summaryrefslogtreecommitdiffstats
path: root/base/kra
diff options
context:
space:
mode:
Diffstat (limited to 'base/kra')
-rw-r--r--base/kra/shared/conf/CS.cfg.in15
-rw-r--r--base/kra/shared/webapps/kra/WEB-INF/web.xml101
2 files changed, 16 insertions, 100 deletions
diff --git a/base/kra/shared/conf/CS.cfg.in b/base/kra/shared/conf/CS.cfg.in
index 5135e1311..c2655fc75 100644
--- a/base/kra/shared/conf/CS.cfg.in
+++ b/base/kra/shared/conf/CS.cfg.in
@@ -29,6 +29,7 @@ agent.interface.uri=kra/agent/kra
authType=pwd
preop.securitydomain.admin_url=https://[PKI_MACHINE_NAME]:9445
instanceRoot=[PKI_INSTANCE_PATH]
+configurationRoot=/[PKI_SUBSYSTEM_DIR]conf/
machineName=[PKI_MACHINE_NAME]
instanceId=[PKI_INSTANCE_ID]
pidDir=[PKI_PIDDIR]
@@ -201,7 +202,7 @@ dbs.ldap=internaldb
dbs.newSchemaEntryAdded=true
debug.append=true
debug.enabled=true
-debug.filename=[PKI_INSTANCE_PATH]/logs/debug
+debug.filename=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]debug
debug.hashkeytypes=
debug.level=0
debug.showcaller=false
@@ -277,7 +278,7 @@ log.instance.SignedAudit.bufferSize=512
log.instance.SignedAudit.enable=true
log.instance.SignedAudit.events=AUDIT_LOG_STARTUP,AUDIT_LOG_SHUTDOWN,ROLE_ASSUME,CONFIG_CERT_POLICY,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_OCSP_PROFILE,CONFIG_AUTH,CONFIG_ROLE,CONFIG_ACL,CONFIG_SIGNED_AUDIT,CONFIG_ENCRYPTION,CONFIG_TRUSTED_PUBLIC_KEY,CONFIG_DRM,SELFTESTS_EXECUTION,AUDIT_LOG_DELETE,LOG_PATH_CHANGE,PRIVATE_KEY_ARCHIVE_REQUEST,PRIVATE_KEY_ARCHIVE_REQUEST_PROCESSED,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_SUCCESS,PRIVATE_KEY_EXPORT_REQUEST_PROCESSED_FAILURE,KEY_RECOVERY_REQUEST,KEY_RECOVERY_REQUEST_ASYNC,KEY_RECOVERY_AGENT_LOGIN,KEY_RECOVERY_REQUEST_PROCESSED,KEY_RECOVERY_REQUEST_PROCESSED_ASYNC,KEY_GEN_ASYMMETRIC,NON_PROFILE_CERT_REQUEST,PROFILE_CERT_REQUEST,CERT_REQUEST_PROCESSED,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,AUTHZ_SUCCESS,AUTHZ_FAIL,INTER_BOUNDARY,AUTH_FAIL,AUTH_SUCCESS,CERT_PROFILE_APPROVAL,PROOF_OF_POSSESSION,CRL_RETRIEVAL,CRL_VALIDATION,CMC_SIGNED_REQUEST_SIG_VERIFY,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_FAILURE,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED_SUCCESS,SERVER_SIDE_KEYGEN_REQUEST,COMPUTE_SESSION_KEY_REQUEST,COMPUTE_SESSION_KEY_REQUEST_PROCESSED_SUCCESS, COMPUTE_SESSION_KEY_REQUEST_PROCESSED_FAILURE,DIVERSIFY_KEY_REQUEST,DIVERSIFY_KEY_REQUEST_PROCESSED_SUCCESS, DIVERSIFY_KEY_REQUEST_PROCESSED_FAILURE,ENCRYPT_DATA_REQUEST,ENCRYPT_DATA_REQUEST_PROCESSED_SUCCESS,ENCRYPT_DATA_REQUEST_PROCESSED_FAILURE,OCSP_ADD_CA_REQUEST,OCSP_ADD_CA_REQUEST_PROCESSED,OCSP_REMOVE_CA_REQUEST,OCSP_REMOVE_CA_REQUEST_PROCESSED_SUCCESS,OCSP_REMOVE_CA_REQUEST_PROCESSED_FAILURE,COMPUTE_RANDOM_DATA_REQUEST,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_SUCCESS,COMPUTE_RANDOM_DATA_REQUEST_PROCESSED_FAILURE,CIMC_CERT_VERIFICATION,CONFIG_SERIAL_NUMBER
log.instance.SignedAudit.expirationTime=0
-log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/signedAudit/kra_cert-kra_audit
+log.instance.SignedAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]signedAudit/kra_cert-kra_audit
log.instance.SignedAudit.flushInterval=5
log.instance.SignedAudit.level=1
log.instance.SignedAudit.logSigning=false
@@ -295,7 +296,7 @@ log.instance.System._002=##
log.instance.System.bufferSize=512
log.instance.System.enable=true
log.instance.System.expirationTime=0
-log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/system
+log.instance.System.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]system
log.instance.System.flushInterval=5
log.instance.System.level=3
log.instance.System.maxFileSize=2000
@@ -308,15 +309,15 @@ log.instance.Transactions._002=##
log.instance.Transactions.bufferSize=512
log.instance.Transactions.enable=true
log.instance.Transactions.expirationTime=0
-log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/transactions
+log.instance.Transactions.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]transactions
log.instance.Transactions.flushInterval=5
log.instance.Transactions.level=1
log.instance.Transactions.maxFileSize=2000
log.instance.Transactions.pluginName=file
log.instance.Transactions.rolloverInterval=2592000
log.instance.Transactions.type=transaction
-logAudit.fileName=[PKI_INSTANCE_PATH]/logs/access
-logError.fileName=[PKI_INSTANCE_PATH]/logs/error
+logAudit.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]access
+logError.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]error
