4:2,4:3,4:6 +target._000=######################################### +target._001=# entries to enable configuration of parameter sets through the TPS UI agent and admin tabs +target._002=# +target._003=# target.configure.list = comma separated lists of all parameter sets that can be configured by the admin. +target._004=# Each entry will show up (with underscore replaced by space) under Advanced Configuration on the admin tab. +target._005=# +target._006=# target.agent_approve.list = comma separated subset of above list. Parameter sets in this list +target._007=# will show up in the agent tab (under advanced configuration) and will require agent involvement +target._008=# (enable/ disable) to be edited. +target._009=# +target._010=# For the wording to display correctly, the values in the above list should be plurals. +target._011=# +target._012=# Each parameter set in the lists above requires three parameters: +target._013=# target.<type name>.list : list of choices of this parameter set type (will display in the drop down box) +target._014=# target.<type name>.pattern : the regular expression to select parameters in CS.cfg for this parameter set. +target._015=# target.<type_name>.displayname: used in the UI display text. This should be the singular form of <type_name>. +target._016=# +target._017=# The exception is the parameter set Generals, which has only a pattern and displayname defined. +target._018=# +target._019=######################################## +target.configure.list=Profiles,Subsystem_Connections,Profile_Mappings,Authentication_Sources +target.agent_approve.list=Profiles +target.Profiles.list=userKey,soKey,soCleanUserToken,soUserKey,cleanToken,soCleanSoToken,tokenKey +target.Profiles.pattern=op\..*\.$name\..* +target.Profiles.displayname=Profile +target.Subsystem_Connections.list=ca1,drm1,tks1 +target.Subsystem_Connections.pattern=conn\.$name\..* +target.Subsystem_Connections.displayname=Subsystem Connection +target.Profile_Mappings.list=enroll,format,pinReset +target.Profile_Mappings.pattern=op\.$name\.mapping\..* +target.Profile_Mappings.displayname=Profile Mapping +target.Authentication_Sources.list=0,1 +target.Authentication_Sources.pattern=auth\.instance\.$name\..* +target.Authentication_Sources.displayname=Authentication Source +target.Generals.displayname=General +target.Generals.pattern=^applet\..*\|^general\..*\|^failover.pod.enable\|^channel\..* +config.Generals.General.state=Enabled +config.Generals.General.timestamp=1280283607424406 +tps._000=######################################## +tps._001=# For verifying system certificates +tps._002=# tps.cert.list=sslserver,subsystem,audit_signing +tps._003=# tps.cert.sslserver.nickname=xxx +tps._005=# tps.cert.subsystem.nickname=xxx +tps._007=# tps.cert.audit_signing.nickname=xxx +tps._008=# operations.allowedTransitions: +tps._009=# - token operations, like formatting and enrollment have transitions between the following states +tps._010=# TOKEN_UNINITIALIZED = 0, +tps._011=# TOKEN_DAMAGED =1, +tps._012=# TOKEN_PERM_LOST=2, +tps._013=# TOKEN_TEMP_LOST=3, +tps._014=# TOKEN_FOUND =4, +tps._015=# TOKEN_TEMP_LOST_PERM_LOST =5, +tps._016=# TOKEN_TERMINATED = 6 +tps._017=# Sample: tps.operations.allowedTransitions=0:0,0:4,4:6,6:0 +tps._018=######################################## +tps.operations.allowedTransitions=0:0,0:4,4:0 +tps.cert.list=sslserver,subsystem,audit_signing +tps.cert.sslserver.nickname=[HSM_LABEL][NICKNAME] +tps.cert.subsystem.nickname=[HSM_LABEL][NICKNAME] +tps.cert.audit_signing.nickname=[HSM_LABEL][NICKNAME] diff --git a/scripts/compose_dogtag_pki_meta_packages b/scripts/compose_dogtag_pki_meta_packages index a2dd5752f..a70213c79 100755 --- a/scripts/compose_dogtag_pki_meta_packages +++ b/scripts/compose_dogtag_pki_meta_packages @@ -30,7 +30,7 @@ PKI_PWD=`pwd` ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/scripts/compose_dogtag_pki_theme_packages b/scripts/compose_dogtag_pki_theme_packages index f340dbf9c..5b52acaef 100755 --- a/scripts/compose_dogtag_pki_theme_packages +++ b/scripts/compose_dogtag_pki_theme_packages @@ -47,7 +47,7 @@ PKI_COMPONENT_LIST="test common-ui ra-ui tps-ui console-ui" ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/scripts/compose_ipa_pki_theme_packages b/scripts/compose_ipa_pki_theme_packages index eac6cddd6..8cd8768b0 100755 --- a/scripts/compose_ipa_pki_theme_packages +++ b/scripts/compose_ipa_pki_theme_packages @@ -47,7 +47,7 @@ PKI_COMPONENT_LIST="common-ui ca-ui" ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/scripts/compose_pki_console_packages b/scripts/compose_pki_console_packages index 22f17d07d..4e5bc66ba 100755 --- a/scripts/compose_pki_console_packages +++ b/scripts/compose_pki_console_packages @@ -47,7 +47,7 @@ PKI_COMPONENT_LIST="test console" ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/scripts/compose_pki_core_packages b/scripts/compose_pki_core_packages index 99d480c31..eb124ebb0 100755 --- a/scripts/compose_pki_core_packages +++ b/scripts/compose_pki_core_packages @@ -39,9 +39,9 @@ PKI_CORE_VERSION="10.1.0" ## PKI_SPECS_FILE="${PKI_DIR}/specs/${PKI_CORE}.spec" -PKI_COMPONENT_LIST="test setup symkey util common native-tools java-tools server selinux ca kra ocsp tks silent" +PKI_COMPONENT_LIST="test setup symkey util common native-tools java-tools server selinux ca kra ocsp tks tps-tomcat silent" -if [ "$JAVADOC" = "" ]; then +if [ "$WITHOUT_JAVADOC" = "" ]; then PKI_COMPONENT_LIST="$PKI_COMPONENT_LIST javadoc" fi @@ -50,7 +50,7 @@ fi ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi @@ -154,12 +154,25 @@ else cd ${PKI_BASE_DIR} cp -p ${PKI_BASE_MANIFEST} ${PKI_CORE_BASE_DIR} cp -p VERSION ${PKI_CORE_BASE_DIR} - for component in "${PKI_COMPONENT_LIST}" ; + for component in ${PKI_COMPONENT_LIST} ; do - find ${component} \ + if [ "${component}" = "tps-tomcat" ] ; then + # rename tps-tomcat to tps + dest="tps" + else + dest="${component}" + fi + + # copying ${PKI_BASE_DIR}/${component} to ${PKI_CORE_BASE_DIR}/${dest} + cd ${component} + mkdir ${PKI_CORE_BASE_DIR}/${dest} + + find \ -name .svn -prune -o \ -name *.swp -prune -o \ - -print | cpio -pdum ${PKI_CORE_BASE_DIR} > /dev/null 2>&1 + -print | cpio -pdum ${PKI_CORE_BASE_DIR}/${dest} > /dev/null 2>&1 + + cd .. done cd - > /dev/null 2>&1 diff --git a/scripts/compose_pki_migrate_packages b/scripts/compose_pki_migrate_packages index f9bcaccb8..be93c42c1 100755 --- a/scripts/compose_pki_migrate_packages +++ b/scripts/compose_pki_migrate_packages @@ -47,7 +47,7 @@ PKI_COMPONENT_LIST="test migrate" ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/scripts/compose_pki_ra_packages b/scripts/compose_pki_ra_packages index 0e93ee4e1..9aa4dda14 100755 --- a/scripts/compose_pki_ra_packages +++ b/scripts/compose_pki_ra_packages @@ -47,7 +47,7 @@ PKI_COMPONENT_LIST="ra" ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/scripts/compose_pki_tps_packages b/scripts/compose_pki_tps_packages index a23c52982..4ffa83cf5 100755 --- a/scripts/compose_pki_tps_packages +++ b/scripts/compose_pki_tps_packages @@ -47,7 +47,7 @@ PKI_COMPONENT_LIST="tps" ## if [ $WORK_DIR ]; then - PKI_PACKAGES="$WORK_DIR" + PKI_PACKAGES="`cd $WORK_DIR ; pwd`" else PKI_PACKAGES="${PKI_PWD}/packages" fi diff --git a/specs/pki-core.spec b/specs/pki-core.spec index fc277dd7d..3bf959da5 100644 --- a/specs/pki-core.spec +++ b/specs/pki-core.spec @@ -5,7 +5,7 @@ distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} Name: pki-core Version: 10.1.0 -Release: 0.9%{?dist} +Release: 0.10%{?dist} Summary: Certificate System - PKI Core Components URL: http://pki.fedoraproject.org/ License: GPLv2 @@ -107,6 +107,7 @@ PKI Core contains ALL top-level java-based Tomcat PKI components: \ * pki-kra \ * pki-ocsp \ * pki-tks \ + * pki-tps-tomcat \ * pki-javadoc \ \ which comprise the following corresponding PKI subsystems: \ @@ -115,6 +116,7 @@ which comprise the following corresponding PKI subsystems: \ * Data Recovery Manager (DRM) \ * Online Certificate Status Protocol (OCSP) Manager \ * Token Key Service (TKS) \ + * Token Processing Service (TPS) \ \ For deployment purposes, PKI Core contains fundamental packages \ required by BOTH native-based Apache AND java-based Tomcat \ @@ -313,8 +315,9 @@ The PKI Server Framework is required by the following four PKI subsystems: the Certificate Authority (CA), the Data Recovery Manager (DRM), - the Online Certificate Status Protocol (OCSP) Manager, and - the Token Key Service (TKS). + the Online Certificate Status Protocol (OCSP) Manager, + the Token Key Service (TKS), and + the Token Processing Service (TPS). This package is a part of the PKI Core used by the Certificate System. The package contains scripts to create and remove PKI subsystems. @@ -476,6 +479,39 @@ provided by the PKI Core used by the Certificate