oidmap.auth_info_access.class=netscape.security.extensions.AuthInfoAccessExtension
oidmap.auth_info_access.oid=1.3.6.1.5.5.7.1.1
oidmap.challenge_password.class=com.netscape.cms.servlet.cert.scep.ChallengePassword
@@ -353,7 +354,7 @@ selftests.container.logger.bufferSize=512
selftests.container.logger.class=com.netscape.cms.logging.RollingLogFile
selftests.container.logger.enable=true
selftests.container.logger.expirationTime=0
-selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/selftests.log
+selftests.container.logger.fileName=[PKI_INSTANCE_PATH]/logs/[PKI_SUBSYSTEM_DIR]selftests.log
selftests.container.logger.flushInterval=5
selftests.container.logger.level=1
selftests.container.logger.maxFileSize=2000
diff --git a/base/kra/shared/webapps/kra/WEB-INF/web.xml b/base/kra/shared/webapps/kra/WEB-INF/web.xml
index c6e9934eb..273ca1fa4 100644
--- a/base/kra/shared/webapps/kra/WEB-INF/web.xml
+++ b/base/kra/shared/webapps/kra/WEB-INF/web.xml
@@ -3,71 +3,6 @@
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "file:///usr/share/pki/setup/web-app_2_3.dtd">
<web-app>
- <filter>
- <filter-name>AgentRequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.AgentRequestFilter</filter-class>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_AGENT_SECURE_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
- <filter>
- <filter-name>AdminRequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.AdminRequestFilter</filter-class>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_ADMIN_SECURE_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
- <filter>
- <filter-name>EERequestFilter</filter-name>
- <filter-class>com.netscape.cms.servlet.filter.EERequestFilter</filter-class>
- <init-param>
- <param-name>http_port</param-name>
- <param-value>[PKI_UNSECURE_PORT]</param-value>
- </init-param>
- <init-param>
- <param-name>https_port</param-name>
- <param-value>[PKI_EE_SECURE_PORT]</param-value>
- </init-param>
-[PKI_OPEN_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>proxy_port</param-name>
- <param-value>[PKI_PROXY_SECURE_PORT]</param-value>
- </init-param>
- <init-param>
- <param-name>proxy_http_port</param-name>
- <param-value>[PKI_PROXY_UNSECURE_PORT]</param-value>
- </init-param>
-[PKI_CLOSE_ENABLE_PROXY_COMMENT]
- <init-param>
- <param-name>active</param-name>
- <param-value>true</param-value>
- </init-param>
- </filter>
-
<servlet>
<servlet-name>csadmin-wizard</servlet-name>
<servlet-class>com.netscape.cms.servlet.wizard.WizardServlet</servlet-class>
@@ -640,7 +575,7 @@
<init-param><param-name> AuthzMgr </param-name>
<param-value> BasicAclAuthz </param-value> </init-param>
<init-param><param-name> cfgPath </param-name>
- <param-value> [PKI_INSTANCE_PATH]/conf/CS.cfg </param-value> </init-param>
+ <param-value> [PKI_INSTANCE_PATH]/conf/[PKI_SUBSYSTEM_DIR]CS.cfg </param-value> </init-param>
<init-param><param-name> ID </param-name>
<param-value> krastart </param-value> </init-param>
<load-on-startup> 1 </load-on-startup>
@@ -756,10 +691,9 @@
<param-value> ee </param-value> </init-param>
</servlet>
- <context-param>
- <param-name>resteasy.scan</param-name>
- <param-value>true</param-value>
- </context-param>
+ <listener>
+ <listener-class> org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap </listener-class>
+ </listener>
<context-param>
<param-name>resteasy.servlet.mapping.prefix</param-name>
@@ -776,31 +710,12 @@
<servlet>
<servlet-name>Resteasy</servlet-name>
<servlet-class>org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher</servlet-class>
+ <init-param>
+ <param-name>javax.ws.rs.Application</param-name>
+ <param-value>com.netscape.kra.KeyRecoveryAuthorityApplication</param-value>
+ </init-param>
</servlet>
-[PKI_OPEN_SEPARATE_PORTS_WEB_COMMENT]
- <filter-mapping>
- <filter-name> AgentRequestFilter </filter-name>
- <url-pattern> /agent/* </url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name> AdminRequestFilter </filter-name>
- <url-pattern> /admin/* </url-pattern>
- <url-pattern> /auths </url-pattern>
- <url-pattern> /server </url-pattern>
- <url-pattern> /log </url-pattern>
- <url-pattern> /ug </url-pattern>
- <url-pattern> /acl </url-pattern>
- <url-pattern> /kra </url-pattern>
- </filter-mapping>
-
- <filter-mapping>
- <filter-name> EERequestFilter </filter-name>
- <url-pattern> /ee/* </url-pattern>
- </filter-mapping>
-[PKI_CLOSE_SEPARATE_PORTS_WEB_COMMENT]
-
<servlet-mapping>
<servlet-name>Resteasy</servlet-name>
<url-pattern>/pki/*</url-pattern>