System. %{overview} +%package -n pki-tps-tomcat +Summary: Certificate System - Token Processing Service +Group: System Environment/Daemons + +BuildArch: noarch + +Provides: pki-tps +Conflicts: pki-tps +Requires: java >= 1:1.7.0 +Requires: pki-server = %{version}-%{release} +Requires(post): systemd-units +Requires(preun): systemd-units +Requires(postun): systemd-units + +%description -n pki-tps-tomcat +The Token Processing System (TPS) is an optional PKI subsystem that acts +as a Registration Authority (RA) for authenticating and processing +enrollment requests, PIN reset requests, and formatting requests from +the Enterprise Security Client (ESC). + +TPS is designed to communicate with tokens that conform to +Global Platform's Open Platform Specification. + +TPS communicates over SSL with various PKI backend subsystems (including +the Certificate Authority (CA), the Data Recovery Manager (DRM), and the +Token Key Service (TKS)) to fulfill the user's requests. + +TPS also interacts with the token database, an LDAP server that stores +information about individual tokens. + +%{overview} + + %package -n pki-javadoc Summary: Certificate System - PKI Framework Javadocs Group: Documentation @@ -575,11 +611,17 @@ echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfil echo "D /var/lock/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf echo "D /var/run/pki/tks 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tks.conf +# generate 'pki-tps.conf' under the 'tmpfiles.d' directory +echo "D /var/lock/pki 0755 root root -" > %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf +echo "D /var/lock/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf +echo "D /var/run/pki 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf +echo "D /var/run/pki/tps 0755 root root -" >> %{buildroot}%{_sysconfdir}/tmpfiles.d/pki-tps.conf %{__rm} %{buildroot}%{_initrddir}/pki-cad %{__rm} %{buildroot}%{_initrddir}/pki-krad %{__rm} %{buildroot}%{_initrddir}/pki-ocspd %{__rm} %{buildroot}%{_initrddir}/pki-tksd +%{__rm} %{buildroot}%{_initrddir}/pki-tpsd %{__rm} -rf %{buildroot}%{_datadir}/pki/server/lib @@ -1089,6 +1131,27 @@ fi %config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tks.conf +%files -n pki-tps-tomcat +%defattr(-,root,root,-) +%doc base/tps/LICENSE +%dir %{_sysconfdir}/systemd/system/pki-tpsd.target.wants +%{_unitdir}/pki-tpsd@.service +%{_unitdir}/pki-tpsd.target +%{_javadir}/pki/pki-tps.jar +%dir %{_datadir}/pki/tps +%{_datadir}/pki/tps/conf/ +%{_datadir}/pki/tps/setup/ +%{_datadir}/pki/tps/webapps/ +%dir %{_localstatedir}/lock/pki/tps +%dir %{_localstatedir}/run/pki/tps +# Details: +# +# * https://fedoraproject.org/wiki/Features/var-run-tmpfs +# * https://fedoraproject.org/wiki/Tmpfiles.d_packaging_draft +# +%config(noreplace) %{_sysconfdir}/tmpfiles.d/pki-tps.conf + + %if %{?_without_javadoc:0}%{!?_without_javadoc:1} %files -n pki-javadoc %defattr(-,root,root,-) @@ -1097,6 +1160,9 @@ fi %changelog +* Wed Aug 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.10 +- Moved Tomcat-based TPS into pki-core. + * Fri Aug 14 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.9 - Listed new packages required during build, due to issues reported by pylint. diff --git a/specs/pki-tps.spec b/specs/pki-tps.spec index 4f26ebbc4..da7e9024f 100644 --- a/specs/pki-tps.spec +++ b/specs/pki-tps.spec @@ -1,6 +1,6 @@ Name: pki-tps Version: 10.1.0 -Release: 0.4%{?dist} +Release: 0.5%{?dist} Summary: Certificate System - Token Processing System URL: http://pki.fedoraproject.org/ License: LGPLv2 @@ -25,6 +25,7 @@ BuildRequires: svrcore-devel BuildRequires: zlib BuildRequires: zlib-devel +Conflicts: pki-tps-tomcat Requires: java >= 1:1.7.0 Requires: mod_nss Requires: mod_perl @@ -220,7 +221,6 @@ fi %{_bindir}/tpsclient %{_libdir}/httpd/modules/* %{_libdir}/tps/ -%{_javadir}/pki/pki-tps.jar %dir %{_datadir}/pki/tps %{_datadir}/pki/tps/applets/ %{_datadir}/pki/tps/cgi-bin/ @@ -230,7 +230,6 @@ fi %{_datadir}/pki/tps/samples/ %{_datadir}/pki/tps/scripts/ %{_datadir}/pki/tps/setup/ -%{_datadir}/pki/tps/webapps/ %dir %{_localstatedir}/lock/pki/tps %dir %{_localstatedir}/run/pki/tps # Details: @@ -242,6 +241,9 @@ fi %changelog +* Wed Aug 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.5 +- Moved Tomcat-based TPS into pki-core. + * Thu Jul 11 2013 Ade Lee <alee@redhat.com> 10.1.0-0.4 - Add systemd build requirement to fix build failures in f19 |